When endpoint specific ACL rules block a SIP request they respond with a
403 forbidden. However, if an endpoint is not identified then a 401
unauthorized response is sent. This vulnerability just discloses which
requests hit a defined endpoint. The ACL rules cannot be bypassed to gain
access to the disclosed endpoints.
* Made endpoint specific ACL rules now respond with a 401 unauthorized
which is the same as if an endpoint were not identified. The fix is
accomplished by replacing the found endpoint with the artificial endpoint
which always fails authentication.
ASTERISK-27818
Change-Id: Icb275a54ff8e2df6c671a6d9bda37b5d732b3b32
Furthermore, allow OpenSSL configured with no-dh. Additionally, this change
allows auto-negotiation of the elliptic curve/group for servers, not only with
OpenSSL 1.0.2 but also with OpenSSL 1.1.0 and newer. This enables X25519
(since OpenSSL 1.1.0) and X448 (since OpenSSL 1.1.1) as a side-effect.
ASTERISK-27910
Change-Id: I5b0dd47c5194ee17f830f869d629d7ef212cf537
Currentrly pjsip_options code does not handle the situation when the
AOR qualify options were changed.
Also there is no way to find out what qualify options are using.
This patch add CLI commands to show and synchronize Aor qualify options:
pjsip show qualify endpoint <id>
Show the current qualify options for all Aors on the PJSIP endpoint.
pjsip show qualify aor <id>
Show the PJSIP Aor current qualify options.
pjsip reload qualify endpoint <id>
Synchronize the qualify options for all Aors on the PJSIP endpoint.
pjsip reload qualify aor <id>
Synchronize the PJSIP Aor qualify options.
ASTERISK-27872
Change-Id: I1746d10ef2b7954f2293f2e606cdd7428068c38c
Currentrly pjsip_options code does not handle the situation when the
qualify options were changed in realtime database.
Only 'module reload res_pjsip' helps.
This patch add a check on contact add/update observers if the contact
qualify options are different than local aor qualify options.
If the qualify options were modified then synchronize
the pjsip_options AOR local state.
ASTERISK-27872
Change-Id: Id55210a18e62ed5d35a88e408d5fe84a3c513c62
Certain race conditions between changing bridge types and DTMF can
cause the current FLAG_NEED_MARKER_BIT to send the marker bit before
the actual first packet of native bridging.
This logic keeps track of the ssrc the bridge is currently sending
and will correctly ensure the marker bit is set if SSRC as changed
from the previous sent packet.
ASTERISK-27845
Change-Id: I01858bd0235f1e5e629e20de71b422b16f55759b
When RTP was originally created it had the ability to place a single
extension in an RTP packet. In practice people wanted to potentially
put multiple extensions in one and so RFC 5285 (obsoleted by RFC
8285) came into existence. This allows RTP extensions to be negotiated
with a unique identifier to be used in the RTP packet, allowing
multiple extensions to be present in the packet.
This change extends the RTP engine API to add support for this. A
user of it can enable extensions and the API provides the ability to
retrieve the information (to construct SDP for example) and to provide
negotiated information (from SDP). The end result is that the RTP
engine can then query to see if the extension has been negotiated and
what unique identifier is to be used. It is then up to the RTP engine
implementation to construct the packet appropriately.
The first extension to use this support is abs-send-time which is
defined in the REMB draft[1] and is a second timestamp placed in an
RTP packet which is for when the packet has left the sending system.
It is used to more accurately determine the available bandwidth.
ASTERISK-27831
[1] https://tools.ietf.org/html/draft-alvestrand-rmcat-remb-03
Change-Id: I508deac557867b1e27fc7339be890c8018171588
This function originally was used in chan_sip to enable some simplifying
assumptions and eventually was copy and pasted into res_pjsip_logger and
res_hep. Since it's replicated in three places, it's probably best to
move it into the public netsock2 API for these modules to use.
Change-Id: Id52e23be885601c51d70259f62de1a5e59d38d04
Asterisk uses Reference Counting to track whether a module can be unloaded.
Every consumer who requires a module, increases the reference count. When the
consumer goes, is unloaded itself, it has to decrease the reference count on
all its used/required modules. That way
core stop gracefully
works on the command-line interface (CLI): One module after the other is
unloaded. A recent change broke this for the module res_pjsip.
ASTERISK-27861
Change-Id: I261abcb411d026bbb0691cc78f28300bfd3103a3
This fixes build warnings found by GCC 8. In some cases format
truncation is intentional so the warning is just suppressed.
ASTERISK-27824 #close
Change-Id: I724f146cbddba8b86619d4c4a9931ee877995c84
Previously, only an IP address would be accepted for the capture_address config
setting in hep.conf. This change allows capture_address to be a resolvable
hostname or an IP address.
ASTERISK-27796 #close
Reported-By: Sebastian Gutierrez
Change-Id: I33e1a37a8b86e20505dadeda760b861a9ef51f6f
The "ari set debug" code for incoming requests incorrectly assumed
that all requests would contain a body. If one did not exist the
request would be incorrectly rejected. The response that was sent
was also incomplete as an incorrect function was used to construct
the response.
The code has now been changed to no longer require a request to have
a body and the response updated to use the correct function.
ASTERISK-27801
Change-Id: I4eef036ad54550a4368118cc348765ecac25e0f8
* Increase maximum number of ciphers from 100 to 256 (or whatever
PJ_SSL_SOCK_MAX_CIPHERS is #define'd to)
* Simplify logic in cipher_name_to_id()
* Make signed/unsigned comparison consistent
Re: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897412
Reported by: Ondřej Holas
Change-Id: Iea620f03915a1b873e79743154255c3148a514e7
When the local SSRC changes we need to update the SRTP information
so that the proper key is used. This is commonly done as a result
of bridging two channels together. Previously we only updated
the SRTP information if media had already flowed, but in practice
the channel driver may have already performed SRTP negotiation and
set up the previous SSRC. We now always do it on a local SSRC
change.
ASTERISK-27795
ASTERISK-27800
Change-Id: Ia7c8e74c28841388b5244ac0b8fd6c1dc6ee4c10
How it works today:
media_cache tries to parse out the extension of the media file to be played
from the URI provided to Asterisk while caching the file.
What's expected:
Better will be to have Asterisk get extension from other ways too. One of the
common ways is to get the type of content from the CONTENT-TYPE header in the
HTTP response for fetching the media file using the URI provided.
Steps to Reproduce:
Provide a URL of the form: http://host/media/1234 to Asterisk for media
playback. It fails to play and logs show the following error line:
[Sep 15 15:48:05] WARNING [29148] [C-00000092] file.c:
File http://host/media/1234 does not exist in any format
Scenario this issue is blocking:
In the case where the media files are stored in some cloud object store,
following can block the media being played via Asterisk:
Cloud storage generally needs authenticated access to the storage. The way
to do that is by using signed URIs. With the signed URIs there's no way to
preserve the name of the file.
In most cases Cloud storage returns a key to access the object and preserving
file name is also not a thing there
ASTERISK-27286
Reporter: Gaurav Khurana
Change-Id: I1b14692a49b2c1ac67688f58757184122e92ba89
The OPTIONS support in PJSIP has organically grown, like many things in
Asterisk. It has been tweaked, changed, and adapted based on situations
run into. Unfortunately this has taken its toll. Configuration file
based objects have poor performance and even dynamic ones aren't that
great.
This change scraps the existing code and starts fresh with new eyes. It
leverages all of the APIs made available such as sorcery observers and
serializers to provide a better implementation.
1. The state of contacts, AORs, and endpoints relevant to the qualify
process is maintained. This state can be updated by external forces (such
as a device registering/unregistering) and also the reload process. This
state also includes the association between endpoints and AORs.
2. AORs are scheduled and not contacts. This reduces the amount of work
spent juggling scheduled items.
3. Manipulation of which AORs are being qualified and the endpoint states
all occur within a serializer to reduce the conflict that can occur with
multiple threads attempting to modify things.
4. Operations regarding an AOR use a serializer specific to that AOR.
5. AORs and endpoint state act as state compositors. They take input
from lower level objects (contacts feed AORs, AORs feed endpoint state)
and determine if a sufficient enough change has occurred to be fed further
up the chain.
6. Realtime is supported by using observers to know when a contact has
been registered. If state does not exist for the associated AOR then it
is retrieved and becomes active as appropriate.
The end result of all of this is best shown with a configuration file of
3000 endpoints each with an AOR that has a static contact. In the old
code it would take over a minute to load and use all 8 of my cores. This
new code takes 2-3 seconds and barely touches the CPU even while dealing
with all of the OPTIONS requests.
ASTERISK-26806
Change-Id: I6a5ebbfca9001dfe933eaeac4d3babd8d2e6f082
Redirect libc allocation functions to use Asterisk functions for
main/ast_expr2f.c and res/ael/ael_lex.c. This will resolve errors
produced by astmm.h when these files are regenerated, though other
issues still remain.
ASTERISK~27813
Change-Id: I7263e9e4217a17bde4ffaa2087a8f8aeb2a8588c
Core bridging and, more specifically, bridge_softmix have been
enhanced to relay received frames of type TEXT or TEXT_DATA to all
participants in a softmix bridge. res_pjsip_messaging and
chan_pjsip have been enhanced to take advantage of this so when
res_pjsip_messaging receives an in-dialog MESSAGE message from a
user in a conference call, it's relayed to all other participants
in the call.
res_pjsip_messaging already queues TEXT frames to the channel when
it receives an in-dialog MESSAGE from an endpoint and chan_pjsip
will send an MESSAGE when it gets a TEXT frame. On a normal
point-to-point call, the frames are forwarded between the two
correctly. bridge_softmix was not though so messages weren't
getting forwarded to conference bridge participants. Even if they
were, the bridging code had no way to tell the participants who
sent the message so it would look like it came from the bridge
itself.
* The TEXT frame type doesn't allow storage of any meta data, such
as sender, on the frame so a new TEXT_DATA frame type was added that
uses the new ast_msg_data structure as its payload. A channel
driver can queue a frame of that type when it receives a message
from outside. A channel driver can use it for sending messages
by implementing the new send_text_data channel tech callback and
setting the new AST_CHAN_TP_SEND_TEXT_DATA flag in its tech
properties. If set, the bridging/channel core will use it instead
of the original send_text callback and it will get the ast_msg_data
structure. Channel drivers aren't required to implement this. Even
if a TEXT_DATA enabled driver uses it for incoming messages, an
outgoing channel driver that doesn't will still have it's send_text
callback called with only the message text just as before.
* res_pjsip_messaging now creates a TEXT_DATA frame for incoming
in-dialog messages and sets the "from" to the display name in the
"From" header, or if that's empty, the caller id name from the
channel. This allows the chat client user to set a friendly name
for the chat.
* bridge_softmix now forwards TEXT and TEXT_DATA frames to all
participants (except the sender).
* A new function "ast_sendtext_data" was added to channel which
takes an ast_msg_data structure and calls a channel's
send_text_data callback, or if that's not defined, the original
send_text callback.
* bridge_channel now calls ast_sendtext_data for TEXT_DATA frame
types and ast_sendtext for TEXT frame types.
* chan_pjsip now uses the "from" name in the ast_msg_data structure
(if it exists) to set the "From" header display name on outgoing text
messages.
Change-Id: Idacf5900bfd5f22ab8cd235aa56dfad090d18489
Adds the ability to receive and handle incoming NACK requests if
retransmissions are enabled. If retransmissions are enabled, a data
buffer is allocated that stores packets being sent. If a NACK request
is received, the packet requested for retransmission is sent if it is
still in the buffer. In the same request, if any of the following 16
packets are marked as not received, those will be sent as well if
available, as outlined in RFC4585.
Also changes RTCP RR and SR to use media source SSRC instead of packet
source SSRC when determining which instance to use for RTCP reports.
For more information, refer to the wiki page:
https://wiki.asterisk.org/wiki/display/AST/WebRTC+User+Experience+Improvements
ASTERISK-27806 #close
Change-Id: I7f7f124af3b9d5d2fd9cffc6ba8cb48a6fff06ec
Use of extended stringfields is a temporary mechanism to avoid ABI
breakage in released branches without resorting to more inconvienient
methods.
* Collect existing extended stringfields into the parent stringfield
section of the struct.
Change-Id: I8d46d037801b4518837c3ea4b6df95ceadc9436b
This reverts a problem introduced by the fix for ASTERISK_24329.
Now, when an announcement is played while waiting in a queue, music on
hold will not restart from the beginning of the sound file and will
instead pick up where it left off. However, the incorrect behavior in
ASTERISK_24329 is now present again; if an announcement X seconds
long is played when music on hold starts, music on hold will start X
seconds into the file.
ASTERISK-27774 #close
Reported by: lvl
Change-Id: I86b2885ee7063268f9b9747eddb788336ade989b
When a scheduled task is created you can pass in the
AST_SIP_SCHED_TASK_TRACK flag. This new flag causes scheduling events to
be logged.
Change-Id: I91967eb3d5a220915ce86881a28af772f9a7f56b
ast_sip_push_task_synchronous() did not necessarily execute the passed in
task under the specified serializer. If the current thread is any
registered pjsip thread then it would execute the task immediately instead
of under the specified serializer. Reentrancy issues could result if the
task does not execute with the right serializer.
The original reason ast_sip_push_task_synchronous() checked to see if the
current thread was a registered pjsip thread was because of a deadlock
with masquerades and the channel technology's fixup callback
(ASTERISK_22936). A subsequent masquerade deadlock fix (ASTERISK_24356)
involving call pickups avoided the original deadlock situation entirely.
The PJSIP channel technology's fixup callback no longer needed to call
ast_sip_push_task_synchronous().
However, there are a few places where this unexpected behavior is still
required to avoid deadlocks. The pjsip monitor thread executes callbacks
that do calls to ast_sip_push_task_synchronous() that would deadlock if
the task were actually pushed to the specified serializer. I ran into one
dealing with the pubsub subscriptions where an ao2 destructor called
ast_sip_push_task_synchronous().
* Split ast_sip_push_task_synchronous() into
ast_sip_push_task_wait_servant() and ast_sip_push_task_wait_serializer().
ast_sip_push_task_wait_servant() has the old behavior of
ast_sip_push_task_synchronous(). ast_sip_push_task_wait_serializer() has
the new behavior where the task is always executed by the specified
serializer or a picked serializer if one is not passed in. Both functions
behave the same if the current thread is not a SIP servant.
* Redirected ast_sip_push_task_synchronous() to
ast_sip_push_task_wait_servant() to preserve API for released branches.
ASTERISK_26806
Change-Id: Id040fa42c0e5972f4c8deef380921461d213b9f3
* Fix the periodic interval wander because it may take significant time
between the sched thread queueing the task in the serializer and the
serializer actually executing the task. The time it takes to actually
execute the task was already taken into account.
* Pass a schtd ref to the serializer when we queue a scheduled task on
the serializer. We don't want it going away on us while it is in the
serializer queue.
* Skip the scheduled task if the task was canceled between queueing the
task to the serializer and the serializer actually executing the task.
* Reorder struct ast_sip_sched_task to avoid unnecessary padding. Removed
task_id and added next_periodic.
* Hold a ref to the passed in serializer so the serializer cannot go away
on the scheduled task.
ASTERISK_26806
Change-Id: I6c8046b75f6953792c8c30e55b836a4291143f24
* A side benefit is that the scheduled tasks are not completely blocked
while the CLI command executes.
* Adjusted the "Task Name" column width to have more room for longer
names.
Change-Id: Iec64aa463ee8b10eef90120e00c38b1fb444087e
It now appends the external IP address on the
o= line of the SDP packet. The decision was made to write
the numeric IP address as opposed to the RFC that states
the FQDN should be used if and when available. We believe
the usage of literal IP address will help avoid
potential problems.
ASTERISK-27614 #close
Change-Id: I84f3360f3606b8c4e8d161edb228799ec0b8a302
This patch adds support to send in-dialog SIP NOTIFY commands on
chan_pjsip channels, similar to the functionality recently added
for chan_sip (ASTERISK_27461).
This extends res_pjsip_notify to allow for in-dialog messages.
ASTERISK-27697
Change-Id: If7f3151a6d633e414d5dc319d5efc1443c43dd29
* Removed several invalid uses of OBJ_NOLOCK. These uses resulted in the
'tasks' container being accessed without a lock in a multi-threaded
environment. A recipe for crashes.
* Removed needlessly obtaining schtd object references. If the caller
providing you a pointer to an object doesn't have a valid reference then
you cannot safely get one from it.
* Getting a ref to 'tasks' when you aren't copying the pointer into
another location is useless. The 'tasks' container pointer is global.
* Removed many unnecessary uses of RAII_VAR.
* Make ast_sip_schedule_task() name parameter const.
ASTERISK_26806
Change-Id: I5c62488e651314e2a1dbc01f5b078a15512d73db
There is a problem when an INVITE-with-Replaces transfer targets a channel
in a ConfBridge. The transfer will unconditionally swap out the
ConfBridge channel. Unfortunately, the ConfBridge state will not be aware
of this change. Unexpected behavior will happen as a result since
ConfBridge channels currently can only be replaced by a masquerade and not
normal bridge channel moves.
* We just need to pretend that the channel isn't in a bridge (like other
transfer methods already do) so the transfer channel will masquerade into
the ConfBridge channel.
Change-Id: I209beb0e748fa4f4b92a576f36afa8f495ba4c82
This change allows chan_pjsip to be given an AST_FRAME_RTCP
containing REMB feedback and pass it to res_rtp_asterisk.
Once res_rtp_asterisk receives the frame a REMB RTCP feedback
packet is constructed with the appropriate contents and sent
to the remote endpoint.
ASTERISK-27776
Change-Id: Ic53f821c1560d8924907ad82c4d9c0bc322b38cd
The previous payload specific feedback handling was very single
minded in that it just assumed everything should trigger a video
update. This was changed but the handling of picture loss indication
was not added. The result was that video may not flow. This change
adds it explicitly in.
Change-Id: I1894be02e39ee10a0af841b5a1dca5f0ec7d60b6
A deadlock can happen when the PJSIP monitor thread is shutting down a
connection oriented transport (TCP/TLS) used by a subscription at the same
time as another thread tries to send something for that subscription. The
deadlock is between the pjsip monitor thread attempting to get the dialog
lock and another thread sending something for that dialog when it tries to
get the transport manager lock.
* res_pjsip_pubsub.c: Avoid the deadlock by pushing the subscription
removal to the subscription serializer.
* res_pjsip_registrar.c: Pushed off incoming registration contact removals
to a default serializer as a precaution. Removing the contacts involves
sorcery access which in this case will involve database access. Depending
upon the setup, the database may not be on the same machine and could take
awhile. We don't want to hold up the pjsip monitor thread with
potentially long access times.
ASTERISK-27706
Change-Id: I56b647aea565f24dba33e9e5ebeed4cd3f31f8c4
Apparently it is possible for the transport to be destroyed without
triggering the transport callback logic. As a result the transport gets
destroyed and we have a stale pointer in the active_transports container.
* Invoke the transport monitor callback checks when the transport is
destroyed in addition to when it is disconnected and shutdown.
ASTERISK-27688
Change-Id: Ia9b5469fea8f2b3f2d8476fae6b748a4d23e7261
This change extends the existing AST_FRAME_RTCP frame type to be
able to contain additional RTCP message types, such as feedback
messages. The payload type is contained in the subclass which allows
knowing what is in the frame itself.
The RTCP feedback message type is now handled and REMB[1] messages
are raised with their containing information.
This also fixes a bug where all feedback messages were triggering
video updates instead of just FIR and FUR.
Finally RTCP frames are now passed up through the Asterisk core to
what is handling the channel, mapped appropriately in the case of
bridging, and written to an outgoing stream. Since RTCP frames are
on a per-stream basis this is only done on multistream capable
channels.
[1] https://tools.ietf.org/html/draft-alvestrand-rmcat-remb-03
ASTERISK-27758
ASTERISK-26366
Change-Id: I680da0ad8d5059d5e9655d896fb9d92e9da8491e
This change adds a property to RTP instances to indicate that
REMB support is enabled and that sending/receiving should be
passed through.
This also enables it on video RTP instances in PJSIP if
WebRTC support is enabled.
Finally the goog-remb extension is added to the SDP using
the rtcp-fb attribute to indicate our support for it.
Details about REMB can be found on the draft document for it:
https://tools.ietf.org/html/draft-alvestrand-rmcat-remb-03
Change-Id: I1902dda1c0882bd1a0d71b2f120684b44b97e789
Asterisk does not need the development package of libltdl, because it does not
use any symbol of -lltdl directly. Instead, it uses the runtime package via the
shared library -lodbc. On the supported platforms, that shared library declares
its dependency on -lltdl correctly, otherwise AST_EXT_LIB_CHECK would have
failed.
ASTERISK-27745
Change-Id: Icd315809b8e7978203431f3afb66240dd3a040ba
* acl (named_acl.c)
* cdr
* cel
* ccss
* dnsmgr
* dsp
* enum
* extconfig (config.c)
* features
* http
* indications
* logger
* manager
* plc
* sounds
* udptl
These modules are now loaded at appropriate time by the module loader.
Unlike loadable modules these use AST_MODULE_LOAD_FAILURE on error so
the module loader will abort startup on failure of these modules.
Some of these modules are still initialized or shutdown from outside the
module loader. logger.c is initialized very early and shutdown very
late, manager.c is initialized by the module loader but is shutdown by
the Asterisk core (too much uses it without holding references).
Change-Id: I371a9a45064f20026c492623ea8062d02a1ab97f
Since ASTERISK-27253, no symbols from the header srtp2/crypto_types.h are used
anymore. Therefore, its include statement can be removed. This allows to compile
Asterisk on platforms which do not offer this private header, like openSUSE.
ASTERISK-27733
Change-Id: I25c5cb8fa966043d1506ebef449e5a724412b4b6
The menuselect comment was updated to deprecate these modules but the
AST_MODULE_INFO block at the end of file was missed.
ASTERISK-27671
Change-Id: I63070b5c4d4f08af010c6034acd4793c1bcef839
Checking option_debug directly is incorrect as it ignores file/module
specific debug settings. This system-wide change replaces nearly all
direct checks for option_debug with the DEBUG_ATLEAST macro.
Change-Id: Ic342d4799a945dbc40ac085ac142681094a4ebf0
In handle_negotiated_sdp(), use session->active_media_state when
session->pending_media_state is empty. The 200's SDP should be fed into
handle_negotiated_sdp_session_media() together with the already negotiated
state, which is now in session->active_media_state instead. Only if both
the session's pending and active media are empty should
handle_negotiated_sdp() abort.
ASTERISK-27441
Change-Id: If0d5150ffe6f38d8a854831fef37942258d4629c
This allows asterisk to be compiled with MALLOC_DEBUG to load modules
built without MALLOC_DEBUG. Now pre-compiled third-party modules will
still work regardless of MALLOC_DEBUG being enabled or not.
Change-Id: Ic07ad80b2c2df894db984cf27b16a69383ce0e10
The pool cache gets in the way of finding use after free errors of memory
pool contents. Tools like valgrind and MALLOC_DEBUG don't know when a
pool is released because it gets put into the cache instead of being
freed.
* Added the "cache_pools" option to pjproject.conf. Disabling the option
helps track down pool content mismanagement when using valgrind or
MALLOC_DEBUG. The cache gets in the way of determining if the pool
contents are used after free and who freed it.
To disable the pool caching simply disable the cache_pools option in
pjproject.conf and restart Asterisk.
Sample pjproject.conf setting:
[startup]
cache_pools=no
* Made current users of the caching pool factory initialization and
destruction calls call common routines to create and destroy cached pools.
ASTERISK-27704
Change-Id: I64d5befbaeed2532f93aa027a51eb52347d2b828
A couple of additional properties are needed in rtp_engine to enable
support for packet retransmission: AST_RTP_PROPERTY_RETRANS_RECV and
AST_RTP_PROPERTY_RETRANS_SEND. These will both be enabled automatically
if an endpoint has the webrtc option enabled. While this adds no
functionality currently, it will serve as a building block for future
changes for RTP retransmission support.
For more information, refer to the wiki page:
https://wiki.asterisk.org/wiki/display/AST/WebRTC+User+Experience+Improvements
Change-Id: Ic598acd042a045f9d10e5bdccb66f4efc9e587cc
The transferrer's session channel was destroyed by the transferrer's
serializer thread in a race condition with the transfer target's
serializer thread during an attended transfer. The transfer target's
serializer was attempting to clean up a deferred end status on behalf of
the transferrer's channel when it should have passed the action to the
transferrer's serializer. When the transfer target's serializer lost the
race then both threads wind up trying to end the transferrer's session.
* Push the ast_sip_session_end_if_deferred() call onto the transferrer's
serializer to avoid a race condition that results in a crash. The
session_end() function that could be called by
ast_sip_session_end_if_deferred() really must be executed by the
transferrer's serializer to avoid this kind of crash.
ASTERISK-27568
Change-Id: Iacda724e7cb24d7520e49b2fd7e504aa398d7238
In ast_websocket_read() we were not adequately checking that the
payload_len was non-zero before passing it to ws_safe_read(). Calling
ws_safe_read with a len argument of 0 will result in a busy loop until
the underlying socket is closed.
ASTERISK-27658 #close
Change-Id: I9d59f83bc563f711df1a6197c57de473f6b0663a
Since res_pjsip_transport_management provides several attack
mitigation features, its functionality moved to res_pjsip and
this module has been removed. This way the features will always
be available if res_pjsip is loaded.
ASTERISK-27618
Reported By: Sandro Gauci
Change-Id: I21a2d33d9dda001452ea040d350d7a075f9acf0d
pjsip_distributor:
authenticate() creates a tdata and uses it to send a challenge or
failure response. When pjsip_endpt_send_response2() succeeds, it
automatically decrements the tdata ref count but when it fails, it
doesn't. Since we weren't checking for a return status, we weren't
decrementing the count ourselves on error and were therefore leaking
tdatas.
res_pjsip_session:
session_reinvite_on_rx_request wasn't decrementing the ref count
if an error happened while sending a 491 response.
pre_session_setup wasn't decrementing the ref count if
while sending an error after a pjsip_inv_verify_request failure.
res_pjsip:
ast_sip_send_response wasn't decrementing the ref count on error.
ASTERISK-27618
Reported By: Sandro Gauci
Change-Id: Iab33a6c7b6fba96148ed465b690ba8534ac961bf
It was discovered that there are some corner cases where a pjsip tsx
might have no last_tx so calling ast_sip_failover_request with
a NULL last_tx as its tdata would cause a crash.
ASTERISK-27618
Reported By: Sandro Gauci
Change-Id: Ic2b63f6d4ae617c4c19dcdec2a7a6156b54fd15b
When receiving a SUBSCRIBE request the Accept headers from it are
stored locally. This operation has a fixed limit of 32 Accept headers
but this limit was not enforced. As a result it was possible for
memory outside of the allocated space to get written to resulting
in a crash.
This change enforces the limit so only 32 Accept headers are
processed.
ASTERISK-27640
Reported By: Sandro Gauci
Change-Id: I99a814b10b554b13a6021ccf41111e5bc95e7301
If the ICE role is not set right away, we might have a role conflict
that stays undetected and ICE finishing with successful tests and no
candidate nominated. This was introduced by ASTERISK-27088.
To avoid this, we set the role as soon as before but only if the ICE
state permits it: still checking and not yet nominating candidates or
completed.
ASTERISK-27646
Change-Id: I5dbc69ad63cacbb067922850fbb113d479bd729c
* Prefer strcasecmp() over stricmp()
* Use a list with no lock since we never actually lock
* Minor cleanups to error messages
Change-Id: I8446f44795ee8f3072e1c1f9193c6912dfc0c42b
There is a dedicated slot in the pjsip_sip_uri for the 'user'
parameter, so use that instead of adding to the list of generic URI
parameters.
Change-Id: I0a0ce8a60ecee27489735bf56fd707719d8c2ed6
* app_fax (replaced by res_fax).
* res_config_sqlite (replaced by res_config_sqlite3).
* res_monitor (replaced by app_mixmonitor).
This is related to ASTERISK~23657 but does not resolve that ticket.
Resolving that ticket would require complete removal of res_monitor.
ASTERISK-27671 #close
Change-Id: I16a3edd61fc1abd4a7b2e9357693ed663f62dd49
res_pjsip_endpoint_identifier_user.c:
* Fix copy/paste error in find_endpoint(). We were using a constant
"anonymous" string instead of the passed in endpoint_name when checking
the transport domain for an endpoint match.
* Eliminate RAII_VAR in find_endpoint().
* Remove always true check in find_transport_state_in_use().
* Remove useless CMD_STOP in find_transport_state_in_use().
res_pjsip_endpoint_identifier_anonymous.c:
* Eliminate RAII_VAR in anonymous_identify().
* Remove always true check in find_transport_state_in_use().
* Remove useless CMD_STOP in find_transport_state_in_use().
Change-Id: I86924c31db5bd225ca0c1219c761b668c6f91189
pjproject does not have a function to reverse pjsip_inv_usage_init.
This means we need to ignore any calls to the functions once shutdown is
final.
ASTERISK-27571 #close
Change-Id: Ia550fcba563e2328f03162d79fb185f16b7c9b9d
In an earlier release, inbound registrations on a reliable transport
were pruned on Asterisk restart since the TCP connection would have
been torn down and become unusable when Asterisk stopped. This same
process is now also applied to inbound subscriptions.
Also fixed issues in res_pjsip_registrar where it wasn't handling the
monitoring correctly when multiple registrations came in over the same
transport.
To accomplish this, the pjsip_transport_event feature needed to
be refactored to allow multiple monitors (multiple subcriptions or
registrations from the same endpoint) to exist on the same transport.
Since this changed the API, any external modules that may have used the
transport monitor feature (highly unlikey) will need to be changed.
ASTERISK-27612
Reported by: Ross Beer
Change-Id: Iee87cf4eb9b7b2b93d5739a72af52d6ca8fbbe36
This removes references that are no longer needed due to automatic
references created by module dependencies.
In addition this removes most calls to ast_module_check as they were
checking modules which are listed as dependencies.
Change-Id: I332a6e8383d4c72c8e89d988a184ab8320c4872e
I've audited all modules that include any header which includes
asterisk/optional_api.h. All modules which use OPTIONAL_API now declare
those dependencies in AST_MODULE_INFO using requires or optional_modules
as appropriate.
In addition ARI dependency declarations have been reworked. Instead of
declaring additional required modules in res/ari/resource_*.c we now add
them to an optional array "requiresModules" in api-docs for each module.
This allows the AST_MODULE_INFO dependencies to include those missing
modules.
Change-Id: Ia0c70571f5566784f63605e78e1ceccb4f79c606
The type=identify endpoint identification method can match by IP address
and by SIP header. However, the SIP header matching has limited
usefulness because you cannot specify the SIP header matching priority
relative to the IP address matching. All the matching happens at the same
priority and the order of evaluating the identify sections is
indeterminate. e.g., If you had two type=identify sections where one
matches by IP address for endpoint alice and the other matches by SIP
header for endpoint bob then you couldn't predict which endpoint is
matched when a request comes in that matches both.
* Extract the SIP header matching criteria into its own "header" endpoint
identification method so the user can specify the relative priority of the
SIP header and the IP address matching criteria in the global
endpoint_identifier_order option. The "ip" endpoint identification method
now only matches by IP address.
ASTERISK-27491
Change-Id: I9df142a575b7e1e3471b7cda5d3ea156cef08095
* Declare 'requires' and 'enhances' text fields on module info structure.
* Rename 'nonoptreq' to 'optional_modules'.
* Update doxygen comments.
Still need to investigate dependencies among modules I cannot compile.
Change-Id: I3ad9547a0a6442409ff4e352a6d897bef2cc04bf
We did this for TCP transports already but I'm not sure why we
didn't do it for TLS transports.
ASTERISK_27474 #not_final_fix
Change-Id: I5b1ef4b882f7b859e718236686b7898751dbb262
If any component of ast_config_AST_RECORDING_DIR is a symbolic link we
would incorrectly assume the ARI user was trying to escape the recording
path. Create additional check to check the recording directory's
realpath, only deny access if both do not match.
This is needed by the testsuite when run by 'run-local'.
Change-Id: I9145e841865edadcb5f75cead3471ad06bbb56c0
The requirement that "ip" must be in the endpoint identify_by list to
allow the type=identify method to identify the endpoint is not necessary.
The "ip" identifier method can match one and only one endpoint. To even
work, the "ip" identifier method configuration must explicitly specify the
identified endpoint. Therefore, why bother configuring the type=identify
identifier in the first place? The requirement only adds the potential
for configuration errors for no benefit. Even worse, those configuration
errors cannot be detected when the configuration loads. The requirement
was introduced with the ASTERISK_27206 patch.
* Remove the code change that enforces the requiremnt. Listing the "ip"
method in the identify_by value is simply documentation.
Change-Id: Ia057f92a33fb5d9f51dc5d5692e3d5ee1a6f2c11
* Extracted sip_endpoint_identifier_type2str() and
sip_endpoint_identifier_str2type() to simplify the calling functions.
* Fixed pjsip_configuration.c:ident_to_str() building the endpoint's
identify_by value string.
Change-Id: Ide876768a8d5d828b12052e2a75008b0563fc509
The AMI PJSIPShowEndpoint action could only list one IdentifyDetail AMI
event per endpoint. However, there is no reason that multiple
type=identify sections cannot identify the same endpoint.
* Reworked format_ami_endpoint_identify() to generate as many
IdentifyDetail AMI events as there are matching identifiers.
Change-Id: Ie146792aef72d78e05416ab5b27bc552a30399db
Some WebRTC clients can't handle renegotiation with the addition of
streams that include an offer to bundle. They instead expect the
newly added streams to already be bundled. This change does such a thing
if WebRTC support is enabled on an endpoint.
ASTERISK-27566
Change-Id: I7fe9b7ac35a2798627d9c2c8369129f407af6461
In addition to being a micro-optimization (RAII_VAR has overhead), this
change improves output of REF_DEBUG. Unfortunately when RAII_VAR calls
ao2_cleanup it does so from a generated _dtor_varname function. For
example this caused _dtor_app to release a reference instead of
__stasis_app_unregister.
Change-Id: I4ce67120583a446babf9adeec678b71d37fcd9e5
If the dial bridge has been created it must be released by calling
ast_bridge_destroy, simply releasing the ao2 reference is not enough.
Also move stasis_app_control_shutdown earlier in unload to ensure the
bridge cannot be created or grabbed after the app_bridges container is
released.
Change-Id: I372302de94ca63876069e2585a049c5060e5e767
Instead of searching for bridge_id provided in an argument this function
always searched for BRIDGE_ALL first. Rewrite this function to work
like the similar functions for channel and endpoint functions.
Change-Id: Ib5caca69e11727c5c8a7284a1d00621f40f1e60a
Some (normally optional) modules created notices, warnings, and even errors
in normal situations like (un)load. This cluttered the command-line interface
(CLI) on start and while stopping gracefully. However, when an user went for
the script './contrib/scripts/install_prereq', those modules get compiled-in
because their prerequisites were met at compile time. Furthermore, because of
ASTERISK_27475, the former talkative module 'res_curl' is built as side-effect.
ASTERISK-27553
Change-Id: I9f105f46d72553994e820679bfde3478a551b281
The ip_identify_apply() did not validate the configuration for simple
static configuration errors or deal well with address resolution errors.
* Added missing configuration validation checks.
* Fixed address resolution error handling.
* Demoted an error message to a warning since it does not fail applying
the identify object configuration.
Change-Id: I8b519607263fe88e8ce964f526a45359fd362b6e
If an endpoint identifier name in the endpoint_identifier_order list is a
prefix to the identifier we are registering, we could install it in the
wrong position of the list.
Assuming
endpoint_identifier_order=username,ip,anonymous
then registering the "ip_only" identifier would put the identifier in the
wrong position of the priority list.
* Fix incorrect strncmp() string prefix matching.
Change-Id: Ib8819ec4b811da8a27419fd93528c54d34f01484
This function returns NULL if the module in question is not running. I
did not change ast_module_ref as most callers do not check the result
and they always call ast_module_unref.
Make use of this function when running registered items from:
* app_stack API's
* bridge technologies
* CLI commands
* File formats
* Manager Actions
* RTP engines
* Sorcery Wizards
* Timing Interfaces
* Translators
* AGI Commands
* Fax Technologies
ASTERISK-20346 #close
Change-Id: Ia16fd28e188b2fc0b9d18b8a5d9cacc31df73fcc
The pjsip_msg_find_hdr function can return NULL. This patch adds a check
when searching for the sequence header to make sure a NULL pointer is never
de-referenced.
Change-Id: I19af23aeeded65be016be92360e8cb7ffe51fad2
Per RFC 5245, the foundation specified with an ICE candidate can be up
to 32 characters but we are only allowing for 31.
ASTERISK-27498 #close
Reported by: Michele Prà
Change-Id: I05ce7a5952721a76a2b4c90366168022558dc7cf
Those SIP messages that create dialogs require a contact header to be present.
If the contact header was missing from the message it could cause Asterisk to
crash.
This patch checks to make sure SIP messages that create a dialog contain the
contact header. If the message does not and it is required Asterisk now returns
a "400 Missing Contact header" response. Also added NULL checks when retrieving
the contact header that were missing as a "just in case".
ASTERISK-27480 #close
Change-Id: I1810db87683fc637a9e3e1384a746037fec20afe
Fix instances of:
* Retreive
* Recieve
* other then
* different then
* Repeated words ("the the", "an an", "and and", etc).
* othterwise, teh
ASTERISK-24198 #close
Change-Id: I3809a9c113b92fd9d0d9f9bac98e9c66dc8b2d31
Some variables are set and never changed, making them constant. This
means that code in the 'false' block of the conditional is unreachable.
In chan_skinny and res_config_ldap I used preprocessor directive `#if 0`
as I'm unsure if the unreachable code could be enabled in the future.
Change-Id: I62e2aac353d739fb3c983cf768933120f5fba059
When RTCP-MUX enabled. rtp->s is the same as rtcp->s, check this before
close the file descriptor. Close the FD twice will hangs the asterisk
under heavy load.
ASTERISK-27299 #close
Reported-by: Aaron An
Tested-by: AaronAn
Change-Id: I870a072d73fd207463ac116ef97100addbc0820a
Remove nearly all use of regex from ACO users. Still remaining:
* app_confbridge has a legitamate use of option name regex.
* ast_sorcery_object_fields_register is implemented with regex, all
callers use simple prefix based regex. I haven't decided the best
way to fix this in both 13/15 and master.
Change-Id: Ib5ed478218d8a661ace4d2eaaea98b59a897974b
When adding shutdown refs for OPTIONAL_API components I accidentally
added it to the unload_module function in res_smdi. Move it to
load_module.
Change-Id: I2b9da38fbc11ef78ea23dbb2df92b684be7f647c
res_hep_pjsip.so and res_hep_rtcp.so will still load and do a lot of
unnecessary work even if 'enabled' is set to 'no' in hep.conf.
Change-Id: I3eddfeea09c6b5bc7c641952ee0ae487fd09b64b
We should not do flood detection on video RTP streams. Video RTP streams
are very bursty by nature. They send out a burst of packets to update the
video frame then wait for the next video frame update. Really only audio
streams can be checked for flooding. The others are either bursty or
don't have a set rate.
* Added code to selectively disable packet flood detection for video RTP
streams.
ASTERISK-27440
Change-Id: I78031491a6e75c2d4b1e9c2462dc498fe9880a70
add_crypto_to_stream wasn't checking for a NULL
session->inv_session->neg before calling pjmedia_sdp_neg_get_state.
This was causing a crash if the negotiation hadn't already been
completed and asterisk was compiled with --enable-dev-mode.
Change-Id: I57c6229954a38145da9810fc18657bfcc4d9d0c9
Reset the samples counter to zero when we are done playing an
announcement so that we don't skip into the middle of the first file in
the playlist.
Also add the selected annoucement to the output of 'moh show classes.'
ASTERISK-24329 #close
Reported by: Thomas Frederiksen
Change-Id: I2a5f986a31279c981592f49391409ebf38d6f6d0
When the RTCP code was transitioned over to Stasis a code change
was made to keep track of how many reports are present. This count
controlled where report blocks were placed in the RTCP report.
If a compound RTCP packet was received this logic would incorrectly
place a report block in the wrong location resulting in a write
to an invalid location.
This change removes this counting logic and always places the report
block at the first position. If in the future multiple reports are
supported the logic can be extended but for now keeping a count
serves no purpose.
ASTERISK-27382
ASTERISK-27429
Change-Id: Iad6c8a9985c4b608ef493e19c421211615485116
When a connected line update is sent to an endpoint we do not request
a specific stream topology to be used. Previously this resulted in the
configured stream topology being used which may actually differ from the
currently negotiated topology. PJSIP is helpful in this regard in that
it will fill in any missing streams with removed ones. This results in
our own state not matching the SDP, though, and we do not apply the
negotiated SDP.
This change tweaks the code to use the actively negotiated stream
topology if it is present with a fallback to the configured one. This
results in the SDP and the state having matching information and the
world is happy.
ASTERISK*27397
Change-Id: I7a57117f0183479e6884b7bf3a53bb8c7464f604
This patch does three things associated with the initial incoming INVITE
request URI.
1) Add access to the full initial incoming INVITE request URI.
2) We were not setting DNID on incoming PJSIP channels. The DNID is the
user portion of the initial incoming INVITE Request-URI. The value is
accessed by reading CALLERID(dnid).
3) Fix CHANNEL(pjsip,target_uri) documentation.
* The initial incoming INVITE request URI is now available using
CHANNEL(pjsip,request_uri).
* Set the DNID on PJSIP channel creation so CALLERID(dnid) can return the
initial incoming INVITE request URI user portion.
* CHANNEL(pjsip,target_uri) now correctly documents that the target URI is
the contact URI.
* Refactored print_escaped_uri() out of channel_read_pjsip() to handle
pjsip_uri_print() error condition when the buffer is too small.
ASTERISK-27478
Change-Id: I512e60d1f162395c946451becb37af3333337b33
Support for these protocols was added in the same commit as the 'proto'
field, so we can safely use the same ./configure check.
For reference: https://trac.pjsip.org/repos/changeset/4968
Change-Id: Icf4975d785d6bfb8f30ac7ffa695a0adf9382dac
A couple of places were setting the status to "UNKNOWN" when qualifies were
being disabled. Instead this should be set to the "CREATED" status that
represents when a contact is given (uri available), but the qualify frequency
is set to zero so we don't know the status.
This patch updates the relevant places with "CREATED". It also updates the
"CREATED" status description (value shown in CLI/AMI/ARI output) to a value
of "NonQualified"/"NonQual" as this description is hopefully less confusing.
ASTERISK-27467
Change-Id: Id67509d25df92a72eb3683720ad2a95a27b50c89
Use the new ast_cli_completion_add() function to improve completion
performance for commands like 'pjsip show endpoint.'
Change-Id: I76d802294d2ac1766110dc75f7d117c8541ce348
Using the LIKE operator requires a full table scan of 'astdb', whereas a
comparison operation is able to use the primary key index.
This patch adds a new function to the AstDB API for quick prefix matches
and updates res_sorcery_astdb to utilize it. This showed substantial
performance improvement in my test environment.
Related to ASTERISK~26806, but does not completely resolve it.
Change-Id: I7d37f9ba2aea139dabf2ca72d31fbe34bd9b2fa1
There are many places in the code base where we ignore the return value
of fcntl() when getting/setting file descriptior flags. This patch
introduces a convenience function that allows setting or clearing file
descriptor flags and will also log an error on failure for later
analysis.
Change-Id: I8b81901e1b1bd537ca632567cdb408931c6eded7
res_stasis was missing AST_MODFLAG_LOAD_ORDER. Set res_stasis and
res_speech to start at (AST_MODPRI_APP_DEPEND - 1) so they are ready for
dependent modules.
Change-Id: I27f4f3810a95b6be8a5bfbf62be2ace6bfab6ff3
For both dynamic and static contacts it was possible that potential AOR
changes were not being applied to all contacts. This was because the qualify
and schedule code was only retrieving AOR's, and contacts with frequencies
greater than zero.
For instance the following could happen: and AOR/contact has a frequency of 5,
it then gets set to 0, and then a reload occurs. All scheduled OPTIONS are
stopped, a list of AOR's is retrieved with frequency > 0, but none are
selected since in this scenario all are 0. The contact for the one previously
set to 5 though does not get updated, so it's status remains "AVAILABLE".
This patch makes it so all contacts (static and dynamic) are selected, and
appropriately updated if need be.
ASTERISK-27467 #close
Change-Id: I7a920170f89c683af9505d4723a44fc6841decdb
Dynamic contacts were not being properly updated on reload. As a matter of
fact any changes to the AOR that a dynamic contact was associated with were
not being applied.
On reload, this patch makes it so for each dynamic contact, the associated
AOR is now retrieved and the AOR's fields are applied to the contact.
ASTERISK-27467
Change-Id: I8e3165dc6a745218c1c9db837f77fafa0516985d
The SuccessfulAuth using_password field was declared as a pointer to a
uint32_t when the field was later read as a uint32_t value. This resulted
in unnecessary casts and a non-portable field value reinterpret in
main/security_events.c:add_json_object(). i.e., It would work on a 32 bit
architecture but not on a 64 bit big endian architecture.
Change-Id: Ia08bc797613a62f07e5473425f9ccd8d77c80935
More complicated direct media reinvite negotiations can result in longer
delays before direct media flows. The strictrtp learning timeout time
was too short. One log showed that the first RTP packet came in just
after three seconds.
* Increase the strictrtp learning timeout time from 1.5 to 5 seconds.
ASTERISK-27453
Change-Id: Ic5e711164cbb91b4d1c1e40c83697755640f138c
This change makes the presence of the GMIME_MAJOR_VERSION
definition optional, as not all versions of gmime actually
define it.
ASTERISK-27454
Change-Id: I01d99590045971ed6787899147170a5954077238
The patch for ASTERISK_24560 inverted a test checking if the bridge name
is being updated to a different name.
* Fix the test to return "Changing bridge name is not implemented" when
someone attempts to change the bridge name.
ASTERISK-27445
Change-Id: I4b70bf08b0e02e016108b077ff75b345dec12fc9
Previously, Asterisk sent srflx only when configured exclusively for IPv4. Now,
srflx is gathered and sent via SDP, even when Asterisk is enabled for
Dual Stack (IPv4+IPv6) and an IPv4 interface is available/used.
ASTERISK-27437
Change-Id: Ie07d8e2bfa7b6fe06fcdc73d390a7a9a4d8c0bc1
res_parking had an inplicit load_pri of 0 meaning it was one of the very
first modules loaded after modules with global symbols. Set it to
AST_MODPRI_DEVSTATE_PROVIDER as it provides device state for parking
lots.
Change-Id: I297b6fb3ff6993ec004e667b22a74f5925906259
res_mwi_external_ami specified AST_MODFLAG_LOAD_ORDER but didn't set
load_pri, resulting in an actual load priority of 0. This module only
provides AMI actions so it has no reason to load early.
Change-Id: I82987fcf10d3ea42716b2f9df915b16687fd5839
Instead of specifying AST_MODFLAG_LOAD_ORDER with load_pri
AST_MODPRI_DEFAULT just use AST_MODFLAG_DEFAULT.
Change-Id: I0123258eafce324249433a69df15a85cc16e509f
Mac doesn't like the comparison of -1 to an enum, so store the result of
ast_sip_str_to_dtmf to an int so we can check for the negative return
value. ast_sip_str_to_dtmf returns an int so this is only delaying the
implicit type cast.
Change-Id: I0c262c1719ee951aae1f437d733a301cf5f8ad29
Some net-snmp builds do not provide the RONLY declare, only
NETSNMP_OLDAPI_RONLY. Map RONLY to NETSNMP_OLDAPI_RONLY to get around
this error.
Change-Id: Ida5c7ad9406515825485c4d3b4a34fd6ad0da577
It's impossible for gwtimeout or fdtimeout to be less than 0 because
they are unsigned int's. Remove checks and unreachable branches.
Change-Id: Ib2286960621e6ee245e40013c84986143302bc78
Some clients do not send rtp packets every ptime ms. This can lead to
situations in which the rtp source learning algorithm will never learn
the address of the client. This has been discovered on a Mac mini with
a pjsip based softphone after updating to Sierra: as soon as USB
headsets are involved, the softphone will send the second packet 30ms
after the first, the third 30ms after the second and the fourth 1ms
after the third. So in the old implmentation the rtp source learning
algorithm was repeatedly reset on the fourth packet.
The patch changes the algorithm in a way that doesn't take the arrival
time between two consecutive packets into account but the time between
the first and the last packet of a learning sequence.
The patch also fixes a second problem: when a user was using a wrong
value for the probation setting there was a LOG_WARNING output stating
that the value had been set to the default value instead. However
the code for setting the value back to defaults was missing.
ASTERISK-27421 #close
Change-Id: If778fe07678a6fd2041eaca7cd78267d0ef4fc6c
Domains themselves can be up to 255 characters long (per RFC 1035), so
our current buffer sizes are wholly inadequate for many use cases.
Change-Id: If3f30a68307f1365a1fe06bc4b854c62842c9292
We were not \0 terminating this string, so any attempt to print it would
in the best case show an empty string and in the worst case potentially
crash.
Change-Id: I63d96ef8f7516ac02a0f91e22dfa8acdc615042c
Previously for PJSIP the local address of WebSocket connections
was set to the remote address. For logging purposes this is
not particularly useful.
The WebSocket API has been extended to allow the local
address to be queried and this is used in PJSIP to set the
local address to the correct value.
The PJSIP HEP support has also been tweaked so that reliable
transports always use the local address on the transport
and do not try to (wrongly) guess. As they are connection
based it is impossible for the source to be anything else.
ASTERISK-26758
ASTERISK-27363
Change-Id: Icd305fd038ad755e2682ab2786e381f6bf29e8ca
Some consumers of the sorcery API use ast_sorcery_retrieve_by_regex
only so that they can anchor the potential match as a prefix and not
because they truly need regular expressions.
Rather than using regular expressions for simple prefix lookups, add
a new operation - ast_sorcery_retrieve_by_prefix - that does them.
Change-Id: I56f4e20ba1154bd52281f995c27a429a854f6a79
A previous commit made it so when an invite session transitioned into a
disconnected state destruction of the Asterisk pjsip session object was
postponed until either a transport error occurred or the event timer
expired. However, if a call was rejected (for instance a 488) before the
session was fully established the event timer may not have been initiated,
or it was canceled without triggering either of the session finalizing states
mentioned above.
Really the only time destruction of the session should be delayed is when a
BYE is being transacted. This is because it's possible in some cases for the
session to be disconnected, but the BYE is still transacting.
This patch makes it so the session object always gets released (no more
memory leak) when the pjsip session is in a disconnected state. Except when
the method is a BYE. Then it waits until a transport error occurs or an event
timeout.
ASTERISK-27345 #close
Reported by: Corey Farrell
Change-Id: I1e724737b758c20ac76d19d3611e3d2876ae10ed
* Pre-initialize cloned media state vectors to final size to ensure
vector errors cannot happen later in the clone initialization.
* Release session_media on vector replace failure in
ast_sip_session_media_state_add.
* Release clone and media_state in ast_sip_session_refresh if we fail to
append to the stream topology, return an error.
Change-Id: Ib5ffc9b198683fa7e9bf166d74d30c1334c23acb
One of the patches for ASTERISK_27147 introduced a deadlock regression.
When the connection oriented transport shut down, the code attempted to
remove the associated contact. However, that same transport had just
requested a registration that we hadn't responded to yet. Depending
upon timing we could deadlock.
* Made send the REGISTER response after we completed processing the
request contacts and released the AOR lock to avoid the deadlock.
ASTERISK-27391
Change-Id: I89a90f87cb7a02facbafb44c75d8845f93417364
* res/stasis/app.c JSON passed to app_send needs to be released.
* res/stasis_message.c: objects leak if vector append fails.
Change-Id: I8dd5385b9f50a5cadf2b1d16efecffd6ddb4db4a
Asterisk will crash if contact uri is invalid, so contact_apply_handler
should check if the uri is NULL or empty.
ASTERISK-27393 #close
Reported-by: Aaron An
Tested-by: AaronAn
Change-Id: Ia0309bdc6b697c73c9c736e1caec910b77ca69f5
wizard_apply_handler():
- Free host if we fail to add it to the vector.
wizard_mapped_observer():
- Check for otw allocation failure.
- Free otw if we fail to add it to the vector.
Change-Id: Ib5d3bcabbd9c24dd8a3c9cc692a794a5f60243ad
When stasis_app_message_handler needs to queue a message for a later
connection it needs to bump the message reference so it doesn't get
freed when the caller releases it's reference.
Change-Id: I82696df8fe723b3365c15c3f7089501da8daa892
This change makes it so that any user of the pubsub
API that requests the remote URI receives only the URI.
Previously the entire string was returned, which could
contain a display name.
ASTERISK-27290
Change-Id: If1d0cd6630f0a264856d31d2a67933109187a017
When (v)asprintf() fails, the state of the allocated buffer is undefined.
The library had better not leave an allocated buffer as a result or no one
will know to free it. The most likely way it can return failure is for an
allocation failure. If the printf conversion fails then you actually have
a threading problem which is much worse because another thread modified
the parameter values.
* Made __ast_asprintf()/__ast_vasprintf() set the returned buffer to NULL
on failure. That is much more useful than either an uninitialized pointer
or a pointer that has already been freed. Many uses won't have to check
for failure to ensure that the buffer won't be double freed or prevent an
attempt to free an uninitialized pointer.
* stasis.c: Fixed memory leak in multi_object_blob_to_ami() allocated by
ast_asprintf().
* ari/resource_bridges.c:ari_bridges_play_helper(): Remove assignment to
the wrong thing which is now not needed even if assigning to the right
thing.
Change-Id: Ib5252fb8850ecf0f78ed0ee2ca0796bda7e91c23
When using realtime, fields that are not explicitly set by an
administrator are still presented to sorcery as empty strings. Handle
this case explicitly.
In this particular case, if any of these fields are required for TLS
support, their existence should be validated in the 'apply' handler once
we have a complete transport definition.
ASTERISK-27032 #close
Reported by: seanchann.zhou
Change-Id: Ie3b5fb421977ccdb33e415d4ec52c3fd192601b7
This mimics the behavior of Chrome and Firefox and creates an ephemeral
X.509 certificate for each DTLS session.
Currently, the only supported key type is ECDSA because of its faster
generation time, but other key types can be added in the future as
necessary.
ASTERISK-27395
Change-Id: I5122e5f4b83c6320cc17407a187fcf491daf30b4
Fixes a regression where some characters were unable to be used in
the from_user field of an endpoint. Additionally, the backtick was
removed from the list of valid characters, since it is not valid,
and it was replaced with a single quote, which is a valid character.
ASTERISK-27387
Change-Id: Id80c10a644508365c87b3182e99ea49da11b0281
Once an Optional API module is loaded it should stay loaded. Unloading
an optional API module runs the risk of a crash if something else is
using it. This patch causes all optional API providers to tell the
module loader not to unload except at shutdown.
ASTERISK-27389
Change-Id: Ia07786fe655681aec49cc8d3d96e06483b11f5e6
channel_state_invalid leaked a reference to the channel snapshot any
time it was aquired.
ASTERISK-27067 #close
Change-Id: I8c653f00416b39978513c5605c4be0f03b1df29a
In WebRTC streams (or media tracks in their world) can be grouped
together using the mslabel. This informs the browser that each
should be synchronized with each other.
This change extends the stream API so this information can
be stored with streams. The PJSIP support has been extended
to use the mslabel to determine grouped streams and store
this association on the streams. Finally when creating the
SDP the group information is used to cause each media stream
to use the same mslabel.
ASTERISK-27379
Change-Id: Id6299aa031efe46254edbdc7973c534d54d641ad
When allocate_subscription fails to initialize fields of the new sub it
calls destroy_subscription.
Change-Id: I5b79c915ec216dc00c13c1e4172137864a4bec85
When the identify_by option on an endpoint is set to ip it will
only be identified using the res_pjsip_endpoint_identifier_ip module.
This ensures that it is not mistakenly matched using the username of
the From header. To ensure behavior has not changed the default has
been changed to "username,ip" for the identify_by option.
ASTERISK-27206
Change-Id: I2170b86a7f7e221b4f00bf14aa1ef1ac5b050bbd
create_outgoing_sdp_stream was setting "addr_type = STR_IP6" only
when an ipv6 media_address was specified on the endpoint. If
rtp_ipv6 was set and ast_sip_get_host_ip_string returned an ipv6
address, we were leaving the addr_type set at the default of
STR_IP4. This caused the address type to be set incorrectly on the
"o" and "c" SDP attributes even though the address was set
correctly. Some clients don't like the mismatch.
* Removed the test for endpoint/media_address and now check all
addresses for ipv6.
ASTERISK-27198
Reported by: Martin Cisárik
Change-Id: I5214fc31b728117842243807e7927a319cf77592
Users of the API that res_xmpp provides expect that a
filter be available on the client at all times. When
OAuth authentication support was added this requirement
was not maintained.
This change merely moves the OAuth authentication to
after the filter is created, ensuring users of res_xmpp
can add things to the filter as needed.
ASTERISK-27346
Change-Id: I4ac474afe220e833288ff574e32e2b9a23394886
Prevent unload of the module as certain pjsip initialization functions
cannot be reversed. This required a reorder of the module_load so that
the non-reversable pjsip functions are not called until all potential
errors have been ruled out.
ASTERISK-24483
Change-Id: Iee900f20bdd6ee1bfe23efdec0d87765eadce8a7
Prevent unload of the module as certain pjsip initialization functions
cannot be reversed.
ASTERISK-24483
Change-Id: I94597ec8b8491f5af9c57bf66dbc3b078fe2d49d
PJSIP allows a domain name as external_media_address. This allows chan_pjsip to
be used behind a NAT with changing IP addresses. The IP address of that domain
is resolved to the c= line already. This change sets also the o= line to that
domain.
ASTERISK-27341 #close
Change-Id: I690163b6e762042ec38b3995aa5c9bea909d8ec4
Move ast_sip_add_usereqphone to be called after anonymization of URIs,
to prevent the user_eq_phone adding "user=phone" to URIs containing a
username that is not a phonenumber (RFC3261 19.1.1). An extra call to
ast_sip_add_usereqphone on the saved version before anonymization is
added to add user=phone" to the PAI.
ASTERISK-27047 #close
Change-Id: Ie5644bc66341b86dc08b1f7442210de2e6acdec6
ast_sip_add_usereqphone adds "user=phone" to the header every time is is
called without checking whether the param already exists. Preventing
this by searching to string representation of header for "user=phone".
ASTERISK-26988 #close
Change-Id: Ib84383b07254de357dc6a98d91fc1d2c2c3719e6
Add bridge_features structure to bridge creation. Specifically, this
implements mute and DTMF suppression, but others should be able to be
easily added to the same structure.
ASTERISK-27322 #close
Reported by: Darren Sessions
Sponsored by: AVOXI
Change-Id: Id4002adfb65c9a8027ee9e1a5f477e0f01cf9d61
When "rewrite_contact" is enabled, the "max_contacts" count option can
block re-registrations because the source port from the endpoint can be
random. When the re-registration is blocked, the endpoint may give up
re-registering and require manual intervention.
* The "remove_existing" option now allows a registration to succeed by
displacing any existing contacts that now exceed the "max_contacts" count.
Any removed contacts are the next to expire. The behaviour change is
beneficial when "rewrite_contact" is enabled and "max_contacts" is greater
than one. The removed contact is likely the old contact created by
"rewrite_contact" that the device is refreshing.
ASTERISK-27192
Change-Id: I64c107a10b70db1697d17136051ae6bf22b5314b
Do not manually call sip_endpoint_apply_handler from load_all_endpoints.
This is not necessary and causes memory leaks.
Additionally reinitialize persistent->aors when we reuse a persistent
object with a new endpoint.
ASTERISK-27306
Change-Id: I59bbfc8da8a14d5f4af8c5bb1e71f8592ae823eb
pjsip_distributor leaks references to fake_auth when the default realm
has not changed.
ASTERISK-27306
Change-Id: I3fcf103b3680ad2d1d4610dcd6738eeaebf4d202
Currently privacy requests are only granted if the Privacy header
value is exactly "id" (defined in RFC 3325). It ignores any other
possible value (or a combination there of). This patch reverses the
logic from testing for "id" to grant privacy, to testing for "none" and
granting privacy for any other value. "none" must not be used in
combination with any other value (RFC 3323 section 4.2).
ASTERISK-27284 #close
Change-Id: If438a21f31a962da32d7a33ff33bdeb1e776fe56
This provides better information to REF_DEBUG log for troubleshooting
when the system is unable to unload res_pjsip.so during shutdown due to
module references.
ASTERISK-27306
Change-Id: I63197ad33d1aebe60d12e0a6561718bdc54e4612
res_pjsip and res_pjsip_session had circular references, preventing both
modules from shutting down.
* Move session supplement registration to res_pjsip.
* Use create internal functions for use by pjsip_message_filter.c.
ASTERISK-27306
Change-Id: Ifbd5c19ec848010111afeab2436f9699da06ba6b
When we are loading the calendars, we call libical's
icalcomponent_foreach_recurrence method for each VEVENT component that
we have in our calendar.
That method has no knowledge concerning the existence of the other
VEVENT components and will feed our callback with all ocurrences
matching the requested time span.
The occurrences generated by icalcomponent_foreach_recurrence while
expanding a recurring VEVENT's RRULE and RDATE properties can be
superceded by an other VEVENT sharing the same UID.
I use an external iterator (in libical terminology) to avoid messing
with the internal ones from the calling function, and search for
VEVENTS which could supersede the current occurrence.
The event which can invalidate this occurence needs to have:
- the same UID as our recurrent component (comp)
- a RECURRENCE-ID property, which represents the start time of this
occurrence
If one component is found, just clean and return.
ASTERISK-27296 #close
Reported by: Benoît Dereck-Tricot
Change-Id: I8587ae3eaa765af7cb21eda3b6bf84e8a1c87af8
Jenkins2
Joshua Colp
Richard Mudgett
Alexander Traud
George Joseph
Alexei Gradinari
Torrey Searle
Matthew Fredrickson
Corey Farrell
Sean Bright
Gaurav Khurana
Ben Ford
Chris-Savinovich
Nathan Bruning
Kevin Harwell
Ross Beer
lvl
Thomas Guebels
Joshua Elson
Sungtae Kim
Aaron An
Pirmin Walthert
Daniel Tryba
Seán C McCord
Tzafrir Cohen
hajekd
Daniel Tryba
krells