asterisk

Commit Graph

Author	SHA1	Message	Date
George Joseph	db94ec50f9	Fix application references to Background The app is actually named "BackGround" but several references in XML documentation were spelled "Background" with the lower case "g". This was causing documentation links to return "not found" messages.	1 year ago
George Joseph	0b5e9302c1	.github: Fix realtime param on Weekly and Nightly tests and... Rename the "Cleanup" job in the cherry-pick and recheck jobs to "Summary".	1 year ago
George Joseph	078966d48d	.github: Add WeeklyTests and make Nightlies Monday-Saturday ...and add "realtime" option.	1 year ago
George Joseph	52cdfbbb64	db.c: Remove limit on family/key length Consumers like media_cache have been running into issues with the previous astdb "/family/key" limit of 253 bytes when needing to store things like long URIs. An Amazon S3 URI is a good example of this. Now, instead of using a static 256 byte buffer for "/family/key", we use ast_asprintf() to dynamically create it. Both test_db.c and test_media_cache.c were also updated to use keys/URIs over the old 253 character limit. Resolves: #881 UserNote: The `ast_db_()` APIs have had the 253 byte limit on "/family/key" removed and will now accept families and keys with a total length of up to SQLITE_MAX_LENGTH (currently 1e9!). This affects the `DB` dialplan applications, dialplan functions, manager actions and `databse` CLI commands. Since the media_cache also uses the `ast_db_*()` APIs, you can now store resources with URIs longer than 253 bytes.	1 year ago
George Joseph	6469f83909	.github: Changes required to use cached builds and shorten names	1 year ago
George Joseph	57e9d35605	res_stir_shaken: Remove stale include for jansson.h in verification.c verification.c had an include for jansson.h left over from previous versions of the module. Since res_stir_shaken no longer has a dependency on jansson, the bundled version wasn't added to GCC's include path so if you didn't also have a jansson development package installed, the compile would fail. Removing the stale include was the only thing needed. Resolves: #889	1 year ago
George Joseph	c1b78daf8a	res_stir_shaken.c: Fix crash when stir_shaken.conf is invalid * If the call to ast_config_load() returns CONFIG_STATUS_FILEINVALID, check_for_old_config() now returns LOAD_DECLINE instead of continuing on with a bad pointer. * If CONFIG_STATUS_FILEMISSING is returned, check_for_old_config() assumes the config is being loaded from realtime and now returns LOAD_SUCCESS. If it's actually not being loaded from realtime, sorcery will catch that later on. * Also refactored the error handling in load_module() a bit. Resolves: #884	1 year ago
George Joseph	52dac742f2	res_stir_shaken: Check for disabled before param validation For both attestation and verification, we now check whether they've been disabled either globally or by the profile before validating things like callerid, orig_tn, dest_tn, etc. This prevents useless error messages. Resolves: #879	1 year ago
George Joseph	8a5d477a33	res_resolver_unbound: Test for NULL ub_result in unbound_resolver_callback The ub_result pointer passed to unbound_resolver_callback by libunbound can be NULL if the query was for something malformed like `.1` or `[.1]`. If it is, we now set a 'ns_r_formerr' result and return instead of crashing with a SEGV. This causes pjproject to simply cancel the transaction with a "No answer record in the DNS response" error. The existing "off nominal" unit test was also updated to check this condition. Although not necessary for this fix, we also made ast_dns_resolver_completed() tolerant of a NULL result. Resolves: GHSA-v428-g3cw-7hv9	1 year ago
Jean-Denis Girard	94748d0cd3	app_voicemail: Fix sql insert mismatch caused by cherry-pick When commit `e8c9cb80` was cherry-picked in from master, the fact that the 20 and 18 branches still had the old "macrocontext" column wasn't taken into account so the number of named parameters didn't match the number of '?' placeholders. They do now. We also now use ast_asprintf to create the full mailbox query SQL statement instead of trying to calculate the proper length ourselves. Resolves: #831	1 year ago
George Joseph	dbc628373d	security_agreements.c: Refactor the to_str functions and fix a few other bugs * A static array of security mechanism type names was created. * ast_sip_str_to_security_mechanism_type() was refactored to do a lookup in the new array instead of using fixed "if/else if" statments. * security_mechanism_to_str() and ast_sip_security_mechanisms_to_str() were refactored to use ast_str instead of a fixed length buffer to store the result. * ast_sip_security_mechanism_type_to_str was removed in favor of just referencing the new type name array. Despite starting with "ast_sip_", it was a static function so removing it doesn't affect ABI. * Speaking of "ast_sip_", several other static functions that started with "ast_sip_" were renamed to avoid confusion about their public availability. * A few VECTOR free loops were replaced with AST_VECTOR_RESET(). * Fixed a meomry leak in pjsip_configuration.c endpoint_destructor caused by not calling ast_sip_security_mechanisms_vector_destroy(). * Fixed a memory leak in res_pjsip_outbound_registration.c add_security_headers() caused by not specifying OBJ_NODATA in an ao2_callback. * Fixed a few ao2_callback return code misuses. Resolves: #845	1 year ago
George Joseph	51d4b703b6	stir_shaken.conf.sample: Fix bad references to private_key_path They should be private_key_file. Resolves: #854	1 year ago
Sean Bright	2dc3ec896f	alembic: Make 'revises' header comment match reality.	1 year ago
Mike Bradeen	9b0aefc104	res_pjsip_notify: add dialplan application Add dialplan application PJSIPNOTIFY to send either pre-configured NOTIFY messages from pjsip_notify.conf or with headers defined in dialplan. Also adds the ability to send pre-configured NOTIFY commands to a channel via the CLI. Resolves: #799 UserNote: A new dialplan application PJSIPNotify is now available which can send SIP NOTIFY requests from the dialplan. The pjsip send notify CLI command has also been enhanced to allow sending NOTIFY messages to a specific channel. Syntax: pjsip send notify <option> channel <channel>	1 year ago
George Joseph	8474754c01	manager.c: Fix FRACK when doing CoreShowChannelMap in DEVMODE If you run an AMI CoreShowChannelMap on a channel that isn't in a bridge and you're in DEVMODE, you can get a FRACK because the bridge id is empty. We now simply return an empty list for that request.	1 year ago
Ben Ford	0f7ee5fbcf	channel: Add multi-tenant identifier. This patch introduces a new identifier for channels: tenantid. It's a stringfield on the channel that can be used for general purposes. It will be inherited by other channels the same way that linkedid is. You can set tenantid in a few ways. The first is to set it in the dialplan with the Set and CHANNEL functions: exten => example,1,Set(CHANNEL(tenantid)=My tenant ID) It can also be accessed via CHANNEL: exten => example,2,NoOp(CHANNEL(tenantid)) Another method is to use the new tenantid option for pjsip endpoints in pjsip.conf: [my_endpoint] type=endpoint tenantid=My tenant ID This is considered the best approach since you will be able to see the tenant ID as early as the Newchannel event. It can also be set using set_var in pjsip.conf on the endpoint like setting other channel variable: set_var=CHANNEL(tenantid)=My tenant ID Note that set_var will not show tenant ID on the Newchannel event, however. Tenant ID has also been added to CDR. It's read-only and can be accessed via CDR(tenantid). You can also get the tenant ID of the last channel communicated with via CDR(peertenantid). Tenant ID will also show up in CEL records if it has been set, and the version number has been bumped accordingly. Fixes: #740 UserNote: tenantid has been added to channels. It can be read in dialplan via CHANNEL(tenantid), and it can be set using Set(CHANNEL(tenantid)=My tenant ID). In pjsip.conf, it is recommended to use the new tenantid option for pjsip endpoints (e.g., tenantid=My tenant ID) so that it will show up in Newchannel events. You can set it like any other channel variable using set_var in pjsip.conf as well, but note that this will NOT show up in Newchannel events. Tenant ID is also available in CDR and can be accessed with CDR(tenantid). The peer tenant ID can also be accessed with CDR(peertenantid). CEL includes tenant ID as well if it has been set. UpgradeNote: A new versioned struct (ast_channel_initializers) has been added that gets passed to __ast_channel_alloc_ap. The new function ast_channel_alloc_with_initializers should be used when creating channels that require the use of this struct. Currently the only value in the struct is for tenantid, but now more fields can be added to the struct as necessary rather than the __ast_channel_alloc_ap function. A new option (tenantid) has been added to endpoints in pjsip.conf as well. CEL has had its version bumped to include tenant ID.	1 year ago
George Joseph	83fb61e9d4	manager.c: Add entries to Originate blacklist Added Reload and DBdeltree to the list of dialplan application that can't be executed via the Originate manager action without also having write SYSTEM permissions. Added CURL, DB, FILE, ODBC and REALTIME to the list of dialplan functions that can't be executed via the Originate manager action without also having write SYSTEM permissions. If the Queue application is attempted to be run by the Originate manager action and an AGI parameter is specified in the app data, it'll be rejected unless the manager user has either the AGI or SYSTEM permissions. Resolves: #GHSA-c4cg-9275-6w44	1 year ago
Mike Bradeen	d6318995da	res_stasis: fix intermittent delays on adding channel to bridge Previously, on command execution, the control thread was awoken by sending a SIGURG. It was found that this still resulted in some instances where the thread was not immediately awoken. This change instead sends a null frame to awaken the control thread, which awakens the thread more consistently. Resolves: #801	1 year ago
George Joseph	ac99434281	.github: Allow testing an Asterisk PR against a testsuite PR	1 year ago
George Joseph	61cc8c3860	.github: Add params to Releaser for FPBX issue creation	1 year ago
George Joseph	bf830d6293	stir_shaken: CRL fixes and a new CLI command * Fixed a bug in crypto_show_cli_store that was causing asterisk to crash if there were certificate revocation lists in the verification certificate store. We're also now prefixing certificates with "Cert:" and CRLs with "CRL:" to distinguish them in the list. * Added 'untrusted_cert_file' and 'untrusted_cert_path' options to both verification and profile objects. If you have CRLs that are signed by a different CA than the incoming X5U certificate (indirect CRL), you'll need to provide the certificate of the CRL signer here. Thse will show up as 'Untrusted" when showing the verification or profile objects. * Fixed loading of crl_path. The OpenSSL API we were using to load CRLs won't actually load them from a directory, only a file. We now scan the directory ourselves and load the files one-by-one. * Fixed the verification flags being set on the certificate store. - Removed the CRL_CHECK_ALL flag as this was causing all certificates to be checked for CRL extensions and failing to verify the cert if there was none. This basically caused all certs to fail when a CRL was provided via crl_file or crl_path. - Added the EXTENDED_CRL_SUPPORT flag as it is required to handle indirect CRLs. * Added a new CLI command... `stir_shaken verify certificate_file <certificate_file> [ <profile> ]` which will assist troubleshooting certificate problems by allowing the user to manually verify a certificate file against either the global verification certificate store or the store for a specific profile. * Updated the XML documentation and the sample config file. Resolves: #809	1 year ago
George Joseph	5c437c5724	res_pjsip_config_wizard.c: Refactor load process The way we have been initializing the config wizard prevented it from registering its objects if res_pjsip happened to load before it. * We now use the object_type_registered sorcery observer to kick things off instead of the wizard_mapped observer. * The load_module function now checks if res_pjsip has been loaded already and if it was it fires the proper observers so the objects load correctly. Resolves: #816 UserNote: The res_pjsip_config_wizard.so module can now be reloaded.	1 year ago
George Joseph	0bf5e29c73	voicemail.conf.sample: Fix ':' comment typo ...and removed an errant trailing space. Resolves: #819	1 year ago
George Joseph	72d09fb4f3	bridge_softmix: Fix queueing VIDUPDATE control frames softmix_bridge_write_control() now calls ast_bridge_queue_everyone_else() with the bridge_channel so the VIDUPDATE control frame isn't echoed back. softmix_bridge_write_control() was setting bridge_channel to NULL when calling ast_bridge_queue_everyone_else() for VIDUPDATE control frames. This was causing the frame to be echoed back to the channel it came from. In certain cases, like when two channels or bridges are being recorded, this can cause a ping-pong effect that floods the system with VIDUPDATE control frames. Resolves: #780	2 years ago
George Joseph	8b5dafe39c	.github: Pass app_id and app_priv_key to AsteriskMergePR	2 years ago
George Joseph	e28c7bc4b4	.github: Change OnPRMergeApproved to use default token	2 years ago
Sean Bright	2726265a4a	logger.h: Include SCOPE_CALL_WITH_INT_RESULT() in non-dev-mode builds. Fixes #785	2 years ago
George Joseph	59ed64627c	app_voicemail_odbc: Allow audio to be kept on disk This commit adds a new voicemail.conf option 'odbc_audio_on_disk' which when set causes the ODBC variant of app_voicemail to leave the message and greeting audio files on disk and only store the message metadata in the database. This option came from a concern that the database could grow to large and cause remote access and/or replication to become slow. In a clustering situation with this option, all asterisk instances would share the same database for the metadata and either use a shared filesystem or other filesystem replication service much more suitable for synchronizing files. The changes to app_voicemail to implement this feature were actually quite small but due to the complexity of the module, the actual source code changes were greater. They fall into the following categories: * Tracing. The module is so complex that it was impossible to figure out the path taken for various scenarios without the addition of many SCOPE_ENTER, SCOPE_EXIT and ast_trace statements, even in code that's not related to the functional change. Making this worse was the fact that many "if" statements in this module didn't use braces. Since the tracing macros add multiple statements, many "if" statements had to be converted to use braces. * Excessive use of PATH_MAX. Previous maintainers of this module used PATH_MAX to allocate character arrays for filesystem paths and SQL statements as though they cost nothing. In fact, PATH_MAX is defined as 4096 bytes! Some functions had (and still have) multiples of these. One function has 7. Given that the vast majority of installations use the default spool directory path `/var/spool/asterisk/voicemail`, the actual path length is usually less than 80 bytes. That's over 4000 bytes wasted. It was the same for SQL statement buffers. A 4K buffer for statement that only needed 60 bytes. All of these PATH_MAX allocations in the ODBC related code were changed to dynamically allocated buffers. The rest will have to be addressed separately. * Bug fixes. During the development of this feature, several pre-existing ODBC related bugs were discovered and fixed. They had to do with leaving orphaned files on disk, not preserving original message ids when moving messages between folders, not honoring the "formats" config parameter in certain circumstances, etc. UserNote: This commit adds a new voicemail.conf option 'odbc_audio_on_disk' which when set causes the ODBC variant of app_voicemail_odbc to leave the message and greeting audio files on disk and only store the message metadata in the database. Much more information can be found in the voicemail.conf.sample file.	2 years ago
George Joseph	35528195b2	security_agreement.c: Always add the Require and Proxy-Require headers The `Require: mediasec` and `Proxy-Require: mediasec` headers need to be sent whenever we send `Security-Client` or `Security-Verify` headers but the logic to do that was only in add_security_headers() in res_pjsip_outbound_register. So while we were sending them on REGISTER requests, we weren't sending them on INVITE requests. This commit moves the logic to send the two headers out of res_pjsip_outbound_register:add_security_headers() and into security_agreement:ast_sip_add_security_headers(). This way they're always sent when we send `Security-Client` or `Security-Verify`. Resolves: #789	2 years ago
George Joseph	51edc5062d	.github: Use ASTERISKTEAM_PAT for PR merging	2 years ago
George Joseph	bb4d470a2d	stasis_channels: Use uniqueid and name to delete old snapshots Whenver a new channel snapshot is created or when a channel is destroyed, we need to delete any existing channel snapshot from the snapshot cache. Historically, we used the channel->snapshot pointer to delete any existing snapshots but this has two issues. First, if something (possibly ast_channel_internal_swap_snapshots) sets channel->snapshot to NULL while there's still a snapshot in the cache, we wouldn't be able to delete it and it would be orphaned when the channel is destroyed. Since we use the cache to list channels from the CLI, AMI and ARI, it would appear as though the channel was still there when it wasn't. Second, since there are actually two caches, one indexed by the channel's uniqueid, and another indexed by the channel's name, deleting from the caches by pointer requires a sequential search of all of the hash table buckets in BOTH caches to find the matching snapshots. Not very efficient. So, we now delete from the caches using the channel's uniqueid and name. This solves both issues. This doesn't address how channel->snapshot might have been set to NULL in the first place because although we have concrete evidence that it's happening, we haven't been able to reproduce it. Resolves: #783	2 years ago
George Joseph	e5a81346b0	.github: Replace PR workflows with stubs that call reusables The PR workflows now are just stubs that call reusable workflows located in the asterisk-ci-actions repo.	2 years ago
George Joseph	bafd37ed3e	.github: Refactor NightlyTests to use workflow in asterisk-ci-actions	2 years ago
George Joseph	8ebd2bedd5	.github: Add PAT to PRSubmitActions/Add Reviewers	2 years ago
Sean Bright	b46f447530	xml.c: Update deprecated libxml2 API usage. Two functions are deprecated as of libxml2 2.12: * xmlSubstituteEntitiesDefault * xmlParseMemory So we update those with supported API. Additionally, `res_calendar_caldav` has been updated to use libxml2's xmlreader API instead of the SAX2 API which has always felt a little hacky (see deleted comment block in `res_calendar_caldav.c`). The xmlreader API has been around since libxml2 2.5.0 which was released in 2003. Fixes #725	2 years ago
George Joseph	e65073d4df	.github: Add branches to workflow_dispatch for NightlyTests	2 years ago
George Joseph	200da52128	stir_shaken: Fix memory leak, typo in config, tn canonicalization * Fixed possible memory leak in tn_config:tn_get_etn() where we weren't releasing etn if tn or eprofile were null. * We now canonicalize TNs before using them for lookups or adding them to Identity headers. * Fixed a typo in stir_shaken.conf.sample. Resolves: #716	2 years ago
Spiridonov Dmitry	7210a03816	sorcery.c: Fixed crash error when executing "module reload" Fixed crash error when cli "module reload". The error appears when compiling with res_prometheus and using the sorcery memory cache for registrations	2 years ago
George Joseph	951be188ba	logger.h: Add SCOPE_CALL and SCOPE_CALL_WITH_RESULT If you're tracing a large function that may call another function multiple times in different circumstances, it can be difficult to see from the trace output exactly which location that function was called from. There's no good way to automatically determine the calling location. SCOPE_CALL and SCOPE_CALL_WITH_RESULT simply print out a trace line before and after the call. The difference between SCOPE_CALL and SCOPE_CALL_WITH_RESULT is that SCOPE_CALL ignores the function's return value (if any) where SCOPE_CALL_WITH_RESULT allows you to specify the type of the function's return value so it can be assigned to a variable. SCOPE_CALL_WITH_INT_RESULT is just a wrapper for SCOPE_CALL_WITH_RESULT and the "int" return type.	2 years ago
George Joseph	7bbc7b5a3a	res_stir_shaken: Fix compilation for CentOS7 (openssl 1.0.2) * OpenSSL 1.0.2 doesn't support X509_get0_pubkey so we now use X509_get_pubkey. The difference is that X509_get_pubkey requires the caller to free the EVP_PKEY themselves so we now let RAII_VAR do that. * OpenSSL 1.0.2 doesn't support upreffing an X509_STORE so we now wrap it in an ao2 object. * OpenSSL 1.0.2 doesn't support X509_STORE_get0_objects to get all the certs from an X509_STORE and there's no easy way to polyfill it so the CLI commands that list profiles will show a "not supported" message instead of listing the certs in a store. Resolves: #676	2 years ago
Martin Nystroem	29106567e7	res_ari.c: Add additional output to ARI requests when debug is enabled When ARI debug is enabled the logs will now output http method and the uri. Fixes: #666	2 years ago
Sean Bright	42fbf5c22f	alembic: Fix compatibility with SQLAlchemy 2.0+. SQLAlchemy 2.0 changed the way that commits/rollbacks are handled causing the final `UPDATE` to our `alembic_version_<whatever>` tables to be rolled back instead of committed. We now use one connection to determine which `alembic_version_<whatever>` table to use and another to run the actual migrations. This prevents the erroneous rollback. This change is compatible with both SQLAlchemy 1.4 and 2.0.	2 years ago
Naveen Albert	f9f36ca702	pbx_variables.c: Prevent SEGV due to stack overflow. It is possible for dialplan to result in an infinite recursion of variable substitution, which eventually leads to stack overflow. If we detect this, abort substitution and log an error for the user to fix the broken dialplan. Resolves: #480 UpgradeNote: The maximum amount of dialplan recursion using variable substitution (such as by using EVAL_EXTEN) is capped at 15.	2 years ago
Sean Bright	e1f7778b4c	res_pjsip: Fix alembic downgrade for boolean columns. When downgrading, ensure that we don't touch columns that didn't actually change during upgrade.	2 years ago
Sean Bright	1b45f481f0	alembic: Quote new MySQL keyword 'qualify.' Fixes #651	2 years ago
Ivan Poddubny	d7e638f2c3	asterisk.c: Fix sending incorrect messages to systemd notify Send "RELOADING=1" instead of "RELOAD=1" to follow the format expected by systemd (see sd_notify(3) man page). Do not send STOPPING=1 in remote console mode: attempting to execute "asterisk -rx" by the main process leads to a warning if NotifyAccess=main (the default) or to a forced termination if NotifyAccess=all.	2 years ago
George Joseph	5b9da1213c	tcptls/iostream: Add support for setting SNI on client TLS connections If the hostname field of the ast_tcptls_session_args structure is set (which it is for websocket client connections), that hostname will now automatically be used in an SNI TLS extension in the client hello. Resolves: #713 UserNote: Secure websocket client connections now send SNI in the TLS client hello.	2 years ago
George Joseph	7d69eafb5c	make_buildopts_h: Always include DETECT_DEADLOCKS Since DETECT_DEADLOCKS is now split from DEBUG_THREADS, it must always be included in buildopts.h instead of only when ADD_CFLAGS_TO_BUILDOPTS_H is defined. A SEGV will result otherwise. Resolves: #719	2 years ago
Sean Bright	a3a0139b93	alembic: Correct NULLability of PJSIP id columns. Fixes #695	2 years ago
George Joseph	3767e14d15	rtp_engine and stun: call ast_register_atexit instead of ast_register_cleanup rtp_engine.c and stun.c were calling ast_register_cleanup which is skipped if any loadable module can't be cleanly unloaded when asterisk shuts down. Since this will always be the case, their cleanup functions never get run. In a practical sense this makes no difference since asterisk is shutting down but if you're in development mode and trying to use the leak sanitizer, the leaks from both of those modules clutter up the output.	2 years ago

1 2 3 4 5 ...

33874 Commits (db94ec50f9bdea8d72c77516209ca5b1d0094aa9) All Branches Search

33874 Commits (db94ec50f9bdea8d72c77516209ca5b1d0094aa9)

All Branches