George Joseph [Tue, 31 Dec 2024 18:10:20 +0000 (11:10 -0700)]
Header fixes for compiling C++ source files
A few tweaks needed to be done to some existing header files to allow them to
be compiled when included from C++ source files.
logger.h had declarations for ast_register_verbose() and
ast_unregister_verbose() which caused C++ issues but those functions were
actually removed from logger.c many years ago so the declarations were just
removed from logger.h.
George Joseph [Fri, 27 Dec 2024 15:19:08 +0000 (08:19 -0700)]
Add ability to pass arguments to unit tests from the CLI
Unit tests can now be passed custom arguments from the command
line. For example, the following command would run the "mytest" test
in the "/main/mycat" category with the option "myoption=54"
`CLI> test execute category /main/mycat name mytest options myoption=54`
You can also pass options to an entire category...
`CLI> test execute category /main/mycat options myoption=54`
Basically, everything after the "options" keyword is passed verbatim to
the test which must decide what to do with it.
* A new API ast_test_get_cli_args() was created to give the tests access to
the cli_args->argc and cli_args->argv elements.
* Although not needed for the option processing, a new macro
ast_test_validate_cleanup_custom() was added to test.h that allows you
to specify a custom error message instead of just "Condition failed".
* The test_skel.c was updated to demonstrate parsing options and the use
of the ast_test_validate_cleanup_custom() macro.
Kent [Tue, 3 Dec 2024 14:24:44 +0000 (08:24 -0600)]
res_pjsip: Add new AOR option "qualify_2xx_only"
Added a new option "qualify_2xx_only" to the res_pjsip AOR qualify
feature to mark a contact as available only if an OPTIONS request
returns a 2XX response. If the option is not specified or is false,
any response to the OPTIONS request marks the contact as available.
UserNote: The pjsip.conf AOR section now has a "qualify_2xx_only"
option that can be set so that only 2XX responses to OPTIONS requests
used to qualify a contact will mark the contact as available.
Jaco Kroon [Tue, 10 Dec 2024 19:47:49 +0000 (21:47 +0200)]
res_odbc: release threads from potential starvation.
Whenever a slot is freed up due to a failed connection, wake up a waiter
before failing.
In the case of a dead connection there could be waiters, for example,
let's say two threads tries to acquire objects at the same time, with
one in the cached connections, one will acquire the dead connection, and
the other will enter into the wait state. The thread with the dead
connection will clear up the dead connection, and then attempt a
re-acquire (at this point there cannot be cached connections else the
other thread would have received that and tried to clean up), as such,
at this point we're guaranteed that either there are no waiting threads,
or that the maxconnections - connection_cnt threads will attempt to
re-acquire connections, and then either succeed, using those
connections, or failing, and then signalling to release more waiters.
Also fix the pointer log for ODBC handle %p dead which would always
reflect NULL.
George Joseph [Mon, 9 Dec 2024 19:54:53 +0000 (12:54 -0700)]
Allow C++ source files (as extension .cc) in the main directory
Although C++ files (as extension .cc) have been handled in the module
directories for many years, the main directory was missing one line in its
Makefile that prevented C++ files from being recognised there.
Naveen Albert [Wed, 9 Aug 2023 22:30:53 +0000 (22:30 +0000)]
config.c: Make ast_variable_retrieve return last match.
ast_variable_retrieve currently returns the first match
for a variable, as opposed to the last one. This is problematic
because modules that load config settings by explicitly
calling ast_variable_retrieve on a variable name (as opposed
to iterating through all the directives as specified) will
end up taking the first specified value, such as the default
value from the template rather than the actual effective value
in an individual config section, leading to the wrong config.
This fixes this by making ast_variable_retrieve return the last
match, or the most recently overridden one, as the effective setting.
This is similar to what the -1 index in the AST_CONFIG function does.
There is another function, ast_variable_find_last_in_list, that does
something similar. However, it's a slightly different API, and it
sees virtually no usage in Asterisk. ast_variable_retrieve is what
most things use so this is currently the relevant point of breakage.
In practice, this is unlikely to cause any breakage, since there
would be no logical reason to use an inherited value rather than
an explicitly overridden value when loading a config.
ASTERISK-30370 #close
Resolves: #244
UpgradeNote: Config variables retrieved explicitly by name now return
the most recently overriding value as opposed to the base value (e.g.
from a template). This is equivalent to retrieving a config setting
using the -1 index to the AST_CONFIG function. The major implication of
this is that modules processing configs by explicitly retrieving variables
by name will now get the effective value of a variable as overridden in
a config rather than the first-set value (from a template), which is
consistent with how other modules load config settings.
Sometimes it's impossible to get a file extension from URL
(eg. http://example.com/gsm/your) so we have to rely on content-type header.
Currenly, asterisk does not support content-type for gsm format(unlike wav).
Added audio/gsm according to https://www.rfc-editor.org/rfc/rfc4856.html
Maksim Nesterov [Sun, 1 Dec 2024 19:42:50 +0000 (19:42 +0000)]
func_uuid: Add a new dialplan function to generate UUIDs
This function is useful for uniquely identifying calls, recordings, and other entities in distributed environments, as well as for generating an argument for the AudioSocket application.
Sperl Viktor [Wed, 27 Nov 2024 16:36:39 +0000 (17:36 +0100)]
app_queue: allow dynamically adding a queue member in paused state.
Fixes: #1007
UserNote: use the p option of AddQueueMember() for paused member state.
Optionally, use the r(reason) option to specify a custom reason for the pause.
chan_pjsip: Send VIDUPDATE RTP frame for all H.264 streams
Currently, when a chan_pjsip channel receives a VIDUPDATE indication,
an RTP VIDUPDATE frame is only queued on a H.264 stream if WebRTC is
enabled on that endpoint. This restriction does not really make sense.
Now, a VIDUPDATE RTP frame is written even if WebRTC is not enabled (as
is the case with VP8, VP9, and H.265 streams).
Tinet-mucw [Thu, 22 Aug 2024 06:42:19 +0000 (14:42 +0800)]
audiohook.c: resolving the issue with audiohook both reading when packet loss on one side of the call
When there is 0% packet loss on one side of the call and 15% packet loss on the other side, reading frame is often failed when reading direction_both audiohook. when read_factory available = 0, write_factory available = 320; i think write factory is usable read; because after reading one frame, there is still another frame that can be read together with the next read factory frame.
Mike Pultz [Thu, 21 Nov 2024 06:42:44 +0000 (01:42 -0500)]
manager.c: Add Processed Call Count to CoreStatus output
This update adds the processed call count to the CoreStatus AMI Action responsie. This output is
similar to the values returned by "core show channels" or "core show calls" in the CLI.
UserNote: The current processed call count is now returned as CoreProcessedCalls from the
CoreStatus AMI Action.
Mike Pultz [Sat, 9 Nov 2024 19:19:49 +0000 (14:19 -0500)]
func_curl.c: Add additional CURL options for SSL requests
This patch adds additional CURL TLS options / options to support mTLS authenticated requests:
* ssl_verifyhost - perform a host verification on the peer certificate (CURLOPT_SSL_VERIFYHOST)
* ssl_cainfo - define a CA certificate file (CURLOPT_CAINFO)
* ssl_capath - define a CA certificate directory (CURLOPT_CAPATH)
* ssl_cert - define a client certificate for the request (CURLOPT_SSLCERT)
* ssl_certtype - specify the client certificate type (CURLOPT_SSLCERTTYPE)
* ssl_key - define a client private key for the request (CURLOPT_SSLKEY)
* ssl_keytype - specify the client private key type (CURLOPT_SSLKEYTYPE)
* ssl_keypasswd - set a password for the private key, if required (CURLOPT_KEYPASSWD)
UserNote: The following new configuration options are now available
in the res_curl.conf file, and the CURL() function: 'ssl_verifyhost'
(CURLOPT_SSL_VERIFYHOST), 'ssl_cainfo' (CURLOPT_CAINFO), 'ssl_capath'
(CURLOPT_CAPATH), 'ssl_cert' (CURLOPT_SSLCERT), 'ssl_certtype'
(CURLOPT_SSLCERTTYPE), 'ssl_key' (CURLOPT_SSLKEY), 'ssl_keytype',
(CURLOPT_SSLKEYTYPE) and 'ssl_keypasswd' (CURLOPT_KEYPASSWD). See the
libcurl documentation for more details.
Naveen Albert [Thu, 14 Nov 2024 14:15:45 +0000 (09:15 -0500)]
sig_analog: Fix regression with FGD and E911 signaling.
Commit 466eb4a52b69e6dead7ebba13a83f14ef8a559c1 introduced a regression
which completely broke Feature Group D and E911 signaling, by removing
the call to analog_my_getsigstr, which affected multiple switch cases.
Restore the original behavior for all protocols except Feature Group C
CAMA (MF), which is all that patch was attempting to target.
George Joseph [Fri, 8 Nov 2024 18:22:12 +0000 (11:22 -0700)]
res_stir_shaken: Allow sending Identity headers for unknown TNs
Added a new option "unknown_tn_attest_level" to allow Identity
headers to be sent when a callerid TN isn't explicitly configured
in stir_shaken.conf. Since there's no TN object, a private_key_file
and public_cert_url must be configured in the attestation or profile
objects.
Since "unknown_tn_attest_level" uses the same enum as attest_level,
some of the sorcery macros had to be refactored to allow sharing
the enum and to/from string conversion functions.
Also fixed a memory leak in crypto_utils:pem_file_cb().
Resolves: #921
UserNote: You can now set the "unknown_tn_attest_level" option
in the attestation and/or profile objects in stir_shaken.conf to
enable sending Identity headers for callerid TNs not explicitly
configured.
George Joseph [Fri, 15 Nov 2024 17:24:42 +0000 (10:24 -0700)]
res_pjsip: Change suppress_moh_on_sendonly to OPT_BOOL_T
The suppress_moh_on_sendonly endpoint option should have been
defined as OPT_BOOL_T in pjsip_configuration.c and AST_BOOL_VALUES
in the alembic script instead of OPT_YESNO_T and YESNO_VALUES.
Also updated contrib/ast-db-manage/README.md to indicate that
AST_BOOL_VALUES should always be used and provided an example.
George Joseph [Tue, 5 Nov 2024 18:30:55 +0000 (11:30 -0700)]
res_pjsip: Add new endpoint option "suppress_moh_on_sendonly"
Normally, when one party in a call sends Asterisk an SDP with
a "sendonly" or "inactive" attribute it means "hold" and causes
Asterisk to start playing MOH back to the other party. This can be
problematic if it happens at certain times, such as in a 183
Progress message, because the MOH will replace any early media you
may be playing to the calling party. If you set this option
to "yes" on an endpoint and the endpoint receives an SDP
with "sendonly" or "inactive", Asterisk will NOT play MOH back to
the other party.
Resolves: #979
UserNote: The new "suppress_moh_on_sendonly" endpoint option
can be used to prevent playing MOH back to a caller if the remote
end sends "sendonly" or "inactive" (hold) to Asterisk in an SDP.
George Joseph [Wed, 6 Nov 2024 17:31:08 +0000 (10:31 -0700)]
res_pjsip: Move tenantid to end of ast_sip_endpoint
The tenantid field was originally added to the ast_sip_endpoint
structure at the end of the AST_DECLARE_STRING_FIELDS block. This
caused everything after it in the structure to move down in memory
and break ABI compatibility. It's now at the end of the structure
as an AST_STRING_FIELD_EXTENDED. Given the number of string fields
in the structure now, the initial string field allocation was
also increased from 64 to 128 bytes.
Naveen Albert [Wed, 23 Oct 2024 12:34:07 +0000 (08:34 -0400)]
config.c Make ast_variable_update update last match.
ast_variable_update currently sets the first match for a variable, as
opposed to the last one. This issue is complementary to that raised
in #244.
This is incorrect and results in the wrong (or no) action being taken
in cases where a section inherits from a template section. When the
traversal occurs to update the setting, the existing code erroneously
would use the first of possibly multiple matches in its update logic,
which is wrong. Now, explicitly use the last match in the traversal,
which will ensure that the actual setting is updated properly, and
not skipped or ignored because a template from which the setting's
section inherits was used for comparison.
Resolves: #960
UpgradeNote: Config variables, when set/updated, such as via AMI,
will now have the corresponding setting updated, even if their
sections inherit from template sections.
Naveen Albert [Thu, 17 Oct 2024 13:18:45 +0000 (09:18 -0400)]
func_evalexten: Add EVAL_SUB function.
This adds an EVAL_SUB function, which is similar to the existing
EVAL_EXTEN function but significantly more powerful, as it allows
executing arbitrary dialplan and capturing its return value as
the function's output. While EVAL_EXTEN should be preferred if it
is possible to use it, EVAL_SUB can be used in a wider variety
of cases and allows arbitrary computation to be performed in
a dialplan function call, leveraging the dialplan.
George Joseph [Fri, 1 Nov 2024 14:22:14 +0000 (08:22 -0600)]
res_srtp: Change Unsupported crypto suite msg from verbose to debug
There's really no point in spamming logs with a verbose message
for every unsupported crypto suite an older client may send
in an SDP. If none are supported, there will be an error or
warning.
Ben Ford [Mon, 28 Oct 2024 19:06:29 +0000 (14:06 -0500)]
app_mixmonitor: Add 'D' option for dual-channel audio.
Adds the 'D' option to app_mixmonitor that interleaves the input and
output frames of the channel being recorded in the monitor output frame.
This allows for two streams in the recording: the transmitted audio and
the received audio. The 't' and 'r' options are compatible with this.
Fixes: #945
UserNote: The MixMonitor application now has a new 'D' option which
interleaves the recorded audio in the output frames. This allows for
stereo recording output with one channel being the transmitted audio and
the other being the received audio. The 't' and 't' options are
compatible with this.
Thomas Guebels [Mon, 28 Oct 2024 16:29:48 +0000 (17:29 +0100)]
pjsip_transport_events: Avoid monitor destruction
When a transport is disconnected, several events can arrive following
each other. The first event will be PJSIP_TP_STATE_DISCONNECT and it
will trigger the destruction of the transport monitor object. The lookup
for the transport monitor to destroy is done using the transport key,
that contains the transport destination host:port.
A reconnect attempt by pjsip will be triggered as soon something needs to
send a packet using that transport. This can happen directly after a
disconnect since ca
Subsequent events can arrive later like PJSIP_TP_STATE_DESTROY and will
also try to trigger the destruction of the transport monitor if not
already done. Since the lookup for the transport monitor to destroy is
done using the transport key, it can match newly created transports
towards the same destination and destroy their monitor object.
Because of this, it was sometimes not possible to monitor a transport
after one or more disconnections.
This fix adds an additional check on the transport pointer to ensure
only a monitor for that specific transport is removed.
Naveen Albert [Wed, 16 Oct 2024 21:46:42 +0000 (17:46 -0400)]
app_dial: Fix progress timeout calculation with no answer timeout.
If to_answer is -1, simply comparing to see if the progress timeout
is smaller than the answer timeout to prefer it will fail. Add
an additional check that chooses the progress timeout if there is
no answer timeout (or as before, if the progress timeout is smaller).
George Joseph [Thu, 17 Oct 2024 15:51:38 +0000 (09:51 -0600)]
pjproject_bundled: Tweaks to support out-of-tree development
* pjproject is now configured with --disable-libsrtp so it will
build correctly when doing "out-of-tree" development. Asterisk
doesn't use pjproject for handling media so pjproject doesn't
need libsrtp itself.
* The pjsua app (which we used to use for the testsuite) no longer
builds in pjproject's master branch so we just skip it. The
testsuite no longer needs it anyway.
See third-party/pjproject/README-hacking.md for more info on building
pjproject "out-of-tree".
The original change from 16 to 15 bit sequence numbers was predicated
on the following from the now-defunct libSRTP FAQ on sourceforge.net:
> *Q6. The use of implicit synchronization via ROC seems
> dangerous. Can senders and receivers lose ROC synchronization?*
>
> **A.** It is possible to lose ROC synchronization between sender and
> receiver(s), though it is not likely in practice, and practical
> steps can be taken to avoid it. A burst loss of 2^16 packets or more
> will always break synchronization. For example, a conversational
> voice codec that sends 50 packets per second will have its ROC
> increment about every 22 minutes. A network with a burst of packet
> loss that long has problems other than ROC synchronization.
>
> There is a higher sensitivity to loss at the very outset of an SRTP
> stream. If the sender's initial sequence number is close to the
> maximum value of 2^16-1, and all packets are lost from the initial
> packet until the sequence number cycles back to zero, the sender
> will increment its ROC, but the receiver will not. The receiver
> cannot determine that the initial packets were lost and that
> sequence-number rollover has occurred. In this case, the receiver's
> ROC would be zero whereas the sender's ROC would be one, while their
> sequence numbers would be so close that the ROC-guessing algorithm
> could not detect this fact.
>
> There is a simple solution to this problem: the SRTP sender should
> randomly select an initial sequence number that is always less than
> 2^15. This ensures correct SRTP operation so long as fewer than 2^15
> initial packets are lost in succession, which is within the maximum
> tolerance of SRTP packet-index determination (see Appendix A and
> page 14, first paragraph of RFC 3711). An SRTP receiver should
> carefully implement the index-guessing algorithm. A naive
> implementation can unintentionally guess the value of
> 0xffffffffffffLL whenever the SEQ in the packet is greater than 2^15
> and the locally stored SEQ and ROC are zero. (This can happen when
> the implementation fails to treat those zero values as a special
> case.)
>
> When ROC synchronization is lost, the receiver will not be able to
> properly process the packets. If anti-replay protection is turned
> on, then the desynchronization will appear as a burst of replay
> check failures. Otherwise, if authentication is being checked, then
> it will appear as a burst of authentication failures. Otherwise, if
> encryption is being used, the desynchronization may not be detected
> by the SRTP layer, and the packets may be improperly decrypted.
However, modern libSRTP (as of 1.0.1[1]) now mentions the following in
their README.md[2]:
> The sequence number in the rtp packet is used as the low 16 bits of
> the sender's local packet index. Note that RTP will start its
> sequence number in a random place, and the SRTP layer just jumps
> forward to that number at its first invocation. An earlier version
> of this library used initial sequence numbers that are less than
> 32,768; this trick is no longer required as the
> rdbx_estimate_index(...) function has been made smarter.
So truncating our initial sequence number to 15 bit is no longer
necessary.
George Joseph [Tue, 15 Oct 2024 17:11:28 +0000 (11:11 -0600)]
core_unreal.c: Fix memory leak in ast_unreal_new_channels()
When the channel tech is multistream capable, the reference to
chan_topology was passed to the new channel. When the channel tech
isn't multistream capable, the reference to chan_topology was never
released. "Local" channels are multistream capable so it didn't
affect them but the confbridge "CBAnn" and the bridge_media
"Recorder" channels are not so they caused a leak every time one
of them was created.
Also added tracing to ast_stream_topology_alloc() and
stream_topology_destroy() to assist with debugging.
Allan Nathanson [Sun, 29 Sep 2024 22:45:51 +0000 (18:45 -0400)]
dnsmgr.c: dnsmgr_refresh() incorrectly flags change with DNS round-robin
The dnsmgr_refresh() function checks to see if the IP address associated
with a name/service has changed. The gotcha is that the ast_get_ip_or_srv()
function only returns the first IP address returned by the DNS query. If
there are multiple IPs associated with the name and the returned order is
not consistent (e.g. with DNS round-robin) then the other IP addresses are
not included in the comparison and the entry is flagged as changed even
though the IP is still valid.
Updated the code to check all IP addresses and flag a change only if the
original IP is no longer valid.
Naveen Albert [Thu, 3 Oct 2024 21:33:39 +0000 (17:33 -0400)]
app_dial: Fix progress timeout.
Under some circumstances, the progress timeout feature added in commit 320c98eec87c473bfa814f76188a37603ea65ddd does not work as expected,
such as if there is no media flowing. Adjust the waitfor call to
explicitly use the progress timeout if it would be reached sooner than
the answer timeout to ensure we handle the timers properly.
Naveen Albert [Wed, 2 Oct 2024 00:24:00 +0000 (20:24 -0400)]
chan_dahdi: Never send MWI while off-hook.
In some circumstances, it is possible for the do_monitor thread to
erroneously think that a line is on-hook and send an MWI FSK spill
to it when the line is really off-hook and no MWI should be sent.
Commit 0a8b3d34673277b70be6b0e8ac50191b1f3c72c6 previously fixed this
issue in a more readily encountered scenario, but it has still been
possible for MWI to be sent when it shouldn't be. To robustly fix
this issue, query DAHDI for the hook status to ensure we don't send
MWI on a line that is actually still off hook.
Sean Bright [Mon, 30 Sep 2024 15:48:56 +0000 (11:48 -0400)]
res_agi.c: Ensure SIGCHLD handler functions are properly balanced.
Calls to `ast_replace_sigchld()` and `ast_unreplace_sigchld()` must be
balanced to ensure that we can capture the exit status of child
processes when we need to. This extends to functions that call
`ast_replace_sigchld()` and `ast_unreplace_sigchld()` such as
`ast_safe_fork()` and `ast_safe_fork_cleanup()`.
The primary change here is ensuring that we do not call
`ast_safe_fork_cleanup()` in `res_agi.c` if we have not previously
called `ast_safe_fork()`.
Additionally we reinforce some of the documentation and add an
assertion to, ideally, catch this sooner were this to happen again.
Naveen Albert [Sun, 29 Sep 2024 13:26:10 +0000 (09:26 -0400)]
main, res, tests: Fix compilation errors on FreeBSD.
asterisk.c, manager.c: Increase buffer sizes to avoid truncation warnings.
config.c: Include header file for WIFEXITED/WEXITSTATUS macros.
res_timing_kqueue: Use more portable format specifier.
test_crypto: Use non-linux limits.h header file.
George Joseph [Mon, 16 Sep 2024 21:17:28 +0000 (15:17 -0600)]
res_rtp_asterisk: Fix dtls timer issues causing FRACKs and SEGVs
In dtls_srtp_handle_timeout(), when DTLSv1_get_timeout() returned
success but with a timeout of 0, we were stopping the timer and
decrementing the refcount on instance but not resetting the
timeout_timer to -1. When dtls_srtp_stop_timeout_timer()
was later called, it was atempting to stop a stale timer and could
decrement the refcount on instance again which would then cause
the instance destructor to run early. This would result in either
a FRACK or a SEGV when ast_rtp_stop(0 was called.
According to the OpenSSL docs, we shouldn't have been stopping the
timer when DTLSv1_get_timeout() returned success and the new timeout
was 0 anyway. We should have been calling DTLSv1_handle_timeout()
again immediately so we now reschedule the timer callback for
1ms (almost immediately).
Additionally, instead of scheduling the timer callback at a fixed
interval returned by the initial call to DTLSv1_get_timeout()
(usually 999 ms), we now reschedule the next callback based on
the last call to DTLSv1_get_timeout().
Ben Ford [Wed, 25 Sep 2024 18:05:58 +0000 (13:05 -0500)]
manager.c: Restrict ModuleLoad to the configured modules directory.
When using the ModuleLoad AMI action, it was possible to traverse
upwards through the directories to files outside of the configured
modules directory. We decided it would be best to restrict access to
modules exclusively in the configured directory. You will now get an
error when the specified module is outside of this limitation.
Fixes: #897
UserNote: The ModuleLoad AMI action now restricts modules to the
configured modules directory.
res_agi.c: Prevent possible double free during `SPEECH RECOGNIZE`
When using the speech recognition module, crashes can occur
sporadically due to a "double free or corruption (out)" error. Now, in
the section where the audio stream is being captured in a loop, each
time after releasing fr, it is set to NULL to prevent repeated
deallocation.
Naveen Albert [Tue, 24 Sep 2024 11:29:59 +0000 (07:29 -0400)]
astfd.c: Avoid calling fclose with NULL argument.
Don't pass through a NULL argument to fclose, which is undefined
behavior, and instead return -1 and set errno appropriately. This
also avoids a compiler warning with glibc 2.38 and newer, as glibc
commit 71d9e0fe766a3c22a730995b9d024960970670af
added the nonnull attribute to this argument.
Peter Jannesen [Fri, 20 Sep 2024 20:13:08 +0000 (22:13 +0200)]
channel: Preserve CHANNEL(userfield) on masquerade.
In certain circumstances a channel may undergo an operation
referred to as a masquerade. If this occurs the CHANNEL(userfield)
value was not preserved causing it to get lost. This change makes
it so that this field is now preserved.
George Joseph [Tue, 24 Sep 2024 16:16:16 +0000 (10:16 -0600)]
stir_shaken: Fix propagation of attest_level and a few other values
attest_level, send_mky and check_tn_cert_public_url weren't
propagating correctly from the attestation object to the profile
and tn.
* In the case of attest_level, the enum needed to be changed
so the "0" value (the default) was "NOT_SET" instead of "A". This
now allows the merging of the attestation object, profile and tn
to detect when a value isn't set and use the higher level value.
* For send_mky and check_tn_cert_public_url, the tn default was
forced to "NO" which always overrode the profile and attestation
objects. Their defaults are now "NOT_SET" so the propagation
happens correctly.
* Just to remove some redundant code in tn_config.c, a bunch of calls to
generate_sorcery_enum_from_str() and generate_sorcery_enum_to_str() were
replaced with a single call to generate_acfg_common_sorcery_handlers().
George Joseph [Fri, 20 Sep 2024 13:47:53 +0000 (07:47 -0600)]
Fix application references to Background
The app is actually named "BackGround" but several references
in XML documentation were spelled "Background" with the lower
case "g". This was causing documentation links to return
"not found" messages.
George Joseph [Wed, 31 Jul 2024 22:05:45 +0000 (16:05 -0600)]
manager: Enhance event filtering for performance
UserNote: You can now perform more granular filtering on events
in manager.conf using expressions like
`eventfilter(name(Newchannel),header(Channel),method(starts_with)) = PJSIP/`
This is much more efficient than
`eventfilter = Event: Newchannel.*Channel: PJSIP/`
Full syntax guide is in configs/samples/manager.conf.sample.
George Joseph [Wed, 11 Sep 2024 16:06:17 +0000 (10:06 -0600)]
db.c: Remove limit on family/key length
Consumers like media_cache have been running into issues with
the previous astdb "/family/key" limit of 253 bytes when needing
to store things like long URIs. An Amazon S3 URI is a good example
of this. Now, instead of using a static 256 byte buffer for
"/family/key", we use ast_asprintf() to dynamically create it.
Both test_db.c and test_media_cache.c were also updated to use
keys/URIs over the old 253 character limit.
Resolves: #881
UserNote: The `ast_db_*()` APIs have had the 253 byte limit on
"/family/key" removed and will now accept families and keys with a
total length of up to SQLITE_MAX_LENGTH (currently 1e9!). This
affects the `DB*` dialplan applications, dialplan functions,
manager actions and `databse` CLI commands. Since the
media_cache also uses the `ast_db_*()` APIs, you can now store
resources with URIs longer than 253 bytes.
George Joseph [Tue, 17 Sep 2024 16:03:59 +0000 (10:03 -0600)]
res_stir_shaken: Remove stale include for jansson.h in verification.c
verification.c had an include for jansson.h left over from previous
versions of the module. Since res_stir_shaken no longer has a
dependency on jansson, the bundled version wasn't added to GCC's
include path so if you didn't also have a jansson development package
installed, the compile would fail. Removing the stale include
was the only thing needed.
George Joseph [Fri, 13 Sep 2024 14:23:08 +0000 (08:23 -0600)]
res_stir_shaken.c: Fix crash when stir_shaken.conf is invalid
* If the call to ast_config_load() returns CONFIG_STATUS_FILEINVALID,
check_for_old_config() now returns LOAD_DECLINE instead of continuing
on with a bad pointer.
* If CONFIG_STATUS_FILEMISSING is returned, check_for_old_config()
assumes the config is being loaded from realtime and now returns
LOAD_SUCCESS. If it's actually not being loaded from realtime,
sorcery will catch that later on.
* Also refactored the error handling in load_module() a bit.
George Joseph [Wed, 11 Sep 2024 16:19:23 +0000 (10:19 -0600)]
res_stir_shaken: Check for disabled before param validation
For both attestation and verification, we now check whether they've
been disabled either globally or by the profile before validating
things like callerid, orig_tn, dest_tn, etc. This prevents useless
error messages.
app_chanspy.c: resolving the issue writing frame to whisper audiohook.
ChanSpy(${channel}, qEoSw): because flags set o, ast_audiohook_set_frame_feed_direction(audiohook, AST_AUDIOHOOK_DIRECTION_READ); this will effect whisper audiohook and spy audiohook, this makes writing frame to whisper audiohook impossible. So add function start_whispering to starting whisper audiohook.
George Joseph [Mon, 12 Aug 2024 17:58:12 +0000 (11:58 -0600)]
res_resolver_unbound: Test for NULL ub_result in unbound_resolver_callback
The ub_result pointer passed to unbound_resolver_callback by
libunbound can be NULL if the query was for something malformed
like `.1` or `[.1]`. If it is, we now set a 'ns_r_formerr' result
and return instead of crashing with a SEGV. This causes pjproject
to simply cancel the transaction with a "No answer record in the DNS
response" error. The existing "off nominal" unit test was also
updated to check this condition.
Although not necessary for this fix, we also made
ast_dns_resolver_completed() tolerant of a NULL result.
Mike Bradeen [Wed, 21 Aug 2024 16:11:31 +0000 (10:11 -0600)]
res_pjsip_sdp_rtp: Use negotiated DTMF Payload types on bitrate mismatch
When Asterisk sends an offer to Bob that includes 48K and 8K codecs with
matching 4733 offers, Bob may want to use the 48K audio codec but can not
accept 48K digits and so negotiates for a mixed set.
Asterisk will now check Bob's offer to make sure Bob has indicated this is
acceptible and if not, will use Bob's preference.
Tinet-mucw [Fri, 30 Aug 2024 05:45:32 +0000 (13:45 +0800)]
app_chanspy.c: resolving the issue with audiohook direction read
ChanSpy(${channel}, qEoS): When chanspy spy the direction read, reading frame is often failed when reading direction read audiohook. because chanspy only read audiohook direction read; write_factory_ms will greater than 100ms soon, then ast_slinfactory_flush will being called, then direction read will fail.
George Joseph [Sat, 17 Aug 2024 18:13:40 +0000 (12:13 -0600)]
security_agreements.c: Refactor the to_str functions and fix a few other bugs
* A static array of security mechanism type names was created.
* ast_sip_str_to_security_mechanism_type() was refactored to do
a lookup in the new array instead of using fixed "if/else if"
statments.
* security_mechanism_to_str() and ast_sip_security_mechanisms_to_str()
were refactored to use ast_str instead of a fixed length buffer
to store the result.
* ast_sip_security_mechanism_type_to_str was removed in favor of
just referencing the new type name array. Despite starting with
"ast_sip_", it was a static function so removing it doesn't affect
ABI.
* Speaking of "ast_sip_", several other static functions that
started with "ast_sip_" were renamed to avoid confusion about
their public availability.
* A few VECTOR free loops were replaced with AST_VECTOR_RESET().
* Fixed a meomry leak in pjsip_configuration.c endpoint_destructor
caused by not calling ast_sip_security_mechanisms_vector_destroy().
* Fixed a memory leak in res_pjsip_outbound_registration.c
add_security_headers() caused by not specifying OBJ_NODATA in
an ao2_callback.
Alexei Gradinari [Fri, 23 Aug 2024 20:28:24 +0000 (16:28 -0400)]
res_pjsip_sdp_rtp fix leaking astobj2 ast_format
PR #700 added a preferred_format for the struct ast_rtp_codecs,
but when set the preferred_format it leaks an astobj2 ast_format.
In the next code
ast_rtp_codecs_set_preferred_format(&codecs, ast_format_cap_get_format(joint, 0));
both functions ast_rtp_codecs_set_preferred_format
and ast_format_cap_get_format increases the ao2 reference count.
Cade Parker [Wed, 7 Aug 2024 21:11:16 +0000 (16:11 -0500)]
chan_mobile: decrease CHANNEL_FRAME_SIZE to prevent delay
On modern Bluetooth devices or lower-powered asterisk servers, decreasing the channel frame size significantly improves latency and delay on outbound calls with only a mild sacrifice to the quality of the call (the frame size before was massive overkill to begin with)
George Joseph [Thu, 8 Aug 2024 16:57:14 +0000 (10:57 -0600)]
manager.c: Fix FRACK when doing CoreShowChannelMap in DEVMODE
If you run an AMI CoreShowChannelMap on a channel that isn't in a
bridge and you're in DEVMODE, you can get a FRACK because the
bridge id is empty. We now simply return an empty list for that
request.
Ben Ford [Tue, 21 May 2024 16:11:26 +0000 (11:11 -0500)]
channel: Add multi-tenant identifier.
This patch introduces a new identifier for channels: tenantid. It's
a stringfield on the channel that can be used for general purposes. It
will be inherited by other channels the same way that linkedid is.
You can set tenantid in a few ways. The first is to set it in the
dialplan with the Set and CHANNEL functions:
Another method is to use the new tenantid option for pjsip endpoints in
pjsip.conf:
[my_endpoint]
type=endpoint
tenantid=My tenant ID
This is considered the best approach since you will be able to see the
tenant ID as early as the Newchannel event.
It can also be set using set_var in pjsip.conf on the endpoint like
setting other channel variable:
set_var=CHANNEL(tenantid)=My tenant ID
Note that set_var will not show tenant ID on the Newchannel event,
however.
Tenant ID has also been added to CDR. It's read-only and can be accessed
via CDR(tenantid). You can also get the tenant ID of the last channel
communicated with via CDR(peertenantid).
Tenant ID will also show up in CEL records if it has been set, and the
version number has been bumped accordingly.
Fixes: #740
UserNote: tenantid has been added to channels. It can be read in
dialplan via CHANNEL(tenantid), and it can be set using
Set(CHANNEL(tenantid)=My tenant ID). In pjsip.conf, it is recommended to
use the new tenantid option for pjsip endpoints (e.g., tenantid=My
tenant ID) so that it will show up in Newchannel events. You can set it
like any other channel variable using set_var in pjsip.conf as well, but
note that this will NOT show up in Newchannel events. Tenant ID is also
available in CDR and can be accessed with CDR(tenantid). The peer tenant
ID can also be accessed with CDR(peertenantid). CEL includes tenant ID
as well if it has been set.
UpgradeNote: A new versioned struct (ast_channel_initializers) has been
added that gets passed to __ast_channel_alloc_ap. The new function
ast_channel_alloc_with_initializers should be used when creating
channels that require the use of this struct. Currently the only value
in the struct is for tenantid, but now more fields can be added to the
struct as necessary rather than the __ast_channel_alloc_ap function. A
new option (tenantid) has been added to endpoints in pjsip.conf as well.
CEL has had its version bumped to include tenant ID.
A stasis event is now produced when using the TONE_DETECT dialplan
function. This event is published over ARI using the ChannelToneDetected
event. This change does not make it available over AMI.
Fixes: #811
UserNote: Setting the TONE_DETECT dialplan function on a channel
in ARI will now cause a ChannelToneDetected ARI event to be raised
when the specified tone is detected.
George Joseph [Mon, 22 Jul 2024 14:05:03 +0000 (08:05 -0600)]
manager.c: Add entries to Originate blacklist
Added Reload and DBdeltree to the list of dialplan application that
can't be executed via the Originate manager action without also
having write SYSTEM permissions.
Added CURL, DB*, FILE, ODBC and REALTIME* to the list of dialplan
functions that can't be executed via the Originate manager action
without also having write SYSTEM permissions.
If the Queue application is attempted to be run by the Originate
manager action and an AGI parameter is specified in the app data,
it'll be rejected unless the manager user has either the AGI or
SYSTEM permissions.
Mike Bradeen [Wed, 10 Jul 2024 18:58:44 +0000 (12:58 -0600)]
res_stasis: fix intermittent delays on adding channel to bridge
Previously, on command execution, the control thread was awoken by
sending a SIGURG. It was found that this still resulted in some
instances where the thread was not immediately awoken.
This change instead sends a null frame to awaken the control thread,
which awakens the thread more consistently.
Tinet-mucw [Fri, 2 Aug 2024 08:49:58 +0000 (16:49 +0800)]
res_pjsip_sdp_rtp.c: Fix DTMF Handling in Re-INVITE with dtmf_mode set to auto
When the endpoint dtmf_mode is set to auto, a SIP request is sent to the UAC, and the SIP SDP from the UAC does not include the telephone-event. Later, the UAC sends an INVITE, and the SIP SDP includes the telephone-event. In this case, DTMF should be sent by RFC2833 rather than using inband signaling.
George Joseph [Thu, 25 Jul 2024 12:53:43 +0000 (06:53 -0600)]
rtp_engine.c: Prevent segfault in ast_rtp_codecs_payloads_unset()
There can be empty slots in payload_mapping_tx corresponding to
dynamic payload types that haven't been seen before so we now
check for NULL before attempting to use 'type' in the call to
ast_format_cmp.
Note: Currently only chan_sip calls ast_rtp_codecs_payloads_unset()
George Joseph [Fri, 19 Jul 2024 14:46:31 +0000 (08:46 -0600)]
stir_shaken: CRL fixes and a new CLI command
* Fixed a bug in crypto_show_cli_store that was causing asterisk
to crash if there were certificate revocation lists in the
verification certificate store. We're also now prefixing
certificates with "Cert:" and CRLs with "CRL:" to distinguish them
in the list.
* Added 'untrusted_cert_file' and 'untrusted_cert_path' options
to both verification and profile objects. If you have CRLs that
are signed by a different CA than the incoming X5U certificate
(indirect CRL), you'll need to provide the certificate of the
CRL signer here. Thse will show up as 'Untrusted" when showing
the verification or profile objects.
* Fixed loading of crl_path. The OpenSSL API we were using to
load CRLs won't actually load them from a directory, only a file.
We now scan the directory ourselves and load the files one-by-one.
* Fixed the verification flags being set on the certificate store.
- Removed the CRL_CHECK_ALL flag as this was causing all certificates
to be checked for CRL extensions and failing to verify the cert if
there was none. This basically caused all certs to fail when a CRL
was provided via crl_file or crl_path.
- Added the EXTENDED_CRL_SUPPORT flag as it is required to handle
indirect CRLs.
* Added a new CLI command...
`stir_shaken verify certificate_file <certificate_file> [ <profile> ]`
which will assist troubleshooting certificate problems by allowing
the user to manually verify a certificate file against either the
global verification certificate store or the store for a specific
profile.
* Updated the XML documentation and the sample config file.
George Joseph [Wed, 17 Jul 2024 16:44:17 +0000 (10:44 -0600)]
bridge_softmix: Fix queueing VIDUPDATE control frames
softmix_bridge_write_control() now calls ast_bridge_queue_everyone_else()
with the bridge_channel so the VIDUPDATE control frame isn't echoed back.
softmix_bridge_write_control() was setting bridge_channel to NULL
when calling ast_bridge_queue_everyone_else() for VIDUPDATE control
frames. This was causing the frame to be echoed back to the
channel it came from. In certain cases, like when two channels or
bridges are being recorded, this can cause a ping-pong effect that
floods the system with VIDUPDATE control frames.
res_pjsip_path.c: Fix path when dialing using PJSIP_DIAL_CONTACTS()
When using the PJSIP_DIAL_CONTACTS() function for use in the Dial()
command, the contacts are returned in text form, so the input to
the path_outgoing_request() function is a contact value of NULL.
The issue was reported in ASTERISK-28211, but was not actually fixed
in ASTERISK-30100. This fix brings back the code that was previously
removed and adds code to search for a contact to extract the path
value from it.
projects / thirdparty / asterisk.git / log
