Thank you Daniel. This provides me with some capability, but I can’t seem to consume the
result in the configuration, I just get lots of errors. The issue seems to be that the
value of the define, passed via -A doesn’t seem to be processed in anyway.
I’ve had a quick look in the cfg.lex and cfg.y files, but that’s the first time delving
into Flex etc. so I’m not sure I’m following it correctly.
I’ve tried every combination of encapsulation of the parameters in single and double
quotes I can think of i.e. -A DBURL=“…”, -A “DBURL=…”, all with the same result.
I also tried #!subst "/DB_URL/DBURL/g” but that doesn’t seem to expand out the DBURL
define.
In short, I’m stumped… Any further thoughts would be truly appreciated. I’ve put a few
error details in the mail below. I’m feeling that I may need to resort to changing the
behaviour of the subst directive to meet my needs (more likely, add substvar,
substfromfile or some such).
Any further thoughts would be truly welcome, otherwise I think I’m going to have to dig
out my dusty K&R book and roll my sleeves up… Sincere thanks in advance for any
ideas.
Cheers - Robert...
-------------------------------------------------------------------------------------------------------------------------
In the configuration file, I have failures for example on:
modparam("htable", "db_url", DBURL)
when launched with the -A results in:
0(7) DEBUG: <core> [core/cfg.lex:1838]: pp_define_get(): ### returning define ID
[DBURL] value [oracle://username:password@/DB <oracle://username:password@/DB>]
0(7) CRITICAL: <core> [core/cfg.y:3431]: yyerror_at(): parse error in config file
/usr/local/etc/kamailio/kamailio.cfg, line 97, column 30-35: syntax error
0(7) CRITICAL: <core> [core/cfg.y:3431]: yyerror_at(): parse error in config file
/usr/local/etc/kamailio/kamailio.cfg, line 97, column 30-35: Invalid arguments
0(7) CRITICAL: <core> [core/cfg.y:3434]: yyerror_at(): parse error in config file
/usr/local/etc/kamailio/kamailio.cfg, line 97, column 36:
ERROR: bad config file (3 errors)
I’ve tried with #!subst but it seems that pre-processor directive doesn’t expand out
defines, so:
#!subst "/DB_URL/DBURL/g”
modparam("htable", "db_url", DB_URL)
just results in:
0(7) INFO: <core> [core/ppcfg.c:82]: pp_subst_add(): ### added subst expression:
/DB_URL/DBURL/g
0(7) DEBUG: <core> [core/re.c:436]: subst_run(): running. r=1
0(7) DEBUG: <core> [core/re.c:504]: subst_str(): no match
0(7) DEBUG: <core> [core/re.c:436]: subst_run(): running. r=1
0(7) DEBUG: <core> [core/re.c:504]: subst_str(): no match
0(7) DEBUG: <core> [core/re.c:436]: subst_run(): running. r=1
0(7) DEBUG: <core> [core/re.c:504]: subst_str(): no match
0(7) DEBUG: <core> [core/re.c:436]: subst_run(): running. r=1
0(7) DEBUG: <core> [core/re.c:504]: subst_str(): no match
0(7) DEBUG: <core> [core/re.c:436]: subst_run(): running. r=1
0(7) DEBUG: <core> [core/re.c:504]: subst_str(): no match
0(7) DEBUG: <core> [core/re.c:436]: subst_run(): running. r=1
0(7) DEBUG: <core> [core/re.c:504]: subst_str(): no match
0(7) CRITICAL: <core> [core/cfg.y:3431]: yyerror_at(): parse error in config file
/usr/local/etc/kamailio/kamailio.cfg, line 97, column 30-35: syntax error
0(7) CRITICAL: <core> [core/cfg.y:3431]: yyerror_at(): parse error in config file
/usr/local/etc/kamailio/kamailio.cfg, line 97, column 30-35: Invalid arguments
0(7) CRITICAL: <core> [core/cfg.y:3434]: yyerror_at(): parse error in config file
/usr/local/etc/kamailio/kamailio.cfg, line 97, column 36:
ERROR: bad config file (3 errors)
On 15 Nov 2017, at 07:46, Daniel-Constantin Mierla
<miconda(a)gmail.com> wrote:
Hello,
On 14.11.17 14:25, Robert wrote:
Hello,
I’m working for a UK high street bank and our Kamailio implementation has been challenged
because we’ve got database passwords held in clear in the configuration file.
I am unable to find any examples of where this has been worked around, there doesn’t seem
to be any module or configuration means of supplying a variable in the modparam() entry
that is expanded a startup. The security tutorials only seem to relate to the SIP level of
security, not Kamailio as a platform.
My requirement is simple, I need to be able to supply a password via means such as
loading a variable from a run-once script at start up, or a module. The ideal would be to
be able to read in a Docker secret :)
I am by no means a Kamailio expert, so apologies in advance if this is a mindblowingly
basic thing to achieve, but I do feel I’ve exhausted the Kamailio documentation, wiki etc.
and all the goodness Google usually has to offer and drawn a blank.
Sincere thanks in advance for any assistance.
you can define a for a token to be used inside kamailio.cfg by using -A
command line parameter. So when you start kamailio, fetch the password
from your secure system by what so ever meaning, then build the database
url based on it and run kamailio with:
kamailio - A DBURL='mysql://user:passwd@dbhost/kamailio
<mysql://user:passwd@dbhost/kamailio>' ...
You may need to enclose in double quotes inside the single quotes, I am
not sure at this moment, but sometime she shell 'eats' a pair of quotes,
so just try with it if first fails ...
Cheers,
Daniel
--
Daniel-Constantin Mierla
www.twitter.com/miconda <http://www.twitter.com/miconda> --
www.linkedin.com/in/miconda <http://www.linkedin.com/in/miconda>
Kamailio Advanced Training, Nov 13-15, 2017, in Berlin -
www.asipto.com
<http://www.asipto.com/>
Kamailio World Conference -
www.kamailioworld.com <http://www.kamailioworld.com/>