#
# $Id$
#
# iptel.org real world configuration
#

# ----------- global configuration parameters ------------------------

debug=4          # debug level (cmd line: -dddddddddd)
fork=no
#log_stderror=no	# (cmd line: -E)
log_stderror=yes	# (cmd line: -E)
#check_via=yes     # (cmd. line: -v)
#check_via=0
dns=on           # (cmd. line: -r)
rev_dns=yes      # (cmd. line: -R)
port=5069
#port=8060
children=1

# advertise IP address in Via (as opposed to advertising DNS name
# which is annoying for downstream servers and some phones can
# not handle DNS at all)
listen=195.37.77.100
#listen=bat.iptel.org

# ------------------ module loading ----------------------------------

loadmodule "../sip_router/modules/sl/sl.so"
loadmodule "../sip_router/modules/print/print.so"
#loadmodule "../sip_router/modules/tm/tm.so"
loadmodule "../sip_router/modules/acc/acc.so"
loadmodule "../sip_router/modules/rr/rr.so"
loadmodule "../sip_router/modules/maxfwd/maxfwd.so"
loadmodule "../sip_router/modules/mysql/mysql.so"
loadmodule "../sip_router/modules/usrloc/usrloc.so"
loadmodule "../sip_router/modules/auth/auth.so"
loadmodule "../sip_router/modules/cpl/cpl.so"

# ----------------- setting module-specific parameters ---------------

# -- usrloc params --

modparam("usrloc", "use_database",   1)
modparam("usrloc", "table",          "location")
modparam("usrloc", "user_column",    "user")
modparam("usrloc", "contact_column", "contact")
modparam("usrloc", "expires_column", "expires")
modparam("usrloc", "q_column",       "q")
modparam("usrloc", "callid_column",  "callid")
modparam("usrloc", "cseq_column",    "cseq")
modparam("usrloc", "flush_interval", 60)
modparam("usrloc", "db_url",         "sql://root:@localhost/ser")

# -- auth params --

modparam("auth", "db_url",        "sql://root:@localhost/ser")
modparam("auth", "user_column",   "user")
# nonce generation secret; particularly useful if multiple servers
# in a proxy farm are configured to authenticate
modparam("auth", "secret",        "439tg8h349g8hq349t9384hg")
# calculate_ha1=false means password column includes ha1 strings;
# if it was false, plain-text passwords would be assumed

# the database credentials in hashed form
modparam("auth", "calculate_ha1", false)
modparam("auth", "password_column", "ha1")
# password_column, realm_column, group_table, group_user_column,
#   group_group_column are set to their default values
# password_column_2 allows to deal with clients who put domain name
#   in authentication credentials when calculate_ha1=false (if true,
#   it works); if set to a value and USER_DOMAIN_HACK was enabled
#   in defs.h, authentication will still work
modparam("auth", "password_column_2", "ha1b")

# the database in plain-text alternative:
#modparam("auth", "calculate_ha1", true )
#modparam("auth", "password_column", "password")

modparam("auth", "nonce_expire",  300)
modparam("auth", "retry_count",   3)

# -- acc params --
# report ACKs too for sake of completeness -- as we account PSTN
# destinations which are RR, ACKs should show up
modparam("acc", "report_ack", 1)
# don't bother me with early media reports (I don't like 183 
# too much anyway...ever thought of timer C hitting after
# listening to music-on-hold for five minutes?)
modparam("acc", "early_media", 0)
modparam("acc", "log_level", 1)
# that is the flag for which we will account -- don't forget to
# set the same one :-)
modparam("acc", "acc_flag", 1 )
# we are interested only in succesful transactions
modparam("acc", "failed_transactions", 0 )

# -- tm params --
modparam("tm", "fr_timer", 30 )
modparam("tm", "fr_inv_timer", 60 )

# -------------------------  request routing logic -------------------

# main routing logic

route{

	# filter local stateless ACK generated by authentication of mf replies
	sl_filter_ACK();

	# filter too old messages
	log("LOG: Checking maxfwd\n");
	if (!mf_process_maxfwd_header("10")) {
		log("LOG: Too many hops\n");
		sl_send_reply("483","Too Many Hops");
		break;
	};

	if (method=="REGISTER") {
		log("LOG Request is REGISTER\n");
		if (!www_authorize(	"bat.iptel.org" /* realm */, 
			 				"subscriber" /* table name */ )) {
			log("LOG: REGISTER has no credentials, sending challenge\n");
 			www_challenge(	"bat.iptel.org" /* realm */, 
							"0" /* no qop -- M$ can't deal with it */);
			break;
		};
		# prohibit attempts to grab someone else's To address 
		# using  valid credentials
		if (!is_user("replicator")) {
			log("LOG: To Cheating attempt\n");
			sl_send_reply("403", "That is ugly -- use To=id next time");
			break;
		};
			
		# update Contact database
       	log("LOG: REGISTER is authorized, saving location\n");
		save_contact("location");
		break;
	};
}