dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add user_log_allowed function.

This commit is contained in:
FusionPBX 2022-09-15 17:00:57 -06:00 committed by GitHub
parent 4fce9a4565
commit 1d55981cbb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 115 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
app/event_guard/resources/service/event_guard.php
View File

@ -179,9 +179,9 @@
} }
//debug info //debug info
if ($debug) { //if ($debug) {
print_r($json_array); // print_r($json_array);
} //}
//registration failed - block IP address unless they are registered, //registration failed - block IP address unless they are registered,
if (is_array($json_array) && $json_array['Event-Subclass'] == 'sofia::register_failure') { if (is_array($json_array) && $json_array['Event-Subclass'] == 'sofia::register_failure') {
@ -258,10 +258,10 @@
} }
//debug information //debug information
if ($debug && ($json_array['Event-Subclass'] == 'sofia::register_failure' || $json_array['Event-Subclass'] == 'sofia::pre_register')) { //if ($debug && ($json_array['Event-Subclass'] == 'sofia::register_failure' || $json_array['Event-Subclass'] == 'sofia::pre_register')) {
echo "\n"; //echo "\n";
print_r($json_array); //print_r($json_array);
//echo "event_name: ".$json_array['Event-Name']."\n"; //echo "event_name: ".$json_array['Event-Name']."\n";
//echo "event_type: ".$json_array['event_type']."\n"; //echo "event_type: ".$json_array['event_type']."\n";
@ -276,7 +276,7 @@
//echo "hangup_cause: ".$json_array['Hangup-Cause']."\n"; //echo "hangup_cause: ".$json_array['Hangup-Cause']."\n";
//echo "to-host: $json_array['to-host']\n"; //echo "to-host: $json_array['to-host']\n";
//echo "\n"; //echo "\n";
} //}
//unset the array //unset the array
if (is_array($json_array)) { if (is_array($json_array)) {
@ -430,6 +430,76 @@
} }
} }
//determine if the IP address has been allowed by the access control list node cidr
function access_allowed($ip_address) {
//define global variables
global $debug;
//invalid ip address
if (!filter_var($ip_address, FILTER_VALIDATE_IP)) {
return false;
}
//check the cache to see if the address is allowed
$cache = new cache;
if ($cache->get("switch:allowed:".$ip_address) === 'true') {
//debug info
if ($debug) {
echo "address: ".$ip_address." allowed by: cache\n";
}
//return boolean true
return true;
}
//allow access if the cidr address is allowed
if (user_log_allowed($ip_address)) {
//save address to the cache as allowed
$cache->set("switch:allowed:".$ip_address, 'true');
//debug info
if ($debug) {
echo "address: ".$ip_address." allowed by: user logs\n";
}
//return boolean true
return true;
}
//allow access if the cidr address is allowed
if (access_control_allowed($ip_address)) {
//save address to the cache as allowed
$cache->set("switch:allowed:".$ip_address, 'true');
//debug info
if ($debug) {
echo "address: ".$ip_address." allowed by: access controls\n";
}
//return boolean true
return true;
}
//auto allow if there is a registration from the same IP address
if (is_registered($ip_address)) {
//save address to the cache as allowed
$cache->set("switch:allowed:".$ip_address, 'true');
//debug info
if ($debug) {
echo "address: ".$ip_address." allowed by: registration\n";
}
//return boolean true
return true;
}
//return
return false;
}
//is the ip address registered //is the ip address registered
function is_registered($ip_address) { function is_registered($ip_address) {
//invalid ip address //invalid ip address
@ -453,60 +523,6 @@
return $registered; return $registered;
} }
//determine if the IP address has been allowed by the access control list node cidr
function access_allowed($ip_address) {
//define global variables
global $debug;
//invalid ip address
if (!filter_var($ip_address, FILTER_VALIDATE_IP)) {
return false;
}
//check the cache to see if the address is allowed
$cache = new cache;
if ($cache->get("switch:allowed:".$ip_address) === 'true') {
//debug info
if ($debug) {
echo "allowed by: cache\n";
}
//return boolean true
return true;
}
//auto allow if there is a registration from the same IP address
if (is_registered($ip_address)) {
//save address to the cache as allowed
$cache->set("switch:allowed:".$ip_address, 'true');
//debug info
if ($debug) {
echo "allowed by: registration\n";
}
//return boolean true
return true;
}
//allow access if the cidr address is allowed
if (access_control_allowed($ip_address)) {
//save address to the cache as allowed
$cache->set("switch:allowed:".$ip_address, 'true');
//debug info
if ($debug) {
echo "allowed by: access controls\n";
}
//return boolean true
return true;
}
//return
return false;
}
//determine if the IP address has been allowed by the access control list node cidr //determine if the IP address has been allowed by the access control list node cidr
function access_control_allowed($ip_address) { function access_control_allowed($ip_address) {
@ -533,10 +549,10 @@
foreach($allowed_nodes as $row) { foreach($allowed_nodes as $row) {
if (check_cidr($row['node_cidr'], $ip_address)) { if (check_cidr($row['node_cidr'], $ip_address)) {
//debug info //debug info
if ($debug) { //if ($debug) {
print_r($row); // print_r($row);
echo $ip_address."\n"; // echo $ip_address."\n";
} //}
//set the allowed to true //set the allowed to true
$allowed = true; $allowed = true;
@ -551,4 +567,38 @@
return $allowed; return $allowed;
} }
//determine if the IP address has been allowed by the user log authentication success
function user_log_allowed($ip_address) {
//invalid ip address
if (!filter_var($ip_address, FILTER_VALIDATE_IP)) {
return false;
}
//get the access control allowed nodes
$sql = "select count(user_log_uuid) ";
$sql .= "from v_user_logs ";
$sql .= "where ip_address = :ip_address ";
$sql .= "and result = 'success' ";
$parameters['ip_address'] = $ip_address;
$database = new database;
$user_log_count = $database->select($sql, $parameters, 'field');
unset($database);
//debug info
if ($debug) {
echo "address ".$ip_address." count ".$user_log_count."\n";
}
//default authorized to false
$allowed = false;
//use the ip address to get the authorized nodes
if ($user_log_count > 0) {
$allowed = true;
}
//return
return $allowed;
}
?> ?>