Browse code

tls: added tls_set_connect_server_id(srvid) function

- set the server id of the tls profile to be used by next client
connect, being reset after use
- alternative to use of xavp to specify server id for client profile for
the cases when xavps are no longer available (e.g., after
event_route[tm:local-request])

Daniel-Constantin Mierla authored on 31/03/2021 13:44:41
Showing 3 changed files
... ...
@@ -40,6 +40,7 @@
40 40
 #include "../../core/rpc_lookup.h"
41 41
 #include "../../core/cfg/cfg.h"
42 42
 #include "../../core/dprint.h"
43
+#include "../../core/mod_fix.h"
43 44
 #include "../../core/kemi.h"
44 45
 #include "tls_init.h"
45 46
 #include "tls_server.h"
... ...
@@ -80,6 +81,7 @@ static int mod_child(int rank);
80 81
 static void destroy(void);
81 82
 
82 83
 static int w_is_peer_verified(struct sip_msg* msg, char* p1, char* p2);
84
+static int w_tls_set_connect_server_id(sip_msg_t* msg, char* psrvid, char* p2);
83 85
 
84 86
 int ksr_rand_engine_param(modparam_t type, void* val);
85 87
 
... ...
@@ -199,6 +201,8 @@ int sr_tls_renegotiation = 0;
199 201
 static cmd_export_t cmds[] = {
200 202
 	{"is_peer_verified", (cmd_function)w_is_peer_verified,   0, 0, 0,
201 203
 			REQUEST_ROUTE},
204
+	{"tls_set_connect_server_id", (cmd_function)w_tls_set_connect_server_id,
205
+		1, fixup_spve_null, fixup_free_spve_null, ANY_ROUTE},
202 206
 	{0,0,0,0,0,0}
203 207
 };
204 208
 
... ...
@@ -550,6 +554,27 @@ static int w_is_peer_verified(struct sip_msg* msg, char* foo, char* foo2)
550 554
 	return ki_is_peer_verified(msg);
551 555
 }
552 556
 
557
+static int ki_tls_set_connect_server_id(sip_msg_t* msg, str* srvid)
558
+{
559
+	if(ksr_tls_set_connect_server_id(srvid)<0) {
560
+		return -1;
561
+	}
562
+
563
+	return 1;
564
+}
565
+
566
+static int w_tls_set_connect_server_id(sip_msg_t* msg, char* psrvid, char* p2)
567
+{
568
+	str ssrvid = STR_NULL;
569
+
570
+	if(fixup_get_svalue(msg, (gparam_t*)psrvid, &ssrvid)<0) {
571
+		LM_ERR("failed to get server id parameter\n");
572
+		return -1;
573
+	}
574
+
575
+	return ki_tls_set_connect_server_id(msg, &ssrvid);
576
+}
577
+
553 578
 /**
554 579
  *
555 580
  */
... ...
@@ -568,6 +593,11 @@ static sr_kemi_t sr_kemi_tls_exports[] = {
568 593
 		{ SR_KEMIP_NONE, SR_KEMIP_NONE, SR_KEMIP_NONE,
569 594
 			SR_KEMIP_NONE, SR_KEMIP_NONE, SR_KEMIP_NONE }
570 595
 	},
596
+	{ str_init("tls"), str_init("set_connect_server_id"),
597
+		SR_KEMIP_INT, ki_tls_set_connect_server_id,
598
+		{ SR_KEMIP_STR, SR_KEMIP_NONE, SR_KEMIP_NONE,
599
+			SR_KEMIP_NONE, SR_KEMIP_NONE, SR_KEMIP_NONE }
600
+	},
571 601
 	{ str_init("tls"), str_init("cget"),
572 602
 		SR_KEMIP_XVAL, ki_tls_cget,
573 603
 		{ SR_KEMIP_STR, SR_KEMIP_NONE, SR_KEMIP_NONE,
... ...
@@ -132,14 +132,59 @@ int tls_run_event_routes(struct tcp_connection *c);
132 132
 
133 133
 extern str sr_tls_xavp_cfg;
134 134
 
135
+static str _ksr_tls_connect_server_id = STR_NULL;
136
+
137
+int ksr_tls_set_connect_server_id(str *srvid)
138
+{
139
+	if(srvid==NULL || srvid->len<=0) {
140
+		if(_ksr_tls_connect_server_id.s) {
141
+			pkg_free(_ksr_tls_connect_server_id.s);
142
+		}
143
+		_ksr_tls_connect_server_id.s = NULL;
144
+		_ksr_tls_connect_server_id.len = 0;
145
+		return 0;
146
+	}
147
+
148
+	if(_ksr_tls_connect_server_id.len>=srvid->len) {
149
+		memcpy(_ksr_tls_connect_server_id.s, srvid->s, srvid->len);
150
+		_ksr_tls_connect_server_id.len = srvid->len;
151
+		return 0;
152
+	}
153
+
154
+	if(_ksr_tls_connect_server_id.s) {
155
+		pkg_free(_ksr_tls_connect_server_id.s);
156
+	}
157
+	_ksr_tls_connect_server_id.len = 0;
158
+
159
+	_ksr_tls_connect_server_id.s = (char*)pkg_mallocxz(srvid->len + 1);
160
+	if(_ksr_tls_connect_server_id.s==NULL) {
161
+		PKG_MEM_ERROR;
162
+		return -1;
163
+	}
164
+
165
+	memcpy(_ksr_tls_connect_server_id.s, srvid->s, srvid->len);
166
+	_ksr_tls_connect_server_id.len = srvid->len;
167
+
168
+	return 0;
169
+}
170
+
135 171
 static str *tls_get_connect_server_id(void)
136 172
 {
137 173
 	sr_xavp_t *vavp = NULL;
138 174
 	str sid = {"server_id", 9};
139
-	if(sr_tls_xavp_cfg.s!=NULL)
175
+
176
+	if(sr_tls_xavp_cfg.s!=NULL) {
140 177
 		vavp = xavp_get_child_with_sval(&sr_tls_xavp_cfg, &sid);
178
+	}
141 179
 	if(vavp==NULL || vavp->val.v.s.len<=0) {
142 180
 		LM_DBG("xavp with outbound server id not found\n");
181
+		if(_ksr_tls_connect_server_id.len>0) {
182
+			LM_DBG("found global outbound server id: %.*s\n",
183
+					_ksr_tls_connect_server_id.len,
184
+					_ksr_tls_connect_server_id.s);
185
+			return &_ksr_tls_connect_server_id;
186
+		}
187
+		LM_DBG("outbound server id not set\n");
143 188
 		return NULL;
144 189
 	}
145 190
 	LM_DBG("found xavp with outbound server id: %s\n", vavp->val.v.s.s);
... ...
@@ -218,6 +263,7 @@ static int tls_complete_init(struct tcp_connection* c)
218 263
 		srvid = tls_get_connect_server_id();
219 264
 		dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI,
220 265
 						&c->rcv.dst_ip, c->rcv.dst_port, sname, srvid);
266
+		ksr_tls_set_connect_server_id(NULL);
221 267
 	}
222 268
 	if (unlikely(c->state<0)) {
223 269
 		BUG("Invalid connection (state %d)\n", c->state);
... ...
@@ -96,4 +96,6 @@ int tls_connect(struct tcp_connection *c, int* error);
96 96
 int tls_accept(struct tcp_connection *c, int* error);
97 97
 
98 98
 void tls_lookup_event_routes(void);
99
+int ksr_tls_set_connect_server_id(str *srvid);
100
+
99 101
 #endif /* _TLS_SERVER_H */