[OpenSIPS-Users] Fw: proxy_authorize("","subscriber") bug ??
Pasan Meemaduma
pasandev at ymail.com
Wed Aug 4 11:05:43 CEST 2010
Hi Bogdan,
I had to setup a test opensips server to try your suggestion as I can't do much
testing on production server.
When I have following in auth route opensips doesn't allow call being routed
properly
if (!allow_trusted()) {
t_newtran();
proxy_authorize("","subscriber");
$var(x) = $retcode;
xlog("L_INFO","------return code after auth is $var(x) \n");
if ($var(x)<0) {
xlog("L_INFO","------var(x) < 0 \n");
if(!lookup("location") ){
xlog("L_INFO","------challenging to $fU \n");
proxy_challenge("","0");
exit;
}
} else if (!check_from()) {
sl_send_reply("403", "Spoofed From-URI detected");
xlog("L_INFO","Spoofed From-URI detected ! from --> $fu -- IP
$si PORT:$sp");
exit;
}
if(is_present_hf("Proxy-Authorization")){
consume_credentials();# Changed on 2010-06-25
}
}
I get the following in the /var/log/messages
ug 4 14:24:01 devserver /usr/sbin/opensips[12766]: INFO:xlog:mod_init:
initializing...
Aug 4 14:24:01 devserver /usr/sbin/opensips[12766]: INFO:textops:hname_fixup:
using hdr type (16) instead of <Proxy-Authorization>
Aug 4 14:24:01 devserver /usr/sbin/opensips[12766]:
INFO:core:probe_max_receive_buffer: using a UDP receive buffer of 255 kb
Aug 4 14:24:10 devserver /usr/sbin/opensips[12768]: ------return code after
auth is -4
Aug 4 14:24:10 devserver /usr/sbin/opensips[12768]: ------var(x) < 0
Aug 4 14:24:10 devserver /usr/sbin/opensips[12768]: ------challenging to 1001
Aug 4 14:24:10 devserver /usr/sbin/opensips[12771]: ------return code after
auth is 1
Aug 4 14:24:18 devserver /usr/sbin/opensips[12771]: ------return code after
auth is 1
Aug 4 14:24:19 devserver /usr/sbin/opensips[12769]: ------return code after
auth is -4
Aug 4 14:24:19 devserver /usr/sbin/opensips[12769]: ------var(x) < 0
Aug 4 14:24:26 devserver /usr/sbin/opensips[12771]: ------return code after
auth is 1
Aug 4 14:24:42 devserver /usr/sbin/opensips[12768]: ------return code after
auth is -3
Aug 4 14:24:42 devserver /usr/sbin/opensips[12768]: ------var(x) < 0
Aug 4 14:24:42 devserver /usr/sbin/opensips[12768]: ------challenging to 1001
-------------------------------------------------
But if I try commenting the t_newtran It route the call successfully.
# t_newtran(); <--- commented
Aug 4 14:23:23 devserver /usr/sbin/opensips[12710]: INFO:textops:mod_init:
initializing...
Aug 4 14:23:23 devserver /usr/sbin/opensips[12710]: INFO:uac:mod_init:
initializing...
Aug 4 14:23:23 devserver /usr/sbin/opensips[12710]: INFO:xlog:mod_init:
initializing...
Aug 4 14:23:23 devserver /usr/sbin/opensips[12710]: INFO:textops:hname_fixup:
using hdr type (16) instead of <Proxy-Authorization>
Aug 4 14:23:23 devserver /usr/sbin/opensips[12710]:
INFO:core:probe_max_receive_buffer: using a UDP receive buffer of 255 kb
Aug 4 14:23:29 devserver /usr/sbin/opensips[12713]: ------return code after
auth is -4
Aug 4 14:23:29 devserver /usr/sbin/opensips[12713]: ------var(x) < 0
Aug 4 14:23:29 devserver /usr/sbin/opensips[12713]: ------challenging to 1001
Aug 4 14:23:29 devserver /usr/sbin/opensips[12715]: ------return code after
auth is 1
Looks like we can't t_newtran() like above. any clue ?
Thanks
________________________________
From: Bogdan-Andrei Iancu <bogdan at voice-system.ro>
To: OpenSIPS users mailling list <users at lists.opensips.org>
Sent: Tuesday, August 3, 2010 3:52:40
Subject: Re: [OpenSIPS-Users] proxy_authorize("","subscriber") bug ??
Hi Pasan
Hard to comment - the t_newtran() has no interferences with the auth
process....
Try to see why the auth fails, by printing the return code:
t_newtran();
proxy_authorize("","subscriber");
$var(x) = $retcode;
xlog("------return code after auth is $var(x) \n");
if ($var(x)<0) {
if(!lookup("location") ){
proxy_challenge("","0");
exit;
}
} else if (!check_from()) {
and let me know the value.
Regards,
Bogdan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20100804/ab7f36ce/attachment-0001.htm
More information about the Users
mailing list