Using jsonrpc_dispatch in xhttp:request - is it possible to restrict the RPC that can be invoked ?
6 Mar
2023
6 Mar
'23
7:57 p.m.
Hello,
I'm using jsonrpc_dispatch in a "xhttp:request" section (with xhttp and
jsonrpcs modules), e.g.:
event_route[xhttp:request] {
if ($hu =~ "^/RPC") {
jsonrpc_dispatch();
exit;
}
xhttp_reply("404", "Not Found", "", "");
exit;
}
This works, but I would like to restrict the RPC functions that can be invoked this way.
Any advice on how I could do that ?
The xhttp module provides "url_skip" and "url_match" but this is not
useful because in the URL I only have something like "RPC".
And the method is in the JSON body.
I could parse the JSON body before calling jsonrpc_dispatch, but it's a bit
complicated (I don't know if it's feasible in Kamailio script ?), and seems
redundant because jsonrpc_dispatch already does that...
Maybe somehow this could be checked from the "void *" second argument passed to
the RPC function ?
Thanks.
Regards,
Nicolas.
This message contains information that may be privileged or confidential and is the
property of the Capgemini Group. It is intended only for the person to whom it is
addressed. If you are not the intended recipient, you are not authorized to read, print,
retain, copy, disseminate, distribute, or use this message or any part thereof. If you
receive this message in error, please notify the sender immediately and delete all copies
of this message.
6 Mar
6 Mar
8:29 p.m.
I don’t think there is any practical RPC method restriction, but parsing the JSON body in
script is indeed possible, easy and pretty cheap:
https://kamailio.org/docs/modules/5.6.x/modules/jansson.html
— Alex
On Mar 6, 2023, at 11:57 AM, Chaigneau, Nicolas
<nicolas.chaigneau(a)capgemini.com> wrote:
Hello,
I’m using jsonrpc_dispatch in a "xhttp:request" section (with xhttp and
jsonrpcs modules), e.g.:
event_route[xhttp:request] {
if ($hu =~ "^/RPC") {
jsonrpc_dispatch();
exit;
}
xhttp_reply("404", "Not Found", "", "");
exit;
}
This works, but I would like to restrict the RPC functions that can be invoked this
way.
Any advice on how I could do that ?
The xhttp module provides "url_skip" and "url_match" but this is not
useful because in the URL I only have something like "RPC".
And the method is in the JSON body.
I could parse the JSON body before calling jsonrpc_dispatch, but it’s a bit complicated
(I don’t know if it’s feasible in Kamailio script ?), and seems redundant because
jsonrpc_dispatch already does that…
Maybe somehow this could be checked from the "void *" second argument passed
to the RPC function ?
Thanks.
Regards,
Nicolas.
This message contains information that may be privileged or confidential and is the
property of the Capgemini Group. It is intended only for the person to whom it is
addressed. If you are not the intended recipient, you are not authorized to read, print,
retain, copy, disseminate, distribute, or use this message or any part thereof. If you
receive this message in error, please notify the sender immediately and delete all copies
of this message.__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
--
Alex Balashov
Principal Consultant
Evariste Systems LLC
Web: https://evaristesys.com
Tel: +1-706-510-6800
7 Mar
7 Mar
1:48 a.m.
Ah, that looks easy indeed. Just have to build that module. :)
Thanks!
-----Message d'origine-----
De : Alex Balashov <abalashov(a)evaristesys.com>
Envoyé : lundi 6 mars 2023 18:30
I don’t think there is any practical RPC method restriction, but parsing the JSON body in
script is indeed possible, easy and pretty cheap:
https://kamailio.org/docs/modules/5.6.x/modules/jansson.html
— Alex
On Mar 6, 2023, at 11:57 AM, Chaigneau, Nicolas
<nicolas.chaigneau(a)capgemini.com> wrote:
Hello,
I’m using jsonrpc_dispatch in a "xhttp:request" section (with xhttp and
jsonrpcs modules), e.g.:
event_route[xhttp:request] {
if ($hu =~ "^/RPC") {
jsonrpc_dispatch();
exit;
}
xhttp_reply("404", "Not Found", "",
"");
exit;
}
This works, but I would like to restrict the RPC functions that can be invoked this
way.
Any advice on how I could do that ?
The xhttp module provides "url_skip" and "url_match" but this is not
useful because in the URL I only have something like "RPC".
And the method is in the JSON body.
I could parse the JSON body before calling jsonrpc_dispatch, but it’s a bit complicated
(I don’t know if it’s feasible in Kamailio script ?), and seems redundant because
jsonrpc_dispatch already does that…
Maybe somehow this could be checked from the "void *" second argument passed
to the RPC function ?
Thanks.
Regards,
Nicolas.
This message contains information that may be privileged or confidential and is the
property of the Capgemini Group. It is intended only for the person to whom it is
addressed. If you are not the intended recipient, you are not authorized to read, print,
retain, copy, disseminate, distribute, or use this message or any part thereof. If you
receive this message in error, please notify the sender immediately and delete all copies
of this message.
12:54 p.m.
Hello,
I have another question.
I've built libjansson from sources, and now I'm trying to find how to configure
Kamailio to use it, but I'm not sure how...
I see it's using pkg-config, so I've tried to export like this:
export PKG_CONFIG_PATH=/.../jansson/2.14/lib/pkgconfig
The following commands do work:
pkg-config --libs jansson
pkg-config --cflags jansson
But then when I build Kamailio, I see the jansson module is in the
"exclude_modules" list (in src/modules.lst).
Even though I've added "jansson" in the include_modules of command
"make cfg".
Any idea ?
Regards,
Nicolas.
-----Message d'origine-----
De : Chaigneau, Nicolas <nicolas.chaigneau(a)capgemini.com>
Envoyé : lundi 6 mars 2023 23:48
À : Kamailio (SER) - Users Mailing List
Objet : [SR-Users] Re: Using jsonrpc_dispatch in xhttp:request - is it possible to
restrict the RPC that can be invoked ?
Warning: This email has been flagged as a potential spoof. If you are unsure of the
sender, kindly do not reply or open links.
******This mail has been sent from an external source. Do not reply to it, or open any
links/attachments unless you are sure of the sender's identity.******
Ah, that looks easy indeed. Just have to build that module. :) Thanks!
-----Message d'origine-----
De : Alex Balashov <abalashov(a)evaristesys.com> Envoyé : lundi 6 mars 2023 18:30
I don’t think there is any practical RPC method restriction, but parsing the JSON body in
script is indeed possible, easy and pretty cheap:
https://kamailio.org/docs/modules/5.6.x/modules/jansson.html
— Alex
On Mar 6, 2023, at 11:57 AM, Chaigneau, Nicolas
<nicolas.chaigneau(a)capgemini.com> wrote:
Hello,
I’m using jsonrpc_dispatch in a "xhttp:request" section (with xhttp and
jsonrpcs modules), e.g.:
event_route[xhttp:request] {
if ($hu =~ "^/RPC") {
jsonrpc_dispatch();
exit;
}
xhttp_reply("404", "Not Found", "",
"");
exit;
}
This works, but I would like to restrict the RPC functions that can be invoked this
way.
Any advice on how I could do that ?
The xhttp module provides "url_skip" and "url_match" but this is not
useful because in the URL I only have something like "RPC".
And the method is in the JSON body.
I could parse the JSON body before calling jsonrpc_dispatch, but it’s a bit complicated
(I don’t know if it’s feasible in Kamailio script ?), and seems redundant because
jsonrpc_dispatch already does that…
Maybe somehow this could be checked from the "void *" second argument passed
to the RPC function ?
Thanks.
Regards,
Nicolas.
This message contains information that may be privileged or confidential and is the
property of the Capgemini Group. It is intended only for the person to whom it is
addressed. If you are not the intended recipient, you are not authorized to read, print,
retain, copy, disseminate, distribute, or use this message or any part thereof. If you
receive this message in error, please notify the sender immediately and delete all copies
of this message.
1:48 p.m.
Sorry, you can ignore this. The build works.
I was confused because I saw jansson in the "exclude_modules" list, but
apparently the "include_modules" list takes precedence.
I now have the jansson module built. :)
-----Message d'origine-----
De : Chaigneau, Nicolas <nicolas.chaigneau(a)capgemini.com>
Hello,
I have another question.
I've built libjansson from sources, and now I'm trying to find how to configure
Kamailio to use it, but I'm not sure how...
I see it's using pkg-config, so I've tried to export like this:
export PKG_CONFIG_PATH=/.../jansson/2.14/lib/pkgconfig
The following commands do work:
pkg-config --libs jansson
pkg-config --cflags jansson
But then when I build Kamailio, I see the jansson module is in the
"exclude_modules" list (in src/modules.lst).
Even though I've added "jansson" in the include_modules of command
"make cfg".
Any idea ?
Regards,
Nicolas.
-----Message d'origine-----
De : Chaigneau, Nicolas <nicolas.chaigneau(a)capgemini.com> Envoyé : lundi 6 mars 2023
23:48 À : Kamailio (SER) - Users Mailing List Objet : [SR-Users] Re: Using
jsonrpc_dispatch in xhttp:request - is it possible to restrict the RPC that can be invoked
?
Warning: This email has been flagged as a potential spoof. If you are unsure of the
sender, kindly do not reply or open links.
******This mail has been sent from an external source. Do not reply to it, or open any
links/attachments unless you are sure of the sender's identity.******
Ah, that looks easy indeed. Just have to build that module. :) Thanks!
-----Message d'origine-----
De : Alex Balashov <abalashov(a)evaristesys.com> Envoyé : lundi 6 mars 2023 18:30
I don’t think there is any practical RPC method restriction, but parsing the JSON body in
script is indeed possible, easy and pretty cheap:
https://kamailio.org/docs/modules/5.6.x/modules/jansson.html
— Alex
On Mar 6, 2023, at 11:57 AM, Chaigneau, Nicolas
<nicolas.chaigneau(a)capgemini.com> wrote:
Hello,
I’m using jsonrpc_dispatch in a "xhttp:request" section (with xhttp and
jsonrpcs modules), e.g.:
event_route[xhttp:request] {
if ($hu =~ "^/RPC") {
jsonrpc_dispatch();
exit;
}
xhttp_reply("404", "Not Found", "",
"");
exit;
}
This works, but I would like to restrict the RPC functions that can be invoked this
way.
Any advice on how I could do that ?
The xhttp module provides "url_skip" and "url_match" but this is not
useful because in the URL I only have something like "RPC".
And the method is in the JSON body.
I could parse the JSON body before calling jsonrpc_dispatch, but it’s a bit complicated
(I don’t know if it’s feasible in Kamailio script ?), and seems redundant because
jsonrpc_dispatch already does that…
Maybe somehow this could be checked from the "void *" second argument passed
to the RPC function ?
Thanks.
Regards,
Nicolas.
This message contains information that may be privileged or confidential and is the
property of the Capgemini Group. It is intended only for the person to whom it is
addressed. If you are not the intended recipient, you are not authorized to read, print,
retain, copy, disseminate, distribute, or use this message or any part thereof. If you
receive this message in error, please notify the sender immediately and delete all copies
of this message.
612
days inactive
613
days old
4 comments
2 participants
participants (2)
-
Alex Balashov -
Chaigneau, Nicolas