[reSIProcate] ServerAuthManager subclasses - oops

Sat Feb 4 13:18:35 CST 2006

The previous patch didn't actually call the new method 
getChallengeRealm(), the patch below is complete and tested.

Hi,

I've been looking at ServerAuthManager in DUM and felt that it would be 
useful to:

a) provide a way for subclasses to specify the realm to be sent in a 
challenge

b) allow subclasses to over-ride authorizedForThisIdentity and thereby 
determine which requests are authorized using their own algorithm

I have attached my patches below.

I am also looking at whether ServerAuthManager can perform optional 
authentication - in other words, some sessions require authentication 
while others don't.  Is the stack intended to be used in such a way? 

A typical example is:
- peer A is authenticated by username/password
- peer B is authenticated by IP
- peer C is not authenticated, but is allowed to make calls to a 
restricted set of URIs - he is only sent a 407 challenge if the URI he 
is calling matches a particular pattern

Regards,

Daniel

Index: resip/dum/ServerAuthManager.cxx
===================================================================

--- resip/dum/ServerAuthManager.cxx     (revision 5828)
+++ resip/dum/ServerAuthManager.cxx     (working copy)
@@ -186,7 +186,11 @@
    return ((fromUri.user() == user) && (fromUri.host() == realm));
 }

+const Data& ServerAuthManager::getChallengeRealm(const SipMessage& msg) {
+  return msg.header(h_RequestLine).uri().host();
+}

+
 // return true if request has been consumed
 ServerAuthManager::Result
 ServerAuthManager::handle(SipMessage* sipMsg)
@@ -200,7 +204,7 @@
       {
          //assume TransactionUser has matched/repaired a realm
          SharedPtr<SipMessage> challenge(Helper::makeProxyChallenge(*sipMsg,
-                                                                    sipMsg->header(h_RequestLine).uri().host(),
+                                                                    getChallengeRealm(),
                                                                     useAuthInt(),
                                                                     false /*stale*/));
          InfoLog (<< "Sending challenge to " << sipMsg->brief());
Index: resip/dum/ServerAuthManager.hxx
===================================================================
--- resip/dum/ServerAuthManager.hxx     (revision 5828)
+++ resip/dum/ServerAuthManager.hxx     (working copy)
@@ -49,9 +49,10 @@

       typedef std::map<Data, SipMessage*> MessageMap;
       MessageMap mMessages;
-      bool authorizedForThisIdentity(const resip::Data &user,
+      virtual bool authorizedForThisIdentity(const resip::Data &user,
                                      const resip::Data &realm,
                                      resip::Uri &fromUri);
+      virtual const Data& getChallengeRealm(const SipMessage& msg);

 };





-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: file:///tmp/nsmail-1.asc
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20060204/6675220b/attachment.asc>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3214 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20060204/6675220b/attachment.bin>
