Ok, It would appear that I'm a little silly, due to the way FreeRadius logs the information on the console. I've been debugging the information that I get, and I can see that the Digest-Attributes actually contain the information, in accordance to the following:
The first Digest Attribute is the User-Name, The second Digest Attribute is the Realm, The third Digest Attribute is the nonce, The fourth Digest Attribute is the uri, The fifth Digest Attribute is the SIP-METHOD request. I didn't realize this in the begining, as it was all HEX dumped, so I couldn't see that I'm actually looking at the information. Now, my question is this, what is the formula to calculate the digest from all of the above information? I've tried backtracking the code, but ended up with a slight headache. If anyone has information, that would be highly appreciated. Regards, Z2L ----- Original Message ----- From: "FreeRadius-ML" <[EMAIL PROTECTED]> To: "freeradius-users" <freeradius-users@lists.freeradius.org> Sent: Tuesday, July 24, 2007 1:07:01 PM (GMT+0200) Asia/Jerusalem Subject: Re: rml_perl question Ok, I think I'm getting somewhere on this. After running wireshark and capturing the traffic, I actually realized that the Authentication/Authorization headers consists of a random hash that is identified by the nonce number. Following is an example: Authorization: Digest username="101", realm="192.168.2.80", algorithm=MD5, uri="sip:192.168.2.80", nonce="469f2996b4bb829917c6d5d7c3c50bed9da77682", response="1efb1851e1e96ce6855bf406735af4b6" Now, if I understand correctly, the digest will be calculated from the combination of the username, uri and nonce. Problem is, it would appear that I'm unable to access the nonce field from rlm_perl, unless, I'm missing something. Regards, Z2L ----- Original Message ----- From: "FreeRadius-ML" <[EMAIL PROTECTED]> To: "freeradius-users" <freeradius-users@lists.freeradius.org> Sent: Tuesday, July 24, 2007 11:43:19 AM (GMT+0200) Asia/Jerusalem Subject: Re: rml_perl question Hi Peter, Well, according to the RFC, the string should be: username:realm:password and then into the md5sum. Now, according to my logs, I can see the following: Packet-Type = Access-Request Thu Jul 19 09:37:23 2007 User-Name = "[EMAIL PROTECTED]" Digest-Attributes = 0x0a05313031 Digest-Attributes = 0x010e3139322e3136382e322e3830 Digest-Attributes = 0x022a34363966313930646437336461386462323964356231306236373262646532633262623030353733 Digest-Attributes = 0x04127369703a3139322e3136382e322e3830 Digest-Attributes = 0x030a5245474953544552 Digest-Response = "80d23e66bd4d667eb445c89b74ff7a6b" Service-Type = IAPP-Register Sip-Uri-User = "101" NAS-Port = 5060 NAS-IP-Address = 192.168.2.80 Client-IP-Address = 192.168.2.80 Now, the password for that user is 101. So, I did the following: echo '[EMAIL PROTECTED]:192.168.2.80:101' | md5sum, which generated the following output: ec6cec8f0b5904ba56401b1e305638b5. Now, examining the log file shows that a few minutes before that, the Access-Request looks like this: Packet-Type = Access-Request Thu Jul 19 09:29:54 2007 User-Name = "[EMAIL PROTECTED]" Digest-Attributes = 0x0a05313031 Digest-Attributes = 0x010e3139322e3136382e322e3830 Digest-Attributes = 0x022a34363966313734623339623735663735363137326635613334646135666437393766353563353632 Digest-Attributes = 0x04127369703a3139322e3136382e322e3830 Digest-Attributes = 0x030a5245474953544552 Digest-Response = "a15ff7de436bada1093be663290f8ad8" Service-Type = IAPP-Register Sip-Uri-User = "101" NAS-Port = 5060 NAS-IP-Address = 192.168.2.80 Client-IP-Address = 192.168.2.80 As you can see, the Digest here is different, so I'm surely missing something here. Regards, Z2L ----- Original Message ----- From: "Peter Nixon" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED], "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Sent: Tuesday, July 24, 2007 11:30:25 AM (GMT+0200) Asia/Jerusalem Subject: Re: rml_perl question On Tue 24 Jul 2007, FreeRadius-ML wrote: > Thanks, that helps a bunch. > > Another question, may be non related. Anyone has an idea how does OpenSER > and FreeRadius calculate the Digest response for rlm_digest? > > According to the output of my rlm_perl RAD_REQUEST, I'm getting the > following request from the OpenSER server: > > rlm_perl: RAD_REQUEST: Client-IP-Address = 192.168.2.80 > rlm_perl: RAD_REQUEST: Digest-Response = 80d23e66bd4d667eb445c89b74ff7a6b > rlm_perl: RAD_REQUEST: User-Name = [EMAIL PROTECTED] > rlm_perl: RAD_REQUEST: Service-Type = IAPP-Register > rlm_perl: RAD_REQUEST: NAS-IP-Address = 192.168.2.80 > rlm_perl: RAD_REQUEST: NAS-Port = 5060 > rlm_perl: RAD_REQUEST: Sip-Uri-User = 101 > rlm_perl: RAD_REQUEST: Digest-Attributes = ARRAY(0x84e7a90) > rlm_perl: Added pair Auth-Type = perl > > If I understand correctly, I need to calculate the digest response, > according to the information I hold in my AAA database, which should match > the Digest-Response request. My question is, what is the actual string > format that is required for the calculation of the Digest-Response? Read RFC 2617 -- Peter Nixon http://peternixon.net/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html