<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<tt>Tito,<br>
<br>
In DB, what do you have - the plain text passwd or the HA1 ?<br>
<br>
Regards,<br>
</tt>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
<div class="moz-cite-prefix">On 03.06.2015 18:56, Tito Cumpen wrote:<br>
</div>
<blockquote
cite="mid:CANZPVB5fBzkXXSsy0rpHcEwegV50Aur1CyRm7Y_NaWBfama=0g@mail.gmail.com"
type="cite">
<div dir="ltr">Bogdan,
<div><br>
</div>
<div>The password is hashed into a numeric value it would seem.
Though my http db provides the password in raw unhashed string
when queried for the subscriber password. The debug shows that
the md5 hashing is not being matched matching but I am not
sure why since the save function is only called if <span
style="font-size:12.8000001907349px"> (!www_authorize("",
"subscriber")) is succeeded. Maybe something is being left
out?</span></div>
<div><span style="font-size:12.8000001907349px"><br>
</span></div>
<div><span style="font-size:12.8000001907349px">Thanks,</span></div>
<div><span style="font-size:12.8000001907349px"> Tito </span></div>
<div><span style="font-size:12.8000001907349px"><br>
</span></div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Jun 3, 2015 at 11:12 AM,
Bogdan-Andrei Iancu <span dir="ltr"><<a
moz-do-not-send="true" href="mailto:bogdan@opensips.org"
target="_blank">bogdan@opensips.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"> <tt>Hi Tito,<br>
<br>
Have you double checked if the passwd you push to
pv_www_authorize() (from cache) is the correct one ?<br>
<br>
Best Regards,<br>
</tt>
<pre cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a moz-do-not-send="true" href="http://www.opensips-solutions.com" target="_blank">http://www.opensips-solutions.com</a></pre>
<div>
<div class="h5">
<div>On 02.06.2015 01:58, Tito Cumpen wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div class="h5">
<div dir="ltr">my db http returns the password in
plain string by the way.</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Jun 1, 2015 at
6:57 PM, Tito Cumpen <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:tito@xsvoce.com"
target="_blank">tito@xsvoce.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div dir="ltr">Hello group,
<div><br>
</div>
<div><br>
</div>
<div>I am attempting to add memcache auth
validation in opensips 2.1. I was using
http db which returns a string of the user
password password. This was working prior
to utilizing pv_www_authorize. I used this
document as a guideline <a
moz-do-not-send="true"
href="http://www.opensips.org/Documentation/Tutorials-MemoryCaching"
target="_blank">http://www.opensips.org/Documentation/Tutorials-MemoryCaching</a></div>
<div><br>
</div>
<div>Here is my auth mod param config</div>
<div>
<div>loadmodule "cachedb_local.so"</div>
<div>loadmodule "auth.so"</div>
<div>loadmodule "auth_db.so"</div>
<div>modparam("auth","username_spec","$avp(i:54)")</div>
<div>modparam("auth","password_spec","$avp(i:55)")</div>
<div>modparam("auth","calculate_ha1",1)</div>
<div><br>
</div>
<div>modparam("auth_db", "calculate_ha1",
yes)</div>
<div><br>
</div>
<div>modparam("auth_db",
"password_column", "password")</div>
<div>#modparam("auth_db", "db_url",</div>
<div>modparam("auth_db", "db_url",<br>
</div>
<div> "<a moz-do-not-send="true"
href="http://mysubscriberdatabase.com"
target="_blank">http://mysubscriberdatabase.com</a>")</div>
<div><br>
</div>
<div>modparam("auth_db",
"load_credentials",
"$avp(i:55)=password")</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div><span style="white-space:pre-wrap"> </span>if
(is_method("REGISTER")) {</div>
<div><br>
</div>
<div><span style="white-space:pre-wrap"> </span>#
indicate that the client supports DTLS</div>
<div><span style="white-space:pre-wrap"> </span>#
so we know when he is called</div>
<div><span style="white-space:pre-wrap"> </span>if
(isflagset(SRC_WS))</div>
<div><span style="white-space:pre-wrap"> </span>setbflag(DST_WS);</div>
<div><br>
</div>
<div><span style="white-space:pre-wrap"> </span>if
( isflagset(uac_ws) ) {</div>
<div><span style="white-space:pre-wrap"> </span>
xlog("setting avp attribute in
register for websocket \n");</div>
<div><br>
</div>
<div> $avp(attr)="websocket"; <span
style="white-space:pre-wrap"> </span></div>
<div>}</div>
<div><span style="white-space:pre-wrap"> </span></div>
<div><span style="white-space:pre-wrap"> </span></div>
<div><span style="white-space:pre-wrap"> </span>if(cache_fetch("local","passwd_$tu",$avp(i:55)))
{</div>
<div><span style="white-space:pre-wrap"> </span>xlog("$tU
's credentials are stored in local cache
using it for this register request \n"); </div>
<div><span style="white-space:pre-wrap"> </span>$avp(i:54)
= $tU;</div>
<div><span style="white-space:pre-wrap"> </span>xlog("SCRIPT:
stored password is $avp(i:55)\n");</div>
<div><span style="white-space:pre-wrap"> </span>#
perform auth from variables</div>
<div><span style="white-space:pre-wrap"> </span>#
$avp(i:54) contains the username</div>
<div><span style="white-space:pre-wrap"> </span>#
$avp(i:55) contains the password</div>
<div><span style="white-space:pre-wrap"> </span>if
(!pv_www_authorize("")) {</div>
<div><span style="white-space:pre-wrap"> </span>$var(rc2)
= pv_www_authorize("");</div>
<div><span style="white-space:pre-wrap"> </span>
# $var(rc2) =
www_authorize("", "subscriber");</div>
<div><span style="white-space:pre-wrap"> </span>
xlog("Return code is $var(rc2)
\n");</div>
<div><span style="white-space:pre-wrap"> </span>
switch ( $var(rc2) ) {</div>
<div> case 1 :</div>
<div> # if ( proto==TCP || 0 ) {</div>
<div> #
setflag(TCP_PERSISTENT); </div>
<div> #
setflag(6);</div>
<div> # }</div>
<div> </div>
<div><br>
</div>
<div> if
(!save("location","f"))</div>
<div>
sl_reply_error();</div>
<div><br>
</div>
<div> exit;</div>
<div><br>
</div>
<div><br>
</div>
<div> # success</div>
<div> break;</div>
<div> case -1:</div>
<div> sl_send_reply("404","User not
found");</div>
<div> exit;</div>
<div> break;</div>
<div> case -2:</div>
<div> sl_send_reply("403","Forbidden
(Bad auth)");</div>
<div> exit;</div>
<div> break;</div>
<div> case -3:</div>
<div>
www_challenge("", "0");</div>
<div> exit;</div>
<div> #sl_send_reply("403","Forbidden
auth ID");</div>
<div> #break;</div>
<div> default:</div>
<div>
www_challenge("", "0");</div>
<div> exit;</div>
<div><br>
</div>
<div>}</div>
<div><br>
</div>
<div><span style="white-space:pre-wrap"> </span>};</div>
<div><br>
</div>
<div><span style="white-space:pre-wrap"> </span></div>
<div> if (!save("location","f"))</div>
<div>
sl_reply_error();</div>
<div><br>
</div>
<div> exit;</div>
<div><span style="white-space:pre-wrap"> </span></div>
<div><span style="white-space:pre-wrap"> </span>}else{<span
style="white-space:pre-wrap"> </span></div>
<div><span style="white-space:pre-wrap"> </span></div>
<div><span style="white-space:pre-wrap"> </span>xlog("could
not find the auth info in local cache for
$tU\n"); <span
style="white-space:pre-wrap"> </span> </div>
<div><span style="white-space:pre-wrap"> </span>xlog("accessing
the external db for auth info");</div>
<div><span style="white-space:pre-wrap"> </span>
# authenticate the REGISTER requests</div>
<div> if (!www_authorize("",
"subscriber"))</div>
<div> {</div>
<div>
xlog("new challenger $tU\n");</div>
<div><br>
</div>
<div><br>
</div>
<div> #
www_challenge("", "0");</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div> $var(rc) =
www_authorize("", "subscriber");</div>
<div> xlog("Return code is $var(rc)
\n");</div>
<div><br>
</div>
<div> switch ( $var(rc) ) {</div>
<div> case 1 :</div>
<div> # if ( proto==TCP || 0 ) {</div>
<div> #
setflag(TCP_PERSISTENT); </div>
<div> #
setflag(6);</div>
<div> # }</div>
<div>
# $avp(me) = $(tU{s.tolower});</div>
<div><br>
</div>
<div>
cache_store("local","passwd_$tu","$avp(i:55)",1200);</div>
<div><br>
</div>
<div> if
(!save("location","f"))</div>
<div>
sl_reply_error();</div>
<div><br>
</div>
<div> exit;</div>
<div><br>
</div>
<div><br>
</div>
<div> # success</div>
<div> break;</div>
<div> case -1:</div>
<div> sl_send_reply("404","User not
found");</div>
<div> exit;</div>
<div> break;</div>
<div> case -2:</div>
<div> sl_send_reply("403","Forbidden
(Bad auth)");</div>
<div> exit;</div>
<div> break;</div>
<div> case -3:</div>
<div>
www_challenge("", "0");</div>
<div> exit;</div>
<div> #sl_send_reply("403","Forbidden
auth ID");</div>
<div> #break;</div>
<div> default:</div>
<div>
www_challenge("", "0");</div>
<div> exit;</div>
<div><br>
</div>
<div>} </div>
<div>}</div>
<div><br>
</div>
<div><span style="white-space:pre-wrap"> </span>xlog("should
be storing local now that it has been
authorized\n");</div>
<div><span style="white-space:pre-wrap"> </span>
cache_store("local","passwd_$tu","$avp(i:55)",1200);</div>
<div><span style="white-space:pre-wrap"> </span>}</div>
<div><br>
</div>
<div>if (!save("location","f"))</div>
<div><span style="white-space:pre-wrap"> </span>sl_reply_error();</div>
<div><br>
</div>
<div><span style="white-space:pre-wrap"> </span>exit;</div>
<div><span style="white-space:pre-wrap"> </span></div>
<div>} </div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>The issue is the pv__www_authorize
method after the verification wether the
password is stored locally always returns
-2 which means the password is incorrect.
Can anyone provide any guidence as to why
this is ?</div>
<div><br>
</div>
<div><br>
</div>
<div>Thanks,<br>
Tito</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<pre>_______________________________________________
Users mailing list
<a moz-do-not-send="true" href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a>
<a moz-do-not-send="true" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>