[svn-commits] dlee: branch dlee/ari-authn r392916 - in /team/dlee/ari-authn: include/asteri...

Tue Jun 25 17:28:50 CDT 2013

Author: dlee
Date: Tue Jun 25 17:28:48 2013
New Revision: 392916

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=392916
Log:
HTTP Basic auth working

Modified:
    team/dlee/ari-authn/include/asterisk/http.h
    team/dlee/ari-authn/main/http.c
    team/dlee/ari-authn/res/res_stasis_http.c

Modified: team/dlee/ari-authn/include/asterisk/http.h
URL: http://svnview.digium.com/svn/asterisk/team/dlee/ari-authn/include/asterisk/http.h?view=diff&rev=392916&r1=392915&r2=392916
==============================================================================

--- team/dlee/ari-authn/include/asterisk/http.h (original)
+++ team/dlee/ari-authn/include/asterisk/http.h Tue Jun 25 17:28:48 2013
@@ -112,6 +112,26 @@
 /*! \brief Get cookie from Request headers */
 struct ast_variable *ast_http_get_cookies(struct ast_variable *headers);
 
+/*! \brief HTTP authentication information. */
+struct ast_http_auth {
+	/*! Provided userid. */
+	char *userid;
+	/*! For Basic auth, the provided password. */
+	char *password;
+};
+
+/*!
+ * \brief Get HTTP authentication information from headers.
+ *
+ * The returned object is AO2 managed, so clean up with ao2_cleanup().
+ *
+ * \param headers HTTP request headers.
+ * \return HTTP auth structure.
+ * \return \c NULL if no supported HTTP auth headers present.
+ * \since 12
+ */
+struct ast_http_auth *ast_http_get_auth(struct ast_variable *headers);
+
 /*! \brief Register a URI handler */
 int ast_http_uri_link(struct ast_http_uri *urihandler);
 

Modified: team/dlee/ari-authn/main/http.c
URL: http://svnview.digium.com/svn/asterisk/team/dlee/ari-authn/main/http.c?view=diff&rev=392916&r1=392915&r2=392916
==============================================================================
--- team/dlee/ari-authn/main/http.c (original)
+++ team/dlee/ari-authn/main/http.c Tue Jun 25 17:28:48 2013
@@ -867,6 +867,79 @@
 	return cookies;
 }
 
+static void auth_dtor(void *obj)
+{
+	struct ast_http_auth *auth = obj;
+
+	ast_free(auth->userid);
+	ast_free(auth->password);
+}
+
+static struct ast_http_auth *auth_create(const char *userid,
+	const char *password)
+{
+	RAII_VAR(struct ast_http_auth *, auth, NULL, ao2_cleanup);
+
+	if (!userid || !password) {
+		ast_log(LOG_ERROR, "Invalid userid/password\n");
+		return NULL;
+	}
+
+	auth = ao2_alloc(sizeof(*auth), auth_dtor);
+	if (!auth) {
+		return NULL;
+	}
+
+	auth->userid = ast_strdup(userid);
+	auth->password = ast_strdup(password);
+	if (!auth->userid || !auth->password) {
+		return NULL;
+	}
+
+	ao2_ref(auth, +1);
+	return auth;
+}
+
+#define BASIC_LEN 6 /*!< "Basic " */
+
+struct ast_http_auth *ast_http_get_auth(struct ast_variable *headers)
+{
+	struct ast_variable *v;
+
+	for (v = headers; v; v = v->next) {
+		const char *base64;
+		char decoded[256];
+		int cnt;
+		char *colon;
+
+		if (strcasecmp("Authorization", v->name) != 0) {
+			continue;
+		}
+
+		if (strncasecmp("Basic ", v->value, BASIC_LEN) != 0) {
+			ast_log(LOG_WARNING, "Unsuppored Authorization scheme\n");
+			continue;
+		}
+
+		base64 = v->value + BASIC_LEN;
+
+		cnt = ast_base64decode((unsigned char*)decoded, base64,
+			sizeof(decoded) - 1);
+		ast_assert(cnt < sizeof(decoded));
+		decoded[cnt] = '\0';
+
+		colon = strchr(decoded, ':');
+		if (!colon) {
+			ast_log(LOG_WARNING, "Invalid Authorization header\n");
+			return NULL;
+		}
+		*colon = '\0';
+
+		return auth_create(decoded, colon + 1);
+	}
+
+	return NULL;
+}
 
 static void *httpd_helper_thread(void *data)
 {

Modified: team/dlee/ari-authn/res/res_stasis_http.c
URL: http://svnview.digium.com/svn/asterisk/team/dlee/ari-authn/res/res_stasis_http.c?view=diff&rev=392916&r1=392915&r2=392916
==============================================================================
--- team/dlee/ari-authn/res/res_stasis_http.c (original)
+++ team/dlee/ari-authn/res/res_stasis_http.c Tue Jun 25 17:28:48 2013
@@ -674,13 +674,21 @@
 static struct ari_conf_user *authenticate_user(struct ast_variable *get_params,
 	struct ast_variable *headers)
 {
+	RAII_VAR(struct ast_http_auth *, http_auth, NULL, ao2_cleanup);
 	struct ast_variable *v;
 
+	/* HTTP Basic authentication */
+	http_auth = ast_http_get_auth(headers);
+	if (http_auth) {
+		return ari_config_validate_user(http_auth->userid,
+			http_auth->password);
+	}
+
+	/* ?api_key authentication */
 	for (v = get_params; v; v = v->next) {
 		if (strcasecmp("api_key", v->name) == 0) {
 			RAII_VAR(char *, username, NULL, ast_free);
 			char *colon;
-			char *password;
 
 			username = ast_strdup(v->value);
 			if (!username) {
@@ -693,8 +701,7 @@
 			}
 
 			*colon = '\0';
-			password = colon + 1;
-			return ari_config_validate_user(username, password);
+			return ari_config_validate_user(username, colon + 1);
 		}
 	}
 
@@ -743,7 +750,7 @@
 		response.response_code = 401;
 		response.response_text = "Unauthorized";
 		ast_str_append(&response.headers, 0,
-			"WWW-Authenticate: Basic realm=\"Asterisk\"");
+			"WWW-Authenticate: Basic realm=\"Asterisk\"\r\n");
 	} else if (user->read_only && method != AST_HTTP_GET && method != AST_HTTP_OPTIONS) {
 		response.message = ast_json_pack("{s: s}",
 			"error", "Write access denied");


