[OpenSER-Users] Logging failed registration attempt

Edoardo Serra edoardo.serra at webrainstorm.it
Tue Aug 14 16:09:09 CEST 2007 

GREAT

that's exactly was I was thinking at
(shame on me for not having searched the tracker nor the online doc 
which IS updated for devel section)

Tnx for help

Regards


Anatoly Pidruchny ha scritto:
> Please take a look at this patch: 
> http://sourceforge.net/tracker/index.php?func=detail&aid=1693132&group_id=139143&atid=743022 
> 
> This patch was uploaded into the trunk. This patch allows to check the 
> reason why the www/proxy_authorize function fails. It now returns the 
> following negative codes:
> 
>  -1 - non existent user;
>  -2 - invalid passwd
>  -3 - stale nonce
>  -4 - no credentials
>  -5 - error
> 
> You can use "switch" and "$retval" to test the return code in your script.
> 
> It does not look like the documentation was updated though to include 
> this information.
> 
> Anatoly.
>> Ok, that's how I did
>>
>> if (!proxy_authorize("exorsa", "openser_view")) {
>>         if(search("Proxy-Authorization")) {
>>                 xlog("L_ERR", "REGISTER: Auth error from - $au");
>>         }
>>         proxy_challenge("exorsa", "0");
>>         exit;
>> }
>>
>> so, if the packet contains credentials but they're wrong the attempt 
>> is logged
>>
>> Now I'm facing the following problem...
>> When the nonce axpires and the client reREGISTER the packet will 
>> contain   wrong credential and the UA is challenged again.
>>
>> This way that's logged as a bad authentication
>>
>> I also tried to do
>>
>> if(search("Proxy-Authorization")) {
>>     if(!registered("location")) {
>>         xlog("L_ERR", "REGISTER: Auth error from - $au");
>>     }
>> }
>>
>> ...but without good results....
>>
>> Any idea ?
>>
>> Tnx in advance
>>
>> Edoardo
>>
>> Iñaki Baz Castillo ha scritto:
>>> El Monday 13 August 2007 22:11:34 Edoardo Serra escribió:
>>>> Hi all,
>>>>     I'd like to log failed SIP REGISTER attempt either with xlog or 
>>>> with
>>>> sip_trace() but I cannot understand where to put related code to catch
>>>> the authentication error
>>>
>>>
>>> With XLOG is easy :)
>>>
>>>
>>>> Here is the part of my opensr.cfg dedicated to REGISTER handling
>>>>
>>>> if (method=="REGISTER") {
>>>>          if (!proxy_authorize("exorsa", "openser_view")) {
>>>                      xlog("L_INFO", "REGISTER: auth required\n");
>>>>                  proxy_challenge("exorsa", "0");
>>>>                  exit;
>>>>          }
>>>>          if (!check_to()) {
>>>                      xlog("L_WARN", "REGISTER: !check_to()\n");
>>>>                  sl_send_reply("403", "Digest username and URI username
>>>> do NOT match! Stay away!");
>>>>                  exit;
>>>>          }
>>>             xlog("L_INFO", "REGISTER: authorized\n");
>>>>          save("location");
>>>>
>>>>          exit;
>>>> };
>>>
>>>
>>> Regards.
>>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at openser.org
>> http://openser.org/cgi-bin/mailman/listinfo/users
>>
> 
>

More information about the Users mailing list