git:master: modules/auth_ephemeral: new module for ephemeral credential based authentication
Module: sip-router Branch: master Commit: 0bea7f63afa0fd544ad93465db94ddef4ed67a00 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=0bea7f63...
Author: Peter Dunkley peter.dunkley@crocodile-rcs.com Committer: Peter Dunkley peter.dunkley@crocodile-rcs.com Date: Mon May 27 00:25:03 2013 +0100
modules/auth_ephemeral: new module for ephemeral credential based authentication
---
modules/auth_ephemeral/Makefile | 41 +++ modules/auth_ephemeral/README | 250 ++++++++++++++ modules/auth_ephemeral/autheph_mod.c | 168 ++++++++++ modules/auth_ephemeral/autheph_mod.h | 31 ++ modules/auth_ephemeral/authorize.c | 346 ++++++++++++++++++++ modules/auth_ephemeral/authorize.h | 42 +++ modules/auth_ephemeral/doc/Makefile | 4 + modules/auth_ephemeral/doc/auth_ephemeral.xml | 30 ++ .../auth_ephemeral/doc/auth_ephemeral_admin.xml | 306 +++++++++++++++++ 9 files changed, 1218 insertions(+), 0 deletions(-)
Diff: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commitdiff;h=0bea...
Hi Peter!
I just wonder how you do the authorization (e.g. verify that an authenticated user is allowed to use a certain identity in the From header)? Do you strip the timestamp from the username and use the base-username and compare it to the From user?
regards Klaus
On 27.05.2013 01:25, Peter Dunkley wrote:
Module: sip-router Branch: master Commit: 0bea7f63afa0fd544ad93465db94ddef4ed67a00 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=0bea7f63...
Author: Peter Dunkley peter.dunkley@crocodile-rcs.com Committer: Peter Dunkley peter.dunkley@crocodile-rcs.com Date: Mon May 27 00:25:03 2013 +0100
modules/auth_ephemeral: new module for ephemeral credential based authentication
modules/auth_ephemeral/Makefile | 41 +++ modules/auth_ephemeral/README | 250 ++++++++++++++ modules/auth_ephemeral/autheph_mod.c | 168 ++++++++++ modules/auth_ephemeral/autheph_mod.h | 31 ++ modules/auth_ephemeral/authorize.c | 346 ++++++++++++++++++++ modules/auth_ephemeral/authorize.h | 42 +++ modules/auth_ephemeral/doc/Makefile | 4 + modules/auth_ephemeral/doc/auth_ephemeral.xml | 30 ++ .../auth_ephemeral/doc/auth_ephemeral_admin.xml | 306 +++++++++++++++++ 9 files changed, 1218 insertions(+), 0 deletions(-)
Diff: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commitdiff;h=0bea...
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
You don't necessarily do this at all.
This is purely about digest authentication. However, even without the ability to verify that the From: header is correct in SIP, this module is useful for authenticating anonymous (click-to-call) style web-apps and MSRP relay authentication.
Whether you can do caller identification validation or not depends entirely on your network architecture and implementation and this module does nothing at all to help with this.
Peter
On 28/05/13 11:38, Klaus Darilion wrote:
Hi Peter!
I just wonder how you do the authorization (e.g. verify that an authenticated user is allowed to use a certain identity in the From header)? Do you strip the timestamp from the username and use the base-username and compare it to the From user?
regards Klaus
On 27.05.2013 01:25, Peter Dunkley wrote:
Module: sip-router Branch: master Commit: 0bea7f63afa0fd544ad93465db94ddef4ed67a00 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=0bea7f63...
Author: Peter Dunkley peter.dunkley@crocodile-rcs.com Committer: Peter Dunkley peter.dunkley@crocodile-rcs.com Date: Mon May 27 00:25:03 2013 +0100
modules/auth_ephemeral: new module for ephemeral credential based authentication
modules/auth_ephemeral/Makefile | 41 +++ modules/auth_ephemeral/README | 250 ++++++++++++++ modules/auth_ephemeral/autheph_mod.c | 168 ++++++++++ modules/auth_ephemeral/autheph_mod.h | 31 ++ modules/auth_ephemeral/authorize.c | 346 ++++++++++++++++++++ modules/auth_ephemeral/authorize.h | 42 +++ modules/auth_ephemeral/doc/Makefile | 4 + modules/auth_ephemeral/doc/auth_ephemeral.xml | 30 ++ .../auth_ephemeral/doc/auth_ephemeral_admin.xml | 306 +++++++++++++++++ 9 files changed, 1218 insertions(+), 0 deletions(-)
Diff: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commitdiff;h=0bea...
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
-
Klaus Darilion -
Peter Dunkley