I want to log ONLY authentication failures but I can't figure out how to detect a failure from www_authorize() after a www_challenge() has been issued. Does www_authorize() return different values if the challenge info is already in there and it really did fail the lookup? Looking at the source code I don't see where it does. Here is what I propose gets added:
www_authorize would return the following:
-2 NEEDS_CHALLENGE -1 NOT_AUTHORIZED 0 ERROR 1 AUTHORIZED
Line 174 of authorize.c in the auth_db module I added the following but it wouldn't compile and I'm not really sure why since its part of the enum: case NO_CREDENTIALS return -2;
BUT if that did work here is an example of a piece of ser.cfg that would work...
if(method == "REGISTER" && uri == myself) { # Make sure they are a valid user on our proxy if(www_authorize("bwsys.net", "sipfriends") == -2) { www_challenge("bwsys.net", "1"); break; } elseif(www_authorize("bwsys.net", "sipfriends") == -1) { xlog("L_INFO", "Authentication Failed For %ct, URI = %ru"); } elseif(www_authorize("bwsys.net", "sipfriends") == 0) { xlog("L_INFO", "Internal Authentication Failure For %ct, URI = %ru"); } else { save("location"); break; }; };
----------------------------------------
Michael Shuler, C.E.O. BitWise Communications, Inc. (CLEC) And BitWise Systems, Inc. (ISP) 682 High Point Lane East Peoria, IL 61611 Office: (217) 585-0357 Cell: (309) 657-6365 Fax: (309) 213-3500 E-Mail: mike@bwsys.net Customer Service: (877) 976-0711
The functions exported for use in the config file can return only three values: -1 (false), 0 (drop current request), 1 (true).
You can use texops module to search for "Authorization" header, but you can't check whether the challenge has been issued before or not without some development.
Anyway, if the "Authorization" header is present and the www_authorize() returns false then you have authentication failure.
Daniel
On 10/03/04 20:17, Michael Shuler wrote:
I want to log ONLY authentication failures but I can't figure out how to detect a failure from www_authorize() after a www_challenge() has been issued. Does www_authorize() return different values if the challenge info is already in there and it really did fail the lookup? Looking at the source code I don't see where it does. Here is what I propose gets added:
www_authorize would return the following:
-2 NEEDS_CHALLENGE -1 NOT_AUTHORIZED 0 ERROR 1 AUTHORIZED
Line 174 of authorize.c in the auth_db module I added the following but it wouldn't compile and I'm not really sure why since its part of the enum: case NO_CREDENTIALS return -2;
BUT if that did work here is an example of a piece of ser.cfg that would work...
if(method == "REGISTER" && uri == myself) { # Make sure they are a valid user on our proxy if(www_authorize("bwsys.net", "sipfriends") == -2) { www_challenge("bwsys.net", "1"); break; } elseif(www_authorize("bwsys.net", "sipfriends") == -1) { xlog("L_INFO", "Authentication Failed For %ct, URI = %ru"); } elseif(www_authorize("bwsys.net", "sipfriends") == 0) { xlog("L_INFO", "Internal Authentication Failure For %ct, URI = %ru"); } else { save("location"); break; }; };
Michael Shuler, C.E.O. BitWise Communications, Inc. (CLEC) And BitWise Systems, Inc. (ISP) 682 High Point Lane East Peoria, IL 61611 Office: (217) 585-0357 Cell: (309) 657-6365 Fax: (309) 213-3500 E-Mail: mike@bwsys.net Customer Service: (877) 976-0711
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-
Daniel-Constantin Mierla -
Michael Shuler