If an AMI user without the "system" authorization calls the
Originate AMI command with the Originate application,
the second Originate could run the "System" command.
Action: Originate
Channel: Local/1111
Application: Originate
Data: Local/2222,app,System,touch /tmp/owned
If the "system" authorization isn't set, we now block the
Originate app as well as the System, Exec, etc. apps.
ASTERISK-28580
Reported by: Eliel Sardañons
Change-Id: Ic4c9dedc34c426f03c8c14fce334a71386d8a5fa
This patch fixes several issues reported by the lgtm code analysis tool:
https://lgtm.com/projects/g/asterisk/asterisk
Not all reported issues were addressed in this patch. This patch mostly fixes
confirmed reported errors, potential problematic code points, and a few other
"low hanging" warnings or recommendations found in core supported modules.
These include, but are not limited to the following:
* innapropriate stack allocation in loops
* buffer overflows
* variable declaration "hiding" another variable declaration
* comparisons results that are always the same
* ambiguously signed bit-field members
* missing header guards
Change-Id: Id4a881686605d26c94ab5409bc70fcc21efacc25
The functions that build manager message headers do so in a way that
results in a single messages being split across multiple packets. While
this doesn't matter to the remote end, it makes network captures noisier
and harder to follow, and also means additional system calls.
With this patch, we build up more of the message content into the TLS
buffer before flushing to the network. This change is completely
internal to the manager code and does not affect any of the existing
API's consumers.
Change-Id: I50128b0769060ca5272dbbb5e60242d131eaddf9
When manager debugging is turned on, this patch makes it so incoming AMI actions
are now also logged.
Change-Id: I8047524510e7ac97d99482b2448f8e368f29cd47
There is enough MWI functionality to warrant it having its own 'c' and header
files. This patch moves all current core MWI data structures, and functions
into the following files:
main/mwi.h
main/mwi.c
Note, code was simply moved, and not modified. However, this patch is also in
preparation for core MWI changes, and additions to come.
Change-Id: I9dde8bfae1e7ec254fa63166e090f77e4d3097e0
When notifying a manager session that new events were available
the same lock was used that was also held when doing things within
the session (such as sending events out). If the manager session
blocked for a period of time this would cause a back up of messages
in Stasis and would also block any other sessions from receiving
events.
This change adds a separate lock to the manager session which is
strictly used for notifying it that new events are available.
ASTERISK-28350
Change-Id: Ifbcac007faca9ad0231640f5e82a6ca9228f261b
Topic names now follow: <subsystem>:<functionality>[/<object>]
This ensures that they are all unique, and also provides better
insight in to what each topic is for.
Subscriber ids now also use the main topic name they are
subscribed to and an incrementing integer as their identifier to
make it easier to understand what the subscription is primarily
responsible for.
Both the CLI commands for listing topic and subscription statistics
now sort to make it a bit easier to see what is going on.
Subscriptions will now show all topics that they are receiving messages
from, not just the main topic they were subscribed to.
ASTERISK-28335
Change-Id: I484e971a38c3640f2bd156282e532eed84bf220d
Previously both AMI and ARI used a default route on
their stasis message router to handle some of the
messages for publishing out their respective
connection. This caused messages to be given to
their subscription that could not be formatted
into AMI or JSON.
This change adds an API call to the stasis message
router which allows a default route to be set as well
as formatters that the default route is expecting.
This allows both AMI and ARI to specify that their
default route only wants messages of their given
formatter. By doing so stasis can more intelligently
filter at publishing time so that they do not receive
messages which will not be turned into AMI or JSON.
ASTERISK-28244
Change-Id: I65272819a53ce99f869181d1d370da559a7d1703
When a channel snapshot was created it used to be done
from scratch, copying all data (many strings). This incurs
a cost when doing so.
This change segments the channel snapshot into different
components which can be reused if unchanged from the
previous snapshot creation, reducing the cost. In normal
cases this results in some pointers being copied with
reference count being bumped, some integers being set,
and a string or two copied. The other benefit is that it
is now possible to determine if a channel snapshot update
is redundant and thus stop it before a message is published
to stasis.
The specific segments in the channel snapshot were split up
based on whether they are changed together, how often they
are changed, and their general grouping. In practice only
1 (or 0) of the segments actually get changed in normal
operation.
Invalidation is done by setting a flag on the channel when
the segment source is changed, forcing creation of a new
segment when the channel snapshot is created.
ASTERISK-28119
Change-Id: I5d7ef3df963a88ac47bc187d73c5225c315f8423
Channels no longer use the Stasis cache for channel snapshots. Instead
they are stored in a hash table in stasis_channels which reduces the
number of Stasis messages created and allows better storage.
As a result the following APIs are no longer available since the stasis
cache is no longer used:
ast_channel_topic_cached()
ast_channel_topic_all_cached()
The ast_channel_cache_all() and ast_channel_cache_by_name() functions
now return an ao2_container of ast_channel_snapshots rather than
a container of stasis_messages therefore you can't (and don't need
to) call stasis_cache functions on it.
The ast_channel_topic_all() function now returns a normal topic not
a cached one so you can't use stasis cache functions on it either.
The ast_channel_snapshot_type() stasis message now has the
ast_channel_snapshot_update structure as it's data. It contains the
last snapshot and the new one.
ast_channel_snapshot_get_latest() still returns the latest snapshot.
The latest snapshot is now stored on the channel itself to eliminate
cache hits when Stasis messages that have the snapshot as a payload
are created.
ASTERISK-28102
Change-Id: I9334febff60a82d7c39703e49059fa3a68825786
Replace usage of ao2_container_alloc with ao2_container_alloc_hash or
ao2_container_alloc_list. Remove ao2_container_alloc macro.
Change-Id: I0907d78bc66efc775672df37c8faad00f2f6c088
This change adds the ability for subscriptions to indicate
which message types they are interested in accepting. By
doing so the filtering is done before being dispatched
to the subscriber, reducing the amount of work that has
to be done.
This is optional and if a subscriber does not add
message types they wish to accept and set the subscription
to selective filtering the previous behavior is preserved
and they receive all messages.
There is also the ability to explicitly force the reception
of all messages for cases such as AMI or ARI where a large
number of messages are expected that are then generically
converted into a different format.
ASTERISK-28103
Change-Id: I99bee23895baa0a117985d51683f7963b77aa190
All HTTP/AMI message headers are being sent to the verbose channel.
There are multiple places this is happening. Consolidate the loop into
a function. Drop the debug/verbose message.
Convert to using ast_asprintf to perform the length calculation, memory
allocation and snprintf all in one step.
Change-Id: Ic45e673fde05bd544be95ad5cdbc69518207c1a1
With the new module loader it was missed that built-in modules never
parsed dependencies from mod->info into vectors of mod. This caused
manager to be initialized before acl (named_acl). If manager.conf
used any named ACL's they would not be found and result in no ACL being
applied to the AMI user.
In addition to the manager ACL fix this adds "extconfig" to all builtin
modules which support realtime configuration. This only matters if one
of the builtin modules is configured with 'preload', depending on
"extconfig" will cause config.c to automatically be initialize during
the preload stage.
Change-Id: I482ed6bca6c1064b05bb538d7861cd7a4f02d9fc
The AMI action was directly sending the text to the channel driver.
However, this makes two threads attempt to handle media and runs afowl of
CHECK_BLOCKING.
* Queue a read action to make the channel's media handling thread actually
send the text message. This changes the AMI actions success/fail response
to just mean the text was queued to be sent not that the text actually got
sent. The channel driver may not even support sending text messages.
ASTERISK-27943
Change-Id: I9dce343d8fa634ba5a416a1326d8a6340f98c379
This fixes build warnings found by GCC 8. In some cases format
truncation is intentional so the warning is just suppressed.
ASTERISK-27824 #close
Change-Id: I724f146cbddba8b86619d4c4a9931ee877995c84
Due to a fixed size buffer the digest authentication could be
incorrectly calculated if a large URI was provided, causing
authentication failure. The buffer is now dynamically allocated to allow
any size URI within the normal limits of the HTTP request size.
ASTERISK-27841
Change-Id: I660609db13b8f9e5f9567f339dd804f4985d41b3
* acl (named_acl.c)
* cdr
* cel
* ccss
* dnsmgr
* dsp
* enum
* extconfig (config.c)
* features
* http
* indications
* logger
* manager
* plc
* sounds
* udptl
These modules are now loaded at appropriate time by the module loader.
Unlike loadable modules these use AST_MODULE_LOAD_FAILURE on error so
the module loader will abort startup on failure of these modules.
Some of these modules are still initialized or shutdown from outside the
module loader. logger.c is initialized very early and shutdown very
late, manager.c is initialized by the module loader but is shutdown by
the Asterisk core (too much uses it without holding references).
Change-Id: I371a9a45064f20026c492623ea8062d02a1ab97f
* Changed to create ami_event string only when the given blob is not
json_null().
* Fixed bad expression.
ASTERISK-27621
Change-Id: Ice58c16361f9d9e8648261c9ed5d6c8245fb0d8f
ast_str_append_event_header() could potentially leak and corrupt memory if
the ast_str needed to expand to add the AMI event header.
* Fixed to return error if the ast_str_append() failed.
Change-Id: I92f36b855540743b208d76e274152ee2d758176d
This function returns NULL if the module in question is not running. I
did not change ast_module_ref as most callers do not check the result
and they always call ast_module_unref.
Make use of this function when running registered items from:
* app_stack API's
* bridge technologies
* CLI commands
* File formats
* Manager Actions
* RTP engines
* Sorcery Wizards
* Timing Interfaces
* Translators
* AGI Commands
* Fax Technologies
ASTERISK-20346 #close
Change-Id: Ia16fd28e188b2fc0b9d18b8a5d9cacc31df73fcc
The AMI Status event had linkedid listed twice and was missing the
effective connected line name and number headers.
NOTE: The linkedid and other standard channel snapshot fields in the XML
documentation are part of the <channel_snapshot/> XML template defined in
doc/appdocsxml.xslt.
Change-Id: I004c4c4f9e7b40ef55035c831702721bec82496c
* listen uses the variable `s` for the result from ast_poll() then
overwrites it with the result of accept(). Create a separate variable
poll_result to avoid confusion since ast_poll does not return a file
descriptor.
* Resolve fd leak that would occur if setsockopt failed in listen.
* Reserve an extra byte while processing completion results from remote
daemon. This fixes a bug where completion processing used strstr() on
a string that was not '\0' terminated. This was no risk to the Asterisk
daemon, the bug was only reachable the remote console process.
* Resolve leak in handle_showchan when the channel is not found.
* Multiple leaks and a deadlock in pbx_config CLI completion.
* Fix leaks in "manager show command".
Change-Id: I8f633ceb1714867ae30ef4e421858f77c14485a9
The configure option to disable XML documentation does not currently
work. This patch makes it effective, but also causes an ABI change by
removing the ast_xmldoc_* symbols. Disabling xmldoc also prevents docs
from being automatically generated, but they can still be manually
generated with 'make doc/core-en_US.xml'.
ASTERISK-26639
Change-Id: Ifac562340c09f80c83e0203de098fcac93bf8c44
When the iostream code went in it introduced a conditional that made it so the
hook event was not being raised even if a hook is present. This patch adds a
check to see if a hook is present in astman_append. If so then call into the
send_string function, which in turn raises the even for specified hook.
Also updated the ami hooks unit test, so the test could be automated.
ASTERISK-27200 #close
Change-Id: Iff37f02f9708195d8f23e68f959d6eab720e1e36
GCC 7 has added capability to produce warnings, this fixes most of those
warnings. The specific warnings are disabled in a few places:
* app_voicemail.c: truncation of paths more than 4096 chars in many places.
* chan_mgcp.c: callid truncated to 80 chars.
* cdr.c: two userfields are combined to cdr copy, fix would break ABI.
* tcptls.c: ignore use of deprecated method SSLv3_client_method().
ASTERISK-27156 #close
Change-Id: I65f280e7d3cfad279d16f41823a4d6fddcbc4c88
During the channel flag audit an incorrect change was
done. The flag should be cleared on the second channel.
ASTERISK-26469
Change-Id: I770c5a389550a2fb5a6ade942fccbb2e1d9199c8
When manipulating flags on a channel the channel has to be
locked to guarantee that nothing else is also manipulating
the flags. This change introduces locking where necessary to
guarantee this. It also adds helper functions that manipulate
channel flags and lock to reduce repeated code.
ASTERISK-26789
Change-Id: I489280662dba0f4c50981bfc5b5a7073fef2db10
It is possible to initialize a valid config without a capath
or cafile definition. This will cause a crash on a reload.
This fix ensures capath is always allocated.
ASTERISK-26983 #close
Change-Id: I63ff715d9d9023427543a5b8a4ba7b0d82533c12
POSIX does not require getprotobyname() to be thread safe and some
implementations use static memory which causes issues when multiple
threads are used.
Further, our usage of it today is just to ultimately get IPPROTO_TCP
for calls to setsockopt(). So instead we just use IPPROTO_TCP directly.
Change-Id: I2e14e58674808f7ce99b2f5e900d0f90d0d8da48
* manager.c:manager_state_cb() Fix potential use of uninitialized hint[]
if a hint does not exist for the requested extension. Ran into this when
developing a testsuite test. The AMI event ExtensionStatus came out with
the hint header value containing garbage. The AMI event PresenceStatus
also had the same issue.
* manager.c:action_extensionstate() no need to completely initialize the
hint[]. Only initialize the first element.
* pbx.c:ast_add_hint() Remove unnecessary assignment.
* chan_sip.c: Eliminate an unneeded hint[] local variable. We only care
about the return value of ast_get_hint() there.
Change-Id: Ia9a8786f01f93f1f917200f0a50bead0319af97b
When AMI encounters an error at the beginning of a session, it would
explicitly call ast_iostream_close() on its tcptls session's iostream.
It then would jump to a label where it would shut down the tcptls
session instance. The tcptls session instance would again attempt to
close the iostream.
Under normal circumstances, this might go by unnoticed. However, when
MALLOC_DEBUG is enabled, all fields on the iostream get set to
0xdeaddead when the iostream is freed. Thus a second call to
ast_iostream_close() after the iostream has been freed would reslt in an
attempt to call SSL_shutdown on 0xdeaddead, which would crash and burn
horribly.
The fix here is to not directly close the iostream from the dangerous
scenarios. The specific scenarios are:
* Exceeding the configured authlimit
* Failing to build a mansession on a new connection
Change-Id: I908f98d516afd5a263bd36b072221008a4731acd
In Asterisk 11, if the 'Originate' AMI command failed to connect the provided
Channel while in extension mode, a 'failed' extension would be looked up and
run. This was, I believe, unintentionally removed in 51b6c49. This patch
restores that behavior.
This also adds an enum for the various 'synchronous' modes in an attempt to
make them meaningful.
ASTERISK-26115 #close
Reported by: Nasir Iqbal
Change-Id: I8afbd06725e99610e02adb529137d4800c05345d
The escalator works by creating a set of startup commands in cli.conf
that set up logger channels and issue the debug commands for the
subsystems specified. If asterisk is running when it is executed,
the same commands will be issued to the running instance. The original
cli.conf is saved before any changes are made and can be restored by
executing '$prog --reset'.
The log output will be stored in...
$astlogdir/message.$uniqueid
$astlogdir/debug.$uniqueid
$astlogdir/dtmf.$uniqueid
$astlogdir/fax.$uniqueid
$astlogdir/security.$uniqueid
$astlogdir/pjsip_history.$uniqueid
$astlogdir/sip_history.$uniqueid
Some minor tweaks were made to chan_sip, and res_pjsip_history
so their history output could be send to a log channel as packets
are captured.
A minor tweak was also made to manager so events are output to verbose
when "manager set debug on" is issued.
Change-Id: I799f8e5013b86dc5282961b27383d134bf09e543
fopencookie/funclose is a non-standard API and should not be used
in portable software. Additionally, the way FILE's fd is used in
non-blocking mode is undefined behaviour and cannot be relied on.
This introduces internal abstraction for io streams, that allows
implementing the desired virtualization of read/write operations
with necessary timeout handling.
ASTERISK-24515 #close
ASTERISK-24517 #close
Change-Id: Id916aef418b665ced6a7489aef74908b6e376e85
ASTERISK_REGISTER_FILE no longer has any purpose so this commit removes
all traces of it.
Previously exported symbols removed:
* __ast_register_file
* __ast_unregister_file
* ast_complete_source_filename
This also removes the mtx_prof static variable that was declared when
MTX_PROFILE was enabled. This variable was only used in lock.c so it
is now initialized in that file only.
ASTERISK-26480 #close
Change-Id: I1074af07d71f9e159c48ef36631aa432c86f9966
Stasis subscriptions and message routers create taskprocessors to process
the event messages. API calls are needed to be able to set the congestion
levels of these taskprocessors for selected subscriptions and message
routers.
* Updated CDR, CEL, and manager's stasis subscription congestion levels
based upon stress testing. Increased the congestion levels to reduce the
potential for bursty call setup/teardown activity from triggering the
taskprocessor overload alert. CDRs in particular need an extra high
congestion level because they can take awhile to process the stasis
messages.
ASTERISK-26088
Reported by: Richard Mudgett
Change-Id: Id0a716394b4eee746dd158acc63d703902450244
George Joseph
Kevin Harwell
Sean Bright
Joshua Colp
Corey Farrell
Jaco Kroon
Richard Mudgett
Jenkins2
Sungtae Kim
Thomas Sevestre
Joshua Elson
Mark Michelson
Timo Teräs
zuul
Matt Jordan
Niklas Larsson