[asterisk-bugs] [Asterisk 0010961]: [patch] Add HTTP Basic & Digest Auth (rfc2617) for manager web interface.

noreply at bugs.digium.com noreply at bugs.digium.com
Sat Mar 15 12:27:20 CDT 2008


A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=10961 
====================================================================== 
Reported By:                ys
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   10961
Category:                   Core/NewFeature
Reproducibility:            N/A
Severity:                   feature
Priority:                   normal
Status:                     new
Asterisk Version:           SVN 
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 85514 
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             10-12-2007 06:48 CDT
Last Modified:              03-15-2008 12:27 CDT
====================================================================== 
Summary:                    [patch] Add HTTP Basic & Digest Auth (rfc2617) for
manager web interface.
Description: 
I found, that manager web interface used "Cookie" Header for authenticate
the user. This require two http request, one for authenticate and next for
commands.
This patch add only Basic authentication scheme implementation, as defined
in rfc2617.
If used this scheme, httptimeout are unused, but we don't need to keep a
http session (and mansession) alive, after HTTP Request is processed.







======================================================================
Relationships       ID      Summary
----------------------------------------------------------------------
related to          0011414 [patch] Move loading users from authent...
====================================================================== 

---------------------------------------------------------------------- 
 ys - 03-15-08 12:27  
---------------------------------------------------------------------- 
I upload new digest_auth_r108895_v3.diff patch where:

Sync with rev. 108895.

Remove "Basic authentication scheme", now utilize only "digest
authentication scheme".

Revert and hold changes for chan_sip.c

Added new generic ast_http_send() function, that send http responce to
client.
Features:
 1. Generate basic http responce headers.
 2. All additional http responce header passed to this function in
separate argument.
 3. Can send content of responce from preallocated ast_str* string and/or
from openned file.
 4. Calculate value for "Content-Length" responce header and generate this
header. (both for ast_str* string and data from opened file)
 5. Prevent dublicate code, used for http header generation in some
callback.
 6. Added code for support "HEAD" http request method.

New ast_http_auth() and ast_http_error() helper function use
ast_http_send() for sending authorize or error responce (4XX code).

Added code for processing "If-None-Match" request header and generation
for the "Etag" responce header in static callback, and "304 Not Modified"
responce, if file is unchanged.


Defination for http callback function are changed:
 1. all http callback send data or error/auth responce to client without
http helper assistance.
 2. static_content in ast_http_uri struct in this case are unneded,
callback can set this flag for ast_http_send() function itself. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
03-15-08 12:27  ys             Note Added: 0084016                          
======================================================================




More information about the asterisk-bugs mailing list