[OpenSIPS-Users] Issues using memcache auth

Bogdan-Andrei Iancu bogdan at opensips.org
Wed Jun 3 17:59:16 CEST 2015


Tito,

In DB, what do you have - the plain text passwd or the HA1 ?

Regards,

Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com

On 03.06.2015 18:56, Tito Cumpen wrote:
> Bogdan,
>
> The password is hashed into a numeric value it would seem. Though my 
> http db provides the password in raw unhashed string when queried for 
> the subscriber password. The debug shows that the md5 hashing is not 
> being matched matching but I am not sure why since the save function 
> is only called if  (!www_authorize("", "subscriber")) is succeeded. 
> Maybe something is being left out?
>
> Thanks,
>  Tito
>
>
> On Wed, Jun 3, 2015 at 11:12 AM, Bogdan-Andrei Iancu 
> <bogdan at opensips.org <mailto:bogdan at opensips.org>> wrote:
>
>     Hi Tito,
>
>     Have you double checked if the passwd you push to
>     pv_www_authorize() (from cache) is the correct one ?
>
>     Best Regards,
>
>     Bogdan-Andrei Iancu
>     OpenSIPS Founder and Developer
>     http://www.opensips-solutions.com
>
>     On 02.06.2015 01:58, Tito Cumpen wrote:
>>     my db http returns the password in plain string by the way.
>>
>>     On Mon, Jun 1, 2015 at 6:57 PM, Tito Cumpen <tito at xsvoce.com
>>     <mailto:tito at xsvoce.com>> wrote:
>>
>>         Hello group,
>>
>>
>>         I am attempting to add memcache auth validation in opensips
>>         2.1. I was using http db which returns a string of the user
>>         password password. This was working prior to utilizing
>>         pv_www_authorize. I used this document as a guideline
>>         http://www.opensips.org/Documentation/Tutorials-MemoryCaching
>>
>>         Here is my auth mod param config
>>         loadmodule "cachedb_local.so"
>>         loadmodule "auth.so"
>>         loadmodule "auth_db.so"
>>         modparam("auth","username_spec","$avp(i:54)")
>>         modparam("auth","password_spec","$avp(i:55)")
>>         modparam("auth","calculate_ha1",1)
>>
>>         modparam("auth_db", "calculate_ha1", yes)
>>
>>         modparam("auth_db", "password_column", "password")
>>         #modparam("auth_db", "db_url",
>>         modparam("auth_db", "db_url",
>>                  "http://mysubscriberdatabase.com")
>>
>>         modparam("auth_db", "load_credentials", "$avp(i:55)=password")
>>
>>
>>         if (is_method("REGISTER")) {
>>
>>         # indicate that the client supports DTLS
>>         # so we know when he is called
>>         if (isflagset(SRC_WS))
>>         setbflag(DST_WS);
>>
>>         if ( isflagset(uac_ws) ) {
>>                xlog("setting avp attribute in register for websocket
>>         \n");
>>
>>           $avp(attr)="websocket";
>>         }
>>         if(cache_fetch("local","passwd_$tu",$avp(i:55))) {
>>         xlog("$tU 's credentials are stored in local cache using it
>>         for this register request \n");
>>         $avp(i:54) = $tU;
>>         xlog("SCRIPT: stored password is $avp(i:55)\n");
>>         # perform auth from variables
>>         # $avp(i:54) contains the username
>>         # $avp(i:55) contains the password
>>         if (!pv_www_authorize("")) {
>>         $var(rc2) = pv_www_authorize("");
>>                      #  $var(rc2) = www_authorize("", "subscriber");
>>                xlog("Return code is $var(rc2) \n");
>>                        switch ( $var(rc2) ) {
>>             case 1 :
>>                    # if ( proto==TCP ||  0 ) {
>>                    # setflag(TCP_PERSISTENT);
>>                     #  setflag(6);
>>                      #   }
>>
>>                         if (!save("location","f"))
>>         sl_reply_error();
>>
>>                         exit;
>>
>>
>>                 # success
>>                 break;
>>             case -1:
>>                 sl_send_reply("404","User not found");
>>                 exit;
>>                 break;
>>             case -2:
>>                 sl_send_reply("403","Forbidden (Bad auth)");
>>                         exit;
>>                 break;
>>                   case -3:
>>                www_challenge("", "0");
>>                 exit;
>>                 #sl_send_reply("403","Forbidden auth ID");
>>                 #break;
>>             default:
>>          www_challenge("", "0");
>>                         exit;
>>
>>         }
>>
>>         };
>>
>>                  if (!save("location","f"))
>>         sl_reply_error();
>>
>>                         exit;
>>         }else{
>>         xlog("could not find the auth info in local cache for $tU\n");
>>         xlog("accessing the external db for auth info");
>>           # authenticate the REGISTER requests
>>                         if (!www_authorize("", "subscriber"))
>>                         {
>>                 xlog("new challenger  $tU\n");
>>
>>
>>                         # www_challenge("", "0");
>>
>>
>>
>>                         $var(rc) = www_authorize("", "subscriber");
>>                 xlog("Return code is $var(rc) \n");
>>
>>                 switch ( $var(rc) ) {
>>             case 1 :
>>                    # if ( proto==TCP ||  0 ) {
>>                    # setflag(TCP_PERSISTENT);
>>                     #  setflag(6);
>>                      #   }
>>         #        $avp(me) = $(tU{s.tolower});
>>
>>          cache_store("local","passwd_$tu","$avp(i:55)",1200);
>>
>>                         if (!save("location","f"))
>>         sl_reply_error();
>>
>>                         exit;
>>
>>
>>                 # success
>>                 break;
>>             case -1:
>>                 sl_send_reply("404","User not found");
>>                 exit;
>>                 break;
>>             case -2:
>>                 sl_send_reply("403","Forbidden (Bad auth)");
>>                         exit;
>>                 break;
>>                   case -3:
>>                www_challenge("", "0");
>>                 exit;
>>                 #sl_send_reply("403","Forbidden auth ID");
>>                 #break;
>>             default:
>>          www_challenge("", "0");
>>                         exit;
>>
>>         }
>>         }
>>
>>         xlog("should be storing local now that it has been
>>         authorized\n");
>>          cache_store("local","passwd_$tu","$avp(i:55)",1200);
>>         }
>>
>>         if (!save("location","f"))
>>         sl_reply_error();
>>
>>         exit;
>>         }
>>
>>
>>
>>         The issue is the pv__www_authorize method after the
>>         verification wether the password is stored locally always
>>         returns -2 which means the password is incorrect. Can anyone
>>         provide any guidence as to why this is ?
>>
>>
>>         Thanks,
>>         Tito
>>
>>
>>
>>
>>     _______________________________________________
>>     Users mailing list
>>     Users at lists.opensips.org  <mailto:Users at lists.opensips.org>
>>     http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20150603/34c3513c/attachment-0001.htm>


More information about the Users mailing list