permissions_user.sgml

性能优秀的SIP Proxy

		<programlisting format="linespecific">
...
modparam("permissions", "source_col", "source_ip_address")
...
</programlisting>
		</example>
	</section>
	<section>
		<title><varname>proto_col</varname> (string)</title>
		<para>
		Name of trusted table column containing transport
		protocol that is matched against transport protocol of
		received request.  Possible values that can be stored in
		proto_col are <quote>any</quote>, <quote>udp</quote>,
		<quote>tcp</quote>, <quote>tls</quote>,
		<quote>sctp</quote>, and <quote>none</quote>.  Value
		<quote>any</quote> matches always and value
		<quote>none</quote> never.
		</para>
		<para>
		<emphasis>
			Default value is <quote>proto</quote>.
		</emphasis>
		</para>
		<example>
		<title>Set <varname>proto_col</varname> parameter</title>
		<programlisting format="linespecific">
...
modparam("permissions", "proto_col", "transport")
...
</programlisting>
		</example>
	</section>
	<section>
		<title><varname>from_col</varname> (string)</title>
		<para>
		Name of trusted table column containing regular
		expression that is matched against From URI.
		</para>
		<para>
		<emphasis>
		Default value is <quote>from_pattern</quote>.
		</emphasis>
		</para>
		<example>
		<title>Set <varname>from_col</varname> parameter</title>
		<programlisting format="linespecific">
...
modparam("permissions", "from_col", "regexp")
...
</programlisting>
		</example>
	</section>
	<section>
		<title><varname>tag_col</varname> (string)</title>
		<para>
		Name of trusted table column containing a string
		that is added as value to peer_tag AVP if peer_tag AVP
                has been defined and if the peer matches.
		</para>
		<para>
		<emphasis>
		Default value is <quote>tag</quote>.
		</emphasis>
		</para>
		<example>
		<title>Set <varname>tag_col</varname> parameter</title>
		<programlisting format="linespecific">
...
modparam("permissions", "tag_col", "peer_tag")
...
</programlisting>
		</example>
	</section>
	<section>
		<title><varname>peer_tag_avp</varname> (string)</title>
		<para>
		AVP spec of peer tag AVP.  If defined, the AVP will be
                set as side effect of allow_trusted() call to not NULL
                tag column value of the matching peer.
		</para>
		<para>
		<emphasis>
		Default value is <quote>undefined</quote>.
		</emphasis>
		</para>
		<example>
		<title>Set <varname>peer_tag_avp</varname> parameter</title>
		<programlisting format="linespecific">
...
modparam("permissions", "peer_tag_avp", "i:707")
...
</programlisting>
		</example>
	</section>
	</section>

	<section>
	<title>Exported Functions</title>
	<section>
		<title>
		<function moreinfo="none">allow_routing()</function>
		</title>
		<para>
		Returns true if all pairs constructed as described in <xref
		linkend="sec-call-routing"> have appropriate permissions according to 
		the configuration files. This function uses default configuration 
		files specified in <varname>default_allow_file</varname> and
		<varname>default_deny_file</varname>.
		</para>
		<para>
		This function can be used from REQUEST_ROUTE, FAILURE_ROUTE.
		</para>
		<example>
		<title><function>allow_routing</function> usage</title>
		<programlisting format="linespecific">
...
if (allow_routing()) {
	t_relay();
};
...
</programlisting>
		</example>
	</section>
	<section>
		<title>
		<function moreinfo="none">allow_routing(basename)</function>
		</title>
		<para>
		Returns true if all pairs constructed as described in <xref
		linkend="sec-call-routing"> have appropriate permissions according 
		to the configuration files given as parameters.
		</para>
		<para>Meaning of the parameters is as follows:</para>
		<itemizedlist>
		<listitem>
			<para><emphasis>basename</emphasis> - Basename from which allow 
			and deny filenames will be created by appending contents of
			<varname>allow_suffix</varname> and <varname>deny_suffix</varname>
			parameters.
			</para>
			<para>
			If the parameter doesn't contain full pathname then the function 
			expects the file to be located in the same directory as the main 
			configuration file of the server.
			</para>
		</listitem>
		</itemizedlist>
		<para>
		This function can be used from REQUEST_ROUTE, FAILURE_ROUTE.
		</para>
		<example>
		<title><function>allow_routing(basename)</function> usage</title>
		<programlisting format="linespecific">
...
if (allow_routing("basename")) {
	t_relay();
};
...
</programlisting>
		</example>
	</section>
	<section>
		<title>
		<function moreinfo="none">allow_routing(allow_file,deny_file)</function>
		</title>
		<para>
		Returns true if all pairs constructed as described in 
		<xref linkend="sec-call-routing"> have appropriate permissions 
		according to the configuration files given as parameters.
		</para>
		<para>Meaning of the parameters is as follows:</para>
		<itemizedlist>
		<listitem>
			<para><emphasis>allow_file</emphasis> - File containing allow rules.
			</para>
			<para>
			If the parameter doesn't contain full pathname then the function 
			expects the file to be located in the same directory as the main 
			configuration file of the server.
			</para>
		</listitem>
		<listitem>
			<para><emphasis>deny_file</emphasis> - File containing deny rules.
			</para>
			<para>
			If the parameter doesn't contain full pathname then the function 
			expects the file to be located in the same directory as the main 
			configuration file of the server.
			</para>
		</listitem>
		</itemizedlist>
		<para>
		This function can be used from REQUEST_ROUTE, FAILURE_ROUTE.
		</para>
		<example>
		<title><function>allow_routing(allow_file, deny_file)</function> usage</title>
		<programlisting format="linespecific">
...
if (allow_routing("rules.allow", "rules.deny")) {
	t_relay();
};
...
</programlisting>
		</example>
	</section>
	<section>
		<title>
		<function moreinfo="none">allow_register(basename)</function>
		</title>
		<para>
		The function returns true if all pairs constructed as described in <xref
		linkend="sec-registration-permissions"> have appropriate permissions 
		according to the configuration files given as parameters.
		</para>
		<para>Meaning of the parameters is as follows:</para>
		<itemizedlist>
		<listitem>
			<para><emphasis>basename</emphasis> - Basename from which allow 
			and deny filenames will be created by appending contents of
			<varname>allow_suffix</varname> and <varname>deny_suffix</varname>
			parameters.
			</para>
			<para>
			If the parameter doesn't contain full pathname then the function 
			expects the file to be located in the same directory as the main 
			configuration file of the server.
			</para>
		</listitem>
		</itemizedlist>
		<para>
		This function can be used from REQUEST_ROUTE, FAILURE_ROUTE.
		</para>
		<example>
		<title><function>allow_register(basename)</function> usage</title>
		<programlisting format="linespecific">
...
if (method=="REGISTER") {
	if (allow_register("register")) {
		save("location");
		break;
	} else {
		sl_send_reply("403", "Forbidden");
	};
};
...
</programlisting>
		</example>
	</section>
	<section>
		<title>
		<function moreinfo="none">allow_register(allow_file, deny_file)</function>
		</title>
		<para>
		The function returns true if all pairs constructed as described in 
		<xref linkend="sec-registration-permissions"> have appropriate 
		permissions according to the configuration files given as parameters.
		</para>
		<para>Meaning of the parameters is as follows:</para>
		<itemizedlist>
		<listitem>
			<para><emphasis>allow_file</emphasis> - File containing allow rules.
			</para>
			<para>
			If the parameter doesn't contain full pathname then the function 
			expects the file to be located in the same directory as the main 
			configuration file of the server.
			</para>
		</listitem>
		<listitem>
			<para><emphasis>deny_file</emphasis> - File containing deny rules.
			</para>
			<para>
			If the parameter doesn't contain full pathname then the function 
			expects the file to be located in the same directory as the main 
			configuration file of the server.
			</para>
		</listitem>
		</itemizedlist>
		<para>
		This function can be used from REQUEST_ROUTE, FAILURE_ROUTE.
		</para>
		<example>
		<title><function>allow_register(allow_file, deny_file)</function> usage</title>
		<programlisting format="linespecific">
...
if (method=="REGISTER") {
	if (allow_register("register.allow", "register.deny")) {
		save("location");
		break;
	} else {
		sl_send_reply("403", "Forbidden");
	};
};
...
</programlisting>
		</example>
	</section>
	<section>
		<title>
		<function moreinfo="none">allow_refer_to(basename)</function>
		</title>
		<para>
		Returns true if the pair constructed as described in <xref
		linkend="sec-referral-permissions"> have appropriate permissions 
		according to the configuration files specified by the parameter.
		</para>
		<para>Meaning of the parameter is as follows:</para>
		<itemizedlist>
		<listitem>
			<para><emphasis>basename</emphasis> - Basename from which allow 
			and deny filenames will be created by appending contents of
			<varname>allow_suffix</varname> and <varname>deny_suffix</varname>
			parameters.
			</para>
			<para>
			If the parameter doesn't contain full pathname then the function 
			expects the file to be located in the same directory as the main 
			configuration file of the server.
			</para>
		</listitem>
		</itemizedlist>
		<para>
		This function can be used from REQUEST_ROUTE, FAILURE_ROUTE.
		</para>
		<example>
		<title><function>allow_refer_to(basename)</function> usage</title>
		<programlisting format="linespecific">
...
if (allow_refer_to("basename")) {
	t_relay();
};
...
</programlisting>
		</example>
	</section>
	<section>
		<title>
		<function moreinfo="none">allow_refer_to(allow_file, deny_file)</function>
		</title>
		<para>
		Returns true if the pair constructed as described in <xref
		linkend="sec-referral-permissions"> have appropriate permissions 
		according to the configuration files specified by parameters.
		</para>
		<para>Meaning of the parameters is as follows:</para>
		<itemizedlist>
		<listitem>
			<para><emphasis>allow_file</emphasis> - File containing allow rules.
			</para>
			<para>
			If the parameter doesn't contain full pathname then the function 
			expects the file to be located in the same directory as the main 
			configuration file of the server.
			</para>
		</listitem>
		<listitem>
			<para><emphasis>deny_file</emphasis> - File containing deny rules.
			</para>
			<para>
			If the parameter doesn't contain full pathname then the function
			expects the file to be located in the same directory as the main 
			configuration file of the server.
			</para>
		</listitem>
		</itemizedlist>
		<para>
		This function can be used from REQUEST_ROUTE, FAILURE_ROUTE.
		</para>
		<example>
		<title><function>allow_refer_to(allow_file, deny_file)</function> usage</title>
		<programlisting format="linespecific">
...
if (allow_refer_to("rules.allow", "rules.deny")) {
	t_relay();
};
...
</programlisting>
		</example>
	</section>
	<section>
		<title>
		<function moreinfo="none">allow_trusted()</function>
		</title>
		<para>
		Checks based on request's source address, transport
		protocol, and From URI if request can be trusted without
		authentication.  Returns 1 if a match is found
		as described in <xref linkend="sec-trusted-requests">
		and -1 otherwise.  If a match is found
		and peer_tag_avp has been defined, adds a
                non-NULL tag column value of the
		matching peer to AVP peer_tag_avp.
		</para>
		<para>
		This function can be used from REQUEST_ROUTE, FAILURE_ROUTE.
		</para>
		<example>
		<title><function>allow_trusted()</function> usage</title>
		<programlisting format="linespecific">
...
if (allow_trusted()) {
	t_relay();
};
...
</programlisting>
		</example>
	</section>
	</section>
	<section>
	<title>FIFO Commands</title>
	<section>
		<title>
		<function moreinfo="none">trusted_reload</function>
		</title>
		<para>
				Causes permissions module to re-read the contents of
				trusted table into cache memory.
				</para>
	</section>
	<section>
		<title>
		<function moreinfo="none">trusted_dump</function>
		</title>
		<para>
				Causes permissions module to dump contents of trusted
				table from cache memory.
				</para>
	</section>
	</section>

</chapter>

<!-- Keep this element at the end of the file
Local Variables:
sgml-parent-document: ("permissions.sgml" "Book" "chapter")
End:
-->