[sr-dev] git:master: modules/auth_db: detailed documentation of URI checking in auth_check function
Klaus Darilion
klaus.mailinglists at pernau.at
Tue May 21 14:41:46 CEST 2013
Module: sip-router
Branch: master
Commit: 31880a46d7f634b568cc192bec6db3d969e738ef
URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=31880a46d7f634b568cc192bec6db3d969e738ef
Author: Klaus Darilion <klaus.mailinglists at pernau.at>
Committer: Klaus Darilion <klaus.mailinglists at pernau.at>
Date: Tue May 21 12:39:15 2013 +0000
modules/auth_db: detailed documentation of URI checking in auth_check function
---
modules/auth_db/README | 15 +++++++++++----
modules/auth_db/doc/auth_db_admin.xml | 12 +++++++++---
2 files changed, 20 insertions(+), 7 deletions(-)
diff --git a/modules/auth_db/README b/modules/auth_db/README
index 55de782..7bcc6f4 100644
--- a/modules/auth_db/README
+++ b/modules/auth_db/README
@@ -154,7 +154,7 @@ Chapter 1. Admin Guide
For dbtext module (which stores data in plaintext files) it is
directory in which the database resides.
- Default value is “mysql://openserro:openserro@localhost/openser”.
+ Default value is “mysql://kamailioro:kamailioro@localhost/kamailio”.
Example 1.1. db_url parameter usage
...
@@ -399,7 +399,8 @@ if (!proxy_authorize("$fd", "subscriber)) {
REGISTER, the second for the rest.
In addition, a matter of flags parameter value, the function checks if
- authentication username matches From/To header username.
+ authentication username matches From/To header username, and
+ Request-URI in case of PUBLISH.
Meaning of the parameters is as follows:
* realm - Realm is a opaque string that the user agent should present
@@ -413,8 +414,14 @@ if (!proxy_authorize("$fd", "subscriber)) {
The string may contain pseudo variables.
* flags - set of flags to control the behaviour of the function. If
it is 1, then the function will check to see if the authentication
- username matches either To or From header username, a matter of
- whether it is for a REGISTER request or not..
+ username matches either To or From header username. REGISTER
+ requests: From and To must match the authentication user. PUBLISH
+ requests: From, To and Request-URI must match the authentication
+ user. All other requests: From header must match the authentication
+ user.
+ Additionally all domains in the checked URIs and the realm in the
+ authentication header will be checked to match the provided realm
+ parameter.
The string may contain pseudo variables.
This function can be used from REQUEST_ROUTE.
diff --git a/modules/auth_db/doc/auth_db_admin.xml b/modules/auth_db/doc/auth_db_admin.xml
index eac0351..999c3cf 100644
--- a/modules/auth_db/doc/auth_db_admin.xml
+++ b/modules/auth_db/doc/auth_db_admin.xml
@@ -477,7 +477,7 @@ if (!proxy_authorize("$fd", "subscriber)) {
<para>
In addition, a matter of <emphasis>flags</emphasis> parameter value,
the function checks if authentication username matches From/To header
- username.
+ username, and Request-URI in case of PUBLISH.
</para>
<para>Meaning of the parameters is as follows:</para>
<itemizedlist>
@@ -508,8 +508,14 @@ if (!proxy_authorize("$fd", "subscriber)) {
<para><emphasis>flags</emphasis> - set of flags to control the
behaviour of the function. If it is 1, then the function will
check to see if the authentication username matches either To or
- From header username, a matter of whether it is for a REGISTER
- request or not..
+ From header username. REGISTER requests: From and To must match the
+ authentication user. PUBLISH requests: From, To and Request-URI must
+ match the authentication user. All other requests: From header must
+ match the authentication user.
+ </para>
+ <para>
+ Additionally all domains in the checked URIs and the realm in the
+ authentication header will be checked to match the provided realm parameter.
</para>
<para>
The string may contain pseudo variables.
More information about the sr-dev
mailing list