The Asterisk strategy of loading modules with RTLD_LAZY to extract metadata
from the module works well enough, until you try to take the address of a
function.
If a module takes the address of a function, that function needs to be
resolved at load time. That kinda defeats RTLD_LAZY.
This patch adds some ari_validator_{id}_fn() wrapper functions for safely
getting the function pointer from a different module.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@393576 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch is the first step in adding recording support to the
Asterisk REST Interface.
Recordings are stored in /var/spool/recording. Since recordings may be
destructive (overwriting existing files), the API rejects attempts to
escape the recording directory (avoiding issues if someone attempts to
record to ../../lib/sounds/greeting, for example).
(closes issue ASTERISK-21594)
(closes issue ASTERISK-21581)
Review: https://reviewboard.asterisk.org/r/2612/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@393550 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch adds authentication support to ARI.
Two authentication methods are supported. The first is HTTP Basic
authentication, as specified in RFC 2617[1]. The second is by simply
passing the username and password as an ?api_key query parameter
(which allows swagger-ui[2] to authenticate more easily).
ARI usernames and passwords are configured in the ari.conf file
(formerly known as stasis_http.conf). The user may be set to
`read_only`, which will prohibit the user from issuing POST, DELETE,
etc. Also, the user's password may be specified in either plaintext,
or encrypted using the crypt() function.
Several other notes about the patch.
* A few command line commands for seeing ARI config and status were
also added.
* The configuration parsing grew big enough that I extracted it to
its own file.
[1]: http://www.ietf.org/rfc/rfc2617.txt [2]:
https://github.com/wordnik/swagger-ui
(closes issue ASTERISK-21277)
Review: https://reviewboard.asterisk.org/r/2649/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@393530 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch started with the simple idea of changing the /events data
model to be more sane. The original model would send out events like:
{ "stasis_start": { "args": [], "channel": { ... } } }
The event discriminator was the field name instead of being a value in
the object, due to limitations in how Swagger 1.1 could model objects.
While technically sufficient in communicating event information, it was
really difficult to deal with in terms of client side JSON handling.
This patch takes advantage of a proposed extension[1] to Swagger which
allows type variance through the use of a discriminator field. This had
a domino effect that made this a surprisingly large patch.
[1]: https://groups.google.com/d/msg/wordnik-api/EC3rGajE0os/ey_5dBI_jWcJ
In changing the models, I also had to change the swagger_model.py
processor so it can handle the type discriminator and subtyping. I took
that a big step forward, and using that information to generate an
ari_model module, which can validate a JSON object against the Swagger
model.
The REST and WebSocket generators were changed to take advantage of the
validators. If compiled with AST_DEVMODE enabled, JSON objects that
don't match their corresponding models will not be sent out. For REST
API calls, a 500 Internal Server response is sent. For WebSockets, the
invalid JSON message is replaced with an error message.
Since this took over about half of the job of the existing JSON
generators, and the .to_json virtual function on messages took over the
other half, I reluctantly removed the generators.
The validators turned up all sorts of errors and inconsistencies in our
data models, and the code. These were cleaned up, with checks in the
code generator avoid some of the consistency problems in the future.
* The model for a channel snapshot was trimmed down to match the
information sent via AMI. Many of the field being sent were not
useful in the general case.
* The model for a bridge snapshot was updated to be more consistent
with the other ARI models.
Another impact of introducing subtyping was that the swagger-codegen
documentation generator was insufficient (at least until it catches up
with Swagger 1.2). I wanted it to be easier to generate docs for the API
anyways, so I ported the wiki pages to use the Asterisk Swagger
generator. In the process, I was able to clean up many of the model
links, which would occasionally give inconsistent results on the wiki. I
also added error responses to the wiki docs, making the wiki
documentation more complete.
Finally, since Stasis-HTTP will now be named Asterisk REST Interface
(ARI), any new functions and files I created carry the ari_ prefix. I
changed a few stasis_http references to ari where it was non-intrusive
and made sense.
(closes issue ASTERISK-21885)
Review: https://reviewboard.asterisk.org/r/2639/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@393529 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch moves the RESTful URL's around to more appropriate
locations for release.
The /stasis URL's are moved to /ari, since Asterisk REST Interface was
a more appropriate name than Stasis-HTTP. (Most of the code still has
stasis_http references, but they will be cleaned up after there are no
more outstanding branches that would have merge conflicts with such a
change).
A larger change was moving the ARI events WebSocket off of the shared
/ws URL to its permanent home on /ari/events. The Swagger code
generator was extended to handle "upgrade: websocket" and
"websocketProtocol:" attributes on an operation.
The WebSocket module was modified to better handle WebSocket servers
that have a single registered protocol handler. If a client
connections does not specify the Sec-WebSocket-Protocol header, and
the server has a single protocol handler registered, the WebSocket
server will go ahead and accept the client for that subprotocol.
(closes issue ASTERISK-21857)
Review: https://reviewboard.asterisk.org/r/2621/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@393528 65c4cc65-6c06-0410-ace0-fbb531ad65f3
If no matching endpoint is found for the incoming request Asterisk will respond
with a 401 Unauthorized (rejecting the request), but will first challenge if
no authorization creditials are given.
Changes also included moving ACL options into a new global 'security'
configuration section in res_sip.conf.
(closes issue ASTERISK-21433)
Reported by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/2554/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@393442 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Added the ability to send unsolicited NOTIFY requests to a particular endpoint
with a configured payload. Added both CLI and AMI support. For a given
endpoint, this module will iterate over all its contacts sending the appropriate
NOTIFY request to each.
(closes issue ASTERISK-21436)
Reported by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/2623/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@393364 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Apparently the pluralization of an acronym does not use an apostophe,
according to most modern style guides. I feel like I've been living a
lie this whole time.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@393100 65c4cc65-6c06-0410-ace0-fbb531ad65f3
There were some problems redirecting RESTful API requests; notably the client
would change the request method to GET on the redirected requests. After some
looking into, I decided that a 404 would be simpler and have more consistent
behavior.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@393083 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch fixes the following memory leaks:
* http.c: The structure containing the addresses to bind to was not being
deallocated when no longer used
* named_acl.c: The global configuration information was not disposed of
* config_options.c: An invalid read was occurring for certain option types.
* res_calendar.c: The loaded calendars on module unload were not being
properly disposed of.
* chan_motif.c: The format capabilities needed to be disposed of on module
unload. In addition, this now specifies the default options for the
maxpayloads and maxicecandidates in such a way that it doesn't cause the
invalid read in config_options.c to occur.
(issue ASTERISK-21906)
Reported by: John Hardin
patches:
http.patch uploaded by jhardin (license 6512)
named_acl.patch uploaded by jhardin (license 6512)
config_options.patch uploaded by jhardin (license 6512)
res_calendar.patch uploaded by jhardin (license 6512)
chan_motif.patch uploaded by jhardin (license 6512)
........
Merged revisions 392810 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@392812 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch addresses the following memory/ref counting leaks:
* main/devicestate.c - unsubscribe and join our devicestate message
subscription
* main/cel.c - clean up the datastore and config objects on exist
* main/parking.c - cleanup memory leak of retriever snapshot on message
payload destruction
* res/parking/parking_bridge.c - cleanup memory leak of retrieve snapshot
on message payload destruction
* main/presencestate.c - unsubscribe and join the caching topic on exit
* manager.c - properly unregister the manager action "BlindTransfer"
* sorcery.c - shutdown the threadpool on exit and dispose of any wizards
(issue ASTERISK-21906)
Reported by: John Hardin
patches:
cel.patch uploaded by jhardin (license #6512)
devicestate.patch uploaded by jhardin (license #6512)
manager.patch uploaded by jardin (license #6512)
presencestate.patch uploaded by jhardin (license #6512)
retriever-channel-snapshot.patch uploaded by jhardin (license #6512)
sorcery.patch uploaded by jhardin (license #6512)
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@392797 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The menuselect parser is very simple. It looks for AST_MODULE_INFO and
uses any quoted string on that line as the module summary display.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@392777 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This adds support for stasis/sounds and stasis/sounds/{ID} queries via
the Asterisk RESTful Interface (ARI, formerly Stasis-HTTP).
The following changes have been made to accomplish this:
* A modular indexer was created for local media.
* A new function to get an ast_format associated with a file extension
was added.
* Modifications were made to the built-in HTTP server so that URI
decoding could be deferred to the URI handler when necessary.
* The Stasis-HTTP sounds JSON documentation was modified to handle
cases where multiple languages are installed in different formats.
* Register and Unregister events for formats were added to the system
topic.
(closes issue ASTERISK-21584)
(closes issue ASTERISK-21585)
Review: https://reviewboard.asterisk.org/r/2507/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@392700 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch properly packs the parameters into the send fax message so that it
actually work.
Missing a ',' between two string fields can be difficult to debug, particularly
when the actual packing succeeds. Interestingly enough, this didn't actually
crash until the JSON blob we deref'd and disposed of. Since that happened in
a different thread, it was pretty tough to track down.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@392676 65c4cc65-6c06-0410-ace0-fbb531ad65f3
By the time something extracts the pointers from ast_json_pack, the channels
will already be disposed of. This patch properly pulls the information out of
the variables and packs them into the JSON blob.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@392607 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Sorcery specific object information is now opaque and allocated with the object.
This means that modules do not need to be recompiled if the sorcery specific part
is changed. It also means that sorcery can store additional information on objects
and ensure it is freed or the reference count decreased when the object goes away.
To facilitate the above a generic sorcery allocator function has been added which
also ensures that allocated objects do not have a lock.
Extended fields have been added thanks to all of the above which allows specific fields
to be marked as extended, and thus simply stored as-is within the object. Type safety
is *NOT* enforced on these fields. A consumer of them has to query and ultimately perform
their own safety check. What does this mean? Extra modules can extend already defined
structures without having to modify them.
Tests have also been included to verify extended field functionality.
Review: https://reviewboard.asterisk.org/r/2585/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@392586 65c4cc65-6c06-0410-ace0-fbb531ad65f3
1. Security events
2. Websocket support
3. Diversion header + redirecting support
4. An anonymous endpoint identifier
5. Inbound extension state subscription support
6. PIDF notify generation
7. One touch recording support (special thanks Sean Bright!)
8. Blind and attended transfer support
9. Automatic inbound registration expiration
10. SRTP support
11. Media offer control dialplan function
12. Connected line support
13. SendText() support
14. Qualify support
15. Inband DTMF detection
16. Call and pickup groups
17. Messaging support
Thanks everyone!
Side note: I'm reminded of the song "How Far We've Come" by Matchbox Twenty.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@392565 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch fixes two bugs.
(1) It unlocks the channel in the framehook handlers before attempting to grab
the peer from the bridge. The locking order for the bridging framework is
bridge first, then channel - having the channel locked while attempting to
obtain the bridge lock causes a locking inversion and a deadlock. This
patch bumps the channel ref count prior to releasing the lock in the
framehook to avoid lifetime issues.
Note that this does expose a subtle problem in framehooks; that is,
something could modify the framehook list while we are executing, causing
issues in the framehook list traversal that the callback executes in.
Fixing this is a much larger problem that is beyond the scope of this
patch - (a) we already unlock the channel in this particular framehook
and we haven't run into a problem yet (as modifying the framehook list
when a channel is about to perform a fax gateway would be a very odd
operation) and (b) migrating to an ao2 container of framehooks would be
more invasive at this point. See the referenced ASTERISK issue for more
information.
(2) Directly packing channel variables into a JSON object turned out to be
unsafe. A condition existed where the strings in the JSON blob were no
longer safe to be accessed if the channel object itself was disposed of.
(issue ASTERISK-21951)
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@392564 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch is the initial push to update Asterisk's CDR engine for the new
bridging framework. This patch guts the existing CDR engine and builds the new
on top of messages coming across Stasis. As changes in channel state and bridge
state are detected, CDRs are built and dispatched accordingly. This
fundamentally changes CDRs in a few ways.
(1) CDRs are now *very* reflective of the actual state of channels and bridges.
This means CDRs track well with what an actual channel is doing - which
is useful in transfer scenarios (which were previously difficult to pin
down). It does, however, mean that CDRs cannot be 'fooled'. Previous
behavior in Asterisk allowed for CDR applications, channels, and other
properties to be spoofed in parts of the code - this no longer works.
(2) CDRs have defined behavior in multi-party scenarios. This behavior will not
be what everyone wants, but it is a defined behavior and as such, it is
predictable.
(3) The CDR manipulation functions and applications have been overhauled. Major
changes have been made to ResetCDR and ForkCDR in particular. Many of the
options for these two applications no longer made any sense with the new
framework and the (slightly) more immutable nature of CDRs.
There are a plethora of other changes. For a full description of CDR behavior,
see the CDR specification on the Asterisk wiki.
(closes issue ASTERISK-21196)
Review: https://reviewboard.asterisk.org/r/2486/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@391947 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This can happen when a REGISTER request is removing a contact.
(closes issue ASTERISK-21911)
Reported by: mdavenport
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@391902 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This pulls bridge-related CEL event triggers out of the code in which
they were residing and pulls them into cel.c where they are now
triggered by changes in bridge snapshots. To get access to the
Stasis-Core parking topic in cel.c, the Stasis-Core portions of parking
init have been pulled into core Asterisk init.
This also adds a new CEL event (AST_CEL_BRIDGE_TO_CONF) that indicates
a two-party bridge has transitioned to a multi-party conference. The
reverse cannot occur in CEL terms even though it may occur in actuality
and two party bridges which receive a AST_CEL_BRIDGE_TO_CONF will be
treated as multi-party conferences for the duration of the bridge.
Review: https://reviewboard.asterisk.org/r/2563/
(closes issue ASTERISK-21564)
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@391643 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The WebSocket code would allocate, on the stack, a string large enough
to hold a key provided by the client, and the WEBSOCKET_GUID. If the key
is NULL, this causes a segfault. If the key is too large, it could
overflow the stack.
This patch checks the key for NULL and checks the length of the key to
avoid stack smashing nastiness.
(closes issue ASTERISK-21825)
Reported by: Alfred Farrugia
Tested by: Alfred Farrugia, David M. Lee
Patches:
issueA21825_check_if_key_is_sent.patch uploaded by Walter Doekes (license 5674)
........
Merged revisions 391560 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@391561 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This makes the AGI AsyncAGI event put provided AGI command arguments in
the event's environment.
(closes issue ASTERISK-21304)
Patch-By: Dirk Wendland
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@391271 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This adds support for Stasis applications to receive bridge-related
messages when the application shows interest in a given bridge.
To supplement this work and test it, this also adds support for the
following bridge-related Stasis-HTTP functionality:
* GET stasis/bridges
* GET stasis/bridges/{bridgeId}
* POST stasis/bridges
* DELETE stasis/bridges/{bridgeId}
* POST stasis/bridges/{bridgeId}/addChannel
* POST stasis/bridges/{bridgeId}/removeChannel
Review: https://reviewboard.asterisk.org/r/2572/
(closes issue ASTERISK-21711)
(closes issue ASTERISK-21621)
(closes issue ASTERISK-21622)
(closes issue ASTERISK-21623)
(closes issue ASTERISK-21624)
(closes issue ASTERISK-21625)
(closes issue ASTERISK-21626)
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@391199 65c4cc65-6c06-0410-ace0-fbb531ad65f3