[OpenSIPS-Users] Switch Statement Trouble
Ben Newlin
Ben.Newlin at genesys.com
Tue Sep 3 09:29:36 EDT 2019
Mark,
The logs you provided don’t show the code hitting the case for 1 at all. Have you verified the value of $retcode is what you think it is? You might consider adding it to the log print.
Ben Newlin
From: Users <users-bounces at lists.opensips.org> on behalf of Mark Farmer <farmorg at gmail.com>
Reply-To: OpenSIPS users mailling list <users at lists.opensips.org>
Date: Tuesday, September 3, 2019 at 9:25 AM
To: OpenSIPS users mailling list <users at lists.opensips.org>
Subject: [OpenSIPS-Users] Switch Statement Trouble
Hi everyone, can anyone tell me what's going wrong here please?
I'm having a problem with my switch statement in that $retcode 1 ends up falling into the processing for -1, -2, -3
# If the client is not already authenticated, check the return code and look for multiple failures
www_authorize("", "subscriber");
switch ($retcode)
{
case 0: # false
xlog("CUSTOM_LOG: Client NOT authenticated");
break;
case 1: # true
xlog("CUSTOM_LOG: Client authenticated");
break;
case -3: # stale nonce
case -2: # invalid passwd
case -1: # no such user
xlog("CUSTOM_LOG: Failed Authentication Attempt (Return Code: $retcode) for $ru To: $tu - Checking for Dictionary attack");
# Is the attribute AuthFail_$si present in cache?
if ( cache_fetch("local","AuthFail_$si",$avp(failed_no)) ) {
xlog("CUSTOM_LOG: Failure Attempts for $ru ($fU) is now $avp(failed_no) (Return Code: $retcode)");
# If so, how many failures so far?
if ( $(avp(failed_no){s.int<http://s.int>}) >= $var(max_auth_fail) ) {
xlog("CUSTOM_LOG: SECURITY ALERT: $var(max_auth_fail) failed auth attempts for $fU from $si - Blocking IP Address");
# Looks like bad people - Block the source IP
exec("sudo /sbin/ipset add $var(ipset) $$SIP_SRCIP");
xlog("CUSTOM_LOG: $si added to ipset $var(ipset))");
exit;
}
# If authentication is failing, increment the value of AuthFail_$si by 1
xlog("CUSTOM_LOG: Incrementing AuthFail_$si");
cache_add("local","AuthFail_$si",1,60);
} else {
# If the attribute AuthFail_$si is not present - add it
xlog("CUSTOM_LOG: Adding Cache entry AuthFail_$si");
cache_store("local","AuthFail_$si","1",60);
}
break;
default:
# If non of the above is true, try to authenticate the user
xlog("CUSTOM_LOG: No Subscriber in database for $ru ($fU) - Challenging");
www_challenge("", 0);
}
--------------
From my logs:
CUSTOM_LOG: Failed Authentication Attempt (Return Code: 1) for sip:XXX.XXX.XXX.XXX To: sip:5003 at XXX.XXX.XXX.XXX - Checking for Dictionary attack
CUSTOM_LOG: Failure Attempts for sip:XXX.XXX.XXX.XXX (5003) is now 1 (Return Code: 1)
CUSTOM_LOG: Incrementing AuthFail_XXX.XXX.XXX.XXX
Version info:
version: opensips 3.0.0 (x86_64/linux)
flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, HP_MALLOC, DBG_MALLOC, CC_O0, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, epoll, sigio_rt, select.
git revision: 435890a06
main.c compiled on 13:19:25 Jun 21 2019 with gcc 7
Many thanks
Mark.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20190903/8b73b8bd/attachment-0001.html>
More information about the Users
mailing list