[OpenSIPS-Users] IP authentication
Bogdan-Andrei Iancu
bogdan at voice-system.ro
Fri Jan 16 11:12:07 CET 2009
Hi Michel,
I still see in your cfg that you set the first param to 1:
allow_address("*1*", "$si", "$sp")
But this must be set to 0 as in order to match the "grp" field from your
table - this is by default 0!.
Regards,
Bogdan
michel freiha wrote:
> Dear Sir,
>
> Kindly check the Whole configuration file:
>
> http://pastebin.com/d16fe5f36
>
> Please let me know if there is something wrong...I'm not be able to
> make a call and when dialing 00 from a registered or non registered
> endpoint OpenSIPS run inside the function if(!allow_address("1",
> "$si", "$sp")){
>
>
> Regards
>
> On Thu, Jan 15, 2009 at 10:07 PM, Brett Nemeroff <brett at nemeroff.com
> <mailto:brett at nemeroff.com>> wrote:
>
> What are you using for a mask? Bogdan, what's the format for that
> field? Is it typical slash notation? ie: 24 for a class c
> (255.255.255.0).
>
>
>
> On Thu, Jan 15, 2009 at 9:52 AM, michel freiha <michofr at gmail.com
> <mailto:michofr at gmail.com>> wrote:
>
> Dear Bogdan,
>
> I did the following:
>
> if(!allow_address("0", "$si", "$sp")){
>
> sl_send_reply("403", "Forbidden");
> xlog("KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK");
> exit;
> }
>
> When making a call, the system is not matching the condition
> in all cases...which means if my IP reside on the address
> table or not
>
> Regards
>
>
> On Thu, Jan 15, 2009 at 5:24 PM, Bogdan-Andrei Iancu
> <bogdan at voice-system.ro <mailto:bogdan at voice-system.ro>> wrote:
>
> Hi Michel,
>
> seams allow_address() has mandatory params, replace with:
> allow_address("0", "$si", "$sp")
>
>
> Regards,
> Bogdan
>
>
> michel freiha wrote:
>
> Dear Bogdan,
>
> I have created the address table as you asked me in
> the previous email then I added the following to the
> opensips.cfg file:
>
> route{
>
> if (!allow_address()) {
> sl_send_reply("403", "Forbidden");
> xlog("$si");
> xlog("KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK");
> };
>
> I added only IP address to the address table...When
> trying to restart OpenSIps I got the below error:
>
>
> Thanks for the help
>
> Regards
>
>
>
> On Thu, Jan 15, 2009 at 11:51 AM, Bogdan-Andrei Iancu
> <bogdan at voice-system.ro
> <mailto:bogdan at voice-system.ro>
> <mailto:bogdan at voice-system.ro
> <mailto:bogdan at voice-system.ro>>> wrote:
>
> Hi Michel,
>
> So, the table must look like:
>
> CREATE TABLE address (
> id INT(10) UNSIGNED AUTO_INCREMENT PRIMARY KEY
> NOT NULL,
> grp SMALLINT(5) UNSIGNED DEFAULT 0 NOT NULL,
> ip_addr VARCHAR(15) NOT NULL,
> mask TINYINT DEFAULT 32 NOT NULL,
> port SMALLINT(5) UNSIGNED DEFAULT 0 NOT NULL
> ) ENGINE=MyISAM;
>
>
> so, mask is integer after all :). What you should
> put in db (to
> test) is:
> insert into address (ip_addr) values
> ("xxx.xxx.xxx.xxx");
>
> and check the allow_address() then.
>
> Let me know if there are errors at startup or at
> runtime.
>
>
> Regards,
> Bogdan
>
> michel freiha wrote:
>
> Dear Bogdan,
>
> I tried allow_address() and it returns an error
> when
> restarting OpenSIPS..Even I tried to change the
> mask field
> type from tinit to varchar but if I put a value
> inside it like
> 26 and restart OpenSIPS I even get an error
>
> Regards
>
> Regards
>
> On Thu, Jan 15, 2009 at 11:20 AM, Bogdan-Andrei
> Iancu
> <bogdan at voice-system.ro
> <mailto:bogdan at voice-system.ro>
> <mailto:bogdan at voice-system.ro
> <mailto:bogdan at voice-system.ro>>
> <mailto:bogdan at voice-system.ro
> <mailto:bogdan at voice-system.ro>
> <mailto:bogdan at voice-system.ro
> <mailto:bogdan at voice-system.ro>>>> wrote:
>
> Hi Michel,
>
> Have you tried to use the simple format of
> the command ?
>
> Like allow_address() ?
>
> Also not that after filling in the table,
> you have either to
> restart, either to issue the
> "address_reload" MI command.
>
> Regards,
> Bogdan
>
> michel freiha wrote:
>
> Dear Sir,
> I'm trying to authenticate users based
> on their IP
> addresses
> and not based on username and
> password...I did the
> following
> in the config file:
>
> 1- I added loadmodule "permissions.so"
> 2- modparam("permissions", "db_url",
>
> "mysql://opensips:123456@MySQL_Database_IP/Database_name")
> 3- I added the below function in route
> function
>
> if (!allow_address("1", "$si", "$sp")) {
> sl_send_reply("403", "Forbidden");
>
> xlog("KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK");
> };
> 4- on the database side I have created
> the address
> table then
> add an entry with the below values:
>
> grp=1 ip_address=My Softphone IP
> address mask=24 Port=0
>
> The problem is that I'm getting
> Forbidden in case my IP
> exist
> in address table or not...
> Does someone has any idea about what
> could be the issue
> here?
>
> Thanks a lot for the help
>
> Regards
>
> ------------------------------------------------------------------------
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> <mailto:Users at lists.opensips.org>
> <mailto:Users at lists.opensips.org
> <mailto:Users at lists.opensips.org>>
> <mailto:Users at lists.opensips.org
> <mailto:Users at lists.opensips.org>
> <mailto:Users at lists.opensips.org
> <mailto:Users at lists.opensips.org>>>
>
>
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org <mailto:Users at lists.opensips.org>
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
More information about the Users
mailing list