<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<tt>Hi Tito,</tt><tt><br>
</tt><tt><br>
</tt><tt>yes, the </tt><tt>calculate_ha1 must be correlated with
how the password is kept in the DB - see
<a class="moz-txt-link-freetext" href="https://blog.opensips.org/2016/11/11/how-to-avoid-plaintext-passwords/">https://blog.opensips.org/2016/11/11/how-to-avoid-plaintext-passwords/</a></tt><tt><br>
</tt><tt><br>
</tt><tt>In regards, to $var(username), usually it is just the
username part ($fU)</tt><tt><br>
</tt><tt><br>
</tt><tt>Regards,</tt><br>
<br>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a>
OpenSIPS Bootcamp 2017, Houston, US
<a class="moz-txt-link-freetext" href="http://opensips.org/training/OpenSIPS_Bootcamp_2017.html">http://opensips.org/training/OpenSIPS_Bootcamp_2017.html</a>
</pre>
<div class="moz-cite-prefix">On 06/23/2017 12:38 PM, Tito Cumpen
wrote:<br>
</div>
<blockquote
cite="mid:CANZPVB6EqiSrqU1=oz6zR_x8GOfPdMdYVjdSjsWiqqoisz2SFw@mail.gmail.com"
type="cite">
<div dir="ltr">Bogdan,
<div><br>
</div>
<div><br>
</div>
<div>I found the solution to the issue I wasnt setting </div>
<div>
<div>modparam("auth", "calculate_ha1", 1)</div>
</div>
<div>which allows the password to be in plaintext in the pseudo
var. In addition I had to join the $fU+"@"+$fd since the $fu
carries sip:</div>
<div><br>
</div>
<div><br>
</div>
<div>Thanks,</div>
<div>TIto</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Jun 22, 2017 at 8:49 PM, Tito
Cumpen <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:tito@xsvoce.com" target="_blank">tito@xsvoce.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hey Bogdan,
<div><br>
</div>
<div><br>
</div>
<div>I see that the module params define the spec
variables now and I tried the following in my register
method block</div>
<div><br>
</div>
<div> exec("php /etc/opensips/authenticate.php
$var(input)","" , "$var(out)", "$var(err)",
"$avp(env)");<br>
</div>
<div><br>
</div>
<div>this returns the text password </div>
<div><br>
</div>
<div>
<div> $var(username)= $fu;</div>
<div> $avp(password)= $var(out);</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div> if (!pv_www_authorize(""))</div>
<div> {</div>
<div>
xlog("new challenger $tU\n");</div>
<div> </div>
<div> # $var(rc) = www_authorize("",
"subscriber");</div>
<div> $var(rc) = pv_www_authorize("");</div>
<div> xlog("Return code is $var(rc) \n");</div>
<div> </div>
<div> switch ( $var(rc) ) {</div>
<div> case 1 :</div>
<div> if (!save("location","f"))</div>
<div> sl_reply_error();</div>
<div> </div>
<div> exit;</div>
<div> # success</div>
<div> break;</div>
<div> case -1:</div>
<div> sl_send_reply("404","User not found");</div>
<div> exit;</div>
<div> break;</div>
<div> case -2:</div>
<div> sl_send_reply("403","Forbidden (Bad
auth)");</div>
<div> exit;</div>
<div> break;</div>
<div> case -3:</div>
<div>
www_challenge("", "0");</div>
<div> exit;</div>
<div> </div>
<div> default:</div>
<div> www_challenge("",
"0");</div>
<div> exit;</div>
<div> </div>
<div> }</div>
<div> }</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>but I am not able to authenticate I keep getting -1
as if the user didn't exist although the script is
returning a value and casting it to </div>
</div>
<div class="HOEnZb">
<div class="h5">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Jun 21, 2017 at 1:59
PM, Tito Cumpen <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:tito@xsvoce.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:tito@xsvoce.com">tito@xsvoce.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Bogdan,
<div><br>
</div>
<div><br>
</div>
<div>would I have to use the exec module to cast
the into the username and password variables?
Also I am not sure how the function expects
those variables to be passed to it ? It is
based on variables with these two names to be
set prior to being called?</div>
<div><br>
</div>
<div>
<div>$var(username)="abc";</div>
<div>$avp(password)="xyz";</div>
</div>
<div><br>
</div>
<div>Thanks,</div>
<div>Tito</div>
</div>
<div class="m_-5886199917798469526HOEnZb">
<div class="m_-5886199917798469526h5">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, May 26,
2017 at 7:21 AM, Bogdan-Andrei Iancu <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:bogdan@opensips.org"
target="_blank">bogdan@opensips.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> <tt>Hi
Tito,<br>
<br>
You can do that by fetching the
password via an explicit DB query
from script and pushing it for auth
check using pv_www_authorize():<br>
<a moz-do-not-send="true"
class="m_-5886199917798469526m_3732967535493753989m_4140612310025486353moz-txt-link-freetext"
href="http://www.opensips.org/html/docs/modules/2.3.x/auth.html#idp5590848"
target="_blank">http://www.opensips.org/html/d<wbr>ocs/modules/2.3.x/auth.html#id<wbr>p5590848</a><br>
<br>
Best regards,<br>
</tt>
<pre class="m_-5886199917798469526m_3732967535493753989m_4140612310025486353moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a moz-do-not-send="true" class="m_-5886199917798469526m_3732967535493753989m_4140612310025486353moz-txt-link-freetext" href="http://www.opensips-solutions.com" target="_blank">http://www.opensips-solutions.<wbr>com</a>
OpenSIPS Bootcamp 2017, Huston, US
<a moz-do-not-send="true" class="m_-5886199917798469526m_3732967535493753989m_4140612310025486353moz-txt-link-freetext" href="http://opensips.org/training/OpenSIPS_Bootcamp_2017.html" target="_blank">http://opensips.org/training/O<wbr>penSIPS_Bootcamp_2017.html</a>
</pre><div><div class="m_-5886199917798469526m_3732967535493753989h5">
<div class="m_-5886199917798469526m_3732967535493753989m_4140612310025486353moz-cite-prefix">On 05/25/2017 04:51 PM, Tito Cumpen
wrote:
</div>
</div></div><blockquote type="cite"><div><div class="m_-5886199917798469526m_3732967535493753989h5">
<div dir="auto">
<div dir="auto">Group,</div>
<div dir="auto">
</div>
Is it possible to use a rest api for auth_db? Meaning can
opensips authenticate a user based on a rest query against a
rest api? I thought about using db http by fronting the request
with a local http server but I don't see a way to pass a custom
headers to the query. This custom header would contain the auth
session token.
<div dir="auto">
</div>
<div dir="auto">
</div>
<div dir="auto">Thanks,</div>
<div dir="auto">Tito</div>
</div>
<fieldset class="m_-5886199917798469526m_3732967535493753989m_4140612310025486353mimeAttachmentHeader"></fieldset>
</div></div><pre>______________________________<wbr>_________________
Users mailing list
<a moz-do-not-send="true" class="m_-5886199917798469526m_3732967535493753989m_4140612310025486353moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a>
<a moz-do-not-send="true" class="m_-5886199917798469526m_3732967535493753989m_4140612310025486353moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-<wbr>bin/mailman/listinfo/users</a>
</pre>
</blockquote>
</div>
</blockquote></div>
</div>
</div></div></blockquote></div>
</div>
</div></div></blockquote></div>
</div>
</blockquote>
</body></html>