Thank you Daniel. This provides me with some
capability, but I can’t
seem to consume the result in the configuration, I just get lots of
errors. The issue seems to be that the value of the define, passed via
-A doesn’t seem to be processed in anyway.
I’ve had a quick look in the cfg.lex and cfg.y files, but that’s the
first time delving into Flex etc. so I’m not sure I’m following it
correctly.
I’ve tried every combination of encapsulation of the parameters in
single and double quotes I can think of i.e. -A DBURL=“…”, -A
“DBURL=…”, all with the same result.
Variants of the quoting was referring to the value of DBURL, maybe it
was not clear ... Anyhow, I just tried and the next command starts
kamailio with the default config:
./src/kamailio -f etc/kamailio.cfg -A WITH_MYSQL -A WITH_AUTH -A
DBURL='"mysql://kamailio:kamailiorw@localhost/kamailio"' -L
src/modules/
-a no -E -e -ddd
Note that the value for DBURL is enclosed first in between ' ' and then
inside are " ".
Cheers,
Daniel
I also tried #!subst "/DB_URL/DBURL/g” but that doesn’t seem to expand
out the DBURL define.
In short, I’m stumped… Any further thoughts would be truly
appreciated. I’ve put a few error details in the mail below. I’m
feeling that I may need to resort to changing the behaviour of the
subst directive to meet my needs (more likely, add substvar,
substfromfile or some such).
Any further thoughts would be truly welcome, otherwise I think I’m
going to have to dig out my dusty K&R book and roll my sleeves up…
Sincere thanks in advance for any ideas.
Cheers - Robert...
-------------------------------------------------------------------------------------------------------------------------
In the configuration file, I have failures for example on:
modparam("htable", "db_url", DBURL)
when launched with the -A results in:
0(7) DEBUG: <core> [core/cfg.lex:1838]: pp_define_get(): ### returning
define ID [DBURL] value [oracle://username:password@/DB]
0(7) CRITICAL: <core> [core/cfg.y:3431]: yyerror_at(): parse error in
config file /usr/local/etc/kamailio/kamailio.cfg, line 97, column
30-35: syntax error
0(7) CRITICAL: <core> [core/cfg.y:3431]: yyerror_at(): parse error in
config file /usr/local/etc/kamailio/kamailio.cfg, line 97, column
30-35: Invalid arguments
0(7) CRITICAL: <core> [core/cfg.y:3434]: yyerror_at(): parse error in
config file /usr/local/etc/kamailio/kamailio.cfg, line 97, column 36:
ERROR: bad config file (3 errors)
I’ve tried with #!subst but it seems that pre-processor directive
doesn’t expand out defines, so:
#!subst "/DB_URL/DBURL/g”
modparam("htable", "db_url", DB_URL)
just results in:
0(7) INFO: <core> [core/ppcfg.c:82]: pp_subst_add(): ### added subst
expression: /DB_URL/DBURL/g
0(7) DEBUG: <core> [core/re.c:436]: subst_run(): running. r=1
0(7) DEBUG: <core> [core/re.c:504]: subst_str(): no match
0(7) DEBUG: <core> [core/re.c:436]: subst_run(): running. r=1
0(7) DEBUG: <core> [core/re.c:504]: subst_str(): no match
0(7) DEBUG: <core> [core/re.c:436]: subst_run(): running. r=1
0(7) DEBUG: <core> [core/re.c:504]: subst_str(): no match
0(7) DEBUG: <core> [core/re.c:436]: subst_run(): running. r=1
0(7) DEBUG: <core> [core/re.c:504]: subst_str(): no match
0(7) DEBUG: <core> [core/re.c:436]: subst_run(): running. r=1
0(7) DEBUG: <core> [core/re.c:504]: subst_str(): no match
0(7) DEBUG: <core> [core/re.c:436]: subst_run(): running. r=1
0(7) DEBUG: <core> [core/re.c:504]: subst_str(): no match
0(7) CRITICAL: <core> [core/cfg.y:3431]: yyerror_at(): parse error in
config file /usr/local/etc/kamailio/kamailio.cfg, line 97, column
30-35: syntax error
0(7) CRITICAL: <core> [core/cfg.y:3431]: yyerror_at(): parse error in
config file /usr/local/etc/kamailio/kamailio.cfg, line 97, column
30-35: Invalid arguments
0(7) CRITICAL: <core> [core/cfg.y:3434]: yyerror_at(): parse error in
config file /usr/local/etc/kamailio/kamailio.cfg, line 97, column 36:
ERROR: bad config file (3 errors)
On 15 Nov 2017, at 07:46, Daniel-Constantin
Mierla <miconda(a)gmail.com
<mailto:miconda@gmail.com>> wrote:
Hello,
On 14.11.17 14:25, Robert wrote:
Hello,
I’m working for a UK high street bank and our Kamailio
implementation has been challenged because we’ve got database
passwords held in clear in the configuration file.
I am unable to find any examples of where this has been worked
around, there doesn’t seem to be any module or configuration means
of supplying a variable in the modparam() entry that is expanded a
startup. The security tutorials only seem to relate to the SIP level
of security, not Kamailio as a platform.
My requirement is simple, I need to be able to supply a password via
means such as loading a variable from a run-once script at start up,
or a module. The ideal would be to be able to read in a Docker secret :)
I am by no means a Kamailio expert, so apologies in advance if this
is a mindblowingly basic thing to achieve, but I do feel I’ve
exhausted the Kamailio documentation, wiki etc. and all the goodness
Google usually has to offer and drawn a blank.
Sincere thanks in advance for any assistance.
you can define a for a token to be used inside kamailio.cfg by using -A
command line parameter. So when you start kamailio, fetch the password
from your secure system by what so ever meaning, then build the database
url based on it and run kamailio with:
kamailio - A DBURL='mysql://user:passwd@dbhost/kamailio' ...
You may need to enclose in double quotes inside the single quotes, I am
not sure at this moment, but sometime she shell 'eats' a pair of quotes,
so just try with it if first fails ...
Cheers,
Daniel
--
Daniel-Constantin Mierla
www.twitter.com/miconda
<http://www.twitter.com/miconda> --
www.linkedin.com/in/miconda
<http://www.linkedin.com/in/miconda>
Kamailio Advanced Training, Nov 13-15, 2017, in Berlin
-
www.asipto.com <http://www.asipto.com/>
Kamailio World Conference -
www.kamailioworld.com
<http://www.kamailioworld.com/>