Hi everyone, can anyone tell me what's going wrong here please? I'm having a problem with my switch statement in that $retcode 1 ends up falling into the processing for -1, -2, -3
# If the client is not already authenticated, check the return code and look for multiple failures www_authorize("", "subscriber"); switch ($retcode) { case 0: # false xlog("CUSTOM_LOG: Client NOT authenticated"); break; case 1: # true xlog("CUSTOM_LOG: Client authenticated"); break; case -3: # stale nonce case -2: # invalid passwd case -1: # no such user xlog("CUSTOM_LOG: Failed Authentication Attempt (Return Code: $retcode) for $ru To: $tu - Checking for Dictionary attack"); # Is the attribute AuthFail_$si present in cache? if ( cache_fetch("local","AuthFail_$si",$avp(failed_no)) ) { xlog("CUSTOM_LOG: Failure Attempts for $ru ($fU) is now $avp(failed_no) (Return Code: $retcode)"); # If so, how many failures so far? if ( $(avp(failed_no){s.int}) >= $var(max_auth_fail) ) { xlog("CUSTOM_LOG: SECURITY ALERT: $var(max_auth_fail) failed auth attempts for $fU from $si - Blocking IP Address"); # Looks like bad people - Block the source IP exec("sudo /sbin/ipset add $var(ipset) $$SIP_SRCIP"); xlog("CUSTOM_LOG: $si added to ipset $var(ipset))"); exit; } # If authentication is failing, increment the value of AuthFail_$si by 1 xlog("CUSTOM_LOG: Incrementing AuthFail_$si"); cache_add("local","AuthFail_$si",1,60); } else { # If the attribute AuthFail_$si is not present - add it xlog("CUSTOM_LOG: Adding Cache entry AuthFail_$si"); cache_store("local","AuthFail_$si","1",60); } break; default: # If non of the above is true, try to authenticate the user xlog("CUSTOM_LOG: No Subscriber in database for $ru ($fU) - Challenging"); www_challenge("", 0); } -------------- >From my logs: CUSTOM_LOG: Failed Authentication Attempt (Return Code: 1) for sip:XXX.XXX.XXX.XXX To: sip:5...@xxx.xxx.xxx.xxx - Checking for Dictionary attack CUSTOM_LOG: Failure Attempts for sip:XXX.XXX.XXX.XXX (5003) is now 1 (Return Code: 1) CUSTOM_LOG: Incrementing AuthFail_XXX.XXX.XXX.XXX Version info: version: opensips 3.0.0 (x86_64/linux) flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, HP_MALLOC, DBG_MALLOC, CC_O0, FAST_LOCK-ADAPTIVE_WAIT ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535 poll method support: poll, epoll, sigio_rt, select. git revision: 435890a06 main.c compiled on 13:19:25 Jun 21 2019 with gcc 7 Many thanks Mark.
_______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users