[reSIProcate] committed ServerAuthManager and related updates

Daniel Pocock daniel at readytechnology.co.uk
Tue Mar 14 12:41:41 CST 2006 

Scott and I have just committed some major changes to ServerAuthManager.

Please note the following interface changes which are not backwards 
compatible:

- virtual void ServerAuthManager::requestCredential(...)  - additional 
arguments required

These changes are included:

- challenge logic - requiresChallenge() is not called if the SIP packet 
already has credentials for our domain.  Consequently, if the 
credentials are wrong, the packet is rejected - even if 
requiresChallenge() might have returned a negative value.

- challenge logic - previously, if a request contained auth headers, but 
none matched the local realm(s), the request would be treated as invalid 
and a 404 was returned.  Now, such requests are challenged, potentially 
creating a loop with a non-compliant client who repeatedly sends the 
wrong realm.  It may be necessary to implement some general mechanism to 
detect flooding from poorly implemented UACs.  (RSP-29)

- async discovery of whether challenge is required - the method 
requiresChallenge() may now return the value `Async', and should then 
post a ChallengeInfo message once it discovers the answer.  It can also 
choose to answer synchronously.  (RSP-30)

- virtual onAuthSuccess(...) and virtual onAuthFailure(...) - one of 
these methods are called ServerAuthManager whenever it has finished 
considering a request.  A subclass may over-ride these with it's own 
code for logging, fault diagnosis, etc.

- requestCredential(...) now takes extra arguments - the SipMessage and 
the Auth header that ServerAuthManager has chosen to validate.  An 
implementation of requestCredential(...) now has enough data to 
communicate with a RADIUS server implementing draft-sterman-aaa-sip-00.txt

- class UserAuthInfo can now encapsulate additional types of response, 
including UserUnknown, Error, DigestAccepted/DigestNotAccepted 
(authentication took place externally, no A1/secret returned) or the 
original RetrievedA1.  Implementations should no longer use a blank A1 
value to indicate error or unknown user.  (RSP-26)

The following JIRA issues can be closed as a result of this and previous 
commits:

RSP-24
RSP-25
RSP-26
RSP-27
RSP-29
RSP-30

More information about the resiprocate-devel mailing list