< Previous by Date Date Index Next by Date >
  Thread Index  

[reSIProcate] ServerAuthManager subclasses - oops



The previous patch didn't actually call the new method getChallengeRealm(), the patch below is complete and tested.

Hi,

I've been looking at ServerAuthManager in DUM and felt that it would be useful to:

a) provide a way for subclasses to specify the realm to be sent in a challenge

b) allow subclasses to over-ride authorizedForThisIdentity and thereby determine which requests are authorized using their own algorithm

I have attached my patches below.

I am also looking at whether ServerAuthManager can perform optional authentication - in other words, some sessions require authentication while others don't. Is the stack intended to be used in such a way?
A typical example is:
- peer A is authenticated by username/password
- peer B is authenticated by IP
- peer C is not authenticated, but is allowed to make calls to a restricted set of URIs - he is only sent a 407 challenge if the URI he is calling matches a particular pattern

Regards,

Daniel

Index: resip/dum/ServerAuthManager.cxx
===================================================================
--- resip/dum/ServerAuthManager.cxx     (revision 5828)
+++ resip/dum/ServerAuthManager.cxx     (working copy)
@@ -186,7 +186,11 @@
   return ((fromUri.user() == user) && (fromUri.host() == realm));
}

+const Data& ServerAuthManager::getChallengeRealm(const SipMessage& msg) {
+  return msg.header(h_RequestLine).uri().host();
+}

+
// return true if request has been consumed
ServerAuthManager::Result
ServerAuthManager::handle(SipMessage* sipMsg)
@@ -200,7 +204,7 @@
      {
         //assume TransactionUser has matched/repaired a realm
         SharedPtr<SipMessage> challenge(Helper::makeProxyChallenge(*sipMsg,
-                                                                    
sipMsg->header(h_RequestLine).uri().host(),
+                                                                    
getChallengeRealm(),
                                                                    
useAuthInt(),
                                                                    false 
/*stale*/));
         InfoLog (<< "Sending challenge to " << sipMsg->brief());
Index: resip/dum/ServerAuthManager.hxx
===================================================================
--- resip/dum/ServerAuthManager.hxx     (revision 5828)
+++ resip/dum/ServerAuthManager.hxx     (working copy)
@@ -49,9 +49,10 @@

      typedef std::map<Data, SipMessage*> MessageMap;
      MessageMap mMessages;
-      bool authorizedForThisIdentity(const resip::Data &user,
+      virtual bool authorizedForThisIdentity(const resip::Data &user,
                                     const resip::Data &realm,
                                     resip::Uri &fromUri);
+      virtual const Data& getChallengeRealm(const SipMessage& msg);

};





_______________________________________________
resiprocate-devel mailing list
resiprocate-devel@xxxxxxxxxxxxxxxxxxx
https://list.sipfoundry.org/mailman/listinfo/resiprocate-devel

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature