[SR-Users] Grab users password from WWW-Auth header

Alexandru Covalschi 568691 at gmail.com
Fri Nov 13 15:29:17 CET 2015


So it should be like

...
if (!has_credentials("myrealm")) {
	www_challenge("$td", "1");
}

else {

     if (!my_script()){

         sl_send_reply("401", "Not Authorized");
         }

}

...

2015-11-13 16:13 GMT+02:00 Alexandru Covalschi <568691 at gmail.com>:

> simple send_reply("200", "OK");, sorry
>
> 2015-11-13 16:02 GMT+02:00 Alexandru Covalschi <568691 at gmail.com>:
>
>> Thanks for your reply! But the problem is - I need to provide to API
>> user's login and password. Kamailio doesn't know them. So my idea was to
>> transmit to API the salt and encrypted password. Would that work? I see it
>> that way
>> 1. User sends register request.
>> 2. Kamailio sends to API salt and ecnr.passwd
>> 3. API recalculates MD5 on its side and compares with encr.passwd
>> 4. Sends OK if it's ok, huh
>> 5. I receive OK from API and send simple 200 OK to user
>>
>> Do you see any logical mistakes here? Do I need some speacial 200 OK to
>> approve registration, or simple send_reply("401", "OK"); is enough?
>>
>>
>> 2015-11-13 15:21 GMT+02:00 Sebastian Damm <damm at sipgate.de>:
>>
>>> Hello,
>>>
>>> if your script can return the password for the user to Kamailio, you
>>> could use the pv_*_authenticate functions. You can pass the password to
>>> check against to these functions in a pseudo variable.
>>>
>>>
>>> http://www.kamailio.net/docs/modules/4.3.x/modules/auth.html#auth.f.pv_www_authenticate
>>>
>>> Best Regards,
>>> Sebastian
>>>
>>> On Fri, Nov 13, 2015 at 2:14 PM, Alexandru Covalschi <568691 at gmail.com>
>>> wrote:
>>>
>>>> UPD: If upper method is possible - I assume I can check if message has
>>>> Auth header using
>>>>
>>>> if (has_credentials("myrealm")) {
>>>>     ...
>>>> }
>>>> Can you please specify how to grab it?
>>>>
>>>>
>>>> 2015-11-13 15:08 GMT+02:00 Alexandru Covalschi <568691 at gmail.com>:
>>>>
>>>>> Hello!
>>>>> My problem is I need to do users authentication through API. So I need
>>>>> to replace
>>>>>
>>>>> if (!www_authenticate("$td", "subscriber")) {
>>>>> 	www_challenge("$td", "1");
>>>>> }
>>>>>
>>>>> With
>>>>>
>>>>> if (!my_auth_script()) {
>>>>> 	www_challenge("$td", "1");
>>>>> }
>>>>>
>>>>> The main problem is - how can I grab or compare users password? I know
>>>>> nonce, which I understand is MD5 salt. Can I, for example, grab users
>>>>> password from API, then grab the MD5 string and the nonce user sent me,
>>>>> calculate MD5 on base of API password and nonce - and then compare MD5
>>>>> strings sent by user and calculated?
>>>>>
>>>>> --
>>>>> Alexandru Covalschi
>>>>> ABRISS-Solutions
>>>>> VoIP engineer and system administrator
>>>>> phone: +37367398493
>>>>> web: http://abs-telecom.com/
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Alexandru Covalschi
>>>> ABRISS-Solutions
>>>> VoIP engineer and system administrator
>>>> phone: +37367398493
>>>> web: http://abs-telecom.com/
>>>>
>>>> _______________________________________________
>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>> sr-users at lists.sip-router.org
>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>>>
>>>
>>> _______________________________________________
>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>> sr-users at lists.sip-router.org
>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>
>>>
>>
>>
>> --
>> Alexandru Covalschi
>> ABRISS-Solutions
>> VoIP engineer and system administrator
>> phone: +37367398493
>> web: http://abs-telecom.com/
>>
>
>
>
> --
> Alexandru Covalschi
> ABRISS-Solutions
> VoIP engineer and system administrator
> phone: +37367398493
> web: http://abs-telecom.com/
>



-- 
Alexandru Covalschi
ABRISS-Solutions
VoIP engineer and system administrator
phone: +37367398493
web: http://abs-telecom.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20151113/2ef9d585/attachment.html>


More information about the sr-users mailing list