[sr-dev] git:master:4826ba74: permissions: new parameter load_backends

Thu Jun 29 09:28:15 CEST 2017

Module: kamailio
Branch: master
Commit: 4826ba749a3d8589d57bc5fcb38eeb6f9e840e02
URL: https://github.com/kamailio/kamailio/commit/4826ba749a3d8589d57bc5fcb38eeb6f9e840e02

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2017-06-29T09:21:22+02:00

permissions: new parameter load_backends

- control what backends should be loaded
  - 1 - address table
  - 2 - trusted table
  - 4 - allow file
  - 8 - deny file
- it can be a combination (sum) of the options to load many backends
- default value 0xffff (load all backends)

---

Modified: src/modules/permissions/permissions.c
Modified: src/modules/permissions/permissions.h

---

Diff:  https://github.com/kamailio/kamailio/commit/4826ba749a3d8589d57bc5fcb38eeb6f9e840e02.diff
Patch: https://github.com/kamailio/kamailio/commit/4826ba749a3d8589d57bc5fcb38eeb6f9e840e02.patch

---

diff --git a/src/modules/permissions/permissions.c b/src/modules/permissions/permissions.c
index 3d50c6b0b7..f6715556a3 100644
--- a/src/modules/permissions/permissions.c
+++ b/src/modules/permissions/permissions.c
@@ -89,6 +89,8 @@ static int check_all_branches = 1;
 
 int _perm_max_subnets = 512;
 
+int _perm_load_backends = 0xFFFF;
+
 /*
  * Convert the name of the files into table index
  */
@@ -178,6 +180,7 @@ static param_export_t params[] = {
 	{"mask_col",           PARAM_STR, &mask_col        },
 	{"port_col",           PARAM_STR, &port_col        },
 	{"max_subnets",        PARAM_INT, &_perm_max_subnets },
+	{"load_backends",      PARAM_INT, &_perm_load_backends },
 	{0, 0, 0}
 };
 
@@ -576,33 +579,42 @@ static int double_fixup(void** param, int param_no)
  */
 static int mod_init(void)
 {
-	if(permissions_init_rpc()!=0)
-	{
-		LM_ERR("failed to register RPC commands\n");
+	if(_perm_load_backends==0) {
+		LM_ERR("failure - no backend to be loaded\n");
 		return -1;
 	}
 
-	allow[0].filename = get_pathname(default_allow_file);
-	allow[0].rules = parse_config_file(allow[0].filename);
-	if (allow[0].rules) {
-		LM_DBG("default allow file (%s) parsed\n", allow[0].filename);
-	} else {
-		LM_INFO("default allow file (%s) not found => empty rule set\n",
-				allow[0].filename);
+	if(permissions_init_rpc()!=0) {
+		LM_ERR("failed to register RPC commands\n");
+		return -1;
 	}
 
-	deny[0].filename = get_pathname(default_deny_file);
-	deny[0].rules = parse_config_file(deny[0].filename);
-	if (deny[0].rules) {
-		LM_DBG("default deny file (%s) parsed\n", deny[0].filename);
+	if(_perm_load_backends&PERM_LOAD_ALLOWFILE) {
+		allow[0].filename = get_pathname(default_allow_file);
+		allow[0].rules = parse_config_file(allow[0].filename);
+		if (allow[0].rules) {
+			LM_DBG("default allow file (%s) parsed\n", allow[0].filename);
+		} else {
+			LM_INFO("default allow file (%s) not found => empty rule set\n",
+					allow[0].filename);
+		}
 	} else {
-		LM_INFO("default deny file (%s) not found => empty rule set\n",
-				deny[0].filename);
+		allow[0].filename = NULL;
+		allow[0].rules = NULL;
 	}
 
-	if (init_trusted() != 0) {
-		LM_ERR("failed to initialize the allow_trusted function\n");
-		return -1;
+	if(_perm_load_backends&PERM_LOAD_DENYFILE) {
+		deny[0].filename = get_pathname(default_deny_file);
+		deny[0].rules = parse_config_file(deny[0].filename);
+		if (deny[0].rules) {
+			LM_DBG("default deny file (%s) parsed\n", deny[0].filename);
+		} else {
+			LM_INFO("default deny file (%s) not found => empty rule set\n",
+					deny[0].filename);
+		}
+	} else {
+		deny[0].filename = NULL;
+		deny[0].rules = NULL;
 	}
 
 	if (init_tag_avp(&tag_avp_param) < 0) {
@@ -610,9 +622,18 @@ static int mod_init(void)
 		return -1;
 	}
 
-	if (init_addresses() != 0) {
-		LM_ERR("failed to initialize the allow_address function\n");
-		return -1;
+	if(_perm_load_backends&PERM_LOAD_TRUSTEDDB) {
+		if (init_trusted() != 0) {
+			LM_ERR("failed to initialize the allow_trusted function\n");
+			return -1;
+		}
+	}
+
+	if(_perm_load_backends&PERM_LOAD_ADDRESSDB) {
+		if (init_addresses() != 0) {
+			LM_ERR("failed to initialize the allow_address function\n");
+			return -1;
+		}
 	}
 
 	if ((db_mode != DISABLE_CACHE) && (db_mode != ENABLE_CACHE)) {
diff --git a/src/modules/permissions/permissions.h b/src/modules/permissions/permissions.h
index 1613652ee6..bec8a7c236 100644
--- a/src/modules/permissions/permissions.h
+++ b/src/modules/permissions/permissions.h
@@ -60,6 +60,12 @@ extern str mask_col;      /* Name of mask column */
 extern str port_col;      /* Name of port column */
 extern int peer_tag_mode; /* Matching mode */
 
+/* backends to be loaded */
+#define PERM_LOAD_ADDRESSDB	(1<<0)
+#define PERM_LOAD_TRUSTEDDB	(1<<1)
+#define PERM_LOAD_ALLOWFILE	(1<<2)
+#define PERM_LOAD_DENYFILE	(1<<3)
+extern int _perm_load_backends; /* */
 
 typedef struct int_or_pvar {
 	unsigned int i;


