Added ACL support

2018-08-23 19:16:10 -05:00 · 2018-08-23 19:16:10 -05:00 · 9a2b7834bb
commit 9a2b7834bb
parent bbad7ee2e7
1 changed files with 54 additions and 0 deletions
--- a/hb_parrot.py
+++ b/hb_parrot.py
@ -53,6 +53,57 @@ __status__     = 'pre-alpha'

 # Module gobal varaibles

+# Import subscriber ACL
+# ACL may be a single list of subscriber IDs
+# Global action is to allow or deny them. Multiple lists with different actions and ranges
+# are not yet implemented.
+def build_acl(_sub_acl):
+    ACL = set()
+    try:
+        acl_file = import_module(_sub_acl)
+        logger.info('ACL file found, importing entries. This will take about 1.5 seconds per 1 million IDs')
+        sections = acl_file.ACL.split(':')
+        ACL_ACTION = sections[0]
+        entries_str = sections[1]
+
+        
+        for entry in entries_str.split(','):
+            if '-' in entry:
+                start,end = entry.split('-')
+                start,end = int(start), int(end)
+                for id in range(start, end+1):
+                    ACL.add(hex_str_3(id))
+            else:
+                id = int(entry)
+                ACL.add(hex_str_3(id))
+        
+        logger.info('ACL loaded: action "{}" for {:,} radio IDs'.format(ACL_ACTION, len(ACL)))
+    
+    except ImportError:
+        logger.info('ACL file not found or invalid - all subscriber IDs are valid')
+        ACL_ACTION = 'NONE'
+
+    # Depending on which type of ACL is used (PERMIT, DENY... or there isn't one)
+    # define a differnet function to be used to check the ACL
+    global allow_sub
+    if ACL_ACTION == 'PERMIT':
+        def allow_sub(_sub):
+            if _sub in ACL:
+                return True
+            else:
+                return False
+    elif ACL_ACTION == 'DENY':
+        def allow_sub(_sub):
+            if _sub not in ACL:
+                return True
+            else:
+                return False
+    else:
+        def allow_sub(_sub):
+            return True
+    
+    return ACL
+
 class parrot(HBSYSTEM):
    
    def __init__(self, _name, _config, _logger, _report):
@ -194,6 +245,9 @@ if __name__ == '__main__':
    # Set signal handers so that we can gracefully exit if need be
    for sig in [signal.SIGTERM, signal.SIGINT]:
        signal.signal(sig, sig_handler)
+        
+    # Build the Access Control List
+    ACL = build_acl('reg_acl')
    
    # ID ALIAS CREATION
    # Download