asterisk

Commit Graph

Author	SHA1	Message	Date
Sean Bright	2dc3ec896f	alembic: Make 'revises' header comment match reality.	9 months ago
Mike Bradeen	9b0aefc104	res_pjsip_notify: add dialplan application Add dialplan application PJSIPNOTIFY to send either pre-configured NOTIFY messages from pjsip_notify.conf or with headers defined in dialplan. Also adds the ability to send pre-configured NOTIFY commands to a channel via the CLI. Resolves: #799 UserNote: A new dialplan application PJSIPNotify is now available which can send SIP NOTIFY requests from the dialplan. The pjsip send notify CLI command has also been enhanced to allow sending NOTIFY messages to a specific channel. Syntax: pjsip send notify <option> channel <channel>	9 months ago
George Joseph	8474754c01	manager.c: Fix FRACK when doing CoreShowChannelMap in DEVMODE If you run an AMI CoreShowChannelMap on a channel that isn't in a bridge and you're in DEVMODE, you can get a FRACK because the bridge id is empty. We now simply return an empty list for that request.	9 months ago
Ben Ford	0f7ee5fbcf	channel: Add multi-tenant identifier. This patch introduces a new identifier for channels: tenantid. It's a stringfield on the channel that can be used for general purposes. It will be inherited by other channels the same way that linkedid is. You can set tenantid in a few ways. The first is to set it in the dialplan with the Set and CHANNEL functions: exten => example,1,Set(CHANNEL(tenantid)=My tenant ID) It can also be accessed via CHANNEL: exten => example,2,NoOp(CHANNEL(tenantid)) Another method is to use the new tenantid option for pjsip endpoints in pjsip.conf: [my_endpoint] type=endpoint tenantid=My tenant ID This is considered the best approach since you will be able to see the tenant ID as early as the Newchannel event. It can also be set using set_var in pjsip.conf on the endpoint like setting other channel variable: set_var=CHANNEL(tenantid)=My tenant ID Note that set_var will not show tenant ID on the Newchannel event, however. Tenant ID has also been added to CDR. It's read-only and can be accessed via CDR(tenantid). You can also get the tenant ID of the last channel communicated with via CDR(peertenantid). Tenant ID will also show up in CEL records if it has been set, and the version number has been bumped accordingly. Fixes: #740 UserNote: tenantid has been added to channels. It can be read in dialplan via CHANNEL(tenantid), and it can be set using Set(CHANNEL(tenantid)=My tenant ID). In pjsip.conf, it is recommended to use the new tenantid option for pjsip endpoints (e.g., tenantid=My tenant ID) so that it will show up in Newchannel events. You can set it like any other channel variable using set_var in pjsip.conf as well, but note that this will NOT show up in Newchannel events. Tenant ID is also available in CDR and can be accessed with CDR(tenantid). The peer tenant ID can also be accessed with CDR(peertenantid). CEL includes tenant ID as well if it has been set. UpgradeNote: A new versioned struct (ast_channel_initializers) has been added that gets passed to __ast_channel_alloc_ap. The new function ast_channel_alloc_with_initializers should be used when creating channels that require the use of this struct. Currently the only value in the struct is for tenantid, but now more fields can be added to the struct as necessary rather than the __ast_channel_alloc_ap function. A new option (tenantid) has been added to endpoints in pjsip.conf as well. CEL has had its version bumped to include tenant ID.	9 months ago
George Joseph	83fb61e9d4	manager.c: Add entries to Originate blacklist Added Reload and DBdeltree to the list of dialplan application that can't be executed via the Originate manager action without also having write SYSTEM permissions. Added CURL, DB, FILE, ODBC and REALTIME to the list of dialplan functions that can't be executed via the Originate manager action without also having write SYSTEM permissions. If the Queue application is attempted to be run by the Originate manager action and an AGI parameter is specified in the app data, it'll be rejected unless the manager user has either the AGI or SYSTEM permissions. Resolves: #GHSA-c4cg-9275-6w44	9 months ago
Mike Bradeen	d6318995da	res_stasis: fix intermittent delays on adding channel to bridge Previously, on command execution, the control thread was awoken by sending a SIGURG. It was found that this still resulted in some instances where the thread was not immediately awoken. This change instead sends a null frame to awaken the control thread, which awakens the thread more consistently. Resolves: #801	9 months ago
George Joseph	ac99434281	.github: Allow testing an Asterisk PR against a testsuite PR	10 months ago
George Joseph	61cc8c3860	.github: Add params to Releaser for FPBX issue creation	10 months ago
George Joseph	bf830d6293	stir_shaken: CRL fixes and a new CLI command * Fixed a bug in crypto_show_cli_store that was causing asterisk to crash if there were certificate revocation lists in the verification certificate store. We're also now prefixing certificates with "Cert:" and CRLs with "CRL:" to distinguish them in the list. * Added 'untrusted_cert_file' and 'untrusted_cert_path' options to both verification and profile objects. If you have CRLs that are signed by a different CA than the incoming X5U certificate (indirect CRL), you'll need to provide the certificate of the CRL signer here. Thse will show up as 'Untrusted" when showing the verification or profile objects. * Fixed loading of crl_path. The OpenSSL API we were using to load CRLs won't actually load them from a directory, only a file. We now scan the directory ourselves and load the files one-by-one. * Fixed the verification flags being set on the certificate store. - Removed the CRL_CHECK_ALL flag as this was causing all certificates to be checked for CRL extensions and failing to verify the cert if there was none. This basically caused all certs to fail when a CRL was provided via crl_file or crl_path. - Added the EXTENDED_CRL_SUPPORT flag as it is required to handle indirect CRLs. * Added a new CLI command... `stir_shaken verify certificate_file <certificate_file> [ <profile> ]` which will assist troubleshooting certificate problems by allowing the user to manually verify a certificate file against either the global verification certificate store or the store for a specific profile. * Updated the XML documentation and the sample config file. Resolves: #809	10 months ago
George Joseph	5c437c5724	res_pjsip_config_wizard.c: Refactor load process The way we have been initializing the config wizard prevented it from registering its objects if res_pjsip happened to load before it. * We now use the object_type_registered sorcery observer to kick things off instead of the wizard_mapped observer. * The load_module function now checks if res_pjsip has been loaded already and if it was it fires the proper observers so the objects load correctly. Resolves: #816 UserNote: The res_pjsip_config_wizard.so module can now be reloaded.	10 months ago
George Joseph	0bf5e29c73	voicemail.conf.sample: Fix ':' comment typo ...and removed an errant trailing space. Resolves: #819	10 months ago
George Joseph	72d09fb4f3	bridge_softmix: Fix queueing VIDUPDATE control frames softmix_bridge_write_control() now calls ast_bridge_queue_everyone_else() with the bridge_channel so the VIDUPDATE control frame isn't echoed back. softmix_bridge_write_control() was setting bridge_channel to NULL when calling ast_bridge_queue_everyone_else() for VIDUPDATE control frames. This was causing the frame to be echoed back to the channel it came from. In certain cases, like when two channels or bridges are being recorded, this can cause a ping-pong effect that floods the system with VIDUPDATE control frames. Resolves: #780	10 months ago
George Joseph	8b5dafe39c	.github: Pass app_id and app_priv_key to AsteriskMergePR	10 months ago
George Joseph	e28c7bc4b4	.github: Change OnPRMergeApproved to use default token	10 months ago
Sean Bright	2726265a4a	logger.h: Include SCOPE_CALL_WITH_INT_RESULT() in non-dev-mode builds. Fixes #785	10 months ago
George Joseph	59ed64627c	app_voicemail_odbc: Allow audio to be kept on disk This commit adds a new voicemail.conf option 'odbc_audio_on_disk' which when set causes the ODBC variant of app_voicemail to leave the message and greeting audio files on disk and only store the message metadata in the database. This option came from a concern that the database could grow to large and cause remote access and/or replication to become slow. In a clustering situation with this option, all asterisk instances would share the same database for the metadata and either use a shared filesystem or other filesystem replication service much more suitable for synchronizing files. The changes to app_voicemail to implement this feature were actually quite small but due to the complexity of the module, the actual source code changes were greater. They fall into the following categories: * Tracing. The module is so complex that it was impossible to figure out the path taken for various scenarios without the addition of many SCOPE_ENTER, SCOPE_EXIT and ast_trace statements, even in code that's not related to the functional change. Making this worse was the fact that many "if" statements in this module didn't use braces. Since the tracing macros add multiple statements, many "if" statements had to be converted to use braces. * Excessive use of PATH_MAX. Previous maintainers of this module used PATH_MAX to allocate character arrays for filesystem paths and SQL statements as though they cost nothing. In fact, PATH_MAX is defined as 4096 bytes! Some functions had (and still have) multiples of these. One function has 7. Given that the vast majority of installations use the default spool directory path `/var/spool/asterisk/voicemail`, the actual path length is usually less than 80 bytes. That's over 4000 bytes wasted. It was the same for SQL statement buffers. A 4K buffer for statement that only needed 60 bytes. All of these PATH_MAX allocations in the ODBC related code were changed to dynamically allocated buffers. The rest will have to be addressed separately. * Bug fixes. During the development of this feature, several pre-existing ODBC related bugs were discovered and fixed. They had to do with leaving orphaned files on disk, not preserving original message ids when moving messages between folders, not honoring the "formats" config parameter in certain circumstances, etc. UserNote: This commit adds a new voicemail.conf option 'odbc_audio_on_disk' which when set causes the ODBC variant of app_voicemail_odbc to leave the message and greeting audio files on disk and only store the message metadata in the database. Much more information can be found in the voicemail.conf.sample file.	10 months ago
George Joseph	35528195b2	security_agreement.c: Always add the Require and Proxy-Require headers The `Require: mediasec` and `Proxy-Require: mediasec` headers need to be sent whenever we send `Security-Client` or `Security-Verify` headers but the logic to do that was only in add_security_headers() in res_pjsip_outbound_register. So while we were sending them on REGISTER requests, we weren't sending them on INVITE requests. This commit moves the logic to send the two headers out of res_pjsip_outbound_register:add_security_headers() and into security_agreement:ast_sip_add_security_headers(). This way they're always sent when we send `Security-Client` or `Security-Verify`. Resolves: #789	10 months ago
George Joseph	51edc5062d	.github: Use ASTERISKTEAM_PAT for PR merging	11 months ago
George Joseph	bb4d470a2d	stasis_channels: Use uniqueid and name to delete old snapshots Whenver a new channel snapshot is created or when a channel is destroyed, we need to delete any existing channel snapshot from the snapshot cache. Historically, we used the channel->snapshot pointer to delete any existing snapshots but this has two issues. First, if something (possibly ast_channel_internal_swap_snapshots) sets channel->snapshot to NULL while there's still a snapshot in the cache, we wouldn't be able to delete it and it would be orphaned when the channel is destroyed. Since we use the cache to list channels from the CLI, AMI and ARI, it would appear as though the channel was still there when it wasn't. Second, since there are actually two caches, one indexed by the channel's uniqueid, and another indexed by the channel's name, deleting from the caches by pointer requires a sequential search of all of the hash table buckets in BOTH caches to find the matching snapshots. Not very efficient. So, we now delete from the caches using the channel's uniqueid and name. This solves both issues. This doesn't address how channel->snapshot might have been set to NULL in the first place because although we have concrete evidence that it's happening, we haven't been able to reproduce it. Resolves: #783	11 months ago
George Joseph	e5a81346b0	.github: Replace PR workflows with stubs that call reusables The PR workflows now are just stubs that call reusable workflows located in the asterisk-ci-actions repo.	11 months ago
George Joseph	bafd37ed3e	.github: Refactor NightlyTests to use workflow in asterisk-ci-actions	11 months ago
George Joseph	8ebd2bedd5	.github: Add PAT to PRSubmitActions/Add Reviewers	11 months ago
Sean Bright	b46f447530	xml.c: Update deprecated libxml2 API usage. Two functions are deprecated as of libxml2 2.12: * xmlSubstituteEntitiesDefault * xmlParseMemory So we update those with supported API. Additionally, `res_calendar_caldav` has been updated to use libxml2's xmlreader API instead of the SAX2 API which has always felt a little hacky (see deleted comment block in `res_calendar_caldav.c`). The xmlreader API has been around since libxml2 2.5.0 which was released in 2003. Fixes #725	11 months ago
George Joseph	e65073d4df	.github: Add branches to workflow_dispatch for NightlyTests	1 year ago
George Joseph	200da52128	stir_shaken: Fix memory leak, typo in config, tn canonicalization * Fixed possible memory leak in tn_config:tn_get_etn() where we weren't releasing etn if tn or eprofile were null. * We now canonicalize TNs before using them for lookups or adding them to Identity headers. * Fixed a typo in stir_shaken.conf.sample. Resolves: #716	1 year ago
Spiridonov Dmitry	7210a03816	sorcery.c: Fixed crash error when executing "module reload" Fixed crash error when cli "module reload". The error appears when compiling with res_prometheus and using the sorcery memory cache for registrations	1 year ago
George Joseph	951be188ba	logger.h: Add SCOPE_CALL and SCOPE_CALL_WITH_RESULT If you're tracing a large function that may call another function multiple times in different circumstances, it can be difficult to see from the trace output exactly which location that function was called from. There's no good way to automatically determine the calling location. SCOPE_CALL and SCOPE_CALL_WITH_RESULT simply print out a trace line before and after the call. The difference between SCOPE_CALL and SCOPE_CALL_WITH_RESULT is that SCOPE_CALL ignores the function's return value (if any) where SCOPE_CALL_WITH_RESULT allows you to specify the type of the function's return value so it can be assigned to a variable. SCOPE_CALL_WITH_INT_RESULT is just a wrapper for SCOPE_CALL_WITH_RESULT and the "int" return type.	1 year ago
George Joseph	7bbc7b5a3a	res_stir_shaken: Fix compilation for CentOS7 (openssl 1.0.2) * OpenSSL 1.0.2 doesn't support X509_get0_pubkey so we now use X509_get_pubkey. The difference is that X509_get_pubkey requires the caller to free the EVP_PKEY themselves so we now let RAII_VAR do that. * OpenSSL 1.0.2 doesn't support upreffing an X509_STORE so we now wrap it in an ao2 object. * OpenSSL 1.0.2 doesn't support X509_STORE_get0_objects to get all the certs from an X509_STORE and there's no easy way to polyfill it so the CLI commands that list profiles will show a "not supported" message instead of listing the certs in a store. Resolves: #676	1 year ago
Martin Nystroem	29106567e7	res_ari.c: Add additional output to ARI requests when debug is enabled When ARI debug is enabled the logs will now output http method and the uri. Fixes: #666	1 year ago
Sean Bright	42fbf5c22f	alembic: Fix compatibility with SQLAlchemy 2.0+. SQLAlchemy 2.0 changed the way that commits/rollbacks are handled causing the final `UPDATE` to our `alembic_version_<whatever>` tables to be rolled back instead of committed. We now use one connection to determine which `alembic_version_<whatever>` table to use and another to run the actual migrations. This prevents the erroneous rollback. This change is compatible with both SQLAlchemy 1.4 and 2.0.	1 year ago
Naveen Albert	f9f36ca702	pbx_variables.c: Prevent SEGV due to stack overflow. It is possible for dialplan to result in an infinite recursion of variable substitution, which eventually leads to stack overflow. If we detect this, abort substitution and log an error for the user to fix the broken dialplan. Resolves: #480 UpgradeNote: The maximum amount of dialplan recursion using variable substitution (such as by using EVAL_EXTEN) is capped at 15.	1 year ago
Sean Bright	e1f7778b4c	res_pjsip: Fix alembic downgrade for boolean columns. When downgrading, ensure that we don't touch columns that didn't actually change during upgrade.	1 year ago
Sean Bright	1b45f481f0	alembic: Quote new MySQL keyword 'qualify.' Fixes #651	1 year ago
Ivan Poddubny	d7e638f2c3	asterisk.c: Fix sending incorrect messages to systemd notify Send "RELOADING=1" instead of "RELOAD=1" to follow the format expected by systemd (see sd_notify(3) man page). Do not send STOPPING=1 in remote console mode: attempting to execute "asterisk -rx" by the main process leads to a warning if NotifyAccess=main (the default) or to a forced termination if NotifyAccess=all.	1 year ago
George Joseph	5b9da1213c	tcptls/iostream: Add support for setting SNI on client TLS connections If the hostname field of the ast_tcptls_session_args structure is set (which it is for websocket client connections), that hostname will now automatically be used in an SNI TLS extension in the client hello. Resolves: #713 UserNote: Secure websocket client connections now send SNI in the TLS client hello.	1 year ago
George Joseph	7d69eafb5c	make_buildopts_h: Always include DETECT_DEADLOCKS Since DETECT_DEADLOCKS is now split from DEBUG_THREADS, it must always be included in buildopts.h instead of only when ADD_CFLAGS_TO_BUILDOPTS_H is defined. A SEGV will result otherwise. Resolves: #719	1 year ago
Sean Bright	a3a0139b93	alembic: Correct NULLability of PJSIP id columns. Fixes #695	1 year ago
George Joseph	3767e14d15	rtp_engine and stun: call ast_register_atexit instead of ast_register_cleanup rtp_engine.c and stun.c were calling ast_register_cleanup which is skipped if any loadable module can't be cleanly unloaded when asterisk shuts down. Since this will always be the case, their cleanup functions never get run. In a practical sense this makes no difference since asterisk is shutting down but if you're in development mode and trying to use the leak sanitizer, the leaks from both of those modules clutter up the output.	1 year ago
George Joseph	d47641cbcf	manager.c: Add missing parameters to Login documentation * Added the AuthType and Key parameters for MD5 authentication. * Added the Events parameter. Resolves: #689	1 year ago
George Joseph	be6dee18dc	Fix incorrect application and function documentation references There were a few references in the embedded documentation XML where the case didn't match or where the referenced app or function simply didn't exist any more. These were causing 404 responses in docs.asterisk.org.	1 year ago
George Joseph	f631eda4fd	Initial commit for certified-20.7	1 year ago
George Joseph	d0b8705712	res_pjsip_stir_shaken.c: Add checks for missing parameters * Added checks for missing session, session->channel and rdata in stir_shaken_incoming_request. * Added checks for missing session, session->channel and tdata in stir_shaken_outgoing_request. Resolves: #645	1 year ago
Naveen Albert	e4adc962ca	app_dial: Add dial time for progress/ringing. Add a timeout option to control the amount of time to wait if no early media is received before giving up. This allows aborting early if the destination is not being responsive. Resolves: #588 UserNote: The timeout argument to Dial now allows specifying the maximum amount of time to dial if early media is not received.	1 year ago
Naveen Albert	082966bdad	app_voicemail: Properly reinitialize config after unit tests. Most app_voicemail unit tests were not properly cleaning up after themselves after running. This led to test mailboxes lingering around in the system. It also meant that if any unit tests in app_voicemail that create mailboxes were executed and the module was not unloaded/loaded again prior to running the test_voicemail_vm_info unit test, Asterisk would segfault due to an attempt to copy a NULL string. The load_config test did actually have logic to reinitialize the config after the test. However, this did not work in practice since load_config() would not reload the config since voicemail.conf had not changed during the test; thus, additional logic has been added to ensure that voicemail.conf is truly reloaded, after any unit tests which modify the users list. This prevents the SEGV due to invalid mailboxes lingering around, and also ensures that the system state is restored to what it was prior to the tests running. Resolves: #629	1 year ago
Shaaah	c6ff7a6a51	app_queue.c : fix "queue add member" usage string Fixing bracket placement in the "queue add member" cli usage string.	1 year ago
Naveen Albert	3c42b141d7	app_voicemail: Allow preventing mark messages as urgent. This adds an option to allow preventing callers from leaving messages marked as 'urgent'. Resolves: #619 UserNote: The leaveurgent mailbox option can now be used to control whether callers may leave messages marked as 'Urgent'.	1 year ago
Sean Bright	93e40968c3	res_pjsip: Use consistent type for boolean columns. This migrates the relevant schema objects from the `('yes', 'no')` definition to the `('0', '1', 'off', 'on', 'false', 'true', 'yes', 'no')` one. Fixes #617	1 year ago
George Joseph	9f182e9f58	.github: Remove timeout-minutes from gatetests	1 year ago
George Joseph	267348bee3	attestation_config.c: Use ast_free instead of ast_std_free In as_check_common_config, we were calling ast_std_free on raw_key but raw_key was allocated with ast_malloc so it should be freed with ast_free. Resolves: #636	1 year ago
George Joseph	df0221b53d	Makefile: Add stir_shaken/cache to directories created on install The default location for the stir_shaken cache is /var/lib/asterisk/keys/stir_shaken/cache but we were only creating /var/lib/asterisk/keys/stir_shaken on istall. We now create the cache sub-directory. Resolves: #634	1 year ago

1 2 3 4 5 ...

33862 Commits (2dc3ec896f8e494065a84d66742c47aeae8c6ea5) All Branches Search

33862 Commits (2dc3ec896f8e494065a84d66742c47aeae8c6ea5)

All Branches