[reSIProcate] ServerAuthManager subclasses

Daniel Pocock daniel at readytechnology.co.uk
Sat Feb 4 07:10:54 CST 2006 

Hi,

I've been looking at ServerAuthManager in DUM and felt that it would be 
useful to:

a) provide a way for subclasses to specify the realm to be sent in a 
challenge

b) allow subclasses to over-ride authorizedForThisIdentity and thereby 
determine which requests are authorized using their own algorithm

I have attached my patches below.

I am also looking at whether ServerAuthManager can perform optional 
authentication - in other words, some sessions require authentication 
while others don't.  Is the stack intended to be used in such a way? 

A typical example is:
- peer A is authenticated by username/password
- peer B is authenticated by IP
- peer C is not authenticated, but is allowed to make calls to a 
restricted set of URIs - he is only sent a 407 challenge if the URI he 
is calling matches a particular pattern

Regards,

Daniel



Index: resip/dum/ServerAuthManager.cxx
===================================================================
--- resip/dum/ServerAuthManager.cxx     (revision 5828)
+++ resip/dum/ServerAuthManager.cxx     (working copy)
@@ -186,7 +186,11 @@
    return ((fromUri.user() == user) && (fromUri.host() == realm));
 }

+const Data& ServerAuthManager::getChallengeRealm(const SipMessage& msg) {
+  return msg.header(h_RequestLine).uri().host();
+}

+
 // return true if request has been consumed
 ServerAuthManager::Result
 ServerAuthManager::handle(SipMessage* sipMsg)
Index: resip/dum/ServerAuthManager.hxx
===================================================================
--- resip/dum/ServerAuthManager.hxx     (revision 5828)
+++ resip/dum/ServerAuthManager.hxx     (working copy)
@@ -49,9 +49,10 @@

       typedef std::map<Data, SipMessage*> MessageMap;
       MessageMap mMessages;
-      bool authorizedForThisIdentity(const resip::Data &user,
+      virtual bool authorizedForThisIdentity(const resip::Data &user,
                                      const resip::Data &realm,
                                      resip::Uri &fromUri);
+      virtual const Data& getChallengeRealm(const SipMessage& msg);

 };


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3214 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20060204/d1545630/attachment.bin>

More information about the resiprocate-devel mailing list