14 Aug
2007
14 Aug
'07
5:38 p.m.
Edoardo,
I am looking at the documentation for the auth_db module for the
development version: http://www.openser.org/docs/modules/devel/auth_db.html
Yes, the information about return codes is included in the description
of the www_authorize function, but it is not included in the description
of proxy_authorize function. In fact, proxy_authorize function returns
the same error codes as the www_authorize function. Similar problem with
documentation for the radius_proxy_authorize (auth_radius module) and
diameter_proxy_authorize (auth_diameter module) functions. The return
codes are described for the ..._www_... functions, but not for
..._proxy_... functions.
Regards,
Anatoly.
GREAT
that's exactly was I was thinking at
(shame on me for not having searched the tracker nor the online doc
which IS updated for devel section)
Tnx for help
Regards
Anatoly Pidruchny ha scritto:
Please take a look at this patch:
http://sourceforge.net/tracker/index.php?func=detail&aid=1693132&gr…
This patch was uploaded into the trunk. This patch allows to check
the reason why the www/proxy_authorize function fails. It now returns
the following negative codes:
-1 - non existent user;
-2 - invalid passwd
-3 - stale nonce
-4 - no credentials
-5 - error
You can use "switch" and "$retval" to test the return code in your
script.
It does not look like the documentation was updated though to include
this information.
Anatoly.
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
Ok, that's how I did
if (!proxy_authorize("exorsa", "openser_view")) {
if(search("Proxy-Authorization")) {
xlog("L_ERR", "REGISTER: Auth error from - $au");
}
proxy_challenge("exorsa", "0");
exit;
}
so, if the packet contains credentials but they're wrong the attempt
is logged
Now I'm facing the following problem...
When the nonce axpires and the client reREGISTER the packet will
contain wrong credential and the UA is challenged again.
This way that's logged as a bad authentication
I also tried to do
if(search("Proxy-Authorization")) {
if(!registered("location")) {
xlog("L_ERR", "REGISTER: Auth error from - $au");
}
}
...but without good results....
Any idea ?
Tnx in advance
Edoardo
Iñaki Baz Castillo ha scritto:
El Monday 13 August 2007 22:11:34 Edoardo Serra
escribió:
> Hi all,
> I'd like to log failed SIP REGISTER attempt either with xlog
> or with
> sip_trace() but I cannot understand where to put related code to
> catch
> the authentication error
With XLOG is easy :)
> Here is the part of my opensr.cfg dedicated to REGISTER handling
>
> if (method=="REGISTER") {
> if (!proxy_authorize("exorsa", "openser_view")) {
xlog("L_INFO", "REGISTER: auth required\n");
> proxy_challenge("exorsa", "0");
> exit;
> }
> if (!check_to()) {
xlog("L_WARN", "REGISTER: !check_to()\n");
> sl_send_reply("403", "Digest username and URI
> username
> do NOT match! Stay away!");
> exit;
> }
xlog("L_INFO", "REGISTER: authorized\n");
> save("location");
>
> exit;
> };
Regards.
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users