From fd95cadca0813ecb841f10d5f744ee3be545b727 Mon Sep 17 00:00:00 2001
From: lazedo <luis.azedo@factorlusitano.com>
Date: Fri, 20 Jan 2017 18:28:12 +0000
Subject: [PATCH] backports to 4.0 (#130)

* do not query kazoo if creds are in cache (#127)

* check invalid returns from auth (#129)
---
 kamailio/registrar-role.cfg | 71 +++++++++++++++++--------------------
 1 file changed, 33 insertions(+), 38 deletions(-)

diff --git a/kamailio/registrar-role.cfg b/kamailio/registrar-role.cfg
index 5623f17..7f53031 100644
--- a/kamailio/registrar-role.cfg
+++ b/kamailio/registrar-role.cfg
@@ -118,9 +118,9 @@ route[ATTEMPT_AUTHORIZATION]
     $xavp(regcfg=>match_received) = $su;
     if($sht(auth_cache=>$Au) != $null && registered("location", "$rz:$Au", 2, 1) == 1 && $(xavp(ulattrs=>custom_channel_vars){s.len}) > 1) {
         $var(password) = $sht(auth_cache=>$Au);
-        route(CHECK_AUTHORIZATION);
+        route(SAVE_LOCATION);
     }
-    
+
     if( is_present_hf("Authorization")) {
         route(KAZOO_AUTHORIZATION);
     }
@@ -168,9 +168,15 @@ route[KAZOO_AUTHORIZATION_OK]
         $sht(auth_cache=>$Au::nonce) = $var(nonce);
     }
     #!endif
-    $xavp(ulattrs=>custom_channel_vars) = $(kzR{kz.json,Custom-Channel-Vars});
-    xlog("L_INFO", "$ci|log|authenticating $Au via Kazoo query response\n");
-    route(CHECK_AUTHORIZATION);
+   if( $(kzR{kz.json,Event-Name}) == "authn_err" ) {
+        auth_challenge("$fd", "0");
+        xlog("L_INFO", "$ci|end|issued auth challenge to registration attempt for $Au $si:$sp\n");
+        exit;
+    } else {
+       $xavp(ulattrs=>custom_channel_vars) = $(kzR{kz.json,Custom-Channel-Vars});
+       xlog("L_INFO", "$ci|log|authenticating $Au via Kazoo query response\n");
+       route(CHECK_AUTHORIZATION);
+    }
 }
 
 route[KAZOO_AUTHORIZATION_ERROR]
@@ -184,30 +190,16 @@ route[KAZOO_AUTHORIZATION_ERROR]
 route[CHECK_AUTHORIZATION]
 {
 
-    #!ifdef OPENBTS_AUTH_ROLE
     if($ua =~ "OpenBTS") {
-        if($var(password) == $null) {
-            openbts_auth_challenge("$fd", "$var(nonce)");
-            xlog("L_INFO", "$ci|end|issued auth challenge to registration attempt for $Au $si:$sp\n");
-            exit;
-        }
-        if (!openbts_auth_check("$fd", "$var(password)")) {
-            #!ifdef ANTIFLOOD_ROLE
-            route(ANITFLOOD_FAILED_AUTH);
-            #!endif
-            openbts_auth_challenge("$fd", "$var(nonce)");
-            xlog("L_INFO", "$ci|end|issued auth challenge to failed registration attempt for $Au $si:$sp\n");
-            exit;
-        }
+            xlog("L_INFO", "$ci|end|OPENBTS attempt for $Au $si:$sp\n");
     } else {
-    #!endif
 
-    if($var(password) == $null) {
+    if($var(password) == $null || $var(password) == "") {
         auth_challenge("$fd", "0");
         xlog("L_INFO", "$ci|end|issued auth challenge to registration attempt for $Au $si:$sp\n");
         exit;
     }
-    
+
     if (!pv_auth_check("$fd", "$var(password)", "0", "0")) {
         #!ifdef ANTIFLOOD_ROLE
         route(ANITFLOOD_FAILED_AUTH);
@@ -218,9 +210,9 @@ route[CHECK_AUTHORIZATION]
         exit;
     }
 
-    #!ifdef OPENBTS_AUTH_ROLE
     }
-    #!endif
+
+
 
 
 
@@ -228,29 +220,32 @@ route[CHECK_AUTHORIZATION]
     route(ANTIFLOOD_SUCCESSFUL_AUTH);
     #!endif
 
-    if ($sht(auth_cache=>$Au) == $null) {
-        xlog("L_INFO", "$ci|log|caching SIP credentials for $Au\n");
-        $sht(auth_cache=>$Au) = $var(password);
-        #!ifdef OPENBTS_AUTH_ROLE
-        if($ua =~ "OpenBTS") {
-           $sht(auth_cache=>$Au::nonce) = $var(nonce);
-        }
-        #!endif
-    }
-
     # user authenticated - remove auth header
     consume_credentials();
+
     route(SAVE_LOCATION);
 }
 
+
 route[SAVE_LOCATION]
 {
+
+    if ($sht(auth_cache=>$Au) == $null) {
+        xlog("L_INFO", "$ci|log|caching sip credentials for $Au\n");
+    };
+    $sht(auth_cache=>$Au) = $var(password);
+    #!ifdef OPENBTS_AUTH_ROLE
+    if($ua =~ "OpenBTS") {
+        $sht(auth_cache=>$Au::nonce) = $var(nonce);
+    }
+    #!endif
+
     $var(save_result) = save("location", "0x04");
     if($var(save_result) == -1) {
         auth_challenge("$fd", "0");
         xlog("L_INFO", "$ci|end|issued auth challenge after failed attempt to save contact for $Au $si:$sp\n");
         exit;
-    } else { 
+    } else {
         if($var(save_result) == 1) {
             $var(new_reg) = "true";
         } else {
@@ -260,7 +255,7 @@ route[SAVE_LOCATION]
 
     if(@contact.expires) {
         $var(expires) = @contact.expires;
-    } else { 
+    } else {
         if(is_present_hf("Expires")) {
            $var(expires) = $hdr(Expires);
         } else {
@@ -290,7 +285,7 @@ route[SAVE_LOCATION]
     kazoo_publish("registrar", $var(amqp_routing_key), $var(amqp_payload_request));
 
     xlog("L_INFO", "$ci|end|successful $(var(Status){s.tolower}) with contact $ct\n");
-    
+
     #!ifdef PUSHER_ROLE
     route(PUSHER_ON_REGISTRATION);
     #!endif
@@ -299,7 +294,7 @@ route[SAVE_LOCATION]
 }
 
 ## kazoo event route , {"directory", "reg_flush")  => reg-flush by kamailio limitations
-## when a Event-Category or Event-Name has a underscore (_) we need to declare it with a dash (-) 
+## when a Event-Category or Event-Name has a underscore (_) we need to declare it with a dash (-)
 event_route[kazoo:consumer-event-directory-reg-flush]
 {
     $var(user) = $(kzE{kz.json,Username}) + "@" + $(kzE{kz.json,Realm});