Browse code

userblacklist: added check_whitelist function

- check_whitelist(string table) finds the longest prefix that
matches the request URI for the given table and returns true
if the match is set to whitelist

Pawel Kuzak authored on 25/07/2014 11:28:48 • lucian balanceanu committed on 25/07/2014 11:45:43
Showing 3 changed files
... ...
@@ -11,7 +11,7 @@ Henning Westerholt
11 11
    1&1 Internet AG
12 12
    <henning.westerholt@1und1.de>
13 13
 
14
-   Copyright � 2008 1&1 Internet AG
14
+   Copyright © 2008 1&1 Internet AG
15 15
      __________________________________________________________________
16 16
 
17 17
    Table of Contents
... ...
@@ -38,6 +38,7 @@ Henning Westerholt
38 38
                       string number, string table)
39 39
 
40 40
               4.3. check_blacklist ([string table])
41
+              4.4. check_whitelist (string table)
41 42
 
42 43
         5. MI Commands
43 44
 
... ...
@@ -69,9 +70,10 @@ Henning Westerholt
69 70
    1.3. check_user_blacklist usage
70 71
    1.4. check_user_blacklist usage
71 72
    1.5. check_blacklist usage
72
-   1.6. reload_blacklists usage
73
-   1.7. Example database content - globalblacklist table
74
-   1.8. Example database content - userblacklist table
73
+   1.6. check_whitelist usage
74
+   1.7. reload_blacklists usage
75
+   1.8. Example database content - globalblacklist table
76
+   1.9. Example database content - userblacklist table
75 77
    2.1. Set db_url parameter
76 78
    2.2. Set userblacklist_table parameter
77 79
    2.3. Set userblacklist_id_col parameter
... ...
@@ -109,6 +111,7 @@ Chapter 1. Admin Guide
109 111
                 number, string table)
110 112
 
111 113
         4.3. check_blacklist ([string table])
114
+        4.4. check_whitelist (string table)
112 115
 
113 116
    5. MI Commands
114 117
 
... ...
@@ -172,7 +175,7 @@ Chapter 1. Admin Guide
172 175
    If set to non-zero value, the domain column in the userblacklist is
173 176
    used.
174 177
 
175
-   Default value is "0".
178
+   Default value is “0”.
176 179
 
177 180
    Example 1.1. Set use_domain parameter
178 181
 ...
... ...
@@ -188,7 +191,7 @@ modparam("userblacklist", "use_domain", 0)
188 191
    matching. Please be aware that memory requirements for storing the
189 192
    routing tree in shared memory will also increase by a factor of 12.8.
190 193
 
191
-   Default value is "10".
194
+   Default value is “10”.
192 195
 
193 196
    Example 1.2. Set match_mode parameter
194 197
 ...
... ...
@@ -204,8 +207,9 @@ modparam("userblacklist", "match_mode", 128)
204 207
           string table)
205 208
 
206 209
    4.3. check_blacklist ([string table])
210
+   4.4. check_whitelist (string table)
207 211
 
208
-4.1. check_user_blacklist (string user, string domain, string number, string
212
+4.1.  check_user_blacklist (string user, string domain, string number, string
209 213
 table)
210 214
 
211 215
    Finds the longest prefix that matches the request URI user (or the
... ...
@@ -226,7 +230,7 @@ if (!check_user_blacklist("$avp(i:80)", "$avp(i:82)")) {
226 230
 }
227 231
 ...
228 232
 
229
-4.2. check_user_whitelist (string user, string domain, string number, string
233
+4.2.  check_user_whitelist (string user, string domain, string number, string
230 234
 table)
231 235
 
232 236
    Finds the longest prefix that matches the request URI user (or the
... ...
@@ -247,7 +251,7 @@ if (!check_user_whitelist("$avp(i:80)", "$avp(i:82)")) {
247 251
 }
248 252
 ...
249 253
 
250
-4.3. check_blacklist ([string table])
254
+4.3.  check_blacklist ([string table])
251 255
 
252 256
    Finds the longest prefix that matches the request URI for the given
253 257
    table. If a match is found and it is not set to whitelist, false is
... ...
@@ -262,16 +266,30 @@ if (!check_blacklist("globalblacklist")) {
262 266
 }
263 267
 ...
264 268
 
269
+4.4.  check_whitelist (string table)
270
+
271
+   Finds the longest prefix that matches the request URI for the given
272
+   table. If a match is found and it is set to whitelist, true is
273
+   returned. Otherwise, false is returned.
274
+
275
+   Example 1.6. check_whitelist usage
276
+...
277
+if (!check_whitelist("globalblacklist")) {
278
+        sl_send_reply("403", "Forbidden");
279
+        exit;
280
+}
281
+...
282
+
265 283
 5. MI Commands
266 284
 
267 285
    5.1. reload_blacklist
268 286
 
269
-5.1. reload_blacklist
287
+5.1.  reload_blacklist
270 288
 
271 289
    Reload the internal global blacklist cache. This is necessary after the
272 290
    database tables for the global blacklist have been changed.
273 291
 
274
-   Example 1.6. reload_blacklists usage
292
+   Example 1.7. reload_blacklists usage
275 293
 ...
276 294
 kamctl fifo reload_blacklist
277 295
 ...
... ...
@@ -293,7 +311,7 @@ kamctl fifo reload_blacklist
293 311
    complete database documentation on the project webpage,
294 312
    http://www.kamailio.org/docs/db-tables/kamailio-db-devel.html.
295 313
 
296
-   Example 1.7. Example database content - globalblacklist table
314
+   Example 1.8. Example database content - globalblacklist table
297 315
 ...
298 316
 +----+-----------+-----------+
299 317
 | id | prefix    | whitelist |
... ...
@@ -306,11 +324,11 @@ kamctl fifo reload_blacklist
306 324
 ...
307 325
 
308 326
    This table will setup a global blacklist for all numbers, only allowing
309
-   calls starting with "1". Numbers that starting with "123456" and
310
-   "123455787" are also blacklisted, because the longest prefix will be
327
+   calls starting with “1”. Numbers that starting with “123456” and
328
+   “123455787” are also blacklisted, because the longest prefix will be
311 329
    matched.
312 330
 
313
-   Example 1.8. Example database content - userblacklist table
331
+   Example 1.9. Example database content - userblacklist table
314 332
 ...
315 333
 +----+----------------+-------------+-----------+-----------+
316 334
 | id | username       | domain      | prefix    | whitelist |
... ...
@@ -326,10 +344,10 @@ kamctl fifo reload_blacklist
326 344
 ...
327 345
 
328 346
    This table will setup user specific blacklists for certain usernames.
329
-   For example for user "49721123456788" the prefix "1234" will be not
330
-   allowed, but the number "123456788" is allowed. Additionally a domain
347
+   For example for user “49721123456788” the prefix “1234” will be not
348
+   allowed, but the number “123456788” is allowed. Additionally a domain
331 349
    could be specified that is used for username matching if the
332
-   "use_domain" parameter is set.
350
+   “use_domain” parameter is set.
333 351
 
334 352
 Chapter 2. Module parameter for database access.
335 353
 
... ...
@@ -352,7 +370,7 @@ Chapter 2. Module parameter for database access.
352 370
 
353 371
    URL to the database containing the data.
354 372
 
355
-   Default value is "mysql://openserro:openserro@localhost/openser".
373
+   Default value is “mysql://kamailioro:kamailioro@localhost/kamailio”.
356 374
 
357 375
    Example 2.1. Set db_url parameter
358 376
 ...
... ...
@@ -364,7 +382,7 @@ modparam("userblacklist", "db_url", "dbdriver://username:password@dbhost/dbname"
364 382
 
365 383
    Name of the userblacklist table for the userblacklist module.
366 384
 
367
-   Default value is "userblacklist".
385
+   Default value is “userblacklist”.
368 386
 
369 387
    Example 2.2. Set userblacklist_table parameter
370 388
 ...
... ...
@@ -422,7 +440,7 @@ modparam("userblacklist", "userblacklist_whitelist_col", "whitelist")
422 440
    note that this table is used when the check_blacklist function is
423 441
    called with no parameters.
424 442
 
425
-   Default value is "globalblacklist".
443
+   Default value is “globalblacklist”.
426 444
 
427 445
    Example 2.8. Set globalblacklist_table parameter
428 446
 ...
... ...
@@ -193,6 +193,27 @@ if (!check_blacklist("globalblacklist")) {
193 193
 	sl_send_reply("403", "Forbidden");
194 194
 	exit;
195 195
 }
196
+...
197
+		</programlisting>
198
+	    </example>
199
+	</section>
200
+	<section>
201
+	    <title>
202
+		<function moreinfo="none">check_whitelist (string table)</function>
203
+	    </title>
204
+	    <para>
205
+		Finds the longest prefix that matches the request URI for the
206
+		given table. If a match is found and it is set to whitelist,
207
+		true is returned. Otherwise, false is returned.
208
+	    </para>
209
+	<example>
210
+		<title><function>check_whitelist</function> usage</title>
211
+		<programlisting format="linespecific">
212
+...
213
+if (!check_whitelist("globalblacklist")) {
214
+	sl_send_reply("403", "Forbidden");
215
+	exit;
216
+}
196 217
 ...
197 218
 		</programlisting>
198 219
 	    </example>
... ...
@@ -90,6 +90,7 @@ static int check_user_whitelist2(struct sip_msg *msg, char* str1, char* str2);
90 90
 static int check_user_blacklist3(struct sip_msg *msg, char* str1, char* str2, char* str3);
91 91
 static int check_user_whitelist3(struct sip_msg *msg, char* str1, char* str2, char* str3);
92 92
 static int check_blacklist(struct sip_msg *msg, struct check_blacklist_fs_t *arg1);
93
+static int check_whitelist(struct sip_msg *msg, struct check_blacklist_fs_t *arg1);
93 94
 static int check_globalblacklist(struct sip_msg *msg);
94 95
 
95 96
 
... ...
@@ -111,6 +112,7 @@ static cmd_export_t cmds[]={
111 112
 	{ "check_user_blacklist", (cmd_function)check_user_blacklist, 4, check_user_blacklist_fixup, 0, REQUEST_ROUTE | FAILURE_ROUTE },
112 113
 	{ "check_user_whitelist", (cmd_function)check_user_whitelist, 4, check_user_blacklist_fixup, 0, REQUEST_ROUTE | FAILURE_ROUTE },
113 114
 	{ "check_blacklist", (cmd_function)check_blacklist, 1, check_blacklist_fixup, 0, REQUEST_ROUTE | FAILURE_ROUTE },
115
+	{ "check_whitelist", (cmd_function)check_whitelist, 1, check_blacklist_fixup, 0, REQUEST_ROUTE | FAILURE_ROUTE },
114 116
 	{ "check_blacklist", (cmd_function)check_globalblacklist, 0, check_globalblacklist_fixup, 0, REQUEST_ROUTE | FAILURE_ROUTE },
115 117
 	{ 0, 0, 0, 0, 0, 0}
116 118
 };
... ...
@@ -537,6 +539,51 @@ static int check_blacklist(struct sip_msg *msg, struct check_blacklist_fs_t *arg
537 539
 	return ret;
538 540
 }
539 541
 
542
+static int check_whitelist(struct sip_msg *msg, struct check_blacklist_fs_t *arg1)
543
+{
544
+	void **nodeflags;
545
+	char *ptr;
546
+	char req_number[MAXNUMBERLEN+1];
547
+	int ret = -1;
548
+
549
+	if (msg->first_line.type != SIP_REQUEST) {
550
+		LM_ERR("SIP msg is not a request\n");
551
+		return -1;
552
+	}
553
+
554
+	if ((parse_sip_msg_uri(msg) < 0) || (!msg->parsed_uri.user.s) || (msg->parsed_uri.user.len > MAXNUMBERLEN)) {
555
+		LM_ERR("cannot parse msg URI\n");
556
+		return -1;
557
+	}
558
+	strncpy(req_number, msg->parsed_uri.user.s, msg->parsed_uri.user.len);
559
+	req_number[msg->parsed_uri.user.len] = '\0';
560
+
561
+	ptr = req_number;
562
+	/* Skip over non-digits.  */
563
+	while (strlen(ptr) > 0 && !isdigit(*ptr)) {
564
+		ptr = ptr + 1;
565
+	}
566
+
567
+	LM_DBG("check entry %s\n", req_number);
568
+
569
+	/* avoids dirty reads when updating d-tree */
570
+	lock_get(lock);
571
+	nodeflags = dtrie_longest_match(arg1->dtrie_root, ptr, strlen(ptr), NULL, 10);
572
+	if (nodeflags) {
573
+		if (*nodeflags == (void *)MARK_WHITELIST) {
574
+			/* LM_DBG("whitelisted"); */
575
+			ret = 1; /* found, but is whitelisted */
576
+		}
577
+	}
578
+	else {
579
+		/* LM_ERR("not found"); */
580
+		ret = -1; /* not found is ok */
581
+	}
582
+	lock_release(lock);
583
+
584
+	LM_DBG("entry %s is blacklisted\n", req_number);
585
+	return ret;
586
+}
540 587
 
541 588
 /**
542 589
  * Fills the d-tree for all configured and prepared sources.