opensips/lcr-auth.txt@d783b433388d (annotated)
opensips/lcr-auth.txt
Mon, 16 Jan 2012 23:08:14 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Mon, 16 Jan 2012 23:08:14 +0100
- changeset 23
- d783b433388d
- permissions
- -rw-r--r--
Inconclusively complete possibly missing fields. This change introduces
inconsistencies difficult to correct given incomplete documentation of
IPKG and OPKG packaging standards.
| michael@17 | 1 | LCR module authentication extention (contribution) |
| michael@17 | 2 | |
| michael@17 | 3 | Rationale |
| michael@17 | 4 | |
| michael@17 | 5 | An orthoganal approach to abstract authentication logic out of the |
| michael@17 | 6 | routing script improves administration by keeping unnecessarily hard |
| michael@17 | 7 | coded authentication credentials out of the routing script. |
| michael@17 | 8 | |
| michael@17 | 9 | Usage |
| michael@17 | 10 | |
| michael@17 | 11 | The new lcr module parameters which achieve this are 'auth_realm_avp', |
| michael@17 | 12 | 'auth_username_avp', and 'auth_password_avp'. To specify where the lcr |
| michael@17 | 13 | module should write these values set the parameters like so: |
| michael@17 | 14 | |
| michael@17 | 15 | modparam("lcr", "auth_realm_avp", "$avp(s:arealm)") |
| michael@17 | 16 | modparam("lcr", "auth_username_avp", "$avp(s:auser)") |
| michael@17 | 17 | modparam("lcr", "auth_password_avp", "$avp(s:apass)") |
| michael@17 | 18 | |
| michael@17 | 19 | Typically these parameters are used in conjunction with the uac modules |
| michael@17 | 20 | uac_auth() function, which uses similar variables which are specified in |
| michael@17 | 21 | a similar manner. In fact, the parameters of both lcr and uac modules |
| michael@17 | 22 | can be specified at the same time like so: |
| michael@17 | 23 | |
| michael@17 | 24 | modparam("uac|lcr", "auth_realm_avp", "$avp(s:arealm)") |
| michael@17 | 25 | modparam("uac|lcr", "auth_username_avp", "$avp(s:auser)") |
| michael@17 | 26 | modparam("uac|lcr", "auth_password_avp", "$avp(s:apass)") |
| michael@17 | 27 | |
| michael@17 | 28 | In addition to the existing column module parameters, specify the name |
| michael@17 | 29 | of each of the new gw table columns like so: |
| michael@17 | 30 | |
| michael@17 | 31 | modparam("lcr", "user_column", "user") |
| michael@17 | 32 | modparam("lcr", "realm_column", "realm") |
| michael@17 | 33 | modparam("lcr", "passwd_column", "passwd") |
| michael@17 | 34 | |
| michael@17 | 35 | At this point the new functionality of the lcr module is ready to be |
| michael@17 | 36 | used. Enter values into the gw table with its new columns and call the |
| michael@17 | 37 | standard lcr module functions load_gws() and next_gw(). |
| michael@17 | 38 | |
| michael@17 | 39 | Result |
| michael@17 | 40 | |
| michael@17 | 41 | After calling load_gws() and next_gw(), inspect the variables associated |
| michael@17 | 42 | with the user, realm, and password columns (see the modparam entries) to |
| michael@17 | 43 | find that the lcr module can now hand off authentication credentials to |
| michael@17 | 44 | other modules with ease. |
| michael@17 | 45 | |
| michael@17 | 46 | Location |
| michael@17 | 47 | |
| michael@17 | 48 | http://scm.europalab.com/contrib/opensips/ |
| michael@17 | 49 | http://scm.europalab.com/contrib/file/tip/opensips/ |
| michael@17 | 50 | http://scm.europalab.com/contrib/file/tip/opensips/lcr-auth.txt |
| michael@17 | 51 | http://scm.europalab.com/contrib/file/tip/opensips/lcr-auth.diff |
| michael@17 | 52 | |
| michael@17 | 53 | Instructions |
| michael@17 | 54 | |
| michael@17 | 55 | To integrate this contributed logic into the source code tree of |
| michael@17 | 56 | a OpenSIPS distribution, download the unified diff and use the |
| michael@17 | 57 | patch(1) command: |
| michael@17 | 58 | |
| michael@17 | 59 | $ cd /tmp && mkdir lcr-patch && cd lcr-patch |
| michael@17 | 60 | $ wget http://scm.europalab.com/contrib/raw-file/tip/opensips/lcr-auth.diff |
| michael@17 | 61 | $ tar zxf /tmp/opensips-<version>-tls.tar.gz |
| michael@17 | 62 | $ cd opensips-<version>-tls |
| michael@17 | 63 | $ patch -p0 <../lcr-auth.diff |
| michael@17 | 64 | |
| michael@17 | 65 | Disclaimer |
| michael@17 | 66 | |
| michael@17 | 67 | This software contribution is based on source code from OpenSIPS SVN |
| michael@17 | 68 | revision 6590. The author makes no guarantees as to this contribution. |
| michael@17 | 69 | A user who downloads and executes it does so at his own risk. |
| michael@17 | 70 | |
| michael@17 | 71 | Michael Schloh von Bennewitz |
| michael@17 | 72 | http://michael.schloh.com/ |
| michael@17 | 73 | Wednsday, 10. February 2010 |
