projects / working / SIPServer.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8545ee2)
WIP: client/ils password separation
authorJeff Godin <jgodin@tadl.org>
Wed, 13 May 2015 22:41:02 +0000 (15:41 -0700)
committerJeff Godin <jgodin@tadl.org>
Thu, 14 May 2015 00:06:06 +0000 (17:06 -0700)
Initial support for having a SIP client password distinct from the
ILS password.

Signed-off-by: Jeff Godin <jgodin@tadl.org>
SIPconfig.xml patch | blob | history
Sip/MsgType.pm patch | blob | history

diff --git a/SIPconfig.xml b/SIPconfig.xml
index 25039e7..cd86bc5 100644 (file)
--- a/SIPconfig.xml
+++ b/SIPconfig.xml
@@ -67,6 +67,10 @@
       <login id="lpl-sc" password="1234" institution="LPL" />
       <login id="lpl-sc-beacock" password="xyzzy"
              delimiter="|" error-detect="enabled" institution="LPL" />
+      <login id="uwols-sipclient-1"
+             clientpassword="salted-hash-here"
+             password="ils_secret"
+             institution="OWOLS" />
   </accounts>
 
 <!-- Institution tags will hold stuff used to interface to -->
diff --git a/Sip/MsgType.pm b/Sip/MsgType.pm
index 779d41d..c3938b8 100644 (file)
--- a/Sip/MsgType.pm
+++ b/Sip/MsgType.pm
@@ -852,7 +852,7 @@ sub handle_login {
     if (!exists($server->{config}->{accounts}->{$uid})) {
         syslog("LOG_WARNING", "MsgType::handle_login: Unknown login '$uid'");
         $status = 0;
-    } elsif ($server->{config}->{accounts}->{$uid}->{password} ne $pwd) {
+    } elsif (_verify_client_password($server->{config}->{accounts}->{$uid}, $pwd) != 1) {
         syslog("LOG_WARNING", "MsgType::handle_login: Invalid password for login '$uid'");
         $status = 0;
     } else {
@@ -866,6 +866,23 @@ sub handle_login {
     return $status ? LOGIN : '';
 }
 
+sub _verify_client_password {
+    # Accept a config hash representing a single login, and a supplied client password
+    # Return 1 on match, otherwise 0
+    # XXX: implement support for salted + hashed "clientpassword" value
+    my ($login_config, $pwd_from_client) = @_;
+
+    # if config has a clientpassword, verify against that
+    if (exists($login_config->{clientpassword})) {
+        syslog("LOG_INFO", "_verify_client_password: checking supplied password against clientpassword from config");
+        return 1 if ($pwd_from_client eq $login_config->{clientpassword});
+    } else { # otherwise, verify against "password" attribute
+        syslog("LOG_INFO", "_verify_client_password: checking supplied password against password from config");
+        return 1 if ($pwd_from_client eq $login_config->{password});
+    }
+    return 0; # password did not match
+}
+
 sub _load_ils_handler {
     my ($server, $uid) = @_;
 
SIP Server