# # $Id: openser.cfg,v 1.1.1.1 2005/06/13 16:47:30 bogdan_iancu Exp $ # # simple quick-start config script # # ----------- global configuration parameters ------------------------ debug=7 # debug level (cmd line: -dddddddddd) #fork=yes #log_stderror=no # (cmd line: -E) /* Uncomment these lines to enter debugging mode fork=no log_stderror=yes */ check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) #port=5060 #children=4 fifo="/tmp/openser_fifo" listen=1.2.3.83:5060 log_facility=LOG_LOCAL4 # /var/log/openser.log # ------------------ module loading ---------------------------------- # Uncomment this if you want to use SQL database #loadmodule "/usr/local/lib/ser/modules/mysql.so" mpath="/usr/lib/openser/modules" loadmodule "sl.so" loadmodule "tm.so" loadmodule "rr.so" loadmodule "maxfwd.so" loadmodule "usrloc.so" loadmodule "registrar.so" loadmodule "textops.so" loadmodule "xlog.so" loadmodule "postgres.so" loadmodule "domain.so" loadmodule "alias_db.so" # Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "auth.so" loadmodule "auth_radius.so" loadmodule "avpops.so" # ----------------- setting module-specific parameters --------------- # database configuration modparam("usrloc", "db_url", "postgres://openser:xxxxxx@localhost/openser") modparam("domain|uri_db|alias_db", "db_url", "postgres://openserro:xxxxxxx@localhost/openser") # radius configuration modparam("auth_radius", "radius_config", "/etc/openser/radiusclient.conf") # multi domain configuration modparam("domain", "db_mode", 1) # Use caching in domain module modparam("alias_db|usrloc|registrar", "use_domain", 1) # group, group_radius, speeddial, uri_db, avpops # -- usrloc params -- modparam("usrloc", "db_mode", 1) # 0=no DB, 1 = write through, 2=caching # -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) # AVPs # I:101 = cbcprefix # call by call provider prefix # I:102 = ruser # userpart in request uri # I:103 = rdomain # domainpart in request uri # I:104 = dummy1 # I:105 = dummy2 # modparam("avpops","avp_aliases","cbcprefix=I:101;ruser=I:102;rdomain=I:103;dummy1=I:104;dummy2=I:105") # ------------------------- request routing logic ------------------- # main routing logic route{ xlog("L_WARN","[$Tf] $rm $ru ($fu --> $tu)"); #xlog("L_WARN","reference to message buffer: $mb"); xlog("L_WARN","playing around with avps..."); avp_write("$ruri/username","$ruser"); avp_write("$ruri/domain","$rdomain"); # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { xlog("L_WARN","too many hops, reply with 483 ..."); sl_send_reply("483","Too Many Hops"); exit; }; if (msg:len >= 2048 ) { xlog("L_WARN","message too big, reply with 513 ..."); sl_send_reply("513", "Message too big"); exit; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!is_method("REGISTER")) { record_route(); } # subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { log(1,"loose_route processing ..."); # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); exit; }; if (!is_method("REGISTER|CANCEL|ACK|BYE|OPTIONS|INFO")) { if (is_from_local()) { xlog("L_WARN","checking authentication ..."); # digest authentication if (!radius_proxy_authorize("")) { xlog("L_WARN","wrong or no credentials - challenging client ..."); proxy_challenge("", "0"); exit; }; xlog("L_WARN","start avp_print()--------"); avp_print(); xlog("L_WARN","stop avp_print()---------"); consume_credentials(); xlog("L_WARN","username/password correct ..."); log(1,"adding rpid header ..."); append_rpid_hf(); } } if (!is_uri_host_local()) { log(1,"outbound request ..."); # mark routing logic in request append_hf("P-hint: outbound\r\n"); route(1); exit; }; # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (is_uri_host_local()) { if (is_method("REGISTER")) { if (is_from_local()) { log(1,"processing REGISTER ..."); xlog("L_WARN","checking REGISTER authentication ..."); # digest authentication if (!radius_www_authorize("")) { xlog("L_WARN","wrong or no credentials in REGISTER - challenging client ..."); www_challenge("", "0"); exit; }; xlog("L_WARN","start avp_print() of REGISTER--------"); avp_print(); xlog("L_WARN","stop avp_print() of REGISTER---------"); consume_credentials(); xlog("L_WARN","username/password correct in REGISTER, saving location ..."); save("location"); exit; } else { xlog("L_WARN","REGISTER for unknown domain received, reply with 403 ..."); sl_send_reply("403","Use your own proxy"); exit; } }; lookup("aliases"); if (!is_uri_host_local()) { append_hf("P-hint: outbound alias\r\n"); route(1); exit; }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { # send to at43 main proxy xlog("L_WARN","user not found, forwarding to main proxy ..."); t_relay_to_udp("1.2.3.160", "5060"); #sl_send_reply("404", "Not Found"); exit; }; }; append_hf("P-hint: usrloc applied\r\n"); route(1); } route[1] { xlog("L_WARN","route[1] entered ..."); # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP xlog("L_WARN","t_relay the request ..."); if (!t_relay()) { sl_reply_error(); }; xlog("L_WARN","... leaving route[1]"); }