Hello,
I would strongly advice you to use the address table in conjunction with
check_address() or check_source_address(). See:
http://www.opensips.org/html/docs/modules/1.10.x/permissions.html#sec-address-permissions
http://www.opensips.org/html/docs/modules/1.10.x/permissions.html#id294509
It works via DB (easy to provision), it it cached, has a reload
function, etc - several advantages.
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 10.02.2014 06:35, Alectronic wrote:
Hi,
Thanks for pointing me in the right direction with the permission module. I
have setup the modules and added information to the hosts.allow & host.deny
files (in the case of the hosts.deny it is ALL : ALL and only seem to have
block my SSH connection) but call are still flowing I'm guessing I need to
add detail into the address table but I not sure or do I need to use
allow_routing(allow_file,deny_file)? Below is the current config for
register and authenticate and the newly added modules.
loadmodule "permissions.so"
modparam("permissions", "default_allow_file", "/etc/hosts.allow")
modparam("permissions", "default_deny_file", "/etc/hosts.deny")
modparam("permissions", "check_all_branches", 0)
modparam("permissions", "allow_suffix", ".allow")
modparam("permissions", "deny_suffix", ".deny")
modparam("permissions", "db_url",
"mysql://opensips:test@localhost/opensips")
modparam("permissions", "address_table", "address")
modparam("permissions", "grp_col", "grp")
modparam("permissions", "ip_col", "ip")
modparam("permissions", "mask_col", "mask")
modparam("permissions", "port_col", "port")
modparam("permissions", "proto_col", "proto")
#modparam("permissions", "pattern_col", "pattern") /*opensips doesn't like
this modparam. possible bug? Error information at the bottom*/
modparam("permissions", "info_col", "context_info")
#is the IP address whitelisted?
if (allow_routing()) {
xlog("IP Allow Routing");
}
#Check to see if the endpoint can authenticate / Register with
username/password
else {
xlog("authentication required for call from $si");
if (!is_method("REGISTER")) {
# EC - auth
if (!proxy_authorize("", "subscriber")) {
xlog("proxy challenge!");
proxy_challenge("", "0"); # Realm will be
autogenerated
exit;
}
if (!db_check_from()) {
xlog("forbidden!");
sl_send_reply("403","Forbidden auth ID");
exit;
}
consume_credentials();
} else {
if (!www_authorize("", "subscriber")) {
xlog("www challenge!");
www_challenge("", "0"); # Realm will be
autogenerated
exit;
}
if (!db_check_from()) {
xlog("forbidden!");
sl_send_reply("403","Forbidden auth ID");
exit;
}
if (!save("location")) {
xlog("failed to save location!");
sl_reply_error();
}
xlog("registered - $from");
exit;
}
}
When this finally works would this be how it works?
If its in the .allow file = Just requires IP to make call
if its in the .deny file = blocks calls
if it not in either files = has to authenticate with username/password
I also had a error when setting up the permission module it didn't like
"modparam("permissions", "pattern_col", "pattern")" Below is the error
message I got from the log file.
Feb 10 15:20:34 AdaptivOpenSips opensips: ERROR:core:set_mod_param_regex:
parameter <pattern_col> not found in module <permissions>
Feb 10 15:20:34 AdaptivOpenSips opensips: CRITICAL:core:yyerror: parse error
in config file /etc/opensips/opensips.cfg, line 216, column 20-21: Parameter
<pattern_col> not found in module <permissions> - can't set
Feb 10 15:20:34 AdaptivOpenSips opensips: ERROR:core:main: bad config file
(1 errors)
It looks like this module parameters is not available
--
View this message in context:
http://opensips-open-sip-server.1449251.n2.nabble.com/Re-Authentication-using-Username-Password-IP-address-or-Just-IP-address-tp7589529p7589531.html
Sent from the OpenSIPS - Users mailing list archive at Nabble.com.
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
