?? accessctl.c
字號:
/*
File Name : accessctl.c
Description : 定義和實現了訪問控制功能的兩個函數process_aclist和accesslist_check。
配置文件上的hosts_deny_sip和hosts_allow_sip的形式為:IP/mask (ex. 10.0.0.1/24);
mask為掩碼,可以為0,8,16,24,32。
hosts_deny_sip:SBC拒絕服務的主機IP地址;
hosts_allow_sip: 可以通過SBC的主機IP地址;
hosts_deny_sip的優先權高于hosts_allow_sip。
Version :1.0
Created : lidp @20070905
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <osipparser2/osip_parser.h>
#include "nsrsbc.h"
#include "cmdline.h"
extern struct gengetopt_args_info args_info;
int process_aclist (char *aclist, struct sockaddr_in from);
int accesslist_check (struct sockaddr_in from)
{
int access = 0;
/*
* check DENY list
*/
if ((args_info.hosts_deny_sip_arg != NULL) && (strcmp(args_info.hosts_deny_sip_arg,"")!= 0))
{
if (process_aclist(args_info.hosts_deny_sip_arg, from)== STS_SUCCESS)
access = 0;
}
/*
* check SIP allow list
*/
if ((args_info.hosts_allow_sip_arg != NULL) && (strcmp(args_info.hosts_allow_sip_arg,"")!= 0))
{
if (process_aclist(args_info.hosts_allow_sip_arg, from)==STS_SUCCESS)
{
access = 1;
}
}
else
{
access = 1;
}
return access;
}
/*
* checks for a match of the 'from' address with the supplied
* access list.
*
* RETURNS
* STS_SUCCESS for a match
* STS_FAILURE for no match
*/
int process_aclist (char *aclist, struct sockaddr_in from)
{
int i, sts;
int last = 0;
char *p1, *p2;
char address[32];
char mask[8];
int mask_int;
struct in_addr inaddr;
unsigned int bitmask;
for (i=0,p1=aclist;!last;i++)
{
/* address */
p2=strchr(p1,'/');
if (!p2)
{
printf("CONFIG: accesslist [%s]- no mask separator found\n", aclist);
return STS_FAILURE;
}
memset(address,0,sizeof(address));
memcpy(address,p1,p2-p1);
/* mask */
p1=strchr(p2,',');
p1=p2+1;
p2=strchr(p1,',');
if (!p2)
{
p2=strchr(p1,'\0');
last=1;
}
memset(mask,0,sizeof(mask));
memcpy(mask,p1,p2-p1);
p1=p2+1;
//printf("[%d] extracted address=%s\n", i, address);
//printf("[%d] extracted mask=%s\n", i, mask);
/*
* check for a match
*/
sts=inet_aton(address, &inaddr);
if (!sts)
{
printf("process_aclist: cannot resolve address [%s]\n",address);
return STS_FAILURE;
}
mask_int=atoi(mask);
bitmask= (mask_int)? (0xffffffff<<(32-mask_int)) : 0;
//printf("check match: entry=%d, filter=%lx, from=%lx\n",i,(long)ntohl(inaddr.s_addr)&bitmask,
// (long)ntohl(from.sin_addr.s_addr)&bitmask);
if ((ntohl(inaddr.s_addr) & bitmask) == (ntohl(from.sin_addr.s_addr) & bitmask))
return STS_SUCCESS;
}
return STS_FAILURE;
}
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -