Module: sip-router Branch: master Commit: 31880a46d7f634b568cc192bec6db3d969e738ef URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=31880a46...
Author: Klaus Darilion klaus.mailinglists@pernau.at Committer: Klaus Darilion klaus.mailinglists@pernau.at Date: Tue May 21 12:39:15 2013 +0000
modules/auth_db: detailed documentation of URI checking in auth_check function
---
modules/auth_db/README | 15 +++++++++++---- modules/auth_db/doc/auth_db_admin.xml | 12 +++++++++--- 2 files changed, 20 insertions(+), 7 deletions(-)
diff --git a/modules/auth_db/README b/modules/auth_db/README index 55de782..7bcc6f4 100644 --- a/modules/auth_db/README +++ b/modules/auth_db/README @@ -154,7 +154,7 @@ Chapter 1. Admin Guide For dbtext module (which stores data in plaintext files) it is directory in which the database resides.
- Default value is “mysql://openserro:openserro@localhost/openser”. + Default value is “mysql://kamailioro:kamailioro@localhost/kamailio”.
Example 1.1. db_url parameter usage ... @@ -399,7 +399,8 @@ if (!proxy_authorize("$fd", "subscriber)) { REGISTER, the second for the rest.
In addition, a matter of flags parameter value, the function checks if - authentication username matches From/To header username. + authentication username matches From/To header username, and + Request-URI in case of PUBLISH.
Meaning of the parameters is as follows: * realm - Realm is a opaque string that the user agent should present @@ -413,8 +414,14 @@ if (!proxy_authorize("$fd", "subscriber)) { The string may contain pseudo variables. * flags - set of flags to control the behaviour of the function. If it is 1, then the function will check to see if the authentication - username matches either To or From header username, a matter of - whether it is for a REGISTER request or not.. + username matches either To or From header username. REGISTER + requests: From and To must match the authentication user. PUBLISH + requests: From, To and Request-URI must match the authentication + user. All other requests: From header must match the authentication + user. + Additionally all domains in the checked URIs and the realm in the + authentication header will be checked to match the provided realm + parameter. The string may contain pseudo variables.
This function can be used from REQUEST_ROUTE. diff --git a/modules/auth_db/doc/auth_db_admin.xml b/modules/auth_db/doc/auth_db_admin.xml index eac0351..999c3cf 100644 --- a/modules/auth_db/doc/auth_db_admin.xml +++ b/modules/auth_db/doc/auth_db_admin.xml @@ -477,7 +477,7 @@ if (!proxy_authorize("$fd", "subscriber)) { <para> In addition, a matter of <emphasis>flags</emphasis> parameter value, the function checks if authentication username matches From/To header - username. + username, and Request-URI in case of PUBLISH. </para> <para>Meaning of the parameters is as follows:</para> <itemizedlist> @@ -508,8 +508,14 @@ if (!proxy_authorize("$fd", "subscriber)) { <para><emphasis>flags</emphasis> - set of flags to control the behaviour of the function. If it is 1, then the function will check to see if the authentication username matches either To or - From header username, a matter of whether it is for a REGISTER - request or not.. + From header username. REGISTER requests: From and To must match the + authentication user. PUBLISH requests: From, To and Request-URI must + match the authentication user. All other requests: From header must + match the authentication user. + </para> + <para> + Additionally all domains in the checked URIs and the realm in the + authentication header will be checked to match the provided realm parameter. </para> <para> The string may contain pseudo variables.