diff options
| author | David M. Lee <dlee@digium.com> | 2013-07-03 16:33:13 +0000 |
|---|---|---|
| committer | David M. Lee <dlee@digium.com> | 2013-07-03 16:33:13 +0000 |
| commit | 9ba976b19c3e553b8ff0715b20894de61520a300 (patch) | |
| tree | c49720016f46bcc30e643dffc1caed3dafec7bed /configs | |
| parent | c9a3d4562ddb1ed5b34f7d5530efd6aa695377c2 (diff) | |
ARI authentication.
This patch adds authentication support to ARI.
Two authentication methods are supported. The first is HTTP Basic
authentication, as specified in RFC 2617[1]. The second is by simply
passing the username and password as an ?api_key query parameter
(which allows swagger-ui[2] to authenticate more easily).
ARI usernames and passwords are configured in the ari.conf file
(formerly known as stasis_http.conf). The user may be set to
`read_only`, which will prohibit the user from issuing POST, DELETE,
etc. Also, the user's password may be specified in either plaintext,
or encrypted using the crypt() function.
Several other notes about the patch.
* A few command line commands for seeing ARI config and status were
also added.
* The configuration parsing grew big enough that I extracted it to
its own file.
[1]: http://www.ietf.org/rfc/rfc2617.txt [2]:
https://github.com/wordnik/swagger-ui
(closes issue ASTERISK-21277)
Review: https://reviewboard.asterisk.org/r/2649/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@393530 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'configs')
| -rw-r--r-- | configs/ari.conf.sample | 23 | ||||
| -rw-r--r-- | configs/stasis_http.conf.sample | 25 |
2 files changed, 23 insertions, 25 deletions
diff --git a/configs/ari.conf.sample b/configs/ari.conf.sample new file mode 100644 index 000000000..11e2b065e --- /dev/null +++ b/configs/ari.conf.sample @@ -0,0 +1,23 @@ +[general] +enabled = yes ; When set to no, stasis-http support is disabled. +;pretty = no ; When set to yes, responses from stasis-http are +; ; formatted to be human readable. +;allowed_origins = ; Comma separated list of allowed origins, for +; ; Cross-Origin Resource Sharing. May be set to * to +; ; allow all origins. +;auth_realm = ; Realm to use for authentication. Defaults to Asterisk +; ; REST Interface. + +;[user-username] +;read_only = no ; When set to yes, user is only authorized for +; ; read-only requests. +; +;password = ; Crypted or plaintext password (see password_format). +; +; password_format may be set to plain (the default) or crypt. When set to crypt, +; crypt(3) is used to validate the password. A crypted password can be generated +; using mkpasswd -m sha-512. +; +; When set to plain, the password is in plaintext. +; +;password_format = plain diff --git a/configs/stasis_http.conf.sample b/configs/stasis_http.conf.sample deleted file mode 100644 index 1527a32be..000000000 --- a/configs/stasis_http.conf.sample +++ /dev/null @@ -1,25 +0,0 @@ -[general] -enabled = yes ; When set to no, stasis-http support is disabled -;pretty = no ; When set to yes, responses from stasis-http are -; ; formatted to be human readable -;allowed_origins = ; Comma separated list of allowed origins, for -; ; Cross-Origin Resource Sharing. May be set to * to allow -; ; all origins. - -;[user-username] -;read_only = no ; When set to yes, user is only authorized for -; ; read-only requests -; -; If a password is specified, user must authenticate using HTTP Basic -; authentication. If no password is specified, then the user may authenticate -; simply by adding ?api_key=username to their requests. -; -;password = ; Crypted or plaintext password (see crypt_password) -; -; crypt_password may be set to crypt (the default) or plain. When set to crypt, -; crypt(3) is used to encrypt the password. A crypted password can be generated -; using mkpasswd -m sha-512. -; -; When set to plain, the password is in plaintext -; -;crypt_password = plain |