Line data Source code
1 : /*
2 : * Copyright (C) 2004-2026 Savoir-faire Linux Inc.
3 : *
4 : * This program is free software: you can redistribute it and/or modify
5 : * it under the terms of the GNU General Public License as published by
6 : * the Free Software Foundation, either version 3 of the License, or
7 : * (at your option) any later version.
8 : *
9 : * This program is distributed in the hope that it will be useful,
10 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 : * GNU General Public License for more details.
13 : *
14 : * You should have received a copy of the GNU General Public License
15 : * along with this program. If not, see <https://www.gnu.org/licenses/>.
16 : */
17 : #include "sipaccount_config.h"
18 : #include "account_const.h"
19 : #include "account_schema.h"
20 : #include "config/yamlparser.h"
21 :
22 : extern "C" {
23 : #include <pjlib-util/md5.h>
24 : }
25 :
26 : namespace jami {
27 :
28 : namespace Conf {
29 : constexpr const char* ID_KEY = "id";
30 : constexpr const char* USERNAME_KEY = "username";
31 : constexpr const char* BIND_ADDRESS_KEY = "bindAddress";
32 : constexpr const char* INTERFACE_KEY = "interface";
33 : constexpr const char* PORT_KEY = "port";
34 : constexpr const char* PUBLISH_ADDR_KEY = "publishAddr";
35 : constexpr const char* PUBLISH_PORT_KEY = "publishPort";
36 : constexpr const char* SAME_AS_LOCAL_KEY = "sameasLocal";
37 : constexpr const char* DTMF_TYPE_KEY = "dtmfType";
38 : constexpr const char* SERVICE_ROUTE_KEY = "serviceRoute";
39 : constexpr const char* ALLOW_IP_AUTO_REWRITE = "allowIPAutoRewrite";
40 : constexpr const char* PRESENCE_PUBLISH_SUPPORTED_KEY = "presencePublishSupported";
41 : constexpr const char* PRESENCE_SUBSCRIBE_SUPPORTED_KEY = "presenceSubscribeSupported";
42 : constexpr const char* PRESENCE_STATUS_KEY = "presenceStatus";
43 : constexpr const char* PRESENCE_NOTE_KEY = "presenceNote";
44 : constexpr const char* PRESENCE_MODULE_ENABLED_KEY = "presenceModuleEnabled";
45 : constexpr const char* KEEP_ALIVE_ENABLED = "keepAliveEnabled";
46 :
47 : constexpr const char* const TLS_KEY = "tls";
48 : constexpr const char* CERTIFICATE_KEY = "certificate";
49 : constexpr const char* CALIST_KEY = "calist";
50 : constexpr const char* TLS_PORT_KEY = "tlsPort";
51 : constexpr const char* CIPHERS_KEY = "ciphers";
52 : constexpr const char* TLS_ENABLE_KEY = "enable";
53 : constexpr const char* METHOD_KEY = "method";
54 : constexpr const char* TIMEOUT_KEY = "timeout";
55 : constexpr const char* TLS_PASSWORD_KEY = "password";
56 : constexpr const char* PRIVATE_KEY_KEY = "privateKey";
57 : constexpr const char* REQUIRE_CERTIF_KEY = "requireCertif";
58 : constexpr const char* SERVER_KEY = "server";
59 : constexpr const char* VERIFY_CLIENT_KEY = "verifyClient";
60 : constexpr const char* VERIFY_SERVER_KEY = "verifyServer";
61 : constexpr const char* DISABLE_SECURE_DLG_CHECK = "disableSecureDlgCheck";
62 :
63 : constexpr const char* STUN_ENABLED_KEY = "stunEnabled";
64 : constexpr const char* STUN_SERVER_KEY = "stunServer";
65 : constexpr const char* CRED_KEY = "credential";
66 : constexpr const char* SRTP_KEY = "srtp";
67 : constexpr const char* KEY_EXCHANGE_KEY = "keyExchange";
68 : constexpr const char* RTP_FALLBACK_KEY = "rtpFallback";
69 : } // namespace Conf
70 :
71 : static const SipAccountConfig DEFAULT_CONFIG {};
72 : static constexpr unsigned MIN_REGISTRATION_TIME = 60; // seconds
73 :
74 : using yaml_utils::parseValueOptional;
75 : using yaml_utils::parseVectorMap;
76 :
77 : void
78 224 : SipAccountConfig::serialize(YAML::Emitter& out) const
79 : {
80 224 : out << YAML::BeginMap;
81 224 : out << YAML::Key << Conf::ID_KEY << YAML::Value << id;
82 224 : SipAccountBaseConfig::serializeDiff(out, DEFAULT_CONFIG);
83 :
84 224 : out << YAML::Key << Conf::BIND_ADDRESS_KEY << YAML::Value << bindAddress;
85 224 : out << YAML::Key << Conf::PORT_KEY << YAML::Value << localPort;
86 224 : out << YAML::Key << Conf::PUBLISH_PORT_KEY << YAML::Value << publishedPort;
87 :
88 224 : out << YAML::Key << Conf::USERNAME_KEY << YAML::Value << username;
89 :
90 : // each credential is a map, and we can have multiple credentials
91 224 : out << YAML::Key << Conf::CRED_KEY << YAML::Value << getCredentials();
92 :
93 224 : out << YAML::Key << Conf::KEEP_ALIVE_ENABLED << YAML::Value << registrationRefreshEnabled;
94 :
95 : // out << YAML::Key << PRESENCE_MODULE_ENABLED_KEY << YAML::Value
96 : // << (presence_ and presence_->isEnabled());
97 :
98 224 : out << YAML::Key << Conf::CONFIG_ACCOUNT_REGISTRATION_EXPIRE << YAML::Value << registrationExpire;
99 224 : out << YAML::Key << Conf::SERVICE_ROUTE_KEY << YAML::Value << serviceRoute;
100 224 : out << YAML::Key << Conf::ALLOW_IP_AUTO_REWRITE << YAML::Value << allowIPAutoRewrite;
101 224 : out << YAML::Key << Conf::STUN_ENABLED_KEY << YAML::Value << stunEnabled;
102 224 : out << YAML::Key << Conf::STUN_SERVER_KEY << YAML::Value << stunServer;
103 :
104 : // tls submap
105 224 : out << YAML::Key << Conf::TLS_KEY << YAML::Value << YAML::BeginMap;
106 224 : out << YAML::Key << Conf::CALIST_KEY << YAML::Value << tlsCaListFile;
107 224 : out << YAML::Key << Conf::CERTIFICATE_KEY << YAML::Value << tlsCertificateFile;
108 224 : out << YAML::Key << Conf::TLS_PASSWORD_KEY << YAML::Value << tlsPassword;
109 224 : out << YAML::Key << Conf::PRIVATE_KEY_KEY << YAML::Value << tlsPrivateKeyFile;
110 224 : out << YAML::Key << Conf::TLS_ENABLE_KEY << YAML::Value << tlsEnable;
111 224 : out << YAML::Key << Conf::TLS_PORT_KEY << YAML::Value << tlsListenerPort;
112 224 : out << YAML::Key << Conf::VERIFY_CLIENT_KEY << YAML::Value << tlsVerifyClient;
113 224 : out << YAML::Key << Conf::VERIFY_SERVER_KEY << YAML::Value << tlsVerifyServer;
114 224 : out << YAML::Key << Conf::REQUIRE_CERTIF_KEY << YAML::Value << tlsRequireClientCertificate;
115 224 : out << YAML::Key << Conf::DISABLE_SECURE_DLG_CHECK << YAML::Value << tlsDisableSecureDlgCheck;
116 224 : out << YAML::Key << Conf::TIMEOUT_KEY << YAML::Value << tlsNegotiationTimeout;
117 224 : out << YAML::Key << Conf::CIPHERS_KEY << YAML::Value << tlsCiphers;
118 224 : out << YAML::Key << Conf::METHOD_KEY << YAML::Value << tlsMethod;
119 224 : out << YAML::Key << Conf::SERVER_KEY << YAML::Value << tlsServerName;
120 224 : out << YAML::EndMap;
121 :
122 : // srtp submap
123 224 : out << YAML::Key << Conf::SRTP_KEY << YAML::Value << YAML::BeginMap;
124 224 : out << YAML::Key << Conf::KEY_EXCHANGE_KEY << YAML::Value << sip_utils::getKeyExchangeName(srtpKeyExchange);
125 224 : out << YAML::EndMap;
126 :
127 224 : out << YAML::EndMap;
128 224 : }
129 :
130 : void
131 0 : SipAccountConfig::unserialize(const YAML::Node& node)
132 : {
133 0 : SipAccountBaseConfig::unserialize(node);
134 0 : parseValueOptional(node, Conf::USERNAME_KEY, username);
135 0 : parseValueOptional(node, Conf::BIND_ADDRESS_KEY, bindAddress);
136 0 : parseValueOptional(node, Conf::PORT_KEY, localPort);
137 0 : parseValueOptional(node, Conf::PUBLISH_PORT_KEY, publishedPort);
138 0 : parseValueOptional(node, Conf::CONFIG_ACCOUNT_REGISTRATION_EXPIRE, registrationExpire);
139 0 : registrationExpire = std::max(MIN_REGISTRATION_TIME, registrationExpire);
140 0 : parseValueOptional(node, Conf::KEEP_ALIVE_ENABLED, registrationRefreshEnabled);
141 0 : parseValueOptional(node, Conf::SERVICE_ROUTE_KEY, serviceRoute);
142 0 : parseValueOptional(node, Conf::ALLOW_IP_AUTO_REWRITE, allowIPAutoRewrite);
143 :
144 0 : parseValueOptional(node, Conf::PRESENCE_MODULE_ENABLED_KEY, presenceEnabled);
145 0 : parseValueOptional(node, Conf::PRESENCE_PUBLISH_SUPPORTED_KEY, publishSupported);
146 0 : parseValueOptional(node, Conf::PRESENCE_SUBSCRIBE_SUPPORTED_KEY, subscribeSupported);
147 :
148 : // ICE - STUN/TURN
149 0 : parseValueOptional(node, Conf::STUN_ENABLED_KEY, stunEnabled);
150 0 : parseValueOptional(node, Conf::STUN_SERVER_KEY, stunServer);
151 :
152 0 : const auto& credsNode = node[Conf::CRED_KEY];
153 0 : setCredentials(
154 0 : parseVectorMap(credsNode,
155 : {Conf::CONFIG_ACCOUNT_REALM, Conf::CONFIG_ACCOUNT_USERNAME, Conf::CONFIG_ACCOUNT_PASSWORD}));
156 :
157 : // get tls submap
158 : try {
159 0 : const auto& tlsMap = node[Conf::TLS_KEY];
160 0 : parseValueOptional(tlsMap, Conf::CERTIFICATE_KEY, tlsCertificateFile);
161 0 : parseValueOptional(tlsMap, Conf::CALIST_KEY, tlsCaListFile);
162 0 : parseValueOptional(tlsMap, Conf::TLS_PASSWORD_KEY, tlsPassword);
163 0 : parseValueOptional(tlsMap, Conf::PRIVATE_KEY_KEY, tlsPrivateKeyFile);
164 0 : parseValueOptional(tlsMap, Conf::TLS_ENABLE_KEY, tlsEnable);
165 0 : parseValueOptional(tlsMap, Conf::TLS_PORT_KEY, tlsListenerPort);
166 0 : parseValueOptional(tlsMap, Conf::CIPHERS_KEY, tlsCiphers);
167 0 : parseValueOptional(tlsMap, Conf::METHOD_KEY, tlsMethod);
168 0 : parseValueOptional(tlsMap, Conf::SERVER_KEY, tlsServerName);
169 0 : parseValueOptional(tlsMap, Conf::REQUIRE_CERTIF_KEY, tlsRequireClientCertificate);
170 0 : parseValueOptional(tlsMap, Conf::VERIFY_CLIENT_KEY, tlsVerifyClient);
171 0 : parseValueOptional(tlsMap, Conf::VERIFY_SERVER_KEY, tlsVerifyServer);
172 0 : parseValueOptional(tlsMap, Conf::DISABLE_SECURE_DLG_CHECK, tlsDisableSecureDlgCheck);
173 0 : parseValueOptional(tlsMap, Conf::TIMEOUT_KEY, tlsNegotiationTimeout);
174 0 : } catch (...) {
175 0 : }
176 :
177 : // get srtp submap
178 0 : const auto& srtpMap = node[Conf::SRTP_KEY];
179 0 : std::string tmpKey;
180 0 : parseValueOptional(srtpMap, Conf::KEY_EXCHANGE_KEY, tmpKey);
181 0 : srtpKeyExchange = sip_utils::getKeyExchangeProtocol(tmpKey);
182 0 : }
183 :
184 : std::map<std::string, std::string>
185 91 : SipAccountConfig::toMap() const
186 : {
187 91 : auto a = SipAccountBaseConfig::toMap();
188 : // general sip settings
189 91 : a.emplace(Conf::CONFIG_ACCOUNT_USERNAME, username);
190 91 : a.emplace(Conf::CONFIG_LOCAL_PORT, std::to_string(localPort));
191 91 : a.emplace(Conf::CONFIG_ACCOUNT_DTMF_TYPE, dtmfType);
192 91 : a.emplace(Conf::CONFIG_LOCAL_INTERFACE, interface);
193 91 : a.emplace(Conf::CONFIG_PUBLISHED_PORT, std::to_string(publishedPort));
194 91 : a.emplace(Conf::CONFIG_PUBLISHED_SAMEAS_LOCAL, publishedSameasLocal ? TRUE_STR : FALSE_STR);
195 91 : a.emplace(Conf::CONFIG_PUBLISHED_ADDRESS, publishedIp);
196 91 : a.emplace(Conf::CONFIG_STUN_ENABLE, stunEnabled ? TRUE_STR : FALSE_STR);
197 91 : a.emplace(Conf::CONFIG_STUN_SERVER, stunServer);
198 91 : a.emplace(Conf::CONFIG_BIND_ADDRESS, bindAddress);
199 91 : a.emplace(Conf::CONFIG_ACCOUNT_ROUTESET, serviceRoute);
200 91 : a.emplace(Conf::CONFIG_ACCOUNT_IP_AUTO_REWRITE, allowIPAutoRewrite ? TRUE_STR : FALSE_STR);
201 91 : a.emplace(Conf::CONFIG_PRESENCE_ENABLED, presenceEnabled ? TRUE_STR : FALSE_STR);
202 91 : a.emplace(Conf::CONFIG_KEEP_ALIVE_ENABLED, registrationRefreshEnabled ? TRUE_STR : FALSE_STR);
203 91 : a.emplace(Conf::CONFIG_ACCOUNT_REGISTRATION_EXPIRE, std::to_string(registrationExpire));
204 :
205 91 : std::string password {};
206 91 : if (not credentials.empty()) {
207 68 : for (const auto& cred : credentials)
208 68 : if (cred.username == username) {
209 68 : password = cred.password;
210 68 : break;
211 : }
212 : }
213 91 : a.emplace(Conf::CONFIG_ACCOUNT_PASSWORD, std::move(password));
214 :
215 : // srtp settings
216 91 : a.emplace(Conf::CONFIG_SRTP_KEY_EXCHANGE, sip_utils::getKeyExchangeName(srtpKeyExchange));
217 91 : a.emplace(Conf::CONFIG_TLS_ENABLE, tlsEnable ? TRUE_STR : FALSE_STR);
218 91 : a.emplace(Conf::CONFIG_TLS_LISTENER_PORT, std::to_string(tlsListenerPort));
219 91 : a.emplace(Conf::CONFIG_TLS_CA_LIST_FILE, tlsCaListFile);
220 91 : a.emplace(Conf::CONFIG_TLS_CERTIFICATE_FILE, tlsCertificateFile);
221 91 : a.emplace(Conf::CONFIG_TLS_PRIVATE_KEY_FILE, tlsPrivateKeyFile);
222 91 : a.emplace(Conf::CONFIG_TLS_PASSWORD, tlsPassword);
223 91 : a.emplace(Conf::CONFIG_TLS_METHOD, tlsMethod);
224 91 : a.emplace(Conf::CONFIG_TLS_CIPHERS, tlsCiphers);
225 91 : a.emplace(Conf::CONFIG_TLS_SERVER_NAME, tlsServerName);
226 91 : a.emplace(Conf::CONFIG_TLS_VERIFY_SERVER, tlsVerifyServer ? TRUE_STR : FALSE_STR);
227 91 : a.emplace(Conf::CONFIG_TLS_VERIFY_CLIENT, tlsVerifyClient ? TRUE_STR : FALSE_STR);
228 91 : a.emplace(Conf::CONFIG_TLS_REQUIRE_CLIENT_CERTIFICATE, tlsRequireClientCertificate ? TRUE_STR : FALSE_STR);
229 91 : a.emplace(Conf::CONFIG_TLS_NEGOTIATION_TIMEOUT_SEC, std::to_string(tlsNegotiationTimeout));
230 91 : a.emplace(Conf::CONFIG_TLS_DISABLE_SECURE_DLG_CHECK, tlsDisableSecureDlgCheck ? TRUE_STR : FALSE_STR);
231 182 : return a;
232 91 : }
233 :
234 : void
235 24 : SipAccountConfig::fromMap(const std::map<std::string, std::string>& details)
236 : {
237 24 : SipAccountBaseConfig::fromMap(details);
238 :
239 : // general sip settings
240 24 : parseString(details, Conf::CONFIG_ACCOUNT_USERNAME, username);
241 24 : parseInt(details, Conf::CONFIG_LOCAL_PORT, localPort);
242 24 : parseString(details, Conf::CONFIG_BIND_ADDRESS, bindAddress);
243 24 : parseString(details, Conf::CONFIG_ACCOUNT_ROUTESET, serviceRoute);
244 24 : parseBool(details, Conf::CONFIG_ACCOUNT_IP_AUTO_REWRITE, allowIPAutoRewrite);
245 24 : parseString(details, Conf::CONFIG_LOCAL_INTERFACE, interface);
246 24 : parseBool(details, Conf::CONFIG_PUBLISHED_SAMEAS_LOCAL, publishedSameasLocal);
247 24 : parseString(details, Conf::CONFIG_PUBLISHED_ADDRESS, publishedIp);
248 24 : parseInt(details, Conf::CONFIG_PUBLISHED_PORT, publishedPort);
249 24 : parseBool(details, Conf::CONFIG_PRESENCE_ENABLED, presenceEnabled);
250 24 : parseString(details, Conf::CONFIG_ACCOUNT_DTMF_TYPE, dtmfType);
251 24 : parseBool(details, Conf::CONFIG_KEEP_ALIVE_ENABLED, registrationRefreshEnabled);
252 24 : parseInt(details, Conf::CONFIG_ACCOUNT_REGISTRATION_EXPIRE, registrationExpire);
253 :
254 : // srtp settings
255 24 : auto iter = details.find(Conf::CONFIG_SRTP_KEY_EXCHANGE);
256 24 : if (iter != details.end())
257 24 : srtpKeyExchange = sip_utils::getKeyExchangeProtocol(iter->second);
258 :
259 24 : if (credentials.empty()) { // credentials not set, construct 1 entry
260 24 : JAMI_WARN("No credentials set, inferring them...");
261 24 : std::map<std::string, std::string> map;
262 24 : map[Conf::CONFIG_ACCOUNT_USERNAME] = username;
263 24 : parseString(details, Conf::CONFIG_ACCOUNT_PASSWORD, map[Conf::CONFIG_ACCOUNT_PASSWORD]);
264 24 : map[Conf::CONFIG_ACCOUNT_REALM] = "*";
265 48 : setCredentials({map});
266 24 : }
267 :
268 : // ICE - STUN
269 24 : parseBool(details, Conf::CONFIG_STUN_ENABLE, stunEnabled);
270 24 : parseString(details, Conf::CONFIG_STUN_SERVER, stunServer);
271 :
272 : // TLS
273 24 : parseBool(details, Conf::CONFIG_TLS_ENABLE, tlsEnable);
274 24 : parseInt(details, Conf::CONFIG_TLS_LISTENER_PORT, tlsListenerPort);
275 24 : parsePath(details, Conf::CONFIG_TLS_CA_LIST_FILE, tlsCaListFile, path);
276 24 : parsePath(details, Conf::CONFIG_TLS_CERTIFICATE_FILE, tlsCertificateFile, path);
277 24 : parsePath(details, Conf::CONFIG_TLS_PRIVATE_KEY_FILE, tlsPrivateKeyFile, path);
278 24 : parseString(details, Conf::CONFIG_TLS_PASSWORD, tlsPassword);
279 24 : parseString(details, Conf::CONFIG_TLS_METHOD, tlsMethod);
280 24 : parseString(details, Conf::CONFIG_TLS_CIPHERS, tlsCiphers);
281 24 : parseString(details, Conf::CONFIG_TLS_SERVER_NAME, tlsServerName);
282 24 : parseBool(details, Conf::CONFIG_TLS_VERIFY_SERVER, tlsVerifyServer);
283 24 : parseBool(details, Conf::CONFIG_TLS_VERIFY_CLIENT, tlsVerifyClient);
284 24 : parseBool(details, Conf::CONFIG_TLS_REQUIRE_CLIENT_CERTIFICATE, tlsRequireClientCertificate);
285 24 : parseBool(details, Conf::CONFIG_TLS_DISABLE_SECURE_DLG_CHECK, tlsDisableSecureDlgCheck);
286 24 : parseInt(details, Conf::CONFIG_TLS_NEGOTIATION_TIMEOUT_SEC, tlsNegotiationTimeout);
287 24 : }
288 :
289 24 : SipAccountConfig::Credentials::Credentials(const std::map<std::string, std::string>& cred)
290 : {
291 24 : auto itrealm = cred.find(Conf::CONFIG_ACCOUNT_REALM);
292 24 : auto user = cred.find(Conf::CONFIG_ACCOUNT_USERNAME);
293 24 : auto passw = cred.find(Conf::CONFIG_ACCOUNT_PASSWORD);
294 24 : realm = itrealm != cred.end() ? itrealm->second : "";
295 24 : username = user != cred.end() ? user->second : "";
296 24 : password = passw != cred.end() ? passw->second : "";
297 24 : computePasswordHash();
298 24 : }
299 :
300 : std::map<std::string, std::string>
301 224 : SipAccountConfig::Credentials::toMap() const
302 : {
303 224 : return {{Conf::CONFIG_ACCOUNT_REALM, realm},
304 224 : {Conf::CONFIG_ACCOUNT_USERNAME, username},
305 896 : {Conf::CONFIG_ACCOUNT_PASSWORD, password}};
306 : }
307 :
308 : void
309 24 : SipAccountConfig::Credentials::computePasswordHash()
310 : {
311 : pj_md5_context pms;
312 :
313 : /* Compute md5 hash = MD5(username ":" realm ":" password) */
314 24 : pj_md5_init(&pms);
315 24 : pj_md5_update(&pms, (const uint8_t*) username.data(), username.length());
316 24 : pj_md5_update(&pms, (const uint8_t*) ":", 1);
317 24 : pj_md5_update(&pms, (const uint8_t*) realm.data(), realm.length());
318 24 : pj_md5_update(&pms, (const uint8_t*) ":", 1);
319 24 : pj_md5_update(&pms, (const uint8_t*) password.data(), password.length());
320 :
321 : unsigned char digest[16];
322 24 : pj_md5_final(&pms, digest);
323 :
324 : char hash[32];
325 :
326 408 : for (int i = 0; i < 16; ++i)
327 384 : pj_val_to_hex_digit(digest[i], &hash[2 * i]);
328 :
329 24 : password_h = {hash, 32};
330 24 : }
331 :
332 : std::vector<std::map<std::string, std::string>>
333 224 : SipAccountConfig::getCredentials() const
334 : {
335 224 : std::vector<std::map<std::string, std::string>> ret;
336 224 : ret.reserve(credentials.size());
337 448 : for (const auto& c : credentials) {
338 224 : ret.emplace_back(c.toMap());
339 : }
340 224 : return ret;
341 0 : }
342 :
343 : void
344 24 : SipAccountConfig::setCredentials(const std::vector<std::map<std::string, std::string>>& creds)
345 : {
346 24 : credentials.clear();
347 24 : credentials.reserve(creds.size());
348 48 : for (const auto& cred : creds)
349 24 : credentials.emplace_back(cred);
350 24 : }
351 :
352 : } // namespace jami
|
