Module: sip-router Branch: master Commit: 254514dfec1a72fdce4d1911db1df7e6122bec19 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=254514d… Author: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Committer: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Date: Sun Mar 28 19:24:06 2010 +0200 permissions(k): use grp 1 in allow_source_address - example used grp 0 which is not allowed - extended the note about group id value --- modules_k/permissions/README | 38 +++++++++++----------- modules_k/permissions/doc/permissions_admin.xml | 6 ++-- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/modules_k/permissions/README b/modules_k/permissions/README index 8bdcac0..3642796 100644 --- a/modules_k/permissions/README +++ b/modules_k/permissions/README @@ -277,8 +277,8 @@ Chapter 1. Admin Guide Addresses stored in cached database table can be grouped together into one or more groups specified by a group identifier (positive integer - value). Group identifier is given as argument to allow_address and - allow_source_address functions. + value, i.e., equal or greater than 1). Group identifier is given as + argument to allow_address and allow_source_address functions. As a side effect of matching the address, non-NULL tag (see tag_col module parameter) is added as value to peer_tag AVP if peer_tag_avp @@ -597,7 +597,7 @@ modparam("permissions", "peer_tag_avp", "$avp(i:707)") 4.9. allow_source_address_group() 4.10. allow_trusted([src_ip_pvar, proto_pvar]) -4.1. allow_routing() +4.1. allow_routing() Returns true if all pairs constructed as described in Section 1.1, "Call Routing" have appropriate permissions according to the @@ -613,7 +613,7 @@ if (allow_routing()) { }; ... -4.2. allow_routing(basename) +4.2. allow_routing(basename) Returns true if all pairs constructed as described in Section 1.1, "Call Routing" have appropriate permissions according to the @@ -636,7 +636,7 @@ if (allow_routing("basename")) { }; ... -4.3. allow_routing(allow_file,deny_file) +4.3. allow_routing(allow_file,deny_file) Returns true if all pairs constructed as described in Section 1.1, "Call Routing" have appropriate permissions according to the @@ -661,7 +661,7 @@ if (allow_routing("rules.allow", "rules.deny")) { }; ... -4.4. allow_register(basename) +4.4. allow_register(basename) The function returns true if all pairs constructed as described in Section 1.2, "Registration Permissions" have appropriate permissions @@ -689,7 +689,7 @@ if (method=="REGISTER") { }; ... -4.5. allow_register(allow_file, deny_file) +4.5. allow_register(allow_file, deny_file) The function returns true if all pairs constructed as described in Section 1.2, "Registration Permissions" have appropriate permissions @@ -719,7 +719,7 @@ if (method=="REGISTER") { }; ... -4.6. allow_uri(basename, pvar) +4.6. allow_uri(basename, pvar) Returns true if the pair constructed as described in Section 1.3, "URI Permissions" have appropriate permissions according to the @@ -746,7 +746,7 @@ if (allow_uri("basename", "$avp(i:705)") { // Check URI stored in $avp(i:705) }; ... -4.7. allow_address(group_id, ip_addr_pvar, port_pvar) +4.7. allow_address(group_id, ip_addr_pvar, port_pvar) Returns true if IP address and port given as values of pvar arguments belonging to a group given as group_id argument matches an IP subnet @@ -769,7 +769,7 @@ if (!allow_address("2", "$avp(i:704)", "$avp(i:705)") { }; ... -4.8. allow_source_address(group_id) +4.8. allow_source_address(group_id) Equal to allow_address(group_id, "$si", "$sp"). @@ -779,12 +779,12 @@ if (!allow_address("2", "$avp(i:704)", "$avp(i:705)") { ... // Check source address/port of request -if (!allow_source_address("0")) { +if (!allow_source_address("1")) { sl_send_reply("403", "Forbidden"); }; ... -4.9. allow_source_address_group() +4.9. allow_source_address_group() Checks if source address/port is found in cached address or subnet table in any group. If yes, returns that group. If not returns -1. Port @@ -801,7 +801,7 @@ if ($var(group) != -1) { }; ... -4.10. allow_trusted([src_ip_pvar, proto_pvar]) +4.10. allow_trusted([src_ip_pvar, proto_pvar]) Checks based either on request's source address and transport protocol or source address and transport protocol given in pvar arguments, and @@ -837,7 +837,7 @@ if (allow_trusted("$si", "$proto")) { 5.5. trusted_dump 5.6. allow_uri -5.1. address_reload +5.1. address_reload Causes permissions module to re-read the contents of address database table into cache memory. In cache memory the entries are for @@ -846,35 +846,35 @@ if (allow_trusted("$si", "$proto")) { Parameters: none -5.2. address_dump +5.2. address_dump Causes permissions module to dump contents of cache memory address table. Parameters: none -5.3. subnet_dump +5.3. subnet_dump Causes permissions module to dump contents of cache memory subnet table. Parameters: none -5.4. trusted_reload +5.4. trusted_reload Causes permissions module to re-read the contents of trusted table into cache memory. Parameters: none -5.5. trusted_dump +5.5. trusted_dump Causes permissions module to dump contents of trusted table from cache memory. Parameters: none -5.6. allow_uri +5.6. allow_uri Tests if (URI, Contact) pair is allowed according to allow/deny files. The files must already have been loaded by Kamailio. diff --git a/modules_k/permissions/doc/permissions_admin.xml b/modules_k/permissions/doc/permissions_admin.xml index 56612a4..b6e878e 100644 --- a/modules_k/permissions/doc/permissions_admin.xml +++ b/modules_k/permissions/doc/permissions_admin.xml @@ -179,8 +179,8 @@ <para> Addresses stored in cached database table can be grouped together into one or more groups specified by a group - identifier (positive integer value). Group - identifier is given as argument to allow_address and + identifier (positive integer value, i.e., equal or greater than 1). + Group identifier is given as argument to allow_address and allow_source_address functions. </para> <para> @@ -969,7 +969,7 @@ if (!allow_address("2", "$avp(i:704)", "$avp(i:705)") { ... // Check source address/port of request -if (!allow_source_address("0")) { +if (!allow_source_address("1")) { sl_send_reply("403", "Forbidden"); }; ...