Thanks!
Looks ok. (Despite the fact it's looking like write-only statement : ) Idea was, that I want to avoid creating additional tables or schema of ACL. Means if I can use already built-in mechanism/tables/schema - than why to implement own. Code reuse, all this.
On Nov 7 2019, at 10:56 am, Daniel Tryba d.tryba@pocos.nl wrote:
On Wed, Nov 06, 2019 at 07:15:42PM +0100, Igor Olhovskiy wrote:
Hm... Maybe there is other module to achieve such functions? Best if it would be with cache :) But if no - regex also fine.
But if it works it works! I don't think there is a specific module to do this but it is easy to implement yourself. What I don't like personally about your solution is the use of the permission tables, you need atleast 1 per user (unless users have the same ip).
Personally I do this by direct database queries in usr_preferences on INVITEs and REGISTERs. You could use any database (depending on how you store the ACL) and cache it in a htable.
My solution is mysql specific (inet_aton) and forces users to have atleast 1 CIDR notated subnet:
if(!avp_db_query("select value from usr_preferences where username='$au' and attribute='acl' and inet_aton(substring_index(value,'/',1))&(1 << 32) - 1 & ~((1 << (32 - substring_index(value,'/',-1))) - 1)=inet_aton('$si')&(1 << 32) - 1 & ~((1 << (32 - substring_index(value,'/',-1))) - 1)")) { t_reply("404","Go away"); exit; }
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users