< Previous by Date Date Index Next by Date >
  Thread Index  

[reSIProcate] ServerAuthManager/UserAuthInfo (and a few other things)


Hi,

I've hit a limitation in ServerAuthManager which i've worked around personally 
as a quick hack.

Basically, i'm being forced to use a *really* evil commerical billing platform 
(names will not be mentioned, but trust me, it's awful).  The interface to 
the really-evil-platform for authentication is at least via RADIUS, so part 
of my sanity is saved.

The problem of course is that i need to package up the [Proxy]-Authenticate 
params (user, realm, nonce, response, uri, and request method), and send them 
to the server.  Using the current model there is no way to do this as i don't 
have access to the message.

Upon receving a response, i don't have the user's password - only a yay or 
nay, so can't provide A1 back in the UserAuthInfo.

I've worked around both of the above as a quick fix and changing 
ServerAuthManager::handle to virtual (which i'm guessing it probably should 
be anyway?), but it would make a lot more sense to abstract 
resip::ServerAuthManager to take in to account different authentication 
models, such as the one i'm forced to live with (at least for the time 
being).  I'm also working on a seperate 3GPP IMS project which would have 
simalar requirements in an S-CSCF element, but using diameter and a seperate 
response verification algorithm.

I also need to be able to return a secific error - i.e 408, 500 etc depending 
on the remote authentication service response.

So, before i go and re-write the whole thing and abstract it 
(resip::ServerAuthManager and resip::UserAuthInfo that is):

 * Being new [1] to resip development, i might have completly missed the point 
with the above problem? - yes, abstracting the whole thing (once handle is 
virtual) is one way of doign it, but it "just seems wrong".
 * Any other thoughts/features/ideas with the above while i'm goign about 
doing it?
 * what are the general thoughts on api changes, when do they get commited, 
what sort of release schedule is there (i couldn't see anything on the wiki)

As a (slightly) seperate issue - resip should return 401/WWW-Authenticate to a 
request not being proxied, but there doesn't seem to be any support for that 
at the moment.  Any quick pointers on where to look to make these changes?

Also, I need to add a seperate fd to be monitored before calling 
stack.process() for my radius responses.  I couldn't see any way that this 
has been abstracted to make it easy - i'm currently adding to fddset after 
stack.buildFdSet(fdset), then checking if it's readable before calling 
stack.process().  any thoughts/pointers on this (or am i maybe missing 
somehting?)

Kind Regards,

 ~ Theo

1 - Known about resip for a while, but never thought about using it instead of 
fighting with my evil LLAR parser implementation + scarily 
non-rfc3261-feature-complete C sip stack until someone in kopete dev team 
mentioned it last night.  been playing with since, and seems like a very well 
thought out and implemented stack.  I've not used C++ for a few years (dev 
work forced me to use C mostly, which i got comfortable with again and stuck 
to), so i might be a bit rusty for a while ... bear with me while i rememeber 
my aggregations from my aquaintences ;)

-- 
Theo P. Zourzouvillys

People who enjoy waiving flags don't deserve to have one
  -- Santa's Ghetto 2004, Banksy