[Serusers] Re: Authorizing IM requests

Vaclav Kubart vaclav.kubart at iptel.org
Fri May 26 15:39:40 CEST 2006


EyeBeam won't use im-rules and SER won't use with privacy-lists. It
something else.

	Vaclav

On Fri, May 26, 2006 at 02:24:42PM +0300, ?lker Aktuna (Koç.net) wrote:
> Hi Samuel,
> 
> Now that presence is working I'm checking xcap possibilities.
> I see that IM xcap authorization is not working.
> 
> I don't know what to use in:
> >if (authorize_message("im-rules.xml")){
> 
> My client (Eyebeam) does not use im-rules.xml , but it uses
> privacy-lists.xml and that file is in privacy-lists folder.  How
> should I change the configuration line to use this file ?
> 
> Regards,
> ilker
> 
> -----Original Message-----
> From: samuel [mailto:samu60 at gmail.com]
> Sent: Tuesday, May 16, 2006 5:26 PM
> To: Vaclav Kubart
> Cc: ?lker Aktuna (Koç.net); serusers at iptel.org
> Subject: Re: [Serusers] PA error sending notifies
> 
> 2006/5/16, Vaclav Kubart <vaclav.kubart at iptel.org>:
> > reply inline...
> > > If you are using XCAP authentication for MESSAGEs, there's a
> > > function called authorize_message that needs to have as parameter
> > > the file name of the IM ruleset.
> > > For user sam, in xcap-root/im-rules/users/sam/im-rules.xml there are
> > > the rules for this function. The XML file is similar to the
> > > presence-rules but has important differences (correct me if I'm
> > > wrong,
> > > Vaclav!!!):
> > > *it only has a blacklist parameter (no whitelist!!)
> >
> > It doesn't depend on name of the rule (blacklist/whitelist/...) it
> > depends on the action (block, ...). You can have as many rules as you
> > want, but to explicitly enable something (whitelist) is needless
> > because MESSSAGEs are allowed by default (at the end of the presence
> > handbook I tried to describe im-rules the same way as presence-rules
> > are described in their draft).
> >
> > > *the namespace is different (so be carefull in copy&paste from the
> > > presence-rules!!!) and, as Vaclav poitned out "proprietary" from
> > > iptel.
> >
> > And the action element name differs: <im-handling> is used instead of
> > <sub-handling>.
> >
> 
> Uops...I haven't noticed :P thanks!
> 
> >         Vaclav
> >
> > >
> > > About the structure I have: x86 debian testing. Libraries versions I
> > > don't know exactly but the ones in the testing repository EXCEPT a
> > > library which I had to get for serweb from the stable version...but
> > > it's not affecting SER part.
> > >
> > > Samuel.
> > > 2006/5/16, ?lker Aktuna   (Koç. net  ) <ilkera at koc.net>:
> > > >
> > > >
> > > >
> > > >
> > > >Hi,
> > > >
> > > >What did  you mean by following:
> > > >
> > > >>Instead of
> > > >>>
> > > >>> if (authorize_message("http://localhost/xcap")) {
> > > >>
> > > >>there should be
> > > >>
> > > >>if (authorize_message("im-rules.xml")){
> > > >
> > > >Btw, did you receive my email with following questions :
> > > >
> > > >>> I have the same problem with notification and other presence
> > > >>> messages
> > > >with you.
> > > >>> Can you tell me which Linux distribution you are using Ser on ?
> > > >>> Also please include version numbers for libraries that are
> > > >>> required by
> > > >Ser.
> > > >>>
> > > >>> I am trying to find similarities between yours and my ser server.
> > > >
> > > >Regards,
> > > >ilker
> > > >
> > > >-----Original Message-----
> > > >From: serusers-bounces at iptel.org
> > > >[mailto:serusers-bounces at iptel.org] On Behalf Of samuel
> > > >Sent: Monday, May 15, 2006 7:13 PM
> > > >To: Vaclav Kubart
> > > >Cc: serusers at iptel.org
> > > >Subject: Re: [Serusers] PA error sending notifies
> > > >
> > > >Let's see if I can finish the e-mail before gmail decides it's
> > > >enough...:P
> > > >
> > > >006/5/15, samuel <samu60 at gmail.com>:
> > > >> Following with the handbook...
> > > >
> > > >>
> > > >> the authorize message in the sample confgi files has as parameter
> > > >> the xcap root while it should have the xml file containing the auth.rules.
> > > >
> > > >
> > > >Instead of
> > > >
> > > >>
> > > >> if (authorize_message("http://localhost/xcap")) {
> > > >
> > > >there should be
> > > >
> > > >if (authorize_message("im-rules.xml")){
> > > >
> > > >>
> > > >>
> > > >>
> > > >> 2006/5/15, samuel <samu60 at gmail.com>:
> > > >> > First of all, I have to thank you for the time you spent
> > > >> > writing the handbook, it's really really helpfull....I wish all
> > > >> > SER related parts had this docs..
> > > >> >
> > > >> > I'll try to get familiar with the code of the notifications and
> > > >> > I'll try to find something....which I don't thing so :P. I'll
> > > >> > also merge the two functionalities (proxy + presence) in a
> > > >> > unique config file to see if it works.
> > > >> > I hope I can provide more info these following days.
> > > >> >
> > > >> > About the missing things in the presence handbook, probably the
> > > >> > most important is the new xcap module because in the sample
> > > >> > config files it's missing.
> > > >> > Another thing is that in the XCAP structure description, the
> > > >> > im-rules directory is missing, which might lead to
> > > >> > misunderstandings. I downloaded the structure from the iptel's
> > > >> > ftp and inside the im-rules there were several files
> > > >> > corresponding to presence-rules which should be either removed
> > > >> > or updated with the im-rules namespaces and removing the whitelist.
> > > >> >
> > > >> > Thanks,
> > > >> >
> > > >> > Samuel.
> > > >> >
> > > >> >
> > > >> >
> > > >> >
> > > >> > 2006/5/15, Vaclav Kubart <vaclav.kubart at iptel.org>:
> > > >> > > Hi,
> > > >> > > this problem I'm trying to solve with Ilker Aktuna. I try to
> > > >> > > simulate it on my machine and let you know. Or if you solve
> > > >> > > it,
> > > >please
> > > >let me know.
> > > >> > > :-)
> > > >> > >
> > > >> > > Please, could you tell me, what things you were missing in
> > > >> > > presence handbook? I'm trying to do it as useful as possible
> > > >> > > and whatever ideas are welcome...
> > > >> > >
> > > >> > >         Vaclav
> > > >> > >
> > > >> > > On Mon, May 15, 2006 at 01:38:02PM +0200, samuel wrote:
> > > >> > > > Hi all,
> > > >> > > >
> > > >> > > > I recently had a few hours and start installing the
> > > >> > > > presence staff and I have to say that I have it amost
> > > >> > > > workign thanks to the presence handbook, the mailing list
> > > >> > > > and, obviously, a little bit of code review..:P
> > > >> > > >
> > > >> > > > I have two SER instances, the "proxy" and the "presence server"
> > > >> > > > (both with last CVS code) co-located in the same host and I
> > > >> > > > have an issue when the "presence server" tries to send the
> > > >> > > > NOTIFY requests. Below there's an attched log showing the
> > > >> > > > problem (on IP a.b.c.d I've got the two instances):
> > > >> > > >
> > > >> > > > 3(30682) DEBUG notify.c:378: sending winfo notify
> > > >> > > > 3(30682) DEBUG notify.c:383: winfo document created
> > > >> > > > 3(30682) DEBUG notify.c:391: creating headers
> > > >> > > > 3(30682) DEBUG notify.c:398: headers created
> > > >> > > > 3(30682) DEBUG:tm:t_uac:
> > > >> > > >
> > > >next_hop=<sip:a.b.c.d;transport=tcp;ftag=c77b3f33;lr=on>
> > > >> > > > 3(30682) t_uac: no socket found
> > > >> > > > 3(30682) DEBUG notify.c:402: request sent with result -7
> > > >> > > > 3(30682) ERROR: notify.c:404: Can't send watcherinfo
> > > >> > > > notification (-7)
> > > >> > > >
> > > >> > > > This problem appears in other places, not only in the
> > > >> > > > notifications for winfo so probably there's somthing in the
> > > >> > > > selection of the outgoing socket directing to the local IP.
> > > >> > > >
> > > >> > > > >From the proxy part I just ust t_forward_nonack for the "SIMPLE"
> > > >> > > > messages with record route....maybe adding the port in the
> > > >> > > > record route should help?
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >___________________________________________________________________
> > > >___________________________________________________________________
> > > >_______ Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor
> > > >olabilir. Eger bu e-posta mesaji size yanlislikla ulasmissa, 
> > > >icerigini hic bir sekilde kullanmayiniz ve ekli dosyalari
> > > >acmayiniz. Bu durumda lutfen e-posta mesajini kullaniciya hemen
> > > >geri gonderiniz  ve  tum kopyalarini mesaj kutunuzdan siliniz. Bu
> > > >e-posta mesaji, hic bir sekilde, herhangi bir amac icin
> > > >cogaltilamaz, yayinlanamaz ve para karsiligi satilamaz.  Bu e-posta
> > > >mesaji viruslere karsi anti-virus sistemleri tarafindan
> > > >taranmistir. Ancak yollayici, bu e-posta mesajinin - virus koruma
> > > >sistemleri ile kontrol ediliyor olsa bile - virus icermedigini
> > > >garanti etmez ve meydana gelebilecek zararlardan dogacak hicbir
> > > >sorumlulugu kabul etmez.
> > > >This message is intended solely for the use of the individual or
> > > >entity to whom it is addressed , and may contain confidential 
> > > >information. If you are not the intended recipient of this message
> > > >or you receive this mail in error, you should refrain from making
> > > >any use of the contents and from opening any attachment. In that
> > > >case, please notify the sender immediately and return the message
> > > >to the sender, then, delete and destroy all copies.
> > > >This e-mail message, can not be copied, published or sold for any reason.
> > > >This e-mail message has been swept by anti-virus systems for the
> > > >presence of computer viruses. In doing so, however,  sender  cannot
> > > >warrant that virus or other forms of data corruption may not be
> > > >present and do not take any responsibility in any occurrence.
> > > >___________________________________________________________________
> > > >___________________________________________________________________
> > > >_______
> > > >
> >
> 
> 
> 
> 
>  <http://387555.sigclick.mailinfo.com/sigclick/05090E04/0C024D08/07084503/06191971.jpg>
> _____________________________________________________________________________________________________________________________________________
> Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor olabilir. Eger bu e-posta mesaji size yanlislikla ulasmissa,  icerigini hic bir sekilde kullanmayiniz ve ekli dosyalari acmayiniz. Bu durumda lutfen e-posta mesajini kullaniciya hemen geri gonderiniz  ve  tum kopyalarini mesaj kutunuzdan siliniz. Bu e-posta mesaji, hic bir sekilde, herhangi bir amac icin cogaltilamaz, yayinlanamaz ve para karsiligi satilamaz.  Bu e-posta mesaji viruslere karsi anti-virus sistemleri tarafindan taranmistir. Ancak yollayici, bu e-posta mesajinin - virus koruma sistemleri ile kontrol ediliyor olsa bile - virus icermedigini garanti etmez ve meydana gelebilecek zararlardan dogacak hicbir sorumlulugu kabul etmez. 
> This message is intended solely for the use of the individual or entity to whom it is addressed , and may contain confidential  information. If you are not the intended recipient of this message or you receive this mail in error, you should refrain from making any use of the contents and from opening any attachment. In that case, please notify the sender immediately and return the message to the sender, then, delete and destroy all copies. This e-mail message, can not be copied, published or sold for any reason. This e-mail message has been swept by anti-virus systems for the presence of computer viruses. In doing so, however,  sender  cannot warrant that virus or other forms of data corruption may not be present and do not take any responsibility in any occurrence.
> _____________________________________________________________________________________________________________________________________________



More information about the sr-users mailing list