From 2b4352d5ebd67ece2a473e5e3b7f14d6af216dbd Mon Sep 17 00:00:00 2001 From: David Troy Date: Fri, 7 Apr 2006 21:12:37 +0000 Subject: git-svn-id: http://svncommunity.digium.com/svn/astmanproxy/branches/1.20pre@95 f02b47b9-160a-0410-81a6-dc3441afb0ec --- README | 115 +++++++++++++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 94 insertions(+), 21 deletions(-) (limited to 'README') diff --git a/README b/README index 8c5578e..4a8b89d 100644 --- a/README +++ b/README @@ -29,8 +29,9 @@ Features include: For example, you can use Astmanproxy as a single point of contact to communicate with multiple Asterisk servers. -You can use Astmanproxy as the basis for a web-based application: -send it data using HTTP POST or HTTP GET, and receive XML output. +You can use Astmanproxy as the basis for a web-based application: +send it data using HTTP POST or HTTP GET, and receive XML output. +Or use HTTP POST and get Standard (text/plain) output back! No web server required! You can use Astmanproxy as an XML feed for a .NET program that keeps @@ -140,15 +141,19 @@ Server: (x.x.x.x|hostname) The proxy also intercepts the following Actions: Action: Login - Since the proxy logs in on behalf of your clients, and you are - using key-based or network-level security to secure the proxy, - logins should not be passed to asterisk. Ideally, your apps - will be written not to issue Logins in the first place, but - if you do, the proxy will intercept them and NOT pass them - to Asterisk. Instead, it will respond with an Authentication - Successful message, just as Asterisk would upon successful - authentication. Note it will do this regardless of information - supplied. + You can login to astmanproxy just as you would the Asterisk + Manager Interface. The user credentials are stored in + astmanproxy.users. + +Action: Challenge + Astmanproxy now supports the MD5 challenge authentication + mechanism. See section below for more information on + this authentication mechanism and how you can use it + in your applications to avoid having to send a password + over the internet, and instead use a MD5 challenge to + hash your password before sending. Note that this is + somewhat less of an issue with SSL support now enabled, + however, some apps require this mechanism, and we support it. Action: Logoff You don't want your applications logging the proxy off of @@ -163,23 +168,91 @@ Blank Commands blank command blocks. =================================================================== -Author Contact Info +On the Action: Challenge Authentication Mechanism -This code is intended primarily as a foundation for others to add -new features and capabilities going forward. While I will attempt -to keep up with it and add to it, I make no guarantees that I'll be -able to do that. My hope is that the wonderful asterisk community -will start making changes, and that those changes can be managed -through Digium's great CVS process. +John Todd wrote this excellent summary of the Action: Challenge +Authentication Mechanism, and it accurately describes the +implementation included in astmanproxy: -However, you can concact me at dave@popvox.com, and I will endeavor -to post the latest code here: +While the SSL encryption of the AMI is great, it's always a good +policy to never send passwords at all if you have an alternative. + After connecting to the AMI port, send this message: + + Action: Challenge + AuthType: MD5 + + You should receive a challenge string: + + Response: Success + Challenge: 125065091 + +Then, assuming that the manager username is "joebob" and the +password is "yoyodyne11", perform this on a shell line of a handy +UNIX system (you programmers will figure out how to do this with a +library call, I'm sure): + + bash-3.00# md5 -s 125065091yoyodyne11 + MD5 ("125065091yoyodyne11") = e83a9e59e7c8d1bb6554982275d05016 + bash-3.00# + + Now use this key to log in, so type this to the AMI: + + Action: Login + AuthType: MD5 + Username: joebob + Key: e83a9e59e7c8d1bb6554982275d05016 + + ...and you'll get: + + Response: Success + Message: Authentication accepted + +=================================================================== +Software Updates, Author Info, and How to Contribute + +Digium has graciously agreed to host the development of AstManProxy +on their Subversion Community Server. + +Latest releases can be found here: +http://svncommunity.digium.com/view/astmanproxy + +For development branches & experimental features: +http://svncommunity.digium.com/view/astmanproxy/branches + +For current development/stable snapshot: +http://svncommunity.digium.com/view/astmanproxy/trunk + +For stable release versions: +http://svncommunity.digium.com/view/astmanproxy/tags + +To download from these repositories: + + - Install Subversion (yum -y install subversion -- or equivalent) + - svn checkout http://svncommunity.digium.com/svn/astmanproxy/trunk + +Be sure to use the full URL path to the version you wish to check out; +for example, do not checkout the 'branches' tree, but instead choose +which branch to checkout, as in: + +http://svncommunity.digium.com/view/astmanproxy/branches/1.2x + +I will also try to post current tarballs here: http://www.popvox.com/astmanproxy -Donations are accepted via paypal to dave@toad.net. +Donations are accepted via paypal to dave@toad.net; beer is also +accepted at Astricon events. :) + +To contact me about contributing to the project, please email: +dave@popvox.com + +I acknowledge all contributions and encourage your experimentation! +AstManProxy would not be where it is without your support!! =================================================================== +AstManProxy Background Information +---------------------------------- + Developing web-based realtime applications for the asterisk open-source PBX often requires interacting with asterisk's Manager interface. The Asterisk Manager runs on port 5038 by default and -- cgit