[OpenSER-Users] Logging failed registration attempt

Anatoly Pidruchny apidruchny at newxt.com
Tue Aug 14 16:00:33 CEST 2007


Please take a look at this patch: 
http://sourceforge.net/tracker/index.php?func=detail&aid=1693132&group_id=139143&atid=743022
This patch was uploaded into the trunk. This patch allows to check the 
reason why the www/proxy_authorize function fails. It now returns the 
following negative codes:

  -1 - non existent user;
  -2 - invalid passwd
  -3 - stale nonce
  -4 - no credentials
  -5 - error

You can use "switch" and "$retval" to test the return code in your script.

It does not look like the documentation was updated though to include 
this information.

Anatoly.
> Ok, that's how I did
>
> if (!proxy_authorize("exorsa", "openser_view")) {
>         if(search("Proxy-Authorization")) {
>                 xlog("L_ERR", "REGISTER: Auth error from - $au");
>         }
>         proxy_challenge("exorsa", "0");
>         exit;
> }
>
> so, if the packet contains credentials but they're wrong the attempt 
> is logged
>
> Now I'm facing the following problem...
> When the nonce axpires and the client reREGISTER the packet will 
> contain   wrong credential and the UA is challenged again.
>
> This way that's logged as a bad authentication
>
> I also tried to do
>
> if(search("Proxy-Authorization")) {
>     if(!registered("location")) {
>         xlog("L_ERR", "REGISTER: Auth error from - $au");
>     }
> }
>
> ...but without good results....
>
> Any idea ?
>
> Tnx in advance
>
> Edoardo
>
> Iñaki Baz Castillo ha scritto:
>> El Monday 13 August 2007 22:11:34 Edoardo Serra escribió:
>>> Hi all,
>>>     I'd like to log failed SIP REGISTER attempt either with xlog or 
>>> with
>>> sip_trace() but I cannot understand where to put related code to catch
>>> the authentication error
>>
>>
>> With XLOG is easy :)
>>
>>
>>> Here is the part of my opensr.cfg dedicated to REGISTER handling
>>>
>>> if (method=="REGISTER") {
>>>          if (!proxy_authorize("exorsa", "openser_view")) {
>>                      xlog("L_INFO", "REGISTER: auth required\n");
>>>                  proxy_challenge("exorsa", "0");
>>>                  exit;
>>>          }
>>>          if (!check_to()) {
>>                      xlog("L_WARN", "REGISTER: !check_to()\n");
>>>                  sl_send_reply("403", "Digest username and URI username
>>> do NOT match! Stay away!");
>>>                  exit;
>>>          }
>>             xlog("L_INFO", "REGISTER: authorized\n");
>>>          save("location");
>>>
>>>          exit;
>>> };
>>
>>
>> Regards.
>>
>
>
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users
>





More information about the Users mailing list