[asterisk-dev] SIP users authentication ...

Mauro Sergio Ferreira Brasil mauro.brasil at tqi.com.br
Mon Aug 10 11:42:48 CDT 2009


Hi Olle!

Let's consider that our customer, that want's at all costs to have this 
authentication being performed by Asterisk (on a different fashion than 
provided by current alternatives), allow us to engage an effort to 
implement some authentication API.

First question that comes to mind is how common could be the use of such 
API? I mean, as long as I could see, SIP and IAX channels could use such 
resource. Is this feature extendable to other channels?
The really important question: should we develop a structured 
authentication API (with register/unregister/access methods), or just 
create an authentication resource and use it on necessary channels 
without the "knowledge" of Asterisk as it was done so far?

If you decide to implement an authentication API (and I strongly vote 
for that), will it be easy to define the interface in order to be able 
to perform authentication on the way needed by each channel ? Or maybe 
to point out a set of parameters that will be enough for all current and 
future authentication needs (like userid, password, domain, etc) ?
For example: SIP provides a challenge mechanism based on HTTP 
authentication, and for it we need only userid, password and domain. 
But, how authentication works for the others "channel entitites" (IAX, 
etc) ?

How about an initial set of methods like this:

struct channel_auth_engine
{
    void authenticate(const char* userid, const char* password, const 
char* domain);  ***
};

*** Maybe we can define a method signature for each type of channel 
(like: "sip_authenticate", "iax_authenticate", etc) with their different 
needs of parameters;

ast_channel_auth_engine_register (file main/channel_auth.c): receives a 
"channel_auth_engine" pointer and a "char *" with the name of the 
channel (like SIP, IAX, etc) on which this engine should be used, and 
registrate it;
ast_channel_auth_engine_unregister (file main/channel_auth.c): 
unregistrate a channel auth engine;
ast_channel_auth_engine_get (file main/channel_auth.c): receives a 
channel name (like SIP, IAX, etc) and returns it's registered auth 
engine, if any;

On this initial view, I was not considering the possibility of someone 
wanting to handle authentication differently on one same Asterisk 
instance, so it will exist only one channel auth engine per channel type.
And this suggestion is intended just to provide additional, and/or 
proprietary authentication handling to "channel entities".

Any comments, ideas, disagreements ?

Thanks and best regards,
Mauro.





Olle E. Johansson escreveu:
> 7 aug 2009 kl. 22.58 skrev Mauro Sergio Ferreira Brasil:
>
>   
>> Hello there!
>>
>> I was having a look on alternative ways to handle SIP users  
>> authentication other than local/static and through ARA when I found  
>> ticket "https://issues.asterisk.org/view.php?id=5424".
>> Unfortunately this ticket was put on hold since 2007.
>>
>> I found other people with similar needs than mine, that is a way to  
>> make Asterisk use external means (mostly some sort of server) to  
>> authenticate SIP users, and it seems that it could be usefull to IAX  
>> users as well.
>>
>> The question is: Why has this ticket got abandoned? Not enough  
>> people interested? Not enough people/time available to handle it?
>>     
>
> Yes, yes.
>
> /O
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> AstriCon 2009 - October 13 - 15 Phoenix, Arizona
> Register Now: http://www.astricon.net
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-dev
>
>
>   

-- 
__At.,                                                                                                                             
   _
 
*Technology and Quality on Information*
Mauro Sérgio Ferreira Brasil
Coordenador de Projetos e Analista de Sistemas
+ mauro.brasil at tqi.com.br <mailto:@tqi.com.br>
: www.tqi.com.br <http://www.tqi.com.br>
( + 55 (34)3291-1700
( + 55 (34)9971-2572

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-dev/attachments/20090810/7f67a58e/attachment-0001.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1705 bytes
Desc: not available
Url : http://lists.digium.com/pipermail/asterisk-dev/attachments/20090810/7f67a58e/attachment-0001.jpeg 


More information about the asterisk-dev mailing list