Thanks for reviewing the patch, comments inline: Dale Worley wrote: > I was looking at Arjun's patch for XECS-1604. It contains an > isAuthenticated method to test if an incoming subscription request (for > a resource-list URI) is authenticated. His version seems to be largely > copied from SipRegistrarServer.cpp. But I wonder if the authentication > algorithm should be adjusted. > > In particular, the code checks to see if the Authorization header has > the correct user/realm/password/nonce in the ordinary way. But in > addition, it checks that the authorization user matches the user-part of > the From header (where fromNameAddr is given to getCredential as the > identity of the credential to be looked up). I think in this case, we > want to omit that last check, that the Authorization header should stand > alone.
Yes, I agree. This would be a good idea, I will go ahead and make the change.. > > Also, this code does not respect any P-Asserted-Identity that other sipX > components may have added. >From what I can recall, when the PAI field is added, the Proxy-Authorization >header is left alone. This header is enough for us to authenticate the message >in sipXrls, so there is no real need to check for the PAI header explicitly. > > Perhaps this code should be replaced by the authorization code used in > the auth proxy function? I am not sure I understand what you mean. The SipRouter authorization code uses a similar algorithm (at least from an initial glance).. Arjun _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev
