asterisk

Commit Graph

Author	SHA1	Message	Date
Boris P. Korzun	e85f23e6e5	http.c: Fix NULL pointer dereference bug If native HTTP is disabled but HTTPS is enabled and status page enabled too, Core/HTTP crashes while loading. 'global_http_server' references to NULL, but the status page tries to dereference it. The patch adds a check for HTTP is enabled. ASTERISK-30379 #close Change-Id: I11b02fc920b72aaed9c809fc43210523ccfdc249	2 years ago
Kevin Harwell	05afa061f5	http.c: Add ability to create multiple HTTP servers Previously, it was only possible to have one HTTP server in Asterisk. With this patch it is now possible to have multiple HTTP servers listening on different addresses. Note, this behavior has only been made available through an API call from within the TEST_FRAMEWORK. Specifically, this feature has been added in order to allow unit test to create/start and stop servers, if one has not been enabled through configuration. Change-Id: Ic5fb5f11e62c019a1c51310f4667b32a4dae52f5	3 years ago
Alexander Traud	20d9158c9c	main: Fix for Doxygen. ASTERISK-29763 Change-Id: Ib8359e3590a9109eb04a5376559d040e5e21867e	3 years ago
Kevin Harwell	3d1bf3c537	Compiler fixes for gcc 10 This patch fixes a few compile warnings/errors that now occur when using gcc 10+. Also, the Makefile.rules check to turn off partial inlining in gcc versions greater or equal to 8.2.1 had a bug where it only it only checked against versions with at least 3 numbers (ex: 8.2.1 vs 10). This patch now ensures any version above the specified version is correctly compared. Change-Id: I54718496eb0c3ce5bd6d427cd279a29e8d2825f9	5 years ago
Sean Bright	0dce6f746b	http: Add ability to disable /httpstatus URI Add a new configuration option 'enable_status' which allows the /httpstatus URI handler to be administratively disabled. We also no longer unconditionally register the /static and /httpstatus URI handlers, but instead do it based upon configuration. Behavior change: If enable_static was turned off, the URI handler was still installed but returned a 403 when it was accessed. Because we now register/unregister the URI handlers as appropriate, if the /static URI is disabled we will return a 404 instead. Additionally: * Change 'enablestatic' to 'enable_static' but keep the former for backwards compatibility. * Improve some internal variable names ASTERISK-28710 #close Change-Id: I647510f796473793b1d3ce1beb32659813be69e1	5 years ago
Sungtae Kim	b4ccaad671	http.c: Support separated HTTP request Currently, the Asterisk does not support seperated HTTP request. This patch make the Asterisk enables to wait lest part of HTTP request. Also increases acceptable HTTP body length to 40k to support more larger request. ASTERISK-28236 Change-Id: I48a401aa64a21c3b37bf3cb4e0486d64b7dd8aa1	6 years ago
Sean Bright	286339aa34	http.c: Reload TLS even if http.conf hasn't changed There is currently no way to indicate to Asterisk that TLS certificates and/or keys have been updated other than by modifying http.conf or restarting Asterisk. There is already code in main/tcptls.c that determines if a reload is actually necessary based on the hashes of the certicate and dependent files, so this change merely gives us a way to request a reload without explicitly modifying http.conf. Change-Id: Ie795420dcc7eb3d91336820688a29adbcc321276	7 years ago
Richard Mudgett	e387750104	http.c: Give HTTP error response when received lines are too long. Added a check when we receive a HTTP request line or header line that is too long. We now return an error response to the sender because we are not able to process the request. Change-Id: I6df2705435fd7dde4d5d3bdf7acec859cfb7c12d	7 years ago
Corey Farrell	709f4b81e7	loader: Process dependencies for built-in modules. With the new module loader it was missed that built-in modules never parsed dependencies from mod->info into vectors of mod. This caused manager to be initialized before acl (named_acl). If manager.conf used any named ACL's they would not be found and result in no ACL being applied to the AMI user. In addition to the manager ACL fix this adds "extconfig" to all builtin modules which support realtime configuration. This only matters if one of the builtin modules is configured with 'preload', depending on "extconfig" will cause config.c to automatically be initialize during the preload stage. Change-Id: I482ed6bca6c1064b05bb538d7861cd7a4f02d9fc	7 years ago
Corey Farrell	572a508ef2	loader: Convert reload_classes to built-in modules. * acl (named_acl.c) * cdr * cel * ccss * dnsmgr * dsp * enum * extconfig (config.c) * features * http * indications * logger * manager * plc * sounds * udptl These modules are now loaded at appropriate time by the module loader. Unlike loadable modules these use AST_MODULE_LOAD_FAILURE on error so the module loader will abort startup on failure of these modules. Some of these modules are still initialized or shutdown from outside the module loader. logger.c is initialized very early and shutdown very late, manager.c is initialized by the module loader but is shutdown by the Asterisk core (too much uses it without holding references). Change-Id: I371a9a45064f20026c492623ea8062d02a1ab97f	7 years ago
Ben Ford	3821be1c68	http.c: Fix http header send content. Currently ast_http_send barricades a portion of the content that needs to be sent in order to establish a connection for things like the ARI client. The conditional and contents have been changed to ensure that everything that needs to be sent, will be sent. ASTERISK-27372 Change-Id: I8816d2d8f80f4fefc6dcae4b5fdfc97f1e46496d	8 years ago
George Joseph	303f935a50	http.c: Reduce log spam Messages like "fwrite() failed: Connection reset by peer" are no help whatsoever, especially since they can be caused simply by a client disconnecting. * Make those WARNINGs DEBUGs. * Check the return from ast_iostream_printf of headers. Change-Id: I17bd5f3621514152a7b2b263c801324c5e96568b	8 years ago
Sean Bright	fc71c18a9b	thread safety: Don't use getprotobyname() POSIX does not require getprotobyname() to be thread safe and some implementations use static memory which causes issues when multiple threads are used. Further, our usage of it today is just to ultimately get IPPROTO_TCP for calls to setsockopt(). So instead we just use IPPROTO_TCP directly. Change-Id: I2e14e58674808f7ce99b2f5e900d0f90d0d8da48	8 years ago
Joshua Elson	ac7a34c531	http: Ensure capath is defined on all http creations ASTERISK-26794 #close Change-Id: I9cbc3b6b6a8aab590f5ccde9c262a98e4d5253a1	8 years ago
Mark Michelson	503006123a	http: Send headers and body in one write. This is a semi-regression caused by the iostreams change. Prior to iostreams, HTTP headers were written to a FILE handle using fprintf. Then the body was written using a call to fwrite(). Because of internal buffering, the result was that the HTTP headers and body would be sent out in a single write to the socket. With the change to iostreams, the HTTP headers are written using ast_iostream_printf(), which under the hood calls write(). The HTTP body calls ast_iostream_write(), which also calls write() under the hood. This results in two separate writes to the socket. Most HTTP client libraries out there will handle this change just fine. However, a few of our testsuite tests started failing because of the change. As a result, in order to reduce frustration for users, this change alters the HTTP code to write the headers and body in a single write operation. ASTERISK-26629 #close Reported by Joshua Colp Change-Id: Idc2d2fb3d9b3db14b8631a1e302244fa18b0e518	9 years ago
Timo Teräs	070a51bf7c	Implement internal abstraction for iostreams fopencookie/funclose is a non-standard API and should not be used in portable software. Additionally, the way FILE's fd is used in non-blocking mode is undefined behaviour and cannot be relied on. This introduces internal abstraction for io streams, that allows implementing the desired virtualization of read/write operations with necessary timeout handling. ASTERISK-24515 #close ASTERISK-24517 #close Change-Id: Id916aef418b665ced6a7489aef74908b6e376e85	9 years ago
Corey Farrell	a6e5bae3ef	Remove ASTERISK_REGISTER_FILE. ASTERISK_REGISTER_FILE no longer has any purpose so this commit removes all traces of it. Previously exported symbols removed: * __ast_register_file * __ast_unregister_file * ast_complete_source_filename This also removes the mtx_prof static variable that was declared when MTX_PROFILE was enabled. This variable was only used in lock.c so it is now initialized in that file only. ASTERISK-26480 #close Change-Id: I1074af07d71f9e159c48ef36631aa432c86f9966	9 years ago
Torrey Searle	c1b6a79686	res_ari: Add http prefix to generated docs updated the uri handler to include the url prefix of the http server this enables res_ari to add it to the uris when generating docs Change-Id: I279335a2625261a8492206c37219698f42591c2e (cherry picked from commit `6f448f32fe`)	9 years ago
Alexander Traud	f72ffc1ff9	http: leverage 'bindaddr' for TLS in http.conf The internal HTTP/WebSocket server supports both TCP and TLS, which can be activated separately via the file http.conf. The source code intends to re-use the TCP parameter 'bindaddr' for TLS, even if 'tlsbindaddr' is not specified explicitly. This did not work because of a typo. This change resolves this typo. ASTERISK-26126 #close Change-Id: I5efb0409ae12044dfb3495b6b97b6d40a8c9c51f	9 years ago
Timo Teräs	39b69ab537	Fixes to include signal.h POSIX defines signal.h. sys/signal.h should not be used as it is c-library internal header which may or may not exist. Notably with musl it generates warning of being incorrect. Change-Id: Ia56b0aa1d84b5c590114867b1b384a624f39a6fc	9 years ago
Joshua Colp	0de74fad55	AST-2016-001 http: Provide greater control of TLS and set modern defaults. This change exposes the configuration of various aspects of the TLS support and sets the default to the modern standards. The TLS cipher is now set to the best values according to the Mozilla OpSec team, different TLS versions can now be disabled, and the cipher order can be forced to be that of the server instead of the client. ASTERISK-24972 #close Change-Id: I0a10f2883f7559af5e48dee0901251dbf30d45b8	9 years ago
Matt Jordan	4a58261694	git migration: Refactor the ASTERISK_FILE_VERSION macro Git does not support the ability to replace a token with a version string during check-in. While it does have support for replacing a token on clone, this is somewhat sub-optimal: the token is replaced with the object hash, which is not particularly easy for human consumption. What's more, in practice, the source file version was often not terribly useful. Generally, when triaging bugs, the overall version of Asterisk is far more useful than an individual SVN version of a file. As a result, this patch removes Asterisk's support for showing source file versions. Specifically, it does the following: * Rename ASTERISK_FILE_VERSION macro to ASTERISK_REGISTER_FILE, and remove passing the version in with the macro. Other facilities than 'core show file version' make use of the file names, such as setting a debug level only on a specific file. As such, the act of registering source files with the Asterisk core still has use. The macro rename now reflects the new macro purpose. * main/asterisk: - Refactor the file_version structure to reflect that it no longer tracks a version field. - Remove the "core show file version" CLI command. Without the file version, it is no longer useful. - Remove the ast_file_version_find function. The file version is no longer tracked. - Rename ast_register_file_version/ast_unregister_file_version to ast_register_file/ast_unregister_file, respectively. * main/manager: Remove value from the Version key of the ModuleCheck Action. The actual key itself has not been removed, as doing so would absolutely constitute a backwards incompatible change. However, since the file version is no longer tracked, there is no need to attempt to include it in the Version key. * UPGRADE: Add notes for: - Modification to the ModuleCheck AMI Action - Removal of the "core show file version" CLI command Change-Id: I6cf0ff280e1668bf4957dc21f32a5ff43444a40e	10 years ago
Corey Farrell	3ddd92902a	Replace most uses of ast_register_atexit with ast_register_cleanup. Since 'core stop now' and 'core restart now' do not stop modules, it is unsafe for most of the core to run cleanups. Originally all cleanups used ast_register_atexit, and were only changed when it was shown to be unsafe. ast_register_atexit is now used only when absolutely required to prevent corruption and close child processes. Exceptions that need to use ast_register_atexit: * CDR: Flush records. * res_musiconhold: Kill external applications. * AstDB: Close the DB. * canary_exit: Kill canary process. ASTERISK-24142 #close Reported by: David Brillert ASTERISK-24683 #close Reported by: Peter Katzmann ASTERISK-24805 #close Reported by: Badalian Vyacheslav ASTERISK-24881 #close Reported by: Corey Farrell Review: https://reviewboard.asterisk.org/r/4500/ Review: https://reviewboard.asterisk.org/r/4501/ ........ Merged revisions 433495 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 433497 from http://svn.asterisk.org/svn/asterisk/branches/13 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@433498 65c4cc65-6c06-0410-ace0-fbb531ad65f3	10 years ago
Joshua Colp	2ea7ccbf70	http: Add missing html tag to 'httpstatus' functionality. ASTERISK-24724 #close Reported by: Ashley Sanders ........ Merged revisions 432078 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 432079 from http://svn.asterisk.org/svn/asterisk/branches/13 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@432080 65c4cc65-6c06-0410-ace0-fbb531ad65f3	10 years ago
Richard Mudgett	e2d3215b83	HTTP: Stop accepting requests on final system shutdown. There are three CLI commands to stop and restart Asterisk each. 1) core stop/restart now - Hangup all calls and stop or restart Asterisk. New channels are prevented while the shutdown request is pending. 2) core stop/restart gracefully - Stop or restart Asterisk when there are no calls remaining in the system. New channels are prevented while the shutdown request is pending. 3) core stop/restart when convenient - Stop or restart Asterisk when there are no calls in the system. New calls are not prevented while the shutdown request is pending. ARI has made stopping/restarting Asterisk more problematic. While a shutdown request is pending it is desirable to continue to process ARI HTTP requests for current calls. To handle the current calls while a shutdown request is pending, a new committed to shutdown phase is needed so ARI applications can deal with the calls until the system is fully committed to shutdown. * Added a new shutdown committed phase so ARI applications can deal with calls until the final committed to shutdown phase is reached. * Made refuse new HTTP requests when the system has reached the final system shutdown phase. Starting anything while the system is actively releasing resources and unloading modules is not a good thing. * Split the bridging framework shutdown to not cleanup the global bridging containers when shutting down in a hurry. This is similar to how other modules prevent crashes on rapid system shutdown. * Moved ast_begin_shutdown(), ast_cancel_shutdown(), and ast_shutting_down(). You should not have to include channel.h just to access these system functions. ASTERISK-24752 #close Reported by: Matthew Jordan Review: https://reviewboard.asterisk.org/r/4399/ ........ Merged revisions 431692 from http://svn.asterisk.org/svn/asterisk/branches/13 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@431694 65c4cc65-6c06-0410-ace0-fbb531ad65f3	10 years ago
Ashley Sanders	6a76740b83	HTTP: For httpd server, need option to define server name for security purposes Added a new config property [servername] to the http.conf file; updated the http server to use the new property when sending responses, for showing http status through the CLI and when reporting status through the 'httpstatus' webpage. In this version, [servername] is uncommented by default. ASTERISK-24316 #close Reported By: Andrew Nagy Review: https://reviewboard.asterisk.org/r/4374/ ........ Merged revisions 431471 from http://svn.asterisk.org/svn/asterisk/branches/13 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@431484 65c4cc65-6c06-0410-ace0-fbb531ad65f3	10 years ago
Walter Doekes	8b6ecc449c	Fix printf problems with high ascii characters after r413586 (1.8). In r413586 (1.8) various casts were added to silence gcc 4.10 warnings. Those fixes included things like: -out += sprintf(out, "%%%02X", (unsigned char) ptr); +out += sprintf(out, "%%%02X", (unsigned) ptr); That works for low ascii characters, but for the high range that yields e.g. FFFFFFC3 when C3 is expected. This changeset: - fixes those casts to use the 'hh' unsigned char modifier instead - consistently uses %02x instead of %2.2x (or other non-standard usage) - adds a few 'h' modifiers in various places - fixes a 'replcaes' typo - dev/urandon typo (in 13+ patch) Review: https://reviewboard.asterisk.org/r/4263/ ASTERISK-24619 #close Reported by: Stefan27 (on IRC) ........ Merged revisions 429673 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 429674 from http://svn.asterisk.org/svn/asterisk/branches/12 ........ Merged revisions 429675 from http://svn.asterisk.org/svn/asterisk/branches/13 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@429683 65c4cc65-6c06-0410-ace0-fbb531ad65f3	11 years ago
Kinsey Moore	9c589571b7	HTTP: Fix build for gcc 4.10 ........ Merged revisions 418066 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@418067 65c4cc65-6c06-0410-ace0-fbb531ad65f3	11 years ago
Richard Mudgett	dbec5e0d8d	HTTP: Add persistent connection support. Persistent HTTP connection support is needed due to the increased usage of the Asterisk core HTTP transport and the frequency at which REST API calls are going to be issued. * Add http.conf session_keep_alive option to enable persistent connections. * Parse and discard optional chunked body extension information and trailing request headers. * Increased the maximum application/json and application/x-www-form-urlencoded body size allowed to 4k. The previous 1k was kind of small. * Removed a couple inlined versions of ast_http_manid_from_vars() by calling the function. manager.c:generic_http_callback() and res_http_post.c:http_post_callback() * Add missing va_end() in ast_ari_response_error(). * Eliminated unnecessary RAII_VAR() use in http.c:auth_create(). ASTERISK-23552 #close Reported by: Scott Griepentrog Review: https://reviewboard.asterisk.org/r/3691/ ........ Merged revisions 417880 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@417901 65c4cc65-6c06-0410-ace0-fbb531ad65f3	11 years ago
Richard Mudgett	13e697f8c0	AST-2014-007: Fix of fix to allow AMI and SIP TCP to send messages. ASTERISK-23673 #close Reported by: Richard Mudgett Review: https://reviewboard.asterisk.org/r/3617/ ........ Merged revisions 416066 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 416067 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 416070 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@416071 65c4cc65-6c06-0410-ace0-fbb531ad65f3	11 years ago
Richard Mudgett	4ca5745dbe	AST-2014-007: Fix DOS by consuming the number of allowed HTTP connections. Simply establishing a TCP connection and never sending anything to the configured HTTP port in http.conf will tie up a HTTP connection. Since there is a maximum number of open HTTP sessions allowed at a time you can block legitimate connections. A similar problem exists if a HTTP request is started but never finished. * Added http.conf session_inactivity timer option to close HTTP connections that aren't doing anything. Defaults to 30000 ms. * Removed the undocumented manager.conf block-sockets option. It interferes with TCP/TLS inactivity timeouts. * AMI and SIP TLS connections now have better authentication timeout protection. Though I didn't remove the bizzare TLS timeout polling code from chan_sip. * chan_sip can now handle SSL certificate renegotiations in the middle of a session. It couldn't do that before because the socket was non-blocking and the SSL calls were not restarted as documented by the OpenSSL documentation. * Fixed an off nominal leak of the ssl struct in handle_tcptls_connection() if the FILE stream failed to open and the SSL certificate negotiations failed. The patch creates a custom FILE stream handler to give the created FILE streams inactivity timeout and timeout after a specific moment in time capability. This approach eliminates the need for code using the FILE stream to be redesigned to deal with the timeouts. This patch indirectly fixes most of ASTERISK-18345 by fixing the usage of the SSL_read/SSL_write operations. ASTERISK-23673 #close Reported by: Richard Mudgett ........ Merged revisions 415841 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 415854 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 415896 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@415907 65c4cc65-6c06-0410-ace0-fbb531ad65f3	11 years ago
Kevin Harwell	e763d70470	res_http_websocket: Create a websocket client Added a websocket server client in Asterisk. Asterisk has a websocket server, but not a client. The ability to have Asterisk be able to connect to a websocket server can potentially be useful for future work (for instance this could allow ARI to connect back to some external system, although more work would be needed in order to incorporate that). Also a couple of things to note - proxy connection support has not been implemented and there is limited http response code handling (basically, it is connect or not). Also added an initial new URI handling mechanism to core. Internet type URI's are parsed into a data structure that contains pointers to the various parts of the URI. (closes issue ASTERISK-23742) Reported by: Kevin Harwell Review: https://reviewboard.asterisk.org/r/3541/ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@415223 65c4cc65-6c06-0410-ace0-fbb531ad65f3	11 years ago
Richard Mudgett	f3b55da1b8	http.c: Remove dead code. git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@413572 65c4cc65-6c06-0410-ace0-fbb531ad65f3	11 years ago
Richard Mudgett	e6c4b97521	http: Fix spurious ERROR message in responses with no content. Backport -r411687 and fix the fix because content_length is the length of out plus the length of the file controlled by fd. When a response has an out content length of 0, fwrite would be called to write a buffer with no data in it. This resulted in the following classic error message: [Apr 3 11:49:17] ERROR[26421] http.c: fwrite() failed: Success This patch makes it so that we only attempt to write the content of out if the out string is non-zero. ........ Merged revisions 412922 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 412923 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 412924 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@412925 65c4cc65-6c06-0410-ace0-fbb531ad65f3	11 years ago
Kinsey Moore	dcb2ea657c	HTTP: Add TCP_NODELAY to accepted connections This adds the TCP_NODELAY option to accepted connections on the HTTP server built into Asterisk. This option disables the Nagle algorithm which controls queueing of outbound data and in some cases can cause delays on receipt of response by the client due to how the Nagle algorithm interacts with TCP delayed ACK. This option is already set on all non-HTTP AMI connections and this change would cover standard HTTP requests, manager HTTP connections, and ARI HTTP requests and websockets in Asterisk 12+ along with any future use of the HTTP server. Review: https://reviewboard.asterisk.org/r/3466/ ........ Merged revisions 412745 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 412748 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 412749 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@412750 65c4cc65-6c06-0410-ace0-fbb531ad65f3	11 years ago
Matthew Jordan	73f337d97b	http: Fix spurious ERROR message in responses with no content When a response has a content length of 0, fwrite would be called to write a buffer with no data in it. This resulted in the following classic error message: [Apr 3 11:49:17] ERROR[26421] http.c: fwrite() failed: Success This patch makes it so that we only attempt to write out the content if the calculated content_length is non-zero. ........ Merged revisions 411687 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@411688 65c4cc65-6c06-0410-ace0-fbb531ad65f3	11 years ago
Scott Griepentrog	0d057e6791	http: response body often missing after specific request This patch works around a problem with the HTTP body being dropped from the response to a specific client and under specific circumstances: a) Client request comes from node.js user agent "Shred" via use of swagger-client library. b) Asterisk and Client are not on the same host or TCP/IP stack In testing this problem, it has been determined that the write of the HTTP body is lost, even if the data is written using low level write function. The only solution found is to instruct the TCP stack with the shutdown function to flush the last write and finish the transmission. See review for more details. ASTERISK-23548 #close (closes issue ASTERISK-23548) Reported by: Sam Galarneau Review: https://reviewboard.asterisk.org/r/3402/ ........ Merged revisions 411462 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 411463 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 411465 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@411469 65c4cc65-6c06-0410-ace0-fbb531ad65f3	11 years ago
Scott Griepentrog	eecb74a9a7	ARI: allow json content type with zero length body When a request was received with a Content-type of json, the body was sent for json parsing - even if it was zero length. This resulted in ARI requests failing that were valid, such as a channel DELETE with no parameters. The code has now been changed to skip json parsing with zero content length. (closes issue SWP-6748) Reported by: Samuel Galarneau Review: https://reviewboard.asterisk.org/r/3360/ ........ Merged revisions 410858 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@410863 65c4cc65-6c06-0410-ace0-fbb531ad65f3	11 years ago
Richard Mudgett	7c854d65af	AST-2014-001: Stack overflow in HTTP processing of Cookie headers. Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. Another vulnerability along similar lines is any HTTP request with a ridiculous number of headers in the request could exhaust system memory. (closes issue ASTERISK-23340) Reported by: Lucas Molas, researcher at Programa STIC, Fundacion; and Dr. Manuel Sadosky, Buenos Aires, Argentina ........ Merged revisions 410380 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 410381 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 410383 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@410395 65c4cc65-6c06-0410-ace0-fbb531ad65f3	11 years ago
Scott Griepentrog	2704b49c1b	http: supported chunked Transfer-Encoding This change implements support for HTTP Transfer-Encoding chunked in both JSON and Form (post vars) body content. A new function ast_http_get_contents() handles both regular and chunked mode body, returning after the entire body is received. (closes issue ASTERISK-23068) Reported by: Matt Jordan Review: https://reviewboard.asterisk.org/r/3125/ ........ Merged revisions 405861 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@405862 65c4cc65-6c06-0410-ace0-fbb531ad65f3	11 years ago
David M. Lee	a952abb9da	http: Properly reject requests with Transfer-Encoding set Asterisk does not support any of the transfer encodings specified in HTTP/1.1, other than the default "identity" encoding. According to RFC 2616: A server which receives an entity-body with a transfer-coding it does not understand SHOULD return 501 (Unimplemented), and close the connection. A server MUST NOT send transfer-codings to an HTTP/1.0 client. This patch adds the 501 Unimplemented response, instead of the hard work of actually implementing other recordings. This behavior is especially problematic for Node.js clients, which use chunked encoding by default. (closes issue ASTERISK-22486) Review: https://reviewboard.asterisk.org/r/3092/ ........ Merged revisions 404565 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@404567 65c4cc65-6c06-0410-ace0-fbb531ad65f3	12 years ago
Kevin Harwell	f425c4a086	ARI: Allow specifying channel variables during a POST /channels Added the ability to specify channel variables when creating/originating a channel in ARI. The variables are sent in the body of the request and should be formatted as a single level JSON object. No nested objects allowed. For example: {"variable1": "foo", "variable2": "bar"}. (closes issue ASTERISK-22872) Reported by: Matt Jordan Review: https://reviewboard.asterisk.org/r/3052/ ........ Merged revisions 403752 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@403757 65c4cc65-6c06-0410-ace0-fbb531ad65f3	12 years ago
David M. Lee	fccb427c88	ari:Add application/json parameter support The patch allows ARI to parse request parameters from an incoming JSON request body, instead of requiring the request to come in as query parameters (which is just weird for POST and DELETE) or form parameters (which is okay, but a bit asymmetric given that all of our responses are JSON). For any operation that does _not_ have a parameter defined of type body (i.e. "paramType": "body" in the API declaration), if a request provides a request body with a Content type of "application/json", the provided JSON document is parsed and searched for parameters. The expected fields in the provided JSON document should match the query parameters defined for the operation. If the parameter has 'allowMultiple' set, then the field in the JSON document may optionally be an array of values. (closes issue ASTERISK-22685) Review: https://reviewboard.asterisk.org/r/2994/ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@403177 65c4cc65-6c06-0410-ace0-fbb531ad65f3	12 years ago
David M. Lee	97a8debd90	ari: Add application/x-www-form-urlencoded parameter support ARI POST calls only accept parameters via the URL's query string. While this works, it's atypical for HTTP API's in general, and specifically frowned upon with RESTful API's. This patch adds parsing for application/x-www-form-urlencoded request bodies if they are sent in with the request. Any variables parsed this way are prepended to the variable list supplied by the query string. (closes issue ASTERISK-22743) Review: https://reviewboard.asterisk.org/r/2986/ ........ Merged revisions 402555 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@402557 65c4cc65-6c06-0410-ace0-fbb531ad65f3	12 years ago
Kinsey Moore	53dbe10f5c	Fix build warnings When AST_DEVMODE is not defined, ast_asserts are not compiled into the binary. In some cases, this means variables are not referenced or are set but unused which causes warnings to show up. (closes issue ASTERISK-22446) Reported by: Jason Parker (qwell) ........ Merged revisions 398521 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@398522 65c4cc65-6c06-0410-ace0-fbb531ad65f3	12 years ago
David M. Lee	ba7ffbe500	Complete http_shutdown. This patch frees up some resources allocated in http.c. * tcp listeners stopped * tls settings freed * uri redirects freed * unregister internal http.c uri's (closes issue ASTERISK-22237) Reported by: Corey Farrell Patches: http.patch uploaded by Corey Farrell (license 5909) ........ Merged revisions 397308 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 397309 from http://svn.asterisk.org/svn/asterisk/branches/11 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@397310 65c4cc65-6c06-0410-ace0-fbb531ad65f3	12 years ago
Matthew Jordan	bdb1c6bfb0	Tolerate presence of RFC2965 Cookie2 header by ignoring it This patch modifies parsing of cookies in Asterisk's http server by doing an explicit comparison of the "Cookie" header instead of looking at the first 6 characters to determine if the header is a cookie header. This avoids parsing "Cookie2" headers and overwriting the previously parsed "Cookie" header. Note that we probably should be appending the cookies in each "Cookie" header to the parsed results; however, while clients can send multiple cookie headers they never really do. While this patch doesn't improve Asterisk's behavior in that regard, it shouldn't make it any worse either. Note that the solution in this patch was pointed out on the issue by the issue reporter, Stuart Henderson. (closes issue ASTERISK-21789) Reported by: Stuart Henderson Tested by: mjordan, Stuart Henderson ........ Merged revisions 394899 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 394900 from http://svn.asterisk.org/svn/asterisk/branches/11 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@394901 65c4cc65-6c06-0410-ace0-fbb531ad65f3	12 years ago
Matthew Jordan	3a2a12ca1a	Tweak debug statements This patch does two things: 1. It moves the debug statement that shows the HTTP sub-protocols being compared after the string length calculation such that it shows the correct string length in the output 2. It adds some additional debug that displays when it matches on a sub-protocol and when it fails git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@394701 65c4cc65-6c06-0410-ace0-fbb531ad65f3	12 years ago
David M. Lee	9ba976b19c	ARI authentication. This patch adds authentication support to ARI. Two authentication methods are supported. The first is HTTP Basic authentication, as specified in RFC 2617[1]. The second is by simply passing the username and password as an ?api_key query parameter (which allows swagger-ui[2] to authenticate more easily). ARI usernames and passwords are configured in the ari.conf file (formerly known as stasis_http.conf). The user may be set to `read_only`, which will prohibit the user from issuing POST, DELETE, etc. Also, the user's password may be specified in either plaintext, or encrypted using the crypt() function. Several other notes about the patch. * A few command line commands for seeing ARI config and status were also added. * The configuration parsing grew big enough that I extracted it to its own file. [1]: http://www.ietf.org/rfc/rfc2617.txt [2]: https://github.com/wordnik/swagger-ui (closes issue ASTERISK-21277) Review: https://reviewboard.asterisk.org/r/2649/ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@393530 65c4cc65-6c06-0410-ace0-fbb531ad65f3	12 years ago
Matthew Jordan	13b470d704	Fix memory/ref counting leaks in a variety of locations This patch fixes the following memory leaks: * http.c: The structure containing the addresses to bind to was not being deallocated when no longer used * named_acl.c: The global configuration information was not disposed of * config_options.c: An invalid read was occurring for certain option types. * res_calendar.c: The loaded calendars on module unload were not being properly disposed of. * chan_motif.c: The format capabilities needed to be disposed of on module unload. In addition, this now specifies the default options for the maxpayloads and maxicecandidates in such a way that it doesn't cause the invalid read in config_options.c to occur. (issue ASTERISK-21906) Reported by: John Hardin patches: http.patch uploaded by jhardin (license 6512) named_acl.patch uploaded by jhardin (license 6512) config_options.patch uploaded by jhardin (license 6512) res_calendar.patch uploaded by jhardin (license 6512) chan_motif.patch uploaded by jhardin (license 6512) ........ Merged revisions 392810 from http://svn.asterisk.org/svn/asterisk/branches/11 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@392812 65c4cc65-6c06-0410-ace0-fbb531ad65f3	12 years ago

1 2 3 4

192 Commits (1ddfb7551a42fce6165726b0d5834668c3fdbcf6)