[asterisk-commits] dlee: branch dlee/ari-authn r392949 - in /team/dlee/ari-authn: configs/ res/ ...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Tue Jun 25 22:50:14 CDT 2013 

Author: dlee
Date: Tue Jun 25 22:50:12 2013
New Revision: 392949

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=392949
Log:
Make realm configurable

Modified:
    team/dlee/ari-authn/configs/stasis_http.conf.sample
    team/dlee/ari-authn/res/res_stasis_http.c
    team/dlee/ari-authn/res/stasis_http/cli.c
    team/dlee/ari-authn/res/stasis_http/config.c
    team/dlee/ari-authn/res/stasis_http/internal.h

Modified: team/dlee/ari-authn/configs/stasis_http.conf.sample
URL: http://svnview.digium.com/svn/asterisk/team/dlee/ari-authn/configs/stasis_http.conf.sample?view=diff&rev=392949&r1=392948&r2=392949
==============================================================================
--- team/dlee/ari-authn/configs/stasis_http.conf.sample (original)
+++ team/dlee/ari-authn/configs/stasis_http.conf.sample Tue Jun 25 22:50:12 2013
@@ -1,24 +1,26 @@
 [general]
-enabled = yes		; When set to no, stasis-http support is disabled
+enabled = yes		; When set to no, stasis-http support is disabled.
 ;pretty = no		; When set to yes, responses from stasis-http are
-;			; formatted to be human readable
+;			; formatted to be human readable.
 ;allowed_origins =	; Comma separated list of allowed origins, for
-;			; Cross-Origin Resource Sharing. May be set to * to allow
-;			; all origins.
+;			; Cross-Origin Resource Sharing. May be set to * to
+;			; allow all origins.
+;auth_realm =		; Realm to use for authentication. Defaults to Asterisk
+;			; REST Interface.
 
 ;[user-username]
 ;read_only = no		; When set to yes, user is only authorized for
-;			; read-only requests
+;			; read-only requests.
 ;
 ;allow_api_key = no	; When set to yes, user may authenticate by appending
 ;			; ?api_key=username:password to their requests.
 ;
-;password =		; Crypted or plaintext password (see password_format)
+;password =		; Crypted or plaintext password (see password_format).
 ;
 ; password_format may be set to plain (the default) or crypt. When set to crypt,
 ; crypt(3) is used to validate the password. A crypted password can be generated
 ; using mkpasswd -m sha-512.
 ;
-; When set to plain, the password is in plaintext
+; When set to plain, the password is in plaintext.
 ;
 ;password_format = plain

Modified: team/dlee/ari-authn/res/res_stasis_http.c
URL: http://svnview.digium.com/svn/asterisk/team/dlee/ari-authn/res/res_stasis_http.c?view=diff&rev=392949&r1=392948&r2=392949
==============================================================================
--- team/dlee/ari-authn/res/res_stasis_http.c (original)
+++ team/dlee/ari-authn/res/res_stasis_http.c Tue Jun 25 22:50:12 2013
@@ -74,6 +74,42 @@
 /*** MODULEINFO
 	<support_level>core</support_level>
  ***/
+
+/*** DOCUMENTATION
+	<configInfo name="res_stasis_http" language="en_US">
+		<synopsis>HTTP binding for the Stasis API</synopsis>
+		<configFile name="stasis_http.conf">
+			<configObject name="general">
+				<synopsis>General configuration settings</synopsis>
+				<configOption name="enabled">
+					<synopsis>Enable/disable the stasis-http module</synopsis>
+				</configOption>
+				<configOption name="pretty">
+					<synopsis>Responses from stasis-http are formatted to be human readable</synopsis>
+				</configOption>
+				<configOption name="auth_realm">
+					<synopsis>Realm to use for authentication. Defaults to Asterisk REST Interface.</synopsis>
+				</configOption>
+			</configObject>
+
+			<configObject name="user">
+				<synopsis>Per-user configuration settings</synopsis>
+				<configOption name="read_only">
+					<synopsis>When set to yes, user is only authorized for read-only requests</synopsis>
+				</configOption>
+				<configOption name="allow_api_key">
+					<synopsis>When set to yes, user may authenticate by appending ?api_key=username+password to their requests.</synopsis>
+				</configOption>
+				<configOption name="password">
+					<synopsis>Crypted or plaintext password (see password_format)</synopsis>
+				</configOption>
+				<configOption name="password_format">
+					<synopsis>password_format may be set to plain (the default) or crypt. When set to crypt, crypt(3) is used to validate the password. A crypted password can be generated using mkpasswd -m sha-512. When set to plain, the password is in plaintext</synopsis>
+				</configOption>
+			</configObject>
+		</configFile>
+	</configInfo>
+***/
 
 #include "asterisk.h"
 
@@ -729,6 +765,7 @@
 				struct ast_variable *get_params,
 				struct ast_variable *headers)
 {
+	RAII_VAR(struct ari_conf *, conf, NULL, ao2_cleanup);
 	RAII_VAR(struct ast_str *, response_headers, ast_str_create(40), ast_free);
 	RAII_VAR(struct ast_str *, response_body, ast_str_create(256), ast_free);
 	RAII_VAR(struct ari_conf_user *, user, NULL, ao2_cleanup);
@@ -740,6 +777,14 @@
 	}
 
 	response.headers = ast_str_create(40);
+	if (!response.headers) {
+		return -1;
+	}
+
+	conf = ari_config_get();
+	if (!conf) {
+		return -1;
+	}
 
 	process_cors_request(headers, &response);
 
@@ -750,7 +795,8 @@
 		response.response_code = 401;
 		response.response_text = "Unauthorized";
 		ast_str_append(&response.headers, 0,
-			"WWW-Authenticate: Basic realm=\"Asterisk\"\r\n");
+			"WWW-Authenticate: Basic realm=\"%s\"\r\n",
+			conf->general->auth_realm);
 	} else if (user->read_only && method != AST_HTTP_GET && method != AST_HTTP_OPTIONS) {
 		response.message = ast_json_pack("{s: s}",
 			"error", "Write access denied");

Modified: team/dlee/ari-authn/res/stasis_http/cli.c
URL: http://svnview.digium.com/svn/asterisk/team/dlee/ari-authn/res/stasis_http/cli.c?view=diff&rev=392949&r1=392948&r2=392949
==============================================================================
--- team/dlee/ari-authn/res/stasis_http/cli.c (original)
+++ team/dlee/ari-authn/res/stasis_http/cli.c Tue Jun 25 22:50:12 2013
@@ -70,6 +70,7 @@
 		break;
 	}
 	ast_cli(a->fd, "\n");
+	ast_cli(a->fd, "Auth realm: %s\n", conf->general->auth_realm);
 	ast_cli(a->fd, "User count: %d\n", ao2_container_count(conf->users));
 	return CLI_SUCCESS;
 }

Modified: team/dlee/ari-authn/res/stasis_http/config.c
URL: http://svnview.digium.com/svn/asterisk/team/dlee/ari-authn/res/stasis_http/config.c?view=diff&rev=392949&r1=392948&r2=392949
==============================================================================
--- team/dlee/ari-authn/res/stasis_http/config.c (original)
+++ team/dlee/ari-authn/res/stasis_http/config.c Tue Jun 25 22:50:12 2013
@@ -22,39 +22,6 @@
  * \author David M. Lee, II <dlee at digium.com>
  */
 
-/*** DOCUMENTATION
-	<configInfo name="res_stasis_http" language="en_US">
-		<synopsis>HTTP binding for the Stasis API</synopsis>
-		<configFile name="stasis_http.conf">
-			<configObject name="general">
-				<synopsis>General configuration settings</synopsis>
-				<configOption name="enabled">
-					<synopsis>Enable/disable the stasis-http module</synopsis>
-				</configOption>
-				<configOption name="pretty">
-					<synopsis>Responses from stasis-http are formatted to be human readable</synopsis>
-				</configOption>
-			</configObject>
-
-			<configObject name="user">
-				<synopsis>Per-user configuration settings</synopsis>
-				<configOption name="read_only">
-					<synopsis>When set to yes, user is only authorized for read-only requests</synopsis>
-				</configOption>
-				<configOption name="allow_api_key">
-					<synopsis>When set to yes, user may authenticate by appending ?api_key=username+password to their requests.</synopsis>
-				</configOption>
-				<configOption name="password">
-					<synopsis>Crypted or plaintext password (see password_format)</synopsis>
-				</configOption>
-				<configOption name="password_format">
-					<synopsis>password_format may be set to plain (the default) or crypt. When set to crypt, crypt(3) is used to validate the password. A crypted password can be generated using mkpasswd -m sha-512. When set to plain, the password is in plaintext</synopsis>
-				</configOption>
-			</configObject>
-		</configFile>
-	</configInfo>
-***/
-
 #include "asterisk.h"
 
 ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
@@ -69,7 +36,7 @@
  *         general context in the config file. */
 static struct aco_type general_option = {
 	.type = ACO_GLOBAL,
-	.name = "global",
+	.name = "general",
 	.item_offset = offsetof(struct ari_conf, general),
 	.category = "^general$",
 	.category_match = ACO_WHITELIST,
@@ -114,6 +81,7 @@
 {
 	struct ari_conf_user *user = obj;
 	ast_debug(3, "Disposing of user %s\n", user->username);
+	ast_free(user->username);
 }
 
 static void *user_alloc(const char *cat)
@@ -126,11 +94,6 @@
 		return NULL;
 	}
 
-	if (strlen(username) + 1 > ARRAY_LEN(user->username)) {
-		ast_log(LOG_ERROR, "User name too long '%s'\n", username);
-		return NULL;
-	}
-
 	ast_debug(3, "Allocating user %s\n", cat);
 
 	user = ao2_alloc(sizeof(*user), user_dtor);
@@ -138,7 +101,10 @@
 		return NULL;
 	}
 
-	strncpy(user->username, username, ARRAY_LEN(user->username));
+	user->username = ast_strdup(username);
+	if (!user->username) {
+		return NULL;
+	}
 
 	ao2_ref(user, +1);
 	return user;
@@ -326,6 +292,10 @@
 		FLDSET(struct ari_conf_general, enabled));
 	aco_option_register_custom(&cfg_info, "pretty", ACO_EXACT,
 		general_options, "no",  encoding_format_handler, 0);
+	aco_option_register(&cfg_info, "auth_realm", ACO_EXACT, general_options,
+		"Asterisk REST Interface", OPT_CHAR_ARRAY_T, 0,
+		FLDSET(struct ari_conf_general, auth_realm),
+		ARI_AUTH_REALM_LEN);
 
 	aco_option_register(&cfg_info, "read_only", ACO_EXACT, user,
 		"no", OPT_BOOL_T, 1,
@@ -335,7 +305,7 @@
 		FLDSET(struct ari_conf_user, allow_api_key));
 	aco_option_register(&cfg_info, "password", ACO_EXACT, user,
 		"", OPT_CHAR_ARRAY_T, 0,
-		FLDSET(struct ari_conf_user, password), 256);
+		FLDSET(struct ari_conf_user, password), ARI_PASSWORD_LEN);
 	aco_option_register_custom(&cfg_info, "password_format", ACO_EXACT,
 		user, "plain",  password_format_handler, 0);
 

Modified: team/dlee/ari-authn/res/stasis_http/internal.h
URL: http://svnview.digium.com/svn/asterisk/team/dlee/ari-authn/res/stasis_http/internal.h?view=diff&rev=392949&r1=392948&r2=392949
==============================================================================
--- team/dlee/ari-authn/res/stasis_http/internal.h (original)
+++ team/dlee/ari-authn/res/stasis_http/internal.h Tue Jun 25 22:50:12 2013
@@ -56,12 +56,17 @@
 	struct ao2_container *users;
 };
 
+/*! Max length for auth_realm field */
+#define ARI_AUTH_REALM_LEN 80
+
 /*! \brief Global configuration options for stasis http. */
 struct ari_conf_general {
 	/*! Enabled by default, disabled if false. */
 	int enabled;
 	/*! Encoding format used during output (default compact). */
 	enum ast_json_encoding_format format;
+	/*! Authentication realm */
+	char auth_realm[ARI_AUTH_REALM_LEN];
 };
 
 /*! \brief Password format */
@@ -72,13 +77,15 @@
 	ARI_PASSWORD_FORMAT_CRYPT,
 };
 
+#define ARI_PASSWORD_LEN 256
+
 /*! \brief Per-user configuration options */
 struct ari_conf_user {
 	/*! Username for authentication */
-	char username[128];
+	char *username;
 	/*! User's password. If 256 seems like a lot, a crypt SHA-512 has over
 	 *  100 characters */
-	char password[256];
+	char password[ARI_PASSWORD_LEN];
 	/*! Format for the password field */
 	enum ari_password_format password_format;
 	/*! If true, user cannot execute change operations */

More information about the asterisk-commits mailing list