[OpenSIPS-Users] Issues using memcache auth

Bogdan-Andrei Iancu bogdan at opensips.org
Wed Jun 3 17:12:43 CEST 2015


Hi Tito,

Have you double checked if the passwd you push to pv_www_authorize() 
(from cache) is the correct one ?

Best Regards,

Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com

On 02.06.2015 01:58, Tito Cumpen wrote:
> my db http returns the password in plain string by the way.
>
> On Mon, Jun 1, 2015 at 6:57 PM, Tito Cumpen <tito at xsvoce.com 
> <mailto:tito at xsvoce.com>> wrote:
>
>     Hello group,
>
>
>     I am attempting to add memcache auth validation in opensips 2.1. I
>     was using http db which returns a string of the user password
>     password. This was working prior to utilizing pv_www_authorize. I
>     used this document as a guideline
>     http://www.opensips.org/Documentation/Tutorials-MemoryCaching
>
>     Here is my auth mod param config
>     loadmodule "cachedb_local.so"
>     loadmodule "auth.so"
>     loadmodule "auth_db.so"
>     modparam("auth","username_spec","$avp(i:54)")
>     modparam("auth","password_spec","$avp(i:55)")
>     modparam("auth","calculate_ha1",1)
>
>     modparam("auth_db", "calculate_ha1", yes)
>
>     modparam("auth_db", "password_column", "password")
>     #modparam("auth_db", "db_url",
>     modparam("auth_db", "db_url",
>              "http://mysubscriberdatabase.com")
>
>     modparam("auth_db", "load_credentials", "$avp(i:55)=password")
>
>
>     if (is_method("REGISTER")) {
>
>     # indicate that the client supports DTLS
>     # so we know when he is called
>     if (isflagset(SRC_WS))
>     setbflag(DST_WS);
>
>     if ( isflagset(uac_ws) ) {
>      xlog("setting avp attribute in register for websocket \n");
>
>       $avp(attr)="websocket";
>     }
>     if(cache_fetch("local","passwd_$tu",$avp(i:55))) {
>     xlog("$tU 's credentials are stored in local cache using it for
>     this register request \n");
>     $avp(i:54) = $tU;
>     xlog("SCRIPT: stored password is $avp(i:55)\n");
>     # perform auth from variables
>     # $avp(i:54) contains the username
>     # $avp(i:55) contains the password
>     if (!pv_www_authorize("")) {
>     $var(rc2) = pv_www_authorize("");
>          #  $var(rc2) = www_authorize("", "subscriber");
>      xlog("Return code is $var(rc2) \n");
>            switch ( $var(rc2) ) {
>         case 1 :
>                # if ( proto==TCP ||  0 ) {
>                #             setflag(TCP_PERSISTENT);
>                 #                    setflag(6);
>                  #   }
>
>                     if (!save("location","f"))
>                             sl_reply_error();
>
>                     exit;
>
>
>             # success
>             break;
>         case -1:
>             sl_send_reply("404","User not found");
>             exit;
>             break;
>         case -2:
>             sl_send_reply("403","Forbidden (Bad auth)");
>                     exit;
>             break;
>               case -3:
>      www_challenge("", "0");
>             exit;
>             #sl_send_reply("403","Forbidden auth ID");
>             #break;
>         default:
>                                    www_challenge("", "0");
>                     exit;
>
>     }
>
>     };
>
>              if (!save("location","f"))
>                             sl_reply_error();
>
>                     exit;
>     }else{
>     xlog("could not find the auth info in local cache for $tU\n");
>     xlog("accessing the external db for auth info");
>       # authenticate the REGISTER requests
>                     if (!www_authorize("", "subscriber"))
>                     {
>     xlog("new challenger  $tU\n");
>
>
>                     #       www_challenge("", "0");
>
>
>
>                     $var(rc) = www_authorize("", "subscriber");
>             xlog("Return code is $var(rc) \n");
>
>             switch ( $var(rc) ) {
>         case 1 :
>                # if ( proto==TCP ||  0 ) {
>                #             setflag(TCP_PERSISTENT);
>                 #                    setflag(6);
>                  #   }
>                                             #  $avp(me) =
>     $(tU{s.tolower});
>
>      cache_store("local","passwd_$tu","$avp(i:55)",1200);
>
>                     if (!save("location","f"))
>                             sl_reply_error();
>
>                     exit;
>
>
>             # success
>             break;
>         case -1:
>             sl_send_reply("404","User not found");
>             exit;
>             break;
>         case -2:
>             sl_send_reply("403","Forbidden (Bad auth)");
>                     exit;
>             break;
>               case -3:
>      www_challenge("", "0");
>             exit;
>             #sl_send_reply("403","Forbidden auth ID");
>             #break;
>         default:
>                                    www_challenge("", "0");
>                     exit;
>
>     }
>     }
>
>     xlog("should be storing local now that it has been authorized\n");
>      cache_store("local","passwd_$tu","$avp(i:55)",1200);
>     }
>
>     if (!save("location","f"))
>     sl_reply_error();
>
>     exit;
>     }
>
>
>
>     The issue is the pv__www_authorize method after the verification
>     wether the password is stored locally always returns -2 which
>     means the password is incorrect. Can anyone provide any guidence
>     as to why this is ?
>
>
>     Thanks,
>     Tito
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20150603/b6d5ff59/attachment-0001.htm>


More information about the Users mailing list