Doxygen updates including mistakes, misspellings, missing parameters, updates for Doxygen style. Some missing txt file links are removed but their content or essense will be included in some later updates. A majority of the txt files were removed in the 1.6 era but never noted. The HR and EXTREF are simple changes that make the documentation more compatable with more versions of Doxygen.
Further updates coming.
(issue ASTERISK-20259)
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@373330 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The AMI Originate action can allow a remote user to specify information that can
be used to execute shell commands on the system hosting Asterisk. This can
result in an unwanted escalation of permissions, as the Originate action, which
requires the "originate" class authorization, can be used to perform actions
that would typically require the "system" class authorization. Previous attempts
to prevent this permission escalation (AST-2011-006, AST-2012-004) have sought
to do so by inspecting the names of applications and functions passed in with
the Originate action and, if those applications/functions matched a predefined
set of values, rejecting the command if the user lacked the "system" class
authorization. As noted by IBM X-Force Research, the "ExternalIVR"
application is not listed in the predefined set of values. The solution for
this particular vulnerability is to include the "ExternalIVR" application in the
set of defined applications/functions that require "system" class authorization.
Unfortunately, the approach of inspecting fields in the Originate action against
known applications/functions has a significant flaw. The predefined set of
values can be bypassed by creative use of the Originate action or by certain
dialplan configurations, which is beyond the ability of Asterisk to analyze at
run-time. Attempting to work around these scenarios would result in severely
restricting the applications or functions and prevent their usage for legitimate
means. As such, any additional security vulnerabilities, where an
application/function that would normally require the "system" class
authorization can be executed by users with the "originate" class authorization,
will not be addressed. Instead, the README-SERIOUSLY.bestpractices.txt file has
been updated to reflect that the AMI Originate action can result in commands
requiring the "system" class authorization to be executed. Proper system
configuration can limit the impact of such scenarios.
(closes issue ASTERISK-20132)
Reported by: Zubair Ashraf of IBM X-Force Research
........
Merged revisions 371998 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 371999 from http://svn.asterisk.org/svn/asterisk/branches/10
........
Merged revisions 372000 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@372001 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This is based on the work done by Olle Johansson on review board.
The idea is that the channel specified in an AMI originate or call
file is typically not connected to the outgoing extension until the
channel has been answered. With this change, an EarlyMedia header can
be specified for AMI originates and an early_media option can
be specified in call files. With this option set, once early media is
received on a channel, it will be connected with the outgoing extension.
(closes issue ASTERISK-18644)
Reported by Olle Johansson
Review: https://reviewboard.asterisk.org/r/1472
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@370951 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Implementation of a dialplan function for checking manager accounts. Right now
it only returns the number of logged in sessions for a manager account, but
other attributes can be added later.
Patch by: Olle Johansson
Review: https://reviewboard.asterisk.org/r/421/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@370943 65c4cc65-6c06-0410-ace0-fbb531ad65f3
With this option set, channel variables can be set on
every manager originate. The Variable header can still
be used to set additional channel variables for individual
calls if desired.
This work was completed by Olle Johansson on review board.
I have applied the review feedback and am committing it in
order to get this into trunk before Asterisk 11 is branched.
Review: https://reviewboard.asterisk.org/r/1412
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@370681 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch adds Named ACL functionality to Asterisk. This allows system
administrators to define an ACL and refer to it by a unique name. Configurable
items can then refer to that name when specifying access control lists.
It also includes updates to all core supported consumers of ACLs. That includes
manager, chan_sip, and chan_iax2. This feature is based on the deluxepine-trunk
by Olle E. Johansson and provides a subset of the Named ACL functionality
implemented in that branch. For more information on this feature, see acl.conf
and/or the Asterisk wiki.
Review: https://reviewboard.asterisk.org/r/1978/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@369959 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch adds some basic documentation for a number of modules. This
includes core source files in Asterisk (those in main), as well as
chan_agent, chan_dahdi, chan_local, sig_analog, and sig_pri. The DTD
has also been updated to allow referencing of AMI commands.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@369905 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Thank you rmudgett for pointing out that I was missing this in the initial
check-in for AMI event documentation (r369346)
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@369386 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch adds the core changes necessary to support AMI event documentation
in the source files of Asterisk, and adds documentation to those AMI events
defined in the core application modules. Event documentation is built from
the source by two new python scripts, located in build_tools:
get_documentation.py and post_process_documentation.py.
The get_documentation.py script mirrors the actions of the existing AWK
get_documentation scripts, except that it will scan the entirety of a source
file for Asterisk documentation. Upon encountering it, if the documentation
happens to be an AMI event, it will attempt to extract information about the
event directly from the manager event macro calls that raise the event. The
post_process_documentation.py script combines manager event instances that
are the same event but documented in multiple source files. It generates
the final core-[lang].xml file.
As this process can take longer to complete than a typical 'make all', it
is only performed if a new make target, 'full', is chosen.
Review: https://reviewboard.asterisk.org/r/1967/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@369346 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Presence support has been added. This is accomplished by
allowing for presence hints in addition to device state
hints. A dialplan function called PRESENCE_STATE has been
added to allow for setting and reading presence. Presence
can be transmitted to Digium phones using custom XML
elements in a PIDF presence document.
Voicemail has new APIs that allow for moving, removing,
forwarding, and playing messages. Messages have had a new
unique message ID added to them so that the APIs will work
reliably. The state of a voicemail mailbox can be obtained
using an API that allows one to get a snapshot of the mailbox.
A voicemail Dialplan App called VoiceMailPlayMsg has been
added to be able to play back a specific message.
Configuration hooks have been added. Configuration hooks
allow for a piece of code to be executed when a specific
configuration file is loaded by a specific module. This is
useful for modules that are dependent on the configuration
of other modules.
chan_sip now has a public method that allows for a custom
SIP INFO request to be sent mid-dialog. Digium phones use
this in order to display progress bars when files are played.
Messaging support has been expanded a bit. The main
visible difference is the addition of an AMI action
MessageSend.
Finally, a ParkingLots manager action has been added in order
to get a list of parking lots.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@368435 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This resolves core findings from ASTERISK-19650 numbers 0-2, 6, 7, 9-11, 14-20,
22-24, 28, 30-32, 34-36, 42-56, 82-84, 87, 89-90, 93-102, 104, 105, 109-111,
and 115. Finding numbers 26, 33, and 29 were already resolved. Those skipped
were either extended/deprecated or in areas of code that shouldn't be
disturbed.
(Closes issue ASTERISK-19650)
........
Merged revisions 366167 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 366168 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@366169 65c4cc65-6c06-0410-ace0-fbb531ad65f3
As detailed in the advisory, AMI users without write authorization for SYSTEM class AMI
actions were able to run system commands by going through other AMI commands which did
not require that authorization. Specifically, GetVar and Status allowed users to do this
by setting their variable/s options to the SHELL or EVAL functions.
Also, within 1.8, 10, and trunk there was a similar flaw with the Originate action that
allowed users with originate permission to run MixMonitor and supply a shell command
in the Data argument. That flaw is fixed in those versions of this patch.
(closes issue ASTERISK-17465)
Reported By: David Woolley
Patches:
162_ami_readfunc_security_r2.diff uploaded by jrose (license 6182)
18_ami_readfunc_security_r2.diff uploaded by jrose (license 6182)
10_ami_readfunc_security_r2.diff uploaded by jrose (license 6182)
........
Merged revisions 363117 from http://svn.asterisk.org/svn/asterisk/branches/1.6.2
........
Merged revisions 363141 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 363156 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@363159 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch addresses a number of modules in main that did not handle the
negative return value from function calls adequately, or were not sufficiently
clear that the conditions leading to improper handling of the return values
could not occur. This includes:
* asterisk.c: A negative return value from the read function would be used
directly as an index into a buffer. We now check for success of the read
function prior to using its result as an index.
* manager.c: Check for failures in mkstemp and lseek when handling the
temporary file created for processing data returned from a CLI command in
action_command. Also check that the result of an lseek is sanitized prior
to using it as the size of a memory map to allocate.
(issue ASTERISK-19655)
Reported by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/1863/
........
Merged revisions 362359 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 362360 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@362361 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The current Security Events Framework API only supports IPv4 when it comes to
generating security events. This patch does the following:
* Changes the Security Events Framework API to support IPV6 and updates
the components that use this API.
* Eliminates an error message that was being generated since the current
implementation was treating an IPv6 socket address as if it was IPv4.
* Some copyright dates were updated on files touched by this patch.
(closes issue ASTERISK-19447)
Reported by: Michael L. Young
Tested by: Michael L. Young
Patches:
security_events_ipv6v3.diff uploaded by Michael L. Young (license 5026)
Review: https://reviewboard.asterisk.org/r/1777/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@362200 65c4cc65-6c06-0410-ace0-fbb531ad65f3
* Hangup now can take a regular expression as the Channel option. If you want
to hangup multiple channels, use /regex/ as the Channel option. Existing
behavior to hanging up a single channel is unchanged, but if you pass a regex,
the manager will send you a list of channels back that were hung up.
(closes issue ASTERISK-19575)
Reported by: Mark Murawski
Tested by: Mark Murawski
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@361038 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Everything still compiled after making these changes, so I assume these
whitespace-only changes didn't break anything (and shouldn't have).
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@360190 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Fix AMI module reload deadlock regression from ASTERISK-18479 when it
tried to fix the race between calling an AMI action callback and
unregistering that action. Refixes ASTERISK-13784 broken by
ASTERISK-17785 change.
Locking the ao2 object guaranteed that there were no active callbacks that
mattered when ast_manager_unregister() was called. Unfortunately, this
causes the deadlock situation. The patch stops locking the ao2 object to
allow multiple threads to invoke the callback re-entrantly. There is no
way to guarantee a module unload will not crash because of an active
callback. The code attempts to minimize the chance with the registered
flag and the maximum 5 second delay before ast_manager_unregister()
returns.
The trunk version of the patch changes the API to fix the race condition
correctly to prevent the module code from unloading from memory while an
action callback is active.
* Don't hold the lock while calling the AMI action callback.
(closes issue ASTERISK-19487)
Reported by: Philippe Lindheimer
Review: https://reviewboard.asterisk.org/r/1818/
Review: https://reviewboard.asterisk.org/r/1820/
........
Merged revisions 359979 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 359980 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@359981 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The process_output function in manager.c attempted to call fclose and close immediately
afterwards. Since fclose implies close, this resulted in a potential double free on file
descriptors. This patch changes that behavior and also adds error checking to fclose and
close depending on which was deemed necessary. Also error messages. Thanks to Rosen
Iliev for pointing out the location of the problem.
(closes issue ASTERISK-18453)
Reported By: Jaco Kroon
Review: https://reviewboard.asterisk.org/r/1793/
........
Merged revisions 358214 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 358215 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@358216 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This change permits each verbose destination (consoles, logger) to have its
own concept of what the verbosity level is. The big feature here is that
the logger will now be able to capture a particular verbosity level without
condemning each console to need to suffer that level of verbosity.
Additionally, a stray 'core set verbose' will no longer change what will go
to the log.
Review: https://reviewboard.asterisk.org/r/1599/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@355413 65c4cc65-6c06-0410-ace0-fbb531ad65f3
* Removes references to tlsbindport from http.conf.sample and manager.conf.sample
* Properly bind to port specified in tlsbindaddr, using the default port if specified.
* On a reload, properly close socket if the service has been disabled.
A note has been added to UPGRADE.txt to indicate how ports must be set for TLS.
(closes issue ASTERISK-16959)
reported by Olaf Holthausen
(closes issue ASTERISK-19201)
reported by Chris Mylonas
(closes issue ASTERISK-19204)
reported by Chris Mylonas
Review: https://reviewboard.asterisk.org/r/1709
........
Merged revisions 353770 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 353820 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@353821 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Continue channel opaque-ification by wrapping all of the stringfields.
Eventually, we will restrict what can actually set these variables, but
the purpose for now is to hide the implementation and keep people from
adding code that directly accesses the channel structure. Semantic
changes will follow afterward.
Review: https://reviewboard.asterisk.org/r/1661/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@352348 65c4cc65-6c06-0410-ace0-fbb531ad65f3
There are many benefits to making the ast_channel an opaque handle, from
increasing maintainability to presenting ways to kill masquerades. This patch
kicks things off by taking things a field at a time, renaming the field to
'__do_not_use_${fieldname}' and then writing setters/getters and converting the
existing code to using them. When all fields are done, we can move ast_channel
to a C file from channel.h and lop off the '__do_not_use_'.
This patch sets up main/channel_interal_api.c to be the only file that actually
accesses the ast_channel's fields directly. The intent would be for any API
functions in channel.c to use the accessor functions. No more monkeying around
with channel internals. We should use our own APIs.
The interesting changes in this patch are the addition of
channel_internal_api.c, the moving of the AST_DATA stuff from channel.c to
channel_internal_api.c (note: the AST_DATA stuff will have to be reworked to
use accessor functions when ast_channel is really opaque), and some re-working
of the way channel iterators/callbacks are handled so as to avoid creating fake
ast_channels on the stack to pass in matching data by directly accessing fields
(since "name" is a stringfield and the fake channel doesn't init the
stringfields, you can't use the ast_channel_name_set() function). I went with
ast_channel_name(chan) for a getter, and ast_channel_name_set(chan, name) for a
setter.
The majority of the grunt-work for this change was done by writing a semantic
patch using Coccinelle ( http://coccinelle.lip6.fr/ ).
Review: https://reviewboard.asterisk.org/r/1655/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@350223 65c4cc65-6c06-0410-ace0-fbb531ad65f3
* Fixed race between calling an AMI action callback and unregistering that
action. Refixes ASTERISK-13784 broken by ASTERISK-17785 change.
* Fixed potential memory leak if an AMI action failed to get registered
because is already was registered. Part of the ao2 conversion.
* Fixed AMI ListCommands action not walking the actions list with a lock
held.
* Fix usage of ast_strdupa() and alloca() in loops. Excess stack usage.
* Fix AMI Originate action Variable header requiring a space after the
header colon. Reported by Yaroslav Panych on the asterisk-dev list.
* Increased the number of listed variables allowed per AMI Originate
action Variable header to 64.
* Fixed AMI GetConfigJSON action output format.
* Fixed usage of res contents outside of scope in append_channel_vars().
* Fixed inconsistency of config file channelvars option. The values no
longer accumulate with every channelvars option in the config file. Only
the last value is kept to be consistent with the CLI "manager show
settings" command.
(closes issue ASTERISK-18479)
Reported by: Jaco Kroon
........
Merged revisions 340279 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 340281 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@340282 65c4cc65-6c06-0410-ace0-fbb531ad65f3
https://origsvn.digium.com/svn/asterisk/branches/10
................
r340109 | mnicholson | 2011-10-10 09:15:41 -0500 (Mon, 10 Oct 2011) | 18 lines
Merged revisions 340108 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.8
........
r340108 | mnicholson | 2011-10-10 09:14:48 -0500 (Mon, 10 Oct 2011) | 11 lines
Load the proper XML documentation when multiple modules document the same application.
This patch adds an optional "module" attribute to the XML documentation spec
that allows the documentation processor to match apps with identical names from
different modules to their documentation. This patch also fixes a number of
bugs with the documentation processor and should make it a little more
efficient. Support for multiple languages has also been properly implemented.
ASTERISK-18130
Review: https://reviewboard.asterisk.org/r/1485/
........
................
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@340110 65c4cc65-6c06-0410-ace0-fbb531ad65f3
https://origsvn.digium.com/svn/asterisk/branches/10
................
r337974 | rmudgett | 2011-09-26 14:35:23 -0500 (Mon, 26 Sep 2011) | 37 lines
Merged revisions 337973 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.8
........
r337973 | rmudgett | 2011-09-26 14:30:39 -0500 (Mon, 26 Sep 2011) | 30 lines
Fix deadlock when using dummy channels.
Dummy channels created by ast_dummy_channel_alloc() should be destoyed by
ast_channel_unref(). Using ast_channel_release() needlessly grabs the
channel container lock and can cause a deadlock as a result.
* Analyzed use of ast_dummy_channel_alloc() and made use
ast_channel_unref() when done with the dummy channel. (Primary reason for
the reported deadlock.)
* Made app_dial.c:dial_exec_full() not call ast_call() holding any channel
locks. Chan_local could not perform deadlock avoidance correctly.
(Potential deadlock exposed by this issue. Secondary reason for the
reported deadlock since the held lock was part of the deadlock chain.)
* Fixed some uses of ast_dummy_channel_alloc() not checking the returned
channel pointer for failure.
* Fixed some potential chan=NULL pointer usage in func_odbc.c. Protected
by testing the bogus_chan value.
* Fixed needlessly clearing a 1024 char auto array when setting the first
char to zero is enough in manager.c:action_getvar().
(closes issue ASTERISK-18613)
Reported by: Thomas Arimont
Patches:
jira_asterisk_18613_v1.8.patch (license #5621) patch uploaded by rmudgett
Tested by: Thomas Arimont
........
................
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@337975 65c4cc65-6c06-0410-ace0-fbb531ad65f3
https://origsvn.digium.com/svn/asterisk/branches/10
................
r331316 | kmoore | 2011-08-10 08:48:41 -0500 (Wed, 10 Aug 2011) | 15 lines
Merged revisions 331315 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.8
........
r331315 | kmoore | 2011-08-10 08:47:46 -0500 (Wed, 10 Aug 2011) | 8 lines
AMI action ModuleReload returns Error if Module: missing or empty
An empty string was not being checked for properly causing identification of
the module to be reloaded to fail and return an Error with message
"No such module."
(closes issue AST-616)
........
................
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@331317 65c4cc65-6c06-0410-ace0-fbb531ad65f3