< Previous by Date	Date Index	Next by Date >
	Thread Index

[reSIProcate] committed ServerAuthManager and related updates

From: Daniel Pocock <daniel@xxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 14 Mar 2006 18:41:41 +0000


Scott and I have just committed some major changes to ServerAuthManager.

Please note the following interface changes which are not backwardscompatible:

- virtual void ServerAuthManager::requestCredential(...) - additionalarguments required


These changes are included:

- challenge logic - requiresChallenge() is not called if the SIP packetalready has credentials for our domain. Consequently, if thecredentials are wrong, the packet is rejected - even ifrequiresChallenge() might have returned a negative value.

- challenge logic - previously, if a request contained auth headers, butnone matched the local realm(s), the request would be treated as invalidand a 404 was returned. Now, such requests are challenged, potentiallycreating a loop with a non-compliant client who repeatedly sends thewrong realm. It may be necessary to implement some general mechanism todetect flooding from poorly implemented UACs. (RSP-29)

- async discovery of whether challenge is required - the methodrequiresChallenge() may now return the value `Async', and should thenpost a ChallengeInfo message once it discovers the answer. It can alsochoose to answer synchronously. (RSP-30)

- virtual onAuthSuccess(...) and virtual onAuthFailure(...) - one ofthese methods are called ServerAuthManager whenever it has finishedconsidering a request. A subclass may over-ride these with it's owncode for logging, fault diagnosis, etc.

- requestCredential(...) now takes extra arguments - the SipMessage andthe Auth header that ServerAuthManager has chosen to validate. Animplementation of requestCredential(...) now has enough data tocommunicate with a RADIUS server implementing draft-sterman-aaa-sip-00.txt

- class UserAuthInfo can now encapsulate additional types of response,including UserUnknown, Error, DigestAccepted/DigestNotAccepted(authentication took place externally, no A1/secret returned) or theoriginal RetrievedA1. Implementations should no longer use a blank A1value to indicate error or unknown user. (RSP-26)

The following JIRA issues can be closed as a result of this and previouscommits:


RSP-24
RSP-25
RSP-26
RSP-27
RSP-29
RSP-30

Prev by Date: Re: [reSIProcate] B2B design problem
Next by Date: RE: [reSIProcate] AppDialogSet Memory Leak
Previous by thread: RE: [reSIProcate] Resiprocate with gcc-4.0.2
Next by thread: [reSIProcate] Calling DialogUsageManager.post(...) from a thread
Index(es):
- Date
- Thread