[reSIProcate] ServerAuthManager/UserAuthInfo (and a few other things)
Hi,
I've hit a limitation in ServerAuthManager which i've worked around personally
as a quick hack.
Basically, i'm being forced to use a *really* evil commerical billing platform
(names will not be mentioned, but trust me, it's awful). The interface to
the really-evil-platform for authentication is at least via RADIUS, so part
of my sanity is saved.
The problem of course is that i need to package up the [Proxy]-Authenticate
params (user, realm, nonce, response, uri, and request method), and send them
to the server. Using the current model there is no way to do this as i don't
have access to the message.
Upon receving a response, i don't have the user's password - only a yay or
nay, so can't provide A1 back in the UserAuthInfo.
I've worked around both of the above as a quick fix and changing
ServerAuthManager::handle to virtual (which i'm guessing it probably should
be anyway?), but it would make a lot more sense to abstract
resip::ServerAuthManager to take in to account different authentication
models, such as the one i'm forced to live with (at least for the time
being). I'm also working on a seperate 3GPP IMS project which would have
simalar requirements in an S-CSCF element, but using diameter and a seperate
response verification algorithm.
I also need to be able to return a secific error - i.e 408, 500 etc depending
on the remote authentication service response.
So, before i go and re-write the whole thing and abstract it
(resip::ServerAuthManager and resip::UserAuthInfo that is):
* Being new [1] to resip development, i might have completly missed the point
with the above problem? - yes, abstracting the whole thing (once handle is
virtual) is one way of doign it, but it "just seems wrong".
* Any other thoughts/features/ideas with the above while i'm goign about
doing it?
* what are the general thoughts on api changes, when do they get commited,
what sort of release schedule is there (i couldn't see anything on the wiki)
As a (slightly) seperate issue - resip should return 401/WWW-Authenticate to a
request not being proxied, but there doesn't seem to be any support for that
at the moment. Any quick pointers on where to look to make these changes?
Also, I need to add a seperate fd to be monitored before calling
stack.process() for my radius responses. I couldn't see any way that this
has been abstracted to make it easy - i'm currently adding to fddset after
stack.buildFdSet(fdset), then checking if it's readable before calling
stack.process(). any thoughts/pointers on this (or am i maybe missing
somehting?)
Kind Regards,
~ Theo
1 - Known about resip for a while, but never thought about using it instead of
fighting with my evil LLAR parser implementation + scarily
non-rfc3261-feature-complete C sip stack until someone in kopete dev team
mentioned it last night. been playing with since, and seems like a very well
thought out and implemented stack. I've not used C++ for a few years (dev
work forced me to use C mostly, which i got comfortable with again and stuck
to), so i might be a bit rusty for a while ... bear with me while i rememeber
my aggregations from my aquaintences ;)
--
Theo P. Zourzouvillys
People who enjoy waiving flags don't deserve to have one
-- Santa's Ghetto 2004, Banksy