<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
Iancu,<br>
<br>
I'm not sure what the point of this would be. Even if it showed that
OpenSIPS was calculating incorrectly - then what?<br>
<br>
The device registers just fine with both asterisk and OpenSER v1.1
with exactly the same parameters.<br>
<br>
The device is calculating the response correctly for 2 other
systems.<br>
<br>
OpenSIPS is clearly getting it wrong. The question is why? Or even
how. This is a pretty basic calculation.<br>
<br>
---<br>
Bob<br>
<br>
<br>
<br>
<div class="moz-cite-prefix">On 9/7/2022 11:16 PM, Bogdan-Andrei
Iancu wrote:<br>
</div>
<blockquote type="cite"
cite="mid:c05fb2fd-35f7-4b5c-481c-ef6d37237a6e@opensips.org">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<font face="monospace">Hi Bob,<br>
<br>
<br>
Use the below to double check which party is failing in
computing the right auth response.<br>
<br>
<a class="moz-txt-link-freetext"
href="https://openplatform.xyz/sip_register_digest_authentication.html"
moz-do-not-send="true">https://openplatform.xyz/sip_register_digest_authentication.html</a><br>
<br>
<br>
Regards,<br>
</font>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="https://www.opensips-solutions.com" moz-do-not-send="true">https://www.opensips-solutions.com</a>
OpenSIPS Summit 27-30 Sept 2022, Athens
<a class="moz-txt-link-freetext" href="https://www.opensips.org/events/Summit-2022Athens/" moz-do-not-send="true">https://www.opensips.org/events/Summit-2022Athens/</a></pre>
<div class="moz-cite-prefix">On 9/7/22 10:46 PM, Bob Atkins wrote:<br>
</div>
<blockquote type="cite"
cite="mid:a95dda7b-f2a2-b022-7c57-235f7d81ff18@digilink.net">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
Iancu,<br>
<br>
Thank you!! You identified the problem. Turns out that I had
failed to add the IP for the OpenSIPS proxy to a firewall that
was blocking the response from this new sip server (facepalm) to
the device :-(<br>
<br>
So, once I fixed the firewall I thought that would be it... Not
my luck.<br>
<br>
Now it is challenging and <i><u><b>rejecting!</b></u></i> The
HA1 is failing to compare! But the passwords are correct! Now I
am really mystified.<br>
<br>
I created identical DB entries for this unit in both the
original OpenSER system and the OpenSIPS system.<br>
<br>
Registration to the OpenSER system works perfectly - HA1
validates. When I change the sip server to the new system, to
OpenSIPS system fails due to mismatched HA1. Whaaa.... ?!?! <br>
<br>
Mismatched HA1 would imply a password failure but I have
absolutely, positively verified the passwords in both database
entries and the <i><u><b>only</b></u></i> thing I change on the
device is the sip server. It should just register on the new
system. I have attached packet capture of the transaction
between the device and teh OpenSIPSs system.<br>
<br>
I have absolutely, positively copied and pasted (no trailing nl
or spaces) and verified that the passwords are the same in both
databases and also the same on the device.<br>
<br>
<table width="1624" cellspacing="0" cellpadding="0" border="0">
<colgroup><col
style="mso-width-source:userset;mso-width-alt:2816;
width:58pt" width="77" span="2"> <col
style="mso-width-source:userset;mso-width-alt:2523;width:52pt"
width="69"> <col
style="mso-width-source:userset;mso-width-alt:2633;
width:54pt" width="72" span="2"> <col
style="mso-width-source:userset;mso-width-alt:2450;width:50pt"
width="67"> <col
style="mso-width-source:userset;mso-width-alt:2816;width:58pt"
width="77"> <col
style="mso-width-source:userset;mso-width-alt:3364;width:69pt"
width="92"> <col
style="mso-width-source:userset;mso-width-alt:3949;width:81pt"
width="108"> <col
style="mso-width-source:userset;mso-width-alt:4132;width:85pt"
width="113"> <col
style="mso-width-source:userset;mso-width-alt:3986;width:82pt"
width="109"> <col
style="mso-width-source:userset;mso-width-alt:987;width:20pt"
width="27"> <col
style="mso-width-source:userset;mso-width-alt:3584;width:74pt"
width="98"> <col
style="mso-width-source:userset;mso-width-alt:1938;width:40pt"
width="53"> <col
style="mso-width-source:userset;mso-width-alt:1024;width:21pt"
width="28"> <col
style="mso-width-source:userset;mso-width-alt:1280;width:26pt"
width="35"> <col
style="mso-width-source:userset;mso-width-alt:2304;width:47pt"
width="63"> <col
style="mso-width-source:userset;mso-width-alt:2194;width:45pt"
width="60"> <col
style="mso-width-source:userset;mso-width-alt:1024;width:21pt"
width="28"> <col
style="mso-width-source:userset;mso-width-alt:1426;width:29pt"
width="39"> <col
style="mso-width-source:userset;mso-width-alt:1133;width:23pt"
width="31"> <col
style="mso-width-source:userset;mso-width-alt:2669;width:55pt"
width="73"> <col
style="mso-width-source:userset;mso-width-alt:5705;width:117pt"
width="156"> </colgroup><tbody>
<tr style="height:12.75pt" height="17">
<td colspan="3" style="height:12.75pt;mso-ignore:colspan;
width:168pt" width="223" height="17">OpenSER DB
subscriber entery</td>
<td style="width:54pt" width="72"><br>
</td>
<td style="width:54pt" width="72"><br>
</td>
<td style="width:50pt" width="67"><br>
</td>
<td style="width:58pt" width="77"><br>
</td>
<td style="width:69pt" width="92"><br>
</td>
<td style="width:81pt" width="108"><br>
</td>
<td style="width:85pt" width="113"><br>
</td>
<td style="width:82pt" width="109"><br>
</td>
<td style="width:20pt" width="27"><br>
</td>
<td style="width:74pt" width="98"><br>
</td>
<td style="width:40pt" width="53"><br>
</td>
<td style="width:21pt" width="28"><br>
</td>
<td style="width:26pt" width="35"><br>
</td>
<td style="width:47pt" width="63"><br>
</td>
<td style="width:45pt" width="60"><br>
</td>
<td style="width:21pt" width="28"><br>
</td>
<td style="width:29pt" width="39"><br>
</td>
<td style="width:23pt" width="31"><br>
</td>
<td style="width:55pt" width="73"><br>
</td>
<td style="width:117pt" width="156"><br>
</td>
</tr>
<tr style="height:12.75pt" height="17">
<td style="height:12.75pt" height="17">phplib_id</td>
<td>username</td>
<td>domain</td>
<td>password</td>
<td>first_name</td>
<td>last_name</td>
<td>phone</td>
<td>email_address</td>
<td>datetime_created</td>
<td>datetime_modified</td>
<td>confirmation</td>
<td>flag</td>
<td>sendnotification</td>
<td>greeting</td>
<td>ha1</td>
<td>ha1b</td>
<td>allow_find</td>
<td>timezone</td>
<td>rpid</td>
<td>domn</td>
<td>uuid</td>
<td>customerID</td>
<td>customerName</td>
</tr>
<tr style="height:12.75pt" height="17">
<td style="height:12.75pt" height="17" align="right">3105738133</td>
<td align="right">3105738133</td>
<td>digilink.net</td>
<td>XXXXXXXX</td>
<td>PPC Home</td>
<td>Fax</td>
<td align="right">3105738133</td>
<td><br>
</td>
<td class="xl24" align="right">7/5/2012 16:36</td>
<td class="xl24" align="right">11/7/2021 13:58</td>
<td><br>
</td>
<td>o</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td align="right">0</td>
<td>\N</td>
<td>\N</td>
<td>\N</td>
<td>\N</td>
<td align="right">72</td>
<td>DigiLink Internet Services</td>
</tr>
<tr style="height:12.75pt" height="17">
<td style="height:12.75pt" height="17"><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td class="xl24"><br>
</td>
<td class="xl24"><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
</tr>
<tr style="height:12.75pt" height="17">
<td colspan="3" style="height:12.75pt;mso-ignore:colspan"
height="17">OpenSIPS DB subscriber entry</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
</tr>
<tr style="height:12.75pt" height="17">
<td style="height:12.75pt" height="17">id</td>
<td>username</td>
<td>domain</td>
<td>password</td>
<td>cr_preferred_carrier</td>
<td>first_name</td>
<td>last_name</td>
<td>phone</td>
<td>email_address</td>
<td>datetime_created</td>
<td>datetime_modified</td>
<td>confirmation</td>
<td>flag</td>
<td>sendnotification</td>
<td>greeting</td>
<td>allow_find</td>
<td>timezone</td>
<td>customerID</td>
<td>customerName</td>
<td>ha1</td>
<td>ha1_sha256</td>
<td>ha1_sha512t256</td>
<td>rpid</td>
</tr>
<tr style="height:12.75pt" height="17">
<td style="height:12.75pt" height="17" align="right">1</td>
<td align="right">3105738133</td>
<td>digidial</td>
<td>XXXXXXXX</td>
<td>\N</td>
<td>PPC Home</td>
<td>Fax</td>
<td align="right">3105738133</td>
<td><a class="moz-txt-link-abbreviated
moz-txt-link-freetext"
href="mailto:bob@planeparts.com"
moz-do-not-send="true">bob@planeparts.com</a></td>
<td class="xl24" align="right">7/5/2012 16:36</td>
<td class="xl24" align="right">11/7/2021 13:58</td>
<td><br>
</td>
<td align="right">0</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td><br>
</td>
<td align="right">72</td>
<td colspan="4" style="mso-ignore:colspan">DigiLink
Internet Services</td>
<td>\N</td>
</tr>
</tbody>
</table>
<br>
<br>
Registration code:<br>
<br>
OpenSER system:<br>
<br>
<font face="monospace">modparam("auth_db", "calculate_ha1", yes)<br>
modparam("auth_db", "password_column", "password")<br>
<br>
if (method=="REGISTER") {<br>
#xlog("L_INFO","[$rm][$ft][$tt]
Processing registration");<br>
<br>
if (!www_authorize("digilink.net",
"subscriber")) {<br>
#xlog("L_INFO","[$rm][$ft][$tt] Challenging peer");<br>
www_challenge("digilink.net", "0");<br>
exit;<br>
};<br>
<br>
xlog("L_INFO","[$rm][$ft][$tt] Registered
$fu from $si");<br>
save("location");<br>
exit;<br>
};<br>
</font><br>
==============<br>
OpenSIPS system<br>
<br>
<font face="monospace">#### AUTH Db module<br>
loadmodule "auth.so"<br>
loadmodule "auth_db.so"<br>
modparam("auth_db", "calculate_ha1", 1)<br>
modparam("auth_db", "use_domain", 1)<br>
modparam("auth_db", "user_column", "username")<br>
modparam("auth_db", "password_column", "password")<br>
modparam("auth_db", "load_credentials", "")<br>
<br>
<br>
if (is_method("REGISTER")) {<br>
xlog("L_INFO", "REGISTER: [$tu] request from
[$si]");<br>
xlog("L_INFO","[$ft][$au]@[$ad] - Processing
registration");<br>
xlog("L_INFO", "REGISTER: www_authorize returned
[$var(x)] to authenticate with [$rU]$ru credential");<br>
<br>
if (!www_authorize("digilink.net", "subscriber"))
{<br>
xlog("L_INFO","CHALLENGE: [$ft][$tt]");<br>
www_challenge("digilink.net","auth","MD5");<br>
exit;<br>
} else {<br>
xlog("L_ALERT", "REGISTER: URI [$tu][$rU]$ru
credential from [$si] - FAILED!");<br>
sl_send_reply(403, "Not Authorized!");<br>
exit;<br>
}<br>
<br>
xlog("L_INFO", "REGISTER: URI [$tu] -
[$rm][$ft][$tt] Registered $fu from $si");<br>
save("location");<br>
exit;<br>
}</font><br>
<br>
</blockquote>
<br>
</blockquote>
<br>
</body>
</html>