
<html>

  <head>

    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <tt>Hi Tito,<br>

      <br>

      OK, so you have a plain text pwd in DB. You also load it to the

      script during DB auth and push it into the cache. What I was

      asking is to do some xlog from script to double check that

      whatever is stored and later fetched from script is correct - have

      you checked that ?<br>

      <br>

      Regards,<br>

    </tt>

    <pre class="moz-signature" cols="72">Bogdan-Andrei Iancu

OpenSIPS Founder and Developer

<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>

    <div class="moz-cite-prefix">On 03.06.2015 20:01, Tito Cumpen wrote:<br>

    </div>

    <blockquote

cite="mid:CANZPVB6vPPeBE8-mWfo6e52tG8MfMXDRGX=cH4ZRDvOO7RNE3g@mail.gmail.com"

      type="cite">

      <div dir="ltr">Bogdan,

        <div><br>

        </div>

        <div><br>

        </div>

        <div>The password is provided in plaintext by the db. The

          working scenario looks likes this :</div>

        <div><br>

        </div>

        <div>

          <p class=""><span class="">loadmodule "auth.so"</span></p>

          <p class=""><span class="">loadmodule "auth_db.so"</span></p>

          <p class=""><span class="">modparam("auth_db",

              "calculate_ha1", yes)</span></p>

          <p class=""><span class=""></span><br>

          </p>

          <p class=""><span class="">modparam("auth_db",

              "password_column", "password")</span></p>

          <p class=""><span class="">#modparam("auth_db", "db_url",</span></p>

          <p class="">modparam("auth_db", "db_url",<br>

          </p>

          <p class=""><span class="">         "http:</span><span

              class="">//myauthdb")</span></p>

          <p class=""><span class=""></span><br>

          </p>

          <p class=""><span class="">modparam("auth_db",

              "load_credentials", "")</span></p>

        </div>

      </div>

      <div class="gmail_extra"><br>

        <div class="gmail_quote">On Wed, Jun 3, 2015 at 11:59 AM,

          Bogdan-Andrei Iancu <span dir="ltr">&lt;<a

              moz-do-not-send="true" href="mailto:bogdan@opensips.org"

              target="_blank">bogdan@opensips.org</a>&gt;</span> wrote:<br>

          <blockquote class="gmail_quote" style="margin:0 0 0

            .8ex;border-left:1px #ccc solid;padding-left:1ex">

            <div text="#000000" bgcolor="#FFFFFF"> <tt>Tito,<br>

                <br>

                In DB, what do you have - the plain text passwd or the

                HA1 ?<br>

                <br>

                Regards,<br>

              </tt><span class="">

                <pre cols="72">Bogdan-Andrei Iancu

OpenSIPS Founder and Developer

<a moz-do-not-send="true" href="http://www.opensips-solutions.com" target="_blank">http://www.opensips-solutions.com</a></pre>

              </span>

              <div>

                <div class="h5">

                  <div>On 03.06.2015 18:56, Tito Cumpen wrote:<br>

                  </div>

                  <blockquote type="cite">

                    <div dir="ltr">Bogdan,

                      <div><br>

                      </div>

                      <div>The password is hashed into a numeric value

                        it would seem. Though my http db provides the

                        password in raw unhashed string when queried for

                        the subscriber password. The debug shows that

                        the md5 hashing is not being matched matching

                        but I am not sure why since the save function is

                        only called if <span

                          style="font-size:12.8000001907349px"> (!www_authorize("",


                          "subscriber")) is succeeded. Maybe something

                          is being left out?</span></div>

                      <div><span style="font-size:12.8000001907349px"><br>

                        </span></div>

                      <div><span style="font-size:12.8000001907349px">Thanks,</span></div>

                      <div><span style="font-size:12.8000001907349px"> Tito </span></div>

                      <div><span style="font-size:12.8000001907349px"><br>

                        </span></div>

                    </div>

                    <div class="gmail_extra"><br>

                      <div class="gmail_quote">On Wed, Jun 3, 2015 at

                        11:12 AM, Bogdan-Andrei Iancu <span dir="ltr">&lt;<a

                            moz-do-not-send="true"

                            href="mailto:bogdan@opensips.org"

                            target="_blank">bogdan@opensips.org</a>&gt;</span>

                        wrote:<br>

                        <blockquote class="gmail_quote" style="margin:0

                          0 0 .8ex;border-left:1px #ccc

                          solid;padding-left:1ex">

                          <div text="#000000" bgcolor="#FFFFFF"> <tt>Hi

                              Tito,<br>

                              <br>

                              Have you double checked if the passwd you

                              push to pv_www_authorize() (from cache) is

                              the correct one ?<br>

                              <br>

                              Best Regards,<br>

                            </tt>

                            <pre cols="72">Bogdan-Andrei Iancu

OpenSIPS Founder and Developer

<a moz-do-not-send="true" href="http://www.opensips-solutions.com" target="_blank">http://www.opensips-solutions.com</a></pre>

                            <div>

                              <div>

                                <div>On 02.06.2015 01:58, Tito Cumpen

                                  wrote:<br>

                                </div>

                              </div>

                            </div>

                            <blockquote type="cite">

                              <div>

                                <div>

                                  <div dir="ltr">my db http returns the

                                    password in plain string by the way.</div>

                                  <div class="gmail_extra"><br>

                                    <div class="gmail_quote">On Mon, Jun

                                      1, 2015 at 6:57 PM, Tito Cumpen <span

                                        dir="ltr">&lt;<a

                                          moz-do-not-send="true"

                                          href="mailto:tito@xsvoce.com"

                                          target="_blank">tito@xsvoce.com</a>&gt;</span>

                                      wrote:<br>

                                      <blockquote class="gmail_quote"

                                        style="margin:0 0 0

                                        .8ex;border-left:1px #ccc

                                        solid;padding-left:1ex">

                                        <div dir="ltr">Hello group,

                                          <div><br>

                                          </div>

                                          <div><br>

                                          </div>

                                          <div>I am attempting to add

                                            memcache auth validation in

                                            opensips 2.1. I was using

                                            http db which returns a

                                            string of the user password

                                            password. This was working

                                            prior to utilizing

                                            pv_www_authorize. I used

                                            this document as a

                                            guideline <a

                                              moz-do-not-send="true"

                                              href="http://www.opensips.org/Documentation/Tutorials-MemoryCaching"

                                              target="_blank">http://www.opensips.org/Documentation/Tutorials-MemoryCaching</a></div>

                                          <div><br>

                                          </div>

                                          <div>Here is my auth mod param

                                            config</div>

                                          <div>

                                            <div>loadmodule

                                              "cachedb_local.so"</div>

                                            <div>loadmodule "auth.so"</div>

                                            <div>loadmodule "auth_db.so"</div>

                                            <div>modparam("auth","username_spec","$avp(i:54)")</div>

                                            <div>modparam("auth","password_spec","$avp(i:55)")</div>

                                            <div>modparam("auth","calculate_ha1",1)</div>

                                            <div><br>

                                            </div>

                                            <div>modparam("auth_db",

                                              "calculate_ha1", yes)</div>

                                            <div><br>

                                            </div>

                                            <div>modparam("auth_db",

                                              "password_column",

                                              "password")</div>

                                            <div>#modparam("auth_db",

                                              "db_url",</div>

                                            <div>modparam("auth_db",

                                              "db_url",<br>

                                            </div>

                                            <div>         "<a

                                                moz-do-not-send="true"

                                                href="http://mysubscriberdatabase.com"

                                                target="_blank">http://mysubscriberdatabase.com</a>")</div>

                                            <div><br>

                                            </div>

                                            <div>modparam("auth_db",

                                              "load_credentials",

                                              "$avp(i:55)=password")</div>

                                          </div>

                                          <div><br>

                                          </div>

                                          <div><br>

                                          </div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span>if

                                            (is_method("REGISTER")) {</div>

                                          <div><br>

                                          </div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span># indicate that the

                                            client supports DTLS</div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span># so we know when he

                                            is called</div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span>if

                                            (isflagset(SRC_WS))</div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span>setbflag(DST_WS);</div>

                                          <div><br>

                                          </div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span>if (

                                            isflagset(uac_ws) ) {</div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span>        xlog("setting

                                            avp attribute in register

                                            for websocket \n");</div>

                                          <div><br>

                                          </div>

                                          <div>  $avp(attr)="websocket";

                                            <span

                                              style="white-space:pre-wrap">

                                            </span></div>

                                          <div>}</div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span></div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span></div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span>if(cache_fetch("local","passwd_$tu",$avp(i:55)))


                                            {</div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span>xlog("$tU 's

                                            credentials are stored in

                                            local cache using it for

                                            this register request \n"); </div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span>$avp(i:54) = $tU;</div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span>xlog("SCRIPT: stored

                                            password is $avp(i:55)\n");</div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span># perform auth from

                                            variables</div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span># $avp(i:54) contains

                                            the username</div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span># $avp(i:55) contains

                                            the password</div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span>if

                                            (!pv_www_authorize("")) {</div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span>$var(rc2) =

                                            pv_www_authorize("");</div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span>              #

                                             $var(rc2) =

                                            www_authorize("",

                                            "subscriber");</div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span>        xlog("Return

                                            code is $var(rc2) \n");</div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span>              

                                             switch ( $var(rc2) ) {</div>

                                          <div>    case 1 :</div>

                                          <div>           # if (

                                            proto==TCP ||  0 ) {</div>

                                          <div>           #            

                                            setflag(TCP_PERSISTENT); </div>

                                          <div>            #            

                                                   setflag(6);</div>

                                          <div>             #   }</div>

                                          <div>            </div>

                                          <div><br>

                                          </div>

                                          <div>                if

                                            (!save("location","f"))</div>

                                          <div>                       

                                            sl_reply_error();</div>

                                          <div><br>

                                          </div>

                                          <div>                exit;</div>

                                          <div><br>

                                          </div>

                                          <div><br>

                                          </div>

                                          <div>        # success</div>

                                          <div>        break;</div>

                                          <div>    case -1:</div>

                                          <div>       

                                            sl_send_reply("404","User

                                            not found");</div>

                                          <div>        exit;</div>

                                          <div>        break;</div>

                                          <div>    case -2:</div>

                                          <div>       

                                            sl_send_reply("403","Forbidden

                                            (Bad auth)");</div>

                                          <div>                exit;</div>

                                          <div>        break;</div>

                                          <div>          case -3:</div>

                                          <div>                         

                                                               
                                             www_challenge("", "0");</div>

                                          <div>        exit;</div>

                                          <div>       

                                            #sl_send_reply("403","Forbidden

                                            auth ID");</div>

                                          <div>        #break;</div>

                                          <div>    default:</div>

                                          <div>                         

                                                 www_challenge("", "0");</div>

                                          <div>                exit;</div>

                                          <div><br>

                                          </div>

                                          <div>}</div>

                                          <div><br>

                                          </div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span>};</div>

                                          <div><br>

                                          </div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span></div>

                                          <div>         if

                                            (!save("location","f"))</div>

                                          <div>                       

                                            sl_reply_error();</div>

                                          <div><br>

                                          </div>

                                          <div>                exit;</div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span></div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span>}else{<span

                                              style="white-space:pre-wrap">

                                            </span></div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span></div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span>xlog("could not find

                                            the auth info in local cache

                                            for $tU\n"); <span

                                              style="white-space:pre-wrap">

                                            </span> </div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span>xlog("accessing the

                                            external db for auth info");</div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span>   # authenticate the

                                            REGISTER requests</div>

                                          <div>                if

                                            (!www_authorize("",

                                            "subscriber"))</div>

                                          <div>                {</div>

                                          <div>                         

                                                                 
                                            xlog("new challenger

                                             $tU\n");</div>

                                          <div><br>

                                          </div>

                                          <div><br>

                                          </div>

                                          <div>                #      

                                            www_challenge("", "0");</div>

                                          <div><br>

                                          </div>

                                          <div><br>

                                          </div>

                                          <div><br>

                                          </div>

                                          <div>                $var(rc)

                                            = www_authorize("",

                                            "subscriber");</div>

                                          <div>        xlog("Return code

                                            is $var(rc) \n");</div>

                                          <div><br>

                                          </div>

                                          <div>        switch ( $var(rc)

                                            ) {</div>

                                          <div>    case 1 :</div>

                                          <div>           # if (

                                            proto==TCP ||  0 ) {</div>

                                          <div>           #            

                                            setflag(TCP_PERSISTENT); </div>

                                          <div>            #            

                                                   setflag(6);</div>

                                          <div>             #   }</div>

                                          <div>                         

                                                          #      

                                             $avp(me) =

                                            $(tU{s.tolower});</div>

                                          <div><br>

                                          </div>

                                          <div>             

                                             cache_store("local","passwd_$tu","$avp(i:55)",1200);</div>

                                          <div><br>

                                          </div>

                                          <div>                if

                                            (!save("location","f"))</div>

                                          <div>                       

                                            sl_reply_error();</div>

                                          <div><br>

                                          </div>

                                          <div>                exit;</div>

                                          <div><br>

                                          </div>

                                          <div><br>

                                          </div>

                                          <div>        # success</div>

                                          <div>        break;</div>

                                          <div>    case -1:</div>

                                          <div>       

                                            sl_send_reply("404","User

                                            not found");</div>

                                          <div>        exit;</div>

                                          <div>        break;</div>

                                          <div>    case -2:</div>

                                          <div>       

                                            sl_send_reply("403","Forbidden

                                            (Bad auth)");</div>

                                          <div>                exit;</div>

                                          <div>        break;</div>

                                          <div>          case -3:</div>

                                          <div>                         

                                                               
                                             www_challenge("", "0");</div>

                                          <div>        exit;</div>

                                          <div>       

                                            #sl_send_reply("403","Forbidden

                                            auth ID");</div>

                                          <div>        #break;</div>

                                          <div>    default:</div>

                                          <div>                         

                                                 www_challenge("", "0");</div>

                                          <div>                exit;</div>

                                          <div><br>

                                          </div>

                                          <div>} </div>

                                          <div>}</div>

                                          <div><br>

                                          </div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span>xlog("should be

                                            storing local now that it

                                            has been authorized\n");</div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span>                    

                                             
                                             cache_store("local","passwd_$tu","$avp(i:55)",1200);</div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span>}</div>

                                          <div><br>

                                          </div>

                                          <div>if

                                            (!save("location","f"))</div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span>sl_reply_error();</div>

                                          <div><br>

                                          </div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span>exit;</div>

                                          <div><span

                                              style="white-space:pre-wrap">

                                            </span></div>

                                          <div>}  </div>

                                          <div><br>

                                          </div>

                                          <div><br>

                                          </div>

                                          <div><br>

                                          </div>

                                          <div>The issue is the

                                            pv__www_authorize method

                                            after the verification

                                            wether the password is

                                            stored locally always

                                            returns -2 which means the

                                            password is incorrect. Can

                                            anyone provide any guidence

                                            as to why this is ?</div>

                                          <div><br>

                                          </div>

                                          <div><br>

                                          </div>

                                          <div>Thanks,<br>

                                            Tito</div>

                                        </div>

                                      </blockquote>

                                    </div>

                                    <br>

                                  </div>

                                  <br>

                                  <fieldset></fieldset>

                                  <br>

                                </div>

                              </div>

                              <pre>_______________________________________________

Users mailing list

<a moz-do-not-send="true" href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a>

<a moz-do-not-send="true" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>

</pre>

                            </blockquote>

                            <br>

                          </div>

                        </blockquote>

                      </div>

                      <br>

                    </div>

                  </blockquote>

                  <br>

                </div>

              </div>

            </div>

          </blockquote>

        </div>

        <br>

      </div>

    </blockquote>

    <br>

  </body>

</html>