I've audited all modules that include any header which includes
asterisk/optional_api.h. All modules which use OPTIONAL_API now declare
those dependencies in AST_MODULE_INFO using requires or optional_modules
as appropriate.
In addition ARI dependency declarations have been reworked. Instead of
declaring additional required modules in res/ari/resource_*.c we now add
them to an optional array "requiresModules" in api-docs for each module.
This allows the AST_MODULE_INFO dependencies to include those missing
modules.
Change-Id: Ia0c70571f5566784f63605e78e1ceccb4f79c606
The type=identify endpoint identification method can match by IP address
and by SIP header. However, the SIP header matching has limited
usefulness because you cannot specify the SIP header matching priority
relative to the IP address matching. All the matching happens at the same
priority and the order of evaluating the identify sections is
indeterminate. e.g., If you had two type=identify sections where one
matches by IP address for endpoint alice and the other matches by SIP
header for endpoint bob then you couldn't predict which endpoint is
matched when a request comes in that matches both.
* Extract the SIP header matching criteria into its own "header" endpoint
identification method so the user can specify the relative priority of the
SIP header and the IP address matching criteria in the global
endpoint_identifier_order option. The "ip" endpoint identification method
now only matches by IP address.
ASTERISK-27491
Change-Id: I9df142a575b7e1e3471b7cda5d3ea156cef08095
We did this for TCP transports already but I'm not sure why we
didn't do it for TLS transports.
ASTERISK_27474 #not_final_fix
Change-Id: I5b1ef4b882f7b859e718236686b7898751dbb262
* Extracted sip_endpoint_identifier_type2str() and
sip_endpoint_identifier_str2type() to simplify the calling functions.
* Fixed pjsip_configuration.c:ident_to_str() building the endpoint's
identify_by value string.
Change-Id: Ide876768a8d5d828b12052e2a75008b0563fc509
Those SIP messages that create dialogs require a contact header to be present.
If the contact header was missing from the message it could cause Asterisk to
crash.
This patch checks to make sure SIP messages that create a dialog contain the
contact header. If the message does not and it is required Asterisk now returns
a "400 Missing Contact header" response. Also added NULL checks when retrieving
the contact header that were missing as a "just in case".
ASTERISK-27480 #close
Change-Id: I1810db87683fc637a9e3e1384a746037fec20afe
Fix instances of:
* Retreive
* Recieve
* other then
* different then
* Repeated words ("the the", "an an", "and and", etc).
* othterwise, teh
ASTERISK-24198 #close
Change-Id: I3809a9c113b92fd9d0d9f9bac98e9c66dc8b2d31
Support for these protocols was added in the same commit as the 'proto'
field, so we can safely use the same ./configure check.
For reference: https://trac.pjsip.org/repos/changeset/4968
Change-Id: Icf4975d785d6bfb8f30ac7ffa695a0adf9382dac
A couple of places were setting the status to "UNKNOWN" when qualifies were
being disabled. Instead this should be set to the "CREATED" status that
represents when a contact is given (uri available), but the qualify frequency
is set to zero so we don't know the status.
This patch updates the relevant places with "CREATED". It also updates the
"CREATED" status description (value shown in CLI/AMI/ARI output) to a value
of "NonQualified"/"NonQual" as this description is hopefully less confusing.
ASTERISK-27467
Change-Id: Id67509d25df92a72eb3683720ad2a95a27b50c89
Use the new ast_cli_completion_add() function to improve completion
performance for commands like 'pjsip show endpoint.'
Change-Id: I76d802294d2ac1766110dc75f7d117c8541ce348
For both dynamic and static contacts it was possible that potential AOR
changes were not being applied to all contacts. This was because the qualify
and schedule code was only retrieving AOR's, and contacts with frequencies
greater than zero.
For instance the following could happen: and AOR/contact has a frequency of 5,
it then gets set to 0, and then a reload occurs. All scheduled OPTIONS are
stopped, a list of AOR's is retrieved with frequency > 0, but none are
selected since in this scenario all are 0. The contact for the one previously
set to 5 though does not get updated, so it's status remains "AVAILABLE".
This patch makes it so all contacts (static and dynamic) are selected, and
appropriately updated if need be.
ASTERISK-27467 #close
Change-Id: I7a920170f89c683af9505d4723a44fc6841decdb
Dynamic contacts were not being properly updated on reload. As a matter of
fact any changes to the AOR that a dynamic contact was associated with were
not being applied.
On reload, this patch makes it so for each dynamic contact, the associated
AOR is now retrieved and the AOR's fields are applied to the contact.
ASTERISK-27467
Change-Id: I8e3165dc6a745218c1c9db837f77fafa0516985d
The SuccessfulAuth using_password field was declared as a pointer to a
uint32_t when the field was later read as a uint32_t value. This resulted
in unnecessary casts and a non-portable field value reinterpret in
main/security_events.c:add_json_object(). i.e., It would work on a 32 bit
architecture but not on a 64 bit big endian architecture.
Change-Id: Ia08bc797613a62f07e5473425f9ccd8d77c80935
Mac doesn't like the comparison of -1 to an enum, so store the result of
ast_sip_str_to_dtmf to an int so we can check for the negative return
value. ast_sip_str_to_dtmf returns an int so this is only delaying the
implicit type cast.
Change-Id: I0c262c1719ee951aae1f437d733a301cf5f8ad29
Asterisk will crash if contact uri is invalid, so contact_apply_handler
should check if the uri is NULL or empty.
ASTERISK-27393 #close
Reported-by: Aaron An
Tested-by: AaronAn
Change-Id: Ia0309bdc6b697c73c9c736e1caec910b77ca69f5
When using realtime, fields that are not explicitly set by an
administrator are still presented to sorcery as empty strings. Handle
this case explicitly.
In this particular case, if any of these fields are required for TLS
support, their existence should be validated in the 'apply' handler once
we have a complete transport definition.
ASTERISK-27032 #close
Reported by: seanchann.zhou
Change-Id: Ie3b5fb421977ccdb33e415d4ec52c3fd192601b7
This mimics the behavior of Chrome and Firefox and creates an ephemeral
X.509 certificate for each DTLS session.
Currently, the only supported key type is ECDSA because of its faster
generation time, but other key types can be added in the future as
necessary.
ASTERISK-27395
Change-Id: I5122e5f4b83c6320cc17407a187fcf491daf30b4
Fixes a regression where some characters were unable to be used in
the from_user field of an endpoint. Additionally, the backtick was
removed from the list of valid characters, since it is not valid,
and it was replaced with a single quote, which is a valid character.
ASTERISK-27387
Change-Id: Id80c10a644508365c87b3182e99ea49da11b0281
When the identify_by option on an endpoint is set to ip it will
only be identified using the res_pjsip_endpoint_identifier_ip module.
This ensures that it is not mistakenly matched using the username of
the From header. To ensure behavior has not changed the default has
been changed to "username,ip" for the identify_by option.
ASTERISK-27206
Change-Id: I2170b86a7f7e221b4f00bf14aa1ef1ac5b050bbd
Do not manually call sip_endpoint_apply_handler from load_all_endpoints.
This is not necessary and causes memory leaks.
Additionally reinitialize persistent->aors when we reuse a persistent
object with a new endpoint.
ASTERISK-27306
Change-Id: I59bbfc8da8a14d5f4af8c5bb1e71f8592ae823eb
pjsip_distributor leaks references to fake_auth when the default realm
has not changed.
ASTERISK-27306
Change-Id: I3fcf103b3680ad2d1d4610dcd6738eeaebf4d202
This provides better information to REF_DEBUG log for troubleshooting
when the system is unable to unload res_pjsip.so during shutdown due to
module references.
ASTERISK-27306
Change-Id: I63197ad33d1aebe60d12e0a6561718bdc54e4612
res_pjsip and res_pjsip_session had circular references, preventing both
modules from shutting down.
* Move session supplement registration to res_pjsip.
* Use create internal functions for use by pjsip_message_filter.c.
ASTERISK-27306
Change-Id: Ifbd5c19ec848010111afeab2436f9699da06ba6b
The "res_pjsip: Filter out non SIP(S) requests" commit moved the
filtering of messages to pjproject's PJSIP_MOD_PRIORITY_TRANSPORT_LAYER
in order to filter out incoming bad uri schemes as early as possible.
Since the change affected outgoing messages as well and the TRANSPORT
layer is the last to be run on outgoing messages, we were overwriting
the setting of external_signaling_address (which is set earlier by
res_pjsip_nat) with an internal address.
* pjsip_message_filter now registers itself as a pjproject module
twice. Once in the TSX layer for the outgoing messages (as it was
originally), then a second time in the TRANSPORT layer for the
incoming messages to catch the invalid uri schemes.
ASTERISK-27295
Reported by: Sean Bright
Change-Id: I2c90190c43370f8a9d1c4693a19fd65840689c8c
If using a legitimate certificate from a trusted certificate authority,
you don't need to provide CA file.
Change-Id: I8623973b4209b44889243716d7880274caed8a6d
Incoming requests with non sip(s) URIs in the Request, To, From
or Contact URIs are now rejected with
PJSIP_SC_UNSUPPORTED_URI_SCHEME (416). This is performed in
pjsip_message_filter (formerly pjsip_message_ip_updater) and is
done at pjproject's "TRANSPORT" layer before a request can even
reach the distributor.
URIs read by res_pjsip_outbound_publish from pjsip.conf are now
also checked for both length and sip(s) scheme. Those URIs read
by outbound registration and aor were already being checked for
scheme but their error messages needed to be updated to include
scheme failure as well as length failure.
Change-Id: Ibb2f9f1d2dc7549da562af4cbd9156c44ffdd460
A new endpoint parameter "incoming_mwi_mailbox" allows Asterisk to
receive unsolicited MWI NOTIFY requests and make them available to
other modules via the stasis message bus.
res_pjsip_pubsub has a new handler "pubsub_on_rx_mwi_notify_request"
that parses a simple-message-summary body and, if
endpoint->incoming_mwi_account is set, calls ast_publish_mwi_state
with the voice-message counts from the message.
Change-Id: I08bae3d16e77af48fcccc2c936acce8fc0ef0f3c
In 2dee95cc (ASTERISK-27024) and 776ffd77 (ASTERISK-26879) there was
confusion about whether the transport_state->localnet ACL has ALLOW or
DENY semantics.
For the record: the localnet has DENY semantics, meaning that "not in
the list" means ALLOW, and the local nets are in the list.
Therefore, checks like this look wrong, but are right:
/* See if where we are sending this request is local or not, and if
not that we can get a Contact URI to modify */
if (ast_apply_ha(transport_state->localnet, &addr) != AST_SENSE_ALLOW) {
ast_debug(5, "Request is being sent to local address, "
"skipping NAT manipulation\n");
(In the list == localnet == DENY == skip NAT manipulation.)
And conversely, other checks that looked right, were wrong.
This change adds two macro's to reduce the confusion and uses those
instead:
ast_sip_transport_is_nonlocal(transport_state, addr)
ast_sip_transport_is_local(transport_state, addr)
ASTERISK-27248 #close
Change-Id: Ie7767519eb5a822c4848e531a53c0fd054fae934
sanitize_tdata was assuming all URIs were SIP URIs so when a non
SIP uri was in the From, To or Contact headers, the unconditional
cast of a non-pjsip_sip_uri structure to pjsip_sip_uri caused
a segfault when trying to access uri->other_param.
* Added PJSIP_URI_SCHEME_IS_SIP(uri) || PJSIP_URI_SCHEME_IS_SIPS(uri)
checks before attempting to cast or use the returned uri.
ASTERISK-27152
Reported-by: Ross Beer
Change-Id: Id380df790e6622c8058a96035f8b8f4aa0b8551f
* Check that the contact's reg_server matches the host's name before
deleting any prune_on_boot contacts. We don't want to delete reliable
transport contacts made with other servers if the ps_contacts database
table is shared with other servers.
Thanks to Ross Beer for pointing out that the original prune logic would
delete reliable transport contacts from other servers.
ASTERISK-27147
Change-Id: I8e439d0d1c266ffdfd7b73d1e5e466180a689bd0
The fix for the issue is broken up into three parts.
This is part two which handles the server side of REGISTER requests when
rewrite_contact is enabled. Any registered reliable transport contact
becomes invalid when the transport connection becomes disconnected.
* Monitor the rewrite_contact's reliable transport REGISTER contact for
shutdown. If it is shutdown then the contact must be removed because it
is no longer valid. Otherwise, when the client attempts to re-REGISTER it
may be blocked because the invalid contact is there. Also if we try to
send a call to the endpoint using the invalid contact then the endpoint is
not likely to see the request. The endpoint either won't be listening on
that port for new connections or a NAT/firewall will block it.
* Prune any rewrite_contact's registered reliable transport contacts on
boot. The reliable transport no longer exists so the contact is invalid.
* Websockets always rewrite the REGISTER contact address and the transport
needs to be monitored for shutdown.
* Made the websocket transport set a unique name since that is what we use
as the ao2 container key. Otherwise, we would not know which transport we
find when one of them shuts down. The names are also used for PJPROJECT
debug logging.
* Made the websocket transport post the PJSIP_TP_STATE_CONNECTED state
event. Now the global keep_alive_interval option, initially idle shutdown
timer, and the server REGISTER contact monitor can work on wetsocket
transports.
* Made the websocket transport set the PJSIP_TP_DIR_INCOMING direction.
Now initially idle websockets will automatically shutdown.
ASTERISK-27147
Change-Id: I397a5e7d18476830f7ffe1726adf9ee6c15964f4
The fix for the issue is broken up into three parts.
This is part one which refactors the transport state monitor code to allow
more modules to be able to monitor transports.
* Pull the management of PJPROJECT's transport state callback code from
res_pjsip_transport_management.c into res_pjsip. Now other modules can
dynamically add and remove themselves from transport monitoring without
worrying about breaking PJPROJECT's callback chain.
* Add the ability for other modules to get a callback whenever a specific
transport is shutdown.
ASTERISK-27147
Change-Id: I7d9a31371eb1487c9b7050cf82a9af5180a57912
Corey Farrell
Richard Mudgett
George Joseph
Joshua Colp
Sungtae Kim
Kevin Harwell
Sean Bright
Jenkins2
Aaron An
Ben Ford
Walter Doekes