Browse code

Merge ca887b6dd99d555507828cd43fce63a678600e08 into af926514ac3e70dff51408baf326b29bce4eecfc

Michael Furmur authored on 27/07/2021 13:30:50 • GitHub committed on 27/07/2021 13:30:50
Showing 2 changed files
... ...
@@ -499,6 +499,28 @@ modparam("outbound", "force_no_outbound_flag", 2)
499 499
 		</example>
500 500
 	</section>
501 501
 
502
+	<section>
503
+		<title><varname>flow_token_secret</varname> (string)</title>
504
+		<para>
505
+			Secret phrase used to calculate the outbound key value
506
+			used for flow tokens validation.
507
+			Allows to set persistent outbound key.
508
+		</para>
509
+		<para>
510
+			If not specified, <emphasis>outbound</emphasis> will use randomly generated outbound key
511
+		</para>
512
+		<example>
513
+			<title>
514
+				Set <varname>flow_token_secret</varname> parameter
515
+			</title>
516
+			<programlisting format="linespecific">
517
+...
518
+modparam("outbound", "flow_token_secret", "johndoessecretphrase")
519
+...
520
+			</programlisting>
521
+		</example>
522
+	</section>
523
+
502 524
 	</section>
503 525
 
504 526
 </chapter>
... ...
@@ -25,6 +25,7 @@
25 25
  */
26 26
 #include <openssl/hmac.h>
27 27
 #include <openssl/rand.h>
28
+#include <openssl/sha.h>
28 29
 
29 30
 #include "../../core/basex.h"
30 31
 #include "../../core/dprint.h"
... ...
@@ -52,6 +53,7 @@ static void destroy(void);
52 53
 static unsigned int ob_force_flag = (unsigned int) -1;
53 54
 static unsigned int ob_force_no_flag = (unsigned int) -1;
54 55
 static str ob_key = {0, 0};
56
+static str flow_token_secret = {0, 0};
55 57
 
56 58
 static cmd_export_t cmds[]=
57 59
 {
... ...
@@ -63,8 +65,9 @@ static cmd_export_t cmds[]=
63 65
 
64 66
 static param_export_t params[]=
65 67
 {
66
-	{ "force_outbound_flag",	INT_PARAM, &ob_force_flag },
67
-	{ "force_no_outbound_flag",     INT_PARAM, &ob_force_no_flag },
68
+	{ "force_outbound_flag",    PARAM_INT, &ob_force_flag },
69
+	{ "force_no_outbound_flag", PARAM_INT, &ob_force_no_flag },
70
+	{ "flow_token_secret",      PARAM_STRING, &flow_token_secret},
68 71
 	{ 0, 0, 0 }
69 72
 };
70 73
 
... ...
@@ -102,10 +105,17 @@ static int mod_init(void)
102 105
 		return -1;
103 106
 	}
104 107
 	ob_key.len = OB_KEY_LEN;
105
-	if (RAND_bytes((unsigned char *) ob_key.s, ob_key.len) == 0)
106
-	{
107
-		LM_ERR("unable to get %d cryptographically strong pseudo-"
108
-		       "random bytes\n", ob_key.len);
108
+
109
+	if(flow_token_secret.s) {
110
+		assert(ob_key.len == SHA_DIGEST_LENGTH);
111
+		LM_DBG("flow_token_secret mod param set. use persistent ob_key");
112
+		SHA1(flow_token_secret.s, flow_token_secret.len, ob_key.s);
113
+	} else {
114
+		if (RAND_bytes((unsigned char *) ob_key.s, ob_key.len) == 0)
115
+		{
116
+			LM_ERR("unable to get %d cryptographically strong pseudo-"
117
+			       "random bytes\n", ob_key.len);
118
+		}
109 119
 	}
110 120
 
111 121
 	if (cfg_declare("outbound", outbound_cfg_def, &default_outbound_cfg,