Opensips Registering non-existing users

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Opensips Registering non-existing users

mani sivaraman
I'm new to opensips. I installed opensips1.5.1 with mysql db support. I created 4 users in db using 'opensipsctl add' command. I'm able to register these 4 users if I login. The problem is opensips blindly register any username I try to register with. Like any arbitary name like 578. How can I stop opensips from doing this. I want opensips to Register only the user available on the subscriber mysql db

Thank you


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Opensips Registering non-existing users

Saúl Ibarra Corretgé-2
Take a look at the register handling section. You need to challenge
the REGISTER requests por auth (see www_authorize and www_challenge) I
believe they where commented out in the example config file...


On Mon, Jun 8, 2009 at 6:53 PM, mani sivaraman<[hidden email]> wrote:

> I'm new to opensips. I installed opensips1.5.1 with mysql db support. I
> created 4 users in db using 'opensipsctl add' command. I'm able to register
> these 4 users if I login. The problem is opensips blindly register any
> username I try to register with. Like any arbitary name like 578. How can I
> stop opensips from doing this. I want opensips to Register only the user
> available on the subscriber mysql db
>
> Thank you
>
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>



--
Saúl -- "Nunca subestimes el ancho de banda de un camión lleno de disketes."
----------------------------------------------------------------
http://www.saghul.net/

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Opensips Registering non-existing users

Saúl Ibarra Corretgé-2
Which domain did you specify in the opensipsctlrc file? How did you
create your user?


On Mon, Jun 8, 2009 at 9:02 PM, mani sivaraman<[hidden email]> wrote:

> Thanks for your reply. If I enable auth in .cfg file, then the auth is
> failing. I did enable the debug console and see the following
>
> Jun  8 13:49:05 [8825] DBG:auth_db:get_ha1: HA1 string calculated:
> 0cd7b4b92de4755f56180d996683482c
> Jun  8 13:49:05 [8825] DBG:auth:check_response: our result =
> '97ae96a51362ec6393e8d7fe89b71a24'
> Jun  8 13:49:05 [8825] DBG:auth:check_response: authorization failed
>
> I'm pretty sure I have the correct username , password and domain set up in
> the mysql db (opensips.subscriber table). I even created brand new user name
> with correct password and tried. Still I get the auth failed. Attached is
> the debug console output. YOur help is really appreciated.
>
> Any clue.
>
> On Mon, Jun 8, 2009 at 12:36 PM, Saúl Ibarra <[hidden email]> wrote:
>>
>> Take a look at the register handling section. You need to challenge
>> the REGISTER requests por auth (see www_authorize and www_challenge) I
>> believe they where commented out in the example config file...
>>
>>
>> On Mon, Jun 8, 2009 at 6:53 PM, mani sivaraman<[hidden email]>
>> wrote:
>> > I'm new to opensips. I installed opensips1.5.1 with mysql db support. I
>> > created 4 users in db using 'opensipsctl add' command. I'm able to
>> > register
>> > these 4 users if I login. The problem is opensips blindly register any
>> > username I try to register with. Like any arbitary name like 578. How
>> > can I
>> > stop opensips from doing this. I want opensips to Register only the user
>> > available on the subscriber mysql db
>> >
>> > Thank you
>> >
>> >
>> > _______________________________________________
>> > Users mailing list
>> > [hidden email]
>> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>> >
>> >
>>
>>
>>
>> --
>> Saúl -- "Nunca subestimes el ancho de banda de un camión lleno de
>> disketes."
>> ----------------------------------------------------------------
>> http://www.saghul.net/
>>
>> _______________________________________________
>> Users mailing list
>> [hidden email]
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>



--
Saúl -- "Nunca subestimes el ancho de banda de un camión lleno de disketes."
----------------------------------------------------------------
http://www.saghul.net/

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Opensips Registering non-existing users

Saúl Ibarra Corretgé-2
On Mon, Jun 8, 2009 at 10:07 PM, mani sivaraman<[hidden email]> wrote:
> I'm able to login with out any problem if I
> modparam("auth_db", "calculate_ha1", no)
>

That's because you already store hashed passwords.

> The default one has 'yes' instead of no. Since I saw the ha1 does not match
> in the console output I edited this and started working. Now it is not
> Registering any other user other than the one available in the subscriber
> table.
>

That's right, the only ones that are able to register are the subscribers.

> What implication will I have now. I guess the auth is not very secure now.
> But still it authenticates if I enter wrong password.
>

What piece of code are you using to manage registrations?



--
Saúl -- "Nunca subestimes el ancho de banda de un camión lleno de disketes."
----------------------------------------------------------------
http://www.saghul.net/

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Opensips Registering non-existing users

Saúl Ibarra Corretgé-2
It would be handy if you could paste the opensips.cfg configuration
file section where you handle register requests.


On Mon, Jun 8, 2009 at 11:35 PM, mani sivaraman<[hidden email]> wrote:
> What piece of code are you using to manage registrations?
> I'm using the db_mysql.so module to mysql based user auth. I have enabled
> Register Auth, with out ha1 calculation. Not sure If I answered it right.
> Are use asking what piece of code is opensips to do registration. If that's
> the question I really don't know much abt the source code. I'm using
> opensips to develop only ims client.




--
Saúl -- "Nunca subestimes el ancho de banda de un camión lleno de disketes."
----------------------------------------------------------------
http://www.saghul.net/

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Opensips Registering non-existing users

Saúl Ibarra Corretgé-2
[snip]

>        if (is_method("REGISTER"))
>        {
>                # authenticate the REGISTER requests (uncomment to enable auth)
>                if (!www_authorize("", "subscriber"))
>                {
>                        www_challenge("", "0");
>                        exit;
>                }
>
>                if (!check_to())
>                {
>                        sl_send_reply("403","Forbidden auth ID");
>                        exit;
>                }
>
>                if (!save("location"))
>                        sl_reply_error();
>
>                exit;
>        }
>

It looks good to me... try to put some xlogs aorund this section so
you can track the error...

BTW, have you restarted OpenSIPS?



--
Saúl -- "Nunca subestimes el ancho de banda de un camión lleno de disketes."
----------------------------------------------------------------
http://www.saghul.net/

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Opensips Registering non-existing users

Saúl Ibarra Corretgé-2
Happy to help :)


PD: Please, reply to the mailing list instead...


--
Saúl -- "Nunca subestimes el ancho de banda de un camión lleno de disketes."
----------------------------------------------------------------
http://www.saghul.net/

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users