[Users] Authentication and Password encryption using dbtext

Istvan Hubay Cebrian ihc.www at gmail.com
Wed Mar 15 17:25:17 CET 2006 

Hi,

I am currently deploying OpenSER v1.0 on a Linksys WRT54GS router (
www.milkfish.org ). 

I have read through all available documentation concerning authentication
and dbtext and I have configured OpenSER such that an MD5 hash string is
stored in the subscribers file. 

However (and this may-be specific to milkfish) the password was also always
being stored as text. After editing and removing the parameter that stored
the password as text in 'dbtextctl' authentication no longer works. This
IMHO is because the UA is sending the password as text which is then being
compared to the MD5 hash string, this test obviously fails.

One solution would be to receive the password as text, then construct the
MD5 hash string then compare, however I don't know how to do this.

I have looked through openser.cfg but I can't seem to make heads or tails of
(particularly the www_authorize and challenge part):

if (method=="REGISTER") 
        {                             
                if (uri==myself)
                {
                        #wants to register only at router, no external SIP
provider  
                        #log(1, "internal REGISTER\n");
                        #make entry at local registrar
        		if (!www_authorize("", "subscriber")) {
	            		www_challenge("", "0");
			        exit;
		        };           
                        save("location");
                }
                else    
                {       
                        #wants to register at external SIP provider 
                        #log(1, "external REGISTER\n");
                        #check if user is already registered at internal
registrar 
                        if (!lookup("location"))
                        {
                                #if not do a drive-by registration
                                #for registration at internal registrar
                                #without a reply 
                                save_noreply("location");       
                        };
                        #Fixing of private address in contact hf
                        fix_nated_contact("217.189.167.187"); 
                        route(1);
                };
                return;
                             
        };   

If anyone could explain what is happening above, or how I could accomplish
what I need (in which username, password and realm are received and an MD5
hash string is constructed) I would be much appreciated.

Regards,
Istvan


-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.2.3/281 - Release Date: 14-03-2006

More information about the sr-users mailing list