ARI authentication.
authorDavid M. Lee <dlee@digium.com>
Wed, 3 Jul 2013 16:33:13 +0000 (16:33 +0000)
committerDavid M. Lee <dlee@digium.com>
Wed, 3 Jul 2013 16:33:13 +0000 (16:33 +0000)
commit9ba976b19c3e553b8ff0715b20894de61520a300
treec49720016f46bcc30e643dffc1caed3dafec7bed
parentc9a3d4562ddb1ed5b34f7d5530efd6aa695377c2
ARI authentication.

This patch adds authentication support to ARI.

Two authentication methods are supported. The first is HTTP Basic
authentication, as specified in RFC 2617[1]. The second is by simply
passing the username and password as an ?api_key query parameter
(which allows swagger-ui[2] to authenticate more easily).

ARI usernames and passwords are configured in the ari.conf file
(formerly known as stasis_http.conf). The user may be set to
`read_only`, which will prohibit the user from issuing POST, DELETE,
etc. Also, the user's password may be specified in either plaintext,
or encrypted using the crypt() function.

Several other notes about the patch.

 * A few command line commands for seeing ARI config and status were
   also added.
 * The configuration parsing grew big enough that I extracted it to
   its own file.

 [1]: http://www.ietf.org/rfc/rfc2617.txt [2]:
 https://github.com/wordnik/swagger-ui

(closes issue ASTERISK-21277)
Review: https://reviewboard.asterisk.org/r/2649/

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@393530 65c4cc65-6c06-0410-ace0-fbb531ad65f3
configs/ari.conf.sample [new file with mode: 0644]
configs/stasis_http.conf.sample [deleted file]
main/Makefile
main/http.c
main/utils.c
makeopts.in
res/Makefile
res/res_stasis_http.c
res/stasis_http/cli.c [new file with mode: 0644]
res/stasis_http/config.c [new file with mode: 0644]
res/stasis_http/internal.h [new file with mode: 0644]