diff --git a/kamailio/db_scripts/check-kazoodb-sql.sh b/kamailio/db_scripts/check-kazoodb-sql.sh index 959be75..0937e3b 100755 --- a/kamailio/db_scripts/check-kazoodb-sql.sh +++ b/kamailio/db_scripts/check-kazoodb-sql.sh @@ -39,3 +39,7 @@ if [ -f ${DB_SCRIPT_DIR}/db_extra_check.sql ]; then . ${DB_SCRIPT_DIR}/db_extra_check.sql --source-only do_db_extra_check; fi + +for INIT in `ls ${DB_SCRIPT_DIR}/db_init_*.sql`; do + KazooDB -db ${DB_CURRENT_DB} < $INIT +done diff --git a/kamailio/db_scripts/db_extra_check.sql b/kamailio/db_scripts/db_extra_check.sql index 157d7bf..df1b7c8 100644 --- a/kamailio/db_scripts/db_extra_check.sql +++ b/kamailio/db_scripts/db_extra_check.sql @@ -1,6 +1,9 @@ do_db_extra_check() { +# warm cache +KazooDB -db ${DB_CURRENT_DB} "create table if not exists auth_cache as select * from htable;" + # location KazooDB -db ${DB_CURRENT_DB} "delete from location where socket not like 'udp:%';" KazooDB -db ${DB_CURRENT_DB} "delete from location where expires > 0 and datetime(expires) < datetime('now', '-30 seconds');" diff --git a/kamailio/registrar-role.cfg b/kamailio/registrar-role.cfg index 9b0e3a0..7708655 100644 --- a/kamailio/registrar-role.cfg +++ b/kamailio/registrar-role.cfg @@ -27,9 +27,18 @@ #!trydef REGISTRAR_CHECK_AMQP_AVAILABILITY 1 #!trydef KZ_REGISTRAR_KEEPALIVE_UDP_ONLY 0 #!trydef REGISTRAR_AMQP_EXCHANGE callmgr +#!trydef REGISTRAR_AMQP_FLAGS 0 +#!trydef REGISTRAR_AMQP_RK_PREFIX authn.req. +#!trydef REGISTRAR_SEND_100 1 + +#!ifdef REGISTRAR_WARM_CACHE +#!substdef "!REGISTRAR_S_WARM_CACHE!dbtable=auth_cache;dbmode=1;!g" +#!else +#!substdef "!REGISTRAR_S_WARM_CACHE!!g" +#!endif ######## Generic Hash Table container in shared memory ######## -modparam("htable", "htable", "auth_cache=>size=16;autoexpire=7200;") +modparam("htable", "htable", "auth_cache=>size=16;autoexpire=7200;REGISTRAR_S_WARM_CACHE") ####### Authentication Interface module ########## loadmodule "auth.so" @@ -94,6 +103,7 @@ kazoo.registrar_failover = REGISTRAR_FORCE_FAILOVER descr "force failover if 1" kazoo.registrar_force_query = REGISTRAR_FORCE_QUERY descr "force query if 1" kazoo.registrar_check_amqp_availability = REGISTRAR_CHECK_AMQP_AVAILABILITY descr "checks if amqp connection is available before querying registrar" kazoo.registrar_keepalive_udp_only = KZ_REGISTRAR_KEEPALIVE_UDP_ONLY descr "should we keepalive nat phones for udp only" +kazoo.registrar_send_100 = REGISTRAR_SEND_100 descr "should we send 100 reply while doing directory search" ####### Registrar Logic ######## @@ -153,9 +163,9 @@ route[HANDLE_REGISTER] drop; } - if($sel(cfg_get.kazoo.registrar_check_amqp_availability) == 1) { + if($sel(cfg_get.kazoo.registrar_check_amqp_availability) == 1) { if($xavp(amqpc=>default::MY_AMQP_ZONE) == 0) { - xlog("L_INFO", "$ci|log|register|no amqp connection available for default worker in zone MY_AMQP_ZONE\n"); + xlog("L_WARNING", "$ci|end|register|no amqp connection available for default worker in zone MY_AMQP_ZONE\n"); t_drop(); } } @@ -178,13 +188,17 @@ route[HANDLE_REGISTER] exit; } - sl_send_reply("100", "checking your credentials"); + if($sel(cfg_get.kazoo.registrar_send_100) == 1) { + sl_send_reply("100", "checking your credentials"); + } + $var(amqp_payload_request) = $_s({"Event-Category" : "directory" , "Event-Name" : "authn_req", "Method" : "REGISTER", "Auth-Nonce" : "$adn", "Auth-Realm" : "$fd", "Auth-User" : "$fU", "From" : "$fu", "To" : "$tu", "Orig-IP" : "$si", "Orig-Port" : "$sp", "User-Agent" : "$(ua{s.escape.common}{s.replace,\','}{s.replace,$$,})", "Contact" : "$(ct{s.escape.common}{s.replace,\','}{s.replace,$$,})", "Call-ID" : "$ci" }); - $var(amqp_routing_key) = "authn.req." + $(fd{kz.encode}); + $var(amqp_routing_key) = $_s($def(REGISTRAR_AMQP_RK_PREFIX)$(fd{kz.encode})); $avp(kz_timeout) = $sel(cfg_get.kazoo.registrar_query_timeout_ms); $xavp(deltas=>query) = $(TV(Sn){s.replace,.,}); - if(kazoo_async_query("$def(REGISTRAR_AMQP_EXCHANGE)", $var(amqp_routing_key), $var(amqp_payload_request), "KZ_AUTHORIZATION_REPLY", "KZ_AUTHORIZATION_TIMEOUT") != 1) { + xlog("L_DEBUG", "$ci|amqp|publishing to $def(REGISTRAR_AMQP_EXCHANGE) => $var(amqp_routing_key) : $def(REGISTRAR_AMQP_FLAGS) : $var(amqp_payload_request)\n"); + if(kazoo_async_query("$def(REGISTRAR_AMQP_EXCHANGE)", $var(amqp_routing_key), $var(amqp_payload_request), "KZ_AUTHORIZATION_REPLY", "KZ_AUTHORIZATION_TIMEOUT", "$def(REGISTRAR_AMQP_FLAGS)") != 1) { xlog("L_INFO", "$ci|log|failed to send registrar query for authentication credentials for $Au $si:$sp\n"); t_drop(); } @@ -192,7 +206,11 @@ route[HANDLE_REGISTER] failure_route[KZ_AUTHORIZATION_TIMEOUT] { - xlog("L_INFO", "$ci|end|failed $T_reply_code querying directory for authentication credentials for $Au $si:$sp\n"); + if($(kzR{kz.json,Event-Name}) == "message_returned" ) { + xlog("L_WARNING", "$ci|amqp|message was returned by broker $(kzR{kz.json,Error-Code}) $(kzR{kz.json,Error-Reason})\n"); + } else { + xlog("L_WARNING", "$ci|end|failed $T_reply_code $T_reply_reason querying directory for authentication credentials for $Au $si:$sp\n"); + } t_drop(); } @@ -205,15 +223,18 @@ onreply_route[KZ_AUTHORIZATION_REPLY] $var(password) = $(kzR{kz.json,Auth-Password}); $var(nonce) = $adn; if( $(kzR{kz.json,Event-Name}) == "authn_err" ) { - #!ifdef ANTIFLOOD_ROLE - route(ANITFLOOD_FAILED_AUTH); - #!endif - auth_challenge("$fd", "5"); - xlog("L_INFO", "$ci|end|challenging $Au $si:$sp via $(kzR{kz.json,App-Name})-$(kzR{kz.json,App-Version}) response\n"); - exit; - } else { + #!ifdef ANTIFLOOD_ROLE + route(ANITFLOOD_FAILED_AUTH); + #!endif + auth_challenge("$fd", "5"); + xlog("L_INFO", "$ci|end|challenging $Au $si:$sp via $(kzR{kz.json,App-Name})-$(kzR{kz.json,App-Version}) response\n"); + exit; + } else if( $(kzR{kz.json,Event-Name}) == "authn_resp" ) { xlog("L_INFO", "$ci|log|authenticating $Au via $(kzR{kz.json,App-Name})-$(kzR{kz.json,App-Version}) response\n"); route(CHECK_AUTHORIZATION); + } else { + xlog("L_INFO", "$ci|log|unhandle response from directory $Au via $(kzR{kz.json,App-Name})-$(kzR{kz.json,App-Version})\n"); + t_drop(); } }