Registrar with IP authentication - selecting variables from DB

classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

Registrar with IP authentication - selecting variables from DB

maatohewetbi
Is there any way to make an IP authorization with registrar module? First I want to authenticate peer with IP, and then allow him to register with correct login/pass. Or is there any way to select any variable from DB?
Reply | Threaded
Open this post in threaded view
|

Re: Registrar with IP authentication - selecting variables from DB

Razvan Crainea-3
Yes, you can use the check_source() address function[1] just before the
auth block.

[1] http://www.opensips.org/html/docs/modules/2.2.x/permissions#id295007

Best regards,

Răzvan Crainea
OpenSIPS Solutions
www.opensips-solutions.com

On 01/11/2017 12:44 PM, maatohewetbi wrote:

> Is there any way to make an IP authorization with registrar module? First I
> want to authenticate peer with IP, and then allow him to register with
> correct login/pass. Or is there any way to select any variable from DB?
>
>
>
> --
> View this message in context: http://opensips-open-sip-server.1449251.n2.nabble.com/Registrar-with-IP-authentication-selecting-variables-from-DB-tp7605514.html
> Sent from the OpenSIPS - Users mailing list archive at Nabble.com.
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Registrar with IP authentication - selecting variables from DB

maatohewetbi
Yes, but I want to check sip login first, not an IP. Here is ny plan, what I want to do:

- store IP, login in one table (a new  on or existing one) - there will be IP and SIP logins.

When a client make a registration, my script should check if this login is in table, if yes - then check IP, if it matches - allow a registration, if not - send 403 and exit. There will be another case, when a SIP login is not in this table - just allow registration without checking an IP.
Reply | Threaded
Open this post in threaded view
|

Re: Registrar with IP authentication - selecting variables from DB

Razvan Crainea-3
Then simply reverse the IP check logic and do it after the user is
authenticated.

Best regards,

Răzvan Crainea
OpenSIPS Solutions
www.opensips-solutions.com

On 01/11/2017 01:15 PM, maatohewetbi wrote:

> Yes, but I want to check sip login first, not an IP. Here is ny plan, what I
> want to do:
>
> - store IP, login in one table (a new  on or existing one) - there will be
> IP and SIP logins.
>
> When a client make a registration, my script should check if this login is
> in table, if yes - then check IP, if it matches - allow a registration, if
> not - send 403 and exit. There will be another case, when a SIP login is not
> in this table - just allow registration without checking an IP.
>
>
>
> --
> View this message in context: http://opensips-open-sip-server.1449251.n2.nabble.com/Registrar-with-IP-authentication-selecting-variables-from-DB-tp7605514p7605516.html
> Sent from the OpenSIPS - Users mailing list archive at Nabble.com.
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Registrar with IP authentication - selecting variables from DB

maatohewetbi
Yes, but every IP and login should be in table. How can I read variables from DB? Is it possible to do it?
Reply | Threaded
Open this post in threaded view
|

Re: Registrar with IP authentication - selecting variables from DB

Razvan Crainea-3
Yes, it is. Provision the address table in the database and use the
check_source_address() functionin the script.

[1] http://www.opensips.org/html/docs/modules/2.2.x/permissions#id295007

Best regards,

Răzvan Crainea
OpenSIPS Solutions
www.opensips-solutions.com

On 01/13/2017 11:03 AM, maatohewetbi wrote:

> Yes, but every IP and login should be in table. How can I read variables from
> DB? Is it possible to do it?
>
>
>
> --
> View this message in context: http://opensips-open-sip-server.1449251.n2.nabble.com/Registrar-with-IP-authentication-selecting-variables-from-DB-tp7605514p7605547.html
> Sent from the OpenSIPS - Users mailing list archive at Nabble.com.
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Registrar with IP authentication - selecting variables from DB

maatohewetbi
I think You don't understand. My Opensips should work in this scenario:

1. When user wants to register, I have to check whether his sip login is in address table (which can be stored in context_info for example). If it is there then check IP, which is in this record, for this sip login. If this IP is the same as real IP of this user (from $si value), the user can be registered. If this IP is not the same - user can't be registered.
2. When user wants to register, but his sip login doesn't exist in address table - this user can be registered without IP checking.

So I have to check IP, only for users, whom login is in address table. Others, can registered without checking. If I use one of function in permission module I always have to check IP. I have to check login first, then IP. I hope that now everything is clear.
Reply | Threaded
Open this post in threaded view
|

Re: Registrar with IP authentication - selecting variables from DB

Stefano Pisani
Use 0.0.0.0/0 for those without IP filter.

s

Il 13/01/2017 12:09, maatohewetbi ha scritto:

> I think You don't understand. My Opensips should work in this scenario:
>
> 1. When user wants to register, I have to check whether his sip login is in
> address table (which can be stored in context_info for example). If it is
> there then check IP, which is in this record, for this sip login. If this IP
> is the same as real IP of this user (from $si value), the user can be
> registered. If this IP is not the same - user can't be registered.
> 2. When user wants to register, but his sip login doesn't exist in address
> table - this user can be registered without IP checking.
>
> So I have to check IP, only for users, whom login is in address table.
> Others, can registered without checking. If I use one of function in
> permission module I always have to check IP. I have to check login first,
> then IP. I hope that now everything is clear.
>
>
>
> --
> View this message in context: http://opensips-open-sip-server.1449251.n2.nabble.com/Registrar-with-IP-authentication-selecting-variables-from-DB-tp7605514p7605552.html
> Sent from the OpenSIPS - Users mailing list archive at Nabble.com.
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Registrar with IP authentication - selecting variables from DB

maatohewetbi
Still I have to check login whether it exist in table. Then I have to compare it to IP address.
Reply | Threaded
Open this post in threaded view
|

Re: Registrar with IP authentication - selecting variables from DB

Razvan Crainea-3
You can do something like this:

avp_db_query("select ip from address where context_info='$fU'", "$avp(ip)");
if ($rc == -2) {
     # not found in db
} else if ($avp(ip) != $si) {
     # reject the call
}

Best regards,

Răzvan Crainea
OpenSIPS Solutions
www.opensips-solutions.com

On 01/13/2017 01:51 PM, maatohewetbi wrote:

> Still I have to check login whether it exist in table. Then I have to compare
> it to IP address.
>
>
>
> --
> View this message in context: http://opensips-open-sip-server.1449251.n2.nabble.com/Registrar-with-IP-authentication-selecting-variables-from-DB-tp7605514p7605554.html
> Sent from the OpenSIPS - Users mailing list archive at Nabble.com.
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Registrar with IP authentication - selecting variables from DB

maatohewetbi
Razvan, that's what I was looking for. I haven't tested it yet but it looks like You made my day! Thanks
Reply | Threaded
Open this post in threaded view
|

Re: Registrar with IP authentication - selecting variables from DB

maatohewetbi
In reply to this post by Razvan Crainea-3
Razvan, I've found that this conditional doesn't work:

if ($rc == -2)
It turned out that $rc variable is never -2, although select query(select ip from address where context_info='$fU'", "$avp(ip)"), doesn't  contain any values. When I checked $rc variable its value was 1, and once it was something like 1842312...so very long digit, but it was never -2. It it possible that this value changes?
Reply | Threaded
Open this post in threaded view
|

Re: Registrar with IP authentication - selecting variables from DB

Razvan Crainea-3
That's weird. How did you check the value and you got 1842312...? I am
asking because that does look like a -2, only converted to an unsigned
representation, (unsigned int)-2 = 18446744073709551614). Or was it -1?
Can you control the data in the database and make sure you don't have
that username when doing the query?

Best regards,

Răzvan Crainea
OpenSIPS Solutions
www.opensips-solutions.com

On 01/17/2017 10:06 AM, maatohewetbi wrote:

> Razvan, I've found that this conditional doesn't work:
>
> if ($rc == -2)
> It turned out that $rc variable is never -2, although select query(select ip
> from address where context_info='$fU'", "$avp(ip)"), doesn't  contain any
> values. When I checked $rc variable its value was 1, and once it was
> something like 1842312...so very long digit, but it was never -2. It it
> possible that this value changes?
>
>
>
> --
> View this message in context: http://opensips-open-sip-server.1449251.n2.nabble.com/Registrar-with-IP-authentication-selecting-variables-from-DB-tp7605514p7605592.html
> Sent from the OpenSIPS - Users mailing list archive at Nabble.com.
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Registrar with IP authentication - selecting variables from DB

maatohewetbi
I've just did it like this:

xlog("$rc");
and on Friday I got
18446744073709551615
so You were right that it was unsigned int. But now if I want to read xlog("$rc") it has 1 value. And my table is empty.
Now I've changed script and it looks:

if ($avp(s:ip) == null ) {
     xlog("no results found in DB");
     xlog("$rc");

and it is ok, and works like it should, because $avp(s:ip) is NULL when there's no records found. But I'm afraid it's not the best solution. What do You think?
Reply | Threaded
Open this post in threaded view
|

Re: Registrar with IP authentication - selecting variables from DB

Razvan Crainea-3
You are probably using an old version of OpenSIPS, that's why you are
not seeing negative return values.

Checking if the IP might still be ok, if your database is consistent and
has an IP for every user. So for now I would go with this solution.

Best regards,

Răzvan Crainea
OpenSIPS Solutions
www.opensips-solutions.com

On 01/17/2017 11:03 AM, maatohewetbi wrote:

> I've just did it like this:
>
> xlog("$rc");
> and on Friday I got
> 18446744073709551615
> so You were right that it was unsigned int. But now if I want to read
> xlog("$rc") it has 1 value. And my table is empty.
> Now I've changed script and it looks:
>
> if ($avp(s:ip) == null ) {
>       xlog("no results found in DB");
>       xlog("$rc");
>
> and it is ok, and works like it should, because $avp(s:ip) is NULL when
> there's no records found. But I'm afraid it's not the best solution. What do
> You think?
>
>
>
> --
> View this message in context: http://opensips-open-sip-server.1449251.n2.nabble.com/Registrar-with-IP-authentication-selecting-variables-from-DB-tp7605514p7605600.html
> Sent from the OpenSIPS - Users mailing list archive at Nabble.com.
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users