[asterisk-bugs] [Asterisk 0010961]: [patch] Add HTTP Basic & Digest Auth (rfc2617) for manager web interface.

noreply at bugs.digium.com noreply at bugs.digium.com
Thu Dec 20 08:57:09 CST 2007


A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=10961 
====================================================================== 
Reported By:                ys
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   10961
Category:                   Core/HTTP
Reproducibility:            N/A
Severity:                   feature
Priority:                   normal
Status:                     new
Asterisk Version:            SVN 
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 85514 
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             10-12-2007 06:48 CDT
Last Modified:              12-20-2007 08:57 CST
====================================================================== 
Summary:                    [patch] Add HTTP Basic & Digest Auth (rfc2617) for
manager web interface.
Description: 
I found, that manager web interface used "Cookie" Header for authenticate
the user. This require two http request, one for authenticate and next for
commands.
This patch add only Basic authentication scheme implementation, as defined
in rfc2617.
If used this scheme, httptimeout are unused, but we don't need to keep a
http session (and mansession) alive, after HTTP Request is processed.







======================================================================
Relationships       ID      Summary
----------------------------------------------------------------------
related to          0011414 [patch] Move loading users from authent...
====================================================================== 

---------------------------------------------------------------------- 
 ys - 12-20-07 08:57  
---------------------------------------------------------------------- 
As start to share digest code, I upload trunk_utils.diff file, where I add
digest parser function.
This function used for parsing incomming Digest request and responce
header and also makes some checks.

Also,  in trunk_chan_sip.diff file I add some changes to chan_sip
concerning digest authentication handing:

1. I change randdata  type in sip_pvt struct  to unsigned long. This field
used only Asterisk is UAS, and we expect, that nonce value in Digest answer
can be converted to unsigned long, otherwise this nonce is wrong.
2. "qop" now int flag, but now supported only "auth" qop value (or no
qop).
3. If Asterisk (as UAS) sent Digest auth request (as defined in rfc3261
p22.4) it MUST be in format, defined in RFC2617, but responce from client 
can be processed  in RFC-2617 format and (if client not support it) in
RFC2069 format for backwards compatibility.
4. check_auth():  Now we can check auth both in RFC-2617 and RFC-2069
format; added nonce_count check for pedantic mode; "uri" MUST always exist
in digest auth responce.
5. build_reply_digest function: remove "opaque" key/value field if Digest
auth responce sent in  RFC2069 format. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
12-20-07 08:57  ys             Note Added: 0075753                          
======================================================================




More information about the asterisk-bugs mailing list