opensips/lcr-auth.txt@8ec65b8f6e2c (annotated)
opensips/lcr-auth.txt
Wed, 10 Feb 2010 21:25:01 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 10 Feb 2010 21:25:01 +0100
- changeset 18
- 8ec65b8f6e2c
- permissions
- -rw-r--r--
Extend uac_auth() of the UAC module to workaround CSEQ problems.
This logic is meant to complement that of changeset 17, which
added rich authentication credentials to the gw table and its
associated logic in the LCR module.
| michael@17 | 1 | LCR module authentication extention (contribution) |
| michael@17 | 2 | |
| michael@17 | 3 | Rationale |
| michael@17 | 4 | |
| michael@17 | 5 | An orthoganal approach to abstract authentication logic out of the |
| michael@17 | 6 | routing script improves administration by keeping unnecessarily hard |
| michael@17 | 7 | coded authentication credentials out of the routing script. |
| michael@17 | 8 | |
| michael@17 | 9 | Usage |
| michael@17 | 10 | |
| michael@17 | 11 | The new lcr module parameters which achieve this are 'auth_realm_avp', |
| michael@17 | 12 | 'auth_username_avp', and 'auth_password_avp'. To specify where the lcr |
| michael@17 | 13 | module should write these values set the parameters like so: |
| michael@17 | 14 | |
| michael@17 | 15 | modparam("lcr", "auth_realm_avp", "$avp(s:arealm)") |
| michael@17 | 16 | modparam("lcr", "auth_username_avp", "$avp(s:auser)") |
| michael@17 | 17 | modparam("lcr", "auth_password_avp", "$avp(s:apass)") |
| michael@17 | 18 | |
| michael@17 | 19 | Typically these parameters are used in conjunction with the uac modules |
| michael@17 | 20 | uac_auth() function, which uses similar variables which are specified in |
| michael@17 | 21 | a similar manner. In fact, the parameters of both lcr and uac modules |
| michael@17 | 22 | can be specified at the same time like so: |
| michael@17 | 23 | |
| michael@17 | 24 | modparam("uac|lcr", "auth_realm_avp", "$avp(s:arealm)") |
| michael@17 | 25 | modparam("uac|lcr", "auth_username_avp", "$avp(s:auser)") |
| michael@17 | 26 | modparam("uac|lcr", "auth_password_avp", "$avp(s:apass)") |
| michael@17 | 27 | |
| michael@17 | 28 | In addition to the existing column module parameters, specify the name |
| michael@17 | 29 | of each of the new gw table columns like so: |
| michael@17 | 30 | |
| michael@17 | 31 | modparam("lcr", "user_column", "user") |
| michael@17 | 32 | modparam("lcr", "realm_column", "realm") |
| michael@17 | 33 | modparam("lcr", "passwd_column", "passwd") |
| michael@17 | 34 | |
| michael@17 | 35 | At this point the new functionality of the lcr module is ready to be |
| michael@17 | 36 | used. Enter values into the gw table with its new columns and call the |
| michael@17 | 37 | standard lcr module functions load_gws() and next_gw(). |
| michael@17 | 38 | |
| michael@17 | 39 | Result |
| michael@17 | 40 | |
| michael@17 | 41 | After calling load_gws() and next_gw(), inspect the variables associated |
| michael@17 | 42 | with the user, realm, and password columns (see the modparam entries) to |
| michael@17 | 43 | find that the lcr module can now hand off authentication credentials to |
| michael@17 | 44 | other modules with ease. |
| michael@17 | 45 | |
| michael@17 | 46 | Location |
| michael@17 | 47 | |
| michael@17 | 48 | http://scm.europalab.com/contrib/opensips/ |
| michael@17 | 49 | http://scm.europalab.com/contrib/file/tip/opensips/ |
| michael@17 | 50 | http://scm.europalab.com/contrib/file/tip/opensips/lcr-auth.txt |
| michael@17 | 51 | http://scm.europalab.com/contrib/file/tip/opensips/lcr-auth.diff |
| michael@17 | 52 | |
| michael@17 | 53 | Instructions |
| michael@17 | 54 | |
| michael@17 | 55 | To integrate this contributed logic into the source code tree of |
| michael@17 | 56 | a OpenSIPS distribution, download the unified diff and use the |
| michael@17 | 57 | patch(1) command: |
| michael@17 | 58 | |
| michael@17 | 59 | $ cd /tmp && mkdir lcr-patch && cd lcr-patch |
| michael@17 | 60 | $ wget http://scm.europalab.com/contrib/raw-file/tip/opensips/lcr-auth.diff |
| michael@17 | 61 | $ tar zxf /tmp/opensips-<version>-tls.tar.gz |
| michael@17 | 62 | $ cd opensips-<version>-tls |
| michael@17 | 63 | $ patch -p0 <../lcr-auth.diff |
| michael@17 | 64 | |
| michael@17 | 65 | Disclaimer |
| michael@17 | 66 | |
| michael@17 | 67 | This software contribution is based on source code from OpenSIPS SVN |
| michael@17 | 68 | revision 6590. The author makes no guarantees as to this contribution. |
| michael@17 | 69 | A user who downloads and executes it does so at his own risk. |
| michael@17 | 70 | |
| michael@17 | 71 | Michael Schloh von Bennewitz |
| michael@17 | 72 | http://michael.schloh.com/ |
| michael@17 | 73 | Wednsday, 10. February 2010 |
