Re: [OpenSIPS-Users] OpenSIPS CP 9.3.2 password mode ha1_sha256 for adding new user

2022-09-15 Thread Bogdan-Andrei Iancu 

Hi Bela,

I just did a backport from master to 9.3.2 for the SHA support, see
https://github.com/OpenSIPS/opensips-cp/commit/de1e45838eacc8272357f0fb9f8758deaee3

Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
  https://www.opensips.org/events/Summit-2022Athens/

On 8/9/22 12:37 PM, Bogdan-Andrei Iancu wrote:

Hi Bela,

The OCP does not support ha1_sha256 AFAIK. Consider opening a feature 
request here https://github.com/OpenSIPS/opensips-cp/issues


Regards,
Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
   https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
   https://www.opensips.org/events/Summit-2022Athens/
On 6/29/22 9:10 AM, Bela H wrote:


Hi all,

Is there any way to add new subscriber from OpenSIPS CP 9.3.2 using 
password mode ha1_sha256?


The ha1 (MD5(username:realm:password)) works fine but I had no luck 
with the value generation for the ha1_sha256 field in “subscriber” 
table.


I have this setting:

modparam("auth_db", "calculate_ha1", 0)

modparam("auth_db", "password_column", "ha1_sha256")

Thanks!

Bela


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] OpenSIPS CP 9.3.2 password mode ha1_sha256 for adding new user

2022-09-15 Thread Bogdan-Andrei Iancu 

Hi,

Some more info on this: the challenge function allows you to specify a 
list of algorithms, not only one, so you can try "MD5,SHA-256" -> this 
will allow the client to pick the one it supports.


But in order to have this multi-algs working, be sure you do NOT set the 
"password_column" modparam (as the module will auto-detect witch column 
to use, depending on the alg). Just keep the calculate_ha1 to 0.


Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
  https://www.opensips.org/events/Summit-2022Athens/

On 9/15/22 10:56 AM, jacky z wrote:

Correction on my comments. It is a client side issue. Thank you!

On Thu, Sep 15, 2022 at 3:40 PM jacky z > wrote:


After checking the log in the client side, here are some
interesting findings:

Here is the what the client side received:

WWW-Authenticate: Digest realm="sip.domain.com
",
nonce="3mKlesEwotxnM5nLMMLgQA63E6VTKsTFpEkK7OkoE4QA",
qop="auth,auth-int", algorithm=SHA-256

Then the client side logs show:

15:25:51.858       ...Unsupported digest algorithm "SHA-256"
15:25:51.859      SIP registration error: Invalid/unsupported
digest algorithm

Firstly, if the server side did not include SHA-256 in the SIP
message, there would be no such issue. I don't understand why it
needs to inform the client side "SHA-256". Secondly, if the client
side just simply ignored "SHA-256", there would be no such issue.
However, the client side treated it as not supported.

On Thu, Sep 15, 2022 at 3:16 PM jacky z mailto:zjack0...@gmail.com>> wrote:

Hi Bogdan-Andrei,

I tried either specifying it or not. Neither worked. Here is
the script when I tried:

www_challenge("","auth,auth-int","SHA-256");

I also tried specifying the realm in the above code. When the
above is used, there is no such error, but always returns 401.
I checked the column ha1_sha256 and the hash of the password
is correct.

Thanks!

On Thu, Sep 15, 2022 at 2:07 PM Bogdan-Andrei Iancu
mailto:bog...@opensips.org>> wrote:

Hi,

In your opensips.cfg, when doing auth challenge to the end
points, do you specify the SHA256 alg?


https://opensips.org/html/docs/modules/3.2.x/auth.html#func_www_challenge



Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
   https://www.opensips-solutions.com  

OpenSIPS Summit 27-30 Sept 2022, Athens
   https://www.opensips.org/events/Summit-2022Athens/  


On 9/15/22 7:18 AM, jacky z wrote:

Hi Team,

Does ha1_sha256 work in general opensips config settings?
I have the following in the scripts:

modparam("auth_db", "calculate_ha1", 0)

modparam("auth_db", "password_column", "ha1_sha256")


but got the following error in the log:


/usr/sbin/opensips[28261]: ERROR:auth:auth_calc_HA1:
Incorrect length of pre-hashed credentials for the
algorithm "MD5": 32 expected, 64 provided


It seems though the sha256 was specified, but the server
still calculated MD5 and compared with the database
column ha1_sha256.


On Tue, Aug 9, 2022 at 5:39 PM Bogdan-Andrei Iancu
mailto:bog...@opensips.org>> wrote:

Hi Bela,

The OCP does not support ha1_sha256 AFAIK. Consider
opening a feature request here
https://github.com/OpenSIPS/opensips-cp/issues


Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
   https://www.opensips-solutions.com  

OpenSIPS Summit 27-30 Sept 2022, Athens
   https://www.opensips.org/events/Summit-2022Athens/  


On 6/29/22 9:10 AM, Bela H wrote:


Hi all,

Is there any way to add new subscriber from OpenSIPS
CP 9.3.2 using password mode ha1_sha256?

The ha1 (MD5(username:realm:password)) works fine
but I had no luck with the value generation for the
ha1_sha256 field in “subscriber” table.

I have this setting:

modparam("auth_db", "calculate_ha1", 0)

modparam("auth_db", "password_column", "ha1_sha256")

Re: [OpenSIPS-Users] OpenSIPS CP 9.3.2 password mode ha1_sha256 for adding new user

2022-09-15 Thread jacky z 
Correction on my comments. It is a client side issue. Thank you!

On Thu, Sep 15, 2022 at 3:40 PM jacky z  wrote:

> After checking the log in the client side, here are some interesting
> findings:
>
> Here is the what the client side received:
>
> WWW-Authenticate: Digest realm="sip.domain.com",
> nonce="3mKlesEwotxnM5nLMMLgQA63E6VTKsTFpEkK7OkoE4QA", qop="auth,auth-int",
> algorithm=SHA-256
>
> Then the client side logs show:
>
> 15:25:51.858   ...Unsupported digest algorithm "SHA-256"
> 15:25:51.859  SIP registration error: Invalid/unsupported digest
> algorithm
>
> Firstly, if the server side did not include SHA-256 in the SIP message,
> there would be no such issue. I don't understand why it needs to inform the
> client side "SHA-256". Secondly, if the client side just simply ignored
> "SHA-256", there would be no such issue. However, the client side treated
> it as not supported.
>
> On Thu, Sep 15, 2022 at 3:16 PM jacky z  wrote:
>
>> Hi Bogdan-Andrei,
>>
>> I tried either specifying it or not. Neither worked. Here is the script
>> when I tried:
>>
>> www_challenge("","auth,auth-int","SHA-256");
>>
>> I also tried specifying the realm in the above code. When the above is
>> used, there is no such error, but always returns 401. I checked the column
>> ha1_sha256 and the hash of the password is correct.
>>
>> Thanks!
>>
>> On Thu, Sep 15, 2022 at 2:07 PM Bogdan-Andrei Iancu 
>> wrote:
>>
>>> Hi,
>>>
>>> In your opensips.cfg, when doing auth challenge to the end points, do
>>> you specify the SHA256 alg?
>>>
>>> https://opensips.org/html/docs/modules/3.2.x/auth.html#func_www_challenge
>>>
>>> Regards,
>>>
>>> Bogdan-Andrei Iancu
>>>
>>> OpenSIPS Founder and Developer
>>>   https://www.opensips-solutions.com
>>> OpenSIPS Summit 27-30 Sept 2022, Athens
>>>   https://www.opensips.org/events/Summit-2022Athens/
>>>
>>> On 9/15/22 7:18 AM, jacky z wrote:
>>>
>>> Hi Team,
>>>
>>> Does ha1_sha256 work in general opensips config settings? I have the
>>> following in the scripts:
>>>
>>> modparam("auth_db", "calculate_ha1", 0)
>>>
>>> modparam("auth_db", "password_column", "ha1_sha256")
>>>
>>>
>>> but got the following error in the log:
>>>
>>>
>>> /usr/sbin/opensips[28261]: ERROR:auth:auth_calc_HA1: Incorrect length of
>>> pre-hashed credentials for the algorithm "MD5": 32 expected, 64 provided
>>>
>>>
>>> It seems though the sha256 was specified, but the server still
>>> calculated MD5 and compared with the database column ha1_sha256.
>>>
>>> On Tue, Aug 9, 2022 at 5:39 PM Bogdan-Andrei Iancu 
>>> wrote:
>>>
 Hi Bela,

 The OCP does not support ha1_sha256 AFAIK. Consider opening a feature
 request here https://github.com/OpenSIPS/opensips-cp/issues

 Regards,

 Bogdan-Andrei Iancu

 OpenSIPS Founder and Developer
   https://www.opensips-solutions.com
 OpenSIPS Summit 27-30 Sept 2022, Athens
   https://www.opensips.org/events/Summit-2022Athens/

 On 6/29/22 9:10 AM, Bela H wrote:

 Hi all,



 Is there any way to add new subscriber from OpenSIPS CP 9.3.2 using
 password mode ha1_sha256?

 The ha1 (MD5(username:realm:password)) works fine but I had no luck
 with the value generation for the ha1_sha256 field in “subscriber” table.



 I have this setting:

 modparam("auth_db", "calculate_ha1", 0)

 modparam("auth_db", "password_column", "ha1_sha256")



 Thanks!

 Bela




>>>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] OpenSIPS CP 9.3.2 password mode ha1_sha256 for adding new user

2022-09-15 Thread jacky z 
After checking the log in the client side, here are some interesting
findings:

Here is the what the client side received:

WWW-Authenticate: Digest realm="sip.domain.com",
nonce="3mKlesEwotxnM5nLMMLgQA63E6VTKsTFpEkK7OkoE4QA", qop="auth,auth-int",
algorithm=SHA-256

Then the client side logs show:

15:25:51.858   ...Unsupported digest algorithm "SHA-256"
15:25:51.859  SIP registration error: Invalid/unsupported digest
algorithm

Firstly, if the server side did not include SHA-256 in the SIP message,
there would be no such issue. I don't understand why it needs to inform the
client side "SHA-256". Secondly, if the client side just simply ignored
"SHA-256", there would be no such issue. However, the client side treated
it as not supported.

On Thu, Sep 15, 2022 at 3:16 PM jacky z  wrote:

> Hi Bogdan-Andrei,
>
> I tried either specifying it or not. Neither worked. Here is the script
> when I tried:
>
> www_challenge("","auth,auth-int","SHA-256");
>
> I also tried specifying the realm in the above code. When the above is
> used, there is no such error, but always returns 401. I checked the column
> ha1_sha256 and the hash of the password is correct.
>
> Thanks!
>
> On Thu, Sep 15, 2022 at 2:07 PM Bogdan-Andrei Iancu 
> wrote:
>
>> Hi,
>>
>> In your opensips.cfg, when doing auth challenge to the end points, do you
>> specify the SHA256 alg?
>>
>> https://opensips.org/html/docs/modules/3.2.x/auth.html#func_www_challenge
>>
>> Regards,
>>
>> Bogdan-Andrei Iancu
>>
>> OpenSIPS Founder and Developer
>>   https://www.opensips-solutions.com
>> OpenSIPS Summit 27-30 Sept 2022, Athens
>>   https://www.opensips.org/events/Summit-2022Athens/
>>
>> On 9/15/22 7:18 AM, jacky z wrote:
>>
>> Hi Team,
>>
>> Does ha1_sha256 work in general opensips config settings? I have the
>> following in the scripts:
>>
>> modparam("auth_db", "calculate_ha1", 0)
>>
>> modparam("auth_db", "password_column", "ha1_sha256")
>>
>>
>> but got the following error in the log:
>>
>>
>> /usr/sbin/opensips[28261]: ERROR:auth:auth_calc_HA1: Incorrect length of
>> pre-hashed credentials for the algorithm "MD5": 32 expected, 64 provided
>>
>>
>> It seems though the sha256 was specified, but the server still calculated
>> MD5 and compared with the database column ha1_sha256.
>>
>> On Tue, Aug 9, 2022 at 5:39 PM Bogdan-Andrei Iancu 
>> wrote:
>>
>>> Hi Bela,
>>>
>>> The OCP does not support ha1_sha256 AFAIK. Consider opening a feature
>>> request here https://github.com/OpenSIPS/opensips-cp/issues
>>>
>>> Regards,
>>>
>>> Bogdan-Andrei Iancu
>>>
>>> OpenSIPS Founder and Developer
>>>   https://www.opensips-solutions.com
>>> OpenSIPS Summit 27-30 Sept 2022, Athens
>>>   https://www.opensips.org/events/Summit-2022Athens/
>>>
>>> On 6/29/22 9:10 AM, Bela H wrote:
>>>
>>> Hi all,
>>>
>>>
>>>
>>> Is there any way to add new subscriber from OpenSIPS CP 9.3.2 using
>>> password mode ha1_sha256?
>>>
>>> The ha1 (MD5(username:realm:password)) works fine but I had no luck
>>> with the value generation for the ha1_sha256 field in “subscriber” table.
>>>
>>>
>>>
>>> I have this setting:
>>>
>>> modparam("auth_db", "calculate_ha1", 0)
>>>
>>> modparam("auth_db", "password_column", "ha1_sha256")
>>>
>>>
>>>
>>> Thanks!
>>>
>>> Bela
>>>
>>>
>>>
>>>
>>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] OpenSIPS CP 9.3.2 password mode ha1_sha256 for adding new user

2022-09-15 Thread jacky z 
Hi Bogdan-Andrei,

I tried either specifying it or not. Neither worked. Here is the script
when I tried:

www_challenge("","auth,auth-int","SHA-256");

I also tried specifying the realm in the above code. When the above is
used, there is no such error, but always returns 401. I checked the column
ha1_sha256 and the hash of the password is correct.

Thanks!

On Thu, Sep 15, 2022 at 2:07 PM Bogdan-Andrei Iancu 
wrote:

> Hi,
>
> In your opensips.cfg, when doing auth challenge to the end points, do you
> specify the SHA256 alg?
>
> https://opensips.org/html/docs/modules/3.2.x/auth.html#func_www_challenge
>
> Regards,
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
>   https://www.opensips-solutions.com
> OpenSIPS Summit 27-30 Sept 2022, Athens
>   https://www.opensips.org/events/Summit-2022Athens/
>
> On 9/15/22 7:18 AM, jacky z wrote:
>
> Hi Team,
>
> Does ha1_sha256 work in general opensips config settings? I have the
> following in the scripts:
>
> modparam("auth_db", "calculate_ha1", 0)
>
> modparam("auth_db", "password_column", "ha1_sha256")
>
>
> but got the following error in the log:
>
>
> /usr/sbin/opensips[28261]: ERROR:auth:auth_calc_HA1: Incorrect length of
> pre-hashed credentials for the algorithm "MD5": 32 expected, 64 provided
>
>
> It seems though the sha256 was specified, but the server still calculated
> MD5 and compared with the database column ha1_sha256.
>
> On Tue, Aug 9, 2022 at 5:39 PM Bogdan-Andrei Iancu 
> wrote:
>
>> Hi Bela,
>>
>> The OCP does not support ha1_sha256 AFAIK. Consider opening a feature
>> request here https://github.com/OpenSIPS/opensips-cp/issues
>>
>> Regards,
>>
>> Bogdan-Andrei Iancu
>>
>> OpenSIPS Founder and Developer
>>   https://www.opensips-solutions.com
>> OpenSIPS Summit 27-30 Sept 2022, Athens
>>   https://www.opensips.org/events/Summit-2022Athens/
>>
>> On 6/29/22 9:10 AM, Bela H wrote:
>>
>> Hi all,
>>
>>
>>
>> Is there any way to add new subscriber from OpenSIPS CP 9.3.2 using
>> password mode ha1_sha256?
>>
>> The ha1 (MD5(username:realm:password)) works fine but I had no luck with
>> the value generation for the ha1_sha256 field in “subscriber” table.
>>
>>
>>
>> I have this setting:
>>
>> modparam("auth_db", "calculate_ha1", 0)
>>
>> modparam("auth_db", "password_column", "ha1_sha256")
>>
>>
>>
>> Thanks!
>>
>> Bela
>>
>>
>>
>>
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] OpenSIPS CP 9.3.2 password mode ha1_sha256 for adding new user

2022-09-15 Thread Bogdan-Andrei Iancu 

Hi,

In your opensips.cfg, when doing auth challenge to the end points, do 
you specify the SHA256 alg?


https://opensips.org/html/docs/modules/3.2.x/auth.html#func_www_challenge

Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
  https://www.opensips.org/events/Summit-2022Athens/

On 9/15/22 7:18 AM, jacky z wrote:

Hi Team,

Does ha1_sha256 work in general opensips config settings? I have the 
following in the scripts:


modparam("auth_db", "calculate_ha1", 0)

modparam("auth_db", "password_column", "ha1_sha256")


but got the following error in the log:


/usr/sbin/opensips[28261]: ERROR:auth:auth_calc_HA1: Incorrect length 
of pre-hashed credentials for the algorithm "MD5": 32 expected, 64 
provided



It seems though the sha256 was specified, but the server still 
calculated MD5 and compared with the database column ha1_sha256.



On Tue, Aug 9, 2022 at 5:39 PM Bogdan-Andrei Iancu 
mailto:bog...@opensips.org>> wrote:


Hi Bela,

The OCP does not support ha1_sha256 AFAIK. Consider opening a
feature request here
https://github.com/OpenSIPS/opensips-cp/issues


Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
   https://www.opensips-solutions.com  
OpenSIPS Summit 27-30 Sept 2022, Athens
   https://www.opensips.org/events/Summit-2022Athens/  


On 6/29/22 9:10 AM, Bela H wrote:


Hi all,

Is there any way to add new subscriber from OpenSIPS CP 9.3.2
using password mode ha1_sha256?

The ha1 (MD5(username:realm:password)) works fine but I had no
luck with the value generation for the ha1_sha256 field in
“subscriber” table.

I have this setting:

modparam("auth_db", "calculate_ha1", 0)

modparam("auth_db", "password_column", "ha1_sha256")

Thanks!

Bela




___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] OpenSIPS CP 9.3.2 password mode ha1_sha256 for adding new user

2022-09-14 Thread jacky z 
Hi Team,

Does ha1_sha256 work in general opensips config settings? I have the
following in the scripts:

modparam("auth_db", "calculate_ha1", 0)

modparam("auth_db", "password_column", "ha1_sha256")


but got the following error in the log:


/usr/sbin/opensips[28261]: ERROR:auth:auth_calc_HA1: Incorrect length of
pre-hashed credentials for the algorithm "MD5": 32 expected, 64 provided


It seems though the sha256 was specified, but the server still calculated
MD5 and compared with the database column ha1_sha256.

On Tue, Aug 9, 2022 at 5:39 PM Bogdan-Andrei Iancu 
wrote:

> Hi Bela,
>
> The OCP does not support ha1_sha256 AFAIK. Consider opening a feature
> request here https://github.com/OpenSIPS/opensips-cp/issues
>
> Regards,
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
>   https://www.opensips-solutions.com
> OpenSIPS Summit 27-30 Sept 2022, Athens
>   https://www.opensips.org/events/Summit-2022Athens/
>
> On 6/29/22 9:10 AM, Bela H wrote:
>
> Hi all,
>
>
>
> Is there any way to add new subscriber from OpenSIPS CP 9.3.2 using
> password mode ha1_sha256?
>
> The ha1 (MD5(username:realm:password)) works fine but I had no luck with
> the value generation for the ha1_sha256 field in “subscriber” table.
>
>
>
> I have this setting:
>
> modparam("auth_db", "calculate_ha1", 0)
>
> modparam("auth_db", "password_column", "ha1_sha256")
>
>
>
> Thanks!
>
> Bela
>
>
>
>
>
>
>
> ___
> Users mailing 
> listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] OpenSIPS CP 9.3.2 password mode ha1_sha256 for adding new user

2022-08-09 Thread Bogdan-Andrei Iancu 

Hi Bela,

The OCP does not support ha1_sha256 AFAIK. Consider opening a feature 
request here https://github.com/OpenSIPS/opensips-cp/issues


Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
  https://www.opensips.org/events/Summit-2022Athens/

On 6/29/22 9:10 AM, Bela H wrote:


Hi all,

Is there any way to add new subscriber from OpenSIPS CP 9.3.2 using 
password mode ha1_sha256?


The ha1 (MD5(username:realm:password)) works fine but I had no luck 
with the value generation for the ha1_sha256 field in “subscriber” table.


I have this setting:

modparam("auth_db", "calculate_ha1", 0)

modparam("auth_db", "password_column", "ha1_sha256")

Thanks!

Bela


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] OpenSIPS CP 9.3.2 password mode ha1_sha256 for adding new user

2022-06-29 Thread Bela H 
Hi all,

Is there any way to add new subscriber from OpenSIPS CP 9.3.2 using password 
mode ha1_sha256?
The ha1 (MD5(username:realm:password)) works fine but I had no luck with the 
value generation for the ha1_sha256 field in “subscriber” table.

I have this setting:
modparam("auth_db", "calculate_ha1", 0)
modparam("auth_db", "password_column", "ha1_sha256")

Thanks!
Bela



___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users