[OpenSIPS-Users] IP authentication

Brett Nemeroff brett at nemeroff.com
Thu Jan 15 21:07:32 CET 2009 

What are you using for a mask? Bogdan, what's the format for that field? Is
it typical slash notation? ie: 24 for a class c (255.255.255.0).


On Thu, Jan 15, 2009 at 9:52 AM, michel freiha <michofr at gmail.com> wrote:

> Dear Bogdan,
>
> I did the following:
>
> if(!allow_address("0", "$si", "$sp")){
> sl_send_reply("403", "Forbidden");
>
> xlog("KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK");
> exit;
> }
>
> When making a call, the system is not matching the condition in all
> cases...which means if my IP reside on the address table or not
>
> Regards
>
>
> On Thu, Jan 15, 2009 at 5:24 PM, Bogdan-Andrei Iancu <
> bogdan at voice-system.ro> wrote:
>
>> Hi Michel,
>>
>> seams allow_address() has mandatory params, replace with:
>>   allow_address("0", "$si", "$sp")
>>
>> Regards,
>> Bogdan
>>
>>
>> michel freiha wrote:
>>
>>> Dear Bogdan,
>>> I have created the address table as you asked me in the previous email
>>> then I added the following to the opensips.cfg file:
>>>
>>> route{
>>>
>>> if (!allow_address()) {
>>> sl_send_reply("403", "Forbidden");
>>> xlog("$si");
>>>
>>> xlog("KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK");
>>> };
>>>
>>> I added only IP address to the address table...When trying to restart
>>> OpenSIps I got the below error:
>>>
>>>
>>> Thanks for the help
>>>
>>> Regards
>>>
>>>
>>>
>>> On Thu, Jan 15, 2009 at 11:51 AM, Bogdan-Andrei Iancu <
>>> bogdan at voice-system.ro <mailto:bogdan at voice-system.ro>> wrote:
>>>
>>>    Hi Michel,
>>>
>>>    So, the table must look like:
>>>
>>>    CREATE TABLE address (
>>>      id INT(10) UNSIGNED AUTO_INCREMENT PRIMARY KEY NOT NULL,
>>>      grp SMALLINT(5) UNSIGNED DEFAULT 0 NOT NULL,
>>>      ip_addr VARCHAR(15) NOT NULL,
>>>      mask TINYINT DEFAULT 32 NOT NULL,
>>>      port SMALLINT(5) UNSIGNED DEFAULT 0 NOT NULL
>>>    ) ENGINE=MyISAM;
>>>
>>>
>>>    so, mask is integer after all :). What you should put in db (to
>>>    test) is:
>>>      insert into address (ip_addr) values ("xxx.xxx.xxx.xxx");
>>>
>>>    and check the allow_address() then.
>>>
>>>    Let me know if there are errors at startup or at runtime.
>>>
>>>
>>>    Regards,
>>>    Bogdan
>>>
>>>    michel freiha wrote:
>>>
>>>        Dear Bogdan,
>>>
>>>        I tried allow_address() and it returns an error when
>>>        restarting OpenSIPS..Even I tried to change the mask field
>>>        type from tinit to varchar but if I put a value inside it like
>>>        26 and restart OpenSIPS I even get an error
>>>
>>>        Regards
>>>
>>>        Regards
>>>
>>>        On Thu, Jan 15, 2009 at 11:20 AM, Bogdan-Andrei Iancu
>>>        <bogdan at voice-system.ro <mailto:bogdan at voice-system.ro>
>>>        <mailto:bogdan at voice-system.ro
>>>        <mailto:bogdan at voice-system.ro>>> wrote:
>>>
>>>           Hi Michel,
>>>
>>>           Have you tried to use the simple format of the command ?
>>>
>>>           Like  allow_address() ?
>>>
>>>           Also not that after filling in the table, you have either to
>>>           restart, either to issue the "address_reload" MI command.
>>>
>>>           Regards,
>>>           Bogdan
>>>
>>>           michel freiha wrote:
>>>
>>>               Dear Sir,
>>>               I'm trying to authenticate users based on their IP
>>>        addresses
>>>               and not based on username and password...I did the
>>>        following
>>>               in the config file:
>>>
>>>               1- I added loadmodule "permissions.so"
>>>               2- modparam("permissions", "db_url",
>>>               "mysql://opensips:123456@MySQL_Database_IP/Database_name")
>>>               3- I added the below function in route function
>>>
>>>               if (!allow_address("1", "$si", "$sp")) {
>>>                      sl_send_reply("403", "Forbidden");
>>>
>>> xlog("KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK");
>>>               };
>>>               4- on the database side I have created the address
>>>        table then
>>>               add an entry with the below values:
>>>
>>>               grp=1   ip_address=My Softphone IP address  mask=24
>>>   Port=0
>>>
>>>               The problem is that I'm getting Forbidden in case my IP
>>>        exist
>>>               in address table or not...
>>>               Does someone has any idea about what could be the issue
>>>        here?
>>>
>>>               Thanks a lot for the help
>>>
>>>               Regards
>>>
>>> ------------------------------------------------------------------------
>>>
>>>               _______________________________________________
>>>               Users mailing list
>>>               Users at lists.opensips.org
>>>        <mailto:Users at lists.opensips.org>
>>>        <mailto:Users at lists.opensips.org
>>>        <mailto:Users at lists.opensips.org>>
>>>
>>>               http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>>
>>>
>>>
>>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20090115/159571b7/attachment-0002.htm

More information about the Users mailing list