<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
<br>
One more thing I just noticed - a small detail but likely matters.<br>
<br>
I extracted these from the packet capture on the first attempt to
register.<br>
<br>
This is the WWW-Authenticate:<br>
<br>
Digest realm="digilink.net",
nonce="7VOIeF33AVFqNTDVkY+VlYspMPlW/ZD7OJWumYkh0L8A", qop="auth",
algorithm=MD5<br>
<br>
This is the Authorization:<br>
<br>
username="3105738133", realm="digilink.net",
nonce="7VOIeF33AVFqNTDVkY+VlYspMPlW/ZD7OJWumYkh0L8A",
uri=<a class="moz-txt-link-rfc2396E" href="sip:sip.rs.digidial.net">"sip:sip.rs.digidial.net"</a>, algorithm=MD5,
response="d4922aa870ad36ec61f1b5da0cf6be04", qop=auth, nc=00000001,
cnonce="30a17663"<br>
<br>
Notice any difference??<br>
<br>
In the WWW-Authenticate message, qop="auth" vs in the Authorization
qop=auth and that breaks things according to the tool:<br>
<br>
<img src="cid:part1.uMqEuqVf.JnuGX3fB@digilink.net" alt=""><br>
<br>
If I remove the quotes for the qop= in the WWW-Authenticate I get
the correct response. Every character matters for the salt.<br>
<br>
<img src="cid:part2.cVmRVGoG.YaK4Wi0I@digilink.net" alt=""><br>
<br>
So, if OpenSIPS is using the qop="auth" for its salt and the device
doesn't - that explains the failure. It also seems very likely that
there should not be quotes used for the qop values in the same way
that they are not used for the algorithm values.<br>
<br>
---<br>
Bob<br>
<br>
<br>
<div class="moz-cite-prefix">On 9/8/2022 2:47 AM, Bob Atkins wrote:<br>
</div>
<blockquote type="cite"
cite="mid:b86a9481-5953-3950-6d02-ee4bb59482ec@digilink.net">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
Iancu,<br>
<br>
I understand your thought process. I certainly understand that
However, same device, exactly the same credentials and it
authenticates properly against 2 other systems. They can't both be
wrong and OpenSIPS be correct.<br>
<br>
For reference this is what I have installed:<br>
<br>
version: opensips 3.2.8 (x86_64/linux)<br>
flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC,
Q_MALLOC, F_MALLOC, HP_MALLOC, DBG_MALLOC, FAST_LOCK-ADAPTIVE_WAIT<br>
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN
16, MAX_URI_SIZE 1024, BUF_SIZE 65535<br>
poll method support: poll, epoll, sigio_rt, select.<br>
main.c compiled on 17:05:59 Aug 17 2022 with gcc 4.8.5<br>
<br>
I tried the tool you suggested. Since the device is returning
nc=00000001,cnonce="30a17663" which is more than the python script
uses so I can't get a correct calculation anyway.<br>
<br>
This is one example that failed<br>
<br>
Authorization: Digest
username="3105738133",realm="digilink.net",nonce="7VOIeF33AVFqNTDVkY+VlYspMPlW/ZD7OJWumYkh0L8A",uri=<a
class="moz-txt-link-rfc2396E" href="sip:sip.rs.digidial.net"
moz-do-not-send="true">"sip:sip.rs.digidial.net"</a>,algorithm=MD5,response="d4922aa870ad36ec61f1b5da0cf6be04",qop=auth,nc=00000001,cnonce="30a17663"<br>
<br>
<br>
I found a more comprehensive tool and got the correct result from
the above digest (password redacted from the image below):<br>
<br>
<img src="cid:part3.5cB6mrOU.eX7P1UVO@digilink.net" alt=""
class=""><br>
<br>
<br>
So, this begs the question - why is OpenSIPS getting it wrong?<br>
<br>
---<br>
Bob<br>
<br>
<br>
There may be some other<br>
<br>
<div class="moz-cite-prefix">On 9/8/2022 1:43 AM, Bogdan-Andrei
Iancu wrote:<br>
</div>
<blockquote type="cite"
cite="mid:9f0721a9-3280-6571-216c-77cd59fe3906@opensips.org">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<font face="monospace">I'm quite sure OpenSIPS is computing the
auth correctly, after all you are the only one complaining on
this. And the point is to identify which side is not doing the
proper computing and eventually see why - it may be a setting,
a typo, etc...<br>
<br>
Just my 2 cents on the matter.<br>
</font>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="https://www.opensips-solutions.com" moz-do-not-send="true">https://www.opensips-solutions.com</a>
OpenSIPS Summit 27-30 Sept 2022, Athens
<a class="moz-txt-link-freetext" href="https://www.opensips.org/events/Summit-2022Athens/" moz-do-not-send="true">https://www.opensips.org/events/Summit-2022Athens/</a></pre>
<div class="moz-cite-prefix">On 9/8/22 10:29 AM, Bob Atkins
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:a3d3566a-8d13-26cb-dd02-42d4306f9f53@digilink.net">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
Iancu,<br>
<br>
I'm not sure what the point of this would be. Even if it
showed that OpenSIPS was calculating incorrectly - then what?<br>
<br>
The device registers just fine with both asterisk and OpenSER
v1.1 with exactly the same parameters.<br>
<br>
The device is calculating the response correctly for 2 other
systems.<br>
<br>
OpenSIPS is clearly getting it wrong. The question is why? Or
even how. This is a pretty basic calculation.<br>
<br>
---<br>
Bob<br>
<br>
<br>
<br>
<div class="moz-cite-prefix">On 9/7/2022 11:16 PM,
Bogdan-Andrei Iancu wrote:<br>
</div>
<blockquote type="cite"
cite="mid:c05fb2fd-35f7-4b5c-481c-ef6d37237a6e@opensips.org">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<font face="monospace">Hi Bob,<br>
<br>
<br>
Use the below to double check which party is failing in
computing the right auth response.<br>
<br>
<a class="moz-txt-link-freetext"
href="https://openplatform.xyz/sip_register_digest_authentication.html"
moz-do-not-send="true">https://openplatform.xyz/sip_register_digest_authentication.html</a><br>
<br>
<br>
Regards,<br>
</font>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="https://www.opensips-solutions.com" moz-do-not-send="true">https://www.opensips-solutions.com</a>
OpenSIPS Summit 27-30 Sept 2022, Athens
<a class="moz-txt-link-freetext" href="https://www.opensips.org/events/Summit-2022Athens/" moz-do-not-send="true">https://www.opensips.org/events/Summit-2022Athens/</a></pre>
<div class="moz-cite-prefix">On 9/7/22 10:46 PM, Bob Atkins
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:a95dda7b-f2a2-b022-7c57-235f7d81ff18@digilink.net">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
Iancu,<br>
<br>
Thank you!! You identified the problem. Turns out that I
had failed to add the IP for the OpenSIPS proxy to a
firewall that was blocking the response from this new sip
server (facepalm) to the device :-(<br>
<br>
So, once I fixed the firewall I thought that would be
it... Not my luck.<br>
<br>
Now it is challenging and <i><u><b>rejecting!</b></u></i>
The HA1 is failing to compare! But the passwords are
correct! Now I am really mystified.<br>
<br>
I created identical DB entries for this unit in both the
original OpenSER system and the OpenSIPS system.<br>
<br>
Registration to the OpenSER system works perfectly - HA1
validates. When I change the sip server to the new system,
to OpenSIPS system fails due to mismatched HA1. Whaaa....
?!?! <br>
<br>
Mismatched HA1 would imply a password failure but I have
absolutely, positively verified the passwords in both
database entries and the <i><u><b>only</b></u></i> thing
I change on the device is the sip server. It should just
register on the new system. I have attached packet capture
of the transaction between the device and teh OpenSIPSs
system.<br>
<br>
I have absolutely, positively copied and pasted (no
trailing nl or spaces) and verified that the passwords are
the same in both databases and also the same on the
device.<br>
<br>
<table width="1624" cellspacing="0" cellpadding="0"
border="0">
<colgroup><col
style="mso-width-source:userset;mso-width-alt:2816;
width:58pt" width="77" span="2"> <col
style="mso-width-source:userset;mso-width-alt:2523;width:52pt"
width="69"> <col
style="mso-width-source:userset;mso-width-alt:2633;
width:54pt" width="72" span="2"> <col
style="mso-width-source:userset;mso-width-alt:2450;width:50pt"
width="67"> <col
style="mso-width-source:userset;mso-width-alt:2816;width:58pt"
width="77"> <col
style="mso-width-source:userset;mso-width-alt:3364;width:69pt"
width="92"> <col
style="mso-width-source:userset;mso-width-alt:3949;width:81pt"
width="108"> <col
style="mso-width-source:userset;mso-width-alt:4132;width:85pt"
width="113"> <col
style="mso-width-source:userset;mso-width-alt:3986;width:82pt"
width="109"> <col
style="mso-width-source:userset;mso-width-alt:987;width:20pt"
width="27"> <col
style="mso-width-source:userset;mso-width-alt:3584;width:74pt"
width="98"> <col
style="mso-width-source:userset;mso-width-alt:1938;width:40pt"
width="53"> <col
style="mso-width-source:userset;mso-width-alt:1024;width:21pt"
width="28"> <col
style="mso-width-source:userset;mso-width-alt:1280;width:26pt"
width="35"> <col
style="mso-width-source:userset;mso-width-alt:2304;width:47pt"
width="63"> <col
style="mso-width-source:userset;mso-width-alt:2194;width:45pt"
width="60"> <col
style="mso-width-source:userset;mso-width-alt:1024;width:21pt"
width="28"> <col
style="mso-width-source:userset;mso-width-alt:1426;width:29pt"
width="39"> <col
style="mso-width-source:userset;mso-width-alt:1133;width:23pt"
width="31"> <col
style="mso-width-source:userset;mso-width-alt:2669;width:55pt"
width="73"> <col
style="mso-width-source:userset;mso-width-alt:5705;width:117pt"
width="156"> </colgroup><tbody>
<tr style="height:12.75pt" height="17">
<td colspan="3"
style="height:12.75pt;mso-ignore:colspan;
width:168pt" width="223" height="17">OpenSER DB
subscriber entery</td>
<td style="width:54pt" width="72"><br>
</td>
<td style="width:54pt" width="72"><br>
</td>
<td style="width:50pt" width="67"><br>
</td>
<td style="width:58pt" width="77"><br>
</td>
<td style="width:69pt" width="92"><br>
</td>
<td style="width:81pt" width="108"><br>
</td>
<td style="width:85pt" width="113"><br>
</td>
<td style="width:82pt" width="109"><br>
</td>
<td style="width:20pt" width="27"><br>
</td>
<td style="width:74pt" width="98"><br>
</td>
<td style="width:40pt" width="53"><br>
</td>
<td style="width:21pt" width="28"><br>
</td>
<td style="width:26pt" width="35"><br>
</td>
<td style="width:47pt" width="63"><br>
</td>
<td style="width:45pt" width="60"><br>
</td>
<td style="width:21pt" width="28"><br>
</td>
<td style="width:29pt" width="39"><br>
</td>
<td style="width:23pt" width="31"><br>
</td>
<td style="width:55pt" width="73"><br>
</td>
<td style="width:117pt" width="156"><br>
</td>
</tr>
<tr style="height:12.75pt" height="17">
<td style="height:12.75pt" height="17">phplib_id</td>
<td>username</td>
<td>domain</td>
<td>password</td>
<td>first_name</td>
<td>last_name</td>
<td>phone</td>
<td>email_address</td>
<td>datetime_created</td>
<td>datetime_modified</td>
<td>confirmation</td>
<td>flag</td>
<td>sendnotification</td>
<td>greeting</td>
<td>ha1</td>
<td>ha1b</td>
<td>allow_find</td>
<td>timezone</td>
<td>rpid</td>
<td>domn</td>
<td>uuid</td>
<td>customerID</td>
<td>customerName</td>
</tr>
<tr style="height:12.75pt" height="17">
<td style="height:12.75pt" height="17" align="right">3105738133</td>
<td align="right">3105738133</td>
<td>digilink.net</td>
<td>XXXXXXXX</td>
<td>PPC Home</td>
<td>Fax</td>
<td align="right">3105738133</td>
<td><br>
</td>
<td class="xl24" align="right">7/5/2012 16:36</td>
<td class="xl24" align="right">11/7/2021 13:58</td>
<td><br>
</td>
<td>o</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td align="right">0</td>
<td>\N</td>
<td>\N</td>
<td>\N</td>
<td>\N</td>
<td align="right">72</td>
<td>DigiLink Internet Services</td>
</tr>
<tr style="height:12.75pt" height="17">
<td style="height:12.75pt" height="17"><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td class="xl24"><br>
</td>
<td class="xl24"><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
</tr>
<tr style="height:12.75pt" height="17">
<td colspan="3"
style="height:12.75pt;mso-ignore:colspan"
height="17">OpenSIPS DB subscriber entry</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
</tr>
<tr style="height:12.75pt" height="17">
<td style="height:12.75pt" height="17">id</td>
<td>username</td>
<td>domain</td>
<td>password</td>
<td>cr_preferred_carrier</td>
<td>first_name</td>
<td>last_name</td>
<td>phone</td>
<td>email_address</td>
<td>datetime_created</td>
<td>datetime_modified</td>
<td>confirmation</td>
<td>flag</td>
<td>sendnotification</td>
<td>greeting</td>
<td>allow_find</td>
<td>timezone</td>
<td>customerID</td>
<td>customerName</td>
<td>ha1</td>
<td>ha1_sha256</td>
<td>ha1_sha512t256</td>
<td>rpid</td>
</tr>
<tr style="height:12.75pt" height="17">
<td style="height:12.75pt" height="17" align="right">1</td>
<td align="right">3105738133</td>
<td>digidial</td>
<td>XXXXXXXX</td>
<td>\N</td>
<td>PPC Home</td>
<td>Fax</td>
<td align="right">3105738133</td>
<td><a class="moz-txt-link-abbreviated
moz-txt-link-freetext"
href="mailto:bob@planeparts.com"
moz-do-not-send="true">bob@planeparts.com</a></td>
<td class="xl24" align="right">7/5/2012 16:36</td>
<td class="xl24" align="right">11/7/2021 13:58</td>
<td><br>
</td>
<td align="right">0</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td align="right">72</td>
<td colspan="4" style="mso-ignore:colspan">DigiLink
Internet Services</td>
<td>\N</td>
</tr>
</tbody>
</table>
<br>
<br>
Registration code:<br>
<br>
OpenSER system:<br>
<br>
<font face="monospace">modparam("auth_db",
"calculate_ha1", yes)<br>
modparam("auth_db", "password_column", "password")<br>
<br>
if (method=="REGISTER") {<br>
#xlog("L_INFO","[$rm][$ft][$tt] Processing
registration");<br>
<br>
if (!www_authorize("digilink.net",
"subscriber")) {<br>
#xlog("L_INFO","[$rm][$ft][$tt] Challenging peer");<br>
www_challenge("digilink.net",
"0");<br>
exit;<br>
};<br>
<br>
xlog("L_INFO","[$rm][$ft][$tt]
Registered $fu from $si");<br>
save("location");<br>
exit;<br>
};<br>
</font><br>
==============<br>
OpenSIPS system<br>
<br>
<font face="monospace">#### AUTH Db module<br>
loadmodule "auth.so"<br>
loadmodule "auth_db.so"<br>
modparam("auth_db", "calculate_ha1", 1)<br>
modparam("auth_db", "use_domain", 1)<br>
modparam("auth_db", "user_column", "username")<br>
modparam("auth_db", "password_column", "password")<br>
modparam("auth_db", "load_credentials", "")<br>
<br>
<br>
if (is_method("REGISTER")) {<br>
xlog("L_INFO", "REGISTER: [$tu] request from
[$si]");<br>
xlog("L_INFO","[$ft][$au]@[$ad] - Processing
registration");<br>
xlog("L_INFO", "REGISTER: www_authorize
returned [$var(x)] to authenticate with [$rU]$ru
credential");<br>
<br>
if (!www_authorize("digilink.net",
"subscriber")) {<br>
xlog("L_INFO","CHALLENGE: [$ft][$tt]");<br>
www_challenge("digilink.net","auth","MD5");<br>
exit;<br>
} else {<br>
xlog("L_ALERT", "REGISTER: URI
[$tu][$rU]$ru credential from [$si] - FAILED!");<br>
sl_send_reply(403, "Not Authorized!");<br>
exit;<br>
}<br>
<br>
xlog("L_INFO", "REGISTER: URI [$tu] -
[$rm][$ft][$tt] Registered $fu from $si");<br>
save("location");<br>
exit;<br>
}</font><br>
<br>
</blockquote>
<br>
</blockquote>
<br>
</blockquote>
<br>
</blockquote>
<br>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<table width="569" cellspacing="0" cellpadding="2" border="0">
<tbody>
<tr valign="middle" bgcolor="#000099">
<td colspan="2"><font size="2" face="Verdana, Arial,
Helvetica, sans-serif" color="#ffffff"><strong>Bob
Atkins </strong></font><font color="#ffffff"> </font></td>
</tr>
<tr valign="middle">
<td colspan="2"><font size="1" face="Verdana, Arial,
Helvetica, sans-serif"><em>President/CEO</em></font></td>
</tr>
<tr valign="middle">
<td width="233">
<p align="center"><font size="1" face="Verdana, Arial,
Helvetica, sans-serif"><b><font color="#000080"><span
style="font-weight: bold; font-family: Trebuchet
MS;"><a href="http://www.digilink.net"><img
src="http://www.digilink.net/images/DigiLink_esig_logo.jpg"
alt="DigiLink, Inc." style="border: 0px
solid ; width: 216px; height: 48px;"></a></span></font></b><br>
<font color="#006600">Business Inter-net-working</font><br>
<font color="#000099"><strong><em>The Cure for the
Common ISP!</em></strong></font></font></p>
</td>
<td width="328">
<p align="right"><font size="1" face="Verdana, Arial,
Helvetica, sans-serif" color="#666666">Phone: </font><font
size="1" face="Verdana, Arial, Helvetica, sans-serif">(310)
577-9450<br>
</font><font size="1" face="Verdana, Arial, Helvetica,
sans-serif" color="#666666">Fax: </font><font
size="1" face="Verdana, Arial, Helvetica, sans-serif">(310)
577-3360</font><font size="1" face="Verdana, Arial,
Helvetica, sans-serif"><br>
<font color="#666666">eMail:</font> <a class="moz-txt-link-abbreviated" href="mailto:bob@digilink.net">bob@digilink.net</a><br>
</font></p>
</td>
</tr>
</tbody>
</table>
<p> </p>
</div>
</body>
</html>