Auth SIP manual
How to md5 auth SIP client manually if you have access to DB with passwords:
in short words:
# How to calculate manual response to send into Authorization header
# HA1=MD5(username:realm:password)
# HA2=MD5(method:digestURI)
# response=MD5(HA1:nonce:HA2)
route[auth] {
if (!is_present_hf("Authorization")) return;
# < converts string with ',' to string with ';'
$var(raw_auth) = $hdr(Authorization);
$var(reg_input)=$var(raw_auth);
xlog("$var(reg_input) [$ci]");
$var(reg) = "/,/;/g";
$var(auth) = $(var(reg_input){re.subst,$var(reg)});
$var(reg) = "/Digest //g";
$var(auth) = $(var(auth){re.subst,$var(reg)});
xlog("$var(auth) [$ci]");
# >
$var(cl_user) = $(var(auth){param.value,username});
$var(cl_realm) = $(var(auth){param.value,realm});
$var(cl_uri) = $(var(auth){param.value,uri});
$var(cl_nonce) = $(var(auth){param.value,nonce});
$var(cl_response) = $(var(auth){param.value,response});
#ask asterisk DB for secret
avp_db_query("SELECT secret FROM ars_sip WHERE username='$fU'",
"$avp(secret)",1);
if ($avp(secret) == NULL)
exit;
# xlog("CL_CREDENTIALS: $var(cl_user) , $var(cl_realm) , $avp(secret) [$ci]");
$var(ha1) = $var(cl_user) + ":"+$var(cl_realm)+":" + $avp(secret);
# xlog("CL_CREDENTIALS: REGISTER:$var(cl_uri) [$ci]");
$var(ha2) = "REGISTER:"+ $var(cl_uri) ;
$var(response) = $(var(ha1){s.md5}) + ":" + $var(cl_nonce)+ ":" + $(var(ha2){s.md5});
$var(response_md5) = $(var(response){s.md5});
xlog("my $var(response_md5) client response is $var(cl_response)");
if ($var(response_md5) != $var(cl_response))
exit;
##############
}
| Posted in opensips | No Comments »