< Previous by Date | Date Index | Next by Date > |
Thread Index |
The previous patch didn't actually call the new method getChallengeRealm(), the patch below is complete and tested.
Hi,I've been looking at ServerAuthManager in DUM and felt that it would be useful to:
a) provide a way for subclasses to specify the realm to be sent in a challenge
b) allow subclasses to over-ride authorizedForThisIdentity and thereby determine which requests are authorized using their own algorithm
I have attached my patches below.I am also looking at whether ServerAuthManager can perform optional authentication - in other words, some sessions require authentication while others don't. Is the stack intended to be used in such a way?
A typical example is: - peer A is authenticated by username/password - peer B is authenticated by IP- peer C is not authenticated, but is allowed to make calls to a restricted set of URIs - he is only sent a 407 challenge if the URI he is calling matches a particular pattern
Regards, Daniel Index: resip/dum/ServerAuthManager.cxx =================================================================== --- resip/dum/ServerAuthManager.cxx (revision 5828) +++ resip/dum/ServerAuthManager.cxx (working copy) @@ -186,7 +186,11 @@ return ((fromUri.user() == user) && (fromUri.host() == realm)); } +const Data& ServerAuthManager::getChallengeRealm(const SipMessage& msg) { + return msg.header(h_RequestLine).uri().host(); +} + // return true if request has been consumed ServerAuthManager::Result ServerAuthManager::handle(SipMessage* sipMsg) @@ -200,7 +204,7 @@ { //assume TransactionUser has matched/repaired a realm SharedPtr<SipMessage> challenge(Helper::makeProxyChallenge(*sipMsg, - sipMsg->header(h_RequestLine).uri().host(), + getChallengeRealm(), useAuthInt(), false /*stale*/)); InfoLog (<< "Sending challenge to " << sipMsg->brief()); Index: resip/dum/ServerAuthManager.hxx =================================================================== --- resip/dum/ServerAuthManager.hxx (revision 5828) +++ resip/dum/ServerAuthManager.hxx (working copy) @@ -49,9 +49,10 @@ typedef std::map<Data, SipMessage*> MessageMap; MessageMap mMessages; - bool authorizedForThisIdentity(const resip::Data &user, + virtual bool authorizedForThisIdentity(const resip::Data &user, const resip::Data &realm, resip::Uri &fromUri); + virtual const Data& getChallengeRealm(const SipMessage& msg); };
_______________________________________________ resiprocate-devel mailing list resiprocate-devel@xxxxxxxxxxxxxxxxxxx https://list.sipfoundry.org/mailman/listinfo/resiprocate-devel
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature