I want to log ONLY authentication failures but I can't figure out how to detect a failure from www_authorize() after a www_challenge() has been issued. Does www_authorize() return different values if the challenge info is already in there and it really did fail the lookup? Looking at the source code I don't see where it does. Here is what I propose gets added:
www_authorize would return the following:
-2 NEEDS_CHALLENGE -1 NOT_AUTHORIZED 0 ERROR 1 AUTHORIZED
Line 174 of authorize.c in the auth_db module I added the following but it wouldn't compile and I'm not really sure why since its part of the enum: case NO_CREDENTIALS return -2;
BUT if that did work here is an example of a piece of ser.cfg that would work...
if(method == "REGISTER" && uri == myself) { # Make sure they are a valid user on our proxy if(www_authorize("bwsys.net", "sipfriends") == -2) { www_challenge("bwsys.net", "1"); break; } elseif(www_authorize("bwsys.net", "sipfriends") == -1) { xlog("L_INFO", "Authentication Failed For %ct, URI = %ru"); } elseif(www_authorize("bwsys.net", "sipfriends") == 0) { xlog("L_INFO", "Internal Authentication Failure For %ct, URI = %ru"); } else { save("location"); break; }; };
----------------------------------------
Michael Shuler, C.E.O. BitWise Communications, Inc. (CLEC) And BitWise Systems, Inc. (ISP) 682 High Point Lane East Peoria, IL 61611 Office: (217) 585-0357 Cell: (309) 657-6365 Fax: (309) 213-3500 E-Mail: mike@bwsys.net Customer Service: (877) 976-0711