All of the realtime backends create artificial ast_categorys to pass
back into the core as query results. These categories have no filename
or line number information associated with them and the backends differ
slightly on how they create them. So create a couple helper macros to
help make things more consistent.
Also updated the call sites to remove redundant error messages about
memory allocation failure.
Note that res_config_ldap sets the category filename to the 'table name'
but that is not read by anything in the core, so I've dropped it.
Change-Id: I3a1fd91e0c807dea1ce3b643b0a6fe5be9002897
On some platforms a multiarch approach is used for libraries.
The build system does not take this into account and still
places libraries into the lib directory if no --libdir is
specified to configure. On initial startup this results in
libasteriskssl.so not being found, as it is not in the multiarch
lib directory.
This change does the minimally invasive thing and executes
ldconfig so that the libraries in the lib directory are found
and their location cached. By doing so Asterisk starts up fine.
If DESTDIR is specified, however, the old logic is executed as
the install process may not have permission to alter the ldconfig
cache.
ASTERISK-26705
Change-Id: If4eca46ac510c6fea5568256280ffdb3888d7bb4
The inbound authentication object is supposed to be immutable when it is
stored in sorcery. However, the immutable property is violated if the
authentication object does not have a realm set.
The immutable contract violation has a different effect depending upon
what sorcery back end is used. If it is the config file back end you
would get the same object back until res_pjsip is reloaded. If it is the
real-time or AstDB back end you would get a new object on each query. If
it is cached you would get the same object back until it is refreshed from
the database.
Once an inbound authentication object has its realm set it may or may not
get updated again if the default_realm changes.
If the same authentication object is used for inbound and outbound
authentication then the immutable violation can make it very hard to
determine why the outbound authentication now fails. The only diagnostic
message is a complaint about no realms matching when it had worked
earlier. It fails because of the difference in behaviour for an empty
realm setting between inbound and outbound authentication objects.
* Fixed the sorcery object immutable violation by creating a new object
and setting the default_realm on it instead. The new object is a shallow
copy for speed.
* The auth_store thread storage no longer holds an auth ref. It
interferes with the shallow copy and never needed a ref anyway.
ASTERISK-26799 #close
Change-Id: I2328a52f61b78ed5fbba38180b7f183ee7e08956
There was code attempting to update the artificial authentication object
whenever the default_realm changed. However, once the artificial
authentication object was created it would never get updated. The
artificial authentication object would require a system restart for a
change to the default_realm to take effect.
ASTERISK-26799
Change-Id: Id59036e9529c2d3ed728af2ed904dc36e7094802
Using the same auth section for inbound and outbound authentication is not
recommended. There is a difference in meaning for an empty realm setting
between inbound and outbound authentication uses.
An empty inbound auth realm represents the global section's default_realm
value when the authentication object is used to challenge an incoming
request. An empty outgoing auth realm is treated as a don't care wildcard
when the authentication object is used to respond to an incoming
authentication challenge.
ASTERISK-26799
Change-Id: Id3952f7cfa1b6683b9954f2c5d2352d2f11059ce
* Re #1945 (misc): Don't trigger SRV complete callback when there is a
parse error.
* srv_resolver.c: Don't try to send query if already considered resolved.
** In resolve_hostnames() don't try to resolve a query that is already
considered resolved.
** In resolve_hostnames() fix DNS typo in comments.
** In build_server_entries() move a common expression assigning to cnt
earlier.
* sip_transport.c: Fix tdata object name to actually contain the pointer.
It helps if the logs referencing a tdata object buffer actually have a
name that includes the correct pointer as part of the name. Also since
the tdata has its own pool it helps if any logs referencing the pool have
the same name as the tdata object. This change brings tdata logging in
line with how tsx objects are named.
ASTERISK-26669 #close
ASTERISK-26738 #close
Change-Id: I56af2ded25476b3e870ca586ee69ed6954ef75af
* Removed overloaded unmatched response ignore. We obviously sent the
request so we shouldn't ignore it because it isn't new work.
ASTERISK-26669
ASTERISK-26738
Change-Id: I55fb5cadc83a8e6699b347c6dc7fa32c5a617d37
vm_authenticate doesn't always set the passed ast_vm_user argument, so
we initialize to 0 before passing it in.
ASTERISK-25893 #close
Reported by: Filip Jenicek
Change-Id: Ia3cc0128f93d352ed9add8d5c2f0f7232c2cbe4a
When listing a container, we now print the number of objects
in the container at the end of the list.
Change-Id: I791cbc3ee9da9a2af9adc655164b5d32953df812
OpenLDAP will raise an error when we try to delete an LDAP attribute
that doesn't exist. We need to filter out LDAP_MOD_DELETE requests
based on which attributes the current LDAP entry actually has. There
is of course a small window of opportunity for this to still fail,
but it is much less likely now.
Change-Id: I3fe1b04472733e43151563aaf9f8b49980273e6b
The code in update_ldap() and update2_ldap() was using both Asterisk's
memory allocation routines as well as OpenLDAP's. I've changed it so
that everything that is passed to OpenLDAP's functions are allocated
with their routines.
Change-Id: Iafec9c1fd8ea49ccc496d6316769a6a426daa804
The "_general" configuration section allows administrators to provide
both general configuration options (host, port, url, etc.) as well as a
global realtime-to-LDAP-attribute mapping that is a fallback if one of
the later sections do not override it. This neglected to exclude the
general configuration options from the mapping. As an example, during
my testing, chan_sip requested 'port' from realtime, and because I did
not have it defined, it pulled in the 'port' configuration option from
"_general." We now filter those out explicitly.
Change-Id: I1fc61560bf96b8ba623063cfb7e0a49c4690d778
We always treat the first change of our modification batch as a
replacement when it sometimes is actually a delete. So we have to pass
the correct arguments to the OpenLDAP library.
ASTERISK-26580 #close
Reported by: Nicholas John Koch
Patches:
res_config_ldap.c-11.24.1.patch (license #6833) patch uploaded
by Nicholas John Koch
Change-Id: I0741d25de07c9539f1edc6eff3696165dfb64fbe
When ast_config_load() fails with CONFIG_STATUS_FILEINVALID, it has
already destroyed the ast_config struct for us. Trying to do it again
results in a crash.
Change-Id: If6a5c0ca718ad428e01a1fb25beb209a9ac18bc6
When AMI encounters an error at the beginning of a session, it would
explicitly call ast_iostream_close() on its tcptls session's iostream.
It then would jump to a label where it would shut down the tcptls
session instance. The tcptls session instance would again attempt to
close the iostream.
Under normal circumstances, this might go by unnoticed. However, when
MALLOC_DEBUG is enabled, all fields on the iostream get set to
0xdeaddead when the iostream is freed. Thus a second call to
ast_iostream_close() after the iostream has been freed would reslt in an
attempt to call SSL_shutdown on 0xdeaddead, which would crash and burn
horribly.
The fix here is to not directly close the iostream from the dangerous
scenarios. The specific scenarios are:
* Exceeding the configured authlimit
* Failing to build a mansession on a new connection
Change-Id: I908f98d516afd5a263bd36b072221008a4731acd
This creates the following:
* Asterisk's internal representation of an SDP
* An API for translating SDPs from one format to another
* An implementation of a translator for PJMEDIA
Change-Id: Ie2ecd3cbebe76756577be9b133e84d2ee356d46b
This is step one of adding an SDP API: defining some
configurable settings for SDPs. This is based on options
that are currently supported in Asterisk.
Change-Id: I1ede91aafed403b12a9ccdfb91a88389baa7e5d7
On some platforms a multiarch approach is used for libraries.
The build system does not take this into account and still
places libraries into the lib directory if no --libdir is
specified to configure. On initial startup this results in
libasteriskssl.so not being found, as it is not in the multiarch
lib directory.
This change does the minimally invasive thing and executes
ldconfig so that the libraries in the lib directory are found
and their location cached. By doing so Asterisk starts up fine.
ASTERISK-26705
Change-Id: I6d30b6427e9d5e69470e11327c7ff203fa7da519
The realtime framework allows for components to look up values using a
LIKE clause with similar syntax to SQL's. pbx_realtime uses this
functionality to search for pattern matching extensions that start with
an underscore (_).
When passing an underscore to SQL's LIKE clause, it will be interpreted
as a wildcard matching a single character and therefore needs to be
escaped. It is (for better or for worse) the responsibility of the
component that is querying realtime to escape it with a backslash before
passing it in. Some RDBMs support escape characters by default, but the
SQL92 standard explicitly says that there are no escape characters
unless they are specified with an ESCAPE clause, e.g.
SELECT * FROM table WHERE column LIKE '\_%' ESCAPE '\'
This patch instructs 3 backends - res_config_mysql, res_config_pgsql,
and res_config_sqlite3 - to use the ESCAPE clause where appropriate.
Looking through documentation and source tarballs, I was able to
determine that the ESCAPE clause is supported in:
MySQL 5.0.15 (released 2005-10-22 - earliest version available from
archives)
PostgreSQL 7.1 (released 2001-04-13)
SQLite 3.1.0 (released 2005-01-21)
The versions of the relevant libraries that we depend on to access MySQL
and PostgreSQL will not work on versions that old, and I've added an
explicit check in res_config_sqlite3 to only use the ESCAPE clause when
we have a sufficiently new version of SQLite3.
res_config_odbc already handles the escape characters appropriately, so
no changes were required there.
ASTERISK-15858 #close
Reported by: Humberto Figuera
ASTERISK-26057 #close
Reported by: Stepan
Change-Id: I93117fbb874189ae819f4a31222df7c82cd20efa
There were two specific issues resolved here:
1) The code that iterated over the required fields
(via ast_realtime_require) was broken for the RQ_INTEGER1 field
type. Iteration would stop when the first RQ_INTEGER1 (0) field
was encountered.
2) sqlite3_changes() was used to try and count the number of rows
returned by a SELECT statement. sqlite3_changes() only counts
affected rows, so this was always returning the value from the
most recent data modification statement. We now separate read-only
queries from data modification queries and count rows appropriately
in both cases.
ASTERISK-23457 #close
Reported by: Scott Griepentrog
Change-Id: I91ed20494efc3fcfbc2a96ac7646999a49814884
There is difference exists in behaviour of char type on x86 and ARM.
On x86 by default char variable type means signed char, but in ARM
unsigned char used. This make binary calculations and negative values
works wrong on ARM.
This patch change type of char variables used for store negative
values and binary calculations to signed char.
ASTERISK-26714
Change-Id: Id78716dee9568a58419d4ef63c038affc3dfc7ab
This patch fixes 2 original issues and more that those 2 exposed.
* When we send a NOTIFY, and the client either doesn't respond or
responds with a non OK, pjproject only calls our
pubsub_on_evsub_state callback, no others. Since
pubsub_on_evsub_state (which does the sub_tree cleanup) does not
expect to be called back without the other callbacks being called
first, it just returns leaving the sub_tree orphaned. Now
pubsub_on_evsub_state checks the event for PJSIP_EVENT_TSX_STATE
which is what pjproject will set to tell us that it was the
transaction that timed out or failed and not the subscription
itself timing our or being terminated by the client. If is
TSX_STATE, pubsub_on_evsub_state now does the proper cleanup
regardless of the state of the subscription.
* When a client renews a subscription, we don't update the
persisted subscription with the new expires timestamp. This causes
subscription_persistence_recreate to prune the subscription if/when
asterisk restarts. Now, pubsub_on_rx_refresh calls
subscription_persistence_update to apply the new expires timestamp.
This exposed other issues however...
* When creating a dialog from rdata (which sub_persistence_recreate
does from the packet buffer) there must NOT be a tag on the To
header (which there will be when a client refreshes a
subscription). If there is one, pjsip_dlg_create_uas will fail.
To address this, subscription_persistence_update now accepts a flag
that indicates that the original packet buffer must not be updated.
New subscribes don't set the flag and renews do. This makes sure
that when the rdata is recreated on asterisk startup, it's done
from the original subscribe packet which won't have the tag on To.
* When creating a dialog from rdata, we were setting the dialog's
remote (SUBSCRIBE) cseq to be the same as the local (NOTIFY) cseq.
When the client tried to resubscribe after a restart with the
correct cseq, we'd reject the request with an Invalid CSeq error.
* The acts of creating a dialog and evsub by themselves when
recreating a subscription does NOT restart pjproject's subscription
timer. The result was that even if we did correctly recreate the
subscription, we never removed it if the client happened to go away
or send a non-OK response to a NOTIFY. However, there is no
pjproject function exposed to just set the timer on an evsub that
wasn't created by an incoming subscribe request. To address this,
we create our own timer using ast_sip_schedule_task. This timer is
used only for re-establishing subscriptions after a restart.
An earlier approach was to add support for setting pjproject's
timer (via a pjproject patch) and while that patch is still included
here, we don't use that call at the moment.
While addressing these issues, additional debugging was added and
some existing messages made more useful. A few formatting changes
were also made to 'pjsip show scheduled tasks' to make displaying
the subscription timers a little more friendly.
ASTERISK-26696
ASTERISK-26756
Change-Id: I8c605fc1e3923f466a74db087d5ab6f90abce68e
pjsip limits the total number of ICE candidates to PJ_ICE_MAX_CAND,
which is a compile-time constant. Instead of hard-coding 16 when we
enumerate local interfaces, use PJ_ICE_MAX_CAND so that we can
potentially collect more interfaces if the compile time options are
changed.
Tangentially related to ASTERISK~24464
Change-Id: I1b85509e39e33b1fed63c86261fc229ba14bbabd
This change adds unit tests cover the following:
1. That retrieving the first media stream of a specific media
type from a stream topology retrieves the expected media
stream.
2. That setting the native formats of a channel which does
not support streams results in the creation of streams on
its behalf according to the formats of the channel.
3. That setting a stream topology on a channel which supports
streams sets the topology to the provided one.
ASTERISK-26790
Change-Id: Ic53176dd3e4532e8c3e97d9e22f8a4b66a2bb755
