From 9ba976b19c3e553b8ff0715b20894de61520a300 Mon Sep 17 00:00:00 2001
From: "David M. Lee" <dlee@digium.com>
Date: Wed, 3 Jul 2013 16:33:13 +0000
Subject: ARI authentication.

This patch adds authentication support to ARI.

Two authentication methods are supported. The first is HTTP Basic
authentication, as specified in RFC 2617[1]. The second is by simply
passing the username and password as an ?api_key query parameter
(which allows swagger-ui[2] to authenticate more easily).

ARI usernames and passwords are configured in the ari.conf file
(formerly known as stasis_http.conf). The user may be set to
`read_only`, which will prohibit the user from issuing POST, DELETE,
etc. Also, the user's password may be specified in either plaintext,
or encrypted using the crypt() function.

Several other notes about the patch.

 * A few command line commands for seeing ARI config and status were
   also added.
 * The configuration parsing grew big enough that I extracted it to
   its own file.

 [1]: http://www.ietf.org/rfc/rfc2617.txt [2]:
 https://github.com/wordnik/swagger-ui

(closes issue ASTERISK-21277)
Review: https://reviewboard.asterisk.org/r/2649/



git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@393530 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 configs/ari.conf.sample | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 configs/ari.conf.sample

(limited to 'configs/ari.conf.sample')

diff --git a/configs/ari.conf.sample b/configs/ari.conf.sample
new file mode 100644
index 000000000..11e2b065e
--- /dev/null
+++ b/configs/ari.conf.sample
@@ -0,0 +1,23 @@
+[general]
+enabled = yes		; When set to no, stasis-http support is disabled.
+;pretty = no		; When set to yes, responses from stasis-http are
+;			; formatted to be human readable.
+;allowed_origins =	; Comma separated list of allowed origins, for
+;			; Cross-Origin Resource Sharing. May be set to * to
+;			; allow all origins.
+;auth_realm =		; Realm to use for authentication. Defaults to Asterisk
+;			; REST Interface.
+
+;[user-username]
+;read_only = no		; When set to yes, user is only authorized for
+;			; read-only requests.
+;
+;password =		; Crypted or plaintext password (see password_format).
+;
+; password_format may be set to plain (the default) or crypt. When set to crypt,
+; crypt(3) is used to validate the password. A crypted password can be generated
+; using mkpasswd -m sha-512.
+;
+; When set to plain, the password is in plaintext.
+;
+;password_format = plain
-- 
cgit v1.2.3