< Previous by Date	Date Index	Next by Date >
	Thread Index

[reSIProcate] ServerAuthManager subclasses - oops

From: Daniel Pocock <daniel@xxxxxxxxxxxxxxxxxxxxx>
Date: Sat, 04 Feb 2006 19:18:35 +0000

The previous patch didn't actually call the new methodgetChallengeRealm(), the patch below is complete and tested.

Hi,

I've been looking at ServerAuthManager in DUM and felt that it would beuseful to:

a) provide a way for subclasses to specify the realm to be sent in achallenge

b) allow subclasses to over-ride authorizedForThisIdentity and therebydetermine which requests are authorized using their own algorithm


I have attached my patches below.

I am also looking at whether ServerAuthManager can perform optionalauthentication - in other words, some sessions require authenticationwhile others don't. Is the stack intended to be used in such a way?

A typical example is:
- peer A is authenticated by username/password
- peer B is authenticated by IP

- peer C is not authenticated, but is allowed to make calls to arestricted set of URIs - he is only sent a 407 challenge if the URI heis calling matches a particular pattern


Regards,

Daniel

Index: resip/dum/ServerAuthManager.cxx
===================================================================
--- resip/dum/ServerAuthManager.cxx     (revision 5828)
+++ resip/dum/ServerAuthManager.cxx     (working copy)
@@ -186,7 +186,11 @@
   return ((fromUri.user() == user) && (fromUri.host() == realm));
}

+const Data& ServerAuthManager::getChallengeRealm(const SipMessage& msg) {
+  return msg.header(h_RequestLine).uri().host();
+}

+
// return true if request has been consumed
ServerAuthManager::Result
ServerAuthManager::handle(SipMessage* sipMsg)
@@ -200,7 +204,7 @@
      {
         //assume TransactionUser has matched/repaired a realm
         SharedPtr<SipMessage> challenge(Helper::makeProxyChallenge(*sipMsg,
-                                                                    
sipMsg->header(h_RequestLine).uri().host(),
+                                                                    
getChallengeRealm(),
                                                                    
useAuthInt(),
                                                                    false 
/*stale*/));
         InfoLog (<< "Sending challenge to " << sipMsg->brief());
Index: resip/dum/ServerAuthManager.hxx
===================================================================
--- resip/dum/ServerAuthManager.hxx     (revision 5828)
+++ resip/dum/ServerAuthManager.hxx     (working copy)
@@ -49,9 +49,10 @@

      typedef std::map<Data, SipMessage*> MessageMap;
      MessageMap mMessages;
-      bool authorizedForThisIdentity(const resip::Data &user,
+      virtual bool authorizedForThisIdentity(const resip::Data &user,
                                     const resip::Data &realm,
                                     resip::Uri &fromUri);
+      virtual const Data& getChallengeRealm(const SipMessage& msg);

};

_______________________________________________
resiprocate-devel mailing list
resiprocate-devel@xxxxxxxxxxxxxxxxxxx
https://list.sipfoundry.org/mailman/listinfo/resiprocate-devel

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Prev by Date: [reSIProcate] ServerAuthManager subclasses
Next by Date: [reSIProcate] ServerAuthManager and outbound sessions?
Previous by thread: [reSIProcate] ServerAuthManager subclasses
Next by thread: [reSIProcate] ServerAuthManager and outbound sessions?
Index(es):
- Date
- Thread