asterisk

Commit Graph

Author	SHA1	Message	Date
Kevin Harwell	d112916e98	strings/json: Add string delimter match, and object create with vars methods Add a function to check if there is an exact match a one string between delimiters in another string. Add a function that will create an ast_json object out of a list of Asterisk variables. An excludes string can also optionally be passed in. Also, add a macro to make it easier to get object integers. Change-Id: I5f34f18e102126aef3997f19a553a266d70d6226	5 years ago
Ben Ford	669e16b3dc	STIR/SHAKEN: Option split and response codes. The stir_shaken configuration option now has 4 different choices to pick from: off, attest, verify, and on. Off and on behave the same way they do now. Attest will only perform attestation on the endpoint, and verify will only perform verification on the endpoint. Certain responses are required to be sent based on certain conditions for STIR/SHAKEN. For example, if we get a Date header that is outside of the time range that is considered valid, a 403 Stale Date response should be sent. This and several other responses have been added. Change-Id: I4ac1ecf652cd0e336006b0ca638dc826b5b1ebf7	5 years ago
Kevin Harwell	04e79fd0e3	res_speech: Add a type conversion, and new engine unregister methods Add a new function that converts a speech results type to a string. Also add another function to unregister an engine, but returns a pointer to the unregistered engine object instead of a success/fail integer. Change-Id: I0f7de17cb411021c09fb03988bc2b904e1380192	5 years ago
George Joseph	362b7f2411	BuildSystem: Check for alternate openssl packages OpenSSL is one of those packages that often have alternatives with later versions. For instance, CentOS/EL 7 has an openssl package at version 1.0.2 but there's an openssl11 package from the epel repository that has 1.1.1. This gets installed to /usr/include/openssl11 and /usr/lib64/openssl11. Unfortunately, the existing --with-ssl and --with-crypto ./configure options expect to point to a source tree and don't work in this situation. Also unfortunately, the checks in ./configure don't use pkg-config. In order to make this work with the existing situation, you'd have to run... ./configure --with-ssl=/usr/lib64/openssl11 \ --with-crypto=/usr/lib64/openssl11 \ CFLAGS=-I/usr/include/openssl11 BUT... those options don't get passed down to bundled pjproject so when you run make, you have to include the CFLAGS again which is a big pain. Oh... To make matters worse, although you can specify PJPROJECT_CONFIGURE_OPTS on the ./configure command line, they don't get saved so if you do a make clean, which will force a re-configure of bundled pjproject, those options don't get used. So... * In configure.ac... Since pkg-config is installed by install_prereq anyway, we now use it to check for the system openssl >= 1.1.0. If that works, great. If not, we check for the openssl11 package. If that works, great. If not, we fall back to just checking for any openssl. If pkg-config isn't installed for some reason, or --with-ssl=<dir> or --with-crypto=<dir> were specified on the ./configure command line, we fall back to the existing logic that uses AST_EXT_LIB_CHECK(). * The whole OpenSSL check process has been moved up before THIRD_PARTY_CONFIGURE(), which does the initial pjproject bundled configure, is run. This way the results of the above checks, which may result in new include or library directories, is included. * Although not strictly needed for openssl, We now save the value of PJPROJECT_CONFIGURE_OPTS in the makeopts file so it can be used again if a re-configure is triggered. ASTERISK-29693 Change-Id: I341ab7603e6b156aa15a66f43675ac5029d5fbde	5 years ago
Sean Bright	0c71619f8a	configure: Remove unused OpenSSL SRTP check. Discovered while looking at ASTERISK~29684. Usage was removed in change I3c77c7b00b2ffa2e935632097fa057b9fdf480c0. Change-Id: Iaf2f7a16ea5a7eee6375319347e4b40b8e7b10e3	5 years ago
Matthew Kern	39824c7a96	res_pjsip_t38: bind UDPTL sessions like RTP In res_pjsip_sdp_rtp, the bind_rtp_to_media_address option and the fallback use of the transport's bind address solve problems sending media on systems that cannot send ipv4 packets on ipv6 sockets, and certain other situations. This change extends both of these behaviors to UDPTL sessions as well in res_pjsip_t38, to fix fax-specific problems on these systems, introducing a new option endpoint/t38_bind_udptl_to_media_address. ASTERISK-29402 Change-Id: I87220c0e9cdd2fe9d156846cb906debe08c63557	5 years ago
Joseph Nadiv	722b81904e	res_pjsip_registrar: Remove unavailable contacts if exceeds max_contacts The behavior of max_contacts and remove_existing are connected. If remove_existing is enabled, the soonest expiring contacts are removed. This may occur when there is an unavailable contact. Similarly, when remove_existing is not enabled, registrations from good endpoints are rejected in favor of retaining unavailable contacts. This commit adds a new AOR option remove_unavailable, and the effect of this setting will depend on remove_existing. If remove_existing is set to no, we will still remove unavailable contacts when they exceed max_contacts, if there are any. If remove_existing is set to yes, we will prioritize the removal of unavailable contacts before those that are expiring soonest. ASTERISK-29525 Change-Id: Ia2711b08f2b4d1177411b1be23e970d7fdff5784	5 years ago
Naveen Albert	41ba9f5f31	logger: Add custom logging capabilities Adds the ability for users to log to custom log levels by providing custom log level names in logger.conf. Also adds a logger show levels CLI command. ASTERISK-29529 Change-Id: If082703cf81a436ae5a565c75225fa8c0554b702	5 years ago
Naveen Albert	7feee9c65b	res_pjsip_caller_id: Add ANI2/OLI parsing Adds parsing of ANI II digits (Originating Line Information) to PJSIP, on par with what currently exists in chan_sip. ASTERISK-29472 Change-Id: Ifc938a7a7d45ce33999ebf3656a542226f6d3847	5 years ago
Naveen Albert	11516e4b8e	func_sayfiles: Retrieve say file names Up until now, all of the logic used to translate arguments to the Say applications has been directly coupled to playback, preventing other modules from using this logic. This refactors code in say.c and adds a SAYFILES function that can be used to retrieve the file names that would be played. These can then be used in other applications or for other purposes. Additionally, a SayMoney application and a SayOrdinal application are added. Both SayOrdinal and SayNumber are also expanded to support integers greater than one billion. ASTERISK-29531 Change-Id: If9718c89353b8e153d84add3cc4637b79585db19	5 years ago
Naveen Albert	698604a064	res_tonedetect: Tone detection module dsp.c contains arbitrary tone detection functionality which is currently only used for fax tone recognition. This change makes this functionality publicly accessible so that other modules can take advantage of this. Additionally, a WaitForTone and TONE_DETECT app and function are included to allow users to do their own tone detection operations in the dialplan. ASTERISK-29546 Change-Id: Ie38c395000f4fd4d04e942e8658e177f8f499b26	5 years ago
Sean Bright	fb72158f46	dns.c: Load IPv6 DNS resolvers if configured. IPv6 nameserver addresses are stored in different part of the __res_state structure, so look there if we appear to have support for it. ASTERISK-28004 #close Change-Id: I67067077d8a406ee996664518d9c8fbf11f6977d	5 years ago
Naveen Albert	c5c5171ec8	app_read: Allow reading # as a digit Allows for the digit # to be read as a digit, just like any other DTMF digit, as opposed to forcing it to be used as an end of input indicator. The default behavior remains unchanged. ASTERISK-18454 #close Change-Id: I3033432adb9d296ad227e76b540b8b4a2417665b	5 years ago
Rijnhard Hessel	b40e97b1d7	res_statsd: handle non-standard meter type safely Meter types are not well supported, lacking support in telegraf, datadog and the official statsd servers. We deprecate meters and provide a compliant fallback for any existing usages. A flag has been introduced to allow meters to fallback to counters. ASTERISK-29513 Change-Id: I5fcb385983a1b88f03696ff30a26b55c546a1dd7	5 years ago
Andre Barbosa	884d863c08	res_stasis_playback: Send PlaybackFinish event only once for errors When we try to play a list of sound files in the same Play command, we get only one PlaybackFinish event, after all sounds are played. But in the case where the Play fails (because channel is destroyed for example), Asterisk will send one PlaybackFinish event for each sound file still to be played. If the list is big, Asterisk is sending many events. This patch adds a failed state so we can understand that the play failed. On that case we don't send the event, if we still have a list of sounds to be played. When we reach the last sound, we send the PlaybackFinish with the failed state. ASTERISK-29464 #close Change-Id: I4c2e5921cc597702513af0d7c6c2c982e1798322	5 years ago
Joshua C. Colp	4470838d89	core: Don't play silence for Busy() and Congestion() applications. When using the Busy() and Congestion() applications the function ast_safe_sleep is used by wait_for_hangup to safely wait on the channel. This function may send silence if Asterisk is configured to do so using the transmit_silence option. In a scenario where an answered channel dials a Local channel either directly or through call forwarding and the Busy() or Congestion() dialplan applications were executed with the transmit_silence option enabled the busy or congestion tone would not be heard. This is because inband generation of tones (such as busy and congestion) is stopped when other audio is sent to the channel they are being played to. In the given scenario the transmit_silence option would result in silence being sent to the channel, thus stopping the inband generation. This change adds a variant of ast_safe_sleep which can be used when silence should not be played to the channel. The wait_for_hangup function has been updated to use this resulting in the tones being generated as expected. ASTERISK-29485 Change-Id: I066bfc987a3ad6f0ccc88e0af4cd63f6a4729133	5 years ago
Ben Ford	cee88c9826	STIR/SHAKEN: Add Date header, dest->tn, and URL checking. STIR/SHAKEN requires a Date header alongside the Identity header, so that has been added. Still on the outgoing side, we were missing the dest->tn section of the JSON payload, so that has been added as well. Moving to the incoming side, URL checking has been added to the public cert URL to ensure that it starts with http. https://wiki.asterisk.org/wiki/display/AST/OpenSIPit+2021 Change-Id: Idee5b1b5e45bc3b483b3070e46ce322dca5b3f1c	5 years ago
George Joseph	7c0b8f0701	res_pjsip_outbound_authenticator_digest: Be tolerant of RFC8760 UASs RFC7616 and RFC8760 allow more than one WWW-Authenticate or Proxy-Authenticate header per realm, each with different digest algorithms (including new ones like SHA-256 and SHA-512-256). Thankfully however a UAS can NOT send back multiple Authenticate headers for the same realm with the same digest algorithm. The UAS is also supposed to send the headers in order of preference with the first one being the most preferred. We're supposed to send an Authorization header for the first one we encounter for a realm that we can support. The UAS can also send multiple realms, especially when it's a proxy that has forked the request in which case the proxy will aggregate all of the Authenticate headers and then send them all back to the UAC. It doesn't stop there though... Each realm can require a different username from the others. There's also nothing preventing each digest algorithm from having a unique password although I'm not sure if that adds any benefit. So now... For each Authenticate header we encounter, we have to determine if we support the digest algorithm and, if not, just skip the header. We then have to find an auth object that matches the realm AND the digest algorithm or find a wildcard object that matches the digest algorithm. If we find one, we add it to the results vector and read the next Authenticate header. If the next header is for the same realm AND we already added an auth object for that realm, we skip the header. Otherwise we repeat the process for the next header. In the end, we'll have accumulated a list of credentials we can pass to pjproject that it can use to add Authentication headers to a request. NOTE: Neither we nor pjproject can currently handle digest algorithms other than MD5. We don't even have a place for it in the ast_sip_auth object. For this reason, we just skip processing any Authenticate header that's not MD5. When we support the others, we'll move the check into the loop that searches the objects. Changes: * Added a new API ast_sip_retrieve_auths_vector() that takes in a vector of auth ids (usually supplied on a call to ast_sip_create_request_with_auth()) and populates another vector with the actual objects. * Refactored res_pjsip_outbound_authenticator_digest to handle multiple Authenticate headers and set the stage for handling additional digest algorithms. * Added a pjproject patch that allows them to ignore digest algorithms they don't support. This patch has already been merged upstream. * Updated documentation for auth objects in the XML and in pjsip.conf.sample. * Although res_pjsip_authenticator_digest isn't affected by this change, some debugging and a testsuite AMI event was added to facilitate testing. Discovered during OpenSIPit 2021. ASTERISK-29397 Change-Id: I3aef5ce4fe1d27e48d61268520f284d15d650281	5 years ago
Naveen Albert	ea117be4c6	AMI: Add AMI event to expose hook flash events Although Asterisk can receive and propogate flash events, it currently provides no mechanism for doing anything with them itself. This AMI event allows flash events to be processed by Asterisk. Additionally, AST_CONTROL_FLASH is included in a switch statement in channel.c to avoid throwing a warning when we shouldn't. ASTERISK-29380 Change-Id: Ie17ffe65086e0282c88542e38eed6a461ec79e81	5 years ago
Ben Ford	0b4b207076	STIR/SHAKEN: Switch to base64 URL encoding. STIR/SHAKEN encodes using base64 URL format. Currently, we just use base64. New functions have been added that convert to and from base64 encoding. The origid field should also be an UUID. This means there's no reason to have it as an option in stir_shaken.conf, as we can simply generate one when creating the Identity header. https://wiki.asterisk.org/wiki/display/AST/OpenSIPit+2021 Change-Id: Icf094a2a54e87db91d6b12244c9f5ba4fc2e0b8c	5 years ago
Ben Ford	184a027eaa	STIR/SHAKEN: Fix certificate type and storage. During OpenSIPit, we found out that the public certificates must be of type X.509. When reading in public keys, we use the corresponding X.509 functions now. We also discovered that we needed a better naming scheme for the certificates since certificates with the same name would cause issues (overwriting certs, etc.). Now when we download a public certificate, we get the serial number from it and use that as the name of the cached certificate. The configuration option public_key_url in stir_shaken.conf has also been renamed to public_cert_url, which better describes what the option is for. https://wiki.asterisk.org/wiki/display/AST/OpenSIPit+2021 Change-Id: Ia00b20835f5f976e3603797f2f2fb19672d8114d	5 years ago
Sean Bright	5a2939a5d6	res_pjsip.c: OPTIONS processing can now optionally skip authentication ASTERISK-27477 #close Change-Id: I68f6715bba92a525149e35d142a49377a34a1193	5 years ago
Kevin Harwell	20af6d23df	time: Add timeval create and unit conversion functions Added a TIME_UNIT enumeration, and a function that converts a string to one of the enumerated values. Also, added functions that create and initialize a timeval object using a specified value, and unit type. Change-Id: Ic31a1c3262a44f77a5ef78bfc85dcf69a8d47392	5 years ago
Mark Murawski	98d149b4ce	logger: Console sessions will now respect logger.conf dateformat= option The 'core' console (ie: asterisk -c) does read logger.conf and does use the dateformat= option. Whereas 'remote' consoles (ie: asterisk -r -T) does not read logger.conf and uses a hard coded dateformat option for printing received verbose messages: main/logger.c: static char dateformat[256] = "%b %e %T" This change will load logger.conf for each remote console session and use the dateformat= option to set the per-line timestamp for verbose messages Change-Id: I3ea10990dbd920e9f7ce8ff771bc65aa7f4ea8c1 ASTERISK-25358: #close Reported-by: Igor Liferenko	5 years ago
Kevin Harwell	ec8b030bd7	manager: Increase the non breaking AMI version number ASTERISK~29244 added three new AMI events, so bump the version number. Change-Id: I0e77fa36d38fb27dec3481d4ef08131330da0632	5 years ago
Jaco Kroon	fce875cf46	app.h: Fix -Werror=zero-length-bounds compile errors in dev mode. Change-Id: I5c104dc1f8417ccd3d01faf86e84ccbf89bc3b31 Signed-off-by: Jaco Kroon <jaco@uls.co.za>	5 years ago
Sean Bright	08b94d5837	strings.h: ast_str_to_upper() and _to_lower() are not pure. Because they modify their argument they are not pure functions and should not be marked as such, otherwise the compiler may optimize them away. ASTERISK-29306 #close Change-Id: Ibec03a08522dd39e8a137ece9bc6a3059dfaad5f	5 years ago
Joshua C. Colp	11b53aecc8	sorcery: Add support for more intelligent reloading. Some sorcery objects actually contain dynamic content that can change despite the underlying configuration itself not changing. A good example of this is the res_pjsip_endpoint_identifier_ip module which allows specifying hostnames. While the configuration may not change between reloads the DNS information of the hostnames can. This change adds the ability for a sorcery object to be marked as having dynamic contents which is then taken into account when reloading by the sorcery file based config module. If there is an object with dynamic content then a reload will be forced while if there are none then the existing behavior of not reloading occurs. ASTERISK-29321 Change-Id: I9342dc55be46cc00204533c266a68d972760a0b1	5 years ago
Jaco Kroon	a63c7883b4	app.h: Restore C++ compatibility for macro AST_DECLARE_APP_ARGS This partially reverts commit `3d1bf3c537`, specifically for app.h. This works with both gcc 9.3.0 and 10.2.0 now, both for C and C++ (as tested with external modules). ASTERISK-29287 Change-Id: I5b9f02a9b290675682a1d13f1788fdda597c9fca Signed-off-by: Jaco Kroon <jaco@uls.co.za>	5 years ago
Sebastien Duthil	435d68be97	app_mixmonitor: Add AMI events MixMonitorStart, -Stop and -Mute. ASTERISK-29244 Change-Id: I1862d58264c2c8b5d8983272cb29734b184d67c5	5 years ago
Ben Ford	215550ed4b	core_unreal: Fix T.38 faxing when using local channels. After some changes to streams and topologies, receiving fax through local channels stopped working. This change adds a stream topology with a stream of type IMAGE to the local channel pair and allows fax to be received. ASTERISK-29035 #close Change-Id: Id103cc5c9295295d8e68d5628e76220f8f17e9fb	5 years ago
Dan Cropp	a5364ac69b	chan_pjsip, app_transfer: Add TRANSFERSTATUSPROTOCOL variable When a Transfer/REFER is executed, TRANSFERSTATUSPROTOCOL variable is 0 when no protocl specific error SIP example of failure, 3xx-6xx for the SIP error code received This allows applications to perform actions based on the failure reason. ASTERISK-29252 #close Reported-by: Dan Cropp Change-Id: Ia6a94784b4925628af122409cdd733c9f29abfc4	5 years ago
Sean Bright	4c5bffb217	asterisk: Export additional manager functions Rename check_manager_enabled() and check_webmanager_enabled() to begin with ast_ so that the symbols are automatically exported by the linker. ASTERISK~29184 Change-Id: I85762b9a5d14500c15f6bad6507138c8858644c9	6 years ago
lvl	8d2558209b	Introduce astcachedir, to be used for temporary bucket files As described in the issue, /tmp is not a suitable location for a large amount of cached media files, since most distributions make /tmp a RAM-based tmpfs mount with limited capacity. I opted for a location that can be configured separately, as opposed to using a subdirectory of spooldir, given the different storage profile (transient files vs files that might stay there indefinitely). This commit just makes the cache directory configurable, but leaves it at /tmp by default, to ensure backwards compatibility. A future commit that only targets master could change the default location to something more sensible such as /var/tmp/asterisk. At that point, the cachedir could be created and cleaned up during uninstall by the Makefile script. ASTERISK-29143 Change-Id: Ic54e95199405abacd9e509cef5f08fa14c510b5d	6 years ago
George Joseph	80f116c156	pjsip_scheduler.c: Add type ONESHOT and enhance cli show command * Added a ONESHOT type that never reschedules. * Added "like" capability to "pjsip show scheduled_tasks" so you can do the following: CLI> pjsip show scheduled_tasks like outreg PJSIP Scheduled Tasks: Task Name Interval Times Run ... ============================================= ========= ========= ... pjsip/outreg/testtrunk-reg-0-00000074 50.000 oneshot ... pjsip/outreg/voipms-reg-0-00000073 110.000 oneshot ... * Fixed incorrect display of "Next Start". * Compacted the displays of times in the CLI. * Added two new functions (ast_sip_sched_task_get_times2, ast_sip_sched_task_get_times_by_name2) that retrieve the interval, next start time, and next run time in addition to the times already returned by ast_sip_sched_task_get_times(). Change-Id: Ie718ca9fd30490b8a167bedf6b0b06d619dc52f3	6 years ago
Alexei Gradinari	728cd55cde	sched: AST_SCHED_REPLACE_UNREF can lead to use after free of data The data can be freed if the old object '_data' is the same object as new 'data'. Because at first the object is unreferenced which can lead to destroying it. This could happened in res_pjsip_pubsub when the publication is updated which could lead to segfault in function publish_expire. Change-Id: I0164f57c387243510bdbd2f8dcf33377b6c202da	6 years ago
Alexander Traud	277aa0ced6	res_stir_shaken: Include OpenSSL headers where used actually. This avoids the inclusion of the OpenSSL headers in the public header, which avoids one external library dependency in res_pjsip_stir_shaken. Change-Id: I6a07e2d81d2b5442e24e99b8cc733a99f881dcf4	6 years ago
Kevin Harwell	8973fe5cf3	AST-2020-001 - res_pjsip: Return dialog locked and referenced pjproject returns the dialog locked and with a reference. However, in Asterisk the method that handles this decrements the reference and removes the lock prior to returning. This makes it possible, under some circumstances, for another thread to free said dialog before the thread that created it attempts to use it again. Of course when the thread that created it tries to use a freed dialog a crash can occur. This patch makes it so Asterisk now returns the newly created dialog both locked, and with an added reference. This allows the caller to de-reference, and unlock the dialog when it is safe to do so. In the case of a new SIP Invite the lock, and reference are now held for the entirety of the new invite handling process. Otherwise it's possible for the dialog, or its dependent objects, like the transaction, to disappear. For example if there is a TCP transport error. ASTERISK-29057 #close Change-Id: I5ef645a47829596f402cf383dc02c629c618969e	6 years ago
Ben Ford	58aa6a7057	AST-2020-002 - res_pjsip: Stop sending INVITEs after challenge limit. If Asterisk sends out an INVITE and receives a challenge with a different nonce value each time, it will continuously send out INVITEs, even if the call is hung up. The endpoint must be configured for outbound authentication for this to occur. A limit has been set on outbound INVITEs so that, once reached, Asterisk will stop sending INVITEs and the transaction will terminate. ASTERISK-29013 Change-Id: I2d001ca745b00ca8aa12030f2240cd72363b46f7	6 years ago
Kevin Harwell	e051806e80	Logging: Add debug logging categories Added debug logging categories that allow a user to output debug information based on a specified category. This lets the user limit, and filter debug output to data relevant to a particular context, or topic. For instance the following categories are now available for debug logging purposes: dtls, dtls_packet, ice, rtcp, rtcp_packet, rtp, rtp_packet, stun, stun_packet These debug categories can be enable/disable via an Asterisk CLI command. While this overrides, and outputs debug data, core system debugging is not affected by this patch. Statements still output at their appropriate debug level. As well backwards compatibility has been maintained with past debug groups that could be enabled using the CLI (e.g. rtpdebug, stundebug, etc.). ASTERISK-29054 #close Change-Id: I6e6cb247bb1f01dbf34750b2cd98e5b5b41a1849 (cherry picked from commit `56028426de`)	6 years ago
Ben Ford	681a1624b5	utils.c: NULL terminate ast_base64decode_string. With the addition of STIR/SHAKEN, the function ast_base64decode_string was added for convenience since there is a lot of converting done during the STIR/SHAKEN process. This function returned the decoded string for you, but did not NULL terminate it, causing some issues (specifically with MALLOC_DEBUG). Now, the returned string is NULL terminated, and the documentation has been updated to reflect this. Change-Id: Icdd7d05b323b0c47ff6ed43492937a03641bdcf5	6 years ago
Ben Ford	21ab0a450b	res_stir_shaken: Add stir_shaken option and general improvements. Added a new configuration option for PJSIP endpoints - stir_shaken. If set to yes, then STIR/SHAKEN support will be added to inbound and outbound INVITEs. The default is no. Alembic has been updated to include this option. Previously the dialplan function was not trimming the whitespace from the parameters it recieved. Now it does. Also added a conditional that, when TEST_FRAMEWORK is enabled, the timestamp in the identity header will be overlooked. This is just for testing, since the testsuite will rely on a SIPp scenario with a preset identity header to trigger the MISMATCH result. Change-Id: I43d67f1489b8c1c5729ed3ca8d71e35ddf438df1	6 years ago
Ben Ford	d979bdf87a	res_stir_shaken: Add outbound INVITE support. Integrated STIR/SHAKEN support with outgoing INVITEs. When an INVITE is sent, the caller ID will be checked to see if there is a certificate that corresponds to it. If so, that information will be retrieved and an Identity header will be added to the SIP message. The format is: header.payload.signature;info=<public_key_url>alg=ES256;ppt=shaken Header, payload, and signature are all BASE64 encoded. The public key URL is retrieved from the certificate. Currently the algorithm and ppt are ES256 and shaken, respectively. This message is signed and can be used for verification on the receiving end. Two new configuration options have been added to the certificate object: attestation and origid. The attestation is required and must be A, B, or C. origid is the origination identifier. A new utility function has been added as well that takes a string, allocates space, BASE64 encodes it, then returns it, eliminating the need to calculate the size yourself. Change-Id: I1f84d6a5839cb2ed152ef4255b380cfc2de662b4	6 years ago
Ben Ford	746ce16b16	res_stir_shaken: Add inbound INVITE support. Integrated STIR/SHAKEN support with incoming INVITES. Upon receiving an INVITE, the Identity header is retrieved, parsing the message to verify the signature. If any of the parsing fails, AST_STIR_SHAKEN_VERIFY_NOT_PRESENT will be added to the channel for this caller ID. If verification itself fails, AST_STIR_SHAKEN_VERIFY_SIGNATURE_FAILED will be added. If anything in the payload does not line up with the SIP signaling, AST_STIR_SHAKEN_VERIFY_MISMATCH will be added. If all of the above steps pass, then AST_STIR_SHAKEN_VERIFY_PASSED will be added, completing the verification process. A new config option has been added to the general section for stir_shaken.conf. "signature_timeout" is the amount of time a signature will be considered valid. If an INVITE is received and the amount of time between when it was received and when it was signed is greater than signature_timeout, verification will fail. Some changes were also made to signing and verification. There was an error where the whole JSON string was being signed rather than the header combined with the payload. This has been changed to sign the correct thing. Verification has been changed to do this as well, and the unit tests have been updated to reflect these changes. A couple of utility functions have also been added. One decodes a BASE64 string and returns the decoded string, doing all the length calculations for you. The other retrieves a string value from a header in a rdata object. Change-Id: I855f857be3d1c63b64812ac35d9ce0534085b913	6 years ago
Ben Ford	035b463c93	res_stir_shaken: Added dialplan function and API call. Adds the "STIR_SHAKEN" dialplan function and an API call to add a STIR_SHAKEN verification result to a channel. This information will be held in a datastore on the channel that can later be queried through the "STIR_SHAKEN" dialplan funtion to get information on STIR_SHAKEN results including identity, attestation, and verify_result. Here are some examples: STIR_SHAKEN(count) STIR_SHAKEN(0, identity) STIR_SHAKEN(1, attestation) STIR_SHAKEN(2, verify_result) Getting the count can be used to iterate through the results and pull information by specifying the index and the field you want to retrieve. Change-Id: Ice6d52a3a7d6e4607c9c35b28a1f7c25f5284a82	6 years ago
Ben Ford	70af7e1311	res_stir_shaken: Implemented signature verification. There are a lot of moving parts in this patch, but the focus of it is on the verification of the signature using a public key located at the public key URL provided in the JSON payload. First, we check the database to see if we have already downloaded the key. If so, check to see if it has expired. If it has, redownload from the URL. If we don't have an entry in the database, just go ahead and download the public key. The expiration is tested each time we download the file. After that, read the public key from the file and use it to verify the signature. All sanity checking is done when the payload is first received, so the verification is complete once this point is reached. The XML has also been added since a new config option was added to general (curl_timeout). The maximum amount of time to wait for a download can be configured through this option, with a low value by default. Change-Id: I3ba4c63880493bf8c7d17a9cfca1af0e934d1a1c	6 years ago
Ben Ford	e9ee9a381b	res_stir_shaken: Implemented signing of JSON payload. This change provides functions that take in a JSON payload, verify that the contents contain all the mandatory fields and required values (if any), and signs the payload with the private key. Four fields are added to the payload: x5u, attest, iat, and origid. As of now, these are just placeholder values that will be set to actual values once the logic is implemented for what to do when an actual payload is received, but the functions to add these values have all been implemented and are ready to use. Upon successful signing and the addition of those four values, a ast_stir_shaken_payload is returned, containing other useful information such as the algorithm and signature. Change-Id: I74fa41c0640ab2a64a1a80110155bd7062f13393	6 years ago
Ben Ford	716e51a3f3	res_stir_shaken: Initial commit and reading private key. This commit sets up some of the initial framework for the module and adds a way to read the private key from the specified file, which will then be appended to the certificate object. This works fine for now, but eventually some other structure will likely need to be used to store all this information. Similarly, the caller_id_number is specified on the certificate config object, but in the end we will want that information to be tied to the certificate itself and read it from there. A method has been added that will retrieve the private key associated with the caller_id_number passed in. Tab completion for certificates and stores has also been added. Change-Id: Ic4bc1416fab5d6afe15a8e2d32f7ddd4e023295f	6 years ago
Sean Bright	7a64868118	pbx.c: On error, ast_add_extension2_lockopt should always free 'data' In the event that the desired extension already exists, ast_add_extension2_lockopt() will free the 'data' it is passed before returning an error, so we should not be freeing it ourselves. Additionally, there were two places where ast_add_extension2_lockopt() could return an error without also freeing the 'data' pointer, so we add that. ASTERISK-29097 #close Change-Id: I904707aae55169feda050a5ed7c6793b53fe6eae	6 years ago
George Joseph	3b0a53f257	app_confbridge/bridge_softmix: Add ability to force estimated bitrate app_confbridge now has the ability to set the estimated bitrate on an SFU bridge. To use it, set a bridge profile's remb_behavior to "force" and set remb_estimated_bitrate to a rate in bits per second. The remb_estimated_bitrate parameter is ignored if remb_behavior is something other than "force". Change-Id: Idce6464ff014a37ea3b82944452e56cc4d75ab0a	6 years ago

1 2 3 4 5 ...

4202 Commits (d112916e98bfc2479e511ed325fb0988994b4dee)