accessctl.c

简单的基于SIP的会话边界控制器

/*
    File Name   : accessctl.c
    Description : 定义和实现了访问控制功能的两个函数process_aclist和accesslist_check。
                  配置文件上的hosts_deny_sip和hosts_allow_sip的形式为：IP/mask (ex. 10.0.0.1/24)；
                  mask为掩码，可以为0，8，16，24，32。
                  hosts_deny_sip：SBC拒绝服务的主机IP地址；
                  hosts_allow_sip: 可以通过SBC的主机IP地址；
                  hosts_deny_sip的优先权高于hosts_allow_sip。                  
    Version     ：1.0
    Created     : lidp @20070905
*/

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <sys/types.h>
#include <netinet/in.h>

#include <osipparser2/osip_parser.h>

#include "nsrsbc.h"
#include "cmdline.h"

extern struct gengetopt_args_info args_info;

int process_aclist (char *aclist, struct sockaddr_in from);

int accesslist_check (struct sockaddr_in from) 
{
	int access = 0;
    /*
     * check DENY list
     */
    if ((args_info.hosts_deny_sip_arg != NULL) && (strcmp(args_info.hosts_deny_sip_arg,"")!= 0)) 
    {
      	if (process_aclist(args_info.hosts_deny_sip_arg, from)== STS_SUCCESS) 
       	access = 0;      
    }
    
   /*
    * check SIP allow list
   	*/
   if ((args_info.hosts_allow_sip_arg != NULL) && (strcmp(args_info.hosts_allow_sip_arg,"")!= 0)) 
   {
      	if (process_aclist(args_info.hosts_allow_sip_arg, from)==STS_SUCCESS)
       {         
        	access = 1;
      	}
   } 
   else 
   {
      	access = 1;
   }
   return access;
}

/*
 * checks for a match of the 'from' address with the supplied
 * access list.
 *
 * RETURNS
 *	STS_SUCCESS for a match
 *	STS_FAILURE for no match
 */
int process_aclist (char *aclist, struct sockaddr_in from) 
{
	int i, sts;
	int last = 0;
       char *p1, *p2;
   	char address[32];
   	char mask[8];   
   	int  mask_int;
   	struct in_addr inaddr;
   	unsigned int bitmask;

       for (i=0,p1=aclist;!last;i++) 
       {
    	/* address */
      	p2=strchr(p1,'/');
      	if (!p2) 
      	{
         	printf("CONFIG: accesslist [%s]- no mask separator found\n", aclist);
	 		return STS_FAILURE;
    	}
     	memset(address,0,sizeof(address));
      	memcpy(address,p1,p2-p1);
      	/* mask */
      	p1=strchr(p2,',');
      	p1=p2+1;
      	p2=strchr(p1,',');
      	if (!p2) 
      	{ 
         	p2=strchr(p1,'\0');
	 		last=1;
      	}
      	memset(mask,0,sizeof(mask));
      	memcpy(mask,p1,p2-p1);
      	p1=p2+1;

      	//printf("[%d] extracted address=%s\n", i, address);
      	//printf("[%d] extracted mask=%s\n", i, mask);
      	
        /*
 	  * check for a match
 	  */
      	sts=inet_aton(address, &inaddr);
        if (!sts) 
        {
         	printf("process_aclist: cannot resolve address [%s]\n",address);
         	return STS_FAILURE;
      	}
      	mask_int=atoi(mask);
      	bitmask= (mask_int)? (0xffffffff<<(32-mask_int)) : 0;
      	//printf("check match: entry=%d, filter=%lx, from=%lx\n",i,(long)ntohl(inaddr.s_addr)&bitmask,
	//	           (long)ntohl(from.sin_addr.s_addr)&bitmask);	
      	if ((ntohl(inaddr.s_addr) & bitmask) == (ntohl(from.sin_addr.s_addr) & bitmask)) 
      		return STS_SUCCESS;
     }
     return STS_FAILURE;
}