[sr-dev] git:master:cc32abd9: outbound: add flow_token_secret param
Daniel-Constantin Mierla
miconda at gmail.com
Tue Jul 27 15:54:38 CEST 2021
Module: kamailio
Branch: master
Commit: cc32abd91888f3978708eddc88c4409ef5a6b122
URL: https://github.com/kamailio/kamailio/commit/cc32abd91888f3978708eddc88c4409ef5a6b122
Author: Michael Furmur <m.furmur at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2021-07-27T15:54:34+02:00
outbound: add flow_token_secret param
- calculate ob_key as SHA1(flow_token_secret) if specified
- keep old behavior with randomly generated ob_key if not specified
---
Modified: src/modules/outbound/doc/outbound_admin.xml
Modified: src/modules/outbound/outbound_mod.c
---
Diff: https://github.com/kamailio/kamailio/commit/cc32abd91888f3978708eddc88c4409ef5a6b122.diff
Patch: https://github.com/kamailio/kamailio/commit/cc32abd91888f3978708eddc88c4409ef5a6b122.patch
---
diff --git a/src/modules/outbound/doc/outbound_admin.xml b/src/modules/outbound/doc/outbound_admin.xml
index 7418cecfd9..0fe4e278b2 100644
--- a/src/modules/outbound/doc/outbound_admin.xml
+++ b/src/modules/outbound/doc/outbound_admin.xml
@@ -499,6 +499,28 @@ modparam("outbound", "force_no_outbound_flag", 2)
</example>
</section>
+ <section>
+ <title><varname>flow_token_secret</varname> (string)</title>
+ <para>
+ Secret phrase used to calculate the outbound key value
+ used for flow tokens validation.
+ Allows to set persistent outbound key.
+ </para>
+ <para>
+ If not specified, <emphasis>outbound</emphasis> will use randomly generated outbound key
+ </para>
+ <example>
+ <title>
+ Set <varname>flow_token_secret</varname> parameter
+ </title>
+ <programlisting format="linespecific">
+...
+modparam("outbound", "flow_token_secret", "johndoessecretphrase")
+...
+ </programlisting>
+ </example>
+ </section>
+
</section>
</chapter>
diff --git a/src/modules/outbound/outbound_mod.c b/src/modules/outbound/outbound_mod.c
index 82d18a3eca..ada7062454 100644
--- a/src/modules/outbound/outbound_mod.c
+++ b/src/modules/outbound/outbound_mod.c
@@ -25,6 +25,7 @@
*/
#include <openssl/hmac.h>
#include <openssl/rand.h>
+#include <openssl/sha.h>
#include "../../core/basex.h"
#include "../../core/dprint.h"
@@ -52,6 +53,7 @@ static void destroy(void);
static unsigned int ob_force_flag = (unsigned int) -1;
static unsigned int ob_force_no_flag = (unsigned int) -1;
static str ob_key = {0, 0};
+static str flow_token_secret = {0, 0};
static cmd_export_t cmds[]=
{
@@ -63,8 +65,9 @@ static cmd_export_t cmds[]=
static param_export_t params[]=
{
- { "force_outbound_flag", INT_PARAM, &ob_force_flag },
- { "force_no_outbound_flag", INT_PARAM, &ob_force_no_flag },
+ { "force_outbound_flag", PARAM_INT, &ob_force_flag },
+ { "force_no_outbound_flag", PARAM_INT, &ob_force_no_flag },
+ { "flow_token_secret", PARAM_STRING, &flow_token_secret},
{ 0, 0, 0 }
};
@@ -102,10 +105,17 @@ static int mod_init(void)
return -1;
}
ob_key.len = OB_KEY_LEN;
- if (RAND_bytes((unsigned char *) ob_key.s, ob_key.len) == 0)
- {
- LM_ERR("unable to get %d cryptographically strong pseudo-"
- "random bytes\n", ob_key.len);
+
+ if(flow_token_secret.s) {
+ assert(ob_key.len == SHA_DIGEST_LENGTH);
+ LM_DBG("flow_token_secret mod param set. use persistent ob_key");
+ SHA1(flow_token_secret.s, flow_token_secret.len, ob_key.s);
+ } else {
+ if (RAND_bytes((unsigned char *) ob_key.s, ob_key.len) == 0)
+ {
+ LM_ERR("unable to get %d cryptographically strong pseudo-"
+ "random bytes\n", ob_key.len);
+ }
}
if (cfg_declare("outbound", outbound_cfg_def, &default_outbound_cfg,
More information about the sr-dev
mailing list