Provided by: libnet-sip-perl_0.683-1_all bug

NAME

       Net::SIP::Authorize - enforce authorization of packets

SYNOPSIS

         my $auth = Net::SIP::Authorize->new(
               dispatcher => $dispatcher,
               realm      => 'net-sip.example.com',
               user2pass  => \&give_pass_for_user,
               i_am_proxy => 1,
         );
         my $proxy = Net::SIP::StatelessProxy->new...
         my $chain = Net::SIP::ReceiveChain->new(
               # all requests for proxy need to be authorized
               [ $auth,$proxy ]
         );

DESCRIPTION

       This package is used inside a Net::SIP::ReceiveChain to make sure, that requests are
       authorized before they get handled by the next receiver in the chain.

CONSTRUCTOR

       new ( %ARGS )
           This creates a new registar object, %ARGS can have the following keys:

           dispatcher
                   Net::SIP::Dispatcher object manging the registar. Mandatory.

           realm   The realm for the authentication request. Defaults to 'p5-net-sip'.

           opaque  Optional value for "opaque" parameter for the authentication request.  If none
                   is given no "opaque" parameter will be used.

           user2a1 Either hash reference with "user,a1_hex" mapping or callback, which gives
                   "a1_hex" if called with "user,realm".  For the meaning of "a1_hex" see RFC
                   2617.

           user2pass
                   Either hash reference with "user,password" mapping or callback, which gives
                   "password" if called with "user".  This parameter will only be used if
                   "user2a1" does not result in a defined "a1_hex" for "user".

           i_am_proxy
                   Flag if the object behind works as a proxy (e.g. Net::SIP::StatelessProxy) and
                   sends "Proxy-Authenticate" or if it is an endpoint (e.g. Net::SIP::Endpoint,
                   Net::SIP::Registrar) which sends "WWW-Authenticate".

           filter  Additional filter for authorization, e.g. if authorization based on username
                   and passwort succeeded it might still fail because of these filters. Filter is
                   a hash with the method as key.

                   The value can be an additional authorization (in which case it must succeed),
                   a list of authorizations (all of them must succeed), or a list with a list of
                   authorizations (at least one of the inner lists must succeed).

                   The additional authorization can be a name of a Net::SIP::Authorize subclass
                   (e.g. "ToIsFrom" means "Net::SIP::Authorize::ToIsFrom") which has a "verify"
                   function or a "[\&callback]".

                   The verify function or callback will be called with
                   "($packet,$leg,$addr,$auth_user,$auth_realm)" where $packet is the request,
                   $leg the Net::SIP::Leg object where the packet came in, $addr the senders
                   address, $auth_user the username from the authorized user and $auth_realm the
                   realm which was used for authorization.  Success for verification means that
                   the function must return true.

                   The following authorization subclasses are defined:

                   FromIsRealm
                       Succeeds if the senders domain is the realm or a subdomain of the realm.

                   FromIsAuthUser
                       Succeeds if the username of the sender equals the username used for
                       authorization.

                   ToIsFrom
                       Succeeds if To header equals From header. This can be used to make sure,
                       that a user can only call REGISTER for itself.

                   Example:

                     filter => {
                       REGISTER => [
                         # all of these must succeed
                         [ 'ToIsFrom','FromIsRealm','FromIsAuthUser' ],
                         # or this
                         [ \&callback ],
                       ],
                       INVITE => 'FromIsRealm',
                     }

METHODS

       receive ( PACKET,LEG,FROM )
           PACKET is the incoming packet, LEG is the Net::SIP::Leg where the packet arrived and
           FROM is the "ip:port" of the sender. Responses will be send back to the sender through
           the same leg.

           Called from the managing Net::SIP::Dispatcher object if a new packet arrives.

           Returns TRUE if the packet was fully handled by this object which is the case, if the
           packet was not authorized so that a 401 or 407 (if "i_am_proxy") response was send
           back.

           Returns FALSE if packet was authorized and should be handled be the next object in the
           Net::SIP::ReceiveChain.  In this case it usually changes the packet to remove the
           local authorization information.