Thanks Rendy, but they're hashed differently, so I can't return the hash from the database, as it wouldn't match with the hash generated by Freeswitch.<div><br></div><div>It really looks like I need to get Freeswitch to send the original password string to the cgi/application.</div>
<div><br clear="all">Cheers,<br>Fraser<br><br><br>
<br><br><div class="gmail_quote">On 29 November 2011 19:26, Rendy <span dir="ltr"><<a href="mailto:rendyfrx@gmail.com">rendyfrx@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Hi Fraser,<br>
What I mean is like this, when user trying to authenticate says via<br>
your application, can you hashed the password in the same manner<br>
before sending to Freeswitch (says MD5)? If yes, then in your php, you<br>
should return the XML with hashed user password that you retrieve from<br>
DB and let Freeswitch compare for you. You do not need to compare<br>
yourself.<br>
<br>
Hope I understand your problem correctly and this can solved it :)<br>
<br>
<br>
On Wed, Nov 30, 2011 at 12:19 AM, Fraser Redmond<br>
<div class="HOEnZb"><div class="h5"><<a href="mailto:fraserredmond@gmail.com">fraserredmond@gmail.com</a>> wrote:<br>
> Thanks Randy... but I think either I don't understand you, or you don't<br>
> understand me...<br>
><br>
> The password stored in the database has been hashed using mysql's ENCRYPT<br>
> function with a seed (because it's not good security policy to store a<br>
> password in any recoverable format.)<br>
><br>
> I think you're saying that the nonce is also a hashed version of the<br>
> password that also can't be reverted back to the original password - is that<br>
> right?<br>
><br>
> Which means that I now have two hashes which have been generated using<br>
> different methods, so there's no way to compare them - cant compare within<br>
> the cgi, and can't send the Freeswitch format back for Freeswitch to<br>
> compare.<br>
><br>
> If that's the case (and I'd still like to be clear on that), is it possible<br>
> to pass through the password in addition? (I'll be using https, so sending<br>
> without hashing is ok.)<br>
><br>
> Cheers,<br>
> Fraser<br>
><br>
><br>
><br>
><br>
><br>
> On 28 November 2011 23:59, Rendy <<a href="mailto:rendyfrx@gmail.com">rendyfrx@gmail.com</a>> wrote:<br>
>><br>
>> Hi,<br>
>> Why don't you let your user authenticate using hashed password then in<br>
>> php you return the user xml with the hashed password that is stored.<br>
>> In that way, you will not have any issue. I don't think you can<br>
>> rebuild the original password as what hash function is meant to be one<br>
>> way only.<br>
>><br>
>><br>
>> On Tue, Nov 29, 2011 at 11:45 AM, Fraser Redmond<br>
>> <<a href="mailto:fraserredmond@gmail.com">fraserredmond@gmail.com</a>> wrote:<br>
>> > I am setting up a connection to a database of users, whose passwords<br>
>> > have<br>
>> > been saved as a one-way hash.<br>
>> > That means that my xml_curl php/sql will need to perform the<br>
>> > authentication,<br>
>> > and return a user without any password.<br>
>> > (According to Anthony, back in<br>
>> ><br>
>> > 2008: <a href="http://lists.freeswitch.org/pipermail/freeswitch-users/2008-February/029882.html" target="_blank">http://lists.freeswitch.org/pipermail/freeswitch-users/2008-February/029882.html</a> )<br>
>> > Only thing is I can't find any mention anywhere of how to re-generate<br>
>> > the<br>
>> > user's password from the sip_auth variables in order to run it through<br>
>> > my<br>
>> > one-way hash for comparison to the database.<br>
>> > It's got to be something to do with these:<br>
>> > sip_auth_nonce = 4d95dd9f-2247-474a-8496-aa7c08700fe7<br>
>> > sip_auth_cnonce = a088c6b6ba18d1387a45998b6bfa842d<br>
>> > sip_auth_nc = 0000000a<br>
>> > sip_auth_response = 9edefab216a46ed75f1ed1297dd9c9d3<br>
>> > Any ideas how to rebuild the original user's password?<br>
>> > Or is there a way to send the password through as part of the post?<br>
>> > (maybe<br>
>> > using enable-post-var)<br>
>> > Cheers,<br>
>> > Fraser<br>
>> ><br>
><br>
><br>
</div></div><div class="HOEnZb"><div class="h5">> _________________________________________________________________________<br>
> Professional FreeSWITCH Consulting Services:<br>
> <a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
> <a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
><br>
> FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
> <a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
><br>
> Official FreeSWITCH Sites<br>
> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
> <a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
> <a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
><br>
> FreeSWITCH-users mailing list<br>
> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
><br>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
</div></div></blockquote></div><br></div>