[SR-Users] Grab users password from WWW-Auth header

Fri Nov 13 15:39:10 CET 2015

Hello,

it't been a while since I worked with external scripts, but you can exec
external scripts. See:
http://www.kamailio.net/docs/modules/4.3.x/modules/exec.html

The documentation says, you can access header fields of the packet via
environment variables. So you can get the WWW-Authorize header into your
script, extract the needed fields and send them to the API. The API then
should be able to calculate the response again according to the Digest
Authentication rules with the supplied information and the plain password.

Best Regards,
Sebastian

On Fri, Nov 13, 2015 at 3:13 PM, Alexandru Covalschi <568691 at gmail.com>
wrote:

> simple send_reply("200", "OK");, sorry
>
> 2015-11-13 16:02 GMT+02:00 Alexandru Covalschi <568691 at gmail.com>:
>
>> Thanks for your reply! But the problem is - I need to provide to API
>> user's login and password. Kamailio doesn't know them. So my idea was to
>> transmit to API the salt and encrypted password. Would that work? I see it
>> that way
>> 1. User sends register request.
>> 2. Kamailio sends to API salt and ecnr.passwd
>> 3. API recalculates MD5 on its side and compares with encr.passwd
>> 4. Sends OK if it's ok, huh
>> 5. I receive OK from API and send simple 200 OK to user
>>
>> Do you see any logical mistakes here? Do I need some speacial 200 OK to
>> approve registration, or simple send_reply("401", "OK"); is enough?
>>
>>
>> 2015-11-13 15:21 GMT+02:00 Sebastian Damm <damm at sipgate.de>:
>>
>>> Hello,
>>>
>>> if your script can return the password for the user to Kamailio, you
>>> could use the pv_*_authenticate functions. You can pass the password to
>>> check against to these functions in a pseudo variable.
>>>
>>>
>>> http://www.kamailio.net/docs/modules/4.3.x/modules/auth.html#auth.f.pv_www_authenticate
>>>
>>> Best Regards,
>>> Sebastian
>>>
>>> On Fri, Nov 13, 2015 at 2:14 PM, Alexandru Covalschi <568691 at gmail.com>
>>> wrote:
>>>
>>>> UPD: If upper method is possible - I assume I can check if message has
>>>> Auth header using
>>>>
>>>> if (has_credentials("myrealm")) {
>>>>     ...
>>>> }
>>>> Can you please specify how to grab it?
>>>>
>>>>
>>>> 2015-11-13 15:08 GMT+02:00 Alexandru Covalschi <568691 at gmail.com>:
>>>>
>>>>> Hello!
>>>>> My problem is I need to do users authentication through API. So I need
>>>>> to replace
>>>>>
>>>>> if (!www_authenticate("$td", "subscriber")) {
>>>>> 	www_challenge("$td", "1");
>>>>> }
>>>>>
>>>>> With
>>>>>
>>>>> if (!my_auth_script()) {
>>>>> 	www_challenge("$td", "1");
>>>>> }
>>>>>
>>>>> The main problem is - how can I grab or compare users password? I know
>>>>> nonce, which I understand is MD5 salt. Can I, for example, grab users
>>>>> password from API, then grab the MD5 string and the nonce user sent me,
>>>>> calculate MD5 on base of API password and nonce - and then compare MD5
>>>>> strings sent by user and calculated?
>>>>>
>>>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20151113/302ed6a9/attachment.html>