ruhnet
/
kazoo-configs-kamailio
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 183 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1163 Commits
23 Branches
2.0 MiB
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
kazoo-configs-kamailio/kamailio/trusted.cfg

137 lines
4.8 KiB
Raw Permalink Blame History

####### Permissions module ##########
#!trydef KZ_PERMISSIONS_MAX_SUBNET 2048
#!trydef KZ_PERMISSIONS_CACHE 0
#!trydef TRUSTED_AMQP_FLAGS 2048
loadmodule "permissions.so"
modparam("permissions", "db_url", "KAZOO_DB_URL")
modparam("permissions", "db_mode", KZ_PERMISSIONS_CACHE)
modparam("permissions", "peer_tag_avp", "$avp(trusted_x_header)")
modparam("permissions", "max_subnets", KZ_PERMISSIONS_MAX_SUBNET)
modparam("rtimer", "timer", "name=trusted_reload;interval=30;mode=1;")
modparam("rtimer", "exec", "timer=trusted_reload;route=TRUSTED_RELOAD")
modparam("rtimer", "exec", "timer=trusted_reload;route=TRUSTED_QUERY")
modparam("pv", "shvset", "trusted_query=i:1")
route[TRUSTED_LOAD]
{
$shv(trusted_query) = 2;
$shv(trusted_reload) = 0;
$var(amqp_payload_request) = $_s({"Event-Category" : "trusted" , "Event-Name" : "query"});
$var(amqp_routing_key) = "trusted.query";
xlog("L_INFO", "event|trusted|publishing to acl => $var(amqp_routing_key) : $var(amqp_payload_request)\n");
if(kazoo_query("trusted", $var(amqp_routing_key), $var(amqp_payload_request), "$def(TRUSTED_AMQP_FLAGS)") != 1) {
if($(kzR{kz.json,Event-Name}) == "message_returned" ) {
xlog("L_WARNING", "event|trusted|message was returned by broker $(kzR{kz.json,Error-Code}) $(kzR{kz.json,Error-Reason})\n");
} else {
xlog("L_WARNING", "event|trusted|query failed $kzR\n");
}
$shv(trusted_query) = 1;
return;
}
xlog("L_INFO", "event|trusted|query got reply\n");
avp_delete("$avp(TrustedKeys)/g");
if(kazoo_json_keys($kzR, "Trusted", "$avp(TrustedKeys)") != 1) {
xlog("L_WARNING", "event|trusted|no keys for Trusted\n");
$shv(trusted_query) = 0;
return;
}
xlog("L_INFO", "event|trusted|cleaning address table\n");
sql_query("exec", "delete from address");
$var(total) = 0;
$var(Count) = $cnt($avp(TrustedKeys));
$var(Idx) = 0;
xlog("L_INFO", "event|trusted|count for trusted is $var(Count)\n");
while($var(Idx) < $var(Count)) {
$var(KeyName) = $(avp(TrustedKeys)[$var(Idx)]);
$var(Key) = $(var(KeyName){s.replace,.,%});
$var(token) = $(kzR{kz.json,Trusted.$var(Key).token});
$var(cidr_count) = $(kzR{kz.json.count, Trusted.$var(Key).cidrs});
## ports
$var(port_count) = $(kzR{kz.json.count, Trusted.$var(Key).ports});
$(avp(ports)[*]) = $null;
if($var(port_count) == 0) {
$avp(ports) = 0;
$var(port_count) = 1;
} else {
$var(portIdx) = 0;
while($var(portIdx) < $var(port_count)) {
$avp(ports) = $(kzR{kz.json, Trusted.$var(Key).ports[$var(portIdx)});
$var(portIdx) = $var(portIdx) + 1;
}
}
$var(cidr_idx) = 0;
while($var(cidr_idx) < $var(cidr_count)) {
$var(cidr) = $(kzR{kz.json,Trusted.$var(Key).cidrs[$var(cidr_idx)]});
$var(ip) = $(var(cidr){s.select,0,/});
$var(mask) = $(var(cidr){s.select,1,/});
$var(portIdx) = 0;
while($var(portIdx) < $var(port_count)) {
$var(sql) = $_s(insert into address(ip_addr, mask, port, tag) values("$var(ip)", $var(mask), $(avp(ports)[$var(portIdx)]), "$var(token)"));
sql_query("exec", "$var(sql)");
$var(portIdx) = $var(portIdx) + 1;
$var(total) = $var(total) + 1;
}
$var(cidr_idx) = $var(cidr_idx) + 1;
}
$var(Idx) = $var(Idx) + 1;
}
xlog("L_NOTICE", "event|trusted|loaded $var(total) entries into address table\n");
$shv(trusted_reload) = 1;
$shv(trusted_query) = 0;
}
route[RELOAD_TRUSTED]
{
jsonrpc_exec('{"jsonrpc": "2.0", "method": "permissions.addressReload"}');
xlog("L_NOTICE", "event|trusted|reload $(jsonrpl(body){kz.json,result})\n");
$shv(trusted_reload) = 0;
}
route[TRUSTED_RELOAD]
{
if($shv(trusted_reload) == 1) {
$shv(trusted_reload) = 2;
} else if($shv(trusted_reload) == 2) {
route(RELOAD_TRUSTED);
};
}
route[TRUSTED_QUERY]
{
if($shv(trusted_query) == 1) {
route(TRUSTED_LOAD);
};
}
route[KZ_AMQP_BINDING_TRUSTED]
{
if(!check_route_exists("KZ_AMQP_BINDING_CUSTOM_TRUSTED")) {
$var(payload) = $_s({"name": "trusted-reload", "exchange": "trusted", "type": "topic", "queue": "trusted-reload-MY_HOSTNAME", "routing": "trusted.reload", "federate": true });
kazoo_subscribe("$var(payload)");
}
}
event_route[kazoo:consumer-event-trusted-reload]
{
xlog("L_NOTICE", "event|trusted|received trusted reload\n");
if ($shv(trusted_query) == 0) {
xlog("L_NOTICE", "event|trusted|signaling trusted reload\n");
$shv(trusted_query) = 1;
} else {
xlog("L_NOTICE", "event|trusted|signal already active for trusted reload\n");
}
}