Sean Bright [Mon, 6 Mar 2017 19:15:45 +0000 (14:15 -0500)]
pbx_spool: Gracefully handle long lines in call files
Per the linked issue, we aren't checking the buffer filled by fgets()
to determine if it contains a newline, so we will fail to correctly
parse the trailing portion of a long line.
This patch increases the buffer size from 256 to 1024, and skips any
line that exceeds that length, logging a warning in the process.
Richard Mudgett [Fri, 3 Mar 2017 03:27:00 +0000 (21:27 -0600)]
core: Cleanup ast_get_hint() usage.
* manager.c:manager_state_cb() Fix potential use of uninitialized hint[]
if a hint does not exist for the requested extension. Ran into this when
developing a testsuite test. The AMI event ExtensionStatus came out with
the hint header value containing garbage. The AMI event PresenceStatus
also had the same issue.
* manager.c:action_extensionstate() no need to completely initialize the
hint[]. Only initialize the first element.
Jørgen H [Thu, 16 Feb 2017 10:22:47 +0000 (10:22 +0000)]
res_pjsip WebRTC/websockets: Fix usage of WS vs WSS.
According to the RFC[1] WSS should only be used in the Via header
for secure Websockets.
* Use WSS in Via for secure transport.
* Only register one transport with the WS name because it would be
ambiguous. Outgoing requests may try to find the transport by name and
pjproject only finds the first one registered. This may mess up unsecure
websockets but the impact should be minimal. Firefox and Chrome do not
support anything other than secure websockets anymore.
* Added and updated some debug messages concerning websockets.
* security_events.c: Relax case restriction when determining security
transport type.
* The res_pjsip_nat module has been updated to not touch the transport
on Websocket originating messages.
George Joseph [Tue, 28 Feb 2017 02:07:06 +0000 (19:07 -0700)]
res_pjsip_pubsub: Remove unneeded endpoint unref
When a subscription was being recreated and the endpoint wasn't
found, we were trying to unref the endpoint. This was causing
FRACKs. Removed the unref.
Jørgen H [Thu, 16 Feb 2017 10:16:47 +0000 (10:16 +0000)]
res_pjsip: Fix crash when contact has no status
This change fixes an assumption in res_pjsip that a contact will
always have a status. There is a race condition where this is
not true and would crash. The status will now be unknown when
this situation occurs.
Vitezslav Novy [Sun, 26 Feb 2017 16:09:29 +0000 (17:09 +0100)]
chan_sip: Allow DTLS to be disabled when reloading.
This change fixes a problem where removing the DTLS configuration
options and reloading would not disable DTLS. This occurred
because the DTLS configuration was not reset to an unconfigured
state on reload.
George Joseph [Mon, 27 Feb 2017 18:25:01 +0000 (11:25 -0700)]
build: Warn if asterisk is installed in both 32 and 64 bit sys dirs
... and clean them both up on uninstall.
We've fixed the issue where 'make install' was installing to
/usr/lib on 64-bit systems that use /usr/lib64. Now we need
to clean up the remnants in /usr/lib.
* 'make install' now prints a warning if DESTDIR/ASTLIBDIR
contains 'lib64' and libasterisk* shared libraries or modules
are also found in DESTDIR/ASTLIBDIR with 'lib64' transformed
to 'lib'.
* 'make uninstall' ALWAYS cleans up both DESTDIR/ASTLIBDIR and
DESTDIR/ASTLIBDIR with 'lib64' transformed to 'lib'.
Joshua Colp [Mon, 27 Feb 2017 13:02:38 +0000 (13:02 +0000)]
bridge_native_rtp: Handle case where channel joins already suspended.
The bridge_native_rtp module did not properly handle the case where
a smart bridge operation occurs while a channel is suspended. In this
scenario the module would incorrectly set up local or remote RTP
bridging despite the media having to flow through Asterisk. The remote
endpoint would see two media streams and experience wonky audio.
The module has been changed so that it ensures both channels are
not suspended when performing the native RTP bridging and this
requirement has been documented in the bridge technology.
Joshua Colp [Fri, 24 Feb 2017 17:49:59 +0000 (17:49 +0000)]
config: Improve documentation and behavior of outbound_proxy option.
This change updates the documentation for the outbound_proxy option
to ensure it is consistently stated that a full SIP URI must be
provided for the option.
The res_pjsip_outbound_registration module has also been changed so
that the provided outbound_proxy value is checked to ensure it is a
URI and if not an error is output stating so.
George Joseph [Fri, 10 Feb 2017 00:05:01 +0000 (17:05 -0700)]
pjproject_bundled: Update for pjproject 2.6
* Removed all 2.5.5 functional patches.
* Updated usages of pj_release_pool to be "safe".
* Updated configure options to disable webrtc.
* Updated config_site.h to disable webrtc in pjmedia.
* Added Richard Mudgett's recent resolver patches.
George Joseph [Thu, 23 Feb 2017 21:49:17 +0000 (14:49 -0700)]
build: Execute ldconfig to build cache. (take two)
On some platforms a multiarch approach is used for libraries.
The build system does not take this into account and still
places libraries into the lib directory if no --libdir is
specified to configure. On initial startup this results in
libasteriskssl.so not being found, as it is not in the multiarch
lib directory. To make matters worse, options were being passed
to ldconfig on both Linux and FreeBSD that actually prevented
the rebuild of the cache.
* Fedora has a /usr/share/config.site that automatically tells
autoconf to use /usr/lib64 but CentOS does not. This logic was
copied to configure.ac and modified so systems like Ubuntu,
which still use /usr/lib for 64-bit systems, aren't affected.
Now that we have them in the correct directory...
In order for the system loader to find libasteriskssl and
libasteriskpj, one of 3 things has to happen...
- The linker cache must be rebuilt including the directory
where the libasterisk* libraries were installed. Only root
can rebuild the cache. This was busted.
- We have to link the asterisk binary with an rpath pointing
to the directrory where the libasterisk* libraries were
installed. This makes things very complicated and will happen
over the collective dead bodies of everyone who's had to
package a distribution with an rpath.
- Finally, you can start asterisk with LD_LIBRARY_PATH set to the
directrory where the libasterisk* libraries were installed.
There are no other options. So...
* The invokation of ldconfig has been moved from main/Makefile
to ASTTOPDIR/Makefile, the options have been removed, and
DESTDIR/ASTLIBDIR appended. If you aren't root, you will be
warned after the "Asterisk Installation Compete" banner that
you must re-run 'make install' as root, manually run
'ldconfig DESTDIR/ASTLIBDIR' as root, or run asterisk with
LD_LIBRARY_PATH.
Sean Bright [Wed, 22 Feb 2017 14:53:25 +0000 (09:53 -0500)]
res_config_ldap: Various code improvements
The initial motivation for this patch was to properly handle memory
allocation failures - we weren't checking the return values from the
various LDAP library allocation functions.
In the process, because update_ldap() and update2_ldap() were
substantially the same code, they've been consolidated.
Michael L. Young [Wed, 22 Feb 2017 19:08:05 +0000 (14:08 -0500)]
build_tools: Fix download_externals to allow the use of curl or wget
Not sure if this is really a bug versus an improvement. I can see it being
viewed as a bug though by some.
The current build_tools/download_externals file depends on wget in order to
download external modules. The current build system is able to discover
which tool to use for fetching remote files - either wget or curl.
This patch takes advantage of this capability by modifying the two calls to
the wget binary to instead use what was discovered by the build system.
The patterns provided by pbx_realtime were checked in the order in
which they were returned from the realtime backend. If there was
overlap between multiple patterns, the first one to correctly match was
chosen even though it may not have been the best match.
We now sort the patterns descending by their length and compare in that
order. There may be cases where this still results in a sub-optimal
match, but this patch should improve the overall behavior.
ASTERISK-18271 #close
Reported by: Charlie Smurthwaite
Sean Bright [Tue, 21 Feb 2017 21:09:47 +0000 (16:09 -0500)]
pbx_dundi: DUNDi weight parameter not processed correctly
The DUNDi weight field is not always converted from network byte order
to host byte order. This can result in incorrect weight values and
incorrect selection of DUNDi destinations.
ASTERISK-18731 #close
Reported by: Peter Racz
Patches:
dundi_weight.patch (license #6290) patch uploaded by Peter Racz
Joshua Colp [Tue, 21 Feb 2017 22:34:56 +0000 (16:34 -0600)]
Merge changes from topic 'ASTERISK-26580' into 13
* changes:
res_config_ldap: Don't try to delete non-existent attributes
res_config_ldap: Remove extraneous line numbers from log messages
res_config_ldap: Make memory allocation more consistent
res_config_ldap: Fix configuration inheritance from _general
ast_load_realtime_multientry() returns an ast_config structure whose
ast_categorys are keyed with the empty strings. Several modules were
giving semantic meaning to the category names causing problems at
runtime.
* app_directory: Treated the category name as the mailbox name, and
would fail to direct calls to the appropriate extension after an
entry was chosen.
* app_queue: Queues, queue members, and queue rules were all affected
and needed to be updated.
* pbx_realtime: Pattern matching would never succeed because the
extension entered by the user was always compared to the empty
string.
Sean Bright [Tue, 21 Feb 2017 14:56:54 +0000 (09:56 -0500)]
realtime: Centralize some common realtime backend code
All of the realtime backends create artificial ast_categorys to pass
back into the core as query results. These categories have no filename
or line number information associated with them and the backends differ
slightly on how they create them. So create a couple helper macros to
help make things more consistent.
Also updated the call sites to remove redundant error messages about
memory allocation failure.
Note that res_config_ldap sets the category filename to the 'table name'
but that is not read by anything in the core, so I've dropped it.
Joshua Colp [Thu, 16 Feb 2017 16:30:00 +0000 (16:30 +0000)]
build: Execute ldconfig to build cache.
On some platforms a multiarch approach is used for libraries.
The build system does not take this into account and still
places libraries into the lib directory if no --libdir is
specified to configure. On initial startup this results in
libasteriskssl.so not being found, as it is not in the multiarch
lib directory.
This change does the minimally invasive thing and executes
ldconfig so that the libraries in the lib directory are found
and their location cached. By doing so Asterisk starts up fine.
If DESTDIR is specified, however, the old logic is executed as
the install process may not have permission to alter the ldconfig
cache.
The inbound authentication object is supposed to be immutable when it is
stored in sorcery. However, the immutable property is violated if the
authentication object does not have a realm set.
The immutable contract violation has a different effect depending upon
what sorcery back end is used. If it is the config file back end you
would get the same object back until res_pjsip is reloaded. If it is the
real-time or AstDB back end you would get a new object on each query. If
it is cached you would get the same object back until it is refreshed from
the database.
Once an inbound authentication object has its realm set it may or may not
get updated again if the default_realm changes.
If the same authentication object is used for inbound and outbound
authentication then the immutable violation can make it very hard to
determine why the outbound authentication now fails. The only diagnostic
message is a complaint about no realms matching when it had worked
earlier. It fails because of the difference in behaviour for an empty
realm setting between inbound and outbound authentication objects.
* Fixed the sorcery object immutable violation by creating a new object
and setting the default_realm on it instead. The new object is a shallow
copy for speed.
* The auth_store thread storage no longer holds an auth ref. It
interferes with the shallow copy and never needed a ref anyway.
There was code attempting to update the artificial authentication object
whenever the default_realm changed. However, once the artificial
authentication object was created it would never get updated. The
artificial authentication object would require a system restart for a
change to the default_realm to take effect.
Using the same auth section for inbound and outbound authentication is not
recommended. There is a difference in meaning for an empty realm setting
between inbound and outbound authentication uses.
An empty inbound auth realm represents the global section's default_realm
value when the authentication object is used to challenge an incoming
request. An empty outgoing auth realm is treated as a don't care wildcard
when the authentication object is used to respond to an incoming
authentication challenge.
Richard Mudgett [Mon, 13 Feb 2017 23:11:06 +0000 (17:11 -0600)]
pjproject: Fixes to resolve DNS SRV crashes.
* Re #1945 (misc): Don't trigger SRV complete callback when there is a
parse error.
* srv_resolver.c: Don't try to send query if already considered resolved.
** In resolve_hostnames() don't try to resolve a query that is already
considered resolved.
** In resolve_hostnames() fix DNS typo in comments.
** In build_server_entries() move a common expression assigning to cnt
earlier.
* sip_transport.c: Fix tdata object name to actually contain the pointer.
It helps if the logs referencing a tdata object buffer actually have a
name that includes the correct pointer as part of the name. Also since
the tdata has its own pool it helps if any logs referencing the pool have
the same name as the tdata object. This change brings tdata logging in
line with how tsx objects are named.
Richard Mudgett [Sat, 4 Feb 2017 22:00:14 +0000 (16:00 -0600)]
res_pjsip: Record the serializer earlier on the tdata.
When PJPROJECT needs to do a DNS resolution and there is not a cached
entry available, the SIP request message goes out on the PJSIP monitor
thread instead of the original serializer thread. Thus when the response
comes back it does not get processed by the original sending serializer.
This patch records the serializer on tdata before passing a request
message to PJPROJECT where it can in Asterisk code. There are several
places in PJPROJECT for outbound registration and publishing support that
would need to record the serializer. Unfortunately, without replacing the
PJPROJECT DNS resolver as was done in v14 we cannot fix those without
modifying PJPROJECT.
Even if we backported the DNS resolver from v14, the outbound registration
refresh timer does not go out on a serializer thread but the PJSIP monitor
thread. Fortunately, Asterisk's outbound publish support doesn't use the
auto refresh timer that would also not go out under the serializer thread.
Sean Bright [Mon, 20 Feb 2017 11:53:47 +0000 (06:53 -0500)]
res_config_ldap: Don't try to delete non-existent attributes
OpenLDAP will raise an error when we try to delete an LDAP attribute
that doesn't exist. We need to filter out LDAP_MOD_DELETE requests
based on which attributes the current LDAP entry actually has. There
is of course a small window of opportunity for this to still fail,
but it is much less likely now.
Sean Bright [Mon, 20 Feb 2017 11:45:54 +0000 (06:45 -0500)]
res_config_ldap: Make memory allocation more consistent
The code in update_ldap() and update2_ldap() was using both Asterisk's
memory allocation routines as well as OpenLDAP's. I've changed it so
that everything that is passed to OpenLDAP's functions are allocated
with their routines.
Sean Bright [Mon, 20 Feb 2017 11:30:31 +0000 (06:30 -0500)]
res_config_ldap: Fix configuration inheritance from _general
The "_general" configuration section allows administrators to provide
both general configuration options (host, port, url, etc.) as well as a
global realtime-to-LDAP-attribute mapping that is a fallback if one of
the later sections do not override it. This neglected to exclude the
general configuration options from the mapping. As an example, during
my testing, chan_sip requested 'port' from realtime, and because I did
not have it defined, it pulled in the 'port' configuration option from
"_general." We now filter those out explicitly.
Sean Bright [Mon, 20 Feb 2017 11:27:38 +0000 (06:27 -0500)]
res_config_ldap: Fix erroneous LDAP_MOD_REPLACE in LDAP modify
We always treat the first change of our modification batch as a
replacement when it sometimes is actually a delete. So we have to pass
the correct arguments to the OpenLDAP library.
ASTERISK-26580 #close
Reported by: Nicholas John Koch
Patches:
res_config_ldap.c-11.24.1.patch (license #6833) patch uploaded
by Nicholas John Koch
Sean Bright [Wed, 15 Feb 2017 17:55:19 +0000 (12:55 -0500)]
res_config_sqlite3: Fix crash when loading with invalid config
When ast_config_load() fails with CONFIG_STATUS_FILEINVALID, it has
already destroyed the ast_config struct for us. Trying to do it again
results in a crash.
Sean Bright [Thu, 16 Feb 2017 14:38:06 +0000 (09:38 -0500)]
realtime: Fix LIKE escaping in SQL backends
The realtime framework allows for components to look up values using a
LIKE clause with similar syntax to SQL's. pbx_realtime uses this
functionality to search for pattern matching extensions that start with
an underscore (_).
When passing an underscore to SQL's LIKE clause, it will be interpreted
as a wildcard matching a single character and therefore needs to be
escaped. It is (for better or for worse) the responsibility of the
component that is querying realtime to escape it with a backslash before
passing it in. Some RDBMs support escape characters by default, but the
SQL92 standard explicitly says that there are no escape characters
unless they are specified with an ESCAPE clause, e.g.
SELECT * FROM table WHERE column LIKE '\_%' ESCAPE '\'
This patch instructs 3 backends - res_config_mysql, res_config_pgsql,
and res_config_sqlite3 - to use the ESCAPE clause where appropriate.
Looking through documentation and source tarballs, I was able to
determine that the ESCAPE clause is supported in:
MySQL 5.0.15 (released 2005-10-22 - earliest version available from
archives)
PostgreSQL 7.1 (released 2001-04-13)
SQLite 3.1.0 (released 2005-01-21)
The versions of the relevant libraries that we depend on to access MySQL
and PostgreSQL will not work on versions that old, and I've added an
explicit check in res_config_sqlite3 to only use the ESCAPE clause when
we have a sufficiently new version of SQLite3.
res_config_odbc already handles the escape characters appropriately, so
no changes were required there.
Joshua Colp [Thu, 16 Feb 2017 16:30:00 +0000 (16:30 +0000)]
build: Execute ldconfig to build cache.
On some platforms a multiarch approach is used for libraries.
The build system does not take this into account and still
places libraries into the lib directory if no --libdir is
specified to configure. On initial startup this results in
libasteriskssl.so not being found, as it is not in the multiarch
lib directory.
This change does the minimally invasive thing and executes
ldconfig so that the libraries in the lib directory are found
and their location cached. By doing so Asterisk starts up fine.
Sean Bright [Thu, 16 Feb 2017 11:46:04 +0000 (06:46 -0500)]
res_config_sqlite3: Properly create missing columns when necessary
There were two specific issues resolved here:
1) The code that iterated over the required fields
(via ast_realtime_require) was broken for the RQ_INTEGER1 field
type. Iteration would stop when the first RQ_INTEGER1 (0) field
was encountered.
2) sqlite3_changes() was used to try and count the number of rows
returned by a SELECT statement. sqlite3_changes() only counts
affected rows, so this was always returning the value from the
most recent data modification statement. We now separate read-only
queries from data modification queries and count rows appropriately
in both cases.
ASTERISK-23457 #close
Reported by: Scott Griepentrog
chan_unistim: fix char type to have consistent behavior on ARM
There is difference exists in behaviour of char type on x86 and ARM.
On x86 by default char variable type means signed char, but in ARM
unsigned char used. This make binary calculations and negative values
works wrong on ARM.
This patch change type of char variables used for store negative
values and binary calculations to signed char.
This patch fixes 2 original issues and more that those 2 exposed.
* When we send a NOTIFY, and the client either doesn't respond or
responds with a non OK, pjproject only calls our
pubsub_on_evsub_state callback, no others. Since
pubsub_on_evsub_state (which does the sub_tree cleanup) does not
expect to be called back without the other callbacks being called
first, it just returns leaving the sub_tree orphaned. Now
pubsub_on_evsub_state checks the event for PJSIP_EVENT_TSX_STATE
which is what pjproject will set to tell us that it was the
transaction that timed out or failed and not the subscription
itself timing our or being terminated by the client. If is
TSX_STATE, pubsub_on_evsub_state now does the proper cleanup
regardless of the state of the subscription.
* When a client renews a subscription, we don't update the
persisted subscription with the new expires timestamp. This causes
subscription_persistence_recreate to prune the subscription if/when
asterisk restarts. Now, pubsub_on_rx_refresh calls
subscription_persistence_update to apply the new expires timestamp.
This exposed other issues however...
* When creating a dialog from rdata (which sub_persistence_recreate
does from the packet buffer) there must NOT be a tag on the To
header (which there will be when a client refreshes a
subscription). If there is one, pjsip_dlg_create_uas will fail.
To address this, subscription_persistence_update now accepts a flag
that indicates that the original packet buffer must not be updated.
New subscribes don't set the flag and renews do. This makes sure
that when the rdata is recreated on asterisk startup, it's done
from the original subscribe packet which won't have the tag on To.
* When creating a dialog from rdata, we were setting the dialog's
remote (SUBSCRIBE) cseq to be the same as the local (NOTIFY) cseq.
When the client tried to resubscribe after a restart with the
correct cseq, we'd reject the request with an Invalid CSeq error.
* The acts of creating a dialog and evsub by themselves when
recreating a subscription does NOT restart pjproject's subscription
timer. The result was that even if we did correctly recreate the
subscription, we never removed it if the client happened to go away
or send a non-OK response to a NOTIFY. However, there is no
pjproject function exposed to just set the timer on an evsub that
wasn't created by an incoming subscribe request. To address this,
we create our own timer using ast_sip_schedule_task. This timer is
used only for re-establishing subscriptions after a restart.
An earlier approach was to add support for setting pjproject's
timer (via a pjproject patch) and while that patch is still included
here, we don't use that call at the moment.
While addressing these issues, additional debugging was added and
some existing messages made more useful. A few formatting changes
were also made to 'pjsip show scheduled tasks' to make displaying
the subscription timers a little more friendly.
Sean Bright [Wed, 15 Feb 2017 17:03:00 +0000 (12:03 -0500)]
res_rtp_asterisk: Use PJ_ICE_MAX_CAND instead of hard-coding 16
pjsip limits the total number of ICE candidates to PJ_ICE_MAX_CAND,
which is a compile-time constant. Instead of hard-coding 16 when we
enumerate local interfaces, use PJ_ICE_MAX_CAND so that we can
potentially collect more interfaces if the compile time options are
changed.
Tzafrir Cohen [Sat, 21 Jan 2017 05:59:15 +0000 (07:59 +0200)]
tcptls: use TLS_client_method with OpenSSL 1.1
OpenSSL 1.1 introduced TLS_client_method() and deprecated the previous
version-specific methods (such as TLSv1_client_method(). Other than
being simpler to use and more correct (gain support for TLS newer that
TLS1, in our case), the older ones produce a deprecation warning that
fails the build in dev-mode.
projects / thirdparty / asterisk.git / log
