ngcp-panel

Commit Graph

Author	SHA1	Message	Date
Kirill Solomko	d7d9416ac0	MT#55931 PbxFieldDevicesAPI form target_number is now optional * target_number field is now defined as optional Change-Id: Ia50305d882b3726bd869fd8ef8bc40df1182a9d8	3 years ago
Kirill Solomko	2a0b8dcc1e	MT#56432 add time set support to ncos levels * add NCOS Levels UI Time Set support * add NCOS Levels API Time Set support Change-Id: I03201c09462f0f0ceff39da271bcf8ca1fc797b8	3 years ago
Sipwise Jenkins Builder	3650b813b4	Release new version 11.3.0.0+0~mr11.3.0.0	3 years ago
Kirill Solomko	dee6b60c6e	MT#56208 additional inherited cfs improvements for subscribers * API: GET collection returns only distinct cf sets * UI: inherited cf sets are now shown in the advanced view and having suffix '(inherited)' to distinguish them from the own ones as they are not available in the "Manage Sets" edit dialog. Change-Id: Ifd8c1a46fcb4c2c66f8f63268a1e91b80792c216	3 years ago
Kirill Solomko	36974efa03	MT#55931 add /api/pbxdevices target_number support * target_number is now supported and it must contain only [0-9#*]+ Change-Id: I9b1548c2dd0f644c1f21668471599c34347f1109	3 years ago
Kirill Solomko	519de11d8c	MT#55931 add autoprov field device target_number support * the UI field device edit form now contains a checkbox that, when checked, replaces the subscriber devices dropdown with an input text (only [0-9#] chars are allowed) aligned the related script code to automatically detect and handle switching between the sub number / target_number Change-Id: I70ae5cf5bb81f5953d25a760fbf0efe6c418f6cb	3 years ago
Marco Capetta	36ae8cedb9	MT#55931 Add new speeddial, forward, transfer device buttons Change-Id: I0b9c1f3ddb0d4cd3fe28995b170e9104c668a553	3 years ago
Kirill Solomko	e90ba9d517	MT#56208 allow subscriber role access to cf sets * subscriber role can now GET call forward sets that does not belong to the user but used in call forwards assigned to the user * the user can only GET the sets but cannot update/delete them (403 Forbidden is raised in case of attempt) Change-Id: I391b802d962f4bbeae991e3046ac3f132a19edb6	3 years ago
Kirill Solomko	009b5816dd	MT#55687 api-preferences.t ignore ncos_set preferences * there are no API v1 endpoints to create ncos sets, therefore the preferences are ignored for now Change-Id: I07cf80acb2a506de53209ef86e1c3d37f2473457	3 years ago
Kirill Solomko	80bf560b8d	MT#55687 add ncos_set preferences support * ncos_set preferences are now supported in the UI/API Change-Id: I0e479712d3f27a6ae5f8b77f06c616406e1742f5	3 years ago
Kirill Solomko	9254092a3f	MT#56234 get_usr_preference_rs and prov_subscriber * get_usr_prerefence_rs is streamlined to the other get__preference_rs functions and prov_subscriber param is now optional there, that allows to return a resultset of usr preferences matching the attribute name. this fix also fixes DELETE soundset where if contract_id is defined, the logic tries to remove all 'contract_sound_set' usr_preference across all subscribers that have it assigned. Change-Id: Ia43327c8bcf93047d29da6401cbd97bce2971578	3 years ago
Kirill Solomko	766cab0f9c	MT#56286 fix subscriberprofile api attribute field * update_item(): check that $resource->{attributes} contains data and an array before processing it * api-journals.t: fix subscriberprofile 'attributes' field Change-Id: I28a2e22859cd998f99277e88037dff23981038f3	3 years ago
Kirill Solomko	673ac66c70	MT#56234 fix cli check for subscriber roles * cli preference assigned number is only checked when the user's role is subscriberadmin or subscriber Change-Id: I71f9207f4705eb1ae6f4ea0810dd3a1e541144cf	3 years ago
Kirill Solomko	b838c5d0e7	MT#56286 render all subscriber profiles with prof_pref = 1 * on the subscriber profile preferences page, only preferences that had enabled attributes plus had prof_pref = 1 were shown. that caused confusions as subscriber profile attributes are rendered from exposed_to_customer = 1 and do not use the prof_pref flag, whereas the rendered preferences do not use the expose_to_customer flag and use prof_pref = 1 instead. now to avoid the confusions, all voip_preferences that are not internal and have prof_pref = 1, shown in on the preferences page (and accessible via API). if the list needs to be reduced, then it must be properly done by removing the prof_pref flag for them. Change-Id: I7f2428e319d2c8d322ee5e4efd96615178c1f3ef	3 years ago
Kirill Solomko	45d9fb34b5	MT#56286 fix subscriber profiles form and api update * subscriber profile form is fixed so that the attributes list is now correctly shown in the old UI * /api/subscriberprofiles update, attribute values are now correctly transformed for the validation and processing Change-Id: I4418250d4a0e702d75524ab5999eb47429be5a04	3 years ago
Kirill Solomko	8288a30f61	MT#56234 cli preference edit filter for subscriberadmin * Preferences::create_preference_form() now contains a check for 'cli' preference to only allow numbers that belong to the same customer if role is 'subscriberadmin' Change-Id: I8eb3bed928a943330ab0045d2893365b533b0c16	3 years ago
Kirill Solomko	6c179dd5c4	MT#56234 get_usr_preference changes * as_admin param is no longer needed as get_usr_preference() fetches actually set preference for a susbcriber and used only by the code (not exposed directly to 'subscriber', 'subscriberadmin' roles * with the aforedescribed, get_usr_preference() no longer filters by expose_to_customer, expose_to_subscriber for 'subscriber' and 'subscriberadmin' roles * refactor get_usr_preferences() to be simple and in line with the other get_*_preferences() as it's mainly responsible for fetching the preference as requested by the internal code Change-Id: Ia52d8f4ebfd854901bf446e29fb475dea1fba866	3 years ago
Kirill Solomko	6d487452bb	MT#56234 susbcriber preferences related changes * fix customer_view role name typo so that it's correctly limited to for 'subscriberadmin' role * revert behaviour of get_usr_preference_rs() to return undef if no preference is found (no access) * get_usr_preference_rs() now also fetches all internal preferences for internal work for 'subscriber' and 'subscriberadmin' roles but they remain invisible for them and not accesible for direct changes (only when requested by internal logic) * new get_usr_preference_rs() 'as_admin' parameter that enables for internal requests to return the preference value for 'subscriberadmin' and 'subscriber' roles, currently used to show 'lock' status and 'display_name', which are otherwise inaccessible as those preferences do not have expose_to_customer, expose_to_subscriber flags * fix api_prference_defs() correct filtering of preferences for 'subscriber' and 'subscriberadmin' roles Change-Id: I1a0e51ace1c649f9061deaccb7d6e9f8459f0ed8	3 years ago
Kirill Solomko	81d50cdce1	MT#56234 get_usr_preference_rs changes * get_usr_preference now always returns a ResultSet object as it expected. If there is no preference found an empty ResultSet object is returned that does not have ->first. That is now in line with how the usage of the function works in the current codebase and should not produce errors when there was a preference requested that did not exist and 'undef' was returned instead of an object. * remove 'skipping' debug code that caused a lot of spam in the panel-debug.log reporting skipped usr preferences for 'subscriberadmin' and 'subscriber' roles Change-Id: Ia9d033994e36afd48c2b6d91b08163f871a71b4c	3 years ago
Kirill Solomko	8459e03f51	MT#56234 update_voicemail_number update all use cases * update use cases for update_voicemail_number() and provide $param{c} Change-Id: I016ea49e1f619e129010909b673e1e7c7ef08c91	3 years ago
Kirill Solomko	b51c0c9698	MT#56234 restrict cli preference allowed numbers for subscriberadmin * subscriberadmin can now only set numbers that belong to the customer as 'cli' Change-Id: Iecc2c5dc322e13292e1ec0d9262451c8947da671	3 years ago
Kirill Solomko	f1cc84c34f	MT#56234 add voip_preferences.expose_to_subscriber support * expose_to_subscriber is a new preferences flag that indicates that the preference can be read/modified by 'subscriber' role * expose_to_customer now only does the same as expose_to_subscriber but for 'subscriberadmin' role * get_usr_preference() not expects $params{$c} to be passed as an argument * fix update_voicemail_number() behaviour, it correctly updates number for subscribers of a subscriberadmin as well as no longer fails with an error if echo_voicemail_number or cli are not available (not set or not visible) Change-Id: I95fade92efb541146e9e56ba4f517af79fa71b5a	3 years ago
Kirill Solomko	34eeac7fc2	MT#56068 fix /api/resellerbrandings reseller_id field * reseller_id is now only mandatory for the 'admin' role Change-Id: Idd090332ed2877b2a2c06c9cce741757cc718737	3 years ago
Kirill Solomko	e2afe2ea06	MT#56087 fix /api/callforwards sets auto creation * with PUT/PATCH data source and bnumber quick sets are correctly automatically created now Change-Id: Ia6f3be8958081f1611a1473b35c73826a9ed8784	3 years ago
Kirill Solomko	4f8603d15f	MT#56068 /api/resellerbrandings/:id change * :id is now the brainding's id instead of reseller_id. That was rather a bug and now fixed and consistent with the rest of the endpoints. Change-Id: I794e577499050a95ed68c21af3f963f9f8e9c274	3 years ago
Kirill Solomko	f942b07a1e	MT#32992 fix /api/resellerbrandnglogos * add described query_params 'subscriber_id', 'reseller_id' so they are avaialable on the doc * remove search by param from Role::ResellerBrandingLogos::_item_rs() * fix Role::ResellerBrandingLogos::_item_rs() queries * Controller::API::ResellerBrandingLogos* - now always returns the binary data containing the logo and with the Content-Type header - change NOT_FOUND message to indicate that the ResellerBrandingLogo is either not found or does not have image/image_type * do not log response queries * fix allowed_role to be: admin, reseller, subsscriberadmin Change-Id: Iaadb47fb2d72886a8d9244a523d5914500a4dd20	3 years ago
Kirill Solomko	2904de66b9	MT#56028 /api/cftimesets subscriberadmin role change * subscriberadmin is now able to fetch cftimesets of other subsribers that belong to the customer Change-Id: If7931e154ab825a6ebca25bec49b8ea28d87bafd	3 years ago
Kirill Solomko	ae32c62fd1	MT#56027 /api/cfdestinationsets subscriberadmin role change * subscriberadmin is now able to fetch cfdestinationsets of other subsribers that belong to the customer Change-Id: I212f0e31a8e77caa6f681f227771e0b11efb5f62	3 years ago
Kirill Solomko	018dc08be6	MT#56026 /api/cfsourcesets subscriberadmin role change * subscriberadmin is now able to fetch cfsourcesets of other subsribers that belong to the customer Change-Id: I95217587430c52cd7078e1604ffec549ae2dd6b5	3 years ago
Kirill Solomko	4c1a9d9c11	MT#56029 /api/cfbnumbersets subscriberadmin role change * subscriberadmin is now able to fetch cfbnumbersets of other subsribers that belong to the customer Change-Id: Ib92c161f320257ba2d6614e10d9eaf03247e7014	3 years ago
Rene Krenn	e9367e0cfe	MT#55972 support wildcard search for customer external_id Change-Id: I8287f7650f68dab2e806259ec00ffad2ba45fe1a	3 years ago
Rene Krenn	d6c3ae470e	MT#55957 interceptions: consider active subscribers only Change-Id: I136d600f876aca754c60514d5640b619d41d82f5	3 years ago
Kirill Solomko	64b71cdcd1	MT#32999 /api/cfmappings subscriberadmin scope of view change * subscriberadmin can now see all other customer's subscribers call forwards as well as per subscriber_id Change-Id: I4bdaf3390667fc7208fa6dbde9292b8ba911667f	3 years ago
Kirill Solomko	33096f18d3	MT#55976 /api add link to /api/v2 documentation * old documentation no longer contains '2.0' references to avoid confusions * a new link to /api/v2 documentation Change-Id: Id7bd168a72d29381797e585cc6e53a533421d61d	3 years ago
Rene Krenn	ff198cef49	MT#55694 MT#55419 provide generated datatable search tooltips the search field of admin-panel datatables was tuned/configured over time to allow fastest possible search, "as-you-type". for large tabels it eg. will only include indexed columns, which never was transparent to the users. the UI will now display tooltip texts with detailed hints about included columns, wildcard support, etc. Change-Id: I737732a55003d50068236bb0150a2f47d06deaf5	3 years ago
Kirill Solomko	0c4deaaad0	MT#55871 /api/subscribers optimise GET alias_numbers * "alias_numbers" array when the resource is prepared is created directly from the resultset, avoiding 'foreach' loops and conditions. This improves performance on ~8000 voip_numbers from ~35 seconds to ~3 seconds. * is_devid is now always present in the "alias_numbers" object, and it's =0 if there is no related entry in provisioning.voip_dbaliases Change-Id: Ia05b26208f3fec3a9b2203aafe9b4c09b98ca44d	3 years ago
Michael Prokop	846b60ad97	MT#55886 Add dependencies on libdata-page-perl + libio-string-perl Fixes: \| spce ngcp_panel_fastcgi.pl[43411]: Can't locate Data/Page.pm in @INC (you may need to install the Data::Page module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.36.0 /usr/local/share/perl/5.36.0 /usr/lib/x86_64-linux-gnu/perl5/5.36 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl-base /usr/lib/x86_64-linux-gnu/perl/5.36 /usr/share/perl/5.36 /usr/local/lib/site_perl) at /usr/share/perl5/NGCP/Panel/Utils/RedisLocationResultSet.pm line 10. Fixup for git rev `7177959`, this went unnoticed, because libdbix-class-perl used to depend on libdata-page-perl, while it no longer does (as of version 0.082843-1, as present in Debian/bookworm): \| root@spce:~# aptitude why libdata-page-perl \| i ngcp-ngcp-ce Depends ngcp-services-ce \| i A ngcp-services-ce Depends ngcp-upgrade-ce \| i A ngcp-upgrade-ce Depends libdbix-class-perl \| i A libdbix-class-perl Depends libdata-page-perl Fixes: \| spce ngcp_panel_fastcgi.pl[43663]: Can't locate IO/String.pm in @INC (you may need to install the IO::String module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.36.0 /usr/local/share/perl/5.36.0 /usr/lib/x86_64-linux-gnu/perl5/5.36 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl-base /usr/lib/x86_64-linux-gnu/perl/5.36 /usr/share/perl/5.36 /usr/local/lib/site_perl) at /usr/share/perl5/NGCP/Panel/Utils/Device.pm line 7. Fixup for git revs `4562fbf8` + `e00e46eba`, this went unnoticed, because libppi-perl used to depend on libio-string-perl, while it no longer does so (as of version 1.276-1, as present in Debian/bookworm): \| root@spce:~# aptitude why libio-string-perl \| i ngcp-ngcp-ce Depends ngcp-services-ce \| i A ngcp-services-ce Depends ngcp-panel \| i A ngcp-panel Depends libtrycatch-perl \| i A libtrycatch-perl Depends libparse-method-signatures-perl \| i A libparse-method-signatures-perl Depends libppi-perl \| i A libppi-perl Depends libio-string-perl Change-Id: I957b8df093753bab19b4d15c405411429a77eb46	3 years ago
Kirill Solomko	507d088586	MT#55864 /api/subscribers correctly process administrative flag * administrative flag is now correctl set to false when requested by the client Change-Id: I81a1951f90ce9885bff806d39e11098475d93ac1	3 years ago
Kirill Solomko	826d3f1d9f	MT#55618 /api/subscribers fix default contract_sound_set assignment * when a new subscriber is created via POST, if the associated customer has at least one default contract_sound_set, it is correctly assigned to the subscriber as the "contract_sound_set" preference. the logic is now inline with the UI behaviour Change-Id: Ifeb86faf6718648b29e6391bd16752766358ed0f	3 years ago
Michael Prokop	e8f901a7b5	MT#55524 Update lintian overrides for new lintian behavior lintian v2.115.3 - as currently present in Debian/booksworm - doesn't support the existing syntax for the source-is-missing override, and therefore fails with: \| E: ngcp-panel source: source-is-missing [share/static/js/libs/d3.v2.min-2.8.1.js] \| E: ngcp-panel source: source-is-missing [share/static/js/libs/jquery-ui-1.10.3.custom.js] \| E: ngcp-panel source: source-is-missing [share/static/js/libs/jquery.dataTables.js] \| E: ngcp-panel source: source-is-missing [share/static/js/libs/rrule/rrule.js] \| E: ngcp-panel source: source-is-missing [share/static/js/libs/stanzaio.bundle.js] \| E: ngcp-panel source: source-is-missing [share/static/js/libs/svg-edit/embedapi.js] \| E: ngcp-panel source: source-is-missing [share/static/js/libs/svg-edit/jgraduate/jpicker.js] \| E: ngcp-panel source: source-is-missing [share/static/js/libs/svg-edit/jquery.js] \| E: ngcp-panel source: source-is-missing [share/static/js/libs/svg-edit/sanitize.js] \| E: ngcp-panel source: source-is-missing [share/static/js/plugins/flot/jquery.flot.js] \| E: ngcp-panel source: source-is-missing [share/static/js/plugins/flot/jquery.flot.resize.js] \| E: ngcp-panel source: source-is-missing [share/static/js/plugins/hoverIntent/jquery.hoverIntent.minified.js] \| E: ngcp-panel source: source-is-missing [share/static/js/plugins/lightbox/jquery.lightbox.js] \| E: ngcp-panel source: source-is-missing [share/static/js/plugins/validate/additional-methods.js] \| E: ngcp-panel source: source-is-missing [share/static/js/plugins/validate/jquery.validate.js] \| E: ngcp-panel source: source-is-missing [share/static/js/spectrum.min.js] \| E: ngcp-panel source: source-is-missing [share/static/js/swaggerui/swagger-ui-bundle.js] \| E: ngcp-panel source: source-is-missing [share/static/js/swaggerui/swagger-ui-standalone-preset.js] It instead expects the filename(s) to be listed under "[...]". By using "..." instead, we can support the lintian versions as present in bookworm and bullseye both at the same time. Change-Id: I95c52eae81bb3729524b46459a4283a8f9f56d57	3 years ago
Nico Schedel	5320543cdc	MT#55677 fix for "Unstable ngcp-panel-test-selenium-docker runs with failing tests" Change-Id: Ief3047eadf65443c42589c1a24e9d6b2d1c5b898	3 years ago
Michael Prokop	9c58e1c4d5	TT#76552 systemd: allow r/w access to /var/mail When mails are sent to root@localhost, they might end up in local system under /var/mail, e.g.: \| root@sp1:~# grep -i Read-only /var/log/exim4/mainlog \| [...] 1ohvHe-001kri-L3 == /var/mail/mail <root@localhost> R=mail4root T=address_file defer (30): Read-only file system: creating lock file hitching post /var/mail/mail.lock.sp1.634442d2.000662b4 (euid=8 egid=8) Change-Id: Iea608327032cc84491c3fe02c2c6be3da10a9c58	3 years ago
Michael Prokop	2b3a18b190	TT#76552 send_template: log mail sending actions We need to trace sending mails to be able to track down possibly not sent mails, see e.g. MT#31936. Use quotesensitive to not leak from/to information into logs, but handle this properly to ensure we're GDPR safe. Change-Id: I4d09d073e12b1dd61053956252b59ad06a29d59d	3 years ago
Rene Krenn	67f6063341	MT#55551 add ccare roles to /api/callforwards Change-Id: I414e10fca61bc535471a0b2525b7e684ea9d23e5	3 years ago
Michael Prokop	31429319e7	TT#76552 systemd: reduce hardening for sendmail(1) usage If a customer has email templates enabled, adding a subscriber fails due to: \| Failed to create subscriber: error when closing pipe to sendmail: \| Trace begun at /usr/share/perl5/Email/Sender/Transport/Sendmail.pm line 94 \| Email::Sender::Transport::Sendmail::send_email('Email::Sender::Transport::Sendmail=HASH(0x56251dc80e58)', 'Email::Abstract=ARRAY(0x56252f40f0c0)', 'HASH(0x56252f3fd600)') called at /usr/share/perl5/Email/Sender/Role/CommonSending.pm line 45 \| Email::Sender::Role::CommonSending::try {...} at /usr/share/perl5/Try/Tiny.pm line 102 \| eval {...} at /usr/share/perl5/Try/Tiny.pm line 93 \| [...] Similar, sending subscriber reset password mails etc are also failing. When strace-ing ngcp-panel's fcgi process, one can observe: \| 25173 openat(AT_FDCWD, "/var/spool/exim4//input//1ogR98-0006Y1-IA-D", O_RDWR\|O_CREAT\|O_EXCL, 0640) = -1 EACCES (Permission denied) Now, when disabling all of the systemd hardening, it works fine. Comparing such a working with a failing process, the following changes within /proc/$PID/status can be observed: \| diff -urN proc.failing/status proc.working/status \| --- proc.failing/status 2022-10-06 18:06:08.519873211 +0200 \| +++ proc.working/status 2022-10-06 18:08:17.071722642 +0200 \| [...] \| CapInh: 0000000000000000 \| CapPrm: 0000000000000000 \| CapEff: 0000000000000000 \| -CapBnd: 000001fbffffffff \| +CapBnd: 000001ffffffffff \| CapAmb: 0000000000000000 \| -NoNewPrivs: 1 \| -Seccomp: 2 \| -Seccomp_filters: 3 \| +NoNewPrivs: 0 \| +Seccomp: 0 So NoNewPrivs gets enabled, even though we don't explicitly set NoNewPrivileges but e.g. only ProtectClock=yes. This is expected behavior though, quoting from systemd.exec(5) \| NoNewPrivileges= \| \| Takes a boolean argument. If true, ensures that the service \| process and all its children can never gain new privileges through \| execve() (e.g. via setuid or setgid bits, or filesystem capabilities). \| This is the simplest and most effective way to ensure that a process and \| its children can never elevate privileges again. Defaults to false, but \| certain settings override this and ignore the value of this setting. \| This is the case when SystemCallFilter=, SystemCallArchitectures=, \| RestrictAddressFamilies=, RestrictNamespaces=, PrivateDevices=, \| ProtectKernelTunables=, ProtectKernelModules=, ProtectKernelLogs=, \| ProtectClock=, MemoryDenyWriteExecute=, RestrictRealtime=, \| RestrictSUIDSGID=, DynamicUser= or LockPersonality= are specified. Note \| that even if this setting is overridden by them, systemctl show shows \| the original value of this setting. Also see No New Privileges Flag[4]. Also see https://www.kernel.org/doc/html/latest/userspace-api/no_new_privs.html STR (without having to go through ngcp-panel and a customer/subscriber setup): \| root@spce:~# cat /etc/systemd/system/demo.service \| [Unit] \| Description=sendmail systemd hardening demo \| \| [Service] \| Type=simple \| User=www-data \| Group=www-data \| ExecStart=/usr/bin/perl /usr/bin/send_mail.pl \| \| # this one enough to trigger the problem \| ProtectClock=true \| \| root@spce:~# cat /usr/bin/send_mail.pl \| use strict; \| use Template; \| use Email::Sender::Simple qw(); \| use Email::Simple; \| use Email::Simple::Creator; \| use Email::Sender::Transport::Sendmail qw(); \| \| send_email( \| subject => 'exim test', \| body => 'ohai', \| from => 'root@localhost', \| to => 'foobar@example.org', \| ); \| print "done\n"; \| exit; \| \| sub send_email { \| my %args = @_; \| my $subject = $args{subject}; \| my $body = $args{body}; \| my $from = $args{from}; \| my $to = $args{to}; \| \| my $transport = Email::Sender::Transport::Sendmail->new; \| my $email = Email::Simple->create( \| header => [ \| To => $to, \| From => $from, \| Subject => $subject, \| ], \| body => $body, \| ); \| return Email::Sender::Simple->send($email, { transport => $transport } ); \| } \| \| root@spce:~# systemctl daemon-reload && systemctl restart demo Until we switch the mail interface from sendmail(1) to SMTP or alike (reported as MT#55576), we need to reduce the systemd hardening, to not get the NoNewPrivileges=true (AKA prctl(PR_SET_NO_NEW_PRIVS,...)) behavior through any of the related hardening options. New systemd hardening state of ngcp-panel (as of systemd v247.3-7+deb11u1): \| $ sudo SYSTEMD_COLORS=0 PAGER= COLUMNS=100 unbuffer systemd-analyze security ngcp-panel \| grep -v '✓' \| NAME DESCRIPTION EXPOSURE \| ✗ PrivateNetwork= Service has access to the host's network 0.5 \| ✗ CapabilityBoundingSet=~CAP_SET(UID\|GID\|PCAP) Service may change UID/GID identities/capab… 0.3 \| ✗ CapabilityBoundingSet=~CAP_SYS_ADMIN Service has administrator privileges 0.3 \| ✗ CapabilityBoundingSet=~CAP_SYS_PTRACE Service has ptrace() debugging abilities 0.3 \| ✗ RestrictAddressFamilies=~AF_(INET\|INET6) Service may allocate Internet sockets 0.3 \| ✗ RestrictNamespaces=~CLONE_NEWUSER Service may create user namespaces 0.3 \| ✗ RestrictAddressFamilies=~… Service may allocate exotic sockets 0.3 \| ✗ CapabilityBoundingSet=~CAP_(CHOWN\|FSETID\|SE… Service may change file ownership/access mo… 0.2 \| ✗ CapabilityBoundingSet=~CAP_(DAC_\|FOWNER\|IP… Service may override UNIX file/IPC permissi… 0.2 \| ✗ CapabilityBoundingSet=~CAP_NET_ADMIN Service has network configuration privileges 0.2 \| ✗ CapabilityBoundingSet=~CAP_SYS_MODULE Service may load kernel modules 0.2 \| ✗ CapabilityBoundingSet=~CAP_SYS_RAWIO Service has raw I/O access 0.2 \| ✗ CapabilityBoundingSet=~CAP_SYS_TIME Service processes may change the system clo… 0.2 \| ✗ IPAddressDeny= Service does not define an IP address allow… 0.2 \| ✗ NoNewPrivileges= Service processes may acquire new privileges 0.2 \| ✗ PrivateDevices= Service potentially has access to hardware … 0.2 \| ✗ PrivateUsers= Service has access to other users 0.2 \| ✗ ProtectClock= Service may write to the hardware clock or … 0.2 \| ✗ ProtectKernelLogs= Service may read from or write to the kerne… 0.2 \| ✗ ProtectKernelModules= Service may load or read kernel modules 0.2 \| ✗ ProtectKernelTunables= Service may alter kernel tunables 0.2 \| ✗ RestrictAddressFamilies=~AF_PACKET Service may allocate packet sockets 0.2 \| ✗ RestrictSUIDSGID= Service may create SUID/SGID files 0.2 \| ✗ SystemCallArchitectures= Service may execute system calls with all A… 0.2 \| ✗ SystemCallFilter=~@clock Service does not filter system calls 0.2 \| ✗ SystemCallFilter=~@debug Service does not filter system calls 0.2 \| ✗ SystemCallFilter=~@module Service does not filter system calls 0.2 \| ✗ SystemCallFilter=~@mount Service does not filter system calls 0.2 \| ✗ SystemCallFilter=~@raw-io Service does not filter system calls 0.2 \| ✗ SystemCallFilter=~@reboot Service does not filter system calls 0.2 \| ✗ SystemCallFilter=~@swap Service does not filter system calls 0.2 \| ✗ SystemCallFilter=~@privileged Service does not filter system calls 0.2 \| ✗ SystemCallFilter=~@resources Service does not filter system calls 0.2 \| ✗ CapabilityBoundingSet=~CAP_AUDIT_ Service has audit subsystem access 0.1 \| ✗ CapabilityBoundingSet=~CAP_KILL Service may send UNIX signals to arbitrary … 0.1 \| ✗ CapabilityBoundingSet=~CAP_MKNOD Service may create device nodes 0.1 \| ✗ CapabilityBoundingSet=~CAP_NET_(BIND_SERVIC… Service has elevated networking privileges 0.1 \| ✗ CapabilityBoundingSet=~CAP_SYSLOG Service has access to kernel logging 0.1 \| ✗ CapabilityBoundingSet=~CAP_SYS_(NICE\|RESOUR… Service has privileges to change resource u… 0.1 \| ✗ RestrictNamespaces=~CLONE_NEWCGROUP Service may create cgroup namespaces 0.1 \| ✗ RestrictNamespaces=~CLONE_NEWIPC Service may create IPC namespaces 0.1 \| ✗ RestrictNamespaces=~CLONE_NEWNET Service may create network namespaces 0.1 \| ✗ RestrictNamespaces=~CLONE_NEWNS Service may create file system namespaces 0.1 \| ✗ RestrictNamespaces=~CLONE_NEWPID Service may create process namespaces 0.1 \| ✗ RestrictRealtime= Service may acquire realtime scheduling 0.1 \| ✗ SystemCallFilter=~@cpu-emulation Service does not filter system calls 0.1 \| ✗ SystemCallFilter=~@obsolete Service does not filter system calls 0.1 \| ✗ RestrictAddressFamilies=~AF_NETLINK Service may allocate netlink sockets 0.1 \| ✗ RootDirectory=/RootImage= Service runs within the host's root directo… 0.1 \| ✗ CapabilityBoundingSet=~CAP_MAC_* Service may adjust SMACK MAC 0.1 \| ✗ CapabilityBoundingSet=~CAP_SYS_BOOT Service may issue reboot() 0.1 \| ✗ LockPersonality= Service may change ABI personality 0.1 \| ✗ MemoryDenyWriteExecute= Service may create writable executable memo… 0.1 \| ✗ RestrictNamespaces=~CLONE_NEWUTS Service may create hostname namespaces 0.1 \| ✗ CapabilityBoundingSet=~CAP_LINUX_IMMUTABLE Service may mark files immutable 0.1 \| ✗ CapabilityBoundingSet=~CAP_IPC_LOCK Service may lock memory into RAM 0.1 \| ✗ CapabilityBoundingSet=~CAP_SYS_CHROOT Service may issue chroot() 0.1 \| ✗ ProtectHostname= Service may change system host/domainname 0.1 \| ✗ CapabilityBoundingSet=~CAP_BLOCK_SUSPEND Service may establish wake locks 0.1 \| ✗ CapabilityBoundingSet=~CAP_LEASE Service may create file leases 0.1 \| ✗ CapabilityBoundingSet=~CAP_SYS_PACCT Service may use acct() 0.1 \| ✗ CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG Service may issue vhangup() 0.1 \| ✗ CapabilityBoundingSet=~CAP_WAKE_ALARM Service may program timers that wake up the… 0.1 \| ✗ RestrictAddressFamilies=~AF_UNIX Service may allocate local sockets 0.1 \| \| → Overall exposure level for ngcp-panel.service: 7.9 EXPOSED 🙁 Related: MT#31936 Related: MT#55569 Thanks: Thomas Georg on spce-user ml for the bug report, and Victor Seva, Richard Fuchs + Rene Krenn for assistance in tracking this down Change-Id: Ic3be62247bbcae00c99de3b779df838c0daaaf1a	3 years ago
Kirill Solomko	a86e868a6f	MT#55538 /api/soundsets allow filtering by customer_id=null * when customer_id query param is specified as customer_id=null or customer_id=NULL it now correctly fetches soundsets that do not have customer_id assigned to them Change-Id: I8de3d9615c133c2abd3eb2b5f4fea8de5b652417	3 years ago
Sipwise Jenkins Builder	c12487ec99	Release new version 11.2.0.0+0~mr11.2.0.0	3 years ago
Rene Krenn	d4d924e146	MT#55436 mark concurrent_* fraudpref fields as readonly Change-Id: I47f3a42163703c57cecdbcf4dd84e9e7a9cbe2e7	3 years ago
Rene Krenn	a9f53cdf82	MT#55418 hide billing mappings with terminated profiles in AUI Change-Id: Id480f3c0928d8e3d0a29dd3508c08de68e64ce5a	3 years ago
Rene Krenn	afe80f0110	MT#55421 fix deleting domains xmlrpc request such as domain.reload can fail, when database content was not yet replicated. Change-Id: I769f9470b526ef5175826e6c18cbe28c6c1501ca	3 years ago

... 5 6 7 8 9 ...

5564 Commits (5c0e6cc7d1a3b832ea548d389a54e0a3bc59ada6) All Branches Search

5564 Commits (5c0e6cc7d1a3b832ea548d389a54e0a3bc59ada6)

All Branches