asterisk

Commit Graph

Author	SHA1	Message	Date
George Joseph	c085753c2e	attestation_config.c: Use ast_free instead of ast_std_free In as_check_common_config, we were calling ast_std_free on raw_key but raw_key was allocated with ast_malloc so it should be freed with ast_free. Resolves: #636 (cherry picked from commit `1b94c90524`)	2 years ago
George Joseph	d7e262226f	Stir/Shaken Refactor Why do we need a refactor? The original stir/shaken implementation was started over 3 years ago when little was understood about practical implementation. The result was an implementation that wouldn't actually interoperate with any other stir-shaken implementations. There were also a number of stir-shaken features and RFC requirements that were never implemented such as TNAuthList certificate validation, sending Reason headers in SIP responses when verification failed but we wished to continue the call, and the ability to send Media Key(mky) grants in the Identity header when the call involved DTLS. Finally, there were some performance concerns around outgoing calls and selection of the correct certificate and private key. The configuration was keyed by an arbitrary name which meant that for every outgoing call, we had to scan the entire list of configured TNs to find the correct cert to use. With only a few TNs configured, this wasn't an issue but if you have a thousand, it could be. What's changed? * Configuration objects have been refactored to be clearer about their uses and to fix issues. * The "general" object was renamed to "verification" since it contains parameters specific to the incoming verification process. It also never handled ca_path and crl_path correctly. * A new "attestation" object was added that controls the outgoing attestation process. It sets default certificates, keys, etc. * The "certificate" object was renamed to "tn" and had it's key change to telephone number since outgoing call attestation needs to look up certificates by telephone number. * The "profile" object had more parameters added to it that can override default parameters specified in the "attestation" and "verification" objects. * The "store" object was removed altogther as it was never implemented. * We now use libjwt to create outgoing Identity headers and to parse and validate signatures on incoming Identiy headers. Our previous custom implementation was much of the source of the interoperability issues. * General code cleanup and refactor. * Moved things to better places. * Separated some of the complex functions to smaller ones. * Using context objects rather than passing tons of parameters in function calls. * Removed some complexity and unneeded encapsuation from the config objects. Resolves: #351 Resolves: #46 UserNote: Asterisk's stir-shaken feature has been refactored to correct interoperability, RFC compliance, and performance issues. See https://docs.asterisk.org/Deployment/STIR-SHAKEN for more information. UpgradeNote: The stir-shaken refactor is a breaking change but since it's not working now we don't think it matters. The stir_shaken.conf file has changed significantly which means that existing ones WILL need to be changed. The stir_shaken.conf.sample file in configs/samples/ has quite a bit more information. This is also an ABI breaking change since some of the existing objects needed to be changed or removed, and new ones added. Additionally, if res_stir_shaken is enabled in menuselect, you'll need to either have the development package for libjwt v1.15.3 installed or use the --with-libjwt-bundled option with ./configure. (cherry picked from commit `2e0d837e01`)	2 years ago
romryz	e95611216f	res_rtp_asterisk.c: Correct coefficient in MOS calculation. Media Experience Score relies on incorrect pseudo_mos variable calculation. According to forming an opinion section of the documentation, calculation relies on ITU-T G.107 standard: https://docs.asterisk.org/Deployment/Media-Experience-Score/#forming-an-opinion ITU-T G.107 Annex B suggests to calculate MOS with a coefficient "seven times ten to the power of negative six", 7 * 10^(-6). which would mean 6 digits after the decimal point. Current implementation has 7 digits after the decimal point, which downrates the calls. Fixes: #597 (cherry picked from commit `a7a03bc294`)	2 years ago
George Joseph	f72d97b7b1	Reduce startup/shutdown verbose logging When started with a verbose level of 3, asterisk can emit over 1500 verbose message that serve no real purpose other than to fill up logs. When asterisk shuts down, it emits another 1100 that are of even less use. Since the testsuite runs asterisk with a verbose level of 3, and asterisk starts and stops for every one of the 700+ tests, the number of log messages is staggering. Besides taking up resources, it also makes it hard to debug failing tests. This commit changes the log level for those verbose messages to 5 instead of 3 which reduces the number of log messages to only a handful. Of course, NOTICE, WARNING and ERROR message are unaffected. There's also one other minor change... ast_context_remove_extension_callerid2() logs a DEBUG message instead of an ERROR if the extension you're deleting doesn't exist. The pjsip_config_wizard calls that function to clean up the config and has been triggering that annoying error message for years. Resolves: #582 (cherry picked from commit `a5ae546b88`)	2 years ago
Flole998	096243745c	res_pjsip_outbound_registration.c: Add User-Agent header override This introduces a setting for outbound registrations to override the global User-Agent header setting. Resolves: #515 UserNote: PJSIP outbound registrations now support a per-registration User-Agent header (cherry picked from commit `c7fc6ae362`)	2 years ago
Sean Bright	36184820bd	res_pjsip_t38.c: Permit IPv6 SDP connection addresses. The existing code prevented IPv6 addresses from being properly parsed. Fixes #558 (cherry picked from commit `841cd1480c`)	2 years ago
Sean Bright	2ec0b83e5b	res_pjsip_session.c: Correctly format SDP connection addresses. Resolves a regression identified by @justinludwig involving the rendering of IPv6 addresses in outgoing SDP. Also updates `media_address` on PJSIP endpoints so that if we are able to parse the configured value as an IP we store it in a format that we can directly use later. Based on my reading of the code it appeared that one could configure `media_address` as: ``` [foo] type = endpoint ... media_address = [2001:db8::] ``` And that value would be blindly copied into the outgoing SDP without regard to its format. Fixes #541 (cherry picked from commit `9f20b4659f`)	2 years ago
Naveen Albert	e65c8cede5	res_calendar_icalendar: Print iCalendar error on parsing failure. If libical fails to parse a calendar, print the error message it provdes. Resolves: #492 (cherry picked from commit `ef891529fa`)	2 years ago
George Joseph	077a1b171c	Revert "core & res_pjsip: Improve topology change handling." This reverts commit `315eb551db`. Over the past year, we've had several reports of "topology storms" occurring where 2 external facing channels connected by one or more local channels and bridges will get themselves in a state where they continually send each other topology change requests. This usually manifests itself in no-audio calls and a flood of "Exceptionally long queue length" messages. It appears that this commit is the cause so we're reverting it for now until we can determine a more appropriate solution. Resolves: #530 (cherry picked from commit `c31cd32b82`)	2 years ago
Maximilian Fridrich	b7701ba973	res_pjsip_nat: Fix potential use of uninitialized transport details The ast_sip_request_transport_details must be zero initialized, otherwise this could lead to a SEGV. Resolves: #509 (cherry picked from commit `81188ada5f`)	2 years ago
Naveen Albert	f485d3cc8b	general: Fix broken links. This fixes a number of broken links throughout the tree, mostly caused by wiki.asterisk.org being replaced with docs.asterisk.org, which should eliminate the need for sporadic fixes as in `f28047db36`. Resolves: #430 (cherry picked from commit `3bb34477d4`)	2 years ago
Matthew Fredrickson	dd79040125	res_odbc.c: Allow concurrent access to request odbc connections There are valid scenarios where res_odbc's connection pool might have some dead or stuck connections while others are healthy (imagine network elements/firewalls/routers silently timing out connections to a single DB and a single IP address, or a heterogeneous connection pool connected to potentially multiple IPs/instances of a replicated DB using a DNS front end for load balancing and one replica fails). In order to time out those unhealthy connections without blocking access to other parts of Asterisk that may attempt access to the connection pool, it would be beneficial to not lock/block access around the entire pool in _ast_odbc_request_obj2 while doing potentially blocking operations on connection pool objects such as the connection_dead() test, odbc_obj_connect(), or by dereferencing a struct odbc_obj for the last time and triggering a odbc_obj_disconnect(). This would facilitate much quicker and concurrent timeout of dead connections via the connection_dead() test, which could block potentially for a long period of time depending on odbc.ini or other odbc connector specific timeout settings. This also would make rapid failover (in the clustered DB scenario) much quicker. This patch changes the locking in _ast_odbc_request_obj2() to not lock around odbc_obj_connect(), _disconnect(), and connection_dead(), while continuing to lock around truly shared, non-immutable state like the connection_cnt member and the connections list on struct odbc_class. Fixes: #465 (cherry picked from commit `e0bf65bde6`)	2 years ago
Sean Bright	fb289b0bad	res_pjsip_header_funcs.c: Check URI parameter length before copying. Fixes #477 (cherry picked from commit `002d6c2108`)	2 years ago
Sean Bright	72d631b7bd	res_rtp_asterisk.c: Update for OpenSSL 3+. In `5ac5c2b0` we defined `OPENSSL_SUPPRESS_DEPRECATED` to silence deprecation warnings. This commit switches over to using non-deprecated API. (cherry picked from commit `05924e30f9`)	2 years ago
Sean Bright	a44fde08dd	res_http_websocket.c: Set hostname on client for certificate validation. Additionally add a `assert()` to in the TLS client setup code to ensure that hostname is set when it is supposed to be. Fixes #433 (cherry picked from commit `40a9f5a88c`)	2 years ago
Sean Bright	157e66de0e	resource_channels.c: Explicit codec request when creating UnicastRTP. Fixes #394 (cherry picked from commit `64603c4807`)	2 years ago
Sean Bright	cbf1226829	doc: Update IP Quality of Service links. Fixes #328 (cherry picked from commit `e4eeda6502`)	2 years ago
George Joseph	c40496cb38	chan_pjsip: Add PJSIPHangup dialplan app and manager action See UserNote below. Exposed the existing Hangup AMI action in manager.c so we can use all of it's channel search and AMI protocol handling without duplicating that code in dialplan_functions.c. Added a lookup function to res_pjsip.c that takes in the string represenation of the pjsip_status_code enum and returns the actual status code. I.E. ast_sip_str2rc("DECLINE") returns 603. This allows the caller to specify PJSIPHangup(decline) in the dialplan, just like Hangup(call_rejected). Also extracted the XML documentation to its own file since it was almost as large as the code itself. UserNote: A new dialplan app PJSIPHangup and AMI action allows you to hang up an unanswered incoming PJSIP call with a specific SIP response code in the 400 -> 699 range. (cherry picked from commit `af7e89ebf8`)	2 years ago
Holger Hans Peter Freyther	4053abc214	ari: Provide the caller ID RDNIS for the channels Provide the caller ID RDNIS when available. This will allow an application to follow the redirect. (cherry picked from commit `da0b1ac1c1`)	2 years ago
Brad Smith	3949358ee1	res_rtp_asterisk.c: Fix runtime issue with LibreSSL The module will fail to load. Use proper function DTLS_method() with LibreSSL. (cherry picked from commit `1d9c5faeb3`)	2 years ago
Naveen Albert	1a95cd932b	res_pjsip: Include cipher limit in config error message. If too many ciphers are specified in the PJSIP config, include the maximum number of ciphers that may be specified in the user-facing error message. Resolves: #396 (cherry picked from commit `d4185ca025`)	2 years ago
Mike Bradeen	c28302f839	res_speech: allow speech to translate input channel * Allow res_speech to translate the input channel if the format is translatable to a format suppored by the speech provider. Resolves: #129 UserNote: res_speech now supports translation of an input channel to a format supported by the speech provider, provided a translation path is available between the source format and provider capabilites. (cherry picked from commit `e8fbdca40b`)	2 years ago
Sean Bright	81386086be	res_rtp_asterisk.c: Fix memory leak in ephemeral certificate creation. Fixes #386 (cherry picked from commit `74a5c452de`)	2 years ago
Sean Bright	7f3a5b2be0	res_pjsip_dtmf_info.c: Add 'INFO' to Allow header. Fixes #376 (cherry picked from commit `3af55f14fa`)	2 years ago
Sean Bright	b614397206	pjsip_configuration.c: Disable DTLS renegotiation if WebRTC is enabled. Per RFC8827: Implementations MUST NOT implement DTLS renegotiation and MUST reject it with a "no_renegotiation" alert if offered. So we disable it when webrtc=yes is set. Fixes #378 UpgradeNote: The dtls_rekey will be disabled if webrtc support is requested on an endpoint. A warning will also be emitted. (cherry picked from commit `c7afd5357c`)	2 years ago
George Joseph	785cc25519	res_pjsip_exten_state,res_pjsip_mwi: Allow unload on shutdown Commit `f66f77f` last year prevents the res_pjsip_exten_state and res_pjsip_mwi modules from unloading due to possible pjproject asserts if the modules are reloaded. A side effect of the implementation is that the taskprocessors these modules use aren't being released. When asterisk is doing a graceful shutdown, it waits AST_TASKPROCESSOR_SHUTDOWN_MAX_WAIT seconds for all taskprocessors to stop but since those 2 modules don't release theirs, the shutdown hangs for that amount of time. This change allows the modules to be unloaded and their resources to be released when ast_shutdown_final is true. Resolves: #379 (cherry picked from commit `b9ee664440`)	2 years ago
sungtae kim	39c2f5733e	res_pjsip: Expanding PJSIP endpoint ID and relevant resource length to 255 characters This commit introduces an extension to the endpoint and relevant resource sizes for PJSIP, transitioning from its current 40-character constraint to a more versatile 255-character capacity. This enhancement significantly overcomes limitations related to domain qualification and practical usage, ultimately delivering improved functionality. In addition, it includes adjustments to accommodate the expanded realm size within the ARI, specifically enhancing the maximum realm length. Resolves: #345 UserNote: With this update, the PJSIP realm lengths have been extended to support up to 255 characters. UpgradeNote: As part of this update, the maximum allowable length for PJSIP endpoints and relevant resources has been increased from 40 to 255 characters. To take advantage of this enhancement, it is recommended to run the necessary procedures (e.g., Alembic) to update your schemas. (cherry picked from commit `9b70b18dec`)	2 years ago
Mike Bradeen	054ec2bf4a	res_stasis: signal when new command is queued res_statsis's app loop sleeps for up to .2s waiting on input to a channel before re-checking the command queue. This can cause delays between channel setup and bridge. This change is to send a SIGURG on the sleeping thread when a new command is enqueued. This exits the sleeping thread out of the ast_waitfor() call triggering the new command being processed on the channel immediately. Resolves: #362 UserNote: Call setup times should be significantly improved when using ARI. (cherry picked from commit `7ea0e3bfda`)	2 years ago
Holger Hans Peter Freyther	849cf31e51	ari/stasis: Indicate progress before playback on a bridge Make it possible to start a playback and the calling party to receive audio on a bridge before the call is connected. Model the implementation after play_on_channel and deliver a AST_CONTROL_PROGRESS before starting the playback. For a PJSIP channel this will result in sending a SIP 183 Session Progress. (cherry picked from commit `624c7ac883`)	2 years ago
Mike Bradeen	893483f915	res_pjsip: update qualify_timeout documentation with DNS note The documentation on qualify_timeout does not explicitly state that the timeout includes any time required to perform any needed DNS queries on the endpoint. If the OPTIONS response is delayed due to the DNS query, it can still render an endpoint as Unreachable if the net time is enough for qualify_timeout to expire. Resolves: #352 (cherry picked from commit `323a51fd6c`)	2 years ago
Mike Bradeen	779fb2052a	res_speech_aeap: add aeap error handling res_speech_aeap previously did not register an error handler with aeap, so it was not notified of a disconnect. This resulted in SpeechBackground never exiting upon a websocket disconnect. Resolves: #303 (cherry picked from commit `e921f5e010`)	2 years ago
Tinet-mucw	aadf9d920a	res_pjsip_transport_websocket: Prevent transport from being destroyed before message finishes. From the gdb information, ast_websocket_read reads a message successfully, then transport_read is called in the serializer. During execution of pjsip_transport_down, ws_session->stream->fd is closed; ast_websocket_read encounters an error and exits the while loop. After executing transport_shutdown, the transport's reference count becomes 0, causing a crash when sending SIP messages. This was due to pjsip_transport_dec_ref executing earlier than pjsip_rx_data_clone, leading to this issue. In websocket_cb executeing pjsip_transport_add_ref, this we now ensure the transport is not destroyed while in the loop. Resolves: asterisk#299 (cherry picked from commit `a38add11e6`)	2 years ago
Vitezslav Novy	e1231fa4ac	res_rtp_asterisk: fix wrong counter management in ioqueue objects In function rtp_ioqueue_thread_remove counter in ioqueue object is not decreased which prevents unused ICE TURN threads from being removed. Resolves: #301 (cherry picked from commit `56244a7371`)	2 years ago
George Joseph	58c8d60f4b	res_pjsip_pubsub: Add body_type to test_handler for unit tests The ast_sip_subscription_handler "test_handler" used for the unit tests didn't set "body_type" so the NULL value was causing a SEGV in build_subscription_tree(). It's now set to "". Resolves: #335 (cherry picked from commit `71d75373f9`)	2 years ago
Sean Bright	fd7a35fad8	res_stasis_recording.c: Save recording state when unmuted. Fixes #322 (cherry picked from commit `b952a8c38d`)	2 years ago
Mike Bradeen	2fb8dbc679	res_speech_aeap: check for null format on response * Fixed issue in res_speech_aeap when unable to provide an input format to check against. (cherry picked from commit `3759d034cc`)	2 years ago
George Joseph	a49bb17dbb	res_rtp_asterisk: Fix regression issues with DTLS client check * Since ICE candidates are used for the check and pjproject is required to use ICE, res_rtp_asterisk was failing to compile when pjproject wasn't available. The check is now wrapped with an #ifdef HAVE_PJPROJECT. * The rtp->ice_active_remote_candidates container was being used to check the address on incoming packets but that container doesn't contain peer reflexive candidates discovered during negotiation. This was causing the check to fail where it shouldn't. We now check against pjproject's real_ice->rcand array which will contain those candidates. * Also fixed a bug in ast_sockaddr_from_pj_sockaddr() where we weren't zeroing out sin->sin_zero before returning. This was causing ast_sockaddr_cmp() to always return false when one of the inputs was converted from a pj_sockaddr, even if both inputs had the same address and port. Resolves: #500 Resolves: #503 Resolves: #505	2 years ago
Gitea	b9594cc08a	res_pjsip_header_funcs: Duplicate new header value, don't copy. When updating an existing header the 'update' code incorrectly just copied the new value into the existing buffer. If the new value exceeded the available buffer size memory outside of the buffer would be written into, potentially causing a crash. This change makes it so that the 'update' now duplicates the new header value instead of copying it into the existing buffer.	2 years ago
Mike Bradeen	8043d060e3	res_pjsip: disable raw bad packet logging Add patch to split the log level for invalid packets received on the signaling port. The warning regarding the packet will move to level 2 so that it can still be displayed, while the raw packet will be at level 4.	2 years ago
George Joseph	be5e9c568d	res_rtp_asterisk.c: Check DTLS packets against ICE candidate list When ICE is in use, we can prevent a possible DOS attack by allowing DTLS protocol messages (client hello, etc) only from sources that are in the active remote candidates list. Resolves: GHSA-hxj9-xwr8-w8pq	2 years ago
Bastian Triller	28320a9cd8	res_pjsip_session: Send Session Interval too small response Handle session interval lower than endpoint's configured minimum timer when sending first answer. Timer setting is checked during this step and needs to handled appropriately. Before this change, no response was sent at all. After this change a response with 422 Session Interval too small is sent to UAC. (cherry picked from commit `9284dca636`)	2 years ago
MikeNaso	59618c3a34	res_pjsip.c: Set contact_user on incoming call local Contact header If the contact_user is configured on the endpoint it will now be set on the local Contact header URI for incoming calls. The contact_user has already been set on the local Contact header URI for outgoing calls. Resolves: #226 (cherry picked from commit `720813dc97`)	2 years ago
Sean Bright	7e8aadae5a	extconfig: Allow explicit DB result set ordering to be disabled. Added a new boolean configuration flag - `order_multi_row_results_by_initial_column` - to both res_pgsql.conf and res_config_odbc.conf that allows the administrator to disable the explicit `ORDER BY` that was previously being added to all generated SQL statements that returned multiple rows. Fixes: #179 (cherry picked from commit `1171beb7e4`)	2 years ago
George Joseph	f287e8fce4	rest-api: Run make ari-stubs An earlier cherry-pick that involved rest-api somehow didn't include a comment change in res/ari/resource_endpoints.h. This commit corrects that. No changes other than the comment. (cherry picked from commit `21b0522abd`)	2 years ago
Naveen Albert	c011914f70	res_pjsip_header_funcs: Make prefix argument optional. The documentation for PJSIP_HEADERS claims that prefix is optional, but in the code it is actually not. However, there is no inherent reason for this, as users may want to retrieve all header names, not just those beginning with a certain prefix. This makes the prefix optional for this function, simply fetching all header names if not specified. As a result, the documentation is now correct. Resolves: #230 UserNote: The prefix argument to PJSIP_HEADERS is now optional. If not specified, all header names will be returned. (cherry picked from commit `2179082eaf`)	2 years ago
Maximilian Fridrich	51a7b18038	core/ari/pjsip: Add refer mechanism This change adds support for refers that are not session based. It includes a refer implementation for the PJSIP technology which results in out-of-dialog REFERs being sent to a PJSIP endpoint. These can be triggered using the new ARI endpoint `/endpoints/refer`. Resolves: #71 UserNote: There is a new ARI endpoint `/endpoints/refer` for referring an endpoint to some URI or endpoint.	2 years ago
Holger Hans Peter Freyther	f335da6b74	res_prometheus: Do not generate broken metrics In `8d6fdf9c3a` invisible bridges were skipped but that lead to producing metrics with no name and no help. Keep track of the number of metrics configured and then only emit these. Add a basic testcase that verifies that there is no '(NULL)' in the output. ASTERISK-30474	2 years ago
Sean Bright	c52b4ce11c	res_pjsip: Enable TLS v1.3 if present. Fixes #221 UserNote: res_pjsip now allows TLS v1.3 to be enabled if supported by the underlying PJSIP library. The bundled version of PJSIP supports TLS v1.3.	2 years ago
Sean Bright	fe467d595c	res_geolocation: Ensure required 'location_info' is present. Fixes #189	2 years ago
zhengsh	d3c4f93ca6	res_rtp_asterisk: Move ast_rtp_rtcp_report_alloc using `rtp->themssrc_valid` into the scope of the rtp_instance lock. From the gdb information, it was found that when calling __ast_free, the size of the allocated space pointed to by the pointer matches the size created when rtp->themssrc_valid is equal to 0. However, in reality, when reading the value of rtp->themssrc_valid in gdb, it is found to be 1. Within ast_rtcp_write(), the call to ast_rtp_rtcp_report_alloc() uses rtp->themssrc_valid, which is outside the protection of the rtp_instance lock. However, ast_rtcp_generate_report(), which is called by ast_rtcp_generate_compound_prefix(), uses rtp->themssrc_valid within the protection of the rtp_instance lock. This can lead to the possibility that the value of rtp->themssrc_valid used in the call to ast_rtp_rtcp_report_alloc() may be different from the value of rtp->themssrc_valid used within ast_rtcp_generate_report(). Resolves: asterisk#63	2 years ago

1 2 3 4 5 ...

5471 Commits (211bfe122075645b479327ee2b523c4f017b7770)