Hello Andrey,

seems ok, I will give some more thoughts about.

At the end of the day, it is your decision as administrator how you enforce the xcap-uri format and authentication/authorization.

The fact is that http uri does not contain domain part usually, it is just document/resource reference part. I have seen services asking the users to add the domain as mandatory to xcap uri. It is a reason why the xcap document path can be given as parameter, not taken implicit, so the admin can transform the one received to a normalized one.

Cheers,
Daniel

On 10/16/10 8:43 AM, Rouskol Andrey wrote:
Daniel,

What whould you think about this variant of xcap authentication:

event_route[xhttp:request] {
         xdbg("===== xhttp: request [$rv] $rm =>  $hu\n");
         if($hu=~"^/xcap-root/")
         {
                 # xcap ops
                 $xcapuri(u=>data) = $hu;
                 if($xcapuri(u=>xuid)=~"^sip:....@.+")
                         $var(uri) = $xcapuri(u=>xuid);
                 else if($xcapuri(u=>xuid)=~"....@.+")
                         $var(uri) = "sip:"+ $xcapuri(u=>xuid);
                 else
                         $var(uri) = "sip:"+ $xcapuri(u=>xuid) + "@" + $Ri;

                 if($xcapuri(u=>auid)=="xcap-caps")
                 {
                    ... skipped ...
                 }

#!ifdef WITH_XHTTPAUTH
#!ifdef WITH_MULTIDOMAIN
         if (!www_authorize("$(var(uri){uri.host})", "subscriber")) {
                 www_challenge("$(var(uri){uri.host})", "0");
#!else
         if (!www_authorize("xcap", "subscriber")) {
                 www_challenge("xcap", "0");
#!endif

                 exit;
         }

         set_reply_close();
         set_reply_no_connect();

#!ifdef WITH_XHTTPAUTH
         # be sure auth user access only its documents
#!ifdef WITH_MULTIDOMAIN
         if($aU=~"....@.+")
                 $var(tmp) = "sip:"+$aU;
         else
                 $var(tmp) = "sip:"+$aU+"@"+$(var(uri){uri.host});

         if ($var(uri)!=$var(tmp)) {
             xdbg("===== xhttp: Forbidden!!! $var(tmp) - $var(uri)\n");
#!else
         if ($au!=$(var(uri){uri.user})) {
             xdbg("===== xhttp: Forbidden!!! $au - $(var(uri){uri.user})\n");
#!endif

..

Regards,
Andrey.


_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

--
Daniel-Constantin Mierla
http://www.asipto.com


_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Reply via email to