.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.43)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
.    if \nF \{\
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{\
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "Net::SIP::Authorize 3pm"
.TH Net::SIP::Authorize 3pm "2023-09-29" "perl v5.36.0" "User Contributed Perl Documentation"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
Net::SIP::Authorize \- enforce authorization of packets
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 11
\&  my $auth = Net::SIP::Authorize\->new(
\&        dispatcher => $dispatcher,
\&        realm      => \*(Aqnet\-sip.example.com\*(Aq,
\&        user2pass  => \e&give_pass_for_user,
\&        i_am_proxy => 1,
\&  );
\&  my $proxy = Net::SIP::StatelessProxy\->new...
\&  my $chain = Net::SIP::ReceiveChain\->new(
\&        # all requests for proxy need to be authorized
\&        [ $auth,$proxy ]
\&  );
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
This package is used inside a Net::SIP::ReceiveChain to make sure,
that requests are authorized before they get handled by the next
receiver in the chain.
.SH "CONSTRUCTOR"
.IX Header "CONSTRUCTOR"
.ie n .IP "new ( %ARGS )" 4
.el .IP "new ( \f(CW%ARGS\fR )" 4
.IX Item "new ( %ARGS )"
This creates a new registar object, \f(CW%ARGS\fR can have the following keys:
.RS 4
.IP "dispatcher" 8
.IX Item "dispatcher"
Net::SIP::Dispatcher object manging the registar. Mandatory.
.IP "realm" 8
.IX Item "realm"
The realm for the authentication request. Defaults to 'p5\-net\-sip'.
.IP "opaque" 8
.IX Item "opaque"
Optional value for \f(CW\*(C`opaque\*(C'\fR parameter for the authentication request.
If none is given no \f(CW\*(C`opaque\*(C'\fR parameter will be used.
.IP "user2a1" 8
.IX Item "user2a1"
Either hash reference with \f(CW\*(C`user,a1_hex\*(C'\fR mapping or callback, which gives
\&\f(CW\*(C`a1_hex\*(C'\fR if called with \f(CW\*(C`user,realm\*(C'\fR.
For the meaning of \f(CW\*(C`a1_hex\*(C'\fR see \s-1RFC 2617.\s0
.IP "user2pass" 8
.IX Item "user2pass"
Either hash reference with \f(CW\*(C`user,password\*(C'\fR mapping or callback,
which gives \f(CW\*(C`password\*(C'\fR if called with \f(CW\*(C`user\*(C'\fR.
This parameter will only be used if \f(CW\*(C`user2a1\*(C'\fR does not result in
a defined \f(CW\*(C`a1_hex\*(C'\fR for \f(CW\*(C`user\*(C'\fR.
.IP "i_am_proxy" 8
.IX Item "i_am_proxy"
Flag if the object behind works as a proxy (e.g. Net::SIP::StatelessProxy)
and sends \f(CW\*(C`Proxy\-Authenticate\*(C'\fR or if it is an endpoint
(e.g. Net::SIP::Endpoint, Net::SIP::Registrar) which sends
\&\f(CW\*(C`WWW\-Authenticate\*(C'\fR.
.IP "filter" 8
.IX Item "filter"
Additional filter for authorization, e.g. if authorization based on
username and passwort succeeded it might still fail because of these
filters. Filter is a hash with the method as key.
.Sp
The value can be an additional authorization (in which case it
must succeed), a list of authorizations (all of them must succeed),
or a list with a list of authorizations (at least one of the inner
lists must succeed).
.Sp
The additional authorization can be a name of a Net::SIP::Authorize
subclass (e.g. \f(CW\*(C`ToIsFrom\*(C'\fR means \f(CW\*(C`Net::SIP::Authorize::ToIsFrom\*(C'\fR)
which has a \f(CW\*(C`verify\*(C'\fR function or a \f(CW\*(C`[\e&callback]\*(C'\fR.
.Sp
The verify function or callback will be called with
\&\f(CW\*(C`($packet,$leg,$addr,$auth_user,$auth_realm)\*(C'\fR where \f(CW$packet\fR is
the request, \f(CW$leg\fR the Net::SIP::Leg object where the packet
came in, \f(CW$addr\fR the senders address, \f(CW$auth_user\fR the
username from the authorized user and \f(CW$auth_realm\fR the realm
which was used for authorization.
Success for verification means that the function must return true.
.Sp
The following authorization subclasses are defined:
.RS 8
.IP "FromIsRealm" 4
.IX Item "FromIsRealm"
Succeeds if the senders domain is the realm or a subdomain of the realm.
.IP "FromIsAuthUser" 4
.IX Item "FromIsAuthUser"
Succeeds if the username of the sender equals the username used for
authorization.
.IP "ToIsFrom" 4
.IX Item "ToIsFrom"
Succeeds if To header equals From header. This can be used to make sure, that a
user can only call \s-1REGISTER\s0 for itself.
.RE
.RS 8
.Sp
Example:
.Sp
.Vb 9
\&  filter => {
\&    REGISTER => [
\&      # all of these must succeed
\&      [ \*(AqToIsFrom\*(Aq,\*(AqFromIsRealm\*(Aq,\*(AqFromIsAuthUser\*(Aq ],
\&      # or this
\&      [ \e&callback ],
\&    ],
\&    INVITE => \*(AqFromIsRealm\*(Aq,
\&  }
.Ve
.RE
.RE
.RS 4
.RE
.SH "METHODS"
.IX Header "METHODS"
.IP "receive ( \s-1PACKET,LEG,FROM\s0 )" 4
.IX Item "receive ( PACKET,LEG,FROM )"
\&\s-1PACKET\s0 is the incoming packet,
\&\s-1LEG\s0 is the Net::SIP::Leg where the packet arrived and \s-1FROM\s0
is the \f(CW"ip:port"\fR of the sender. Responses will be send
back to the sender through the same leg.
.Sp
Called from the managing Net::SIP::Dispatcher object if a new
packet arrives.
.Sp
Returns \s-1TRUE\s0 if the packet was fully handled by this object which
is the case, if the packet was not authorized so that a \f(CW401\fR
or \f(CW407\fR (if \f(CW\*(C`i_am_proxy\*(C'\fR) response was send back.
.Sp
Returns \s-1FALSE\s0 if packet was authorized and should be handled
be the next object in the Net::SIP::ReceiveChain.
In this case it usually changes the packet to remove the local
authorization information.