[sr-dev] TLS.reload and memory usage of SSL_CTX structs

2024-05-14 Thread Xenofon Karamanos via sr-dev 
Hello all,

I am currently looking into issue 
https://github.com/kamailio/kamailio/issues/3823 regarding the tls.reload and 
the constant increase in memory usage when it's called.

I tried to look something up related to CRL and related functions for what 
causing it but nothing to obvious. The only culprit i could find was this 
function call in  SSL_verify_load_locations in 
load_crl().
 But the same exact function is also called in load_ca_list() with no such 
behaviour.

Next thing i notice, is that on the first rpc call of tls.reload, there is a 
"significant" memory allocation.
What i mean by this is that when a fresh kamailio (5.8) is started up (with -m 
7, for low shared memory availability to try and replicate the issue and 
children=2) and then check free shared memory usage using `kamcmd core.shmmem` 
is around 2196096 (bytes i am assuming) for my system.

On the first call of tls.reload, it drops to 539248. That's a heavy drop so i 
started digging why on so much allocation is caused. When loading a tls 
configuration, 
ksr_fix_domain
 allocates a new SSL_CTX per process. From what i am seeing this SSL_CTX, is 
basically the same for each one, with same configuration without any difference 
on settings.

So, what i tried is to allocated it once (see tls_reload branch in my 
repo),
 and just share this context to all of the process and the memory used is way 
less and also the unbounding memory seems to fixed or at least it's slowed 
that's barely visible.

What are your thoughts on these? Is this something we can done? Is the 
assumption that tls config will and be the same for every process or can one 
somehow differentiate from another?

Thanks,
Xenofon

Some numbers for anyone interested:

Before the patch 5.8 branch and with settings such as -m 7 (shared memory) and 
children=2 (with children=8 it doesn't even start, failed to load cyphers in 
SSL_CTX):
Fresh kamailio start shared memory:      total: 7340032
       free:  2196096

After one tls.reload:       free:   539248
After 100 tls.reload: free:483776
    

After patch on master (kamailio -m 7 and children=2) (with children=8 it starts 
normally):
Fresh kamailio start shared memory:      total: 7340032
   free:  3772000

After one tls.reload:    free:  3690192
After 100 tls.reload:    free:  3681056
    
[https://repository-images.githubusercontent.com/15101579/2d895000-e695-11e9-943e-d6dd9ef49a41]
Comparing kamailio:master...xkaraman:tls_reload · 
kamailio/kamailio
Kamailio - The Open Source SIP Server for large VoIP and real-time 
communication platforms - - Comparing kamailio:master...xkaraman:tls_reload · 
kamailio/kamailio
github.com

[https://opengraph.githubassets.com/a209e4474f30e5fb4ce474f928991f0fba268f0256db13224f8a4b458d9ebebe/xkaraman/kamailio]
kamailio/src/modules/tls/tls_domain.c at 
9c2705b566103f4fad0cad63bc1e36ba3cca621f · 
xkaraman/kamailio
Kamailio - The Open Source SIP Server for large VoIP and real-time 
communication platforms - - xkaraman/kamailio
github.com

[https://repository-images.githubusercontent.com/15101579/2d895000-e695-11e9-943e-d6dd9ef49a41]
kamailio/src/modules/tls/tls_domain.c at 
9c2705b566103f4fad0cad63bc1e36ba3cca621f · 
kamailio/kamailio
Kamailio - The Open Source SIP Server for large VoIP and real-time 
communication platforms - - kamailio/kamailio
github.com

[https://opengraph.githubassets.com/f4de5f69f56ea5c12c56343428618441242c2518c80e99d3bc163592fdb61da5/kamailio/kamailio/issues/3823]
Memory usage increases everytime tls.reload is executed · Issue #3823 · 
kamailio/kamailio
Description We are using Kamailio 5.7.4 on Debian 12 (from 
http://deb.kamailio.org/kamailio57) with

[sr-dev] Re: [kamailio/kamailio] permissions: introduce func `allow_register_include_port()` (PR #3846)

2024-05-14 Thread Donat Zenichev via sr-dev 
@mtirpak can you pleae have a look?

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/3846#issuecomment-2109971461
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: TLS.reload and memory usage of SSL_CTX structs

2024-05-14 Thread Daniel-Constantin Mierla via sr-dev 
Hello,


thanks for digging in it!


As I understand, this is somehow first about reducing the size of used
memory, not clearly identifying the leak itself.


The duplication done per process was to avoid races if local changes has
to be performed (e.g., by libssl internally on handling traffic), but
maybe with the libssl3.x and new threading approach is no longer needed,
if ever was necessary.


What I would suggest is to make it configurable for now, so in case
behaviour becomes unstable on high load, one can switch between modes.


Cheers,
Daniel


On 14.05.24 10:36, Xenofon Karamanos via sr-dev wrote:
> Hello all,
>
> I am currently looking into issue
> https://github.com/kamailio/kamailio/issues/3823
>  regarding the
> tls.reload and the constant increase in memory usage when it's called.
>
> I tried to look something up related to CRL and related functions for
> what causing it but nothing to obvious. The only culprit i could find
> was this function call in  SSL_verify_load_locations in load_crl()
> .
> But the same exact function is also called in load_ca_list() with no
> such behaviour. 
>
> Next thing i notice, is that on the first rpc call of tls.reload,
> there is a "significant" memory allocation. 
> What i mean by this is that when a fresh kamailio (5.8) is started up
> (with -m 7, for low shared memory availability to try and replicate
> the issue and children=2) and then check free shared memory usage
> using `kamcmd core.shmmem` is around 2196096 (bytes i am assuming) for
> my system. 
>
> On the first call of tls.reload, it drops to 539248. That's a heavy
> drop so i started digging why on so much allocation is caused. When
> loading a tls configuration, ksr_fix_domain
> 
>  allocates
> a new SSL_CTX per process. From what i am seeing this SSL_CTX, is
> basically the same for each one, with same configuration without any
> difference on settings.
>
> So, what i tried is to allocated it once (see tls_reload branch in my
> repo
> ),
> and just share this context to all of the process and the memory used
> is way less and also the unbounding memory seems to fixed or at least
> it's slowed that's barely visible.
>
> What are your thoughts on these? Is this something we can done? Is the
> assumption that tls config will and be the same for every process or
> can one somehow differentiate from another?
>
> Thanks,
> Xenofon
>
> Some numbers for anyone interested:
>
> *Before the patch 5.8 branch* and with settings such as -m 7 (shared
> memory) and children=2 (with children=8 it doesn't even start, failed
> to load cyphers in SSL_CTX):
> Fresh kamailio start shared memory:      total: 7340032
>            free:  2196096
>
> After one tls.reload:           free:   539248
> After 100 tls.reload:             free:    483776
>                  
>
> *After patch on master* (kamailio -m 7 and children=2) (with
> children=8 it starts normally): 
> Fresh kamailio start shared memory:      total: 7340032
>            free:  3772000
>
> After one tls.reload:    free:  3690192
> After 100 tls.reload:    free:  3681056
>              
> 
>   
> Comparing kamailio:master...xkaraman:tls_reload · kamailio/kamailio
> 
> Kamailio - The Open Source SIP Server for large VoIP and real-time
> communication platforms - - Comparing
> kamailio:master...xkaraman:tls_reload · kamailio/kamailio
> github.com
>
>
> 
>   
> kamailio/src/modules/tls/tls_domain.c at
> 9c2705b566103f4fad0cad63bc1e36ba3cca621f · xkaraman/kamailio
> 
> Kamailio - The Open Source SIP Server for large VoIP and real-time
> communication platforms - - xkaraman/kamailio
> github.com
>
>
> 
>   
> kamailio/src/modules/tls/tls_domain.c at
> 9c2705b566103f4fad0cad63bc1e36ba3cca621f · kamailio/kamailio
> 
> Kamailio -

[sr-dev] [kamailio/kamailio] Added new auth module function auth_algorithm (PR #3849)

2024-05-14 Thread juha-h via sr-dev 
 Type Of Change
- [ ] Small bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds new functionality)
- [ ] Breaking change (fix or feature that would change existing functionality)

 Checklist:
- [ ] PR should be backported to stable branches
- [x] Tested changes locally
- [ ] Related to issue # (replace  with an open issue number)

 Description
Added new Added new auth module function auth_algorithm that can be used to 
dynamically override algorithm parameter value.

 Note
I was not able to test check README, because of this error:
```
/usr/src/orig/kamailio$ make modules-readme modules=modules/auth
make -C src/ modules-readme 
make[1]: Entering directory '/usr/src/orig/kamailio/src'
make --no-print-directory -C doc auth.txt
xsltproc  --novalid \
--nonet \
--novalid \
--stringparam output "auth.d" \
../../../../doc/docbook/dep.xsl auth.xml 
xsltproc  --novalid \
--xinclude \
../../../../doc/docbook/txt.xsl auth.xml | lynx -nolist -stdin -dump 
> auth.txt
error : Unknown IO error
warning: failed to load external entity 
"http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl";
compilation error: file ../../../../doc/docbook/txt.xsl line 6 element import
xsl:import : unable to load 
http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl
```


You can view, comment on, or merge this pull request online at:

  https://github.com/kamailio/kamailio/pull/3849

-- Commit Summary --

  * Added new auth module function auth_algorithm

-- File Changes --

M src/modules/auth/auth_mod.c (37)
M src/modules/auth/doc/auth_functions.xml (16)

-- Patch Links --

https://github.com/kamailio/kamailio/pull/3849.patch
https://github.com/kamailio/kamailio/pull/3849.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/3849
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] Added new auth module function auth_algorithm (PR #3849)

2024-05-14 Thread juha-h via sr-dev 
@juha-h pushed 1 commit.

4ccadb7ed3a762ec1d2781e783f760f6de4b588e  Format changes

-- 
View it on GitHub:
https://github.com/kamailio/kamailio/pull/3849/files/4a1aa23d6b1d8bb90f267b64a33b25beb2b0977c..4ccadb7ed3a762ec1d2781e783f760f6de4b588e
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] Added new auth module function auth_algorithm (PR #3849)

2024-05-14 Thread juha-h via sr-dev 
@juha-h pushed 1 commit.

6992d1784aa3e1f96aa3a406f25675178605108d  More format changes

-- 
View it on GitHub:
https://github.com/kamailio/kamailio/pull/3849/files/4ccadb7ed3a762ec1d2781e783f760f6de4b588e..6992d1784aa3e1f96aa3a406f25675178605108d
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] possible memory corruption in sipcapture module (Issue #3835)

2024-05-14 Thread Lennart Rosam via sr-dev 
I've worked with @sipgate-uhlig on this topic. He's out of office this week so 
I took a look at it together with another colleague. We can confirm that the 
latest master branch does no longer suffer from this issue . Thank you @miconda 
for resolving this so quickly!

Can we assume that it will be part of Kamailio 5.8.2 and if so, is there an ETA?

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3835#issuecomment-2110201090
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] Added new auth module function auth_algorithm (PR #3849)

2024-05-14 Thread Daniel-Constantin Mierla via sr-dev 
The README must not be regenerated locally and part of the commit, it is going 
to be generated on server and pushed to git repository by a cron job.

One can generate readme locally only for checking it if it is correct, but then 
reverted before committing.

Of course, if one pushed a regenerated commit is not critical, but by using the 
server side generation, the READMEs look coherent.

I am going to merge the PR manually for make it consistent with the commit 
message guidelines.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/3849#issuecomment-2110213125
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: TLS.reload and memory usage of SSL_CTX structs

2024-05-14 Thread Xenofon Karamanos via sr-dev 
Hello Daniel,

Thanks for the feedback!

Maybe i should have explained better regarding the leak. Indeed, i couldn't 
clearly identify the leak itself but there is an indication that the leak is 
happening in the SSL_CTX_load_verify_locations() function.

When i comment out that part of the load_crl() function there is no more 
exhaustion of memory, so it's probably something SSL related.

Multiple issues suggest this also, look at:
https://groups.google.com/g/envoy-dev/c/JnWnH6HcsDU
https://github.com/pyca/pyopenssl/issues/1120
https://mta.openssl.org/pipermail/openssl-users/2015-April/001255.html
https://www.mail-archive.com/openssl-users@openssl.org/msg66240.html
https://www.mail-archive.com/openssl-users@openssl.org/msg57199.html
https://groups.google.com/g/mailing.openssl.users/c/R7bzJx167V4/m/lAGAPcDVmSMJ
https://github.com/twisted/twisted/issues/12125
https://stackoverflow.com/questions/29845527/how-to-properly-uninitialize-openssl

But i can't say for sure because the exact same function is called for CA list 
(maybe exhaustion here is much slower).

I don't know the internal of SSL but when i enable the memory debugs, i see a 
lot of mallocs and reallocs in that call, and no free() for the respective 
memories when reloading each new tls.reload. Freeing() happens only when 
kamailio is terminated.

The idea of reusing instead of recreating came from this 
https://stackoverflow.com/questions/67868098/how-to-duplicate-a-ssl-ctx-object-in-a-tls-application.

>>  (e.g., by libssl internally on handling traffic)

SSL_CTX should not be chagned once you have initialized an SSL connection 
according to this https://github.com/openssl/openssl/discussions/24203. maybe 
it was never needed but then again i am not deeply familiar with how kamailio 
uses these ctx.

Make configurable what? whether to initialize it once and reuse it vs 
initialize per process?

Thanks,
Xenofon

From: Daniel-Constantin Mierla 
Sent: Tuesday, May 14, 2024 15:05
To: Kamailio (SER) - Development Mailing List 
Cc: Xenofon Karamanos 
Subject: Re: [sr-dev] TLS.reload and memory usage of SSL_CTX structs


Hello,


thanks for digging in it!


As I understand, this is somehow first about reducing the size of used memory, 
not clearly identifying the leak itself.


The duplication done per process was to avoid races if local changes has to be 
performed (e.g., by libssl internally on handling traffic), but maybe with the 
libssl3.x and new threading approach is no longer needed, if ever was necessary.


What I would suggest is to make it configurable for now, so in case behaviour 
becomes unstable on high load, one can switch between modes.


Cheers,
Daniel


On 14.05.24 10:36, Xenofon Karamanos via sr-dev wrote:
Hello all,

I am currently looking into issue 
https://github.com/kamailio/kamailio/issues/3823 regarding the tls.reload and 
the constant increase in memory usage when it's called.

I tried to look something up related to CRL and related functions for what 
causing it but nothing to obvious. The only culprit i could find was this 
function call in  SSL_verify_load_locations in 
load_crl().
 But the same exact function is also called in load_ca_list() with no such 
behaviour.

Next thing i notice, is that on the first rpc call of tls.reload, there is a 
"significant" memory allocation.
What i mean by this is that when a fresh kamailio (5.8) is started up (with -m 
7, for low shared memory availability to try and replicate the issue and 
children=2) and then check free shared memory usage using `kamcmd core.shmmem` 
is around 2196096 (bytes i am assuming) for my system.

On the first call of tls.reload, it drops to 539248. That's a heavy drop so i 
started digging why on so much allocation is caused. When loading a tls 
configuration, 
ksr_fix_domain
 allocates a new SSL_CTX per process. From what i am seeing this SSL_CTX, is 
basically the same for each one, with same configuration without any difference 
on settings.

So, what i tried is to allocated it once (see tls_reload branch in my 
repo),
 and just share this context to all of the process and the memory used is way 
less and also the unbounding memory seems to fixed or at least it's slowed 
that's barely visible.

What are your thoughts on these? Is this something we can done? Is the 
assumption that tls config will and be the same for every process or can one 
somehow differentiate from another?

Thanks,
Xenofon

Some numbers for anyone interested:

Before the patch 5.8 branch and with settings such as -m 7 (shared memory) and 
children=2 (with children=8 it doesn't even start, failed to load cyphers in 
SSL_CTX):
Fresh

[sr-dev] Re: [kamailio/kamailio] Added new auth module function auth_algorithm (PR #3849)

2024-05-14 Thread juha-h via sr-dev 
Daniel-Constantin Mierla writes:

> One can generate readme locally only for checking it if it is correct,
> but then reverted before committing.

That is exactly what I tried to do according to instructions, but
generation failed.

Also, there is something wrong with the format check.  It shows red even
when the Details shows OK:

6992d1784aa3e1f96aa3a406f25675178605108d... PASSED
3bcedc47e381d22521aeb544b0d27180786d7039... PASSED

-- Juha


-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/3849#issuecomment-2110471230
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] Added new auth module function auth_algorithm (PR #3849)

2024-05-14 Thread Daniel-Constantin Mierla via sr-dev 
If you want to test README generation locally, then you are missing some 
dockbook-relate packages, likely `docbook-xsl`.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/3849#issuecomment-2110568295
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] git:master:3763e9c8: auth: new function auth_algorithm(...) to dynamically override algorithm

2024-05-14 Thread Daniel-Constantin Mierla via sr-dev 
Module: kamailio
Branch: master
Commit: 3763e9c826640402c798d4581d0b2f1b13e4519b
URL: 
https://github.com/kamailio/kamailio/commit/3763e9c826640402c798d4581d0b2f1b13e4519b

Author: Juha Heinanen 
Committer: Daniel-Constantin Mierla 
Date: 2024-05-14T17:52:29+02:00

auth: new function auth_algorithm(...) to dynamically override algorithm

- GH #3849

---

Modified: src/modules/auth/auth_mod.c
Modified: src/modules/auth/doc/auth_functions.xml

---

Diff:  
https://github.com/kamailio/kamailio/commit/3763e9c826640402c798d4581d0b2f1b13e4519b.diff
Patch: 
https://github.com/kamailio/kamailio/commit/3763e9c826640402c798d4581d0b2f1b13e4519b.patch

---

diff --git a/src/modules/auth/auth_mod.c b/src/modules/auth/auth_mod.c
index 534ad9e20f7..b2854d468bf 100644
--- a/src/modules/auth/auth_mod.c
+++ b/src/modules/auth/auth_mod.c
@@ -70,11 +70,17 @@ static int mod_init(void);
  * Remove used credentials from a SIP message header
  */
 int w_consume_credentials(struct sip_msg *msg, char *s1, char *s2);
+
 /*
  * Check for credentials with given realm
  */
 int w_has_credentials(struct sip_msg *msg, char *s1, char *s2);
 
+/*
+ * Set authentication algorithm
+ */
+int w_auth_algorithm(struct sip_msg *msg, char *alg, char *s2);
+
 static int pv_proxy_authenticate(
struct sip_msg *msg, char *realm, char *passwd, char *flags);
 static int pv_www_authenticate(
@@ -170,6 +176,8 @@ static cmd_export_t cmds[] = {
REQUEST_ROUTE},
{"pv_auth_check", (cmd_function)w_pv_auth_check, 4, fixup_pv_auth_check,
0, REQUEST_ROUTE},
+   {"auth_algorithm", w_auth_algorithm, 1, fixup_spve_null, 0,
+   REQUEST_ROUTE},
{"bind_auth_s", (cmd_function)bind_auth_s, 0, 0, 0},
 
{0, 0, 0, 0, 0, 0}
@@ -477,6 +485,33 @@ int w_has_credentials(sip_msg_t *msg, char *realm, char 
*s2)
return ki_has_credentials(msg, &srealm);
 }
 
+/**
+ *
+ */
+int w_auth_algorithm(sip_msg_t *msg, char *alg, char *s2)
+{
+   if(fixup_get_svalue(msg, (gparam_t *)alg, &auth_algorithm) < 0) {
+   LM_ERR("failed to get algorithm value\n");
+   return -1;
+   }
+
+   if(strcmp(auth_algorithm.s, "MD5") == 0) {
+   hash_hex_len = HASHHEXLEN;
+   calc_HA1 = calc_HA1_md5;
+   calc_response = calc_response_md5;
+   } else if(strcmp(auth_algorithm.s, "SHA-256") == 0) {
+   hash_hex_len = HASHHEXLEN_SHA256;
+   calc_HA1 = calc_HA1_sha256;
+   calc_response = calc_response_sha256;
+   } else {
+   LM_ERR("Invalid algorithm provided."
+  " Possible values are \"\", \"MD5\" or 
\"SHA-256\"\n");
+   return -1;
+   }
+
+   return 1;
+}
+
 #ifdef USE_NC
 /**
  * Calls auth_check_hdr_md5 with the update_nonce flag set to false.
diff --git a/src/modules/auth/doc/auth_functions.xml 
b/src/modules/auth/doc/auth_functions.xml
index 4b6f19ac05b..6a789e9e5b4 100644
--- a/src/modules/auth/doc/auth_functions.xml
+++ b/src/modules/auth/doc/auth_functions.xml
@@ -412,5 +412,21 @@ if (auth_get_www_authenticate("$fd", "0", "$var(wauth)")) {
 


+
+   auth_algorithm(algorithm)
+   
+ Set hash algorithm used for digest authentication thus overriding
+  algorithm parameter. Possible values are the same as those of
+  algorithm parameter.  The parameter may be a pseudo variable.
+   
+   
+   auth_algorithm  example
+   
+...
+auth_algorithm("$alg");
+...
+   
+   
+
 
 

___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] Added new auth module function auth_algorithm (PR #3849)

2024-05-14 Thread Daniel-Constantin Mierla via sr-dev 
Merged manually!

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/3849#issuecomment-2110591764
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] Added new auth module function auth_algorithm (PR #3849)

2024-05-14 Thread Daniel-Constantin Mierla via sr-dev 
Closed #3849.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/3849#event-12804750240
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] git:master:4a7aa098: modules: readme files regenerated - auth ... [skip ci]

2024-05-14 Thread Kamailio Dev via sr-dev 
Module: kamailio
Branch: master
Commit: 4a7aa098281b608177c5da61e7a47067463267bf
URL: 
https://github.com/kamailio/kamailio/commit/4a7aa098281b608177c5da61e7a47067463267bf

Author: Kamailio Dev 
Committer: Kamailio Dev 
Date: 2024-05-14T18:01:11+02:00

modules: readme files regenerated - auth ... [skip ci]

---

Modified: src/modules/auth/README

---

Diff:  
https://github.com/kamailio/kamailio/commit/4a7aa098281b608177c5da61e7a47067463267bf.diff
Patch: 
https://github.com/kamailio/kamailio/commit/4a7aa098281b608177c5da61e7a47067463267bf.patch

---

diff --git a/src/modules/auth/README b/src/modules/auth/README
index 5d759fe2438..826c0b04dcc 100644
--- a/src/modules/auth/README
+++ b/src/modules/auth/README
@@ -57,6 +57,7 @@ Daniel-Constantin Mierla
   4.7. pv_proxy_authenticate(realm, passwd, flags)
   4.8. pv_auth_check(realm, passwd, flags, checks)
   4.9. auth_get_www_authenticate(realm, flags, pvdest)
+  4.10. auth_algorithm(algorithm)
 
List of Examples
 
@@ -86,6 +87,7 @@ Daniel-Constantin Mierla
1.24. pv_proxy_authenticate usage
1.25. pv_auth_check usage
1.26. auth_get_www_authenticate
+   1.27. auth_algorithm example
 
 Chapter 1. Admin Guide
 
@@ -126,6 +128,7 @@ Chapter 1. Admin Guide
 4.7. pv_proxy_authenticate(realm, passwd, flags)
 4.8. pv_auth_check(realm, passwd, flags, checks)
 4.9. auth_get_www_authenticate(realm, flags, pvdest)
+4.10. auth_algorithm(algorithm)
 
 1. Overview
 
@@ -686,6 +689,7 @@ modparam("auth", "add_authinfo_hdr", yes)
4.7. pv_proxy_authenticate(realm, passwd, flags)
4.8. pv_auth_check(realm, passwd, flags, checks)
4.9. auth_get_www_authenticate(realm, flags, pvdest)
+   4.10. auth_algorithm(algorithm)
 
 4.1. consume_credentials()
 
@@ -926,3 +930,14 @@ if (auth_get_www_authenticate("$fd", "0", "$var(wauth)")) {
 xlog("www authenticate header is [$var(wauth)]\n");
 }
 ...
+
+4.10. auth_algorithm(algorithm)
+
+   Set hash algorithm used for digest authentication thus overriding
+   algorithm parameter. Possible values are the same as those of algorithm
+   parameter. The parameter may be a pseudo variable.
+
+   Example 1.27. auth_algorithm example
+...
+auth_algorithm("$alg");
+...

___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] Added new auth module function auth_algorithm (PR #3849)

2024-05-14 Thread juha-h via sr-dev 
> If you want to test README generation locally, then you are missing some 
> dockbook-relate packages, likely `docbook-xsl`.

README generation worked after I installed Debian package `docbook-xsl`.  For 
some reason make command as described here 
[https://www.kamailio.org/wikidocs/devel/module-docbook-readme/]() was not able 
to load it from source repo.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/3849#issuecomment-2110617698
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] Added new auth module function auth_algorithm (PR #3849)

2024-05-14 Thread juha-h via sr-dev 
How about the failing format check?

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/3849#issuecomment-2110621100
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] git:master:18e4d38e: auth: export auth_algorithm(...) to kemi

2024-05-14 Thread Daniel-Constantin Mierla via sr-dev 
Module: kamailio
Branch: master
Commit: 18e4d38e4d57ce88cbe16eec4cfb2a5a1b5554a4
URL: 
https://github.com/kamailio/kamailio/commit/18e4d38e4d57ce88cbe16eec4cfb2a5a1b5554a4

Author: Daniel-Constantin Mierla 
Committer: Daniel-Constantin Mierla 
Date: 2024-05-14T18:13:04+02:00

auth: export auth_algorithm(...) to kemi

---

Modified: src/modules/auth/auth_mod.c

---

Diff:  
https://github.com/kamailio/kamailio/commit/18e4d38e4d57ce88cbe16eec4cfb2a5a1b5554a4.diff
Patch: 
https://github.com/kamailio/kamailio/commit/18e4d38e4d57ce88cbe16eec4cfb2a5a1b5554a4.patch

---

diff --git a/src/modules/auth/auth_mod.c b/src/modules/auth/auth_mod.c
index b2854d468bf..2fcb9169f26 100644
--- a/src/modules/auth/auth_mod.c
+++ b/src/modules/auth/auth_mod.c
@@ -488,12 +488,9 @@ int w_has_credentials(sip_msg_t *msg, char *realm, char 
*s2)
 /**
  *
  */
-int w_auth_algorithm(sip_msg_t *msg, char *alg, char *s2)
+static int ki_auth_algorithm(sip_msg_t *msg, str *alg)
 {
-   if(fixup_get_svalue(msg, (gparam_t *)alg, &auth_algorithm) < 0) {
-   LM_ERR("failed to get algorithm value\n");
-   return -1;
-   }
+   auth_algorithm = *alg;
 
if(strcmp(auth_algorithm.s, "MD5") == 0) {
hash_hex_len = HASHHEXLEN;
@@ -512,6 +509,21 @@ int w_auth_algorithm(sip_msg_t *msg, char *alg, char *s2)
return 1;
 }
 
+/**
+ *
+ */
+int w_auth_algorithm(sip_msg_t *msg, char *alg, char *s2)
+{
+   str salg = str_init("");
+
+   if(fixup_get_svalue(msg, (gparam_t *)alg, &salg) < 0) {
+   LM_ERR("failed to get algorithm value\n");
+   return -1;
+   }
+
+   return ki_auth_algorithm(msg, &salg);
+}
+
 #ifdef USE_NC
 /**
  * Calls auth_check_hdr_md5 with the update_nonce flag set to false.
@@ -1384,6 +1396,11 @@ static sr_kemi_t sr_kemi_auth_exports[] = {
{ SR_KEMIP_STR, SR_KEMIP_INT, SR_KEMIP_STR,
SR_KEMIP_NONE, SR_KEMIP_NONE, SR_KEMIP_NONE }
},
+   { str_init("auth"), str_init("auth_algorithm"),
+   SR_KEMIP_INT, ki_auth_algorithm,
+   { SR_KEMIP_STR, SR_KEMIP_NONE, SR_KEMIP_NONE,
+   SR_KEMIP_NONE, SR_KEMIP_NONE, SR_KEMIP_NONE }
+   },
 
{ {0, 0}, {0, 0}, 0, NULL, { 0, 0, 0, 0, 0, 0 } }
 };

___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] Added new auth module function auth_algorithm (PR #3849)

2024-05-14 Thread Daniel-Constantin Mierla via sr-dev 
I haven't checked closely, at the first look it seems some spacing issues in 
one of the commits out of three. Did you run clang-format? I installed the git 
hooks as suggested by Victor Seva and any clang-format issues are reported and 
fixed before I can do a commit.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/3849#issuecomment-2110786081
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] Added new auth module function auth_algorithm (PR #3849)

2024-05-14 Thread juha-h via sr-dev 
After the first commit. there was format issues that I tried to fix manually 
and pushed another commit.  After that, format check was re-run automatically 
and one more format issue remained.  I fixed also that, push a new commit, and 
again format check was re-run automatically.  Now the format check passed, but 
still the web page showed that format check failed.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/3849#issuecomment-2110830547
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] Added new auth module function auth_algorithm (PR #3849)

2024-05-14 Thread Daniel-Constantin Mierla via sr-dev 
As I said, I haven't looked much into it, not sure what was the reason ...

I installed `pre-commit` along with `clang-format` and before each commit the 
formatting is checked automatically, simplifying my coding process as I can do 
it without caring of formatting and it gets fixed at commit time. I sent an 
email about it a while ago:

  - 
https://kamailio.org/mailman3/hyperkitty/list/sr-us...@lists.kamailio.org/message/7PSVLEKOMSCDMUYN4VZLIO4ZBRBJXMF6/

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/3849#issuecomment-2110854386
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] Added new auth module function auth_algorithm (PR #3849)

2024-05-14 Thread Victor Seva via sr-dev 
You can push --force the new commit with the format fixed squashing previous 
commits

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/3849#issuecomment-2110860065
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] Wrong Route header order in called party re-INVITE when using topos (Issue #3778)

2024-05-14 Thread github-actions[bot] via sr-dev 
Closed #3778 as not planned.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3778#event-12810266353
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] extented haproxy protocol support (PR #3731)

2024-05-14 Thread github-actions[bot] via sr-dev 
Closed #3731.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/3731#event-12810265977
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org