Re: [OpenSIPS-Users] Issues using memcache auth

Tue, 09 Jun 2015 09:32:04 -0700 

Hi Tito,
OK, so you have a plain text pwd in DB. You also load it to the script during DB auth and push it into the cache. What I was asking is to do some xlog from script to double check that whatever is stored and later fetched from script is correct - have you checked that ? 

Regards,

Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com

On 03.06.2015 20:01, Tito Cumpen wrote:

Bogdan,



The password is provided in plaintext by the db. The working scenario 
looks likes this :


loadmodule "auth.so"

loadmodule "auth_db.so"

modparam("auth_db", "calculate_ha1", yes)


modparam("auth_db", "password_column", "password")

#modparam("auth_db", "db_url",

modparam("auth_db", "db_url",

         "http://myauthdb";)


modparam("auth_db", "load_credentials", "")



On Wed, Jun 3, 2015 at 11:59 AM, Bogdan-Andrei Iancu 
<bog...@opensips.org <mailto:bog...@opensips.org>> wrote:


    Tito,

    In DB, what do you have - the plain text passwd or the HA1 ?

    Regards,

    Bogdan-Andrei Iancu
    OpenSIPS Founder and Developer
    http://www.opensips-solutions.com

    On 03.06.2015 18:56, Tito Cumpen wrote:

    Bogdan,

    The password is hashed into a numeric value it would seem. Though
    my http db provides the password in raw unhashed string when
    queried for the subscriber password. The debug shows that the md5
    hashing is not being matched matching but I am not sure why since
    the save function is only called if  (!www_authorize("",
    "subscriber")) is succeeded. Maybe something is being left out?

    Thanks,
     Tito


    On Wed, Jun 3, 2015 at 11:12 AM, Bogdan-Andrei Iancu
    <bog...@opensips.org <mailto:bog...@opensips.org>> wrote:

        Hi Tito,

        Have you double checked if the passwd you push to
        pv_www_authorize() (from cache) is the correct one ?

        Best Regards,

        Bogdan-Andrei Iancu
        OpenSIPS Founder and Developer
        http://www.opensips-solutions.com

        On 02.06.2015 01:58, Tito Cumpen wrote:

        my db http returns the password in plain string by the way.

        On Mon, Jun 1, 2015 at 6:57 PM, Tito Cumpen <t...@xsvoce.com
        <mailto:t...@xsvoce.com>> wrote:

            Hello group,


            I am attempting to add memcache auth validation in
            opensips 2.1. I was using http db which returns a string
            of the user password password. This was working prior to
            utilizing pv_www_authorize. I used this document as a
            guideline
            http://www.opensips.org/Documentation/Tutorials-MemoryCaching

            Here is my auth mod param config
            loadmodule "cachedb_local.so"
            loadmodule "auth.so"
            loadmodule "auth_db.so"
            modparam("auth","username_spec","$avp(i:54)")
            modparam("auth","password_spec","$avp(i:55)")
            modparam("auth","calculate_ha1",1)

            modparam("auth_db", "calculate_ha1", yes)

            modparam("auth_db", "password_column", "password")
            #modparam("auth_db", "db_url",
            modparam("auth_db", "db_url",
                     "http://mysubscriberdatabase.com";)

            modparam("auth_db", "load_credentials",
            "$avp(i:55)=password")


            if (is_method("REGISTER")) {

            # indicate that the client supports DTLS
            # so we know when he is called
            if (isflagset(SRC_WS))
            setbflag(DST_WS);

            if ( isflagset(uac_ws) ) {
                   xlog("setting avp attribute in register for
            websocket \n");

              $avp(attr)="websocket";
            }
            if(cache_fetch("local","passwd_$tu",$avp(i:55))) {
            xlog("$tU 's credentials are stored in local cache using
            it for this register request \n");
            $avp(i:54) = $tU;
            xlog("SCRIPT: stored password is $avp(i:55)\n");
            # perform auth from variables
            # $avp(i:54) contains the username
            # $avp(i:55) contains the password
            if (!pv_www_authorize("")) {
            $var(rc2) = pv_www_authorize("");
                         #  $var(rc2) = www_authorize("", "subscriber");
                   xlog("Return code is $var(rc2) \n");
             switch ( $var(rc2) ) {
                case 1 :
                       # if ( proto==TCP ||  0 ) {
                       # setflag(TCP_PERSISTENT);
                        #        setflag(6);
                         #   }

                            if (!save("location","f"))
            sl_reply_error();

                            exit;


                    # success
                    break;
                case -1:
            sl_send_reply("404","User not found");
                    exit;
                    break;
                case -2:
            sl_send_reply("403","Forbidden (Bad auth)");
                            exit;
                    break;
                      case -3:
             www_challenge("", "0");
                    exit;
            #sl_send_reply("403","Forbidden auth ID");
                    #break;
                default:
                 www_challenge("", "0");
                            exit;

            }

            };

                     if (!save("location","f"))
            sl_reply_error();

                            exit;
            }else{
            xlog("could not find the auth info in local cache for
            $tU\n");
            xlog("accessing the external db for auth info");
              # authenticate the REGISTER requests
                            if (!www_authorize("", "subscriber"))
                            {
            xlog("new challenger  $tU\n");


                            # www_challenge("", "0");



                            $var(rc) = www_authorize("", "subscriber");
                    xlog("Return code is $var(rc) \n");

                    switch ( $var(rc) ) {
                case 1 :
                       # if ( proto==TCP ||  0 ) {
                       # setflag(TCP_PERSISTENT);
                        #        setflag(6);
                         #   }
                          #  $avp(me) = $(tU{s.tolower});

             cache_store("local","passwd_$tu","$avp(i:55)",1200);

                            if (!save("location","f"))
            sl_reply_error();

                            exit;


                    # success
                    break;
                case -1:
            sl_send_reply("404","User not found");
                    exit;
                    break;
                case -2:
            sl_send_reply("403","Forbidden (Bad auth)");
                            exit;
                    break;
                      case -3:
             www_challenge("", "0");
                    exit;
            #sl_send_reply("403","Forbidden auth ID");
                    #break;
                default:
                 www_challenge("", "0");
                            exit;

            }
            }

            xlog("should be storing local now that it has been
            authorized\n");
             cache_store("local","passwd_$tu","$avp(i:55)",1200);
            }

            if (!save("location","f"))
            sl_reply_error();

            exit;
            }



            The issue is the pv__www_authorize method after the
            verification wether the password is stored locally
            always returns -2 which means the password is incorrect.
            Can anyone provide any guidence as to why this is ?


            Thanks,
            Tito




        _______________________________________________
        Users mailing list
        Users@lists.opensips.org  <mailto:Users@lists.opensips.org>
        http://lists.opensips.org/cgi-bin/mailman/listinfo/users









_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users






















					Reply via email to