| 
									
										
										
										
											2013-04-25 18:25:31 +00:00
										 |  |  | /*
 | 
					
						
							|  |  |  |  * Asterisk -- An open source telephony toolkit. | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * Copyright (C) 2013, Digium, Inc. | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * Mark Michelson <mmichelson@digium.com> | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * See http://www.asterisk.org for more information about
 | 
					
						
							|  |  |  |  * the Asterisk project. Please do not directly contact | 
					
						
							|  |  |  |  * any of the maintainers of this project for assistance; | 
					
						
							|  |  |  |  * the project provides a web site, mailing lists and IRC | 
					
						
							|  |  |  |  * channels for your use. | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * This program is free software, distributed under the terms of | 
					
						
							|  |  |  |  * the GNU General Public License Version 2. See the LICENSE file | 
					
						
							|  |  |  |  * at the top of the source tree. | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /*** MODULEINFO
 | 
					
						
							|  |  |  | 	<depend>pjproject</depend> | 
					
						
							| 
									
										
										
										
											2013-07-30 18:14:50 +00:00
										 |  |  | 	<depend>res_pjsip</depend> | 
					
						
							| 
									
										
										
										
											2013-04-25 18:25:31 +00:00
										 |  |  | 	<support_level>core</support_level> | 
					
						
							|  |  |  |  ***/ | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | #include "asterisk.h"
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | #include <pjsip.h>
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-07-30 18:14:50 +00:00
										 |  |  | #include "asterisk/res_pjsip.h"
 | 
					
						
							| 
									
										
										
										
											2013-04-25 18:25:31 +00:00
										 |  |  | #include "asterisk/module.h"
 | 
					
						
							|  |  |  | #include "asterisk/logger.h"
 | 
					
						
							|  |  |  | #include "asterisk/sorcery.h"
 | 
					
						
							|  |  |  | #include "asterisk/acl.h"
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-05-19 17:45:42 +00:00
										 |  |  | /*** DOCUMENTATION
 | 
					
						
							| 
									
										
										
										
											2013-07-30 18:14:50 +00:00
										 |  |  | 	<configInfo name="res_pjsip_acl" language="en_US"> | 
					
						
							| 
									
										
										
										
											2013-05-19 17:45:42 +00:00
										 |  |  | 		<synopsis>SIP ACL module</synopsis> | 
					
						
							|  |  |  | 		<description><para> | 
					
						
							|  |  |  | 			<emphasis>ACL</emphasis> | 
					
						
							| 
									
										
										
										
											2013-09-12 23:23:12 +00:00
										 |  |  | 			</para><para> | 
					
						
							|  |  |  | 			The ACL module used by <literal>res_pjsip</literal>. This module is | 
					
						
							| 
									
										
										
										
											2013-05-19 17:45:42 +00:00
										 |  |  | 			independent of <literal>endpoints</literal> and operates on all inbound | 
					
						
							| 
									
										
										
										
											2013-07-30 18:14:50 +00:00
										 |  |  | 			SIP communication using res_pjsip. | 
					
						
							| 
									
										
										
										
											2013-05-19 17:45:42 +00:00
										 |  |  | 			</para><para> | 
					
						
							| 
									
										
										
										
											2013-09-12 23:23:12 +00:00
										 |  |  | 			There are two main ways of defining your ACL with the options | 
					
						
							|  |  |  | 			provided. You can use the <literal>permit</literal> and <literal>deny</literal> options | 
					
						
							|  |  |  | 			which act on <emphasis>IP</emphasis> addresses, or the <literal>contactpermit</literal> | 
					
						
							|  |  |  | 			and <literal>contactdeny</literal> options which act on <emphasis>Contact header</emphasis> | 
					
						
							|  |  |  | 			addresses in incoming REGISTER requests. You can combine the various options to | 
					
						
							|  |  |  | 			create a mixed ACL. | 
					
						
							| 
									
										
										
										
											2013-05-19 17:45:42 +00:00
										 |  |  | 			</para><para> | 
					
						
							| 
									
										
										
										
											2013-09-12 23:23:12 +00:00
										 |  |  | 			Additionally, instead of defining an ACL with options, you can reference IP or | 
					
						
							|  |  |  | 			Contact header ACLs from the file <filename>acl.conf</filename> by using the <literal>acl</literal> | 
					
						
							|  |  |  | 			or <literal>contactacl</literal> options. | 
					
						
							| 
									
										
										
										
											2013-05-19 17:45:42 +00:00
										 |  |  | 		</para></description> | 
					
						
							| 
									
										
										
										
											2013-07-30 18:14:50 +00:00
										 |  |  | 		<configFile name="pjsip.conf"> | 
					
						
							| 
									
										
										
										
											2013-05-19 17:45:42 +00:00
										 |  |  | 			<configObject name="acl"> | 
					
						
							|  |  |  | 				<synopsis>Access Control List</synopsis> | 
					
						
							|  |  |  | 				<configOption name="acl"> | 
					
						
							| 
									
										
										
										
											2013-09-12 23:23:12 +00:00
										 |  |  | 					<synopsis>List of IP ACL section names in acl.conf</synopsis> | 
					
						
							| 
									
										
										
										
											2013-05-19 17:45:42 +00:00
										 |  |  | 					<description><para> | 
					
						
							| 
									
										
										
										
											2013-09-12 23:23:12 +00:00
										 |  |  | 						This matches sections configured in <literal>acl.conf</literal>. The value is | 
					
						
							|  |  |  | 						defined as a list of comma-delimited section names. | 
					
						
							| 
									
										
										
										
											2013-05-19 17:45:42 +00:00
										 |  |  | 					</para></description> | 
					
						
							|  |  |  | 				</configOption> | 
					
						
							| 
									
										
										
										
											2013-11-22 17:27:55 +00:00
										 |  |  | 				<configOption name="contact_acl"> | 
					
						
							| 
									
										
										
										
											2013-09-12 23:23:12 +00:00
										 |  |  | 					<synopsis>List of Contact ACL section names in acl.conf</synopsis> | 
					
						
							| 
									
										
										
										
											2013-05-19 17:45:42 +00:00
										 |  |  | 					<description><para> | 
					
						
							| 
									
										
										
										
											2013-09-12 23:23:12 +00:00
										 |  |  | 						This matches sections configured in <literal>acl.conf</literal>. The value is | 
					
						
							|  |  |  | 						defined as a list of comma-delimited section names. | 
					
						
							| 
									
										
										
										
											2013-05-19 17:45:42 +00:00
										 |  |  | 					</para></description> | 
					
						
							|  |  |  | 				</configOption> | 
					
						
							| 
									
										
										
										
											2013-11-22 17:27:55 +00:00
										 |  |  | 				<configOption name="contact_deny"> | 
					
						
							| 
									
										
										
										
											2013-09-12 23:23:12 +00:00
										 |  |  | 					<synopsis>List of Contact header addresses to deny</synopsis> | 
					
						
							|  |  |  | 					<description><para> | 
					
						
							|  |  |  | 						The value is a comma-delimited list of IP addresses. IP addresses may | 
					
						
							|  |  |  | 						have a subnet mask appended. The subnet mask may be written in either | 
					
						
							|  |  |  | 						CIDR or dotted-decimal notation. Separate the IP address and subnet | 
					
						
							|  |  |  | 						mask with a slash ('/') | 
					
						
							|  |  |  | 					</para></description> | 
					
						
							| 
									
										
										
										
											2013-05-19 17:45:42 +00:00
										 |  |  | 				</configOption> | 
					
						
							| 
									
										
										
										
											2013-11-22 17:27:55 +00:00
										 |  |  | 				<configOption name="contact_permit"> | 
					
						
							| 
									
										
										
										
											2013-09-12 23:23:12 +00:00
										 |  |  | 					<synopsis>List of Contact header addresses to permit</synopsis> | 
					
						
							|  |  |  | 					<description><para> | 
					
						
							|  |  |  | 						The value is a comma-delimited list of IP addresses. IP addresses may | 
					
						
							|  |  |  | 						have a subnet mask appended. The subnet mask may be written in either | 
					
						
							|  |  |  | 						CIDR or dotted-decimal notation. Separate the IP address and subnet | 
					
						
							|  |  |  | 						mask with a slash ('/') | 
					
						
							|  |  |  | 					</para></description> | 
					
						
							| 
									
										
										
										
											2013-05-19 17:45:42 +00:00
										 |  |  | 				</configOption> | 
					
						
							|  |  |  | 				<configOption name="deny"> | 
					
						
							| 
									
										
										
										
											2013-09-12 23:23:12 +00:00
										 |  |  | 					<synopsis>List of IP addresses to deny access from</synopsis> | 
					
						
							|  |  |  | 					<description><para> | 
					
						
							|  |  |  | 						The value is a comma-delimited list of IP addresses. IP addresses may | 
					
						
							|  |  |  | 						have a subnet mask appended. The subnet mask may be written in either | 
					
						
							|  |  |  | 						CIDR or dotted-decimal notation. Separate the IP address and subnet | 
					
						
							|  |  |  | 						mask with a slash ('/') | 
					
						
							|  |  |  | 					</para></description> | 
					
						
							| 
									
										
										
										
											2013-05-19 17:45:42 +00:00
										 |  |  | 				</configOption> | 
					
						
							|  |  |  | 				<configOption name="permit"> | 
					
						
							| 
									
										
										
										
											2013-09-12 23:23:12 +00:00
										 |  |  | 					<synopsis>List of IP addresses to permit access from</synopsis> | 
					
						
							|  |  |  | 					<description><para> | 
					
						
							|  |  |  | 						The value is a comma-delimited list of IP addresses. IP addresses may | 
					
						
							|  |  |  | 						have a subnet mask appended. The subnet mask may be written in either | 
					
						
							|  |  |  | 						CIDR or dotted-decimal notation. Separate the IP address and subnet | 
					
						
							|  |  |  | 						mask with a slash ('/') | 
					
						
							|  |  |  | 					</para></description> | 
					
						
							| 
									
										
										
										
											2013-05-19 17:45:42 +00:00
										 |  |  | 				</configOption> | 
					
						
							|  |  |  | 				<configOption name="type"> | 
					
						
							| 
									
										
										
										
											2013-09-12 23:23:12 +00:00
										 |  |  | 					<synopsis>Must be of type 'acl'.</synopsis> | 
					
						
							| 
									
										
										
										
											2013-05-19 17:45:42 +00:00
										 |  |  | 				</configOption> | 
					
						
							|  |  |  | 			</configObject> | 
					
						
							|  |  |  | 		</configFile> | 
					
						
							|  |  |  | 	</configInfo> | 
					
						
							|  |  |  |  ***/ | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-04-25 18:25:31 +00:00
										 |  |  | static int apply_acl(pjsip_rx_data *rdata, struct ast_acl_list *acl) | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  | 	struct ast_sockaddr addr; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	if (ast_acl_list_is_empty(acl)) { | 
					
						
							|  |  |  | 		return 0; | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	memset(&addr, 0, sizeof(addr)); | 
					
						
							|  |  |  | 	ast_sockaddr_parse(&addr, rdata->pkt_info.src_name, PARSE_PORT_FORBID); | 
					
						
							|  |  |  | 	ast_sockaddr_set_port(&addr, rdata->pkt_info.src_port); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	if (ast_apply_acl(acl, &addr, "SIP ACL: ") != AST_SENSE_ALLOW) { | 
					
						
							|  |  |  | 		ast_log(LOG_WARNING, "Incoming SIP message from %s did not pass ACL test\n", ast_sockaddr_stringify(&addr)); | 
					
						
							|  |  |  | 		return 1; | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	return 0; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | static int extract_contact_addr(pjsip_contact_hdr *contact, struct ast_sockaddr **addrs) | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  | 	pjsip_sip_uri *sip_uri; | 
					
						
							|  |  |  | 	char host[256]; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-07 19:56:18 +00:00
										 |  |  | 	if (!contact || contact->star) { | 
					
						
							| 
									
										
										
										
											2015-03-17 21:52:47 +00:00
										 |  |  | 		*addrs = NULL; | 
					
						
							| 
									
										
										
										
											2013-04-25 18:25:31 +00:00
										 |  |  | 		return 0; | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	if (!PJSIP_URI_SCHEME_IS_SIP(contact->uri) && !PJSIP_URI_SCHEME_IS_SIPS(contact->uri)) { | 
					
						
							| 
									
										
										
										
											2015-03-17 21:52:47 +00:00
										 |  |  | 		*addrs = NULL; | 
					
						
							| 
									
										
										
										
											2013-04-25 18:25:31 +00:00
										 |  |  | 		return 0; | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	sip_uri = pjsip_uri_get_uri(contact->uri); | 
					
						
							|  |  |  | 	ast_copy_pj_str(host, &sip_uri->host, sizeof(host)); | 
					
						
							|  |  |  | 	return ast_sockaddr_resolve(addrs, host, PARSE_PORT_FORBID, AST_AF_UNSPEC); | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | static int apply_contact_acl(pjsip_rx_data *rdata, struct ast_acl_list *contact_acl) | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  | 	int num_contact_addrs; | 
					
						
							|  |  |  | 	int forbidden = 0; | 
					
						
							|  |  |  | 	struct ast_sockaddr *contact_addrs; | 
					
						
							|  |  |  | 	int i; | 
					
						
							|  |  |  | 	pjsip_contact_hdr *contact = (pjsip_contact_hdr *)&rdata->msg_info.msg->hdr; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	if (ast_acl_list_is_empty(contact_acl)) { | 
					
						
							|  |  |  | 		return 0; | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	while ((contact = pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_CONTACT, contact->next))) { | 
					
						
							|  |  |  | 		num_contact_addrs = extract_contact_addr(contact, &contact_addrs); | 
					
						
							|  |  |  | 		if (num_contact_addrs <= 0) { | 
					
						
							|  |  |  | 			continue; | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 		for (i = 0; i < num_contact_addrs; ++i) { | 
					
						
							|  |  |  | 			if (ast_apply_acl(contact_acl, &contact_addrs[i], "SIP Contact ACL: ") != AST_SENSE_ALLOW) { | 
					
						
							|  |  |  | 				ast_log(LOG_WARNING, "Incoming SIP message from %s did not pass ACL test\n", ast_sockaddr_stringify(&contact_addrs[i])); | 
					
						
							|  |  |  | 				forbidden = 1; | 
					
						
							|  |  |  | 				break; | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 		ast_free(contact_addrs); | 
					
						
							|  |  |  | 		if (forbidden) { | 
					
						
							|  |  |  | 			/* No use checking other contacts if we already have failed ACL check */ | 
					
						
							|  |  |  | 			break; | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	return forbidden; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-08-20 21:01:59 +00:00
										 |  |  | #define SIP_SORCERY_ACL_TYPE "acl"
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /*!
 | 
					
						
							|  |  |  |  * \brief SIP ACL details and configuration. | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | struct ast_sip_acl { | 
					
						
							|  |  |  | 	SORCERY_OBJECT(details); | 
					
						
							|  |  |  | 	struct ast_acl_list *acl; | 
					
						
							|  |  |  | 	struct ast_acl_list *contact_acl; | 
					
						
							|  |  |  | }; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-04-25 18:25:31 +00:00
										 |  |  | static int check_acls(void *obj, void *arg, int flags) | 
					
						
							|  |  |  | { | 
					
						
							| 
									
										
										
										
											2013-08-20 21:01:59 +00:00
										 |  |  | 	struct ast_sip_acl *sip_acl = obj; | 
					
						
							| 
									
										
										
										
											2013-04-25 18:25:31 +00:00
										 |  |  | 	pjsip_rx_data *rdata = arg; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-08-20 21:01:59 +00:00
										 |  |  | 	if (apply_acl(rdata, sip_acl->acl) || | 
					
						
							|  |  |  | 	    apply_contact_acl(rdata, sip_acl->contact_acl)) { | 
					
						
							| 
									
										
										
										
											2013-04-25 18:25:31 +00:00
										 |  |  | 		return CMP_MATCH | CMP_STOP; | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	return 0; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | static pj_bool_t acl_on_rx_msg(pjsip_rx_data *rdata) | 
					
						
							|  |  |  | { | 
					
						
							| 
									
										
										
										
											2013-07-02 17:06:06 +00:00
										 |  |  | 	RAII_VAR(struct ao2_container *, acls, ast_sorcery_retrieve_by_fields( | 
					
						
							| 
									
										
										
										
											2013-08-20 21:01:59 +00:00
										 |  |  | 			 ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, | 
					
						
							| 
									
										
										
										
											2013-07-02 17:06:06 +00:00
										 |  |  | 			 AST_RETRIEVE_FLAG_MULTIPLE | AST_RETRIEVE_FLAG_ALL, NULL), ao2_cleanup); | 
					
						
							| 
									
										
										
										
											2013-08-20 21:01:59 +00:00
										 |  |  | 	RAII_VAR(struct ast_sip_acl *, matched_acl, NULL, ao2_cleanup); | 
					
						
							| 
									
										
										
										
											2013-07-02 17:06:06 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-04-25 18:25:31 +00:00
										 |  |  | 	if (!acls) { | 
					
						
							|  |  |  | 		ast_log(LOG_ERROR, "Unable to retrieve ACL sorcery data\n"); | 
					
						
							|  |  |  | 		return PJ_FALSE; | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-07-02 17:06:06 +00:00
										 |  |  | 	if ((matched_acl = ao2_callback(acls, 0, check_acls, rdata))) { | 
					
						
							| 
									
										
										
										
											2013-04-25 18:25:31 +00:00
										 |  |  | 		if (rdata->msg_info.msg->line.req.method.id != PJSIP_ACK_METHOD) { | 
					
						
							|  |  |  | 			pjsip_endpt_respond_stateless(ast_sip_get_pjsip_endpoint(), rdata, 403, NULL, NULL, NULL); | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 		return PJ_TRUE; | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	return PJ_FALSE; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-08-20 21:01:59 +00:00
										 |  |  | static int acl_handler(const struct aco_option *opt, struct ast_variable *var, void *obj) | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  | 	struct ast_sip_acl *sip_acl = obj; | 
					
						
							|  |  |  | 	int error = 0; | 
					
						
							|  |  |  | 	int ignore; | 
					
						
							| 
									
										
										
										
											2014-11-20 16:25:19 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  | 	if (!strncmp(var->name, "contact_", 8)) { | 
					
						
							|  |  |  | 		ast_append_acl(var->name + 8, var->value, &sip_acl->contact_acl, &error, &ignore); | 
					
						
							| 
									
										
										
										
											2015-04-28 17:00:37 -05:00
										 |  |  | 		if (error) { | 
					
						
							|  |  |  | 			ast_log(LOG_ERROR, "Bad contact ACL '%s' at line '%d' of pjsip.conf\n", | 
					
						
							|  |  |  | 					var->value, var->lineno); | 
					
						
							|  |  |  | 		} | 
					
						
							| 
									
										
										
										
											2013-08-20 21:01:59 +00:00
										 |  |  | 	} else { | 
					
						
							|  |  |  | 		ast_append_acl(var->name, var->value, &sip_acl->acl, &error, &ignore); | 
					
						
							| 
									
										
										
										
											2015-04-28 17:00:37 -05:00
										 |  |  | 		if (error) { | 
					
						
							|  |  |  | 			ast_log(LOG_ERROR, "Bad ACL '%s' at line '%d' of pjsip.conf\n", | 
					
						
							|  |  |  | 					var->value, var->lineno); | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	if (error) { | 
					
						
							|  |  |  | 		ast_log(LOG_ERROR, "There is an error in ACL configuration. Blocking ALL SIP traffic.\n"); | 
					
						
							|  |  |  | 		ast_append_acl("deny", "0.0.0.0/0.0.0.0", &sip_acl->acl, NULL, &ignore); | 
					
						
							| 
									
										
										
										
											2013-08-20 21:01:59 +00:00
										 |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	return error; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-04-25 18:25:31 +00:00
										 |  |  | static pjsip_module acl_module = { | 
					
						
							|  |  |  | 	.name = { "ACL Module", 14 }, | 
					
						
							|  |  |  | 	/* This should run after a logger but before anything else */ | 
					
						
							|  |  |  | 	.priority = 1, | 
					
						
							|  |  |  | 	.on_rx_request = acl_on_rx_msg, | 
					
						
							|  |  |  | }; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-08-20 21:01:59 +00:00
										 |  |  | static void acl_destroy(void *obj) | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  | 	struct ast_sip_acl *sip_acl = obj; | 
					
						
							|  |  |  | 	sip_acl->acl = ast_free_acl_list(sip_acl->acl); | 
					
						
							|  |  |  | 	sip_acl->contact_acl = ast_free_acl_list(sip_acl->contact_acl); | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | static void *acl_alloc(const char *name) | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  | 	struct ast_sip_acl *sip_acl = | 
					
						
							|  |  |  | 		ast_sorcery_generic_alloc(sizeof(*sip_acl), acl_destroy); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	return sip_acl; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-04-25 18:25:31 +00:00
										 |  |  | static int load_module(void) | 
					
						
							|  |  |  | { | 
					
						
							| 
									
										
										
										
											2014-10-16 16:32:25 +00:00
										 |  |  | 	CHECK_PJSIP_MODULE_LOADED(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-02-20 17:53:33 +00:00
										 |  |  | 	ast_sorcery_apply_config(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE); | 
					
						
							| 
									
										
										
										
											2013-08-20 21:01:59 +00:00
										 |  |  | 	ast_sorcery_apply_default(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, | 
					
						
							|  |  |  | 				  "config", "pjsip.conf,criteria=type=acl"); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	if (ast_sorcery_object_register(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, | 
					
						
							|  |  |  | 					acl_alloc, NULL, NULL)) { | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 		ast_log(LOG_ERROR, "Failed to register SIP %s object with sorcery\n", | 
					
						
							|  |  |  | 			SIP_SORCERY_ACL_TYPE); | 
					
						
							|  |  |  | 		return AST_MODULE_LOAD_DECLINE; | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	ast_sorcery_object_field_register(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, "type", "", OPT_NOOP_T, 0, 0); | 
					
						
							| 
									
										
										
										
											2014-03-06 22:39:54 +00:00
										 |  |  | 	ast_sorcery_object_field_register_custom(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, "permit", "", acl_handler, NULL, NULL, 0, 0); | 
					
						
							|  |  |  | 	ast_sorcery_object_field_register_custom(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, "deny", "", acl_handler, NULL, NULL, 0, 0); | 
					
						
							|  |  |  | 	ast_sorcery_object_field_register_custom(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, "acl", "", acl_handler, NULL, NULL, 0, 0); | 
					
						
							|  |  |  | 	ast_sorcery_object_field_register_custom(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, "contact_permit", "", acl_handler, NULL, NULL, 0, 0); | 
					
						
							|  |  |  | 	ast_sorcery_object_field_register_custom(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, "contact_deny", "", acl_handler, NULL, NULL, 0, 0); | 
					
						
							|  |  |  | 	ast_sorcery_object_field_register_custom(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, "contact_acl", "", acl_handler, NULL, NULL, 0, 0); | 
					
						
							| 
									
										
										
										
											2013-08-20 21:01:59 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-11-20 16:25:19 +00:00
										 |  |  | 	ast_sorcery_load_object(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-04-25 18:25:31 +00:00
										 |  |  | 	ast_sip_register_service(&acl_module); | 
					
						
							|  |  |  | 	return AST_MODULE_LOAD_SUCCESS; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | static int unload_module(void) | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  | 	ast_sip_unregister_service(&acl_module); | 
					
						
							|  |  |  | 	return 0; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-07-30 18:14:50 +00:00
										 |  |  | AST_MODULE_INFO(ASTERISK_GPL_KEY, AST_MODFLAG_LOAD_ORDER, "PJSIP ACL Resource", | 
					
						
							| 
									
										
										
										
											2015-05-05 20:49:04 -04:00
										 |  |  | 	.support_level = AST_MODULE_SUPPORT_CORE, | 
					
						
							|  |  |  | 	.load = load_module, | 
					
						
							|  |  |  | 	.unload = unload_module, | 
					
						
							|  |  |  | 	.load_pri = AST_MODPRI_APP_DEPEND, | 
					
						
							|  |  |  | ); |