Hi Ramona.

Thanks for your help.  I just put a snippet of my config file, in the original configuration I include the check for the “Authorization” header.

In a second view of my configuration file I spotted a problem (my mistake), I was missing the modparam which define the table “a”.  So I added that and now I’m getting another problem :

 

The line “if($sht(a=>$au::auth_count) == 3)” is never checked because the auth_count is not being summed as a integer value.  This is what I’m getting for the dump :

 

[root@ tmp]# kamctl fifo sht_dump a

Entry:: 108

        5504444444::last_auth:: 1298316540

Entry:: 250

        5504444444::auth_count:: 11

[root@ tmp]#

[root@ tmp]# kamctl fifo sht_dump a

Entry:: 108

        5504444444::last_auth:: 1298316562

Entry:: 250

        5504444444::auth_count:: 11111111

[root@ tmp]# kamctl fifo sht_dump a

Entry:: 108

        5504444444::last_auth:: 1298316568

Entry:: 250

        5504444444::auth_count:: 1111111111

 

So .. it seems just to be adding a “1” to the end of the string.  This is the configuration file :

 

        if(is_present_hf("Authorization"))

        {

                if($sht(a=>$au::auth_count)==3)

                {

                xlog("L_INFO","auth_count = 3\n");

                        $var(exp) = $Ts - 900;

                        if($sht(a=>$au::last_auth) > $var(exp))

                        {

                                xlog("L_INFO","REG de una IP banned\n");

                                sl_send_reply("403", "Try later");

                                exit;

                        } else {

                                $sht(a=>$au::auth_count) = 0;

                        }

                }

 

                if ( !radius_www_authorize("10.0.0.208") )

                {

                        switch ($retcode)  {

                                case -1:

                                        xlog("L_INFO","authentication failed from radius\n");

                                        if($sht(a=>$au::auth_count) == "null")

                                        {

                                                $sht(a=>$au::auth_count) = 0;

                                        }

                                        $sht(a=>$au::auth_count) = $sht(a=>$au::auth_count) + 1;

                                        if($sht(a=>$au::auth_count) == 3)

                                        {

                                                xlog("L_INFO","auth failed 3rd time - src ip: $si\n");

                                        }

                                        $sht(a=>$au::last_auth) = $Ts;

                                break;

                                case -5:

                                        sl_send_reply("403", "Forbidden");

                                exit;

                        }

                        www_challenge("10.0.0.208", "1");

                        exit;

                }

                $sht(a=>$au::auth_count) = 0;

                save("location");

                xlog("L_INFO","Save Location\n");

                exit;

        } else {

                xlog("L_INFO","REG no tiene autorization Header\n");

                www_challenge("10.0.0.208", "1");

                exit;

        }

 

} else if {

        sl_send_reply("403", "Forbidden");

        exit;

};

 

 

What I’m doing wrong.

 

Thanks in advance.

Regards,

Ricardo.-

 

De: Elena-Ramona Modroiu [mailto:ramona@asipto.com]
Enviado el: lunes, 21 de febrero de 2011 15:36
Para: Ricardo Martinez
CC: sr-users@lists.sip-router.org
Asunto: Re: [SR-Users] HTABLE problem

 

Hi,

this may be related to same issue reported at:
http://sip-router.org/tracker/index.php?do=details&task_id=114

Therefore it can be just some log message printed erroneously. Can you dump the htable content (or print it with xlog) to see if the assignment is actually done or not?

Dumping the htable content:

kamctl fifo sht_dump a

Another possible issue I spot with your config is that you don't check for the existence of Authorization header. Since I am not using auth_radius, I am not sure radius_www_authorize() return -1 only when the password mismatches. Might be also when there is no header carrying the credentials. If no Authorization header is present, the $au is null -- in this case you just have to do www_challenge() and exit, since counting failed authentications for "<null>" user might bring you unexpected behaviour.

Regards,
Ramona

 
On 2/18/11 10:35 PM, Ricardo Martinez wrote:

Hello

I’m trying to use “htable” module with the example to block a user with three time s failed password.

When a REGISTER arrives I’m getting this error :

Feb 18 17:26:34 /usr/local/sbin/kamailio[5840]: ERROR: <core> [lvalue.c:358]: setting pvar failed

Feb 18 17:26:34 /usr/local/sbin/kamailio[5840]: ERROR: <core> [lvalue.c:411]: assignment failed at pos: (322,54-322,81)

Feb 18 17:26:34 /usr/local/sbin/kamailio[5840]: ERROR: <core> [lvalue.c:358]: setting pvar failed

Feb 18 17:26:34 /usr/local/sbin/kamailio[5840]: ERROR: <core> [lvalue.c:411]: assignment failed at pos: (328,47-328,49)

 

The lines pointing the error are these :

 

312    if ( !radius_www_authorize("10.0.0.208") )

313    {

314            switch ($retcode)  {

315                    case -1:

316                            xlog("L_INFO","authentication failed from radius\n");

317                            if($sht(a=>$au::auth_count) == "null")

318                            {

319                                    $sht(a=>$au::auth_count) = 0;

320                            }

321                            $sht(a=>$au::auth_count) = $sht(a=>$au::auth_count) + 1;

322                            if($sht(a=>$au::auth_count) == 3)

323                            {

324                                    xlog("L_INFO","auth failed 3rd time - src ip: $si\n");

325                            }

326                            $sht(a=>$au::last_auth) = $Ts;

327                    break;

328                    case -5:

329                            sl_send_reply("403", "Forbidden");

330                    exit;

331            }

332            www_challenge("10.0.0.208", "1");

333            exit;

334    }

 

What could be the problem?

 

Thanks in advance.

Regards,

Ricardo.-

 
 
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users