[OpenSIPS-Users] Switch Statement Trouble

Mark Farmer farmorg at gmail.com
Tue Sep 3 09:39:16 EDT 2019 

Hi Ben

I think that's the problem, it should be identifying $retcode 1 at which
point I'd see a log entry "CUSTOM_LOG: Client authenticated" but instead
it's falling into the cases for -1, -2, -3

The 2nd log line shows the return code.

TIA
Mark.



On Tue, 3 Sep 2019 at 14:32, Ben Newlin <Ben.Newlin at genesys.com> wrote:

> Mark,
>
>
>
> The logs you provided don’t show the code hitting the case for 1 at all.
> Have you verified the value of $retcode is what you think it is? You might
> consider adding it to the log print.
>
>
>
> Ben Newlin
>
>
>
> *From: *Users <users-bounces at lists.opensips.org> on behalf of Mark Farmer
> <farmorg at gmail.com>
> *Reply-To: *OpenSIPS users mailling list <users at lists.opensips.org>
> *Date: *Tuesday, September 3, 2019 at 9:25 AM
> *To: *OpenSIPS users mailling list <users at lists.opensips.org>
> *Subject: *[OpenSIPS-Users] Switch Statement Trouble
>
>
>
> Hi everyone, can anyone tell me what's going wrong here please?
>
> I'm having a problem with my switch statement in that  $retcode 1 ends up
> falling into the processing for -1, -2, -3
>
>
>
> # If the client is not already authenticated, check the return code and
> look for multiple failures
>
>                 www_authorize("", "subscriber");
>
>                 switch ($retcode)
>
>                 {
>
>                         case 0: # false
>
>                                 xlog("CUSTOM_LOG: Client NOT
> authenticated");
>
>                                 break;
>
>                         case 1: # true
>
>                                 xlog("CUSTOM_LOG: Client authenticated");
>
>                                 break;
>
>                         case -3: # stale nonce
>
>                         case -2: # invalid passwd
>
>                         case -1: # no such user
>
>                                 xlog("CUSTOM_LOG: Failed Authentication
> Attempt (Return Code: $retcode) for $ru To: $tu - Checking for Dictionary
> attack");
>
>                                 # Is the attribute AuthFail_$si present in
> cache?
>
>                                 if (
> cache_fetch("local","AuthFail_$si",$avp(failed_no)) ) {
>
>                                         xlog("CUSTOM_LOG: Failure Attempts
> for $ru ($fU) is now $avp(failed_no) (Return Code: $retcode)");
>
>                                         # If so, how many failures so far?
>
>                                         if ( $(avp(failed_no){s.int}) >=
> $var(max_auth_fail) ) {
>
>                                                 xlog("CUSTOM_LOG: SECURITY
> ALERT: $var(max_auth_fail) failed auth attempts for $fU from $si - Blocking
> IP Address");
>
>                                                 # Looks like bad people -
> Block the source IP
>
>                                                 exec("sudo /sbin/ipset add
> $var(ipset) $$SIP_SRCIP");
>
>                                                 xlog("CUSTOM_LOG: $si
> added to ipset $var(ipset))");
>
>                                                 exit;
>
>                                         }
>
>                                         # If authentication is failing,
> increment the value of AuthFail_$si by 1
>
>                                         xlog("CUSTOM_LOG: Incrementing
> AuthFail_$si");
>
>
> cache_add("local","AuthFail_$si",1,60);
>
>                                 } else {
>
>                                         # If the attribute AuthFail_$si is
> not present - add it
>
>                                         xlog("CUSTOM_LOG: Adding Cache
> entry AuthFail_$si");
>
>
> cache_store("local","AuthFail_$si","1",60);
>
>                                 }
>
>                                 break;
>
>                         default:
>
>                                 # If non of the above is true, try to
> authenticate the user
>
>                                 xlog("CUSTOM_LOG: No Subscriber in
> database for $ru ($fU) - Challenging");
>
>                                 www_challenge("", 0);
>
>                 }
>
>
>
> --------------
>
>
>
> From my logs:
>
>
>
> CUSTOM_LOG: Failed Authentication Attempt (Return Code: 1) for
> sip:XXX.XXX.XXX.XXX To: sip:5003 at XXX.XXX.XXX.XXX - Checking for
> Dictionary attack
>
> CUSTOM_LOG: Failure Attempts for sip:XXX.XXX.XXX.XXX (5003) is now 1
> (Return Code: 1)
>
> CUSTOM_LOG: Incrementing AuthFail_XXX.XXX.XXX.XXX
>
>
>
> Version info:
>
>
>
> version: opensips 3.0.0 (x86_64/linux)
>
> flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC,
> Q_MALLOC, F_MALLOC, HP_MALLOC, DBG_MALLOC, CC_O0, FAST_LOCK-ADAPTIVE_WAIT
>
> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
> MAX_URI_SIZE 1024, BUF_SIZE 65535
>
> poll method support: poll, epoll, sigio_rt, select.
>
> git revision: 435890a06
>
> main.c compiled on 13:19:25 Jun 21 2019 with gcc 7
>
>
>
> Many thanks
>
> Mark.
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>


-- 
Mark Farmer
farmorg at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20190903/581f5c87/attachment.html>

More information about the Users mailing list