Hi Ramona.
Thanks for your help. I just put a snippet of my config file, in the original configuration I include the check for the “Authorization” header.
In a second view of my configuration file I spotted a problem (my mistake), I was missing the modparam which define the table “a”. So I added that and now I’m getting another problem :
The line “if($sht(a=>$au::auth_count) == 3)” is never checked because the auth_count is not being summed as a integer value. This is what I’m getting for the dump :
[root@ tmp]# kamctl fifo sht_dump a
Entry:: 108
5504444444::last_auth:: 1298316540
Entry:: 250
5504444444::auth_count:: 11
[root@ tmp]#
[root@ tmp]# kamctl fifo sht_dump a
Entry:: 108
5504444444::last_auth:: 1298316562
Entry:: 250
5504444444::auth_count:: 11111111
[root@ tmp]# kamctl fifo sht_dump a
Entry:: 108
5504444444::last_auth:: 1298316568
Entry:: 250
5504444444::auth_count:: 1111111111
So .. it seems just to be adding a “1” to the end of the string. This is the configuration file :
if(is_present_hf("Authorization"))
{
if($sht(a=>$au::auth_count)==3)
{
xlog("L_INFO","auth_count = 3\n");
$var(exp) = $Ts - 900;
if($sht(a=>$au::last_auth) > $var(exp))
{
xlog("L_INFO","REG de una IP banned\n");
sl_send_reply("403", "Try later");
exit;
} else {
$sht(a=>$au::auth_count) = 0;
}
}
if ( !radius_www_authorize("10.0.0.208") )
{
switch ($retcode) {
case -1:
xlog("L_INFO","authentication failed from radius\n");
if($sht(a=>$au::auth_count) == "null")
{
$sht(a=>$au::auth_count) = 0;
}
$sht(a=>$au::auth_count) = $sht(a=>$au::auth_count) + 1;
if($sht(a=>$au::auth_count) == 3)
{
xlog("L_INFO","auth failed 3rd time - src ip: $si\n");
}
$sht(a=>$au::last_auth) = $Ts;
break;
case -5:
sl_send_reply("403", "Forbidden");
exit;
}
www_challenge("10.0.0.208", "1");
exit;
}
$sht(a=>$au::auth_count) = 0;
save("location");
xlog("L_INFO","Save Location\n");
exit;
} else {
xlog("L_INFO","REG no tiene autorization Header\n");
www_challenge("10.0.0.208", "1");
exit;
}
} else if {
sl_send_reply("403", "Forbidden");
exit;
};
What I’m doing wrong.
Thanks in advance.
Regards,
Ricardo.-
De: Elena-Ramona Modroiu [mailto:ramona@asipto.com]
Enviado el: lunes, 21 de febrero de 2011 15:36
Para: Ricardo Martinez
CC: sr-users@lists.sip-router.org
Asunto: Re: [SR-Users] HTABLE problem
Hi,
this may be related to same issue reported at:
http://sip-router.org/tracker/index.php?do=details&task_id=114
Therefore it can be just some log message printed erroneously. Can you dump the htable content (or print it with xlog) to see if the assignment is actually done or not?
Dumping the htable content:
kamctl fifo sht_dump a
Another possible issue I spot with your config is that you don't check for the existence of Authorization header. Since I am not using auth_radius, I am not sure radius_www_authorize() return -1 only when the password mismatches. Might be also when there is no header carrying the credentials. If no Authorization header is present, the $au is null -- in this case you just have to do www_challenge() and exit, since counting failed authentications for "<null>" user might bring you unexpected behaviour.
Regards,
Ramona
On 2/18/11 10:35 PM, Ricardo Martinez wrote:
Hello
I’m trying to use “htable” module with the example to block a user with three time s failed password.
When a REGISTER arrives I’m getting this error :
Feb 18 17:26:34 /usr/local/sbin/kamailio[5840]: ERROR: <core> [lvalue.c:358]: setting pvar failed
Feb 18 17:26:34 /usr/local/sbin/kamailio[5840]: ERROR: <core> [lvalue.c:411]: assignment failed at pos: (322,54-322,81)
Feb 18 17:26:34 /usr/local/sbin/kamailio[5840]: ERROR: <core> [lvalue.c:358]: setting pvar failed
Feb 18 17:26:34 /usr/local/sbin/kamailio[5840]: ERROR: <core> [lvalue.c:411]: assignment failed at pos: (328,47-328,49)
The lines pointing the error are these :
312 if ( !radius_www_authorize("10.0.0.208") )
313 {
314 switch ($retcode) {
315 case -1:
316 xlog("L_INFO","authentication failed from radius\n");
317 if($sht(a=>$au::auth_count) == "null")
318 {
319 $sht(a=>$au::auth_count) = 0;
320 }
321 $sht(a=>$au::auth_count) = $sht(a=>$au::auth_count) + 1;
322 if($sht(a=>$au::auth_count) == 3)
323 {
324 xlog("L_INFO","auth failed 3rd time - src ip: $si\n");
325 }
326 $sht(a=>$au::last_auth) = $Ts;
327 break;
328 case -5:
329 sl_send_reply("403", "Forbidden");
330 exit;
331 }
332 www_challenge("10.0.0.208", "1");
333 exit;
334 }
What could be the problem?
Thanks in advance.
Regards,
Ricardo.-
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users