Skip to content

Commit

Permalink
Complete the restructuring of the DMR access control.
Browse files Browse the repository at this point in the history
  • Loading branch information
@g4klx
g4klx committed Dec 21, 2016
1 parent a3d28f7 commit 59080e1
Show file tree
Hide file tree
Showing 9 changed files with 59 additions and 325 deletions.
108 changes: 5 additions & 103 deletions Conf.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,14 +107,7 @@ m_dmrColorCode(2U),
m_dmrSelfOnly(false),
m_dmrPrefixes(),
m_dmrBlackList(),
m_dmrDstIdBlacklistSlot1RF(),
m_dmrDstIdBlacklistSlot2RF(),
m_dmrDstIdWhitelistSlot1RF(),
m_dmrDstIdWhitelistSlot2RF(),
m_dmrDstIdBlacklistSlot1NET(),
m_dmrDstIdBlacklistSlot2NET(),
m_dmrDstIdWhitelistSlot1NET(),
m_dmrDstIdWhitelistSlot2NET(),
m_dmrWhiteList(),
m_dmrCallHang(3U),
m_dmrTXHang(4U),
m_fusionEnabled(false),
Expand Down Expand Up @@ -395,68 +388,12 @@ bool CConf::read()
m_dmrBlackList.push_back(id);
p = ::strtok(NULL, ",\r\n");
}
} else if (::strcmp(key, "DstIdBlackListSlot1RF") == 0) {
} else if (::strcmp(key, "WhiteList") == 0) {
char* p = ::strtok(value, ",\r\n");
while (p != NULL) {
unsigned int id = (unsigned int)::atoi(p);
if (id > 0U)
m_dmrDstIdBlacklistSlot1RF.push_back(id);
p = ::strtok(NULL, ",\r\n");
}
} else if (::strcmp(key, "DstIdBlackListSlot2RF") == 0) {
char* p = ::strtok(value, ",\r\n");
while (p != NULL) {
unsigned int id = (unsigned int)::atoi(p);
if (id > 0U)
m_dmrDstIdBlacklistSlot2RF.push_back(id);
p = ::strtok(NULL, ",\r\n");
}
} else if (::strcmp(key, "DstIdWhiteListSlot1RF") == 0) {
char* p = ::strtok(value, ",\r\n");
while (p != NULL) {
unsigned int id = (unsigned int)::atoi(p);
if (id > 0U)
m_dmrDstIdWhitelistSlot1RF.push_back(id);
p = ::strtok(NULL, ",\r\n");
}
} else if (::strcmp(key, "DstIdWhiteListSlot2RF") == 0) {
char* p = ::strtok(value, ",\r\n");
while (p != NULL) {
unsigned int id = (unsigned int)::atoi(p);
if (id > 0U)
m_dmrDstIdWhitelistSlot2RF.push_back(id);
p = ::strtok(NULL, ",\r\n");
}
} else if (::strcmp(key, "DstIdBlackListSlot1NET") == 0) {
char* p = ::strtok(value, ",\r\n");
while (p != NULL) {
unsigned int id = (unsigned int)::atoi(p);
if (id > 0U)
m_dmrDstIdBlacklistSlot1NET.push_back(id);
p = ::strtok(NULL, ",\r\n");
}
} else if (::strcmp(key, "DstIdBlackListSlot2NET") == 0) {
char* p = ::strtok(value, ",\r\n");
while (p != NULL) {
unsigned int id = (unsigned int)::atoi(p);
if (id > 0U)
m_dmrDstIdBlacklistSlot2NET.push_back(id);
p = ::strtok(NULL, ",\r\n");
}
} else if (::strcmp(key, "DstIdWhiteListSlot1NET") == 0) {
char* p = ::strtok(value, ",\r\n");
while (p != NULL) {
unsigned int id = (unsigned int)::atoi(p);
if (id > 0U)
m_dmrDstIdWhitelistSlot1NET.push_back(id);
p = ::strtok(NULL, ",\r\n");
}
} else if (::strcmp(key, "DstIdWhiteListSlot2NET") == 0) {
char* p = ::strtok(value, ",\r\n");
while (p != NULL) {
unsigned int id = (unsigned int)::atoi(p);
if (id > 0U)
m_dmrDstIdWhitelistSlot2NET.push_back(id);
m_dmrWhiteList.push_back(id);
p = ::strtok(NULL, ",\r\n");
}
} else if (::strcmp(key, "TXHang") == 0)
Expand Down Expand Up @@ -867,44 +804,9 @@ std::vector<unsigned int> CConf::getDMRBlackList() const
return m_dmrBlackList;
}

std::vector<unsigned int> CConf::getDMRDstIdBlacklistSlot1RF() const
{
return m_dmrDstIdBlacklistSlot1RF;
}

std::vector<unsigned int> CConf::getDMRDstIdBlacklistSlot2RF() const
{
return m_dmrDstIdBlacklistSlot2RF;
}

std::vector<unsigned int> CConf::getDMRDstIdWhitelistSlot1RF() const
{
return m_dmrDstIdWhitelistSlot1RF;
}

std::vector<unsigned int> CConf::getDMRDstIdWhitelistSlot2RF() const
{
return m_dmrDstIdWhitelistSlot2RF;
}

std::vector<unsigned int> CConf::getDMRDstIdBlacklistSlot1NET() const
{
return m_dmrDstIdBlacklistSlot1NET;
}

std::vector<unsigned int> CConf::getDMRDstIdBlacklistSlot2NET() const
{
return m_dmrDstIdBlacklistSlot2NET;
}

std::vector<unsigned int> CConf::getDMRDstIdWhitelistSlot1NET() const
{
return m_dmrDstIdWhitelistSlot1NET;
}

std::vector<unsigned int> CConf::getDMRDstIdWhitelistSlot2NET() const
std::vector<unsigned int> CConf::getDMRWhiteList() const
{
return m_dmrDstIdWhitelistSlot2NET;
return m_dmrWhiteList;
}

unsigned int CConf::getDMRCallHang() const
Expand Down
18 changes: 2 additions & 16 deletions Conf.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,14 +100,7 @@ class CConf
bool getDMRSelfOnly() const;
std::vector<unsigned int> getDMRPrefixes() const;
std::vector<unsigned int> getDMRBlackList() const;
std::vector<unsigned int> getDMRDstIdBlacklistSlot1RF() const;
std::vector<unsigned int> getDMRDstIdBlacklistSlot2RF() const;
std::vector<unsigned int> getDMRDstIdWhitelistSlot1RF() const;
std::vector<unsigned int> getDMRDstIdWhitelistSlot2RF() const;
std::vector<unsigned int> getDMRDstIdBlacklistSlot1NET() const;
std::vector<unsigned int> getDMRDstIdBlacklistSlot2NET() const;
std::vector<unsigned int> getDMRDstIdWhitelistSlot1NET() const;
std::vector<unsigned int> getDMRDstIdWhitelistSlot2NET() const;
std::vector<unsigned int> getDMRWhiteList() const;
unsigned int getDMRCallHang() const;
unsigned int getDMRTXHang() const;

Expand Down Expand Up @@ -253,14 +246,7 @@ class CConf
bool m_dmrSelfOnly;
std::vector<unsigned int> m_dmrPrefixes;
std::vector<unsigned int> m_dmrBlackList;
std::vector<unsigned int> m_dmrDstIdBlacklistSlot1RF;
std::vector<unsigned int> m_dmrDstIdBlacklistSlot2RF;
std::vector<unsigned int> m_dmrDstIdWhitelistSlot1RF;
std::vector<unsigned int> m_dmrDstIdWhitelistSlot2RF;
std::vector<unsigned int> m_dmrDstIdBlacklistSlot1NET;
std::vector<unsigned int> m_dmrDstIdBlacklistSlot2NET;
std::vector<unsigned int> m_dmrDstIdWhitelistSlot1NET;
std::vector<unsigned int> m_dmrDstIdWhitelistSlot2NET;
std::vector<unsigned int> m_dmrWhiteList;
unsigned int m_dmrCallHang;
unsigned int m_dmrTXHang;

Expand Down
151 changes: 14 additions & 137 deletions DMRAccessControl.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,165 +20,42 @@
#include <vector>
#include <cstring>


std::vector<unsigned int> CDMRAccessControl::m_dstBlackListSlot1RF;
std::vector<unsigned int> CDMRAccessControl::m_dstBlackListSlot2RF;
std::vector<unsigned int> CDMRAccessControl::m_dstWhiteListSlot1RF;
std::vector<unsigned int> CDMRAccessControl::m_dstWhiteListSlot2RF;

std::vector<unsigned int> CDMRAccessControl::m_dstBlackListSlot1NET;
std::vector<unsigned int> CDMRAccessControl::m_dstBlackListSlot2NET;
std::vector<unsigned int> CDMRAccessControl::m_dstWhiteListSlot1NET;
std::vector<unsigned int> CDMRAccessControl::m_dstWhiteListSlot2NET;

std::vector<unsigned int> CDMRAccessControl::m_srcIdBlacklist;
std::vector<unsigned int> CDMRAccessControl::m_blackList;
std::vector<unsigned int> CDMRAccessControl::m_whiteList;

std::vector<unsigned int> CDMRAccessControl::m_prefixes;

bool CDMRAccessControl::m_selfOnly = false;

unsigned int CDMRAccessControl::m_id = 0U;

void CDMRAccessControl::init(const std::vector<unsigned int>& dstIdBlacklistSlot1RF, const std::vector<unsigned int>& dstIdWhitelistSlot1RF, const std::vector<unsigned int>& dstIdBlacklistSlot2RF, const std::vector<unsigned int>& dstIdWhitelistSlot2RF, const std::vector<unsigned int>& dstIdBlacklistSlot1NET, const std::vector<unsigned int>& dstIdWhitelistSlot1NET, const std::vector<unsigned int>& dstIdBlacklistSlot2NET, const std::vector<unsigned int>& dstIdWhitelistSlot2NET, const std::vector<unsigned int>& srcIdBlacklist, bool selfOnly, const std::vector<unsigned int>& prefixes, unsigned int id)
void CDMRAccessControl::init(const std::vector<unsigned int>& blacklist, const std::vector<unsigned int>& whitelist, bool selfOnly, const std::vector<unsigned int>& prefixes, unsigned int id)
{
m_dstBlackListSlot1RF = dstIdBlacklistSlot1RF;
m_dstWhiteListSlot1RF = dstIdWhitelistSlot1RF;
m_dstBlackListSlot2RF = dstIdBlacklistSlot2RF;
m_dstWhiteListSlot2RF = dstIdWhitelistSlot2RF;
m_dstBlackListSlot1NET = dstIdBlacklistSlot1NET;
m_dstWhiteListSlot1NET = dstIdWhitelistSlot1NET;
m_dstBlackListSlot2NET = dstIdBlacklistSlot2NET;
m_dstWhiteListSlot2NET = dstIdWhitelistSlot2NET;
m_blackList = blacklist;
m_whiteList = whitelist;
}

bool CDMRAccessControl::dstIdBlacklist(unsigned int did, unsigned int slot, bool network)
{
static std::vector<unsigned int> blacklist;

if (slot == 1U) {
if (network)
blacklist = m_dstBlackListSlot1NET;
else
blacklist = m_dstBlackListSlot1RF;
} else {
if (network)
blacklist = m_dstBlackListSlot2NET;
else
blacklist = m_dstBlackListSlot2RF;
}

return std::find(blacklist.begin(), blacklist.end(), did) != blacklist.end();
}

bool CDMRAccessControl::dstIdWhitelist(unsigned int did, unsigned int slot, bool gt4k, bool network)
{
if (network) {
if (slot == 1U) {
if (m_dstWhiteListSlot1NET.size() == 0U)
return true;

// No reflectors on slot1, so we only allow all IDs over 99999 unless specifically whitelisted.
// Allow traffic to TG0 as I think this is a special case - need to confirm
if (gt4k) {
if (std::find(m_dstWhiteListSlot1NET.begin(), m_dstWhiteListSlot1NET.end(), did) != m_dstWhiteListSlot1NET.end() || did >= 99999U || did == 0)
return true;
} else {
if (std::find(m_dstWhiteListSlot1NET.begin(), m_dstWhiteListSlot1NET.end(), did) != m_dstWhiteListSlot1NET.end() || did == 0)
return true;
}
} else {
if (m_dstWhiteListSlot2NET.size() == 0U)
return true;

// On slot2 we allow reflector control IDs, but not secondary TG IDs unless specifically listed. Also allow echo.
if (gt4k) {
if (std::find(m_dstWhiteListSlot2NET.begin(), m_dstWhiteListSlot2NET.end(), did) != m_dstWhiteListSlot2NET.end() || did == 0)
return true;
// If dstId in secondary TG range or whitelist
else if (did >= 4000) {
if (did > 5000U && did < 10000U)
return false;
else
return true;
}
} else {
if (std::find(m_dstWhiteListSlot2NET.begin(), m_dstWhiteListSlot2NET.end(), did) != m_dstWhiteListSlot2NET.end())
return true;
}
}

return false;
} else {
if (slot == 1U) {
if (m_dstWhiteListSlot1RF.size() == 0U)
return true;

// No reflectors on slot1, so we only allow all IDs over 99999 unless specifically whitelisted.
// Allow traffic to TG0 as I think this is a special case - need to confirm
if (gt4k) {
if (std::find(m_dstWhiteListSlot1RF.begin(), m_dstWhiteListSlot1RF.end(), did) != m_dstWhiteListSlot1RF.end() || did >= 99999U || did == 0)
return true;
} else {
if (std::find(m_dstWhiteListSlot1RF.begin(), m_dstWhiteListSlot1RF.end(), did) != m_dstWhiteListSlot1RF.end() || did == 0)
return true;
}
} else {
if (m_dstWhiteListSlot2RF.size() == 0U)
return true;

// On slot2 we allow reflector control IDs, but not secondary TG IDs unless specifically listed. Also allow echo.
if (gt4k) {
if (std::find(m_dstWhiteListSlot2RF.begin(), m_dstWhiteListSlot2RF.end(), did) != m_dstWhiteListSlot2RF.end() || did == 0)
return true;
// If dstId in secondary TG range or whitelist
else if (did >= 4000U) {
if (did > 5000U && did < 10000U)
return false;
else
return true;
}
} else {
if (std::find(m_dstWhiteListSlot2RF.begin(), m_dstWhiteListSlot2RF.end(), did) != m_dstWhiteListSlot2RF.end())
return true;
}
}

return false;
}
}

bool CDMRAccessControl::validateSrcId(unsigned int id)
bool CDMRAccessControl::validateId(unsigned int id)
{
if (m_selfOnly) {
return id == m_id;
} else {
if (std::find(m_srcIdBlacklist.begin(), m_srcIdBlacklist.end(), id) != m_srcIdBlacklist.end())
if (std::find(m_blackList.begin(), m_blackList.end(), id) != m_blackList.end())
return false;

unsigned int prefix = id / 10000U;
if (prefix == 0U || prefix > 999U)
return false;

if (m_prefixes.size() == 0U)
return true;
if (!m_prefixes.empty()) {
bool ret = std::find(m_prefixes.begin(), m_prefixes.end(), prefix) == m_prefixes.end();
if (!ret)
return false;
}

return std::find(m_prefixes.begin(), m_prefixes.end(), prefix) != m_prefixes.end();
}
}
if (!m_whiteList.empty())
return std::find(m_whiteList.begin(), m_whiteList.end(), id) != m_whiteList.end();

bool CDMRAccessControl::validateAccess(unsigned int src_id, unsigned int dst_id, unsigned int slot, bool network)
{
// source ID validation is only applied to RF traffic
if (!network && !CDMRAccessControl::validateSrcId(src_id)) {
LogMessage("DMR Slot %u, invalid access attempt from %u (blacklisted)", slot, src_id);
return false;
} else if (CDMRAccessControl::dstIdBlacklist(dst_id, slot, network)) {
LogMessage("DMR Slot %u, invalid access attempt to TG%u (TG blacklisted)", slot, dst_id);
return false;
} else if (!CDMRAccessControl::dstIdWhitelist(dst_id, slot, true, network)) {
LogMessage("DMR Slot %u, invalid access attempt to TG%u (TG not in whitelist)", slot, dst_id);
return false;
} else {
return true;
}
}
22 changes: 4 additions & 18 deletions DMRAccessControl.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,32 +21,18 @@

class CDMRAccessControl {
public:
static bool validateAccess(unsigned int srcId, unsigned int dstId, unsigned int slot, bool network);
static bool validateId(unsigned int id);

static bool validateSrcId(unsigned int id);

static void init(const std::vector<unsigned int>& dstIdBlacklistSlot1RF, const std::vector<unsigned int>& dstIdWhitelistSlot1RF, const std::vector<unsigned int>& dstIdBlacklistSlot2RF, const std::vector<unsigned int>& dstIdWhitelistSlot2RF, const std::vector<unsigned int>& dstIdBlacklistSlot1NET, const std::vector<unsigned int>& dstIdWhitelistSlot1NET, const std::vector<unsigned int>& dstIdBlacklistSlot2NET, const std::vector<unsigned int>& dstIdWhitelistSlot2NET, const std::vector<unsigned int>& srcIdBlacklist, bool selfOnly, const std::vector<unsigned int>& prefixes, unsigned int id);
static void init(const std::vector<unsigned int>& blacklist, const std::vector<unsigned int>& whitelist, bool selfOnly, const std::vector<unsigned int>& prefixes, unsigned int id);

private:
static std::vector<unsigned int> m_dstBlackListSlot1RF;
static std::vector<unsigned int> m_dstBlackListSlot2RF;
static std::vector<unsigned int> m_dstWhiteListSlot1RF;
static std::vector<unsigned int> m_dstWhiteListSlot2RF;

static std::vector<unsigned int> m_dstBlackListSlot1NET;
static std::vector<unsigned int> m_dstBlackListSlot2NET;
static std::vector<unsigned int> m_dstWhiteListSlot1NET;
static std::vector<unsigned int> m_dstWhiteListSlot2NET;

static std::vector<unsigned int> m_srcIdBlacklist;
static std::vector<unsigned int> m_blackList;
static std::vector<unsigned int> m_whiteList;

static std::vector<unsigned int> m_prefixes;

static bool m_selfOnly;
static unsigned int m_id;

static bool dstIdBlacklist(unsigned int did, unsigned int slot, bool network);
static bool dstIdWhitelist(unsigned int did, unsigned int slot, bool gt4k, bool network);
};

#endif
Loading

0 comments on commit 59080e1

Please sign in to comment.