Re: [OpenSER-Users] Logging failed registration attempt

Tue, 14 Aug 2007 07:01:08 -0700

Please take a look at this patch: http://sourceforge.net/tracker/index.php?func=detail&aid=1693132&group_id=139143&atid=743022 This patch was uploaded into the trunk. This patch allows to check the reason why the www/proxy_authorize function fails. It now returns the following negative codes: 

 -1 - non existent user;
 -2 - invalid passwd
 -3 - stale nonce
 -4 - no credentials
 -5 - error

You can use "switch" and "$retval" to test the return code in your script.
It does not look like the documentation was updated though to include this information. 

Anatoly.

Ok, that's how I did

if (!proxy_authorize("exorsa", "openser_view")) {
        if(search("Proxy-Authorization")) {
                xlog("L_ERR", "REGISTER: Auth error from - $au");
        }
        proxy_challenge("exorsa", "0");
        exit;
}
so, if the packet contains credentials but they're wrong the attempt is logged 

Now I'm facing the following problem...
When the nonce axpires and the client reREGISTER the packet will contain wrong credential and the UA is challenged again. 

This way that's logged as a bad authentication

I also tried to do

if(search("Proxy-Authorization")) {
    if(!registered("location")) {
        xlog("L_ERR", "REGISTER: Auth error from - $au");
    }
}

...but without good results....

Any idea ?

Tnx in advance

Edoardo

Iñaki Baz Castillo ha scritto:

El Monday 13 August 2007 22:11:34 Edoardo Serra escribió:

Hi all,
I'd like to log failed SIP REGISTER attempt either with xlog or with 
sip_trace() but I cannot understand where to put related code to catch
the authentication error



With XLOG is easy :)



Here is the part of my opensr.cfg dedicated to REGISTER handling

if (method=="REGISTER") {
         if (!proxy_authorize("exorsa", "openser_view")) {

                     xlog("L_INFO", "REGISTER: auth required\n");

                 proxy_challenge("exorsa", "0");
                 exit;
         }
         if (!check_to()) {

                     xlog("L_WARN", "REGISTER: !check_to()\n");

                 sl_send_reply("403", "Digest username and URI username
do NOT match! Stay away!");
                 exit;
         }

            xlog("L_INFO", "REGISTER: authorized\n");

         save("location");

         exit;
};



Regards.




_______________________________________________
Users mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/users




_______________________________________________
Users mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/users

Reply via email to