[OpenSIPS-Users] Authentication using Username, Password, IP address or Just IP address

Alectronic a.dorantwyford at ivstel.com
Mon Feb 10 05:35:30 CET 2014


Hi,

Thanks for pointing me in the right direction with the permission module. I
have setup the modules and added information to the hosts.allow & host.deny
files (in the case of the hosts.deny it is ALL : ALL and only seem to have
block my SSH connection) but call are still flowing I'm guessing I need to
add detail into the address table but I not sure or do I need to use
allow_routing(allow_file,deny_file)? Below is the current config for
register and authenticate and the newly added modules.

loadmodule "permissions.so"
modparam("permissions", "default_allow_file", "/etc/hosts.allow")
modparam("permissions", "default_deny_file", "/etc/hosts.deny")
modparam("permissions", "check_all_branches", 0)
modparam("permissions", "allow_suffix", ".allow")
modparam("permissions", "deny_suffix", ".deny")
modparam("permissions", "db_url",
"mysql://opensips:test@localhost/opensips")
modparam("permissions", "address_table", "address")
modparam("permissions", "grp_col", "grp")
modparam("permissions", "ip_col", "ip")
modparam("permissions", "mask_col", "mask")
modparam("permissions", "port_col", "port")
modparam("permissions", "proto_col", "proto")
#modparam("permissions", "pattern_col", "pattern") /*opensips doesn't like
this modparam. possible bug? Error information at the bottom*/
modparam("permissions", "info_col", "context_info")

#is the IP address whitelisted?
        if (allow_routing()) {
                xlog("IP Allow Routing");
        }
#Check to see if the endpoint can authenticate / Register with
username/password
        else {
                xlog("authentication required for call from $si");
                if (!is_method("REGISTER")) {
                        # EC - auth
                        if (!proxy_authorize("", "subscriber")) {
                                xlog("proxy challenge!");
                                proxy_challenge("", "0");  # Realm will be
autogenerated
                                exit;
                        }
                        if (!db_check_from()) {
                             xlog("forbidden!");
                             sl_send_reply("403","Forbidden auth ID");
                             exit;
                        }
                        consume_credentials();
                } else {
                        if (!www_authorize("", "subscriber")) {
                                xlog("www challenge!");
                                www_challenge("", "0");  # Realm will be
autogenerated
                                exit;
                        }

                        if (!db_check_from()) {
                             xlog("forbidden!");
                             sl_send_reply("403","Forbidden auth ID");
                             exit;
                        }

                        if (!save("location")) {
                                xlog("failed to save location!");
                                sl_reply_error();
                        }


                        xlog("registered - $from");
                        exit;
                }
        }


When this finally works would this be how it works?
If its in the .allow file = Just requires IP to make call
if its in the .deny file = blocks calls
if it not in either files = has to authenticate with username/password



I also had a error when setting up the permission module it didn't like
"modparam("permissions", "pattern_col", "pattern")" Below is the error
message I got from the log file.

Feb 10 15:20:34 AdaptivOpenSips opensips: ERROR:core:set_mod_param_regex:
parameter <pattern_col> not found in module <permissions>
Feb 10 15:20:34 AdaptivOpenSips opensips: CRITICAL:core:yyerror: parse error
in config file /etc/opensips/opensips.cfg, line 216, column 20-21: Parameter
<pattern_col> not found in module <permissions> - can't set
Feb 10 15:20:34 AdaptivOpenSips opensips: ERROR:core:main: bad config file
(1 errors)

It looks like this module parameters is not available 



















--
View this message in context: http://opensips-open-sip-server.1449251.n2.nabble.com/Re-Authentication-using-Username-Password-IP-address-or-Just-IP-address-tp7589529p7589531.html
Sent from the OpenSIPS - Users mailing list archive at Nabble.com.



More information about the Users mailing list