@@ -75,12 +75,19 @@ route[AUTHORIZATION_CHECK]
7575{
7676 route(KZ_AUTHORIZATION_SETUP);
7777 routes(AUTHORIZATION_CHECK);
78-
79- if (isflagset(FLAG_REGISTERED_ENDPOINT)) {
80- route(AUTHORIZATION_SET_AUTHZ);
78+ if(isflagset(FLAG_REGISTERED_ENDPOINT)) {
79+ route(AUTHORIZATION_SETUP_AUTHZ);
8180 }
8281}
8382
83+
84+ route[AUTHORIZATION_SETUP_AUTHZ]
85+ {
86+ $xavp(authz =>token) = $xavp(ulattrs =>token);
87+ $xavp(authz[0]=>endpoint_id) = $(xavp(ulattrs =>token){re.subst,/(.*)@(.*)/\1/});
88+ $xavp(authz[0]=>account_id) = $(xavp(ulattrs =>token){re.subst,/(.*)@(.*)/\2/});
89+ }
90+
8491route[AUTHORIZATION_CHECK_TRUSTED]
8592{
8693 if (isflagset(FLAG_AUTHORIZED)) return;
@@ -92,13 +99,6 @@ route[AUTHORIZATION_CHECK_TRUSTED]
9299 }
93100}
94101
95- route[AUTHORIZATION_SET_AUTHZ]
96- {
97- $xavp(authz =>token) = $xavp(ulattrs =>token);
98- $xavp(authz[0]=>endpoint_id) = $(xavp(ulattrs =>token){re.subst,/(.*)@(.*)/\1/});
99- $xavp(authz[0]=>account_id) = $(xavp(ulattrs =>token){re.subst,/(.*)@(.*)/\2/});
100- }
101-
102102route[HANDLE_AUTHORIZATION_KAZOO]
103103{
104104 $var(amqp_payload_request) = $_s({" Event-Category" " directory" " Event-Name" " authn_req" " Method" " $avp(auth-method)" " Auth-Nonce" " $adn" " Auth-Realm" " $avp(auth-domain)" " Auth-User" " $avp(auth-user)" " From" " $fu" " To" " $tu" " Orig-IP" " $si" " Orig-Port" " $sp" " User-Agent" " $avp(auth-ua)" " Contact" " $avp(auth-contact)" " Call-ID" " $ci" ;
@@ -152,25 +152,9 @@ onreply_route[KZ_AUTHORIZATION_CHECK_REPLY]
152152
153153route[KZ_AUTHORIZATION_CHECK_RESPONSE]
154154{
155- $var(retcode) = pv_auth_check(" $avp(auth-domain)" " $vn(password)" " 0" " 0" ;
156- if ($var(retcode) != 1) {
157- xlog(" L_WARNING" " end - auth failed $var(retcode)\n" ;
158- routes(KZ_AUTHORIZATION_FAILED_AUTH);
159- switch($var(retcode)) {
160- case -4:
161- case -5:
162- case -6:
163- xlog(" L_INFO" " end - auth check failed due to nonce or missing creds, challenging\n" ;
164- auth_challenge(" $avp(auth-domain)" " 1" ;
165- exit;
166- break;
167- default:
168- send_reply(" 403" " Forbidden" ;
169- exit;
170- }
171- }
155+ route_if_exists($_s(KZ_AUTHORIZATION_CHECK_RESPONSE_$(kzR{kz.json,Auth-Method}{s.toupper})));
172156
173- xlog(" L_INFO" " $(rm{s.tolower}) was authorized by kazoo via amqp\n" ;
157+ xlog(" L_INFO" " $(rm{s.tolower}) was authorized with $(kzR{kz.json,Auth-Method}) by kazoo via amqp\n" ;
174158 setflag(FLAG_REQUEST_AUTHORIZED_BY_KAZOO);
175159
176160 consume_credentials();
@@ -183,7 +167,6 @@ route[KZ_AUTHORIZATION_CHECK_RESPONSE]
183167 $xavp(hf[0]=>X-AUTH-Token) = $xavp(authz =>token);
184168
185169 setflag(FLAG_AUTHORIZED);
186- # treat req as if it was from a reg'd endpoint despite absent location record
187170 setflag(FLAG_REGISTERED_ENDPOINT);
188171
189172 # flag that contact alias needs to be added for subscribe
@@ -200,6 +183,28 @@ route[KZ_AUTHORIZATION_CHECK_RESPONSE]
200183 exit;
201184}
202185
186+ route[KZ_AUTHORIZATION_CHECK_RESPONSE_PASSWORD]
187+ {
188+ $var(retcode) = pv_auth_check(" $avp(auth-domain)" " $vn(password)" " 0" " 0" ;
189+ if ($var(retcode) != 1) {
190+ xlog(" L_WARNING" " end - auth failed $var(retcode)\n" ;
191+ routes(KZ_AUTHORIZATION_FAILED_AUTH);
192+ switch($var(retcode)) {
193+ case -4:
194+ case -5:
195+ case -6:
196+ xlog(" L_INFO" " end - auth check failed due to nonce or missing creds, challenging\n" ;
197+ auth_challenge(" $avp(auth-domain)" " 1" ;
198+ exit;
199+ break;
200+ default:
201+ send_reply(" 403" " Forbidden" ;
202+ exit;
203+ }
204+ }
205+
206+ }
207+
203208route[HANDLE_AUTHORIZATION]
204209{
205210
0 commit comments