What if I don't need a plaintext password on Kamailio? I mean, I don't want to user pv_www_authenticate or other auth functions again - I need to fully control AUTH on API. Is it ok to just send 200 OK to client if API tells me that password is ok?
2015-11-13 16:39 GMT+02:00 Sebastian Damm <d...@sipgate.de>: > Hello, > > it't been a while since I worked with external scripts, but you can exec > external scripts. See: > http://www.kamailio.net/docs/modules/4.3.x/modules/exec.html > > The documentation says, you can access header fields of the packet via > environment variables. So you can get the WWW-Authorize header into your > script, extract the needed fields and send them to the API. The API then > should be able to calculate the response again according to the Digest > Authentication rules with the supplied information and the plain password. > > Best Regards, > Sebastian > > > > On Fri, Nov 13, 2015 at 3:13 PM, Alexandru Covalschi <568...@gmail.com> > wrote: > >> simple send_reply("200", "OK");, sorry >> >> 2015-11-13 16:02 GMT+02:00 Alexandru Covalschi <568...@gmail.com>: >> >>> Thanks for your reply! But the problem is - I need to provide to API >>> user's login and password. Kamailio doesn't know them. So my idea was to >>> transmit to API the salt and encrypted password. Would that work? I see it >>> that way >>> 1. User sends register request. >>> 2. Kamailio sends to API salt and ecnr.passwd >>> 3. API recalculates MD5 on its side and compares with encr.passwd >>> 4. Sends OK if it's ok, huh >>> 5. I receive OK from API and send simple 200 OK to user >>> >>> Do you see any logical mistakes here? Do I need some speacial 200 OK to >>> approve registration, or simple send_reply("401", "OK"); is enough? >>> >>> >>> 2015-11-13 15:21 GMT+02:00 Sebastian Damm <d...@sipgate.de>: >>> >>>> Hello, >>>> >>>> if your script can return the password for the user to Kamailio, you >>>> could use the pv_*_authenticate functions. You can pass the password to >>>> check against to these functions in a pseudo variable. >>>> >>>> >>>> http://www.kamailio.net/docs/modules/4.3.x/modules/auth.html#auth.f.pv_www_authenticate >>>> >>>> Best Regards, >>>> Sebastian >>>> >>>> On Fri, Nov 13, 2015 at 2:14 PM, Alexandru Covalschi <568...@gmail.com> >>>> wrote: >>>> >>>>> UPD: If upper method is possible - I assume I can check if message has >>>>> Auth header using >>>>> >>>>> if (has_credentials("myrealm")) { >>>>> ... >>>>> } >>>>> Can you please specify how to grab it? >>>>> >>>>> >>>>> 2015-11-13 15:08 GMT+02:00 Alexandru Covalschi <568...@gmail.com>: >>>>> >>>>>> Hello! >>>>>> My problem is I need to do users authentication through API. So I >>>>>> need to replace >>>>>> >>>>>> if (!www_authenticate("$td", "subscriber")) { >>>>>> www_challenge("$td", "1"); >>>>>> } >>>>>> >>>>>> With >>>>>> >>>>>> if (!my_auth_script()) { >>>>>> www_challenge("$td", "1"); >>>>>> } >>>>>> >>>>>> The main problem is - how can I grab or compare users password? I >>>>>> know nonce, which I understand is MD5 salt. Can I, for example, grab >>>>>> users >>>>>> password from API, then grab the MD5 string and the nonce user sent me, >>>>>> calculate MD5 on base of API password and nonce - and then compare MD5 >>>>>> strings sent by user and calculated? >>>>>> >>>>>> > > _______________________________________________ > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list > sr-users@lists.sip-router.org > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users > > -- Alexandru Covalschi ABRISS-Solutions VoIP engineer and system administrator phone: +37367398493 web: http://abs-telecom.com/
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
