#
# iptel.org real world configuration for secondary host
#
# $Id$
#

debug=3          # debug level (cmd line: -dddddddddd)
#fork=yes
fork=no
#log_stderror=no	# (cmd line: -E)
log_stderror=yes	# (cmd line: -E)
check_via=yes     # (cmd. line: -v)
dns=on           # (cmd. line: -r)
rev_dns=yes      # (cmd. line: -R)
port=5060
children=1

# advertise IP address in Via (as opposed to advertising DNS name
# which is annoying for downstream servers and some phones can
# not handle DNS at all)
listen=195.37.77.100

loadmodule "../sip_router/modules/sl/sl.so"
loadmodule "../sip_router/modules/print/print.so"
loadmodule "../sip_router/modules/tm/tm.so"
loadmodule "../sip_router/modules/acc/acc.so"
loadmodule "../sip_router/modules/rr/rr.so"
loadmodule "../sip_router/modules/maxfwd/maxfwd.so"
loadmodule "../sip_router/modules/mysql/mysql.so"
loadmodule "../sip_router/modules/usrloc/usrloc.so"
loadmodule "../sip_router/modules/auth/auth.so"
loadmodule "../sip_router/modules/cpl/cpl.so"

modparam("usrloc", "use_database",   1)
modparam("usrloc", "use_database",   0)

modparam("usrloc", "table",          "location")
modparam("usrloc", "user_column",    "user")
modparam("usrloc", "contact_column", "contact")
modparam("usrloc", "expires_column", "expires")
modparam("usrloc", "q_column",       "q")
modparam("usrloc", "callid_column",  "callid")
modparam("usrloc", "cseq_column",    "cseq")
modparam("usrloc", "flush_interval", 60)
modparam("usrloc", "db_url",         "sql://csps:47csps11@dbhost/csps107")

modparam("auth", "db_url",         "sql://csps:47csps11@dbhost/csps107")
modparam("auth", "table",         "subscriber")
modparam("auth", "user_column",         "user")


route{




	# filter local stateless ACK generated by authentication of mf replies
	sl_filter_ACK();

	# filter too old messages
        log("Checking maxfwd\n");
	if (!mf_process_maxfwd_header("10")) {
		log("Too many hops\n");
		sl_send_reply("483","Too Many Hops");
		break;
	};

        # Do strict routing if route headers present
	rewriteFromRoute();

	# divert voicemail requests
    if (uri=~"mail\.iptel\.org" | uri=~":5066") {
	

		log("Request is for voicemail\n");
		sethost("iptel.org");
		t_relay_to("fox.iptel.org", "5066");
		break;
	};

	# process requests for iptel.org (note the wildcard in
	# the regex end -- that captures URIs which have port
	# numbers or parameters in them); also include gateway
	# here too -- we RR to the gateway which means that its
	# address shows up in d-uri of subsequent requests after
	# having called rewriteFromRoute and we want the requests
	# to go through our PSTN authorization code 
	if (uri=~"[@:]iptel\.org([;:].*)*" | uri=~"[@:]195\.37\.77\.101([;:].*)*" |
		uri=~"@195\.37\.77\.110([;:].*)*" ) {
		log("Request is for iptel.org\n");	

		# registers always MUST be authenticated to
		# avoid stealing incoming calls	
		if (method=="REGISTER") {
			log("Request is REGISTER\n");
			if (!authorize("iptel.org")) {
				log("REGISTER has no credentials, sending challenge\n");
				challenge("iptel.org", "noqop");
				break;
			};
			# prohibit attempts to grab someone else's To address 
			# using  valid credentials
			if (!check_to()) {
				log("Cheating attempt\n");
				sl_send_reply("403", "What a nasty guy you are");
				break;
			};
				
			# update Contact database
        	log("REGISTER is authorized, saving location\n");
			save_contact("location");
			break;
		};

		# various aliases (might use a database in future)
		if (uri=~"sip:9040@.*") {
			setuser("jiri");
		};
		# special measure for our US friends
		if (uri=~"sip:17@") {
			seturi("sip:henry@siptest.wcom.com");
		};

#		if (uri=~"sip:jiri@.*" & method=="INVITE") {
#			t_fork_to("001795061546@195.37.77.110");
#		};
#		if (uri=~"sip:jiri@.*" & method=="INVITE") {
#			t_fork_to("195.37.77.110", "5060");
#		};

		# now it's about PSTN destinations through our gateway;
		# note that 8.... is exempted for numerical destinations
		if (uri=~"sip:[0-79][0-9]*@.*") {

			# label this transaction to be accounted
			t_setflag("acc");
	
			# free call destinations ... no authentication needed
			if (uri=~"sip:001795061546@.*" | uri=~"sip:0016097265544.*" | uri=~"sip:[79][0-9][0-9][0-9]@.*") {
				log("Free PSTN\n");
			} else {
				# all other PSTN destinations only for authenticated users
				# (Cisco GW, which has no digest support, is authenticated
				# by its IP address -- that's for sure not very strong;
				# wth confirmed that we filter packets coming from outside
				# and bearing SRC IP address of a Fokus network)
				if (!(src_ip==195.37.77.110) & !(authorize("iptel.org"))) {
					challenge("iptel.org", "noqop");
					break;
				};
		
				# authorize only for INVITEs -- RR/Contact may result in weird
				# things showing up in d-uri that would break our logic; our
				# major concern is INVITE which causes PSTN costs anyway

				if (method=="INVITE") {

					# does the authenticated user have a permission for local
					# calls? (i.e., is he in the "local" group?)
					if (uri=~"sip:0[1-9][0-9]+@.*") {
						if (!is_in_group("local")) {
							sl_send_reply("403", "Local Toodle Noodle...");
							break;
					};
					# the same for long-distance
					} else if (uri=~"sip:00[1-9][0-9]+@.*") {
						if (uri=~"sip:001[089]" | uri=~"sip:00900.*" ) {
							sl_send_reply("403", "Added Value Destinations not permitted...");
							break;
					};
					if (!is_in_group("ld")) {
						sl_send_reply("403", "LD Toodle Noodle...");
						break;
					};
				# the same for international calls
				} else if (uri=~"sip:000[1-9][0-9]+@.*") {
					if (!is_in_group("int")) {
						sl_send_reply("403", "International Toodle Noodle...");
						break;
					};
				# everything else (e.g., interplanetary calls) is denied
				} else {
					sl_send_reply("403", "interplanetary Toodle Noodle...");
					break;
				};

				};
			;
			};
			# requests to gateway must be record-route because the GW accepts
			# only reqeusts coming from our proxy
			if (method=="INVITE")
				addRecordRoute();
			# if you have passed through all the checks, let your call go to GW!
			rewritehostport("195.37.77.110:5060");
		} else {
			/* added by Bogdan for cpl demo - Dorgham request*/
			if (uri=~"sip:test@.*" && method=="INVITE")
			{
       			log("SER : runing CPL!! :)\n");
       			if ( !cpl_run_script() )
       			{
           			log("SER : Error during running CPL script!\n");
       			}else{
           			if ( cpl_is_response_reject() ) {
						log("SER: reject");
               			sl_send_reply("603","I am not available!");
               			break;
           			}else if ( cpl_is_response_redirect() ) {
               			log("SER : redirect\n");
               			cpl_update_contact();
               			sl_send_reply("302","Moved temporarily");
               			break;
           			};
       			};
   			};

			# native SIP destinations are handled using our USRLOC DB
			if (!lookup_contact("location")) {
					log("Unable to lookup contact, sending 404\n");
					sl_send_reply("404", "Not Found");
					break;
			};
			# requests from gateway should be RR-ed too
			if (src_ip==195.37.77.110 && method=="INVITE")  {
				addRecordRoute();
			};
		};
      } else {
		# outbound requests are allowed only for our users -- we don't
		# support relaying and don't like strangers bothering us
		# with resolving DNS
		log("that's a request to outside");
		if (!(src_ip==195.37.77.110) & !(authorize("iptel.org"))) {
			challenge("iptel.org", "noqop");
			break;
		};
		# there should be check_from here too -- but I'm to tired
		# to test it tonight
	};

	# we now know we may, we now where, let it go out now!
	t_relay();
}