[OpenSIPS-Users] Fw: proxy_authorize("","subscriber") bug ??

Bogdan-Andrei Iancu bogdan at voice-system.ro
Wed Aug 4 19:14:53 CEST 2010 

Hi Pasan,

please enable full logging (set debug=6)  and make a log capture for the 
whole registration process - like first REGISTER, challenge, second 
REGISTER...

Because in the first set of logs, I see that -3 is returned, which is 
"stale nonce" - see 
http://www.opensips.org/html/docs/modules/1.6.x/auth_db.html#id228268

Regards,
Bogdan

Pasan Meemaduma wrote:
> Hi Bogdan,
>
> I had to setup a test opensips server to try your suggestion as I 
> can't do much testing on production server.
>
> When I have following in auth route opensips doesn't allow call being 
> routed properly
>
>
>     if (!allow_trusted()) {
>         t_newtran();
>         proxy_authorize("","subscriber");
>
>         $var(x) = $retcode;
>         xlog("L_INFO","------return code after auth is $var(x) \n");
>         if ($var(x)<0) {
>                 xlog("L_INFO","------var(x) < 0 \n");
>
>             if(!lookup("location") ){
>                 xlog("L_INFO","------challenging to $fU \n");
>                 proxy_challenge("","0");
>                 exit;
>             }
>         } else if (!check_from()) {
>             sl_send_reply("403", "Spoofed From-URI detected");
>                 xlog("L_INFO","Spoofed From-URI detected ! from --> 
> $fu -- IP $si PORT:$sp");
>             exit;
>         }
>         if(is_present_hf("Proxy-Authorization")){
>             consume_credentials();# Changed on 2010-06-25
>         }
>     }
>
> I get the following in the /var/log/messages
>
> ug  4 14:24:01 devserver /usr/sbin/opensips[12766]: 
> INFO:xlog:mod_init: initializing...
> Aug  4 14:24:01 devserver /usr/sbin/opensips[12766]: 
> INFO:textops:hname_fixup: using hdr type (16) instead of 
> <Proxy-Authorization>
> Aug  4 14:24:01 devserver /usr/sbin/opensips[12766]: 
> INFO:core:probe_max_receive_buffer: using a UDP receive buffer of 255 kb
> Aug  4 14:24:10 devserver /usr/sbin/opensips[12768]: ------return code 
> after auth is -4
> Aug  4 14:24:10 devserver /usr/sbin/opensips[12768]: ------var(x) < 0
> Aug  4 14:24:10 devserver /usr/sbin/opensips[12768]: ------challenging 
> to 1001
> Aug  4 14:24:10 devserver /usr/sbin/opensips[12771]: ------return code 
> after auth is 1
> Aug  4 14:24:18 devserver /usr/sbin/opensips[12771]: ------return code 
> after auth is 1
> Aug  4 14:24:19 devserver /usr/sbin/opensips[12769]: ------return code 
> after auth is -4
> Aug  4 14:24:19 devserver /usr/sbin/opensips[12769]: ------var(x) < 0
> Aug  4 14:24:26 devserver /usr/sbin/opensips[12771]: ------return code 
> after auth is 1
> Aug  4 14:24:42 devserver /usr/sbin/opensips[12768]: ------return code 
> after auth is -3
> Aug  4 14:24:42 devserver /usr/sbin/opensips[12768]: ------var(x) < 0
> Aug  4 14:24:42 devserver /usr/sbin/opensips[12768]: ------challenging 
> to 1001
>
> -------------------------------------------------
>
>
> But if I try commenting the t_newtran It route the call successfully.
>
>           # t_newtran();          <--- commented
>   
>
> Aug  4 14:23:23 devserver /usr/sbin/opensips[12710]: 
> INFO:textops:mod_init: initializing...
> Aug  4 14:23:23 devserver /usr/sbin/opensips[12710]: 
> INFO:uac:mod_init: initializing...
> Aug  4 14:23:23 devserver /usr/sbin/opensips[12710]: 
> INFO:xlog:mod_init: initializing...
> Aug  4 14:23:23 devserver /usr/sbin/opensips[12710]: 
> INFO:textops:hname_fixup: using hdr type (16) instead of 
> <Proxy-Authorization>
> Aug  4 14:23:23 devserver /usr/sbin/opensips[12710]: 
> INFO:core:probe_max_receive_buffer: using a UDP receive buffer of 255 kb
> Aug  4 14:23:29 devserver /usr/sbin/opensips[12713]: ------return code 
> after auth is -4
> Aug  4 14:23:29 devserver /usr/sbin/opensips[12713]: ------var(x) < 0
> Aug  4 14:23:29 devserver /usr/sbin/opensips[12713]: ------challenging 
> to 1001
> Aug  4 14:23:29 devserver /usr/sbin/opensips[12715]: ------return code 
> after auth is 1
>
>
> Looks like we can't t_newtran() like above. any clue ?
>
> Thanks
>  
>
>
> ------------------------------------------------------------------------
> *From:* Bogdan-Andrei Iancu <bogdan at voice-system.ro>
> *To:* OpenSIPS users mailling list <users at lists.opensips.org>
> *Sent:* Tuesday, August 3, 2010 3:52:40
> *Subject:* Re: [OpenSIPS-Users] proxy_authorize("","subscriber") bug ??
>
> Hi Pasan
>
> Hard to comment - the t_newtran() has no interferences with the auth
> process....
>
> Try to see why the auth fails, by printing the return code:
>
>         t_newtran();
>         proxy_authorize("","subscriber");
>       $var(x) = $retcode;
>       xlog("------return code after auth is $var(x) \n");
>       if ($var(x)<0) {
>             if(!lookup("location") ){
>               proxy_challenge("","0");
>                 exit;
>             }
>         } else if (!check_from()) {
>
> and let me know the value.
>
> Regards,
> Bogdan
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>   


-- 
Bogdan-Andrei Iancu
OpenSIPS Bootcamp
20 - 24 September 2010, Frankfurt, Germany
www.voice-system.ro

More information about the Users mailing list