permissions_user.sgml

用来作为linux中SIP SERVER,完成VOIP网络电话中服务器的功能

	    <title><varname>db_mode</varname> (integer)</title>
	    <para>
		This parameter controls the cache that speeds up lookups of
		trusted hosts. The value 1 enables cache, 0 disables it (each
		query would result in a database lookup).
	    </para>
	    <para>
		<emphasis>
		    Default value is 0 (disable cache).
		</emphasis>
	    </para>
	</section>

	<section>
	    <title><varname>trusted_table</varname> (string)</title>
	    <para>
		The name of the table in database containing the list of
		trusted hosts.
	    </para>
	    <para>
		<emphasis>
		    Default value is "trusted".
		</emphasis>
	    </para>
	</section>

	<section>
	    <title><varname>source_col</varname> (string)</title>
	    <para>
		The name of the column in trusted table which contains source
		IP address.
	    </para>
	    <para>
		<emphasis>
		    Default value is "src_ip".
		</emphasis>
	    </para>
	</section>

	<section>
	    <title><varname>proto_col</varname> (string)</title>
	    <para>
		The name of the column in trusted table which contains the
		protocol identifier (UDP, TCP, TLS).
	    </para>
	    <para>
		<emphasis>
		    Default value is "proto".
		</emphasis>
	    </para>
	</section>

	<section>
	    <title><varname>from_col</varname> (string)</title>
	    <para>
		The name of the column in trusted table which contains regular
		expressions that will be matched agains From header field.
	    </para>
	    <para>
		<emphasis>
		    Default value is "from_pattern".
		</emphasis>
	    </para>
	</section>	
    </section>

    <section>
	<title>Exported Functions</title>
	<section>
	    <title>
		<function moreinfo="none">allow_routing()</function>
	    </title>
	    <para>
		Returns true if all pairs constructed as described in <xref
		linkend="sec-call-routing"> have appropriate permissions according to the
		configuration files. This function uses default configuration files specified in
		<varname>default_allow_file</varname> and <varname>default_deny_file</varname>.
	    </para>
	    <example>
		<title><function>allow_routing</function> usage</title>
		<programlisting format="linespecific">
...
if (allow_routing()) {
    t_relay();
};
...
</programlisting>
	    </example>
	</section>
	<section>
	    <title>
		<function moreinfo="none">allow_routing(basename)</function>
	    </title>
	    <para>
		Returns true if all pairs constructed as described in <xref
		linkend="sec-call-routing"> have appropriate permissions according to the
		configuration files given as parameters.
	    </para>
	    <para>Meaning of the parameters is as follows:</para>
	    <itemizedlist>
		<listitem>
		    <para><emphasis>basename</emphasis> - Basename from which allow and deny
			filenames will be created by appending contents of
			<varname>allow_suffix</varname> and <varname>deny_suffix</varname>
			parameters.
		    </para>
		    <para>
			If the parameter doesn't contain full pathname then the function expects the
			file to be located in the same directory as the main configuration file of
			the server.
		    </para>
		</listitem>
	    </itemizedlist>
	    <example>
		<title><function>allow_routing(basename)</function> usage</title>
		<programlisting format="linespecific">
...
if (allow_routing("basename")) {
    t_relay();
};
...
</programlisting>
	    </example>
	</section>
	<section>
	    <title>
		<function moreinfo="none">allow_routing(allow_file, deny_file)</function>
	    </title>
	    <para>
		Returns true if all pairs constructed as described in <xref
		linkend="sec-call-routing"> have appropriate permissions according to the
		configuration files given as parameters.
	    </para>
	    <para>Meaning of the parameters is as follows:</para>
	    <itemizedlist>
		<listitem>
		    <para><emphasis>allow_file</emphasis> - File containing allow rules.</para>
		    <para>
			If the parameter doesn't contain full pathname then the function expects the
			file to be located in the same directory as the main configuration file of
			the server.
		    </para>
		</listitem>
		<listitem>
		    <para><emphasis>deny_file</emphasis> - File containing deny rules.</para>
		    <para>
			If the parameter doesn't contain full pathname then the function expects the
			file to be located in the same directory as the main configuration file of
			the server.
		    </para>
		</listitem>
	    </itemizedlist>
	    <example>
		<title><function>allow_routing(allow_file, deny_file)</function> usage</title>
		<programlisting format="linespecific">
...
if (allow_routing("rules.allow", "rules.deny")) {
    t_relay();
};
...
</programlisting>
	    </example>
	</section>
	<section>
	    <title>
		<function moreinfo="none">allow_register(basename)</function>
	    </title>
	    <para>
		The function returns true if all pairs constructed as described in <xref
		linkend="sec-registration-permissions"> have appropriate permissions according to
		the configuration files given as parameters.
	    </para>
	    <para>Meaning of the parameters is as follows:</para>
	    <itemizedlist>
		<listitem>
		    <para><emphasis>basename</emphasis> - Basename from which allow and deny
			filenames will be created by appending contents of
			<varname>allow_suffix</varname> and <varname>deny_suffix</varname>
			parameters.
		    </para>
		    <para>
			If the parameter doesn't contain full pathname then the function expects the
			file to be located in the same directory as the main configuration file of
			the server.
		    </para>
		</listitem>
	    </itemizedlist>
	    <example>
		<title><function>allow_register(basename)</function> usage</title>
		<programlisting format="linespecific">
...
if (method=="REGISTER") {
    if (allow_register("register")) {
        save("location");
        break;
    } else {
        sl_send_reply("403", "Forbidden");
    };
};
...
</programlisting>
	    </example>
	</section>
	<section>
	    <title>
		<function moreinfo="none">allow_register(allow_file, deny_file)</function>
	    </title>
	    <para>
		The function returns true if all pairs constructed as described in <xref
		linkend="sec-registration-permissions"> have appropriate permissions according to
		the configuration files given as parameters.
	    </para>
	    <para>Meaning of the parameters is as follows:</para>
	    <itemizedlist>
		<listitem>
		    <para><emphasis>allow_file</emphasis> - File containing allow rules.</para>
		    <para>
			If the parameter doesn't contain full pathname then the function expects the
			file to be located in the same directory as the main configuration file of
			the server.
		    </para>
		</listitem>
		<listitem>
		    <para><emphasis>deny_file</emphasis> - File containing deny rules.</para>
		    <para>
			If the parameter doesn't contain full pathname then the function expects the
			file to be located in the same directory as the main configuration file of
			the server.
		    </para>
		</listitem>
	    </itemizedlist>
	    <example>
		<title><function>allow_register(allow_file, deny_file)</function> usage</title>
		<programlisting format="linespecific">
...
if (method=="REGISTER") {
    if (allow_register("register.allow", "register.deny")) {
        save("location");
        break;
    } else {
        sl_send_reply("403", "Forbidden");
    };
};
...
</programlisting>
	    </example>
	</section>

	<section>
	    <title>
		<function moreinfo="none">allow_trusted()</function>
	    </title>
	    <para>
		The function check the source IP, protocol, and the contents of
		From header field against entries in trusted table and returns
		true if there is a match. This means that the end-device is trusted.
	    </para>
	</section>
    </section>
</chapter>

<!-- Keep this element at the end of the file
Local Variables:
sgml-parent-document: ("permissions.sgml" "Book" "chapter")
End:
-->