[Asterisk-Dev] Pluggable authentication for assorted channels
James Sharp
jsharp at psychoses.org
Mon Oct 27 21:43:17 MST 2003
I'd like people's input on this (better ideas are encouraged!)
I've got a client who wants LDAP authentication added to chan_sip. I was
poking at it for a while, then decided "Hey, why not just add an
abstraction layer for authentication that could be used for any other
authentication?".
So I mulled over it a bit and came up with this:
Add a built-in to * for all of this...call it ast_pam_auth for lack of a
better name. You call it with a variable set of arguments which details
your request from the PAM system. The prototype looks something like
this:
int ast_pam_auth(char *source, int numargpairs, ...) where the variable
argument list are pairs of "title" and a pointer for the return. Example:
char *username
char *password
<mallocing & whatever is in here>
foo = ast_pam_auth("chan_sip",2,"Username",username,"Password",password).
The PAM subsystem then looks and sees that chan_sip is configured to use
pam_ldap (which was registered into the system on load, much like
applications & cdrs). pam_ldap registered to use pam_ldap_query(...) and
all the pointers that ast_pam_auth got passed get passed to
pam_ldap_query, which runs its query, fills in the pointers with
information, and returns/returns back to the channel.
The channel can then do whatever it needs to with the data that
ast_pam_auth has gotten for it.
More information about the asterisk-dev
mailing list