[OpenSIPS-Users] Switch Statement Trouble

Mark Farmer farmorg at gmail.com
Tue Sep 3 10:01:59 EDT 2019 

Thanks Liviu

Looks like that was the issue, $retcode was always 1, presumably due to the
if statement.

using $var(rc) seems to have resolved it :)

Thanks again
Mark.


On Tue, 3 Sep 2019 at 14:39, Mark Farmer <farmorg at gmail.com> wrote:

> Hi Ben
>
> I think that's the problem, it should be identifying $retcode 1 at which
> point I'd see a log entry "CUSTOM_LOG: Client authenticated" but instead
> it's falling into the cases for -1, -2, -3
>
> The 2nd log line shows the return code.
>
> TIA
> Mark.
>
>
>
> On Tue, 3 Sep 2019 at 14:32, Ben Newlin <Ben.Newlin at genesys.com> wrote:
>
>> Mark,
>>
>>
>>
>> The logs you provided don’t show the code hitting the case for 1 at all.
>> Have you verified the value of $retcode is what you think it is? You might
>> consider adding it to the log print.
>>
>>
>>
>> Ben Newlin
>>
>>
>>
>> *From: *Users <users-bounces at lists.opensips.org> on behalf of Mark
>> Farmer <farmorg at gmail.com>
>> *Reply-To: *OpenSIPS users mailling list <users at lists.opensips.org>
>> *Date: *Tuesday, September 3, 2019 at 9:25 AM
>> *To: *OpenSIPS users mailling list <users at lists.opensips.org>
>> *Subject: *[OpenSIPS-Users] Switch Statement Trouble
>>
>>
>>
>> Hi everyone, can anyone tell me what's going wrong here please?
>>
>> I'm having a problem with my switch statement in that  $retcode 1 ends up
>> falling into the processing for -1, -2, -3
>>
>>
>>
>> # If the client is not already authenticated, check the return code and
>> look for multiple failures
>>
>>                 www_authorize("", "subscriber");
>>
>>                 switch ($retcode)
>>
>>                 {
>>
>>                         case 0: # false
>>
>>                                 xlog("CUSTOM_LOG: Client NOT
>> authenticated");
>>
>>                                 break;
>>
>>                         case 1: # true
>>
>>                                 xlog("CUSTOM_LOG: Client authenticated");
>>
>>                                 break;
>>
>>                         case -3: # stale nonce
>>
>>                         case -2: # invalid passwd
>>
>>                         case -1: # no such user
>>
>>                                 xlog("CUSTOM_LOG: Failed Authentication
>> Attempt (Return Code: $retcode) for $ru To: $tu - Checking for Dictionary
>> attack");
>>
>>                                 # Is the attribute AuthFail_$si present
>> in cache?
>>
>>                                 if (
>> cache_fetch("local","AuthFail_$si",$avp(failed_no)) ) {
>>
>>                                         xlog("CUSTOM_LOG: Failure
>> Attempts for $ru ($fU) is now $avp(failed_no) (Return Code: $retcode)");
>>
>>                                         # If so, how many failures so far?
>>
>>                                         if ( $(avp(failed_no){s.int}) >=
>> $var(max_auth_fail) ) {
>>
>>                                                 xlog("CUSTOM_LOG:
>> SECURITY ALERT: $var(max_auth_fail) failed auth attempts for $fU from $si -
>> Blocking IP Address");
>>
>>                                                 # Looks like bad people -
>> Block the source IP
>>
>>                                                 exec("sudo /sbin/ipset
>> add $var(ipset) $$SIP_SRCIP");
>>
>>                                                 xlog("CUSTOM_LOG: $si
>> added to ipset $var(ipset))");
>>
>>                                                 exit;
>>
>>                                         }
>>
>>                                         # If authentication is failing,
>> increment the value of AuthFail_$si by 1
>>
>>                                         xlog("CUSTOM_LOG: Incrementing
>> AuthFail_$si");
>>
>>
>> cache_add("local","AuthFail_$si",1,60);
>>
>>                                 } else {
>>
>>                                         # If the attribute AuthFail_$si
>> is not present - add it
>>
>>                                         xlog("CUSTOM_LOG: Adding Cache
>> entry AuthFail_$si");
>>
>>
>> cache_store("local","AuthFail_$si","1",60);
>>
>>                                 }
>>
>>                                 break;
>>
>>                         default:
>>
>>                                 # If non of the above is true, try to
>> authenticate the user
>>
>>                                 xlog("CUSTOM_LOG: No Subscriber in
>> database for $ru ($fU) - Challenging");
>>
>>                                 www_challenge("", 0);
>>
>>                 }
>>
>>
>>
>> --------------
>>
>>
>>
>> From my logs:
>>
>>
>>
>> CUSTOM_LOG: Failed Authentication Attempt (Return Code: 1) for
>> sip:XXX.XXX.XXX.XXX To: sip:5003 at XXX.XXX.XXX.XXX - Checking for
>> Dictionary attack
>>
>> CUSTOM_LOG: Failure Attempts for sip:XXX.XXX.XXX.XXX (5003) is now 1
>> (Return Code: 1)
>>
>> CUSTOM_LOG: Incrementing AuthFail_XXX.XXX.XXX.XXX
>>
>>
>>
>> Version info:
>>
>>
>>
>> version: opensips 3.0.0 (x86_64/linux)
>>
>> flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC,
>> Q_MALLOC, F_MALLOC, HP_MALLOC, DBG_MALLOC, CC_O0, FAST_LOCK-ADAPTIVE_WAIT
>>
>> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
>> MAX_URI_SIZE 1024, BUF_SIZE 65535
>>
>> poll method support: poll, epoll, sigio_rt, select.
>>
>> git revision: 435890a06
>>
>> main.c compiled on 13:19:25 Jun 21 2019 with gcc 7
>>
>>
>>
>> Many thanks
>>
>> Mark.
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>
>
> --
> Mark Farmer
> farmorg at gmail.com
>


-- 
Mark Farmer
farmorg at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20190903/221e66b7/attachment-0001.html>

More information about the Users mailing list