From e979a341c1b142bb02da25c7753e7efb2d34e80a Mon Sep 17 00:00:00 2001
From: Daniel-Constantin Mierla <miconda@gmail.com>
Date: Wed, 31 Mar 2021 15:44:41 +0200
Subject: [PATCH] tls: added tls_set_connect_server_id(srvid) function

- set the server id of the tls profile to be used by next client
connect, being reset after use
- alternative to use of xavp to specify server id for client profile for
the cases when xavps are no longer available (e.g., after
event_route[tm:local-request])
---
 src/modules/tls/tls_mod.c    | 30 ++++++++++++++++++++++
 src/modules/tls/tls_server.c | 48 +++++++++++++++++++++++++++++++++++-
 src/modules/tls/tls_server.h |  2 ++
 3 files changed, 79 insertions(+), 1 deletion(-)

diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index f329498e215..30a533994df 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -40,6 +40,7 @@
 #include "../../core/rpc_lookup.h"
 #include "../../core/cfg/cfg.h"
 #include "../../core/dprint.h"
+#include "../../core/mod_fix.h"
 #include "../../core/kemi.h"
 #include "tls_init.h"
 #include "tls_server.h"
@@ -80,6 +81,7 @@ static int mod_child(int rank);
 static void destroy(void);
 
 static int w_is_peer_verified(struct sip_msg* msg, char* p1, char* p2);
+static int w_tls_set_connect_server_id(sip_msg_t* msg, char* psrvid, char* p2);
 
 int ksr_rand_engine_param(modparam_t type, void* val);
 
@@ -199,6 +201,8 @@ int sr_tls_renegotiation = 0;
 static cmd_export_t cmds[] = {
 	{"is_peer_verified", (cmd_function)w_is_peer_verified,   0, 0, 0,
 			REQUEST_ROUTE},
+	{"tls_set_connect_server_id", (cmd_function)w_tls_set_connect_server_id,
+		1, fixup_spve_null, fixup_free_spve_null, ANY_ROUTE},
 	{0,0,0,0,0,0}
 };
 
@@ -550,6 +554,27 @@ static int w_is_peer_verified(struct sip_msg* msg, char* foo, char* foo2)
 	return ki_is_peer_verified(msg);
 }
 
+static int ki_tls_set_connect_server_id(sip_msg_t* msg, str* srvid)
+{
+	if(ksr_tls_set_connect_server_id(srvid)<0) {
+		return -1;
+	}
+
+	return 1;
+}
+
+static int w_tls_set_connect_server_id(sip_msg_t* msg, char* psrvid, char* p2)
+{
+	str ssrvid = STR_NULL;
+
+	if(fixup_get_svalue(msg, (gparam_t*)psrvid, &ssrvid)<0) {
+		LM_ERR("failed to get server id parameter\n");
+		return -1;
+	}
+
+	return ki_tls_set_connect_server_id(msg, &ssrvid);
+}
+
 /**
  *
  */
@@ -568,6 +593,11 @@ static sr_kemi_t sr_kemi_tls_exports[] = {
 		{ SR_KEMIP_NONE, SR_KEMIP_NONE, SR_KEMIP_NONE,
 			SR_KEMIP_NONE, SR_KEMIP_NONE, SR_KEMIP_NONE }
 	},
+	{ str_init("tls"), str_init("set_connect_server_id"),
+		SR_KEMIP_INT, ki_tls_set_connect_server_id,
+		{ SR_KEMIP_STR, SR_KEMIP_NONE, SR_KEMIP_NONE,
+			SR_KEMIP_NONE, SR_KEMIP_NONE, SR_KEMIP_NONE }
+	},
 	{ str_init("tls"), str_init("cget"),
 		SR_KEMIP_XVAL, ki_tls_cget,
 		{ SR_KEMIP_STR, SR_KEMIP_NONE, SR_KEMIP_NONE,
diff --git a/src/modules/tls/tls_server.c b/src/modules/tls/tls_server.c
index 2060b7b5502..2af43b9eb93 100644
--- a/src/modules/tls/tls_server.c
+++ b/src/modules/tls/tls_server.c
@@ -132,14 +132,59 @@ int tls_run_event_routes(struct tcp_connection *c);
 
 extern str sr_tls_xavp_cfg;
 
+static str _ksr_tls_connect_server_id = STR_NULL;
+
+int ksr_tls_set_connect_server_id(str *srvid)
+{
+	if(srvid==NULL || srvid->len<=0) {
+		if(_ksr_tls_connect_server_id.s) {
+			pkg_free(_ksr_tls_connect_server_id.s);
+		}
+		_ksr_tls_connect_server_id.s = NULL;
+		_ksr_tls_connect_server_id.len = 0;
+		return 0;
+	}
+
+	if(_ksr_tls_connect_server_id.len>=srvid->len) {
+		memcpy(_ksr_tls_connect_server_id.s, srvid->s, srvid->len);
+		_ksr_tls_connect_server_id.len = srvid->len;
+		return 0;
+	}
+
+	if(_ksr_tls_connect_server_id.s) {
+		pkg_free(_ksr_tls_connect_server_id.s);
+	}
+	_ksr_tls_connect_server_id.len = 0;
+
+	_ksr_tls_connect_server_id.s = (char*)pkg_mallocxz(srvid->len + 1);
+	if(_ksr_tls_connect_server_id.s==NULL) {
+		PKG_MEM_ERROR;
+		return -1;
+	}
+
+	memcpy(_ksr_tls_connect_server_id.s, srvid->s, srvid->len);
+	_ksr_tls_connect_server_id.len = srvid->len;
+
+	return 0;
+}
+
 static str *tls_get_connect_server_id(void)
 {
 	sr_xavp_t *vavp = NULL;
 	str sid = {"server_id", 9};
-	if(sr_tls_xavp_cfg.s!=NULL)
+
+	if(sr_tls_xavp_cfg.s!=NULL) {
 		vavp = xavp_get_child_with_sval(&sr_tls_xavp_cfg, &sid);
+	}
 	if(vavp==NULL || vavp->val.v.s.len<=0) {
 		LM_DBG("xavp with outbound server id not found\n");
+		if(_ksr_tls_connect_server_id.len>0) {
+			LM_DBG("found global outbound server id: %.*s\n",
+					_ksr_tls_connect_server_id.len,
+					_ksr_tls_connect_server_id.s);
+			return &_ksr_tls_connect_server_id;
+		}
+		LM_DBG("outbound server id not set\n");
 		return NULL;
 	}
 	LM_DBG("found xavp with outbound server id: %s\n", vavp->val.v.s.s);
@@ -218,6 +263,7 @@ static int tls_complete_init(struct tcp_connection* c)
 		srvid = tls_get_connect_server_id();
 		dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI,
 						&c->rcv.dst_ip, c->rcv.dst_port, sname, srvid);
+		ksr_tls_set_connect_server_id(NULL);
 	}
 	if (unlikely(c->state<0)) {
 		BUG("Invalid connection (state %d)\n", c->state);
diff --git a/src/modules/tls/tls_server.h b/src/modules/tls/tls_server.h
index 51ba176b469..5e7784c4d03 100644
--- a/src/modules/tls/tls_server.h
+++ b/src/modules/tls/tls_server.h
@@ -96,4 +96,6 @@ int tls_connect(struct tcp_connection *c, int* error);
 int tls_accept(struct tcp_connection *c, int* error);
 
 void tls_lookup_event_routes(void);
+int ksr_tls_set_connect_server_id(str *srvid);
+
 #endif /* _TLS_SERVER_H */