Menu Close

openser.cfg – s mysql autentifikáciou

# zmeny
# 27.5.09 – palo – autentifikacia na MySQL, Register aj Invite
#
# $Id: openser.cfg 4083 2008-04-24 19:26:11Z miconda $
#
# OpenSER basic configuration script
#     by Anca Vamanu <anca@voice-system.ro>
#
# Please refer to the Core CookBook at http://www.openser.org/dokuwiki/doku.php
# for a explanation of possible statements, functions and parameters.
#

####### Global Parameters #########
alias=kis.fri.uniza.sk

#debug=6
debug=6
log_stderror=no
log_facility=LOG_LOCAL0

fork=yes
children=4

/* uncomment the following lines to enable debugging */
#debug=6
#fork=no
#log_stderror=yes

/* uncomment the next line to disable TCP (default on) */
#disable_tcp=yes

/* uncomment the next line to enable the auto temporary blacklisting of
   not available destinations (default disabled) */
#disable_dns_blacklist=no

/* uncomment the next line to enable IPv6 lookup after IPv4 dns
   lookup failures (default disabled) */
#dns_try_ipv6=yes

/* uncomment the next line to disable the auto discovery of local aliases
   based on revers DNS on IPs (default on) */
#auto_aliases=no

/* uncomment the following lines to enable TLS support  (default off) */
#disable_tls = no
#listen = tls:your_IP:5061
#tls_verify_server = 1
#tls_verify_client = 1
#tls_require_client_certificate = 0
#tls_method = TLSv1
#tls_certificate = "/etc/openser/tls/user/user-cert.pem"
#tls_private_key = "/etc/openser/tls/user/user-privkey.pem"
#tls_ca_list = "/etc/openser/tls/user/user-calist.pem"

port=5060

/* uncomment and configure the following line if you want openser to
   bind on a specific interface/port/proto (default bind on all available) */
listen=udp:158.193.152.1:5060
#listen=udp:kis.fri.uniza.sk:5060

# listen=udp:158.193.152.1:6060

####### Modules Section ########

#set module path
mpath="/usr/lib/openser/modules/"

/* uncomment next line for MySQL DB support */
#28.5.2009 – Mysql odkomentovane
loadmodule "mysql.so"

loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "mi_fifo.so"
loadmodule "uri_db.so"
loadmodule "uri.so"
loadmodule "xlog.so"
#zakoment
#loadmodule "acc.so"
/* uncomment next lines for MySQL based authentication support
   NOTE: a DB (like mysql) module must be also loaded */
# odkomentovane 28.5.2009
loadmodule "auth.so"
loadmodule "auth_db.so"
/* uncomment next line for aliases support
   NOTE: a DB (like mysql) module must be also loaded */
#loadmodule "alias_db.so"
/* uncomment next line for multi-domain support
   NOTE: a DB (like mysql) module must be also loaded
   NOTE: be sure and enable multi-domain support in all used modules
         (see "multi-module params" section ) */
#loadmodule "domain.so"
/* uncomment the next two lines for presence server support
   NOTE: a DB (like mysql) module must be also loaded */
#loadmodule "presence.so"
#loadmodule "presence_xml.so"

# —————– setting module-specific parameters —————

# —– mi_fifo params —–
modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")
# vytvaranie fifo suboru cez usera a grupu,lebo inac nefunguje predavanie prikazov
# medzi openser a openserctl
#modparam("mi_fifo", "fifo_user", "root")
#modparam("mi_fifo", "fifo_group", "root")

# —– rr params —–
# add value to ;lr param to cope with most of the UAs
modparam("rr", "enable_full_lr", 1)
# do not append from tag to the RR (no need for this script)
modparam("rr", "append_fromtag", 0)

# —– rr params —–
modparam("registrar", "method_filtering", 1)
/* uncomment the next line to disable parallel forking via location */
# modparam("registrar", "append_branches", 0)
/* uncomment the next line not to allow more than 10 contacts per AOR */
#modparam("registrar", "max_contacts", 10)

# —– uri_db params —–
/* by default we disable the DB support in the module as we do not need it
   in this configuration */
modparam("uri_db", "use_uri_table", 0)
modparam("uri_db", "db_url", "")

# —– acc params —–
/* disable RADIUS support */
#modparam("acc", "radius_config", "")
/* what sepcial events should be accounted ? */
#modparam("acc", "early_media", 1)
#modparam("acc", "report_ack", 1)
#modparam("acc", "report_cancels", 1)
/* by default ww do not adjust the direct of the sequential requests.
   if you enable this parameter, be sure the enable "append_fromtag"
   in "rr" module */
#modparam("acc", "detect_direction", 0)
/* account triggers (flags) */
#modparam("acc", "failed_transaction_flag", 3)
#modparam("acc", "log_flag", 1)
#modparam("acc", "log_missed_flag", 2)
/* uncomment the following lines to enable DB accounting also */
#modparam("acc", "db_flag", 1)
#modparam("acc", "db_missed_flag", 2)

# —– usrloc params —–
#modparam("usrloc", "db_mode",   0)
/* uncomment the following lines if you want to enable DB persistency
   for location entries */
# odkomentovane 28.5.09
modparam("usrloc", "db_mode",   2)
#modparam("usrloc", "db_url","mysql://openser:openserrw@localhost/openser")

# —– auth_db params —–
/* uncomment the following lines if you want to enable the DB based
   authentication */
# odkomentovane – 28.5.09
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
#modparam("auth_db", "db_url",
#    "mysql://openser:openserrw@localhost/openser")
#modparam("auth_db", "load_credentials", "")

# —– alias_db params —–
/* uncomment the following lines if you want to enable the DB based
   aliases */
#modparam("alias_db", "db_url",
#    "mysql://openser:openserrw@localhost/openser")

# —– domain params —–
/* uncomment the following lines to enable multi-domain detection
   support */
#modparam("domain", "db_url",
#    "mysql://openser:openserrw@localhost/openser")
#modparam("domain", "db_mode", 1)   # Use caching

# —– multi-module params —–
/* uncomment the following line if you want to enable multi-domain support
   in the modules (dafault off) */
#modparam("alias_db|auth_db|usrloc|uri_db", "use_domain", 1)

# —– presence params —–
/* uncomment the following lines if you want to enable presence */
#modparam("presence|presence_xml", "db_url",
#    "mysql://openser:openserrw@localhost/openser")
#modparam("presence_xml", "force_active", 1)
#modparam("presence", "server_address", "sip:192.168.1.2:5060")

####### Routing Logic ########

# main request routing logic

route{

    if (!mf_process_maxfwd_header("10")) {
        sl_send_reply("483","Too Many Hops");
        exit;
    }

    if (has_totag()) {
        # sequential request withing a dialog should
        # take the path determined by record-routing
        if (loose_route()) {
            if (is_method("BYE")) {
                setflag(1); # do accouting …
                setflag(3); # … even if the transaction fails
            }
            route(1);
        } else {
            /* uncomment the following lines if you want to enable presence */
            ##if (is_method("SUBSCRIBE") && $rd == "your.server.ip.address") {
            ##    # in-dialog subscribe requests
            ##    route(2);
            ##    exit;
            ##}
            if ( is_method("ACK") ) {
                if ( t_check_trans() ) {
                    # non loose-route, but stateful ACK; must be an ACK after a 487 or e.g. 404 from upstream server
                    t_relay();
                    exit;
                } else {
                    # ACK without matching transaction … ignore and discard.\n");
                    exit;
                }
            }
            sl_send_reply("404","Not here");
        }
        exit;
    }

    #initial requests

    # CANCEL processing
    if (is_method("CANCEL"))
    {
        if (t_check_trans())
            t_relay();
        exit;
    }

    t_check_trans();

    # authenticate if from local subscriber (uncomment to enable auth)
    # odkomentoval palo – 28.5.09
    if (!(method=="REGISTER") && from_uri==myself)
    {
        if (!proxy_authorize("", "subscriber")) {
            proxy_challenge("", "0");
            exit;
        }
        if (!check_from()) {
            sl_send_reply("403","Forbidden auth ID");
            exit;
        }
   
        consume_credentials();
        # caller authenticated
    }

    # record routing
    if (!is_method("REGISTER|MESSAGE"))
        record_route();

    # account only INVITEs
    if (is_method("INVITE")) {
        setflag(1); # do accouting
    }
    if (!uri==myself)
    /* replace with following line if multi-domain support is used */
    ##if (!is_uri_host_local())
    {
        append_hf("P-hint: outbound\r\n");
        # if you have some interdomain connections via TLS
        ##if($rd=="tls_domain1.net") {
        ##    t_relay("tls:domain1.net");
        ##    exit;
        ##} else if($rd=="tls_domain2.net") {
        ##    t_relay("tls:domain2.net");
        ##    exit;
        ##}
        route(1);
    }

    # requests for my domain

    /* uncomment this if you want to enable presence server
       and comment the next ‘if’ block
       NOTE: uncomment also the definition of route[2] from  below */
    ##if( is_method("PUBLISH|SUBSCRIBE"))
    ##        route(2);

    if (is_method("PUBLISH"))
    {
        sl_send_reply("503", "Service Unavailable");
        exit;
    }
   

    if (is_method("REGISTER"))
    {
        # authenticate the REGISTER requests (uncomment to enable auth)
        # odkomentoval – 28.5.09
        if (!www_authorize("", "subscriber"))
        {
            www_challenge("", "0");
            exit;
        }
        ##
        if (!check_to())
        {
            sl_send_reply("403","Forbidden auth ID");
            exit;
        }

        if (!save("location"))
            sl_reply_error();

        exit;
    }

    if ($rU==NULL) {
        # request with no Username in RURI
        sl_send_reply("484","Address Incomplete");
        exit;
    }

    # apply DB based aliases (uncomment to enable)
    ##alias_db_lookup("dbaliases");

    if (!lookup("location")) {
        switch ($retcode) {
            case -1:
            case -3:
                t_newtran();
                t_reply("404", "Not Found");
                exit;
            case -2:
                sl_send_reply("405", "Method Not Allowed");
                exit;
        }
    }

    # when routing via usrloc, log the missed calls also
    setflag(2);

    route(1);
}

route[1] {
    # for INVITEs enable some additional helper routes
    if (is_method("INVITE")) {
        t_on_branch("2");
        t_on_reply("2");
        t_on_failure("1");
    }

    if (!t_relay()) {
        sl_reply_error();
    };
    exit;
}

# Presence route
/* uncomment the whole following route for enabling presence
   NOTE: do not forget to enable the call of this route from the main
     route */
##route[2]
##{
##    if (!t_newtran())
##    {
##        sl_reply_error();
##        exit;
##    };
##
##    if(is_method("PUBLISH"))
##    {
##        handle_publish();
##        t_release();
##    }
##    else
##    if( is_method("SUBSCRIBE"))
##    {
##        handle_subscribe();
##        t_release();
##    }
##
##    exit;
##}

branch_route[2] {
    xlog("new branch at $ru\n");
}

onreply_route[2] {
    xlog("incoming reply\n");
}

failure_route[1] {
    if (t_was_cancelled()) {
        exit;
    }

    # uncomment the following lines if you want to block client
    # redirect based on 3xx replies.
    ##if (t_check_status("3[0-9][0-9]")) {
    ##t_reply("404","Not found");
    ##    exit;
    ##}

    # uncomment the following lines if you want to redirect the failed
    # calls to a different new destination
    ##if (t_check_status("486|408")) {
    ##    sethostport("192.168.2.100:5060");
    ##    append_branch();
    ##    # do not set the missed call flag again
    ##    t_relay();
    ##}
}
 

Rate this post

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.