ruhnet
/
kazoo-configs-kamailio
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 183 Wiki Activity
Browse Source

less restrictive auth

4.3
lazedo 7 years ago
committed by Luis Azedo
parent
fcc2d0904a
commit
4ef8835ce1
1 changed files with 11 additions and 15 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +11
    -15
      kamailio/registrar-role.cfg

+ 11
- 15
kamailio/registrar-role.cfg View File

@ -49,10 +49,6 @@ modparam("htable", "htable", "auth_cache=>size=16;autoexpire=7200;REGISTRAR_S_WA
####### Authentication Interface module ########## ####### Authentication Interface module ##########
loadmodule "auth.so" loadmodule "auth.so"
modparam("auth", "auth_checks_register", 11)
modparam("auth", "qop", "auth")
modparam("auth", "nonce_expire", 90)
####### User Location Implementation module ########## ####### User Location Implementation module ##########
loadmodule "usrloc.so" loadmodule "usrloc.so"
@ -198,7 +194,7 @@ route[HANDLE_REGISTER]
route(ANITFLOOD_FAILED_AUTH); route(ANITFLOOD_FAILED_AUTH);
#!endif #!endif
update_stat("registrar:challenge", "+1"); update_stat("registrar:challenge", "+1");
auth_challenge("$fd", "5");
auth_challenge("$fd", "4");
exit; exit;
} else if($sht(auth_cache=>$Au) != $null) { } else if($sht(auth_cache=>$Au) != $null) {
$xavp(regcfg=>match_received) = $su; $xavp(regcfg=>match_received) = $su;
@ -220,17 +216,11 @@ route[HANDLE_REGISTER]
drop; drop;
} }
if (!t_newtran()) {
xlog("L_ERROR", "$ci|log|failed to create transaction to query for authentication credentials for $Au $si:$sp\n");
update_stat("registrar:new_tran", "+1");
drop;
}
if($sel(cfg_get.kazoo.registrar_check_amqp_availability) == 1) { if($sel(cfg_get.kazoo.registrar_check_amqp_availability) == 1) {
if($xavp(amqpc=>default::MY_AMQP_ZONE) == 0) { if($xavp(amqpc=>default::MY_AMQP_ZONE) == 0) {
xlog("L_WARNING", "$ci|end|register|no amqp connection available for default worker in zone MY_AMQP_ZONE\n"); xlog("L_WARNING", "$ci|end|register|no amqp connection available for default worker in zone MY_AMQP_ZONE\n");
update_stat("registrar:amqp_not_available", "+1"); update_stat("registrar:amqp_not_available", "+1");
t_drop();
drop;
} }
} }
@ -239,15 +229,21 @@ route[HANDLE_REGISTER]
$var(auth) = pv_auth_check("$fd", "$uuid(g)", "0", "0"); $var(auth) = pv_auth_check("$fd", "$uuid(g)", "0", "0");
if($var(auth) != -2) { if($var(auth) != -2) {
xlog("L_INFO", "$ci|end|challenging $Au $si:$sp\n"); xlog("L_INFO", "$ci|end|challenging $Au $si:$sp\n");
$var(auth) = auth_challenge("$fd", "21");
$var(auth) = auth_challenge("$fd", "4");
update_stat("registrar:challenge", "+1"); update_stat("registrar:challenge", "+1");
if($var(auth) != 1) { if($var(auth) != 1) {
xlog("L_ERROR", "$ci|register|error creating or sending challenge to registration attempt for $fu from $si:$sp\n"); xlog("L_ERROR", "$ci|register|error creating or sending challenge to registration attempt for $fu from $si:$sp\n");
t_drop();
drop;
} }
exit; exit;
} }
if (!t_newtran()) {
xlog("L_ERROR", "$ci|log|failed to create transaction to query for authentication credentials for $Au $si:$sp\n");
update_stat("registrar:new_tran", "+1");
drop;
}
if($sel(cfg_get.kazoo.registrar_send_100) == 1) { if($sel(cfg_get.kazoo.registrar_send_100) == 1) {
sl_send_reply("100", "checking your credentials"); sl_send_reply("100", "checking your credentials");
} }
@ -295,7 +291,7 @@ onreply_route[KZ_AUTHORIZATION_REPLY]
route(ANITFLOOD_FAILED_AUTH); route(ANITFLOOD_FAILED_AUTH);
#!endif #!endif
update_stat("registrar:challenge", "+1"); update_stat("registrar:challenge", "+1");
auth_challenge("$fd", "5");
auth_challenge("$fd", "4");
xlog("L_INFO", "$ci|end|challenging $Au $si:$sp via $(kzR{kz.json,App-Name})-$(kzR{kz.json,App-Version}) response\n"); xlog("L_INFO", "$ci|end|challenging $Au $si:$sp via $(kzR{kz.json,App-Name})-$(kzR{kz.json,App-Version}) response\n");
exit; exit;
} else if( $(kzR{kz.json,Event-Name}) == "authn_resp" ) { } else if( $(kzR{kz.json,Event-Name}) == "authn_resp" ) {


Write Preview
Loading…
Cancel
Save