THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.
The following task has a new comment added:
FS#499 - add support to auth_db to validate source IP address
User who did this - Emmanuel Schmidbauer (eschmidbauer)
----------
I will go down the list and reply to each one:
1. The module and function are for verifying digest authentication, i don't think IP
checking should be part of it. It is illogical and confusing.
From the module overview: "This module contains
_all_ authentication related functions that need the access to the database."
I
don't see anything about the module only being used to verify digest authentication.
2. The functionality is enable by overloading the configuration of a table column name.
Not very in intuitive.
The functionality is enabled by ADDING the column name to the configuration, if it is not
added, then the functionality is disabled.
I designed it that way to allow people to upgrade their code and not ADD the functionality
unless they wanted it.
3. The function is limited to only a single ip(-range) per username; not very flexible.
The already existing method of achieving the very same functionality is already present in
the ipops and, in a more flexible way, the permissions module.
I fail to see how it can easily be done using ipops and permissions. Permissions does not
do dynamic SQL queries (you must load/reload your IP addresses). That being said, it
cannot be achieved using ipops and permissions. If I am mistaken about this, please
provide an example.
4. The functionality is so very trivial to implement in the config script using the ipops
module (only taking 2 lines of script), i don't think the additional maintenance
burden for the C code is worth it.
Again, I do not see how to implement this in ipops. And there is not much maintenance
burden unless another version of IP becomes prevalent.
5. The added functionality is undocumented.
I would be happy to document the functionality.
6. There is no return code to recognize the reason why "authentication" failed.
The return code is same as if authentication failed. Would you prefer a different return
code? If so, let me know what return code should be used.
Please understand, I wrote this patch from the standpoint of a VoIP system administrator.
IP Authentication coupled with password authentication is almost a necessity in most VoIP
systems. Of course there are certainly ways to achieve this goal using what I would call
"workarounds", like a perl script or messing with loading SQL data and running
it against an ipops functions, but these methods are not documented nor a straightforward
approach. Adding the IP restriction capability to the auth_db database makes the entire
process straightforward and easy to maintain. I would be happy to re-write any of my code
to meet the requirements for it to be pushed into auth_db. I will use my patch whether it
is pushed into auth_db codebase or not, I would prefer not to run my own branch of
kamailio though. I also think many other people could benefit from this patch.
----------
More information can be found at the following URL:
http://sip-router.org/tracker/index.php?do=details&task_id=499#comment1…
You are receiving this message because you have requested it from the Flyspray bugtracking
system. If you did not expect this message or don't want to receive mails in future,
you can change your notification settings at the URL shown above.