Arjun Nair - 2008-09-08 16:50 Patch Attached: +++ sipXpbx/sipXrls/src/ResourceListServer.cpp +++ sipXpbx/sipXrls/src/ResourceListServer.h Modify the constructor to add the UtlString argument "realm". Pass the realm and domain name arguments onto the RlsSubscribePolicy object constructor. +++ sipXpbx/sipXrls/src/main.cpp Get the realm info from "SIP_RLS_AUTHENTICATE_REALM" configuration in "sipxrls-config" +++ sipXpbx/sipXrls/src/RlsSubscribePolicy.cpp +++ sipXpbx/sipXrls/src/RlsSubscribePolicy.h Modify the constructor to accept the realm and the domain name as arguments Override the virtual method UtlBoolean isAuthenticated() of the base class SipSubscribeServerEventHandler In RlsSubscribePolicy::isAuthenticated(), check the credentials for the from address of the SIP message in the CredentialsDb. The host address part of the from uri is set to the default domain name, in order to support from uris using a domain alias. +++ sipXconfig/neoconf/test/org/sipfoundry/sipxconfig/service/expected-rls-config +++ sipXconfig/neoconf/etc/sipxrls/sipxrls-config.vm Modify to generate the realm ("SIP_RLS_AUTHENTICATE_REALM") from the template for sipxrls-config. Adjust the unit test to reflect this change.

Dale R. Worley - 2008-10-23 16:31 The patch is tested and stops unauthenticated subscriptions. Phones can authenticate their SUBSCRIBEs and get RLS info.

Dale R. Worley - 2008-10-24 12:50 I've code-reviewed the patch and added some comments and improved the formatting in places. The result is attachment xecs-1604-oct24.diff. Arjun, could you review this? Also, there may be a question of exactly what authorization policy we want to enforce. I've sent a message to sipx-dev to address that.

Arjun Nair - 2008-10-26 20:35 I have reviewed the patch, and it looks good to me. I have made some changes (xecs-1604-oct26.diff) based on Dales's comments in http://thread.gmane.org/gmane.comp.voip.sipx.devel/13320, namely, we no longer check if the From address matches the Authorization User ID.

Dale R. Worley - 2008-10-27 12:58 Attachment xecs-1604-oct27.diff is one more version of the change, with a number of variables renamed from "requestXYZ" to "authXYZ", because what they contain is taken from the auth header. A few other items rearranged, one unnecessary function call removed, and error message contents corrected.

Dale R. Worley - 2008-10-29 16:06 xecs-1604-oct29.diff is a version that uses the version of CredentialDB::getCredential() that takes user-part/realm as arguments, to avoid the effort of constructing an identity to look up.

Arjun Nair - 2008-11-04 14:19 I have gone through and tested xecs-1604-oct29.diff, and it works fine. Thanks for the updates/corrections!

Dale R. Worley - 2008-11-04 21:34 Final version checked in as rev. 13912.