sr-dev October 2009

sr-dev@lists.kamailio.org

30 participants
468 discussions

by Olle E. Johansson

Module: sip-router Branch: master Commit: bf33ef069bb4a6bae03d4fff101cb993757428b0 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=bf33ef0… Author: oej <oej(a)edvina.net> Committer: oej <oej(a)edvina.net> Date: Sat Oct 10 17:51:30 2009 +0200 Add Juha's clarification --- README-MODULES | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diff --git a/README-MODULES b/README-MODULES index 358ada1..c61cfdc 100644 --- a/README-MODULES +++ b/README-MODULES @@ -12,7 +12,9 @@ provide some modules in two versions, which means that we have three set of modu - modules_s: SER modules All modules are compatible with the core, so regardless if you are a new user or -an existing, you are free to make a choice between the three sets. +an existing, you are free to make a choice between the three sets as well as +mix and match between them. + Note that if you are currently using one product, you want to select the module that exists in the K/S directories first to get a smooth upgrade path.

15 years, 1 month

doc/ser-radius.xml

by Olle E. Johansson

<simpara> If you need RADIUS accounting then edit also sip_router/ modules/acc/Makefile and uncomment lines containing: </simpara> <programlisting> DEFS+=-DRAD_ACC LIBS=-L$(LOCALBASE)/lib -lradiusclient </programlisting> What's the current status? I think that it would be good that someone who knows the status cleans up this file... It seems old. We have the following modules now: drwxr-xr-x 13 olle wheel 442 10 Okt 13:32 modules/auth_radius drwxr-xr-x 11 olle wheel 374 10 Okt 13:32 modules/misc_radius drwxr-xr-x 4 olle wheel 136 10 Okt 16:58 modules_s/acc_radius The document mentions group_radius.so which I can't find... Made a few small changes in the file, but not enough for release. /O

15 years, 1 month

git:master: Updating xml doc

by Olle E. Johansson

Module: sip-router Branch: master Commit: fc5840716b51d7817be52cefb203d96c380c35d0 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=fc58407… Author: oej <oej(a)edvina.net> Committer: oej <oej(a)edvina.net> Date: Sat Oct 10 17:13:24 2009 +0200 Updating xml doc --- doc/ser_radius/ser_radius.xml | 68 ++++++++++++++++++----------------------- 1 files changed, 30 insertions(+), 38 deletions(-) diff --git a/doc/ser_radius/ser_radius.xml b/doc/ser_radius/ser_radius.xml index d2bfb30..2b3e04c 100644 --- a/doc/ser_radius/ser_radius.xml +++ b/doc/ser_radius/ser_radius.xml @@ -1,6 +1,12 @@ <?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" - "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN" +"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [ + + +<!ENTITY % docentities SYSTEM "../../docbook/entities.xml"> +%docentities; + +]> <section id="ser_radius" xmlns:xi="http://www.w3.org/2001/XInclude"> <sectioninfo> @@ -23,19 +29,19 @@ </revhistory> </sectioninfo> - <title>SER RADIUS Howto</title> + <title>SIP-router RADIUS Howto</title> <section id="radius_intro"> <title>Introduction</title> <simpara> - SER can be configured to use RADIUS server for authentication, + SIP-router can be configured to use RADIUS server for authentication, accounting, and group membership checking. Since configuration of RADIUS seems to be a common source of problems, we decided to put together this HOWTO. </simpara> <simpara> The HOWTO covers installation and configuration of FreeRADIUS - server only. There are also other RADIUS servers available and as + server only. There are other RADIUS servers available and as long as they support digest authentication, they should work too. Any volunteers willing to describe setup of other RADIUS servers are encouraged to contact the author. @@ -44,7 +50,7 @@ <section id="prerequisities"> <title>Prerequisites</title> <simpara> - To setup RADIUS support in SER you will need the following: + To setup RADIUS support in SIP-router you will need the following: </simpara> <itemizedlist> <listitem> @@ -66,13 +72,13 @@ </listitem> <listitem> <simpara> - SER, get it from <ulink url="http://iptel.org/ser">http://iptel.org/ser</ulink> + SIP-router, get it from <ulink url="&serhome;">&serhome;</ulink> </simpara> </listitem> <listitem> <simpara> You should also have some experience in configuring - SER. Before you enable RADIUS authentication or + SIP-router. Before you enable RADIUS authentication or accounting make sure that the basic server is running and that you know how to customize it to your taste. </simpara> @@ -80,13 +86,13 @@ <listitem> <simpara> If you want to use RADIUS accounting then you will have - to compile SER from sources so you should know how to + to compile SIP-router from sources so you should know how to do it. </simpara> </listitem> </itemizedlist> <simpara> - Various unix/linux distributions might include binary packages + Various Unix/Linux distributions might include binary packages of the mentioned applications. In that case you can safely use the packages, there shouldn't be any problem. Location of some files may be different, though. We will describe how to install @@ -192,7 +198,7 @@ acctserver localhost <simpara> Radiusclient library contains file called <filename>dictionary.ser</filename>. That file includes all the - attributes that are needed by SER. Include the file in the + attributes that are needed by SIP-router. Include the file in the main <filename>dictionary</filename> file. To include the file, put the following line at the end of <filename>dictionary</filename> file: @@ -376,7 +382,7 @@ root@/usr/local/src# radclient -f digest localhost auth <shared_secret> package. That also means that you have to enable access from localhost in your <filename>clients.conf</filename> file. Don't forget to replace <shared_secret> with - the shared secret configured for locahost clients in + the shared secret configured for localhost clients in <filename>clients.conf</filename>. </simpara> </note> @@ -392,18 +398,18 @@ Received response ID 224, code 2, length = 45 <section id="auth_configuration"> <title>Authentication Configuration</title> <simpara> - To create user "joe" in domain "iptel.org" with password + To create user "joe" in domain "sip-router.org" with password "heslo" put the following into file <filename>/usr/local/etc/raddb/users</filename>: </simpara> <programlisting> -joe(a)iptel.org Auth-Type := Digest, User-Password == "heslo" +joe(a)sip-router.org Auth-Type := Digest, User-Password == "heslo" Reply-Message = "Authenticated", Sip-Rpid = "1234" </programlisting> <simpara> Attribute "Sip-Rpid" is optional. The attribute - contains a phone number associated to the user. SER can be + contains a phone number associated to the user. SIP-router can be configured to put the phone number into Remote-Party-ID header field of the SIP message. The header field can be then used by PSTN gateways to display the number as the number of the @@ -415,7 +421,7 @@ joe(a)iptel.org Auth-Type := Digest, User-Password == "heslo" <section id="accounting_configuration_server"> <title>Accounting Configuration</title> <simpara> - By default FreeRADIUS server will log all accounting requests + By default the FreeRADIUS server will log all accounting requests into <filename>/usr/local/var/log/radius/radacct</filename> directory in form of plain text files. The server will create one file for each hostname in the directory. The @@ -470,43 +476,29 @@ Tue Jun 24 00:20:56 2003 <section id="group_checking"> <title>Group Checking Configuration</title> <simpara> - If you want to make user "joe" in domain "iptel.org" member of + If you want to make user "joe" in domain "sip-router.org" member of group "pstn" then add the following to your <filename>/usr/local/etc/raddb/users</filename> file: </simpara> <programlisting> -joe(a)iptel.org Sip-Group == "pstn", Auth-Type := Accept +joe(a)sip-router.org Sip-Group == "pstn", Auth-Type := Accept Reply-Message = "Authorized" </programlisting> </section> </section> <section id="ser_config"> - <title>SER Configuration</title> + <title>SIP-router Configuration</title> <simpara> We will describe installation from sources here. If you use binary packages then there is an additional package containing RADIUS related modules. You will need to install the package. </simpara> - <warning> - <simpara> - Due to a mistake the binary packages for RADIUS do not include - RADIUS-enabled version of acc (accounting) module. The packages - contain modules for RADIUS authentication and group membership - checking only. - </simpara> - <simpara> - If you need accounting over RADIUS then you will have to - compile RADIUS-enabled version of acc module from the - sources. This will be fixed in one of future releases, we - apologize for any inconvenience. - </simpara> - </warning> <simpara> RADIUS-related modules are not compiled by default. To compile them, edit <filename>Makefile</filename>, find variable <varname>exclude_modules</varname> and you should see - "auth_radius", "group_radius", and "uri_radius" among excluded + "auth_radius", "acc_radius", and "misc_radius" among excluded modules. Simply remove the three modules from the list. </simpara> <simpara> @@ -518,7 +510,7 @@ DEFS+=-DRAD_ACC LIBS=-L$(LOCALBASE)/lib -lradiusclient </programlisting> <simpara> - Then recompile and re-install SER: + Then recompile and re-install SIP-router: </simpara> <screen> root@localhost:/usr/local/src/sip_router# make proper @@ -529,7 +521,7 @@ root@localhost:/usr/local/src/sip_router# make install <section id="auth_configuration_client"> <title>Authentication Configuration</title> <simpara> - Edit configuration file of SER and instead of + Edit configuration file of SIP-router and instead of <filename>auth_db.so</filename> load <filename>auth_radius.so</filename> and also replace <function>www_authorize</function> with @@ -574,8 +566,8 @@ root@localhost:/usr/local/src/sip_router# make install <qandaentry> <question> <simpara> - I compiled SER RADIUS modules and installed - radiusclient library, but when I try to start ser I get + I compiled SIP-router RADIUS modules and installed + radiusclient library, but when I try to start the server I get the following error message: </simpara> <programlisting>

15 years, 1 month

git:master: Typos, server name

by Olle E. Johansson

Module: sip-router Branch: master Commit: 95ec00f6ddc3b8e5b8059b1dce0d1f4c8ae29064 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=95ec00f… Author: oej <oej(a)edvina.net> Committer: oej <oej(a)edvina.net> Date: Sat Oct 10 16:48:02 2009 +0200 Typos, server name --- doc/dst_blacklist.txt | 66 ++++++++++++++++++++++++++----------------------- 1 files changed, 35 insertions(+), 31 deletions(-) diff --git a/doc/dst_blacklist.txt b/doc/dst_blacklist.txt index 8130ff4..93e914f 100644 --- a/doc/dst_blacklist.txt +++ b/doc/dst_blacklist.txt @@ -6,67 +6,71 @@ # Overview +-------- The destination blacklist (dst_blacklist) is used to try to mark bad - destination and avoid possible future expensive send operation to them. - A destination is added to the blacklist when trying to send to it fails (e.g. - timeout while trying to send or connect on tcp), or when a sip timeout occurs - while trying to forward statefully an invite (using tm) and the remote side + destinations and avoid possible future expensive send operation to them. + A destination is added to the blacklist when an attempt to send to it fails (e.g. + timeout while trying to send or connect on TCP), or when a SIP timeout occurs + while trying to forward statefully an INVITE (using tm) and the remote side doesn't send back any response. - The blacklist (if enabled) is checked before any send attempt. + The blacklist (if enabled) is checked before any send attempt. Drawbacks - +--------- Using the destination blacklist will cause some performance degradation, especially on multi cpu machines. If you don't need it you can easily - disable it, either in ser's config or at compile time. Disabling it at - compile time is slightly better (but not in a "measurable" way) then - disabling it at runtime, from the config file. - Whether the destination blacklist is better to be on or off depends a lot - on the setup. In general is better to turn it on when: - - sending to clients that don't respond is expensive (e.g. lots of clients - use tcp and they have the habit of silently discarding tcp traffic from time - to time) - - statefull forwarding is used (tm) and lower memory usage is desired - (a transaction will fail immediately if the destination is already - blacklisted by a previous transaction to the same destination that failed - due to timeout) - - faster dns failover is desired, especially when statefull forwarding (tm) - and udp are used - - better chances of DOS survival are important + disable it, either in sip-router's config or at compile time. Disabling it at + compile time is slightly better (but not in a "measurable" way) than + disabling it at runtime, from the config file. + Whether the destination blacklist is a good solution for you depends a lot + on the setup. In general it is better to turn it on when: + - sending to clients that don't respond is expensive (e.g. lots of clients + use tcp and they have the habit of silently discarding tcp traffic from time + to time) + - stateful forwarding is used (tm) and lower memory usage is desired + (a transaction will fail immediately if the destination is already + blacklisted by a previous transaction to the same destination that failed + due to timeout) + - faster dns failover is desired, especially when stateful forwarding (tm) + and UDP are used + - better chances of DOS attack survival are important Config Variables +---------------- use_dst_blacklist = on | off (default off) - enable the destination blacklist: - if on each failed send attempt will cause the destination to be blacklisted. - Before any send this blacklist will be checked and if a match is found the + If on each failed send attempt will cause the destination to be blacklisted. + Before any send operation this blacklist will be checked and if a match is found the send is no longer attempted (an error is returned immediately). Note: using the blacklist incurs a small performance penalty. dst_blacklist_mem = size in Kb (default 250 Kb) - maximum shared memory amount used for keeping the blacklisted destinations. - dst_blacklist_expire = time in s (default 60 s) - how much time a + dst_blacklist_expire = time in s (default 60 s) - how long time a blacklisted destination will be kept in the blacklist (w/o any update). dst_blacklist_gc_interval = time in s (default 60 s) - how often the garbage collection will run (eliminating old, expired entries). dst_blacklist_init = on | off (default on) - if off, the blacklist - is not initialized at startup and cannot be enabled runtime, - that saves some memory. + is not initialized at startup and cannot be enabled at runtime, + which saves some memory. -Compile Options +Compile Time Options +-------------------- USE_DST_BLACKLIST - if defined the blacklist support will be compiled-in (default). - Note: To remove a compile options, edit ser's Makefile.defs and remove it - form DEFS list. To add a compile options add it to the make command line, + Note: To remove a compile time option, edit the file Makefile.defs and remove + USE_DST_BLACKLIST from the list named DEFS. + To add a compile time option, just add it to the make command line, e.g.: make proper; make all extra_defs=-DUSE_DNS_FAILOVER - or for a permanent solution, edit Makefile.defs and add it to DEFS - (don't forget to prefix it with -D). + or for a permanent solution, edit Makefile.defs and add it to DEFS + (don't forget to prefix it with -D).

15 years, 1 month

/tmp/ser_ctl (CTL module)

by Olle E. Johansson

Should we rename this file? /tmp/sr_ctl /tmp/siprouter.ctl /tmp/sip-router.ctl The more descriptive it is, the better. /O

15 years, 1 month

git:master: Adding license to the doxygen documentation

by Olle E. Johansson

Module: sip-router Branch: master Commit: cc68f171deae22a3a6b65e7146e77955c1c7d3c8 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=cc68f17… Author: oej <oej(a)edvina.net> Committer: oej <oej(a)edvina.net> Date: Sat Oct 10 16:37:45 2009 +0200 Adding license to the doxygen documentation --- doc/doxygen/main.dox | 20 ++++++++++++++++++++ main.c | 12 +++--------- 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/doc/doxygen/main.dox b/doc/doxygen/main.dox index 924323d..a59cc15 100644 --- a/doc/doxygen/main.dox +++ b/doc/doxygen/main.dox @@ -11,4 +11,24 @@ * are used by all SIP Router modules that need to access a database. * * \section sr_modules SIP Router Modules + * Please click on the "modules" tab above for more information about the modules + * + * The documentation can be generated using doxygen by running "make doxygen" + * + * \section License SIP-router license + * SIP-router is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version + * + * SIP-router is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * */ + diff --git a/main.c b/main.c index aa3a6d6..b50a75b 100644 --- a/main.c +++ b/main.c @@ -3,19 +3,14 @@ * * Copyright (C) 2001-2003 FhG Fokus * - * This file is part of ser, a free SIP server. + * This file is part of SIP-router, a free SIP server. * - * ser is free software; you can redistribute it and/or modify + * SIP-router is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version * - * For a license to use the ser software under conditions - * other than those described here, or to purchase support for this - * software, please contact iptel.org by e-mail at the following addresses: - * info(a)iptel.org - * - * ser is distributed in the hope that it will be useful, + * SIP-router is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. @@ -94,7 +89,6 @@ * */ - #include <stdio.h> #include <stdlib.h> #include <errno.h>

15 years, 1 month

Doxygen and license templates

by Olle E. Johansson

For developer documentation and license templates, I suggest we decide to use "sip-router" as a name always. In my personal eyes, Kamailio and SER will be distributions of SIP-router, but the source will be sip-router. User documentation needs the distribution name, but that is something we need to fix after we branch out in all possible distributions, including the hitherto secret Edvina Megaproxy and Asipto 3S - SuperSipServer - distributions ;-) Anyone against this policy in regards to all source code and doxygen? /O

15 years, 1 month

git:master: Copying doxygen generation from Kamailo' s makefile so that we include version number

by Olle E. Johansson

Module: sip-router Branch: master Commit: 0134586c57c8422977a49b6d299f0d216de57559 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=0134586… Author: oej <oej(a)edvina.net> Committer: oej <oej(a)edvina.net> Date: Sat Oct 10 16:28:49 2009 +0200 Copying doxygen generation from Kamailo's makefile so that we include version number of the software in the doxygen documentation. --- Makefile.rules | 8 ++++++-- 1 files changed, 6 insertions(+), 2 deletions(-) diff --git a/Makefile.rules b/Makefile.rules index 512f828..8e81150 100644 --- a/Makefile.rules +++ b/Makefile.rules @@ -276,8 +276,12 @@ clean-tmp: .PHONY: doxygen doxygen: -@mkdir -p $(doxygen_dir) - doxygen ./$(COREPATH)/doc/doxygen/ser.doxygen - + -@echo "Create Doxygen documentation" + # disable call graphes, because of the DOT dependencies + (cat ./$(COREPATH)/doc/doxygen/ser.doxygen; \ + echo "HAVE_DOT=no" ;\ + echo "PROJECT_NUMBER=$(NAME)-$(RELEASE)" )| doxygen - + -@echo "Doxygen documentation created" .PHONY: clean_doxygen clean_doxygen:

15 years, 1 month

git:master: Adding doxygen headers for grouping

by Olle E. Johansson

Module: sip-router Branch: master Commit: ef9db65914d1a5a6a29b0955901462bfe7472ed8 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=ef9db65… Author: oej <oej(a)edvina.net> Committer: oej <oej(a)edvina.net> Date: Sat Oct 10 16:22:41 2009 +0200 Adding doxygen headers for grouping --- modules/utils/conf.c | 8 ++++++++ modules/utils/conf.h | 7 +++++++ modules/utils/functions.c | 7 +++++++ modules/utils/functions.h | 7 +++++++ modules/utils/pidf.c | 4 ++-- modules/utils/pidf.h | 5 ++--- modules/utils/utils.c | 11 +++++++++++ modules/utils/utils.h | 8 ++++++++ modules/utils/xcap_auth.c | 7 +++++++ modules/utils/xcap_auth.h | 7 +++++++ 10 files changed, 66 insertions(+), 5 deletions(-) diff --git a/modules/utils/conf.c b/modules/utils/conf.c index cb4380d..db970e9 100644 --- a/modules/utils/conf.c +++ b/modules/utils/conf.c @@ -20,6 +20,14 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +/*! + * \file + * \brief SIP-router utils :: + * \ingroup utils + * Module: \ref utils + */ + + #include "conf.h" #include "../../mem/mem.h" diff --git a/modules/utils/conf.h b/modules/utils/conf.h index 4d5e769..fd9874b 100644 --- a/modules/utils/conf.h +++ b/modules/utils/conf.h @@ -20,6 +20,13 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +/*! + * \file + * \brief SIP-router utils :: + * \ingroup utils + * Module: \ref utils + */ + #ifndef CONF_H #define CONF_H diff --git a/modules/utils/functions.c b/modules/utils/functions.c index 10cf61c..aadfdd5 100644 --- a/modules/utils/functions.c +++ b/modules/utils/functions.c @@ -21,6 +21,13 @@ * */ +/*! + * \file + * \brief SIP-router utils :: + * \ingroup utils + * Module: \ref utils + */ + #include <curl/curl.h> diff --git a/modules/utils/functions.h b/modules/utils/functions.h index a2801ae..5e666f9 100644 --- a/modules/utils/functions.h +++ b/modules/utils/functions.h @@ -21,6 +21,13 @@ * */ +/*! + * \file + * \brief SIP-router utils :: + * \ingroup utils + * Module: \ref utils + */ + #ifndef UTILS_FUNCTIONS_H #define UTILS_FUNCTIONS_H diff --git a/modules/utils/pidf.c b/modules/utils/pidf.c index b08b0da..4b308b6 100644 --- a/modules/utils/pidf.c +++ b/modules/utils/pidf.c @@ -27,8 +27,8 @@ */ /*! \file - * \brief Kamailio Presence_XML :: PIDF handling - * \ingroup presence_xml + * \brief SIP-router :: PIDF handling + * \ingroup utils */ /** diff --git a/modules/utils/pidf.h b/modules/utils/pidf.h index 316ac39..fc40fb6 100644 --- a/modules/utils/pidf.h +++ b/modules/utils/pidf.h @@ -27,9 +27,8 @@ */ /*! \file - * \brief Kamailio Presence_XML :: PIDF handling - * \ref pidf.c - * \ingroup presence_xml + * \brief SIP-router utils :: PIDF handling + * \ingroup utils */ diff --git a/modules/utils/utils.c b/modules/utils/utils.c index fe99c3b..86f71ea 100644 --- a/modules/utils/utils.c +++ b/modules/utils/utils.c @@ -26,6 +26,17 @@ * */ +/*! \file + * \brief SIP-router utils :: Module core + * \ingroup utils + */ + +/*! \defgroup Utils SIP-router :: Various utilities + * + */ + + + #include <curl/curl.h> diff --git a/modules/utils/utils.h b/modules/utils/utils.h index d8b5afd..ddbc427 100644 --- a/modules/utils/utils.h +++ b/modules/utils/utils.h @@ -21,6 +21,14 @@ * */ +/*! + * \file + * \brief SIP-router utils :: Core + * \ingroup utils + * Module: \ref utils + */ + + #ifndef UTILS_H #define UTILS_H diff --git a/modules/utils/xcap_auth.c b/modules/utils/xcap_auth.c index 1815b07..a262684 100644 --- a/modules/utils/xcap_auth.c +++ b/modules/utils/xcap_auth.c @@ -27,6 +27,13 @@ * 2009-06-03 util version (jh) */ +/*! + * \file + * \brief SIP-router utils :: + * \ingroup utils + * Module: \ref utils + */ + #include <stdio.h> #include <stdlib.h> #include <string.h> diff --git a/modules/utils/xcap_auth.h b/modules/utils/xcap_auth.h index b6fa86a..029449d 100644 --- a/modules/utils/xcap_auth.h +++ b/modules/utils/xcap_auth.h @@ -22,6 +22,13 @@ */ +/*! + * \file + * \brief SIP-router utils :: + * \ingroup utils + * Module: \ref utils + */ + #ifndef XCAP_AUTH_FUNCTIONS_H #define XCAP_AUTH_FUNCTIONS_H

15 years, 1 month

git:master: Typos, formatting

by Olle E. Johansson

Module: sip-router Branch: master Commit: 0536bbc8739a46a5b67f37519e03881d5bf07684 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=0536bbc… Author: oej <oej(a)edvina.net> Committer: oej <oej(a)edvina.net> Date: Sat Oct 10 16:13:46 2009 +0200 Typos, formatting --- modules/auth_identity/README | 47 ++++++++++++++------------- modules/auth_identity/doc/auth_identity.xml | 22 ++++++------ 2 files changed, 35 insertions(+), 34 deletions(-) diff --git a/modules/auth_identity/README b/modules/auth_identity/README index 70deb13..592f0aa 100644 --- a/modules/auth_identity/README +++ b/modules/auth_identity/README @@ -1,4 +1,4 @@ -1. Auth Identity Module +1. SIP Authenticated Identity Module Gergely Kovacs @@ -70,7 +70,7 @@ Gergely Kovacs * verifier - verifies an authorized message Known limitations in this version: - * authorizer and verifier support only SIP requests except for CANCEL + * authorizer and verifier support all SIP requests except for CANCEL and REGISTER * verifier does not support the subjectAltName extension of certificates @@ -83,17 +83,17 @@ Gergely Kovacs This module needs the following headers and libraries: * OpenSSL (version 0.9.8 or higher) for cryptographic functions - * libcURL for HTTP, HTTPS functions + * libcurl for HTTP, HTTPS functions If you'd like to use TLS module too then use the corresponding LIB line in auth_identity's Makefile 1.4. Installation And Running - Authorizer service needs an opportunity to make the public key, which - conveyed in a certificate, available over HTTPS or HTTP for verifiers. - The domain the authorizer is responsible for and the domain part of the - URL of the certificate must be the same. This service needs its private + the Authorizer service needs to make the public key, which conveyed in + a certificate, available over HTTPS or HTTP for verifiers. The domain + the authorizer is responsible for and the domain part of the URL of the + certificate must be the same. This service needs access to the private key too. 1.5. Authorizer service parameters @@ -150,26 +150,27 @@ modparam("auth_identity","msg_timeout",600) 1.6. Authorizer service functions -1.6.1. auth_date_proc() +1.6.1. auth_date_proc() If a message, the auth service should authorize, contains Date header then this function checks whether it falls in message timeout (set by - msg_timeout parameter). If there is not any Date header then adds one. - This function also checks whether the certificate of auth service (set - by certificate_path parameter) has not been expired. + msg_timeout parameter). If there is not any Date header then the module + adds one. This function also checks whether the certificate of the + authentication service (set by certificate_path parameter) has been + expired. 1.6.1.1. Dependencies No dependencies -1.6.2. auth_add_identity() +1.6.2. auth_add_identity() Assembles digest-string from the message, calculates its SHA1 hash, - encrypt it with the private key (set by privatekey_path parameter) of - authorizer service, base64 encodes it and adds to the outgoing message - as the value of Identity header. This function also adds Identity-Info - header which contains an URI (set by certificate_url parameter) from - which the certificate of auth service can be acquired. + encrypts it with the private key (set by privatekey_path parameter) of + the authorizer service, base64 encodes it and adds to the outgoing + message as the value of Identity header. This function also adds + Identity-Info header which contains an URI (set by certificate_url + parameter) from which the certificate of auth service can be acquired. Note: this function needs the final outgoing message for authorization, so no module may modify any digest string related headers (From, To, @@ -270,7 +271,7 @@ modparam("auth_identity","certificate_cache_limit",4096) A file of trusted certificates. The file should contain multiple certificates in PEM format concatenated together. It could be useful - for verifying a certificate not signed by a trusted CA. + for verifying a certificate signed by a private CA. This parameter is optional. It has not got default value. @@ -292,7 +293,7 @@ modparam("auth_identity","accept_pem_certs",1) 1.9. Verifier service functions -1.9.1. vrfy_check_date() +1.9.1. vrfy_check_date() Checks Date header of the incoming message whether falls in validity time (set by auth_validity_time parameter) @@ -301,7 +302,7 @@ modparam("auth_identity","accept_pem_certs",1) No dependencies -1.9.2. vrfy_get_certificate() +1.9.2. vrfy_get_certificate() Tries to get certificate defined by the value of Identity-info header from certificate table (which size is set by certificate_cache_limit @@ -312,7 +313,7 @@ modparam("auth_identity","accept_pem_certs",1) No dependencies -1.9.3. vrfy_check_certificate() +1.9.3. vrfy_check_certificate() Checks whether the downloaded certificate is valid (is not expired, its subject and the domain part of the URL are the same) and adds it to @@ -322,7 +323,7 @@ modparam("auth_identity","accept_pem_certs",1) vrfy_get_certificate() must be called before -1.9.4. vrfy_check_msgvalidity() +1.9.4. vrfy_check_msgvalidity() Assembles digest-string from the message, create SHA1 hash and compares it with the decrypted value of Identity header. @@ -332,7 +333,7 @@ modparam("auth_identity","accept_pem_certs",1) vrfy_get_certificate() must be called before and vrfy_check_certificate() should be called before -1.9.5. vrfy_check_callid() +1.9.5. vrfy_check_callid() Checks whether the current call's been already processed in validity time (set by auth_validity_time) to recognize call replay attacks. If diff --git a/modules/auth_identity/doc/auth_identity.xml b/modules/auth_identity/doc/auth_identity.xml index c473752..a47f5db 100644 --- a/modules/auth_identity/doc/auth_identity.xml +++ b/modules/auth_identity/doc/auth_identity.xml @@ -20,7 +20,7 @@ </copyright> </sectioninfo> - <title>Auth Identity Module</title> + <title>SIP Authenticated Identity Module</title> <section> <title>Overview</title> @@ -47,7 +47,7 @@ <itemizedlist> <listitem> <para> - authorizer and verifier support only SIP requests except for + authorizer and verifier support all SIP requests except for <emphasis>CANCEL</emphasis> and <emphasis>REGISTER</emphasis> </para> </listitem> @@ -79,7 +79,7 @@ </listitem> <listitem> <para> - <emphasis>libcURL</emphasis> for HTTP, HTTPS functions + <emphasis>libcurl</emphasis> for HTTP, HTTPS functions </para> </listitem> </itemizedlist> @@ -91,11 +91,11 @@ <section id="auth_identity.install_and_run"> <title>Installation And Running</title> <para> - <emphasis>Authorizer</emphasis> service needs an opportunity to make the public key, + the <emphasis>Authorizer</emphasis> service needs to make the public key, which conveyed in a certificate, available over HTTPS or HTTP for verifiers. The domain the authorizer is responsible for and the domain part of the URL of the certificate must be the same. This - service needs its private key too. + service needs access to the private key too. </para> </section> @@ -197,9 +197,9 @@ modparam("auth_identity","msg_timeout",600) If a message, the auth service should authorize, contains Date header then this function checks whether it falls in message timeout (set by <emphasis>msg_timeout</emphasis> parameter). If there is not any Date - header then adds one. This function also checks whether the certificate - of auth service (set by <emphasis>certificate_path</emphasis> parameter) - has not been expired. + header then the module adds one. This function also checks whether the certificate + of the authentication service (set by <emphasis>certificate_path</emphasis> parameter) + has been expired. </para> <section> <title>Dependencies</title> @@ -215,8 +215,8 @@ modparam("auth_identity","msg_timeout",600) </title> <para> Assembles digest-string from the message, calculates its SHA1 hash, - encrypt it with the private key (set by <emphasis>privatekey_path</emphasis> - parameter) of authorizer service, base64 encodes it and adds to the + encrypts it with the private key (set by <emphasis>privatekey_path</emphasis> + parameter) of the authorizer service, base64 encodes it and adds to the outgoing message as the value of <emphasis>Identity</emphasis> header. This function also adds Identity-Info header which contains an URI (set by <emphasis>certificate_url</emphasis> parameter) from which @@ -362,7 +362,7 @@ modparam("auth_identity","certificate_cache_limit",4096) <para> A file of trusted certificates. The file should contain multiple certificates in PEM format concatenated together. It could be useful - for verifying a certificate not signed by a trusted CA. + for verifying a certificate signed by a private CA. </para> <para> This parameter is optional. It has not got default value.

15 years, 1 month

← Newer
1
...
29
30
31
32
33
34
35
...
47
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev October 2009