<div dir="ltr">Bogdan,<div><br></div><div>The password is hashed into a numeric value it would seem. Though my http db provides the password in raw unhashed string when queried for the subscriber password. The debug shows that the md5 hashing is not being matched matching but I am not sure why since the save function is only called if <span style="font-size:12.8000001907349px"> (!www_authorize("", "subscriber")) is succeeded. Maybe something is being left out?</span></div><div><span style="font-size:12.8000001907349px"><br></span></div><div><span style="font-size:12.8000001907349px">Thanks,</span></div><div><span style="font-size:12.8000001907349px"> Tito </span></div><div><span style="font-size:12.8000001907349px"><br></span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jun 3, 2015 at 11:12 AM, Bogdan-Andrei Iancu <span dir="ltr"><<a href="mailto:bogdan@opensips.org" target="_blank">bogdan@opensips.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<tt>Hi Tito,<br>
<br>
Have you double checked if the passwd you push to
pv_www_authorize() (from cache) is the correct one ?<br>
<br>
Best Regards,<br>
</tt>
<pre cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a href="http://www.opensips-solutions.com" target="_blank">http://www.opensips-solutions.com</a></pre><div><div class="h5">
<div>On 02.06.2015 01:58, Tito Cumpen wrote:<br>
</div>
</div></div><blockquote type="cite"><div><div class="h5">
<div dir="ltr">my db http returns the password in plain string by
the way.</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Jun 1, 2015 at 6:57 PM, Tito
Cumpen <span dir="ltr"><<a href="mailto:tito@xsvoce.com" target="_blank">tito@xsvoce.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hello group,
<div><br>
</div>
<div><br>
</div>
<div>I am attempting to add memcache auth validation in
opensips 2.1. I was using http db which returns a string
of the user password password. This was working prior to
utilizing pv_www_authorize. I used this document as a
guideline <a href="http://www.opensips.org/Documentation/Tutorials-MemoryCaching" target="_blank">http://www.opensips.org/Documentation/Tutorials-MemoryCaching</a></div>
<div><br>
</div>
<div>Here is my auth mod param config</div>
<div>
<div>loadmodule "cachedb_local.so"</div>
<div>loadmodule "auth.so"</div>
<div>loadmodule "auth_db.so"</div>
<div>modparam("auth","username_spec","$avp(i:54)")</div>
<div>modparam("auth","password_spec","$avp(i:55)")</div>
<div>modparam("auth","calculate_ha1",1)</div>
<div><br>
</div>
<div>modparam("auth_db", "calculate_ha1", yes)</div>
<div><br>
</div>
<div>modparam("auth_db", "password_column", "password")</div>
<div>#modparam("auth_db", "db_url",</div>
<div>modparam("auth_db", "db_url",<br>
</div>
<div> "<a href="http://mysubscriberdatabase.com" target="_blank">http://mysubscriberdatabase.com</a>")</div>
<div><br>
</div>
<div>modparam("auth_db", "load_credentials",
"$avp(i:55)=password")</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div><span style="white-space:pre-wrap"> </span>if
(is_method("REGISTER")) {</div>
<div><br>
</div>
<div><span style="white-space:pre-wrap"> </span>#
indicate that the client supports DTLS</div>
<div><span style="white-space:pre-wrap"> </span># so we
know when he is called</div>
<div><span style="white-space:pre-wrap"> </span>if
(isflagset(SRC_WS))</div>
<div><span style="white-space:pre-wrap"> </span>setbflag(DST_WS);</div>
<div><br>
</div>
<div><span style="white-space:pre-wrap"> </span>if (
isflagset(uac_ws) ) {</div>
<div><span style="white-space:pre-wrap"> </span>
xlog("setting avp attribute in register for websocket
\n");</div>
<div><br>
</div>
<div> $avp(attr)="websocket"; <span style="white-space:pre-wrap"> </span></div>
<div>}</div>
<div><span style="white-space:pre-wrap"> </span></div>
<div><span style="white-space:pre-wrap"> </span></div>
<div><span style="white-space:pre-wrap"> </span>if(cache_fetch("local","passwd_$tu",$avp(i:55)))
{</div>
<div><span style="white-space:pre-wrap"> </span>xlog("$tU
's credentials are stored in local cache using it for
this register request \n"); </div>
<div><span style="white-space:pre-wrap"> </span>$avp(i:54)
= $tU;</div>
<div><span style="white-space:pre-wrap"> </span>xlog("SCRIPT:
stored password is $avp(i:55)\n");</div>
<div><span style="white-space:pre-wrap"> </span># perform
auth from variables</div>
<div><span style="white-space:pre-wrap"> </span>#
$avp(i:54) contains the username</div>
<div><span style="white-space:pre-wrap"> </span>#
$avp(i:55) contains the password</div>
<div><span style="white-space:pre-wrap"> </span>if
(!pv_www_authorize("")) {</div>
<div><span style="white-space:pre-wrap"> </span>$var(rc2)
= pv_www_authorize("");</div>
<div><span style="white-space:pre-wrap"> </span>
# $var(rc2) = www_authorize("", "subscriber");</div>
<div><span style="white-space:pre-wrap"> </span>
xlog("Return code is $var(rc2) \n");</div>
<div><span style="white-space:pre-wrap"> </span>
switch ( $var(rc2) ) {</div>
<div> case 1 :</div>
<div> # if ( proto==TCP || 0 ) {</div>
<div> # setflag(TCP_PERSISTENT); </div>
<div> # setflag(6);</div>
<div> # }</div>
<div> </div>
<div><br>
</div>
<div> if (!save("location","f"))</div>
<div> sl_reply_error();</div>
<div><br>
</div>
<div> exit;</div>
<div><br>
</div>
<div><br>
</div>
<div> # success</div>
<div> break;</div>
<div> case -1:</div>
<div> sl_send_reply("404","User not found");</div>
<div> exit;</div>
<div> break;</div>
<div> case -2:</div>
<div> sl_send_reply("403","Forbidden (Bad auth)");</div>
<div> exit;</div>
<div> break;</div>
<div> case -3:</div>
<div>
www_challenge("", "0");</div>
<div> exit;</div>
<div> #sl_send_reply("403","Forbidden auth ID");</div>
<div> #break;</div>
<div> default:</div>
<div> www_challenge("",
"0");</div>
<div> exit;</div>
<div><br>
</div>
<div>}</div>
<div><br>
</div>
<div><span style="white-space:pre-wrap"> </span>};</div>
<div><br>
</div>
<div><span style="white-space:pre-wrap"> </span></div>
<div> if (!save("location","f"))</div>
<div> sl_reply_error();</div>
<div><br>
</div>
<div> exit;</div>
<div><span style="white-space:pre-wrap"> </span></div>
<div><span style="white-space:pre-wrap"> </span>}else{<span style="white-space:pre-wrap"> </span></div>
<div><span style="white-space:pre-wrap"> </span></div>
<div><span style="white-space:pre-wrap"> </span>xlog("could
not find the auth info in local cache for $tU\n"); <span style="white-space:pre-wrap"> </span> </div>
<div><span style="white-space:pre-wrap"> </span>xlog("accessing
the external db for auth info");</div>
<div><span style="white-space:pre-wrap"> </span> #
authenticate the REGISTER requests</div>
<div> if (!www_authorize("", "subscriber"))</div>
<div> {</div>
<div>
xlog("new challenger $tU\n");</div>
<div><br>
</div>
<div><br>
</div>
<div> # www_challenge("", "0");</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div> $var(rc) = www_authorize("",
"subscriber");</div>
<div> xlog("Return code is $var(rc) \n");</div>
<div><br>
</div>
<div> switch ( $var(rc) ) {</div>
<div> case 1 :</div>
<div> # if ( proto==TCP || 0 ) {</div>
<div> # setflag(TCP_PERSISTENT); </div>
<div> # setflag(6);</div>
<div> # }</div>
<div> #
$avp(me) = $(tU{s.tolower});</div>
<div><br>
</div>
<div>
cache_store("local","passwd_$tu","$avp(i:55)",1200);</div>
<div><br>
</div>
<div> if (!save("location","f"))</div>
<div> sl_reply_error();</div>
<div><br>
</div>
<div> exit;</div>
<div><br>
</div>
<div><br>
</div>
<div> # success</div>
<div> break;</div>
<div> case -1:</div>
<div> sl_send_reply("404","User not found");</div>
<div> exit;</div>
<div> break;</div>
<div> case -2:</div>
<div> sl_send_reply("403","Forbidden (Bad auth)");</div>
<div> exit;</div>
<div> break;</div>
<div> case -3:</div>
<div>
www_challenge("", "0");</div>
<div> exit;</div>
<div> #sl_send_reply("403","Forbidden auth ID");</div>
<div> #break;</div>
<div> default:</div>
<div> www_challenge("",
"0");</div>
<div> exit;</div>
<div><br>
</div>
<div>} </div>
<div>}</div>
<div><br>
</div>
<div><span style="white-space:pre-wrap"> </span>xlog("should
be storing local now that it has been authorized\n");</div>
<div><span style="white-space:pre-wrap"> </span>
cache_store("local","passwd_$tu","$avp(i:55)",1200);</div>
<div><span style="white-space:pre-wrap"> </span>}</div>
<div><br>
</div>
<div>if (!save("location","f"))</div>
<div><span style="white-space:pre-wrap"> </span>sl_reply_error();</div>
<div><br>
</div>
<div><span style="white-space:pre-wrap"> </span>exit;</div>
<div><span style="white-space:pre-wrap"> </span></div>
<div>} </div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>The issue is the pv__www_authorize method after the
verification wether the password is stored locally
always returns -2 which means the password is incorrect.
Can anyone provide any guidence as to why this is ?</div>
<div><br>
</div>
<div><br>
</div>
<div>Thanks,<br>
Tito</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
Users mailing list
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</div>
</blockquote></div><br></div>