[SR-Users] Fwd: Tutorial: SIP SIMPLE Presence Made Simple with Kamailio 3.1
Daniel-Constantin Mierla
miconda at gmail.com
Tue Oct 19 10:03:08 CEST 2010
Hello Andrey,
seems ok, I will give some more thoughts about.
At the end of the day, it is your decision as administrator how you
enforce the xcap-uri format and authentication/authorization.
The fact is that http uri does not contain domain part usually, it is
just document/resource reference part. I have seen services asking the
users to add the domain as mandatory to xcap uri. It is a reason why the
xcap document path can be given as parameter, not taken implicit, so the
admin can transform the one received to a normalized one.
Cheers,
Daniel
On 10/16/10 8:43 AM, Rouskol Andrey wrote:
> Daniel,
>
> What whould you think about this variant of xcap authentication:
>
> event_route[xhttp:request] {
> xdbg("===== xhttp: request [$rv] $rm => $hu\n");
> if($hu=~"^/xcap-root/")
> {
> # xcap ops
> $xcapuri(u=>data) = $hu;
> if($xcapuri(u=>xuid)=~"^sip:.+ at .+")
> $var(uri) = $xcapuri(u=>xuid);
> else if($xcapuri(u=>xuid)=~".+ at .+")
> $var(uri) = "sip:"+ $xcapuri(u=>xuid);
> else
> $var(uri) = "sip:"+ $xcapuri(u=>xuid) + "@" + $Ri;
>
> if($xcapuri(u=>auid)=="xcap-caps")
> {
> ... skipped ...
> }
>
> #!ifdef WITH_XHTTPAUTH
> #!ifdef WITH_MULTIDOMAIN
> if (!www_authorize("$(var(uri){uri.host})", "subscriber")) {
> www_challenge("$(var(uri){uri.host})", "0");
> #!else
> if (!www_authorize("xcap", "subscriber")) {
> www_challenge("xcap", "0");
> #!endif
>
> exit;
> }
>
> set_reply_close();
> set_reply_no_connect();
>
> #!ifdef WITH_XHTTPAUTH
> # be sure auth user access only its documents
> #!ifdef WITH_MULTIDOMAIN
> if($aU=~".+ at .+")
> $var(tmp) = "sip:"+$aU;
> else
> $var(tmp) = "sip:"+$aU+"@"+$(var(uri){uri.host});
>
> if ($var(uri)!=$var(tmp)) {
> xdbg("===== xhttp: Forbidden!!! $var(tmp) - $var(uri)\n");
> #!else
> if ($au!=$(var(uri){uri.user})) {
> xdbg("===== xhttp: Forbidden!!! $au - $(var(uri){uri.user})\n");
> #!endif
>
> ..
>
> Regards,
> Andrey.
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
http://www.asipto.com
More information about the sr-users
mailing list