fix the check on authz response

checking for true/false on the return of functions is not the same as assign the return value to a variable and do the same question. kamailio uses handles the return of function values as follows - = 0 drop the message - < 0 false - > 0 true 'if (!somefuntion())' is equivalent to 'if(somefuntion() < 0)' and is not equivalent to 'if(somefuntion() == 0)' 'if (somefuntion())' is equivalent to 'if(somefuntion() > 0)' and is not equivalent to 'if(somefuntion() != 0)' !$var(something) => is the variable != 0 which will never be true if the value was assigned from the return of a function (cherry picked from commit b41dd06)
2600hz · Jun 29, 2023 · 84ab396 · 84ab396
1 parent 549873a
commit 84ab396
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 7 deletions.
diff --git a/kamailio/authorization.cfg b/kamailio/authorization.cfg
@@ -122,7 +122,7 @@ onreply_route[KZ_AUTHORIZATION_CHECK_REPLY]
     $var(delta_to_start) = $var(StartRoute) - $(kzR{kz.json,AMQP-Received});
     $var(delta_from_query) = $(kzR{kz.json,AMQP-Received}) - $xavp(deltas=>query);
     xlog("L_INFO", "received $(kzR{kz.json,Event-Category}) $(kzR{kz.json,Event-Name}) reply from $(kzR{kz.json,App-Name})-$(kzR{kz.json,App-Version}) (Δ1 $(kzR{kz.json,AMQP-Elapsed-Micro}) μs , Δ2 $var(delta_to_start) μs, Δ3 $var(delta_from_query) μs)\n");
-    $var(password) = $(kzR{kz.json,Auth-Password});
+    $vn(password) = $(kzR{kz.json,Auth-Password});
     if( $(kzR{kz.json,Event-Name}) == "authn_err" ) {
         update_stat("auth:authn_err", "+1");
         t_reply("403", "Forbidden");
@@ -140,10 +140,10 @@ onreply_route[KZ_AUTHORIZATION_CHECK_REPLY]
 
 route[KZ_AUTHORIZATION_CHECK_RESPONSE]
 {
-    $var(retcode) = pv_auth_check("$avp(auth-domain)", "$var(password)", "0", "0");
-
-    if (!$var(retcode)) {
-        xlog("L_WARNING", "end - auth failed $var(retcode)\n$mbu\n");
+    $var(retcode) = pv_auth_check("$avp(auth-domain)", "$vn(password)", "0", "0");
+    if ($var(retcode) != 1) {
+        xlog("L_WARNING", "end - auth failed $var(retcode)\n");
+        routes(KZ_AUTHORIZATION_FAILED_AUTH);
         switch($var(retcode)) {
             case -4:
             case -5:
@@ -153,7 +153,6 @@ route[KZ_AUTHORIZATION_CHECK_RESPONSE]
                 exit;
                 break;
             default:
-                routes(KZ_AUTHORIZATION_FAILED_AUTH);
                 send_reply("403", "Forbidden");
                 exit;
         }

diff --git a/kamailio/registrar-role.cfg b/kamailio/registrar-role.cfg
@@ -341,7 +341,6 @@ route[CHECK_AUTHORIZATION]
 {
     if (!pv_auth_check("$avp(auth-domain)", "$vn(password)", "0", "0")) {
         routes(KZ_AUTHORIZATION_FAILED_AUTH);
-
         xlog("L_WARNING", "end - issuing auth challenge to failed registration attempt for $avp(auth-uri) from IP $si:$sp\n");
         update_stat("registrar:challenge", "+1");
         auth_challenge("$avp(auth-domain)", "5");