[OpenSIPS-Users] Issues using memcache auth

Tito Cumpen tito at xsvoce.com
Wed Jun 3 19:01:11 CEST 2015


Bogdan,


The password is provided in plaintext by the db. The working scenario looks
likes this :

loadmodule "auth.so"

loadmodule "auth_db.so"

modparam("auth_db", "calculate_ha1", yes)


modparam("auth_db", "password_column", "password")

#modparam("auth_db", "db_url",

modparam("auth_db", "db_url",

         "http://myauthdb")


modparam("auth_db", "load_credentials", "")

On Wed, Jun 3, 2015 at 11:59 AM, Bogdan-Andrei Iancu <bogdan at opensips.org>
wrote:

>  Tito,
>
> In DB, what do you have - the plain text passwd or the HA1 ?
>
> Regards,
>
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developerhttp://www.opensips-solutions.com
>
> On 03.06.2015 18:56, Tito Cumpen wrote:
>
> Bogdan,
>
>  The password is hashed into a numeric value it would seem. Though my
> http db provides the password in raw unhashed string when queried for the
> subscriber password. The debug shows that the md5 hashing is not being
> matched matching but I am not sure why since the save function is only
> called if  (!www_authorize("", "subscriber")) is succeeded. Maybe
> something is being left out?
>
>  Thanks,
>  Tito
>
>
> On Wed, Jun 3, 2015 at 11:12 AM, Bogdan-Andrei Iancu <bogdan at opensips.org>
> wrote:
>
>>  Hi Tito,
>>
>> Have you double checked if the passwd you push to pv_www_authorize()
>> (from cache) is the correct one ?
>>
>> Best Regards,
>>
>> Bogdan-Andrei Iancu
>> OpenSIPS Founder and Developerhttp://www.opensips-solutions.com
>>
>>  On 02.06.2015 01:58, Tito Cumpen wrote:
>>
>>  my db http returns the password in plain string by the way.
>>
>> On Mon, Jun 1, 2015 at 6:57 PM, Tito Cumpen <tito at xsvoce.com> wrote:
>>
>>> Hello group,
>>>
>>>
>>>  I am attempting to add memcache auth validation in opensips 2.1. I was
>>> using http db which returns a string of the user password password. This
>>> was working prior to utilizing pv_www_authorize. I used this document as a
>>> guideline http://www.opensips.org/Documentation/Tutorials-MemoryCaching
>>>
>>>  Here is my auth mod param config
>>>  loadmodule "cachedb_local.so"
>>> loadmodule "auth.so"
>>> loadmodule "auth_db.so"
>>> modparam("auth","username_spec","$avp(i:54)")
>>> modparam("auth","password_spec","$avp(i:55)")
>>> modparam("auth","calculate_ha1",1)
>>>
>>>  modparam("auth_db", "calculate_ha1", yes)
>>>
>>>  modparam("auth_db", "password_column", "password")
>>> #modparam("auth_db", "db_url",
>>> modparam("auth_db", "db_url",
>>>           "http://mysubscriberdatabase.com")
>>>
>>>  modparam("auth_db", "load_credentials", "$avp(i:55)=password")
>>>
>>>
>>>  if (is_method("REGISTER")) {
>>>
>>>  # indicate that the client supports DTLS
>>>  # so we know when he is called
>>>  if (isflagset(SRC_WS))
>>>  setbflag(DST_WS);
>>>
>>>  if ( isflagset(uac_ws) ) {
>>>         xlog("setting avp attribute in register for websocket \n");
>>>
>>>    $avp(attr)="websocket";
>>> }
>>>    if(cache_fetch("local","passwd_$tu",$avp(i:55))) {
>>>  xlog("$tU 's credentials are stored in local cache using it for this
>>> register request \n");
>>>  $avp(i:54) = $tU;
>>>  xlog("SCRIPT: stored password is $avp(i:55)\n");
>>>  # perform auth from variables
>>>  # $avp(i:54) contains the username
>>>  # $avp(i:55) contains the password
>>>  if (!pv_www_authorize("")) {
>>>  $var(rc2) = pv_www_authorize("");
>>>               #  $var(rc2) = www_authorize("", "subscriber");
>>>         xlog("Return code is $var(rc2) \n");
>>>                 switch ( $var(rc2) ) {
>>>     case 1 :
>>>            # if ( proto==TCP ||  0 ) {
>>>            #             setflag(TCP_PERSISTENT);
>>>             #                    setflag(6);
>>>              #   }
>>>
>>>
>>>                  if (!save("location","f"))
>>>                         sl_reply_error();
>>>
>>>                  exit;
>>>
>>>
>>>          # success
>>>         break;
>>>     case -1:
>>>         sl_send_reply("404","User not found");
>>>         exit;
>>>         break;
>>>     case -2:
>>>         sl_send_reply("403","Forbidden (Bad auth)");
>>>                 exit;
>>>         break;
>>>           case -3:
>>>                                                www_challenge("", "0");
>>>         exit;
>>>         #sl_send_reply("403","Forbidden auth ID");
>>>         #break;
>>>     default:
>>>                                www_challenge("", "0");
>>>                 exit;
>>>
>>>  }
>>>
>>>  };
>>>
>>>            if (!save("location","f"))
>>>                         sl_reply_error();
>>>
>>>                  exit;
>>>   }else{
>>>   xlog("could not find the auth info in local cache for $tU\n");
>>>  xlog("accessing the external db for auth info");
>>>    # authenticate the REGISTER requests
>>>                 if (!www_authorize("", "subscriber"))
>>>                 {
>>>                                                 xlog("new challenger
>>>  $tU\n");
>>>
>>>
>>>                  #       www_challenge("", "0");
>>>
>>>
>>>
>>>                  $var(rc) = www_authorize("", "subscriber");
>>>         xlog("Return code is $var(rc) \n");
>>>
>>>          switch ( $var(rc) ) {
>>>     case 1 :
>>>            # if ( proto==TCP ||  0 ) {
>>>            #             setflag(TCP_PERSISTENT);
>>>             #                    setflag(6);
>>>              #   }
>>>                                         #        $avp(me) =
>>> $(tU{s.tolower});
>>>
>>>                 cache_store("local","passwd_$tu","$avp(i:55)",1200);
>>>
>>>                  if (!save("location","f"))
>>>                         sl_reply_error();
>>>
>>>                  exit;
>>>
>>>
>>>          # success
>>>         break;
>>>     case -1:
>>>         sl_send_reply("404","User not found");
>>>         exit;
>>>         break;
>>>     case -2:
>>>         sl_send_reply("403","Forbidden (Bad auth)");
>>>                 exit;
>>>         break;
>>>           case -3:
>>>                                                www_challenge("", "0");
>>>         exit;
>>>         #sl_send_reply("403","Forbidden auth ID");
>>>         #break;
>>>     default:
>>>                                www_challenge("", "0");
>>>                 exit;
>>>
>>>  }
>>> }
>>>
>>>  xlog("should be storing local now that it has been authorized\n");
>>>
>>>  cache_store("local","passwd_$tu","$avp(i:55)",1200);
>>>  }
>>>
>>>  if (!save("location","f"))
>>>  sl_reply_error();
>>>
>>>  exit;
>>>  }
>>>
>>>
>>>
>>>  The issue is the pv__www_authorize method after the verification
>>> wether the password is stored locally always returns -2 which means the
>>> password is incorrect. Can anyone provide any guidence as to why this is ?
>>>
>>>
>>>  Thanks,
>>> Tito
>>>
>>
>>
>>
>>  _______________________________________________
>> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20150603/58dfc908/attachment-0001.htm>


More information about the Users mailing list