[SR-Users] Fwd: Tutorial: SIP SIMPLE Presence Made Simple with Kamailio 3.1

Daniel-Constantin Mierla miconda at gmail.com
Tue Oct 19 10:03:08 CEST 2010 

  Hello Andrey,

seems ok, I will give some more thoughts about.

At the end of the day, it is your decision as administrator how you 
enforce the xcap-uri format and authentication/authorization.

The fact is that http uri does not contain domain part usually, it is 
just document/resource reference part. I have seen services asking the 
users to add the domain as mandatory to xcap uri. It is a reason why the 
xcap document path can be given as parameter, not taken implicit, so the 
admin can transform the one received to a normalized one.

Cheers,
Daniel

On 10/16/10 8:43 AM, Rouskol Andrey wrote:
> Daniel,
>
> What whould you think about this variant of xcap authentication:
>
> event_route[xhttp:request] {
>          xdbg("===== xhttp: request [$rv] $rm =>  $hu\n");
>          if($hu=~"^/xcap-root/")
>          {
>                  # xcap ops
>                  $xcapuri(u=>data) = $hu;
>                  if($xcapuri(u=>xuid)=~"^sip:.+ at .+")
>                          $var(uri) = $xcapuri(u=>xuid);
>                  else if($xcapuri(u=>xuid)=~".+ at .+")
>                          $var(uri) = "sip:"+ $xcapuri(u=>xuid);
>                  else
>                          $var(uri) = "sip:"+ $xcapuri(u=>xuid) + "@" + $Ri;
>
>                  if($xcapuri(u=>auid)=="xcap-caps")
>                  {
>                     ... skipped ...
>                  }
>
> #!ifdef WITH_XHTTPAUTH
> #!ifdef WITH_MULTIDOMAIN
>          if (!www_authorize("$(var(uri){uri.host})", "subscriber")) {
>                  www_challenge("$(var(uri){uri.host})", "0");
> #!else
>          if (!www_authorize("xcap", "subscriber")) {
>                  www_challenge("xcap", "0");
> #!endif
>
>                  exit;
>          }
>
>          set_reply_close();
>          set_reply_no_connect();
>
> #!ifdef WITH_XHTTPAUTH
>          # be sure auth user access only its documents
> #!ifdef WITH_MULTIDOMAIN
>          if($aU=~".+ at .+")
>                  $var(tmp) = "sip:"+$aU;
>          else
>                  $var(tmp) = "sip:"+$aU+"@"+$(var(uri){uri.host});
>
>          if ($var(uri)!=$var(tmp)) {
>              xdbg("===== xhttp: Forbidden!!! $var(tmp) - $var(uri)\n");
> #!else
>          if ($au!=$(var(uri){uri.user})) {
>              xdbg("===== xhttp: Forbidden!!! $au - $(var(uri){uri.user})\n");
> #!endif
>
> ..
>
> Regards,
> Andrey.
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla
http://www.asipto.com

More information about the sr-users mailing list