Kamailio Registration problem: failed to autenticate for a while when password is changed
coa
I´m going to describe the issue:
First I register with a desire password for an specific SIP device... Once do it the password was stored in Kamailio hash table (auth_cache).
Then I changed the password and tried to register again with the new one but ... I can´t do it: I received an Unauthorized SIP message from Kamailio.
What´s going on? I think the problem is: Kamailio is trying to authenticate with sip cached credentials stored in memory (hash table).
In my opinion, the route ATTEMPT_AUTHORIZATION created in Kamailio registrar-role.cfg file is wrong because the authentication process stops when found and (old) cached password in memory.
This is a wasted time until cached credentials expires.I think the process should continue trying to authenticate via Kazoo query.
(The actual route authenticate via Kazoo query response only if the cached value is null... in other words if it doesn´t exist in cache)
So...I´ve resolved the issue replacing the route [ATTEMPT_AUTHORIZATION] by the following code:
route[ATTEMPT_AUTHORIZATION]
{
xlog("L_INFO", "$ci|log|STARTING ROUTE ATTEMPT_AUTHORIZATION BY MARIANO MARTIN");
if ($sht(auth_cache=>$Au) != $null) {
xlog("L_INFO", "$ci|log|authenticating $fu via cached SIP creds");
$var(password) = $sht(auth_cache=>$Au);
}
if (!pv_auth_check("$fd", "$var(password)", "0", "0")) {
$var(amqp_payload_request) = "{'Event-Category' : 'directory' , 'Event-Name' : 'authn_req', 'Method' : 'REGISTER', 'Auth-Realm' : '" + $fd + "', 'Auth-User' : '" + $fU + "', 'From' : '" + $fu + "', 'To' : '" + $tu +"' }";
$var(amqp_routing_key) = "authn.req." + $(fd{kz.encode});
if(kazoo_query("callmgr", $var(amqp_routing_key), $var(amqp_payload_request))) {
$var(password) = $(kzR{kz.json,Auth-Password});
xlog("L_INFO", "$ci|log|authenticating $Au via Kazoo query response");
} else {
xlog("L_INFO", "$ci|log|failed to query Kazoo for authentication credentials for $Au $si:$sp");
}
if (!pv_auth_check("$fd", "$var(password)", "0", "0")) {
#!ifdef ANTIFLOOD-ROLE
route(ANITFLOOD_FAILED_AUTH);
#!endif
auth_challenge("$fd", "0");
xlog("L_INFO", "$ci|end|issued auth challenge to failed registration attempt for $Au $si:$sp");
exit;
}
xlog("L_INFO", "$ci|log|caching SIP credentials for $Au");
$sht(auth_cache=>$Au) = $var(password);
}
#!ifdef ANTIFLOOD-ROLE
route(ANTIFLOOD_SUCCESSFUL_AUTH);
#!endif
# user authenticated - remove auth header
consume_credentials();
save("location");
....
...
..
For more information... version are:
kazoo-R15B-3.19-52.el6.x86_64
kazoo-configs-3.19-19.el6.noarch
Luis Azedo
--
You received this message because you are subscribed to the Google Groups "2600hz-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to 2600hz-dev+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.