sr-dev January 2015

sr-dev@lists.kamailio.org

38 participants
530 discussions

Passed: linuxmaniac/kamailio#14 (vseva/dialplan_avp_list - 902507f)

by Travis CI

Build Update for linuxmaniac/kamailio ------------------------------------- Build: #14 Status: Passed Duration: 5 minutes and 49 seconds Commit: 902507f (vseva/dialplan_avp_list) Author: Victor Seva Message: dialplan: using $(avp("key")[*]) on match rules, WIP View the changeset: https://github.com/linuxmaniac/kamailio/compare/bde57b53386e^...902507f46611 View the full build log and details: https://travis-ci.org/linuxmaniac/kamailio/builds/45702751 -- You can configure recipients for build notifications in your .travis.yml file. See http://docs.travis-ci.com/user/notifications

9 years, 10 months

Re: [sr-dev] [kamailio] dialplan: using $(avp("key")[*]) on match/subst rules (#5)

by Victor Seva

WIP at https://github.com/linuxmaniac/kamailio/tree/vseva/dialplan_avp_list --- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/5#issuecomment-68547397

9 years, 10 months

git:4.2:11dc171a: kazoo : fork process with tcp option

by Luis Azedo

Module: kamailio Branch: 4.2 Commit: 11dc171ae98212bb22321e03f3c10e15b6017a80 URL: https://github.com/kamailio/kamailio/commit/11dc171ae98212bb22321e03f3c10e1… Author: lazedo <luis.azedo(a)factorlusitano.com> Committer: Luis Azedo <luis(a)2600hz.com> Date: 2014-12-28T12:32:24Z kazoo : fork process with tcp option --- Modified: modules/kazoo/kazoo.c --- Diff: https://github.com/kamailio/kamailio/commit/11dc171ae98212bb22321e03f3c10e1… Patch: https://github.com/kamailio/kamailio/commit/11dc171ae98212bb22321e03f3c10e1… --- diff --git a/modules/kazoo/kazoo.c b/modules/kazoo/kazoo.c index 2f96e8a..466919d 100644 --- a/modules/kazoo/kazoo.c +++ b/modules/kazoo/kazoo.c @@ -276,7 +276,7 @@ static int mod_child_init(int rank) if (rank==PROC_MAIN) { - pid=fork_process(1, "AMQP Manager", 0); + pid=fork_process(1, "AMQP Manager", 1); if (pid<0) return -1; /* error */ if(pid==0){ @@ -284,7 +284,7 @@ static int mod_child_init(int rank) } else { for(i=0; i < dbk_consumer_processes; i++) { - pid=fork_process(i+2, "AMQP Consumer", 0); + pid=fork_process(i+2, "AMQP Consumer", 1); if (pid<0) return -1; /* error */ if(pid==0){

9 years, 10 months

git:master:497777e0: presence: more verbose debug message when failing to delete item from memory

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: 497777e042166e441767101db05c85ad69c13722 URL: https://github.com/kamailio/kamailio/commit/497777e042166e441767101db05c85a… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2015-01-02T13:41:44+01:00 presence: more verbose debug message when failing to delete item from memory - re-ordered comparison expression to check first lengths --- Modified: modules/presence/hash.c Modified: modules/presence/subscribe.c --- Diff: https://github.com/kamailio/kamailio/commit/497777e042166e441767101db05c85a… Patch: https://github.com/kamailio/kamailio/commit/497777e042166e441767101db05c85a… --- diff --git a/modules/presence/hash.c b/modules/presence/hash.c index ed1a188..4c6f181 100644 --- a/modules/presence/hash.c +++ b/modules/presence/hash.c @@ -287,12 +287,12 @@ int delete_shtable(shtable_t htable,unsigned int hash_code,subs_t* subs) while(s) { - if(s->callid.len==subs->callid.len && - strncmp(s->callid.s, subs->callid.s, subs->callid.len)==0 && - s->to_tag.len== subs->to_tag.len && - strncmp(s->to_tag.s, subs->to_tag.s, subs->to_tag.len)==0 && - s->from_tag.len== subs->from_tag.len && - strncmp(s->from_tag.s, subs->from_tag.s, subs->from_tag.len)== 0) + if(s->callid.len==subs->callid.len + && s->to_tag.len==subs->to_tag.len + && s->from_tag.len==subs->from_tag.len + && strncmp(s->callid.s,subs->callid.s,subs->callid.len)==0 + && strncmp(s->to_tag.s,subs->to_tag.s,subs->to_tag.len)==0 + && strncmp(s->from_tag.s,subs->from_tag.s,subs->from_tag.len)==0) { found= s->local_cseq +1; ps->next= s->next; diff --git a/modules/presence/subscribe.c b/modules/presence/subscribe.c index 9c9b9ac..172372d 100644 --- a/modules/presence/subscribe.c +++ b/modules/presence/subscribe.c @@ -457,19 +457,23 @@ void delete_subs(str* pres_uri, str* ev_name, str* to_tag, str* from_tag, str* callid) { subs_t subs; + memset(&subs, 0, sizeof(subs_t)); - subs.pres_uri = *pres_uri; subs.from_tag = *from_tag; subs.to_tag = *to_tag; subs.callid = *callid; - + /* delete record from hash table also if not in dbonly mode */ if(subs_dbmode != DB_ONLY) { unsigned int hash_code= core_hash(pres_uri, ev_name, shtable_size); - if(delete_shtable(subs_htable, hash_code, &subs) < 0) - LM_ERR("Failed to delete subscription from memory\n"); + if(delete_shtable(subs_htable, hash_code, &subs) < 0) { + LM_ERR("Failed to delete subscription from memory" + " [%.*s : %.*s / %.*s / %.*s]\n", ev_name->len, ev_name->s, + callid->len, callid->s, from_tag->len, from_tag->s, + to_tag->len, to_tag->s); + } } if(subs_dbmode != NO_DB && delete_db_subs(to_tag, from_tag, callid)< 0)

9 years, 10 months

[tracker] Task closed: kamailio fails to start when -u -g flags used by non privileged user

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. The following task is now closed: FS#473 - kamailio fails to start when -u -g flags used by non privileged user User who did this - Daniel-Constantin Mierla (miconda) Reason for closing: Implemented Additional comments about closing: I pushed a patch on master, didn't have time to test it properly. If reported to work ok, then can be backported. More information can be found at the following URL: https://sip-router.org/tracker/index.php?do=details&task_id=473 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

9 years, 10 months

[tracker] Task closed: To disable sslv3 in kamailio and allow all other TLS method.

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. The following task is now closed: FS#502 - To disable sslv3 in kamailio and allow all other TLS method. User who did this - Daniel-Constantin Mierla (miconda) Reason for closing: Implemented Additional comments about closing: I implemented on master branch. See the README for the options. Feedback on testing would be appreciated. If not working, open a new issue on github project. More information can be found at the following URL: https://sip-router.org/tracker/index.php?do=details&task_id=502 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

9 years, 10 months

git:master:5573fded: tls: refreshed the README

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: 5573fded91a0dc330003ba064e524407d92b2a8a URL: https://github.com/kamailio/kamailio/commit/5573fded91a0dc330003ba064e52440… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2015-01-02T11:22:21+01:00 tls: refreshed the README --- Modified: modules/tls/README --- Diff: https://github.com/kamailio/kamailio/commit/5573fded91a0dc330003ba064e52440… Patch: https://github.com/kamailio/kamailio/commit/5573fded91a0dc330003ba064e52440… --- diff --git a/modules/tls/README b/modules/tls/README index 713a65e..aaa7b0b 100644 --- a/modules/tls/README +++ b/modules/tls/README @@ -504,25 +504,37 @@ Revoking a certificate and using a CRL Sets the SSL/TLS protocol method. Possible values are: * TLSv1.2 - only TLSv1.2 connections are accepted (available starting with openssl/libssl v1.0.1e) + * TLSv1.1+ - TLSv1.1 or newer (TLSv1.2, ...) connections are accepted + (available starting with openssl/libssl v1.0.1) * TLSv1.1 - only TLSv1.1 connections are accepted (available starting with openssl/libssl v1.0.1) - * TLSv1 - only TLSv1 connections are accepted. This is the default - value. + * TLSv1+ - TLSv1.0 or newer (TLSv1.1, TLSv1.2, ...) connections are + accepted. + * TLSv1 - only TLSv1 (TLSv1.0) connections are accepted. This is the + default value. * SSLv3 - only SSLv3 connections are accepted. Note: you shouldn't use SSLv3 for anything which should be highly secure. * SSLv2 - only SSLv2 connections, for old clients. Note: you shouldn't use SSLv2 for anything which should be highly secure. Newer versions of libssl don't include support for it anymore. - * SSLv23 - any of the SSLv2, SSLv3 and TLSv1 methods will be - accepted, with the following limitation: the initial SSL hello - message must be V2 (in the initial hello all the supported - protocols are advertised enabling switching to a higher and more - secure version). This means connections from SSLv3 or TLSv1 clients - will be accepted. Note: you shouldn't use SSLv2 or SSLv3 for - anything which should be highly secure. - - If rfc3261 conformance is desired, TLSv1 must be used. For - compatibility with older clients SSLv23 is a good option. + * SSLv23 - any of the SSLv2, SSLv3 and TLSv1 or newer methods will be + accepted. + From OpenSSL manual: "A TLS/SSL connection established with these + methods may understand the SSLv3, TLSv1, TLSv1.1 and TLSv1.2 + protocols. If extensions are required (for example server name) a + client will send out TLSv1 client hello messages including + extensions and will indicate that it also understands TLSv1.1, + TLSv1.2 and permits a fallback to SSLv3. A server will support + SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols. This is the best + choice when compatibility is a concern." + Note: For older libssl version, this option allows SSLv2, with + hello messages done over SSLv2. You shouldn't use SSLv2 or SSLv3 + for anything which should be highly secure. + + If rfc3261 conformance is desired, at least TLSv1 must be used. For + compatibility with older clients SSLv23 is the option, but again, be + aware of security concerns, SSLv2/3 being considered very insecure by + 2014. Example 1.3. Set tls_method parameter ...

9 years, 10 months

git:master:99311ce3: tls: more documentation about tls method values

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: 99311ce3fd37eebd4c9f37d25b043c4fae8dd621 URL: https://github.com/kamailio/kamailio/commit/99311ce3fd37eebd4c9f37d25b043c4… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2015-01-02T11:21:39+01:00 tls: more documentation about tls method values - added notes about tls minimum versions --- Modified: modules/tls/doc/params.xml --- Diff: https://github.com/kamailio/kamailio/commit/99311ce3fd37eebd4c9f37d25b043c4… Patch: https://github.com/kamailio/kamailio/commit/99311ce3fd37eebd4c9f37d25b043c4… --- diff --git a/modules/tls/doc/params.xml b/modules/tls/doc/params.xml index a6e5808..ecd5802 100644 --- a/modules/tls/doc/params.xml +++ b/modules/tls/doc/params.xml @@ -27,14 +27,26 @@ </listitem> <listitem> <para> + <emphasis>TLSv1.1+</emphasis> - TLSv1.1 or newer (TLSv1.2, ...) + connections are accepted (available starting with openssl/libssl v1.0.1) + </para> + </listitem> + <listitem> + <para> <emphasis>TLSv1.1</emphasis> - only TLSv1.1 connections are accepted (available starting with openssl/libssl v1.0.1) </para> </listitem> <listitem> <para> - <emphasis>TLSv1</emphasis> - only TLSv1 connections are accepted. - This is the default value. + <emphasis>TLSv1+</emphasis> - TLSv1.0 or newer (TLSv1.1, TLSv1.2, ...) + connections are accepted. + </para> + </listitem> + <listitem> + <para> + <emphasis>TLSv1</emphasis> - only TLSv1 (TLSv1.0) connections are + accepted. This is the default value. </para> </listitem> <listitem> @@ -52,17 +64,30 @@ </listitem> <listitem> <para> - <emphasis>SSLv23</emphasis> - any of the SSLv2, SSLv3 and TLSv1 methods - will be accepted, with the following limitation: the initial SSL hello - message must be V2 (in the initial hello all the supported protocols - are advertised enabling switching to a higher and more secure version). - This means connections from SSLv3 or TLSv1 clients will be accepted. - Note: you shouldn't use SSLv2 or SSLv3 for anything which should be highly secure. + <emphasis>SSLv23</emphasis> - any of the SSLv2, SSLv3 and TLSv1 or + newer methods will be accepted. + </para> + <para> + From OpenSSL manual: "A TLS/SSL connection established with these + methods may understand the SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols. + If extensions are required (for example server name) a client will + send out TLSv1 client hello messages including extensions and will + indicate that it also understands TLSv1.1, TLSv1.2 and permits a + fallback to SSLv3. A server will support SSLv3, TLSv1, TLSv1.1 + and TLSv1.2 protocols. This is the best choice when compatibility + is a concern." + </para> + <para> + Note: For older libssl version, this option allows SSLv2, with hello + messages done over SSLv2. You shouldn't use SSLv2 or SSLv3 for anything + which should be highly secure. </para> </listitem> </itemizedlist> <para> - If rfc3261 conformance is desired, TLSv1 must be used. For compatibility with older clients SSLv23 is a good option. + If rfc3261 conformance is desired, at least TLSv1 must be used. For + compatibility with older clients SSLv23 is the option, but again, be aware + of security concerns, SSLv2/3 being considered very insecure by 2014. </para> <example> <title>Set <varname>tls_method</varname> parameter</title>

9 years, 10 months

git:master:711833b8: tls: options to set TLS versions lower limit

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: 711833b82d17a8875ffa68a3314554a59cefb0f5 URL: https://github.com/kamailio/kamailio/commit/711833b82d17a8875ffa68a3314554a… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2015-01-02T11:18:47+01:00 tls: options to set TLS versions lower limit - example: if method is set to TLSv1.1+, then the connection must be TLSv1.1 or newer - closes FS#502 --- Modified: modules/tls/tls_config.c Modified: modules/tls/tls_domain.c Modified: modules/tls/tls_domain.h Modified: modules/tls/tls_init.c --- Diff: https://github.com/kamailio/kamailio/commit/711833b82d17a8875ffa68a3314554a… Patch: https://github.com/kamailio/kamailio/commit/711833b82d17a8875ffa68a3314554a…

9 years, 10 months

git:master:241ac281: core: don't do setuid() if started by same user as -u

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: 241ac2813d30792c713dd6e585bae3c1d6e76f47 URL: https://github.com/kamailio/kamailio/commit/241ac2813d30792c713dd6e585bae3c… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2015-01-02T11:16:28+01:00 core: don't do setuid() if started by same user as -u - closing FS#473 --- Modified: daemonize.c --- Diff: https://github.com/kamailio/kamailio/commit/241ac2813d30792c713dd6e585bae3c… Patch: https://github.com/kamailio/kamailio/commit/241ac2813d30792c713dd6e585bae3c… --- diff --git a/daemonize.c b/daemonize.c index ef8a46c..63d96be 100644 --- a/daemonize.c +++ b/daemonize.c @@ -452,9 +452,11 @@ int do_suid() struct passwd *pw; if (gid){ - if(setgid(gid)<0){ - LM_CRIT("cannot change gid to %d: %s\n", gid, strerror(errno)); - goto error; + if(gid!=getgid()) { + if(setgid(gid)<0){ + LM_CRIT("cannot change gid to %d: %s\n", gid, strerror(errno)); + goto error; + } } } @@ -468,9 +470,11 @@ int do_suid() strerror(errno)); goto error; } - if(setuid(uid)<0){ - LM_CRIT("cannot change uid to %d: %s\n", uid, strerror(errno)); - goto error; + if(uid!=getuid()) { + if(setuid(uid)<0){ + LM_CRIT("cannot change uid to %d: %s\n", uid, strerror(errno)); + goto error; + } } }

9 years, 10 months

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev January 2015