< Previous by Date Date Index Next by Date >
< Previous in Thread Thread Index  

[reSIProcate] Fwd: qop Parameter Parsing


Several people had their hands in the original part of this code.

Jason, Derek, David, and Alan have the best chance of knowing early if the approach Byron 
is proposing has subtle negative implications.

Would the 4 of you please comment with 

"This looks ok - lets give it a try",
"This can't work because <explanation goes here>",
or
"I'm far enough away from this code now that I don't have an opinion"

Also - we're working on the 1.1 release right now. There is enough uncertainty here that 
I am not comfortable including this change in that release. If I understand correctly, Byron's
already created a branch for the release, so we would apply this change only to head
(for inclusion in 1.2), but not to the 1.1 branch.

1.2 should be released in May, shortly after SIPit 20. Folks that really need this can use
head in the interim.

RjS


Begin forwarded message:

From: "Matthias Moetje" <moetje@xxxxxxxxxxxx>
Date: February 12, 2007 5:08:23 PM CST
To: "Byron Campen" <bcampen@xxxxxxxxxxxx>
Subject: Re: [reSIProcate] qop Parameter Parsing

..lol, alright, hope this will be confirmed to be stable soon, then!

Matthias


-----Original Message-----
From: Byron Campen [mailto:bcampen@xxxxxxxxxxxx]
Sent: Montag, 12. Februar 2007 21:58
To: Matthias Moetje
Cc: Rizsányi Zsolt; resiprocate-devel
Subject: Re: [reSIProcate] qop Parameter Parsing

I think it best to proceed with caution. This is because the
current
qop code is known or understood by very few; mysterious; secret;
obscure; esoteric (credit to Dictionary.com).

Best regards,
Byron Campen

Sounds good. Why not put it into the main branch?
(I don't know the word "arcane"..)

Matthias


-----Original Message-----
From: Byron Campen [mailto:bcampen@xxxxxxxxxxxx]
Sent: Montag, 12. Februar 2007 21:22
To: Matthias Moetje
Subject: Re: [reSIProcate] qop Parameter Parsing

So, I have code in a working copy that stores both qop and
qopOptions as DataParameters. While parsing from a HeaderFieldValue,
Auth.cxx will check its Headers::Type when it encounters something
that parsed as qop (ie; begins with "qop="); if it is either a
WWWAuthenticate or ProxyAuthenticate, it will set the
DataParameter::mQuoted to true, and set the parameter's type to
qopOptions. Otherwise, it will set DataParameter::mQuoted to false,
and the type to qop. From then on, the two parameter types are
stored
separately, and accessed with param(p_qop) and param(p_qopOptions).
If you end up _creating_ a qop param with param(p_qop) or param
(p_qopOptions), it will automatically do the right thing with regard
to setting the quotedness. Using operator= (a'la auth.param(p_qop)
="auth"; or auth.param(p_qopOptions)="auth";) will also do the right
thing.

I am thinking that I will put this in a branch, since the current
parameter-handling code is arcane, _particularly_ with regard to
qop.

Best regards,
Byron Campen

Zsolt,

in fact this is not a nice solution. We are using the
ServerAuthManager and the kind of fix you are suggesting would need
to be implemented in ServerAuthManager.cxx.
Currently, we are subclassing ServerAuthmanager:: and copying the
qopOptions parameter to a qop parameter (if the first exists and
the latter doesn't) before calling the base class method. Same like
with your solution: It's not really nice and it should really be
fixed in the stack.


Best regards,

Matthias Moetje



-----Original Message-----
Behalf Of
Rizsányi Zsolt
Sent: Samstag, 27. Januar 2007 13:36
Subject: Re: [reSIProcate] qop Parameter Parsing

On Monday 22 January 2007, Byron Campen wrote:
Ok, the problem here is that what we expect to follow qop=
is
context-sensitive; in an Authorization-type header, we expect to
find
a qop-value (a non-quoted token), but in an Authenticate-type
header,
we expect to see a qop-options (a quoted, comma delimited,
sequence
of tokens). Unfortunately, there is currently no way to make the
parse code context-sensitive. The API for Parameter would need to
change (right now, it just looks for a quote, and if it is there,
it
assumes we were looking for a qop-options). Additionally, both
Authorization-type and Authenticate-type are the same class
(Auth),
so it is doubtful that this context info is even availabe in the
first place. Any opinions on how we can make this code context-
sensitive with minimal impact on the rest of the code?

We have encountered this issue and we have fixed it simply from
the
stack
using code which knows its context. Here is an example:

if (auth.exists(resip::p_qop))
  qop = auth.param(resip::p_qop).c_str();
else if (auth.exists(resip::p_qopOptions))
  qop = auth.param(resip::p_qopOptions).c_str();
else
  qop = "";

It's probably not the nicest solution but I it can be implemented
easily
and it can be used until a better solution is found.

Regards,
Zsolt
_______________________________________________
resiprocate-devel mailing list

_______________________________________________
resiprocate-devel mailing list



_______________________________________________
resiprocate-devel mailing list