ruhnet
/
kazoo-configs-kamailio
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 183 Wiki Activity
Browse Source

fix access ACL record checking

3.20
SIPLABS, LLC 11 years ago
parent
40d7949c94
commit
8c9170a4d0
1 changed files with 12 additions and 14 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +12
    -14
      kamailio/acl-role.cfg

+ 12
- 14
kamailio/acl-role.cfg View File

@ -88,10 +88,8 @@ route[ACL_CHECK] {
kazoo_json($var(acl-response), "Realm.Order", "$var(acl-realm-order)");
kazoo_json($var(acl-response), "Realm.CIDR", "$var(acl-realm-cidr)");
kazoo_json($var(acl-response), "Realm.CIDR.length", "$var(acl-realm-cidr-len)");
kazoo_json($var(acl-response), "Device.Order", "$var(acl-device-order)");
kazoo_json($var(acl-response), "Device.CIDR", "$var(acl-device-cidr)");
kazoo_json($var(acl-response), "Device.CIDR.length","$var(acl-device-cidr-len)");
kazoo_json($var(acl-response), "Device.User-Agent", "$var(acl-device-ua)");
} else {
@ -126,9 +124,8 @@ route[ACL_CHECK_REALM] {
route[ACL_CHECK_REALM_ALLOW] {
if (not_empty("$var(acl-realm-cidr)")) {
$var(i) = 0;
xlog("L_INFO", "$ci |ACL-realm| checking $var(acl-realm-cidr-len) record(s)");
while($var(i) < $var(acl-realm-cidr-len)) {
kazoo_json($var(acl-realm-cidr), "[$var(i)]", "$var(record)");
kazoo_json($var(acl-response), "Realm.CIDR[$var(i)]", "$var(record)");;
while(not_empty("$var(record)")) {
xlog("L_INFO", "$ci |ACL-realm| checking if $si is in $var(record)");
if (($var(record) == ACL_IP_ADDR_ANY) || is_in_subnet("$si", $var(record))) {
$sht(acl=>$var(realm)/$si) = 1;
@ -136,6 +133,7 @@ route[ACL_CHECK_REALM_ALLOW] {
return;
}
$var(i) = $var(i) + 1;
kazoo_json($var(acl-response), "Realm.CIDR[$var(i)]", "$var(record)");;
}
} else {
xlog("L_INFO", "$ci |ACL-realm| undefined CIDR in response for $var(realm)");
@ -153,9 +151,8 @@ route[ACL_CHECK_REALM_DENY] {
$var(size) = $(kzR{kz.json,Realm.CIDR.length});
if (not_empty("$var(acl-realm-cidr)")) {
$var(i) = 0;
xlog("L_INFO", "$ci |ACL-realm| checking $var(acl-realm-cidr-len) record(s)");
while($var(i) < $var(acl-realm-cidr-len)) {
kazoo_json($var(acl-realm-cidr), "[$var(i)]", "$var(record)");
kazoo_json($var(acl-response), "Realm.CIDR[$var(i)]", "$var(record)");;
while(not_empty("$var(record)")) {
xlog("L_INFO", "$ci |ACL-realm| checking if $si is in $var(record)");
if (($var(record) == ACL_IP_ADDR_ANY) || is_in_subnet("$si", $var(record))) {
$sht(acl=>$var(realm)/$si) = 0;
@ -166,6 +163,7 @@ route[ACL_CHECK_REALM_DENY] {
exit;
}
$var(i) = $var(i) + 1;
kazoo_json($var(acl-response), "Realm.CIDR[$var(i)]", "$var(record)");;
}
} else {
xlog("L_INFO", "$ci |ACL-realm| undefined CIDR in response for $var(realm)");
@ -195,9 +193,8 @@ route[ACL_CHECK_DEVICE_ALLOW] {
if (!not_empty("$var(acl-device-ua)") || (not_empty("$var(acl-device-ua)") && $ua =~ $var(acl-device-ua))) {
if (not_empty("$var(acl-device-cidr)")) {
$var(i) = 0;
xlog("L_INFO", "$ci |ACL-realm| checking $var(acl-device-cidr-len) record(s)");
while($var(i) < $var(acl-device-cidr-len)) {
kazoo_json($var(acl-device-cidr), "[$var(i)]", "$var(record)");
kazoo_json($var(acl-response), "Device.CIDR[$var(i)]", "$var(record)");;
while(not_empty("$var(record)")) {
xlog("L_INFO", "$ci |ACL-realm| checking if $si is in $var(record)");
if (($var(record) == ACL_IP_ADDR_ANY) || is_in_subnet("$si", $var(record))) {
$sht(acl=>$var(device)/$si) = 1;
@ -205,6 +202,7 @@ route[ACL_CHECK_DEVICE_ALLOW] {
return;
}
$var(i) = $var(i) + 1;
kazoo_json($var(acl-response), "Device.CIDR[$var(i)]", "$var(record)");;
}
} else {
xlog("L_INFO", "$ci |ACL-realm| undefined CIDR in response for $var(device)");
@ -231,9 +229,8 @@ route[ACL_CHECK_DEVICE_DENY] {
if (not_empty("$var(acl-device-cidr)")) {
$var(i) = 0;
xlog("L_INFO", "$ci |ACL-device| checking $var(acl-device-cidr-len) record(s)");
while($var(i) < $var(acl-device-cidr-len)) {
kazoo_json($var(acl-device-cidr), "[$var(i)]", "$var(record)");
kazoo_json($var(acl-response), "Device.CIDR[$var(i)]", "$var(record)");;
while(not_empty("$var(record)")) {
xlog("L_INFO", "$ci |ACL-device| checking if $si is in $var(record)");
if (($var(record) == ACL_IP_ADDR_ANY) || is_in_subnet("$si", $var(record))) {
$sht(acl=>$var(device)/$si) = 0;
@ -244,6 +241,7 @@ route[ACL_CHECK_DEVICE_DENY] {
exit;
}
$var(i) = $var(i) + 1;
kazoo_json($var(acl-response), "Device.CIDR[$var(i)]", "$var(record)");;
}
} else {
xlog("L_INFO", "$ci |ACL-device| undefined CIDR in response for $var(device)");


Write Preview
Loading…
Cancel
Save