-
Bob Mottram authored
Obnam restores with the full path. duplicity restores with the relative path
Bob Mottram authoredObnam restores with the full path. duplicity restores with the relative path
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
freedombone-app-sip 19.49 KiB
#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# SIP functions
#
# License
# =======
#
# Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
VARIANTS=''
IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=0
SIP_SERVER_PASSWORD=
SIP_PORT=5060
SIP_TLS_PORT=5061
TURN_PORT=3478
TURN_TLS_PORT=5349
TURN_NONCE=
sip_variables=(ONION_ONLY
MY_USERNAME
SIP_PORT
SIP_TLS_PORT
SIP_SERVER_PASSWORD
TURN_PORT
TURN_TLS_PORT
TURN_NONCE)
function logging_on_sip {
echo -n ''
}
function logging_off_sip {
echo -n ''
}
function remove_user_sip {
remove_username="$1"
${PROJECT_NAME}-rmsipuser ${remove_username}
${PROJECT_NAME}-pass -u $remove_username --rmapp sip
# remove user from SIP TURN/STUN
if [ -f /etc/turnserver/turnusers.txt ]; then
sed -i "/${remove_username}:/d" /etc/turnserver/turnusers.txt
fi
}
function add_user_sip {
new_username="$1"
new_user_password="$2"
${PROJECT_NAME}-pass -u $new_username -a sip -p "$new_user_password"
SIP_EXTENSION=$(${PROJECT_NAME}-sipfreeext)
${PROJECT_NAME}-addsipuser -u $new_username -e $SIP_EXTENSION -p "$new_user_password"
if [ ! "$?" = "0" ]; then
echo '1'
return
fi
# add user to the sipwitch group
if [ -f /etc/sipwitch.conf ]; then
chmod 600 /etc/shadow
chmod 600 /etc/gshadow
usermod -aG sipwitch $new_username
chmod 0000 /etc/shadow
chmod 0000 /etc/gshadow
fi
# add user for SIP STUN/TURN
if [ -d /etc/turnserver ]; then
if grep -q "DEFAULT_DOMAIN_NAME" $CONFIGURATION_FILE; then
read_config_param "DEFAULT_DOMAIN_NAME"
echo "${new_username}:${new_user_password}:${DEFAULT_DOMAIN_NAME}:authorized" >> /etc/turnserver/turnusers.txt
fi
fi
echo '0'
}
function install_interactive_sip {
echo -n ''
APP_INSTALLED=1
}
function change_password_sip {
curr_username="$1"
new_user_password="$2"
#${PROJECT_NAME}-pass -u "$curr_username" -a sip -p "$new_user_password"
}
function reconfigure_sip {
echo -n ''
}
function upgrade_sip {
# remove the original sipwitch daemon if it exists
if [ -f /etc/init.d/sipwitch ]; then
rm -f /etc/init.d/sipwitch
fi
}
function backup_local_sip {
if [ -f /etc/sipwitch.conf ]; then
echo $"Backing up SIP settings"
temp_backup_dir=/root/tempsipbackup
if [ ! -d $temp_backup_dir ]; then
mkdir -p $temp_backup_dir
fi
cp -f /etc/sipwitch.conf $temp_backup_dir
backup_directory_to_usb $temp_backup_dir sip
echo $"SIP settings backup complete"
fi
}
function restore_local_sip {
if [ -d $USB_MOUNT/backup/sip ]; then
echo $"Restoring SIP settings"
temp_restore_dir=/root/tempsip
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir sip
if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/sipwitch.conf /etc/sipwitch.conf
else
cp -f $temp_restore_dir/sipwitch.conf /etc/sipwitch.conf
fi
if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir
function_check set_user_permissions
set_user_permissions
backup_unmount_drive
exit 3679
fi
rm -rf $temp_restore_dir
systemctl restart sipwitch
echo $"Restore of SIP settings complete"
fi
}
function backup_remote_sip {
if [ -f /etc/sipwitch.conf ]; then
echo $"Backing up SIP settings"
temp_backup_dir=/root/tempsipbackup
if [ ! -d $temp_backup_dir ]; then
mkdir -p $temp_backup_dir
fi
cp -f /etc/sipwitch.conf $temp_backup_dir
backup_directory_to_friend $temp_backup_dir sip
echo $"Backup SIP settings complete"
fi
}
function restore_remote_sip {
temp_restore_dir=/root/tempsip
function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir sip
if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/sipwitch.conf /etc/sipwitch.conf
else
cp -f $temp_restore_dir/sipwitch.conf /etc/sipwitch.conf
fi
if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir
function_check set_user_permissions
set_user_permissions
backup_unmount_drive
exit 3679
fi
rm -rf $temp_restore_dir
systemctl restart sipwitch
}
function remove_sip {
firewall_remove ${TURN_PORT}
firewall_remove ${TURN_TLS_PORT} tcp
firewall_remove ${SIP_PORT}
firewall_remove ${SIP_TLS_PORT}
function_check remove_onion_service
remove_onion_service sip ${SIP_PORT}
apt-get -yq remove --purge sipwitch
apt-get -yq remove --purge turnserver
if [ -f /etc/sipwitch.conf ]; then
rm /etc/sipwitch.conf
fi
if [ -d /etc/turnserver ]; then
rm -rf /etc/turnserver
fi
remove_completion_param install_sip
remove_completion_param configure_firewall_for_turn
remove_completion_param configure_firewall_for_sip4
}
function configure_firewall_for_turn {
if [[ $ONION_ONLY != "no" ]]; then
return
fi
firewall_add TURN ${TURN_PORT}
firewall_add "TURN TLS" ${TURN_TLS_PORT} tcp
}
function configure_firewall_for_sip4 {
if [[ $ONION_ONLY != "no" ]]; then
return
fi
firewall_add SIP ${SIP_PORT}
firewall_add "SIP TLS" ${SIP_TLS_PORT}
}
function update_sipwitch_daemon {
if [ ! -f /etc/init.d/sipwitch ]; then
return
fi
systemctl stop sipwitch
# remove the original sipwitch daemon if it exists
if [ -f /etc/init.d/sipwitch ]; then
rm -f /etc/init.d/sipwitch
fi
# daemon
echo '[Unit]' > /etc/systemd/system/sipwitch.service
echo 'Description=GNU SIP Witch, a SIP telephony service daemon.' >> /etc/systemd/system/sipwitch.service
echo 'After=network.target' >> /etc/systemd/system/sipwitch.service
echo '' >> /etc/systemd/system/sipwitch.service
echo '[Service]' >> /etc/systemd/system/sipwitch.service
echo 'Type=simple' >> /etc/systemd/system/sipwitch.service
echo 'Group=sipwitch' >> /etc/systemd/system/sipwitch.service
echo 'PIDFile=/var/run/sipwitch/pidfile' >> /etc/systemd/system/sipwitch.service
echo 'EnvironmentFile=-/etc/conf.d/sipwitch' >> /etc/systemd/system/sipwitch.service
echo 'EnvironmentFile=-/etc/sipwitch.conf' >> /etc/systemd/system/sipwitch.service
echo 'EnvironmentFile=-/etc/default/sipwitch' >> /etc/systemd/system/sipwitch.service
echo 'ExecStartPre=-/bin/rm -f /var/run/sipwitch/control' >> /etc/systemd/system/sipwitch.service
echo "ExecStart=/usr/sbin/sipw -f \$OPTIONS -P$SIP_PORT" >> /etc/systemd/system/sipwitch.service
echo 'Restart=always' >> /etc/systemd/system/sipwitch.service
echo 'NotifyAccess=main' >> /etc/systemd/system/sipwitch.service
echo '' >> /etc/systemd/system/sipwitch.service
echo '[Install]' >> /etc/systemd/system/sipwitch.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/sipwitch.service
systemctl enable sipwitch
systemctl daemon-reload
systemctl start sipwitch
}
function install_sip_main {
if [[ $(app_is_installed sip_main) == "1" ]]; then
return
fi
apt-get -yq install sipwitch
if [ -f $IMAGE_PASSWORD_FILE ]; then
SIP_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
else
if [ ! $SIP_SERVER_PASSWORD ]; then
SIP_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
fi
fi
echo '<?xml version="1.0"?>' > /etc/sipwitch.conf
echo '<sipwitch>' >> /etc/sipwitch.conf
echo '<provision>' >> /etc/sipwitch.conf
echo "<user id=\"$MY_USERNAME\">" >> /etc/sipwitch.conf
echo '<extension>201</extension>' >> /etc/sipwitch.conf
echo "<secret>$SIP_SERVER_PASSWORD</secret>" >> /etc/sipwitch.conf
echo "<display>$MY_USERNAME 201</display>" >> /etc/sipwitch.conf
echo '</user>' >> /etc/sipwitch.conf
echo '</provision>' >> /etc/sipwitch.conf
echo '<access>' >> /etc/sipwitch.conf
echo '</access>' >> /etc/sipwitch.conf
echo '<stack>' >> /etc/sipwitch.conf
echo " <localnames>$DEFAULT_DOMAIN_NAME</localnames>" >> /etc/sipwitch.conf
echo ' <mapped>200</mapped>' >> /etc/sipwitch.conf
echo ' <threading>2</threading>' >> /etc/sipwitch.conf
echo ' <interface>*</interface>' >> /etc/sipwitch.conf
echo ' <dumping>false</dumping>' >> /etc/sipwitch.conf
echo ' <system>system</system>' >> /etc/sipwitch.conf
echo ' <anon>anonymous</anon>' >> /etc/sipwitch.conf
echo '</stack>' >> /etc/sipwitch.conf
echo '<timers>' >> /etc/sipwitch.conf
echo ' <!-- ring every 4 seconds -->' >> /etc/sipwitch.conf
echo ' <ring>4</ring>' >> /etc/sipwitch.conf
echo ' <!-- call forward no answer after x rings -->' >> /etc/sipwitch.conf
echo ' <cfna>4</cfna>' >> /etc/sipwitch.conf
echo ' <!-- call reset to clear cid in stack, 6 seconds -->' >> /etc/sipwitch.conf
echo ' <reset>6</reset>' >> /etc/sipwitch.conf
echo '</timers>' >> /etc/sipwitch.conf
echo '<!-- we have 2xx numbers plus space for external users -->' >> /etc/sipwitch.conf
echo '<registry>' >> /etc/sipwitch.conf
echo ' <prefix>200</prefix>' >> /etc/sipwitch.conf
echo ' <range>100</range>' >> /etc/sipwitch.conf
echo ' <keysize>77</keysize>' >> /etc/sipwitch.conf
echo ' <mapped>200</mapped>' >> /etc/sipwitch.conf
echo ' <!-- <realm>GNU Telephony</realm> -->' >> /etc/sipwitch.conf
echo '</registry>' >> /etc/sipwitch.conf
echo '<routing>' >> /etc/sipwitch.conf
echo '</routing>' >> /etc/sipwitch.conf
echo '</sipwitch>' >> /etc/sipwitch.conf
sed -i 's|#PLUGINS=|PLUGINS=|g' /etc/default/sipwitch
sed -i 's|PLUGINS=.*|PLUGINS="zeroconf subscriber forward"|g' /etc/default/sipwitch
groupadd sipwitch
chmod 600 /etc/shadow
chmod 600 /etc/gshadow
usermod -aG sipwitch $MY_USERNAME
chmod 0000 /etc/shadow
chmod 0000 /etc/gshadow
SIP_ONION_HOSTNAME=$(add_onion_service sip ${SIP_PORT} ${SIP_PORT})
${PROJECT_NAME}-pass -u $MY_USERNAME -a sip -p "$SIP_SERVER_PASSWORD"
function_check configure_firewall_for_sip4
configure_firewall_for_sip4
install_completed sip_main
}
function install_sip_turn {
if [[ $(app_is_installed sip_turn) == "1" ]]; then
return
fi
apt-get -yq install turnserver
# create a nonce if needed
if [ ! $TURN_NONCE ]; then
TURN_NONCE="$(create_password 30)"
fi
function_check create_site_certificate
create_site_certificate $DEFAULT_DOMAIN_NAME 'yes'
echo '##' > /etc/turnserver/turnserver.conf
echo '# TurnServer configuration file.' >> /etc/turnserver/turnserver.conf
echo '#' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Public IPv4 address of any relayed address (if not set, no relay for IPv4).' >> /etc/turnserver/turnserver.conf
echo '## To have multiple address, separate addresses with a comma' >> /etc/turnserver/turnserver.conf
echo '## (i.e. listen_address = { "172.16.0.1", "172.17.0.1" }).' >> /etc/turnserver/turnserver.conf
echo "listen_address = { \"192.168.0.1\" }" >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Public IPv6 address of any relayed address (if not set, no relay for IPv6).' >> /etc/turnserver/turnserver.conf
echo '## To have multiple address, separate address with a comma' >> /etc/turnserver/turnserver.conf
echo '## (i.e. listen_addressv6 = { "2001:db8:1::1", "2001:db8:2::1" }).' >> /etc/turnserver/turnserver.conf
echo "#listen_addressv6 = { \"2001:db8::1\" }" >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## UDP listening port.' >> /etc/turnserver/turnserver.conf
echo "udp_port = $TURN_PORT" >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## TCP listening port.' >> /etc/turnserver/turnserver.conf
echo "tcp_port = $TURN_PORT" >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## TLS listening port.' >> /etc/turnserver/turnserver.conf
echo "tls_port = $TURN_TLS_PORT" >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## TLS support.' >> /etc/turnserver/turnserver.conf
echo 'tls = true' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## DTLS support. It is an experimental feature and is not defined in TURN' >> /etc/turnserver/turnserver.conf
echo '## standard.' >> /etc/turnserver/turnserver.conf
echo 'dtls = false' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Maximum allocation port number.' >> /etc/turnserver/turnserver.conf
echo 'max_port = 65535' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Minimum allocation port number.' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo 'min_port = 49152' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## TURN-TCP support.' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo 'turn_tcp = true' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## TURN-TCP buffering mode:' >> /etc/turnserver/turnserver.conf
echo '## - true, use userspace buffering;' >> /etc/turnserver/turnserver.conf
echo '## - false, use kernel buffering.' >> /etc/turnserver/turnserver.conf
echo 'tcp_buffer_userspace = true' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## TURN-TCP maximum buffer size.' >> /etc/turnserver/turnserver.conf
echo 'tcp_buffer_size = 32768' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Daemon mode.' >> /etc/turnserver/turnserver.conf
echo 'daemon = true' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Unprivileged user.' >> /etc/turnserver/turnserver.conf
echo '## If you want to use this feature create a system user.' >> /etc/turnserver/turnserver.conf
echo '## On Linux: adduser --system --group turnserver' >> /etc/turnserver/turnserver.conf
echo 'unpriv_user = turnserver' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Realm value.' >> /etc/turnserver/turnserver.conf
echo "realm = \"$DEFAULT_DOMAIN_NAME\"" >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Nonce key.' >> /etc/turnserver/turnserver.conf
echo "nonce_key = \"$TURN_NONCE\"" >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Max relay per username.' >> /etc/turnserver/turnserver.conf
echo 'max_relay_per_username = 5' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Allocation lifetime.' >> /etc/turnserver/turnserver.conf
echo 'allocation_lifetime = 1800' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Allocation bandwidth limitation (in KBytes/s).' >> /etc/turnserver/turnserver.conf
echo '## 0 value means bandwidth quota disabled.' >> /etc/turnserver/turnserver.conf
echo 'bandwidth_per_allocation = 150' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Restricted user bandwidth (in KBytes/s).' >> /etc/turnserver/turnserver.conf
echo '## 0 value means bandwidth limitation disabled.' >> /etc/turnserver/turnserver.conf
echo 'restricted_bandwidth = 10' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Denied addresses.' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '# disallow relaying to localhost' >> /etc/turnserver/turnserver.conf
echo 'denied_address {' >> /etc/turnserver/turnserver.conf
echo ' address = "127.0.0.1"' >> /etc/turnserver/turnserver.conf
echo ' mask = "8"' >> /etc/turnserver/turnserver.conf
echo ' port = 0' >> /etc/turnserver/turnserver.conf
echo '}' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '# disallow relaying to ip6-localhost' >> /etc/turnserver/turnserver.conf
echo 'denied_address {' >> /etc/turnserver/turnserver.conf
echo ' address = "::1"' >> /etc/turnserver/turnserver.conf
echo ' mask = "128"' >> /etc/turnserver/turnserver.conf
echo ' port = 0' >> /etc/turnserver/turnserver.conf
echo '}' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Certification Authority file.' >> /etc/turnserver/turnserver.conf
echo "ca_file = \"/etc/ssl/certs/ca-certificates.crt\"" >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Server certificate file.' >> /etc/turnserver/turnserver.conf
if [ -f /etc/ssl/certs/$DEFAULT_DOMAIN_NAME.pem ]; then
echo "cert_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.pem\"" >> /etc/turnserver/turnserver.conf
else
if [ -f /etc/ssl/certs/$DEFAULT_DOMAIN_NAME.crt ]; then
echo "cert_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.crt\"" >> /etc/turnserver/turnserver.conf
fi
fi
echo '' >> /etc/turnserver/turnserver.conf
echo '## Private key file.' >> /etc/turnserver/turnserver.conf
echo "private_key_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.key\"" >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Account method.' >> /etc/turnserver/turnserver.conf
echo "account_method = \"file\"" >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Account file (if account_method = file).' >> /etc/turnserver/turnserver.conf
echo "account_file = \"/etc/turnserver/turnusers.txt\"" >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## mod_tmpuser.' >> /etc/turnserver/turnserver.conf
echo 'mod_tmpuser = false' >> /etc/turnserver/turnserver.conf
echo "${MY_USERNAME}:password:${DEFAULT_DOMAIN_NAME}:authorized" > /etc/turnserver/turnusers.txt
systemctl restart turnserver
function_check configure_firewall_for_turn
configure_firewall_for_turn
install_completed sip_turn
}
function install_sip {
install_sip_main
update_sipwitch_daemon
APP_INSTALLED=1
}
# NOTE: deliberately no exit 0