Daniel,
What whould you think about this variant of xcap authentication:
event_route[xhttp:request] {
xdbg("===== xhttp: request [$rv] $rm => $hu\n");
if($hu=~"^/xcap-root/")
{
# xcap ops
$xcapuri(u=>data) = $hu;
if($xcapuri(u=>xuid)=~"^sip:....@.+")
$var(uri) = $xcapuri(u=>xuid);
else if($xcapuri(u=>xuid)=~"....@.+")
$var(uri) = "sip:"+ $xcapuri(u=>xuid);
else
$var(uri) = "sip:"+ $xcapuri(u=>xuid) + "@" + $Ri;
if($xcapuri(u=>auid)=="xcap-caps")
{
... skipped ...
}
#!ifdef WITH_XHTTPAUTH
#!ifdef WITH_MULTIDOMAIN
if (!www_authorize("$(var(uri){uri.host})", "subscriber")) {
www_challenge("$(var(uri){uri.host})", "0");
#!else
if (!www_authorize("xcap", "subscriber")) {
www_challenge("xcap", "0");
#!endif
exit;
}
set_reply_close();
set_reply_no_connect();
#!ifdef WITH_XHTTPAUTH
# be sure auth user access only its documents
#!ifdef WITH_MULTIDOMAIN
if($aU=~"....@.+")
$var(tmp) = "sip:"+$aU;
else
$var(tmp) = "sip:"+$aU+"@"+$(var(uri){uri.host});
if ($var(uri)!=$var(tmp)) {
xdbg("===== xhttp: Forbidden!!! $var(tmp) - $var(uri)\n");
#!else
if ($au!=$(var(uri){uri.user})) {
xdbg("===== xhttp: Forbidden!!! $au - $(var(uri){uri.user})\n");
#!endif
..
Regards,
Andrey.
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
