[asterisk-bugs] [Asterisk 0010961]: [patch] Add HTTP Basic Authentication Scheme (rfc2617) for manager web interface.
noreply at bugs.digium.com
noreply at bugs.digium.com
Mon Dec 17 07:30:44 CST 2007
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=10961
======================================================================
Reported By: ys
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 10961
Category: Core/HTTP
Reproducibility: N/A
Severity: feature
Priority: normal
Status: new
Asterisk Version: SVN
SVN Branch (only for SVN checkouts, not tarball releases): trunk
SVN Revision (number only!): 85514
Disclaimer on File?: N/A
Request Review:
======================================================================
Date Submitted: 10-12-2007 06:48 CDT
Last Modified: 12-17-2007 07:30 CST
======================================================================
Summary: [patch] Add HTTP Basic Authentication Scheme
(rfc2617) for manager web interface.
Description:
I found, that manager web interface used "Cookie" Header for authenticate
the user. This require two http request, one for authenticate and next for
commands.
This patch add only Basic authentication scheme implementation, as defined
in rfc2617.
If used this scheme, httptimeout are unused, but we don't need to keep a
http session (and mansession) alive, after HTTP Request is processed.
======================================================================
Relationships ID Summary
----------------------------------------------------------------------
related to 0011414 [patch] Move loading users from authent...
======================================================================
----------------------------------------------------------------------
ys - 12-17-07 07:30
----------------------------------------------------------------------
I upload new patch that implement HTTP Digest access authentication - RFC
2617 (and RFC2069 for backward compatibility)
In this patch I add 3 callback for following uri:
<prefix>/arawman - Raw HTTP manager interface w/Digest authentication
<prefix>/amanager - HTML manager interface w/Digest authentication
<prefix>/amxml - XML manager interface w/Digest authentication
Now it have some limitation:
Only GET method are supported (hardcoded).
Only one real (global_realm) supported.
Only "auth" qop-value used (hardcoded).
Timer for nonce expiration are hardcoded (2 min).
Issue History
Date Modified Username Field Change
======================================================================
12-17-07 07:30 ys Note Added: 0075546
======================================================================
More information about the asterisk-bugs
mailing list