Re: [SR-Users] Authentication Feature Question

2012-01-04 Thread Daniel-Constantin Mierla
Hello, you haven't run 'bt' command inside the gdb. Do that and send the output. Cheers, Daniel On 1/4/12 9:54 AM, Ali Jawad wrote: Hi Daniel Back-trace below, regards. [root@kam-rtp-100-51 kamailio]# gdb /usr/local/kamailio/sbin/kamailio /core.18024GNU gdb (GDB) Red Hat Enterprise Linux (7.0

Re: [SR-Users] Authentication Feature Question

2012-01-04 Thread Ali Jawad
Hi Daniel In this part of the debug log 7(19193) DEBUG: [db_val.c:117]: converting STRING [fce64fbb39941fd185732f778188870f] 7(19193) DEBUG: auth [api.c:210]: check_response: Our result = 'd9f9e5c049e04d827a04e46b25d43ec5' 7(19193) DEBUG: auth [api.c:220]: check_response: Authorization failed

Re: [SR-Users] Authentication Feature Question

2012-01-04 Thread Ali Jawad
Hi Daniel Back-trace below, regards. [root@kam-rtp-100-51 kamailio]# gdb /usr/local/kamailio/sbin/kamailio /core.18024GNU gdb (GDB) Red Hat Enterprise Linux (7.0.1-37.el5)Copyright (C) 2009 Free Software Foundation, Inc.License GPLv3+: GNU GPL version 3 or later T

Re: [SR-Users] Authentication Feature Question

2012-01-04 Thread Daniel-Constantin Mierla
Hello, can you get the backtrace? Locate the core file (perhaps in / directory if you don't use -w command line parameter) and do: gdb /path/to/kamailio /path/to/corefile bt Cheers, Daniel On 1/4/12 9:17 AM, Ali Jawad wrote: Hi When I did set modparam("auth_db", "calculate_ha1", 0 ) Kama

Re: [SR-Users] Authentication Feature Question

2012-01-04 Thread Ali Jawad
On a seperate note, am I correct to assume that in order to remove domain calculation from Kamailio I need to work around static inline int get_ha1(struct username* _username, str* _domain, ./authorize.c:const str* _table, char* _ha1, db1_res_t** res) in authorize.c ? Regards

Re: [SR-Users] Authentication Feature Question

2012-01-04 Thread Ali Jawad
Hi When I did set modparam("auth_db", "calculate_ha1", 0 ) Kamailio is crashing see http://pastebin.com/anaKan0Y Regards On Tue, Jan 3, 2012 at 11:54 PM, Ali Jawad wrote: > Hi > It fetches one value from the database to compare it against a second > value that has to be computed right, in the

Re: [SR-Users] Authentication Feature Question

2012-01-03 Thread Ali Jawad
Hi It fetches one value from the database to compare it against a second value that has to be computed right, in the computation of the second hash where is the domain part fetched from ? Regards On Wed, Jan 4, 2012 at 12:26 AM, Daniel-Constantin Mierla wrote: > Hello, > > > On 1/3/12 10:08 PM,

Re: [SR-Users] Authentication Feature Question

2012-01-03 Thread Daniel-Constantin Mierla
Hello, On 1/3/12 10:08 PM, Ali Jawad wrote: Hi In Xlite/eyebeam I put in the username and one of my 3 kamailio servers respectively as the sip registrar, I.e. register1.domain.com, register2.domain.com and register3.domain.com, that is why I was saying that hashing will create different hashes b

Re: [SR-Users] Authentication Feature Question

2012-01-03 Thread Ali Jawad
Hi In Xlite/eyebeam I put in the username and one of my 3 kamailio servers respectively as the sip registrar, I.e. register1.domain.com, register2.domain.com and register3.domain.com, that is why I was saying that hashing will create different hashes based on the register domain. With reference to

Re: [SR-Users] Authentication Feature Question

2012-01-03 Thread Daniel-Constantin Mierla
Hello, why are you using register.domain.com as domain for registration? Isn't domain.com the right one? Can you enable the sql query log for mysql server and double check if the right value (column) is selected from the database table? Cheers, Daniel On 1/3/12 5:13 PM, Ali Jawad wrote: H

Re: [SR-Users] Authentication Feature Question

2012-01-03 Thread Ali Jawad
Hi Please see the below, thanks ! interface: eth1 (xx.xx.xx.0/255.255.255.0) match: support1 U +6.698682 yy.yy.yy.146:18832 -> xx.xx.xx.51:5060 REGISTER sip:register.domain.com SIP/2.0. Via: SIP/2.0/UDP 192.168.0.191:18832;branch=z9hG4bK-d8754z-05164a466600837d-1---d8754z-;rport. Max-Forwards: 70

Re: [SR-Users] Authentication Feature Question

2012-01-03 Thread Daniel-Constantin Mierla
Hello, I need the entire flow for registration, including the 401 reply and the following REGISTER request. Cheers, Daniel On 1/3/12 5:02 PM, Ali Jawad wrote: Hi Please see the ngrep below, please note that if I use in the db register.domain.com and generate a hash against it for HA1 it work

Re: [SR-Users] Authentication Feature Question

2012-01-03 Thread Ali Jawad
Hi Please see the ngrep below, please note that if I use in the db register.domain.com and generate a hash against it for HA1 it works,but then the user cant logon to register2.domain.com U +10.630576 xx.yy.yy.yy:20020 -> xx.xx.xx.xx:5060 REGISTER sip:register.domain SIP/2.0. Via: SIP/2.0/UDP 192

Re: [SR-Users] Authentication Feature Question

2012-01-03 Thread Daniel-Constantin Mierla
Hello, On 1/3/12 4:48 PM, Ali Jawad wrote: Hi Daniel Please see 5(18649) DEBUG: [db_res.c:184]: allocate 8 bytes for rows at 0xb7b78d74 5(18649) DEBUG: [db_row.c:119]: allocate 20 bytes for row values at 0xb7b78dac 5(18649) DEBUG: [db_val.c:117]: converting STRING [6f966cd9c628f14cdc2

Re: [SR-Users] Authentication Feature Question

2012-01-03 Thread Ali Jawad
I.e. I get 5(18649) DEBUG: [db_val.c:117]: converting STRING [6f966cd9c628f14cdc20172f96a4d065] 5(18649) DEBUG: auth [api.c:210]: check_response: Our result = '6f95e6235edca0b7765042ef119fd83b' 5(18649) DEBUG: auth [api.c:220]: check_response: Authorization failed Before I get to the part bel

Re: [SR-Users] Authentication Feature Question

2012-01-03 Thread Ali Jawad
Hi Daniel Please see  5(18649) DEBUG: [db_res.c:184]: allocate 8 bytes for rows at 0xb7b78d74  5(18649) DEBUG: [db_row.c:119]: allocate 20 bytes for row values at 0xb7b78dac  5(18649) DEBUG: [db_val.c:117]: converting STRING [6f966cd9c628f14cdc20172f96a4d065]  5(18649) DEBUG: auth [api.c:210]:

Re: [SR-Users] Authentication Feature Question

2012-01-03 Thread Daniel-Constantin Mierla
Hello, On 1/3/12 4:12 PM, Ali Jawad wrote: Hi Daniel This certainly makes sense, I will try it in a few mins, but what I observed at Debug Level 3 is that Hash is calculated before www_authenticate is executed and it shows HA comparison failed, if I do use domain.com instead of $fd and use $doma

Re: [SR-Users] Authentication Feature Question

2012-01-03 Thread Ali Jawad
Hi Daniel This certainly makes sense, I will try it in a few mins, but what I observed at Debug Level 3 is that Hash is calculated before www_authenticate is executed and it shows HA comparison failed, if I do use domain.com instead of $fd and use $domain.com in db domain field and build HA1 filed

Re: [SR-Users] Authentication Feature Question

2012-01-03 Thread Daniel-Constantin Mierla
Hello, you can simply use 'domain.com' as realm parameter to authentication function instead of $fd. Also build ha1 and ha1b with domain.com and then you are safe no matter which sip server is used. Of course you can build the realm by striping first token before '.' in $fd and pass it to au

Re: [SR-Users] Authentication Feature Question

2012-01-03 Thread Ali Jawad
Hi After some research it seems to me that the only way to achieve this is to "try" and change how hashing is done in the source code, a little bit too ambitious for me, and it means I will have loads of problems each time an upgrade is released. Or Use pseudovariables to fix the value of the $fd