Hi,
I am currently deploying OpenSER v1.0 on a Linksys WRT54GS router ( www.milkfish.org ).
I have read through all available documentation concerning authentication and dbtext and I have configured OpenSER such that an MD5 hash string is stored in the subscribers file.
However (and this may-be specific to milkfish) the password was also always being stored as text. After editing and removing the parameter that stored the password as text in 'dbtextctl' authentication no longer works. This IMHO is because the UA is sending the password as text which is then being compared to the MD5 hash string, this test obviously fails.
One solution would be to receive the password as text, then construct the MD5 hash string then compare, however I don't know how to do this.
I have looked through openser.cfg but I can't seem to make heads or tails of (particularly the www_authorize and challenge part):
if (method=="REGISTER") { if (uri==myself) { #wants to register only at router, no external SIP provider #log(1, "internal REGISTER\n"); #make entry at local registrar if (!www_authorize("", "subscriber")) { www_challenge("", "0"); exit; }; save("location"); } else { #wants to register at external SIP provider #log(1, "external REGISTER\n"); #check if user is already registered at internal registrar if (!lookup("location")) { #if not do a drive-by registration #for registration at internal registrar #without a reply save_noreply("location"); }; #Fixing of private address in contact hf fix_nated_contact("217.189.167.187"); route(1); }; return;
};
If anyone could explain what is happening above, or how I could accomplish what I need (in which username, password and realm are received and an MD5 hash string is constructed) I would be much appreciated.
Regards, Istvan
Hi Istvan,
Just last night I loaded dd-wrt (v23) on a WRT54G. It loaded SER, not OpenSER which was pretty slick but I would rather have OpenSER on it :)
Can you send me the package you created, or instructions on creating a package myself ? Once OpenSER is loaded on the WRT54G, I'll try to give you a hand in resolving this problem.
I've been to the milkfish site in the past but didn't have the time to dig into it. I think that a linux (not FreeBSD) development environment is required. If this is the case, it will take me a little while to get up to speed as linux isn't for anything over here (which means that we would have to re-task an existing machine or build up a new one).
Regards, Norm norm at goes dot com
Istvan Hubay Cebrian wrote:
Hi,
I am currently deploying OpenSER v1.0 on a Linksys WRT54GS router ( www.milkfish.org ).
I have read through all available documentation concerning authentication and dbtext and I have configured OpenSER such that an MD5 hash string is stored in the subscribers file.
However (and this may-be specific to milkfish) the password was also always being stored as text. After editing and removing the parameter that stored the password as text in 'dbtextctl' authentication no longer works. This IMHO is because the UA is sending the password as text which is then being compared to the MD5 hash string, this test obviously fails.
One solution would be to receive the password as text, then construct the MD5 hash string then compare, however I don't know how to do this.
I have looked through openser.cfg but I can't seem to make heads or tails of (particularly the www_authorize and challenge part):
if (method=="REGISTER") { if (uri==myself) { #wants to register only at router, no external SIP provider #log(1, "internal REGISTER\n"); #make entry at local registrar if (!www_authorize("", "subscriber")) { www_challenge("", "0"); exit; }; save("location"); } else { #wants to register at external SIP provider #log(1, "external REGISTER\n"); #check if user is already registered at internal registrar if (!lookup("location")) { #if not do a drive-by registration #for registration at internal registrar #without a reply save_noreply("location"); }; #Fixing of private address in contact hf fix_nated_contact("217.189.167.187"); route(1); }; return;
};If anyone could explain what is happening above, or how I could accomplish what I need (in which username, password and realm are received and an MD5 hash string is constructed) I would be much appreciated.
Regards, Istvan
Hi Norman,
Milkfish.org provides various packages, you can download binaries that already include OpenWRT and the latest release of Milkfish/OpenSER ( http://developer.berlios.de/project/showfiles.php?group_id=3690 ) and simply flash this file to your router. Instructions on how to do this are available at the milkfish wiki: http://wiki.milkfish.org/index.php?n=Boozy.StepByStep this is probably the best option.
Alternatively you can firstly install OpenWRT (RC4 required) and then use ipkg (similar to apt-get) to retrieve and install milkfish packages which include OpenSER and Milkfish configuration files.
To do this you will first need a router running OpenWRT RC4 and already configured, then you will need to edit /etc/ipkg.conf and add the line 'src milkfish http://packages.milkfish.org/boozy/'.
Keep in mind that most files (particularly in /etc) are sym links to the read-only fs located in /rom. Therefore you will need to remove the sym link /etc/ipgk.conf that points to /rom/etc/ipkg.conf, and copy the original from /rom/etc/ipkg.conf to /etc/ and only then can you edit.
Once you're done run 'ipkg install milkfish' this will install OpenSER and Milkfish configuration files and depending on your needs you can run 'ipkg install rtpproxy'.
I had a few problems initially namely every installed script had as owner '1000' I had to change this to 'root' so that the web interface ran correctly. This should probably be enough however you should take a look at the milkfish wiki for more detailed instructions.
Hope this helps.
Regards, Istvan
-----Original Message----- From: Norman Brandinger [mailto:norm@goes.com] Sent: quarta-feira, 15 de Março de 2006 16:38 To: Istvan Hubay Cebrian Cc: users@openser.org Subject: Re: [Users] Authentication and Password encryption using dbtext
Hi Istvan,
Just last night I loaded dd-wrt (v23) on a WRT54G. It loaded SER, not OpenSER which was pretty slick but I would rather have OpenSER on it :)
Can you send me the package you created, or instructions on creating a package myself ? Once OpenSER is loaded on the WRT54G, I'll try to give you a hand in resolving this problem.
I've been to the milkfish site in the past but didn't have the time to dig into it. I think that a linux (not FreeBSD) development environment is required. If this is the case, it will take me a little while to get up to speed as linux isn't for anything over here (which means that we would have to re-task an existing machine or build up a new one).
Regards, Norm norm at goes dot com
Istvan Hubay Cebrian wrote:
Hi,
I am currently deploying OpenSER v1.0 on a Linksys WRT54GS router ( www.milkfish.org ).
I have read through all available documentation concerning authentication and dbtext and I have configured OpenSER such that an MD5 hash string is stored in the subscribers file.
However (and this may-be specific to milkfish) the password was also
always
being stored as text. After editing and removing the parameter that stored the password as text in 'dbtextctl' authentication no longer works. This IMHO is because the UA is sending the password as text which is then being compared to the MD5 hash string, this test obviously fails.
One solution would be to receive the password as text, then construct the MD5 hash string then compare, however I don't know how to do this.
I have looked through openser.cfg but I can't seem to make heads or tails
of
(particularly the www_authorize and challenge part):
if (method=="REGISTER") { if (uri==myself) { #wants to register only at router, no external SIP provider #log(1, "internal REGISTER\n"); #make entry at local registrar if (!www_authorize("", "subscriber")) { www_challenge("", "0"); exit; }; save("location"); } else { #wants to register at external SIP provider #log(1, "external REGISTER\n"); #check if user is already registered at internal registrar if (!lookup("location")) { #if not do a drive-by registration #for registration at internal registrar #without a reply save_noreply("location"); }; #Fixing of private address in contact hf fix_nated_contact("217.189.167.187"); route(1); }; return;
};If anyone could explain what is happening above, or how I could accomplish what I need (in which username, password and realm are received and an MD5 hash string is constructed) I would be much appreciated.
Regards, Istvan
Hello,
On 03/15/06 18:25, Istvan Hubay Cebrian wrote:
Hi,
I am currently deploying OpenSER v1.0 on a Linksys WRT54GS router ( www.milkfish.org ).
I have read through all available documentation concerning authentication and dbtext and I have configured OpenSER such that an MD5 hash string is stored in the subscribers file.
However (and this may-be specific to milkfish) the password was also always being stored as text. After editing and removing the parameter that stored the password as text in 'dbtextctl' authentication no longer works. This IMHO is because the UA is sending the password as text which is then being compared to the MD5 hash string, this test obviously fails.
One solution would be to receive the password as text, then construct the MD5 hash string then compare, however I don't know how to do this.
you can store the HA1 string and then set the proper parameters of auth_db module, see: http://openser.org/docs/modules/1.0.x/auth_db.html
-- just look at password_column and calculate_ha1 parameters.
Cheers, Daniel
I have looked through openser.cfg but I can't seem to make heads or tails of (particularly the www_authorize and challenge part):
if (method=="REGISTER") { if (uri==myself) { #wants to register only at router, no external SIP provider #log(1, "internal REGISTER\n"); #make entry at local registrar if (!www_authorize("", "subscriber")) { www_challenge("", "0"); exit; }; save("location"); } else { #wants to register at external SIP provider #log(1, "external REGISTER\n"); #check if user is already registered at internal registrar if (!lookup("location")) { #if not do a drive-by registration #for registration at internal registrar #without a reply save_noreply("location"); }; #Fixing of private address in contact hf fix_nated_contact("217.189.167.187"); route(1); }; return;
};If anyone could explain what is happening above, or how I could accomplish what I need (in which username, password and realm are received and an MD5 hash string is constructed) I would be much appreciated.
Regards, Istvan
-
Daniel-Constantin Mierla -
Istvan Hubay Cebrian -
Norman Brandinger