[OpenSIPS-Users] Issues using memcache auth
Bogdan-Andrei Iancu
bogdan at opensips.org
Wed Jun 3 17:59:16 CEST 2015
Tito,
In DB, what do you have - the plain text passwd or the HA1 ?
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 03.06.2015 18:56, Tito Cumpen wrote:
> Bogdan,
>
> The password is hashed into a numeric value it would seem. Though my
> http db provides the password in raw unhashed string when queried for
> the subscriber password. The debug shows that the md5 hashing is not
> being matched matching but I am not sure why since the save function
> is only called if (!www_authorize("", "subscriber")) is succeeded.
> Maybe something is being left out?
>
> Thanks,
> Tito
>
>
> On Wed, Jun 3, 2015 at 11:12 AM, Bogdan-Andrei Iancu
> <bogdan at opensips.org <mailto:bogdan at opensips.org>> wrote:
>
> Hi Tito,
>
> Have you double checked if the passwd you push to
> pv_www_authorize() (from cache) is the correct one ?
>
> Best Regards,
>
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developer
> http://www.opensips-solutions.com
>
> On 02.06.2015 01:58, Tito Cumpen wrote:
>> my db http returns the password in plain string by the way.
>>
>> On Mon, Jun 1, 2015 at 6:57 PM, Tito Cumpen <tito at xsvoce.com
>> <mailto:tito at xsvoce.com>> wrote:
>>
>> Hello group,
>>
>>
>> I am attempting to add memcache auth validation in opensips
>> 2.1. I was using http db which returns a string of the user
>> password password. This was working prior to utilizing
>> pv_www_authorize. I used this document as a guideline
>> http://www.opensips.org/Documentation/Tutorials-MemoryCaching
>>
>> Here is my auth mod param config
>> loadmodule "cachedb_local.so"
>> loadmodule "auth.so"
>> loadmodule "auth_db.so"
>> modparam("auth","username_spec","$avp(i:54)")
>> modparam("auth","password_spec","$avp(i:55)")
>> modparam("auth","calculate_ha1",1)
>>
>> modparam("auth_db", "calculate_ha1", yes)
>>
>> modparam("auth_db", "password_column", "password")
>> #modparam("auth_db", "db_url",
>> modparam("auth_db", "db_url",
>> "http://mysubscriberdatabase.com")
>>
>> modparam("auth_db", "load_credentials", "$avp(i:55)=password")
>>
>>
>> if (is_method("REGISTER")) {
>>
>> # indicate that the client supports DTLS
>> # so we know when he is called
>> if (isflagset(SRC_WS))
>> setbflag(DST_WS);
>>
>> if ( isflagset(uac_ws) ) {
>> xlog("setting avp attribute in register for websocket
>> \n");
>>
>> $avp(attr)="websocket";
>> }
>> if(cache_fetch("local","passwd_$tu",$avp(i:55))) {
>> xlog("$tU 's credentials are stored in local cache using it
>> for this register request \n");
>> $avp(i:54) = $tU;
>> xlog("SCRIPT: stored password is $avp(i:55)\n");
>> # perform auth from variables
>> # $avp(i:54) contains the username
>> # $avp(i:55) contains the password
>> if (!pv_www_authorize("")) {
>> $var(rc2) = pv_www_authorize("");
>> # $var(rc2) = www_authorize("", "subscriber");
>> xlog("Return code is $var(rc2) \n");
>> switch ( $var(rc2) ) {
>> case 1 :
>> # if ( proto==TCP || 0 ) {
>> # setflag(TCP_PERSISTENT);
>> # setflag(6);
>> # }
>>
>> if (!save("location","f"))
>> sl_reply_error();
>>
>> exit;
>>
>>
>> # success
>> break;
>> case -1:
>> sl_send_reply("404","User not found");
>> exit;
>> break;
>> case -2:
>> sl_send_reply("403","Forbidden (Bad auth)");
>> exit;
>> break;
>> case -3:
>> www_challenge("", "0");
>> exit;
>> #sl_send_reply("403","Forbidden auth ID");
>> #break;
>> default:
>> www_challenge("", "0");
>> exit;
>>
>> }
>>
>> };
>>
>> if (!save("location","f"))
>> sl_reply_error();
>>
>> exit;
>> }else{
>> xlog("could not find the auth info in local cache for $tU\n");
>> xlog("accessing the external db for auth info");
>> # authenticate the REGISTER requests
>> if (!www_authorize("", "subscriber"))
>> {
>> xlog("new challenger $tU\n");
>>
>>
>> # www_challenge("", "0");
>>
>>
>>
>> $var(rc) = www_authorize("", "subscriber");
>> xlog("Return code is $var(rc) \n");
>>
>> switch ( $var(rc) ) {
>> case 1 :
>> # if ( proto==TCP || 0 ) {
>> # setflag(TCP_PERSISTENT);
>> # setflag(6);
>> # }
>> # $avp(me) = $(tU{s.tolower});
>>
>> cache_store("local","passwd_$tu","$avp(i:55)",1200);
>>
>> if (!save("location","f"))
>> sl_reply_error();
>>
>> exit;
>>
>>
>> # success
>> break;
>> case -1:
>> sl_send_reply("404","User not found");
>> exit;
>> break;
>> case -2:
>> sl_send_reply("403","Forbidden (Bad auth)");
>> exit;
>> break;
>> case -3:
>> www_challenge("", "0");
>> exit;
>> #sl_send_reply("403","Forbidden auth ID");
>> #break;
>> default:
>> www_challenge("", "0");
>> exit;
>>
>> }
>> }
>>
>> xlog("should be storing local now that it has been
>> authorized\n");
>> cache_store("local","passwd_$tu","$avp(i:55)",1200);
>> }
>>
>> if (!save("location","f"))
>> sl_reply_error();
>>
>> exit;
>> }
>>
>>
>>
>> The issue is the pv__www_authorize method after the
>> verification wether the password is stored locally always
>> returns -2 which means the password is incorrect. Can anyone
>> provide any guidence as to why this is ?
>>
>>
>> Thanks,
>> Tito
>>
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20150603/34c3513c/attachment-0001.htm>
More information about the Users
mailing list