[sr-dev] git:master: permissions(k): use grp 1 in allow_source_address

Daniel-Constantin Mierla miconda at gmail.com
Sun Mar 28 21:06:13 CEST 2010 

Module: sip-router
Branch: master
Commit: 254514dfec1a72fdce4d1911db1df7e6122bec19
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=254514dfec1a72fdce4d1911db1df7e6122bec19

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date:   Sun Mar 28 19:24:06 2010 +0200

permissions(k): use grp 1 in allow_source_address

- example used grp 0 which is not allowed
- extended the note about group id value

---

 modules_k/permissions/README                    |   38 +++++++++++-----------
 modules_k/permissions/doc/permissions_admin.xml |    6 ++--
 2 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/modules_k/permissions/README b/modules_k/permissions/README
index 8bdcac0..3642796 100644
--- a/modules_k/permissions/README
+++ b/modules_k/permissions/README
@@ -277,8 +277,8 @@ Chapter 1. Admin Guide
 
    Addresses stored in cached database table can be grouped together into
    one or more groups specified by a group identifier (positive integer
-   value). Group identifier is given as argument to allow_address and
-   allow_source_address functions.
+   value, i.e., equal or greater than 1). Group identifier is given as
+   argument to allow_address and allow_source_address functions.
 
    As a side effect of matching the address, non-NULL tag (see tag_col
    module parameter) is added as value to peer_tag AVP if peer_tag_avp
@@ -597,7 +597,7 @@ modparam("permissions", "peer_tag_avp", "$avp(i:707)")
    4.9. allow_source_address_group()
    4.10. allow_trusted([src_ip_pvar, proto_pvar])
 
-4.1. allow_routing()
+4.1.  allow_routing()
 
    Returns true if all pairs constructed as described in Section 1.1,
    "Call Routing" have appropriate permissions according to the
@@ -613,7 +613,7 @@ if (allow_routing()) {
 };
 ...
 
-4.2. allow_routing(basename)
+4.2.  allow_routing(basename)
 
    Returns true if all pairs constructed as described in Section 1.1,
    "Call Routing" have appropriate permissions according to the
@@ -636,7 +636,7 @@ if (allow_routing("basename")) {
 };
 ...
 
-4.3. allow_routing(allow_file,deny_file)
+4.3.  allow_routing(allow_file,deny_file)
 
    Returns true if all pairs constructed as described in Section 1.1,
    "Call Routing" have appropriate permissions according to the
@@ -661,7 +661,7 @@ if (allow_routing("rules.allow", "rules.deny")) {
 };
 ...
 
-4.4. allow_register(basename)
+4.4.  allow_register(basename)
 
    The function returns true if all pairs constructed as described in
    Section 1.2, "Registration Permissions" have appropriate permissions
@@ -689,7 +689,7 @@ if (method=="REGISTER") {
 };
 ...
 
-4.5. allow_register(allow_file, deny_file)
+4.5.  allow_register(allow_file, deny_file)
 
    The function returns true if all pairs constructed as described in
    Section 1.2, "Registration Permissions" have appropriate permissions
@@ -719,7 +719,7 @@ if (method=="REGISTER") {
 };
 ...
 
-4.6. allow_uri(basename, pvar)
+4.6.  allow_uri(basename, pvar)
 
    Returns true if the pair constructed as described in Section 1.3, "URI
    Permissions" have appropriate permissions according to the
@@ -746,7 +746,7 @@ if (allow_uri("basename", "$avp(i:705)") {  // Check URI stored in $avp(i:705)
 };
 ...
 
-4.7. allow_address(group_id, ip_addr_pvar, port_pvar)
+4.7.  allow_address(group_id, ip_addr_pvar, port_pvar)
 
    Returns true if IP address and port given as values of pvar arguments
    belonging to a group given as group_id argument matches an IP subnet
@@ -769,7 +769,7 @@ if (!allow_address("2", "$avp(i:704)", "$avp(i:705)") {
 };
 ...
 
-4.8. allow_source_address(group_id)
+4.8.  allow_source_address(group_id)
 
    Equal to allow_address(group_id, "$si", "$sp").
 
@@ -779,12 +779,12 @@ if (!allow_address("2", "$avp(i:704)", "$avp(i:705)") {
 ...
 
 // Check source address/port of request
-if (!allow_source_address("0")) {
+if (!allow_source_address("1")) {
         sl_send_reply("403", "Forbidden");
 };
 ...
 
-4.9. allow_source_address_group()
+4.9.  allow_source_address_group()
 
    Checks if source address/port is found in cached address or subnet
    table in any group. If yes, returns that group. If not returns -1. Port
@@ -801,7 +801,7 @@ if ($var(group) != -1) {
 };
 ...
 
-4.10. allow_trusted([src_ip_pvar, proto_pvar])
+4.10.  allow_trusted([src_ip_pvar, proto_pvar])
 
    Checks based either on request's source address and transport protocol
    or source address and transport protocol given in pvar arguments, and
@@ -837,7 +837,7 @@ if (allow_trusted("$si", "$proto")) {
    5.5. trusted_dump
    5.6. allow_uri
 
-5.1. address_reload
+5.1.  address_reload
 
    Causes permissions module to re-read the contents of address database
    table into cache memory. In cache memory the entries are for
@@ -846,35 +846,35 @@ if (allow_trusted("$si", "$proto")) {
 
    Parameters: none
 
-5.2. address_dump
+5.2.  address_dump
 
    Causes permissions module to dump contents of cache memory address
    table.
 
    Parameters: none
 
-5.3. subnet_dump
+5.3.  subnet_dump
 
    Causes permissions module to dump contents of cache memory subnet
    table.
 
    Parameters: none
 
-5.4. trusted_reload
+5.4.  trusted_reload
 
    Causes permissions module to re-read the contents of trusted table into
    cache memory.
 
    Parameters: none
 
-5.5. trusted_dump
+5.5.  trusted_dump
 
    Causes permissions module to dump contents of trusted table from cache
    memory.
 
    Parameters: none
 
-5.6. allow_uri
+5.6.  allow_uri
 
    Tests if (URI, Contact) pair is allowed according to allow/deny files.
    The files must already have been loaded by Kamailio.
diff --git a/modules_k/permissions/doc/permissions_admin.xml b/modules_k/permissions/doc/permissions_admin.xml
index 56612a4..b6e878e 100644
--- a/modules_k/permissions/doc/permissions_admin.xml
+++ b/modules_k/permissions/doc/permissions_admin.xml
@@ -179,8 +179,8 @@
 		<para>
 		Addresses stored in cached database table can be grouped
 		together into one or more groups specified by a group
-		identifier (positive integer value).  Group
-		identifier is given as argument to allow_address and
+		identifier (positive integer value, i.e., equal or greater than 1).
+		Group identifier is given as argument to allow_address and
 		allow_source_address functions.
 		</para>
 		<para>
@@ -969,7 +969,7 @@ if (!allow_address("2", "$avp(i:704)", "$avp(i:705)") {
 ...
 
 // Check source address/port of request
-if (!allow_source_address("0")) {
+if (!allow_source_address("1")) {
 	sl_send_reply("403", "Forbidden");
 };
 ...

More information about the sr-dev mailing list