From 8c9170a4d0705830822f628df86abe44b04a788b Mon Sep 17 00:00:00 2001
From: "SIPLABS, LLC" <info@siplabs.ru>
Date: Thu, 19 Mar 2015 19:18:28 +0700
Subject: [PATCH] fix access ACL record checking

---
 kamailio/acl-role.cfg | 26 ++++++++++++--------------
 1 file changed, 12 insertions(+), 14 deletions(-)

diff --git a/kamailio/acl-role.cfg b/kamailio/acl-role.cfg
index e5a4d7a..c940cad 100644
--- a/kamailio/acl-role.cfg
+++ b/kamailio/acl-role.cfg
@@ -88,10 +88,8 @@ route[ACL_CHECK] {
 
             kazoo_json($var(acl-response), "Realm.Order",       "$var(acl-realm-order)");
             kazoo_json($var(acl-response), "Realm.CIDR",        "$var(acl-realm-cidr)");
-            kazoo_json($var(acl-response), "Realm.CIDR.length", "$var(acl-realm-cidr-len)");
             kazoo_json($var(acl-response), "Device.Order",      "$var(acl-device-order)");
             kazoo_json($var(acl-response), "Device.CIDR",       "$var(acl-device-cidr)");
-            kazoo_json($var(acl-response), "Device.CIDR.length","$var(acl-device-cidr-len)");
             kazoo_json($var(acl-response), "Device.User-Agent", "$var(acl-device-ua)");
 
         } else {
@@ -126,9 +124,8 @@ route[ACL_CHECK_REALM] {
 route[ACL_CHECK_REALM_ALLOW] {
     if (not_empty("$var(acl-realm-cidr)")) {
         $var(i) = 0;
-        xlog("L_INFO", "$ci |ACL-realm| checking $var(acl-realm-cidr-len) record(s)");
-        while($var(i) < $var(acl-realm-cidr-len)) {
-            kazoo_json($var(acl-realm-cidr), "[$var(i)]", "$var(record)");
+        kazoo_json($var(acl-response), "Realm.CIDR[$var(i)]", "$var(record)");;
+        while(not_empty("$var(record)")) {
             xlog("L_INFO", "$ci |ACL-realm| checking if $si is in $var(record)");
             if (($var(record) == ACL_IP_ADDR_ANY) || is_in_subnet("$si", $var(record))) {
                 $sht(acl=>$var(realm)/$si) = 1;
@@ -136,6 +133,7 @@ route[ACL_CHECK_REALM_ALLOW] {
                 return;
             }
             $var(i) = $var(i) + 1;
+            kazoo_json($var(acl-response), "Realm.CIDR[$var(i)]", "$var(record)");;
         }
     } else {
         xlog("L_INFO", "$ci |ACL-realm| undefined CIDR in response for $var(realm)");
@@ -153,9 +151,8 @@ route[ACL_CHECK_REALM_DENY] {
     $var(size) = $(kzR{kz.json,Realm.CIDR.length});
     if (not_empty("$var(acl-realm-cidr)")) {
         $var(i) = 0;
-        xlog("L_INFO", "$ci |ACL-realm| checking $var(acl-realm-cidr-len) record(s)");
-        while($var(i) < $var(acl-realm-cidr-len)) {
-            kazoo_json($var(acl-realm-cidr), "[$var(i)]", "$var(record)");
+        kazoo_json($var(acl-response), "Realm.CIDR[$var(i)]", "$var(record)");;
+        while(not_empty("$var(record)")) {
             xlog("L_INFO", "$ci |ACL-realm| checking if $si is in $var(record)");
             if (($var(record) == ACL_IP_ADDR_ANY) || is_in_subnet("$si", $var(record))) {
                 $sht(acl=>$var(realm)/$si) = 0;
@@ -166,6 +163,7 @@ route[ACL_CHECK_REALM_DENY] {
                 exit;
             }
             $var(i) = $var(i) + 1;
+            kazoo_json($var(acl-response), "Realm.CIDR[$var(i)]", "$var(record)");;
         }
     } else {
         xlog("L_INFO", "$ci |ACL-realm| undefined CIDR in response for $var(realm)");
@@ -195,9 +193,8 @@ route[ACL_CHECK_DEVICE_ALLOW] {
     if (!not_empty("$var(acl-device-ua)") || (not_empty("$var(acl-device-ua)") && $ua =~ $var(acl-device-ua))) {
         if (not_empty("$var(acl-device-cidr)")) {
             $var(i) = 0;
-            xlog("L_INFO", "$ci |ACL-realm| checking $var(acl-device-cidr-len) record(s)");
-            while($var(i) < $var(acl-device-cidr-len)) {
-                kazoo_json($var(acl-device-cidr), "[$var(i)]", "$var(record)");
+            kazoo_json($var(acl-response), "Device.CIDR[$var(i)]", "$var(record)");;
+            while(not_empty("$var(record)")) {
                 xlog("L_INFO", "$ci |ACL-realm| checking if $si is in $var(record)");
                 if (($var(record) == ACL_IP_ADDR_ANY) || is_in_subnet("$si", $var(record))) {
                     $sht(acl=>$var(device)/$si) = 1;
@@ -205,6 +202,7 @@ route[ACL_CHECK_DEVICE_ALLOW] {
                     return;
                 }
                 $var(i) = $var(i) + 1;
+                kazoo_json($var(acl-response), "Device.CIDR[$var(i)]", "$var(record)");;
             }
         } else {
             xlog("L_INFO", "$ci |ACL-realm| undefined CIDR in response for $var(device)");
@@ -231,9 +229,8 @@ route[ACL_CHECK_DEVICE_DENY] {
 
     if (not_empty("$var(acl-device-cidr)")) {
         $var(i) = 0;
-        xlog("L_INFO", "$ci |ACL-device| checking $var(acl-device-cidr-len) record(s)");
-        while($var(i) < $var(acl-device-cidr-len)) {
-            kazoo_json($var(acl-device-cidr), "[$var(i)]", "$var(record)");
+        kazoo_json($var(acl-response), "Device.CIDR[$var(i)]", "$var(record)");;
+        while(not_empty("$var(record)")) {
             xlog("L_INFO", "$ci |ACL-device| checking if $si is in $var(record)");
             if (($var(record) == ACL_IP_ADDR_ANY) || is_in_subnet("$si", $var(record))) {
                 $sht(acl=>$var(device)/$si) = 0;
@@ -244,6 +241,7 @@ route[ACL_CHECK_DEVICE_DENY] {
                 exit;
             }
             $var(i) = $var(i) + 1;
+            kazoo_json($var(acl-response), "Device.CIDR[$var(i)]", "$var(record)");;
         }
     } else {
         xlog("L_INFO", "$ci |ACL-device| undefined CIDR in response for $var(device)");