[OpenSIPS-Users] Issues using memcache auth

Tito Cumpen tito at xsvoce.com
Wed Jun 3 17:56:07 CEST 2015


Bogdan,

The password is hashed into a numeric value it would seem. Though my http
db provides the password in raw unhashed string when queried for the
subscriber password. The debug shows that the md5 hashing is not being
matched matching but I am not sure why since the save function is only
called if  (!www_authorize("", "subscriber")) is succeeded. Maybe something
is being left out?

Thanks,
 Tito


On Wed, Jun 3, 2015 at 11:12 AM, Bogdan-Andrei Iancu <bogdan at opensips.org>
wrote:

>  Hi Tito,
>
> Have you double checked if the passwd you push to pv_www_authorize() (from
> cache) is the correct one ?
>
> Best Regards,
>
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developerhttp://www.opensips-solutions.com
>
> On 02.06.2015 01:58, Tito Cumpen wrote:
>
> my db http returns the password in plain string by the way.
>
> On Mon, Jun 1, 2015 at 6:57 PM, Tito Cumpen <tito at xsvoce.com> wrote:
>
>> Hello group,
>>
>>
>>  I am attempting to add memcache auth validation in opensips 2.1. I was
>> using http db which returns a string of the user password password. This
>> was working prior to utilizing pv_www_authorize. I used this document as a
>> guideline http://www.opensips.org/Documentation/Tutorials-MemoryCaching
>>
>>  Here is my auth mod param config
>>  loadmodule "cachedb_local.so"
>> loadmodule "auth.so"
>> loadmodule "auth_db.so"
>> modparam("auth","username_spec","$avp(i:54)")
>> modparam("auth","password_spec","$avp(i:55)")
>> modparam("auth","calculate_ha1",1)
>>
>>  modparam("auth_db", "calculate_ha1", yes)
>>
>>  modparam("auth_db", "password_column", "password")
>> #modparam("auth_db", "db_url",
>> modparam("auth_db", "db_url",
>>           "http://mysubscriberdatabase.com")
>>
>>  modparam("auth_db", "load_credentials", "$avp(i:55)=password")
>>
>>
>>  if (is_method("REGISTER")) {
>>
>>  # indicate that the client supports DTLS
>>  # so we know when he is called
>>  if (isflagset(SRC_WS))
>>  setbflag(DST_WS);
>>
>>  if ( isflagset(uac_ws) ) {
>>         xlog("setting avp attribute in register for websocket \n");
>>
>>    $avp(attr)="websocket";
>> }
>>    if(cache_fetch("local","passwd_$tu",$avp(i:55))) {
>>  xlog("$tU 's credentials are stored in local cache using it for this
>> register request \n");
>>  $avp(i:54) = $tU;
>>  xlog("SCRIPT: stored password is $avp(i:55)\n");
>>  # perform auth from variables
>>  # $avp(i:54) contains the username
>>  # $avp(i:55) contains the password
>>  if (!pv_www_authorize("")) {
>>  $var(rc2) = pv_www_authorize("");
>>               #  $var(rc2) = www_authorize("", "subscriber");
>>         xlog("Return code is $var(rc2) \n");
>>                 switch ( $var(rc2) ) {
>>     case 1 :
>>            # if ( proto==TCP ||  0 ) {
>>            #             setflag(TCP_PERSISTENT);
>>             #                    setflag(6);
>>              #   }
>>
>>
>>                  if (!save("location","f"))
>>                         sl_reply_error();
>>
>>                  exit;
>>
>>
>>          # success
>>         break;
>>     case -1:
>>         sl_send_reply("404","User not found");
>>         exit;
>>         break;
>>     case -2:
>>         sl_send_reply("403","Forbidden (Bad auth)");
>>                 exit;
>>         break;
>>           case -3:
>>                                                www_challenge("", "0");
>>         exit;
>>         #sl_send_reply("403","Forbidden auth ID");
>>         #break;
>>     default:
>>                                www_challenge("", "0");
>>                 exit;
>>
>>  }
>>
>>  };
>>
>>            if (!save("location","f"))
>>                         sl_reply_error();
>>
>>                  exit;
>>   }else{
>>   xlog("could not find the auth info in local cache for $tU\n");
>>  xlog("accessing the external db for auth info");
>>    # authenticate the REGISTER requests
>>                 if (!www_authorize("", "subscriber"))
>>                 {
>>                                                 xlog("new challenger
>>  $tU\n");
>>
>>
>>                  #       www_challenge("", "0");
>>
>>
>>
>>                  $var(rc) = www_authorize("", "subscriber");
>>         xlog("Return code is $var(rc) \n");
>>
>>          switch ( $var(rc) ) {
>>     case 1 :
>>            # if ( proto==TCP ||  0 ) {
>>            #             setflag(TCP_PERSISTENT);
>>             #                    setflag(6);
>>              #   }
>>                                         #        $avp(me) =
>> $(tU{s.tolower});
>>
>>                 cache_store("local","passwd_$tu","$avp(i:55)",1200);
>>
>>                  if (!save("location","f"))
>>                         sl_reply_error();
>>
>>                  exit;
>>
>>
>>          # success
>>         break;
>>     case -1:
>>         sl_send_reply("404","User not found");
>>         exit;
>>         break;
>>     case -2:
>>         sl_send_reply("403","Forbidden (Bad auth)");
>>                 exit;
>>         break;
>>           case -3:
>>                                                www_challenge("", "0");
>>         exit;
>>         #sl_send_reply("403","Forbidden auth ID");
>>         #break;
>>     default:
>>                                www_challenge("", "0");
>>                 exit;
>>
>>  }
>> }
>>
>>  xlog("should be storing local now that it has been authorized\n");
>>
>>  cache_store("local","passwd_$tu","$avp(i:55)",1200);
>>  }
>>
>>  if (!save("location","f"))
>>  sl_reply_error();
>>
>>  exit;
>>  }
>>
>>
>>
>>  The issue is the pv__www_authorize method after the verification wether
>> the password is stored locally always returns -2 which means the password
>> is incorrect. Can anyone provide any guidence as to why this is ?
>>
>>
>>  Thanks,
>> Tito
>>
>
>
>
> _______________________________________________
> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20150603/1a6b70d0/attachment.htm>


More information about the Users mailing list