static int apply_endpoint_contact_acl(pjsip_rx_data *rdata, struct ast_sip_endpoint *endpoint)
{
int num_contact_addrs;
int forbidden = 0;
struct ast_sockaddr *contact_addrs;
int i;
pjsip_contact_hdr *contact = (pjsip_contact_hdr *)&rdata->msg_info.msg->hdr;
if (ast_acl_list_is_empty(endpoint->contact_acl)) {
return 0;
}
while ((contact = pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_CONTACT, contact->next))) {
num_contact_addrs = extract_contact_addr(contact, &contact_addrs);
if (num_contact_addrs <= 0) {
continue;
}
for (i = 0; i < num_contact_addrs; ++i) {
if (ast_apply_acl(endpoint->contact_acl, &contact_addrs[i], "SIP Contact ACL: ") != AST_SENSE_ALLOW) {
log_failed_request(rdata, "Not match Endpoint Contact ACL", 0, 0);
ast_sip_report_failed_acl(endpoint, rdata, "not_match_endpoint_contact_acl");
forbidden = 1;
break;
}
}
ast_free(contact_addrs);
if (forbidden) {
/* No use checking other contacts if we already have failed ACL check */
break;
}
}
return forbidden;
}
static int apply_contact_acl(pjsip_rx_data *rdata, struct ast_acl_list *contact_acl)
{
int num_contact_addrs;
int forbidden = 0;
struct ast_sockaddr *contact_addrs;
int i;
pjsip_contact_hdr *contact = (pjsip_contact_hdr *)&rdata->msg_info.msg->hdr;
if (ast_acl_list_is_empty(contact_acl)) {
return 0;
}
while ((contact = pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_CONTACT, contact->next))) {
num_contact_addrs = extract_contact_addr(contact, &contact_addrs);
if (num_contact_addrs <= 0) {
continue;
}
for (i = 0; i < num_contact_addrs; ++i) {
if (ast_apply_acl(contact_acl, &contact_addrs[i], "SIP Contact ACL: ") != AST_SENSE_ALLOW) {
ast_log(LOG_WARNING, "Incoming SIP message from %s did not pass ACL test\n", ast_sockaddr_stringify(&contact_addrs[i]));
forbidden = 1;
break;
}
}
ast_free(contact_addrs);
if (forbidden) {
/* No use checking other contacts if we already have failed ACL check */
break;
}
}
return forbidden;
}
static int apply_acl(pjsip_rx_data *rdata, struct ast_acl_list *acl)
{
struct ast_sockaddr addr;
if (ast_acl_list_is_empty(acl)) {
return 0;
}
memset(&addr, 0, sizeof(addr));
ast_sockaddr_parse(&addr, rdata->pkt_info.src_name, PARSE_PORT_FORBID);
ast_sockaddr_set_port(&addr, rdata->pkt_info.src_port);
if (ast_apply_acl(acl, &addr, "SIP ACL: ") != AST_SENSE_ALLOW) {
ast_log(LOG_WARNING, "Incoming SIP message from %s did not pass ACL test\n", ast_sockaddr_stringify(&addr));
return 1;
}
return 0;
}
static int apply_endpoint_acl(pjsip_rx_data *rdata, struct ast_sip_endpoint *endpoint)
{
struct ast_sockaddr addr;
if (ast_acl_list_is_empty(endpoint->acl)) {
return 0;
}
memset(&addr, 0, sizeof(addr));
ast_sockaddr_parse(&addr, rdata->pkt_info.src_name, PARSE_PORT_FORBID);
ast_sockaddr_set_port(&addr, rdata->pkt_info.src_port);
if (ast_apply_acl(endpoint->acl, &addr, "SIP ACL: ") != AST_SENSE_ALLOW) {
log_failed_request(rdata, "Not match Endpoint ACL", 0, 0);
ast_sip_report_failed_acl(endpoint, rdata, "not_match_endpoint_acl");
return 1;
}
return 0;
}
