Browse code

tls: kemi function KSR.tls.cget(aname)

- get connection/certificates attributes by providing a corresponding
tls pv name

Daniel-Constantin Mierla authored on 18/12/2020 08:17:43
Showing 3 changed files
... ...
@@ -546,6 +546,14 @@ static int w_is_peer_verified(struct sip_msg* msg, char* foo, char* foo2)
546 546
 	return ki_is_peer_verified(msg);
547 547
 }
548 548
 
549
+/**
550
+ *
551
+ */
552
+static sr_kemi_xval_t* ki_tls_cget(sip_msg_t *msg, str *aname)
553
+{
554
+	return ki_tls_cget_attr(msg, aname);
555
+}
556
+
549 557
 /**
550 558
  *
551 559
  */
... ...
@@ -556,6 +564,11 @@ static sr_kemi_t sr_kemi_tls_exports[] = {
556 564
 		{ SR_KEMIP_NONE, SR_KEMIP_NONE, SR_KEMIP_NONE,
557 565
 			SR_KEMIP_NONE, SR_KEMIP_NONE, SR_KEMIP_NONE }
558 566
 	},
567
+	{ str_init("tls"), str_init("cget"),
568
+		SR_KEMIP_XVAL, ki_tls_cget,
569
+		{ SR_KEMIP_STR, SR_KEMIP_NONE, SR_KEMIP_NONE,
570
+			SR_KEMIP_NONE, SR_KEMIP_NONE, SR_KEMIP_NONE }
571
+	},
559 572
 
560 573
 	{ {0, 0}, {0, 0}, 0, NULL, { 0, 0, 0, 0, 0, 0 } }
561 574
 };
... ...
@@ -1404,7 +1404,7 @@ pv_export_t tls_pv[] = {
1404 1404
 	{{"tls_my_serial", sizeof("tls_my_serial")-1},
1405 1405
 		PVT_OTHER, pv_sn,0,
1406 1406
 		0, 0, pv_init_iname, PV_CERT_LOCAL },
1407
-	/* certificate parameters for peer and local, for subject and issuer*/	
1407
+	/* certificate parameters for peer and local, for subject and issuer*/
1408 1408
 	{{"tls_peer_subject", sizeof("tls_peer_subject")-1},
1409 1409
 		PVT_OTHER, pv_comp, 0,
1410 1410
 		0, 0, pv_init_iname, PV_CERT_PEER  | PV_CERT_SUBJECT },
... ...
@@ -1496,7 +1496,7 @@ pv_export_t tls_pv[] = {
1496 1496
 	{{"tls_my_subject_uid", sizeof("tls_my_subject_uid")-1},
1497 1497
 		PVT_OTHER, pv_comp, 0,
1498 1498
 		0, 0, pv_init_iname, PV_CERT_LOCAL | PV_CERT_SUBJECT | PV_COMP_UID },
1499
-	/* subject alternative name parameters for peer and local */	
1499
+	/* subject alternative name parameters for peer and local */
1500 1500
 	{{"tls_peer_san_email", sizeof("tls_peer_san_email")-1},
1501 1501
 		PVT_OTHER, pv_alt, 0,
1502 1502
 		0, 0, pv_init_iname, PV_CERT_PEER  | PV_COMP_E },
... ...
@@ -1521,7 +1521,7 @@ pv_export_t tls_pv[] = {
1521 1521
 	{{"tls_my_san_ip", sizeof("tls_my_san_ip")-1},
1522 1522
 		PVT_OTHER, pv_alt, 0,
1523 1523
 		0, 0, pv_init_iname, PV_CERT_LOCAL | PV_COMP_IP },
1524
-	/* peer certificate validation parameters */		
1524
+	/* peer certificate validation parameters */
1525 1525
 	{{"tls_peer_verified", sizeof("tls_peer_verified")-1},
1526 1526
 		PVT_OTHER, pv_check_cert, 0,
1527 1527
 		0, 0, pv_init_iname, PV_CERT_VERIFIED },
... ...
@@ -1540,11 +1540,71 @@ pv_export_t tls_pv[] = {
1540 1540
 	{{"tls_peer_notAfter", sizeof("tls_peer_notAfter")-1},
1541 1541
 		PVT_OTHER, pv_validity, 0,
1542 1542
 		0, 0, pv_init_iname, PV_CERT_NOTAFTER },
1543
-	/* peer certificate validation parameters */		
1543
+	/* peer certificate validation parameters */
1544 1544
 	{{"tls_peer_server_name", sizeof("tls_peer_server_name")-1},
1545 1545
 		PVT_OTHER, pv_tlsext_sn, 0,
1546 1546
 		0, 0, pv_init_iname, PV_TLSEXT_SNI },
1547 1547
 
1548 1548
 	{ {0, 0}, 0, 0, 0, 0, 0, 0, 0 }
1549 1549
 
1550
-}; 
1550
+};
1551
+
1552
+
1553
+/**
1554
+ *
1555
+ */
1556
+static sr_kemi_xval_t _ksr_kemi_tls_xval = {0};
1557
+
1558
+
1559
+/**
1560
+ *
1561
+ */
1562
+sr_kemi_xval_t* ki_tls_cget_attr(sip_msg_t* msg, str *aname)
1563
+{
1564
+	pv_param_t param;
1565
+	pv_value_t value;
1566
+	int i;
1567
+
1568
+	memset(&_ksr_kemi_tls_xval, 0, sizeof(sr_kemi_xval_t));
1569
+	for(i=0; tls_pv[i].name.s != NULL; i++) {
1570
+		if((tls_pv[i].name.len == aname->len)
1571
+				&& strncmp(tls_pv[i].name.s, aname->s, aname->len) == 0) {
1572
+			break;
1573
+		}
1574
+	}
1575
+	if(tls_pv[i].name.s==NULL) {
1576
+		LM_WARN("unknown attribute: %.*s\n", aname->len, aname->s);
1577
+		sr_kemi_xval_null(&_ksr_kemi_tls_xval, SR_KEMI_XVAL_NULL_EMPTY);
1578
+		return &_ksr_kemi_tls_xval;
1579
+	}
1580
+	if(tls_pv[i].parse_name!=NULL || tls_pv[i].parse_index!=NULL) {
1581
+		LM_WARN("unsupported attribute: %.*s\n", aname->len, aname->s);
1582
+		sr_kemi_xval_null(&_ksr_kemi_tls_xval, SR_KEMI_XVAL_NULL_EMPTY);
1583
+		return &_ksr_kemi_tls_xval;
1584
+	}
1585
+	memset(&param, 0, sizeof(pv_param_t));
1586
+	memset(&value, 0, sizeof(pv_value_t));
1587
+
1588
+	if(tls_pv[i].getf(msg, &param, &value) != 0) {
1589
+		sr_kemi_xval_null(&_ksr_kemi_tls_xval, SR_KEMI_XVAL_NULL_EMPTY);
1590
+		return &_ksr_kemi_tls_xval;
1591
+	}
1592
+	if(value.flags & PV_VAL_NULL) {
1593
+		sr_kemi_xval_null(&_ksr_kemi_tls_xval, SR_KEMI_XVAL_NULL_EMPTY);
1594
+		return &_ksr_kemi_tls_xval;
1595
+	}
1596
+	if(value.flags & PV_TYPE_INT) {
1597
+		_ksr_kemi_tls_xval.vtype = SR_KEMIP_INT;
1598
+		_ksr_kemi_tls_xval.v.n = value.ri;
1599
+		return &_ksr_kemi_tls_xval;
1600
+	}
1601
+	if(value.flags & PV_VAL_STR) {
1602
+		_ksr_kemi_tls_xval.vtype = SR_KEMIP_STR;
1603
+		_ksr_kemi_tls_xval.v.s = value.rs;
1604
+		return &_ksr_kemi_tls_xval;
1605
+	}
1606
+
1607
+	LM_WARN("unsupported value for attribute: %.*s\n", aname->len, aname->s);
1608
+	sr_kemi_xval_null(&_ksr_kemi_tls_xval, SR_KEMI_XVAL_NULL_EMPTY);
1609
+	return &_ksr_kemi_tls_xval;
1610
+}
... ...
@@ -38,6 +38,7 @@
38 38
 
39 39
 #include "../../core/select.h"
40 40
 #include "../../core/pvar.h"
41
+#include "../../core/kemi.h"
41 42
 #include "../../core/tcp_conn.h"
42 43
 
43 44
 extern select_row_t tls_sel[];
... ...
@@ -46,4 +47,6 @@ extern pv_export_t tls_pv[];
46 47
 
47 48
 void tls_set_pv_con(struct tcp_connection *c);
48 49
 
50
+sr_kemi_xval_t* ki_tls_cget_attr(sip_msg_t* msg, str *aname);
51
+
49 52
 #endif /* _TLS_SELECT_H */