<?xml version="1.0" encoding='ISO-8859-1'?>
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [

<!-- Include general documentation entities -->
<!ENTITY % docentities SYSTEM "../../../../doc/docbook/entities.xml">
%docentities;

]>
<chapter>
	<title>&adminguide;</title>
	
	<section>
	<title>Overview</title>
	<para>
	The userblacklist module allows &kamailio; to handle blacklists
	on a per user basis. This information is stored in a database
	table, which is queried to decide if the number (more exactly,
	the request URI user) is blacklisted or not.
	</para>
	<para>
	An additional functionality that this module provides is the ability
	to handle global blacklists. This lists are loaded on startup into
	memory, thus providing a better performance than the userblacklist
	case. These global blacklists are useful to allow only calls to certain 
	international destinations, i.e. block all not whitelisted numbers.
	They could also be used to prevent the blacklisting of important	
	numbers, as whitelisting is supported too. This is useful for example
	to prevent the customer from blocking emergency call number or service
	hotlines.
	</para>
	<para>
	The module exports four functions, <function>check_blacklist</function>,
	<function>check_whitelist</function>,
	<function>check_user_blacklist</function> and <function>check_user_whitelist</function>
	for usage in the configuration file. Furthermore it provides a MI function to
	reload the global blacklist cache.
	</para>
	<para>
	Please note that only numerical strings for matching are supported at the
	moment (the used library supports this already, but its not yet implemented
	in the module). Non-digits on the beginning of the matched string are skipped,
	any later non-digits will stop the matching on this position.
	</para>
	</section>

	<section>
		<title>Dependencies</title>
		<section>
			<title>&kamailio; Modules</title>
			<para>
			The module depends on the following modules (in the other words 
			the listed modules must be loaded before this module):
			</para>
			<itemizedlist>
			<listitem>
				<para><emphasis>database</emphasis> 
				-- Any db_* database module</para>
			</listitem>
			</itemizedlist>
		</section>
		<section>
			<title>External Libraries or Applications</title>
			<para>
			The following libraries or applications must be installed 
			before running &kamailio; with this module loaded:
			</para>
			<itemizedlist>
				<listitem>
				<para><emphasis>none</emphasis></para>
				</listitem>
			</itemizedlist>
		</section>
	</section>


	<section  xmlns:xi="http://www.w3.org/2001/XInclude">
	<title>Parameters</title>
    	<section id="userblacklist.p.use_domain">
	    <title><varname>use_domain</varname> (integer)</title>
	    <para>
			If set to non-zero value, the domain column in the
			userblacklist table is used.
	    </para>
	    <para>
		    <emphasis>
			    Default value is <quote>0</quote>.
		    </emphasis>
	    </para>
	    <example>
		    <title>Set <varname>use_domain</varname> parameter</title>
		    <programlisting format="linespecific">
...
modparam("userblacklist", "use_domain", 1)
...
		    </programlisting>
	    </example>
    </section>
    <section id="userblacklist.p.match_mode">
    	    <title><varname>match_mode</varname> (integer)</title>
	    <para>
		The number of individual characters that are used for matching. 
		Valid values are 10 or 128. When you specify 10, only digits will be used for matching, 
		this operation mode is equivalent to the old behaviour. When configured with 128, 
		all standard ASCII chars are available for matching. Please be aware that memory 
		requirements for storing the routing tree in shared memory will also
		increase by a factor of 12.8.
	    </para>
	    <para>
		    <emphasis>
			    Default value is <quote>10</quote>.
		    </emphasis>
	    </para>
	    <example>
		    <title>Set <varname>match_mode</varname> parameter</title>
		    <programlisting format="linespecific">
...
modparam("userblacklist", "match_mode", 128)
...
		    </programlisting>
	    </example>
    </section>
    
  <section id="userblacklist.p.db_url">
    <title><varname>db_url</varname> (String)</title>
    <para>URL to the database containing the data.</para>
    <para>
      <emphasis>Default value is <quote>&defaultrodb;</quote>.</emphasis>
    </para>
    <example>
      <title>Set <varname>db_url</varname> parameter</title>
      <programlisting format="linespecific">
...
modparam("userblacklist", "db_url", "dbdriver://username:password@dbhost/dbname")
...
</programlisting>
    </example>
  </section>
  <section>
    <title><varname>userblacklist_table</varname> (String)</title>
    <para>Name of the userblacklist table for the userblacklist module.</para>
    <para>
      <emphasis>Default value is <quote>userblacklist</quote>.</emphasis>
    </para>
    <example>
      <title>Set <varname>userblacklist_table</varname> parameter</title>
      <programlisting format="linespecific">
...
modparam("userblacklist", "userblacklist_table", "userblacklist")
...
</programlisting>
    </example>
  </section>
  <section>
    <title><varname>userblacklist_id_col</varname> (string)</title>
    <para>unique ID</para>
    <example>
      <title>Set <varname>userblacklist_id_col</varname> parameter</title>
      <programlisting format="linespecific">
...
modparam("userblacklist", "userblacklist_id_col", "id")
...
</programlisting>
    </example>
  </section>
  <section>
    <title><varname>userblacklist_username_col</varname> (string)</title>
    <para>The user that is used for the blacklist lookup.</para>
    <example>
      <title>Set <varname>userblacklist_username_col</varname> parameter</title>
      <programlisting format="linespecific">
...
modparam("userblacklist", "userblacklist_username_col", "username")
...
</programlisting>
    </example>
  </section>
  <section>
    <title><varname>userblacklist_domain_col</varname> (string)</title>
    <para>The domain that is used for the blacklist lookup.</para>
    <example>
      <title>Set <varname>userblacklist_domain_col</varname> parameter</title>
      <programlisting format="linespecific">
...
modparam("userblacklist", "userblacklist_domain_col", "domain")
...
</programlisting>
    </example>
  </section>
  <section>
    <title><varname>userblacklist_prefix_col</varname> (string)</title>
    <para>The prefix that is matched for the blacklist.</para>
    <example>
      <title>Set <varname>userblacklist_prefix_col</varname> parameter</title>
      <programlisting format="linespecific">
...
modparam("userblacklist", "userblacklist_prefix_col", "prefix")
...
</programlisting>
    </example>
  </section>
  <section>
    <title><varname>userblacklist_whitelist_col</varname> (string)</title>
    <para>Specify if this a blacklist (0) or a whitelist (1) entry.</para>
    <example>
      <title>Set <varname>userblacklist_whitelist_col</varname> parameter</title>
      <programlisting format="linespecific">
...
modparam("userblacklist", "userblacklist_whitelist_col", "whitelist")
...
</programlisting>
    </example>
  </section>
  <section>
    <title><varname>globalblacklist_table</varname> (String)</title>
    <para>Name of the globalblacklist table for the userblacklist module.
    Please note that this table is used when the check_blacklist
	function is called with no parameters.</para>
    <para>
      <emphasis>Default value is <quote>globalblacklist</quote>.</emphasis>
    </para>
    <example>
      <title>Set <varname>globalblacklist_table</varname> parameter</title>
      <programlisting format="linespecific">
...
modparam("userblacklist", "globalblacklist_table", "globalblacklist")
...
</programlisting>
    </example>
  </section>
  <section>
    <title><varname>globalblacklist_id_col</varname> (string)</title>
    <para>unique ID</para>
    <example>
      <title>Set <varname>globalblacklist_id_col</varname> parameter</title>
      <programlisting format="linespecific">
...
modparam("userblacklist", "globalblacklist_id_col", "id")
...
</programlisting>
    </example>
  </section>
  <section>
    <title><varname>globalblacklist_prefix_col</varname> (string)</title>
    <para>The prefix that is matched for the blacklist.</para>
    <example>
      <title>Set <varname>globalblacklist_prefix_col</varname> parameter</title>
      <programlisting format="linespecific">
...
modparam("userblacklist", "globalblacklist_prefix_col", "prefix")
...
</programlisting>
    </example>
  </section>
  <section>
    <title><varname>globalblacklist_whitelist_col</varname> (string)</title>
    <para>Specify if this a blacklist (0) or a whitelist (1) entry.</para>
    <example>
      <title>Set <varname>globalblacklist_whitelist_col</varname> parameter</title>
      <programlisting format="linespecific">
...
modparam("userblacklist", "globalblacklist_whitelist_col", "whitelist")
...
</programlisting>
    </example>
  </section>

  <section>
    <title><varname>globalblacklist_description_col</varname> (string)</title>
    <para>A comment for the entry.</para>
    <example>
      <title>Set <varname>globalblacklist_description_col</varname> parameter</title>
      <programlisting format="linespecific">
...
modparam("userblacklist", "globalblacklist_description_col", "description")
...
</programlisting>
    </example>
  </section>

</section>
<section>
	<title>Functions</title>
    	<section id="userblacklist.f.check_user_blacklist">
	    <title>
		<function moreinfo="none">check_user_blacklist
		(string user, string domain, string number, string table)</function>
	    </title>
	    <para>
		Finds the longest prefix that matches the request URI user (or the number
		parameter) for the given user and domain name in the database.
		If a match is found and it is not set to whitelist, false is returned.
		Otherwise, true is returned. Pseudo-variables or AVPs can be used for
		the user, domain and number parameters. The number and table variables
		are optional, the defaults are used if they are omitted. The number
		parameter can be used to check for example against the from URI user.
	    </para>
	<example>
		<title><function>check_user_blacklist</function> usage</title>
		<programlisting format="linespecific">
...
$avp(i:80) = $rU;
# rewrite the R-URI
if (!check_user_blacklist("$avp(i:80)", "$avp(i:82)")) {
	sl_send_reply("403", "Forbidden");
	exit;
}
...
		</programlisting>
	    </example>
	</section>
    	<section id="userblacklist.f.check_user_whitelist">
	    <title>
		<function moreinfo="none">check_user_whitelist
		(string user, string domain, string number, string table)</function>
	    </title>
	    <para>
		Finds the longest prefix that matches the request URI user (or the number
		parameter) for the given user and domain name in the database.
		If a match is found and it is set to whitelist, true is returned.
		Otherwise, false is returned. Pseudo-variables or AVPs can be used for
		the user, domain and number parameters. The number and table variables
		are optional, the defaults are used if they are omitted. The number
		parameter can be used to check for example against the from URI user.
	    </para>
	<example>
		<title><function>check_user_whitelist</function> usage</title>
		<programlisting format="linespecific">
...
$avp(i:80) = $rU;
# rewrite the R-URI
if (!check_user_whitelist("$avp(i:80)", "$avp(i:82)")) {
	# process request
	exit;
}
...
		</programlisting>
	    </example>
	</section>
    	<section id="userblacklist.f.check_blacklist">
	    <title>
		<function moreinfo="none">check_blacklist ([string table])</function>
	    </title>
	    <para>
		Finds the longest prefix that matches the request URI for the
		given table. If a match is found and it is not set to whitelist,
		false is returned. Otherwise, true is returned. If no table is given, 
		then globalblacklist_table is used.
	    </para>
	<example>
		<title><function>check_blacklist</function> usage</title>
		<programlisting format="linespecific">
...
if (!check_blacklist("globalblacklist")) {
	sl_send_reply("403", "Forbidden");
	exit;
}
...
		</programlisting>
	    </example>
	</section>
    	<section id="userblacklist.f.check_whitelist">
	    <title>
		<function moreinfo="none">check_whitelist (string table)</function>
	    </title>
	    <para>
		Finds the longest prefix that matches the request URI for the
		given table. If a match is found and it is set to whitelist,
		true is returned. Otherwise, false is returned.
	    </para>
	<example>
		<title><function>check_whitelist</function> usage</title>
		<programlisting format="linespecific">
...
if (!check_whitelist("globalblacklist")) {
	sl_send_reply("403", "Forbidden");
	exit;
}
...
		</programlisting>
	    </example>
	</section>
</section>

<section>
	<title>RPC Commands</title>
		<section id="userblacklist.r.reload_blacklist">
			<title>
				<function moreinfo="none">userblacklist.reload_blacklist</function>
			</title>
			<para>
				Reload the internal global blacklist cache. This is necessary after
				the database tables for the global blacklist have been changed.
			</para>
			<example>
				<title><function>userblacklist.reload_blacklist</function> usage</title>
				<programlisting format="linespecific">
...
&kamcmd; userblacklist.reload_blacklist
...
				</programlisting>
			</example>
		</section>
</section>

<section>
	<title>MI Commands</title>
		<section>
			<title>
				<function moreinfo="none">reload_blacklist</function>
			</title>
			<para>
				Reload the internal global blacklist cache. This is necessary after
				the database tables for the global blacklist have been changed.
			</para>
			<example>
				<title><function>reload_blacklist</function> usage</title>
				<programlisting format="linespecific">
					...
					&ctltool; fifo reload_blacklist
					...
				</programlisting>
	    		</example>
		</section>

		<section>
			<title>
				<function moreinfo="none">dump_blacklist</function>
			</title>
			<para>
				Dumps the default, in memory, global_blacklist content to stdout.
				Note that a reload_blacklist should be issued before, 
				in order to see the latest content of the database.
			</para>
			<example>
				<title><function>dump_blacklist</function> usage</title>
				<programlisting format="linespecific">
					...
					&ctltool; fifo reload_blacklist
					&ctltool; fifo dump_blacklist
					...
				</programlisting>
	    		</example>
		</section>

		<section>
			<title>
				<function moreinfo="none">check_blacklist prefix</function>
			</title>
			<para>
				Searches in the default, in memory, global list. 
				Finds the longest prefix that matches the given prefix parameter. 
				Returns true if the prefix is found and the whitelist is <emphasis>not</emphasis> set. 
				Returns false otherwise - either prefix found and whitelist set or prefix not found. 
				Note that a reload_blacklist should be issued before, 
				in order to check through the latest content of the database.
			</para>
			<example>
				<title><function>check_blacklist</function> usage</title>
				<programlisting format="linespecific">
					...
					&ctltool; fifo reload_blacklist
					&ctltool; fifo check_blacklist prefix
					...
				</programlisting>
	    		</example>
		</section>

		<section>
			<title>
				<function moreinfo="none">check_whitelist prefix</function>
			</title>
			<para>
				Searches in the default, in memory, global list. 
				Finds the longest prefix that matches the given prefix parameter. 
				Returns true if the prefix is found and the whitelist is set. 
				Returns false otherwise - either prefix found and whitelist 
				<emphasis>not</emphasis> set or prefix not found. 
				Note that a reload_blacklist should be issued before, 
				in order to check through the latest content of the database.
			</para>
			<example>
				<title><function>check_whitelist</function> usage</title>
				<programlisting format="linespecific">
					...
					&ctltool; fifo reload_blacklist
					&ctltool; fifo check_whitelist prefix
					...
				</programlisting>
	    		</example>
		</section>

		<section>
			<title>
				<function moreinfo="none">check_userblacklist user [domain] prefix</function>
			</title>
			<para>
				Searches in the default user list table.
				Finds the longest prefix for the given user@domain that matches the given prefix parameter. 
				Returns true if the prefix is found and the whitelist is <emphasis>not</emphasis> set. 
				Returns false otherwise - either prefix found and whitelist set or prefix not found. 
				Note that the domain parameter is optional. 
				If not given, the second parameter is the considered to be the prefix. 
			</para>
			<example>
				<title><function>check_userblacklist</function> usage</title>
				<programlisting format="linespecific">
					...
					&ctltool; fifo check_userblacklist user [domain] prefix
					...
				</programlisting>
	    		</example>
		</section>

		<section>
			<title>
				<function moreinfo="none">check_userwhitelist user [domain] prefix</function>
			</title>
			<para>
				Searches in the default user list table.
				Finds the longest prefix for the given user@domain that matches the given prefix parameter. 
				Returns true if the prefix is found and the whitelist is set. 
				Returns false otherwise - either prefix found and whitelist 
				<emphasis>not</emphasis> set or prefix not found. 
				Note that the domain parameter is optional. 
				If not given, the second parameter is the considered to be the prefix. 
			</para>
			<example>
				<title><function>check_userwhitelist</function> usage</title>
				<programlisting format="linespecific">
					...
					&ctltool; fifo check_userwhitelist user [domain] prefix
					...
				</programlisting>
	    		</example>
		</section>
</section>

    <section>
	<title>Installation and Running</title>
	<section>
		<title>Database setup</title>
		<para>
			Before running &kamailio; with the userblacklist module,
			you have to setup the database table where the module will
			read the blacklist data. For that, if the table was not created
			by the installation script or you choose to install everything
			by yourself you can use the <emphasis>userblacklist-create.sql</emphasis>
			<acronym>SQL</acronym> script in the database directories in the 
			kamailio/scripts folder as template. 
			Database and table name can be set with module parameters so they 
			can be changed, but the name of the columns must be as they are 
			in the <acronym>SQL</acronym> script.
			You can also find the complete database documentation on the
			project webpage, &kamailiodbdocs;.
		</para>

	<example>
		<title>Example database content - globalblacklist table</title>
		<programlisting format="linespecific">
...
+----+-----------+-----------+
| id | prefix    | whitelist |
+----+-----------+-----------+
|  1 |           |         0 |
|  2 | 1         |         1 |
|  3 | 123456    |         0 |
|  4 | 123455787 |         0 |
+----+-----------+-----------+
...
		</programlisting>
	</example>
	<para>
		This table will setup a global blacklist for all numbers, only allowing calls
		starting with <quote>1</quote>. Numbers that starts with <quote>123456</quote>
		and <quote>123455787</quote> are also blacklisted, because the longest prefix
		will be matched.
	</para>

	<example>
		<title>Example database content - userblacklist table</title>
		<programlisting format="linespecific">
...
+----+----------------+-------------+-----------+-----------+
| id | username       | domain      | prefix    | whitelist |
+----+----------------+-------------+-----------+-----------+
| 23 | 49721123456788 |             | 1234      |         0 |
| 22 | 49721123456788 |             | 123456788 |         1 |
| 21 | 49721123456789 |             | 12345     |         0 |
| 20 | 494675231      |             | 499034133 |         1 |
| 19 | 494675231      | test        | 499034132 |         0 |
| 18 | 494675453      | test.domain | 49901     |         0 |
| 17 | 494675454      |             | 49900     |         0 |
+----+----------------+-------------+-----------+-----------+
...
		</programlisting>
	</example>
	<para>
		This table will setup user specific blacklists for certain usernames. For example
		for user <quote>49721123456788</quote> the prefix <quote>1234</quote> will be not
		allowed, but the number <quote>123456788</quote> is allowed. Additionally a domain
		could be specified that is used for username matching if the <quote>use_domain</quote>
		parameter is set.
	</para>
</section>
</section>
</chapter>