ShaYmez/DMRlink
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Adding Access Control List

Browse Source
This commit is contained in:
Cort Buffington 2016-05-03 19:53:22 -05:00
parent 1465468a96
commit 1d51980281
3 changed files with 43 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -9,6 +9,7 @@ pub*
bridge_rules.py bridge_rules.py
playback_config.py playback_config.py
known_bridges.py known_bridges.py
sub_acl.py
*.pyc *.pyc
*.bak *.bak
*.lcl *.lcl

36
bridge.py
View File

@ -104,6 +104,35 @@ except ImportError:
logger.critical('\'known_bridges.py\' not found - backup bridge service will not be enabled') logger.critical('\'known_bridges.py\' not found - backup bridge service will not be enabled')
BRIDGES = [] BRIDGES = []
# Import subscriber ACL
# ACL may be a single list of subscriber IDs
# Global action is to allow or deny them. Multiple lists with different actions and ranges
# are not yet implemented.
try:
from sub_acl import ACL_ACTION, ACL
# uses more memory to build hex strings, but processes MUCH faster when checking for matches
for i, e in enumerate(ACL):
ACL[i] = hex_str_3(ACL[i])
logger.info('Subscriber access control file found, subscriber ACL imported')
except ImportError:
logger.critical('\'sub_acl.py\' not found - all subscriber IDs are valid')
# Depending on which type of ACL is used (PERMIT, DENY... or there isn't one)
# define a differnet function to be used to check the ACL
if ACL_ACTION == 'PERMIT':
def allow_sub(_sub):
if _sub in ACL:
return True
elif ACL_ACTION == 'DENY':
def allow_sub(_sub):
if _sub not in ACL:
return True
else:
def allow_sub(_sub):
return True
class bridgeIPSC(IPSC): class bridgeIPSC(IPSC):
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
@ -155,6 +184,13 @@ class bridgeIPSC(IPSC):
#************************************************ #************************************************
# #
def group_voice(self, _network, _src_sub, _dst_group, _ts, _end, _peerid, _data): def group_voice(self, _network, _src_sub, _dst_group, _ts, _end, _peerid, _data):
# Check for ACL match, and return if the subscriber is not allowed
if allow_sub(_src_sub) == False:
logger.debug('(%s) Group Voice Packet ***REJECTED BY ACL*** From: %s, IPSC Peer %s, Destination %s', _network, int_id(_src_sub), int_id(_peerid), int_id(_dst_group))
return
# Process the packet
logger.debug('(%s) Group Voice Packet Received From: %s, IPSC Peer %s, Destination %s', _network, int_id(_src_sub), int_id(_peerid), int_id(_dst_group)) logger.debug('(%s) Group Voice Packet Received From: %s, IPSC Peer %s, Destination %s', _network, int_id(_src_sub), int_id(_peerid), int_id(_dst_group))
_burst_data_type = _data[30] # Determine the type of voice packet this is (see top of file for possible types) _burst_data_type = _data[30] # Determine the type of voice packet this is (see top of file for possible types)
if _ts == 0: if _ts == 0:

6
sub_acl_SAMPLE.py Normal file
View File

@ -0,0 +1,6 @@
ACL_ACTION = "DENY" # May be PERMIT|DENY
ACL = [
1234001,
1234002,
1234003
]