[SR-Users] HTABLE problem
Ricardo Martinez
rmartinez at redvoiss.net
Mon Feb 21 20:33:52 CET 2011
Hi Ramona.
Thanks for your help. I just put a snippet of my config file, in the
original configuration I include the check for the “Authorization” header.
In a second view of my configuration file I spotted a problem (my mistake),
I was missing the modparam which define the table “a”. So I added that and
now I’m getting another problem :
The line “if($sht(a=>$au::auth_count) == 3)” is never checked because the
auth_count is not being summed as a integer value. This is what I’m getting
for the dump :
[root@ tmp]# kamctl fifo sht_dump a
Entry:: 108
5504444444::last_auth:: 1298316540
Entry:: 250
5504444444::auth_count:: 11
[root@ tmp]#
[root@ tmp]# kamctl fifo sht_dump a
Entry:: 108
5504444444::last_auth:: 1298316562
Entry:: 250
5504444444::auth_count:: 11111111
[root@ tmp]# kamctl fifo sht_dump a
Entry:: 108
5504444444::last_auth:: 1298316568
Entry:: 250
5504444444::auth_count:: 1111111111
So .. it seems just to be adding a “1” to the end of the string. This is
the configuration file :
if(is_present_hf("Authorization"))
{
if($sht(a=>$au::auth_count)==3)
{
xlog("L_INFO","auth_count = 3\n");
$var(exp) = $Ts - 900;
if($sht(a=>$au::last_auth) > $var(exp))
{
xlog("L_INFO","REG de una IP banned\n");
sl_send_reply("403", "Try later");
exit;
} else {
$sht(a=>$au::auth_count) = 0;
}
}
if ( !radius_www_authorize("10.0.0.208") )
{
switch ($retcode) {
case -1:
xlog("L_INFO","authentication failed
from radius\n");
if($sht(a=>$au::auth_count) ==
"null")
{
$sht(a=>$au::auth_count) =
0;
}
$sht(a=>$au::auth_count) =
$sht(a=>$au::auth_count) + 1;
if($sht(a=>$au::auth_count) == 3)
{
xlog("L_INFO","auth failed
3rd time - src ip: $si\n");
}
$sht(a=>$au::last_auth) = $Ts;
break;
case -5:
sl_send_reply("403", "Forbidden");
exit;
}
www_challenge("10.0.0.208", "1");
exit;
}
$sht(a=>$au::auth_count) = 0;
save("location");
xlog("L_INFO","Save Location\n");
exit;
} else {
xlog("L_INFO","REG no tiene autorization Header\n");
www_challenge("10.0.0.208", "1");
exit;
}
} else if {
sl_send_reply("403", "Forbidden");
exit;
};
What I’m doing wrong.
Thanks in advance.
Regards,
Ricardo.-
*De:* Elena-Ramona Modroiu [mailto:ramona at asipto.com]
*Enviado el:* lunes, 21 de febrero de 2011 15:36
*Para:* Ricardo Martinez
*CC:* sr-users at lists.sip-router.org
*Asunto:* Re: [SR-Users] HTABLE problem
Hi,
this may be related to same issue reported at:
http://sip-router.org/tracker/index.php?do=details&task_id=114
Therefore it can be just some log message printed erroneously. Can you dump
the htable content (or print it with xlog) to see if the assignment is
actually done or not?
Dumping the htable content:
kamctl fifo sht_dump a
Another possible issue I spot with your config is that you don't check for
the existence of Authorization header. Since I am not using auth_radius, I
am not sure radius_www_authorize() return -1 only when the password
mismatches. Might be also when there is no header carrying the credentials.
If no Authorization header is present, the $au is null -- in this case you
just have to do www_challenge() and exit, since counting failed
authentications for "<null>" user might bring you unexpected behaviour.
Regards,
Ramona
On 2/18/11 10:35 PM, Ricardo Martinez wrote:
Hello
I’m trying to use “htable” module with the example to block a user with
three time s failed password.
When a REGISTER arrives I’m getting this error :
Feb 18 17:26:34 /usr/local/sbin/kamailio[5840]: ERROR: <core>
[lvalue.c:358]: setting pvar failed
Feb 18 17:26:34 /usr/local/sbin/kamailio[5840]: ERROR: <core>
[lvalue.c:411]: assignment failed at pos: (322,54-322,81)
Feb 18 17:26:34 /usr/local/sbin/kamailio[5840]: ERROR: <core>
[lvalue.c:358]: setting pvar failed
Feb 18 17:26:34 /usr/local/sbin/kamailio[5840]: ERROR: <core>
[lvalue.c:411]: assignment failed at pos: (328,47-328,49)
The lines pointing the error are these :
312 if ( !radius_www_authorize("10.0.0.208") )
313 {
314 switch ($retcode) {
315 case -1:
316 xlog("L_INFO","authentication failed from
radius\n");
317 if($sht(a=>$au::auth_count) == "null")
318 {
319 $sht(a=>$au::auth_count) = 0;
320 }
321 $sht(a=>$au::auth_count) =
$sht(a=>$au::auth_count) + 1;
322 if($sht(a=>$au::auth_count) == 3)
323 {
324 xlog("L_INFO","auth failed 3rd time -
src ip: $si\n");
325 }
326 $sht(a=>$au::last_auth) = $Ts;
327 break;
328 case -5:
329 sl_send_reply("403", "Forbidden");
330 exit;
331 }
332 www_challenge("10.0.0.208", "1");
333 exit;
334 }
What could be the problem?
Thanks in advance.
Regards,
Ricardo.-
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users at lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20110221/b10214bd/attachment-0001.htm>
More information about the sr-users
mailing list