Commit Graph

34230 Commits

Author SHA1 Message Date
George Joseph
fb533fcc73 res_pjsip_authenticator_digest: Fix issue with missing auth and DONT_OPTIMIZE
The return code fom digest_check_auth wasn't explicitly being initialized.
The return code also wasn't explicitly set to CHALLENGE when challenges
were sent.  When optimization was turned off (DONT_OPTIMIZE), the compiler
was setting it to "0"(CHALLENGE) which worked fine.  However, with
optimization turned on, it was setting it to "1" (SUCCESS) so if there was
no incoming Authorization header, the function was returning SUCCESS to the
distributor allowing the request to incorrectly succeed.

The return code is now initialized correctly and is now explicitly set
to CHALLENGE when we send challenges.
2025-01-17 20:32:49 +00:00
Naveen Albert
eca4ec6b5e ast_tls_cert: Add option to skip passphrase for CA private key.
Currently, the ast_tls_cert file is hardcoded to use the -des3 option
for 3DES encryption, and the script needs to be manually modified
to not require a passphrase. Add an option (-e) that disables
encryption of the CA private key so no passphrase is required.

Resolves: #1064
2025-01-16 17:45:46 +00:00
Naveen Albert
1b0cd8b10d chan_iax2: Avoid unnecessarily backlogging non-voice frames.
Currently, when receiving an unauthenticated call, we keep track
of the negotiated format in the chosenformat, which allows us
to later create the channel using the right format. However,
this was not done for authenticated calls. This meant that in
certain circumstances, if we had not yet received a voice frame
from the peer, only certain other types of frames (e.g. text),
there were no variables containing the appropriate frame.
This led to problems in the jitterbuffer callback where we
unnecessarily bailed out of retrieving a frame from the jitterbuffer.
This was logic intentionally added in commit 73103bdcd5
in response to an earlier regression, and while this prevents
crashes, it also backlogs legitimate frames unnecessarily.

The abort logic was initially added because at this point in the
code, we did not have the negotiated format available to us.
However, it should always be available to us as a last resort
in chosenformat, so we now pull it from there if needed. This
allows us to process frames the jitterbuffer even if voicefmt
and peerfmt aren't set and still avoid the crash. The failsafe
logic is retained, but now it shouldn't be triggered anymore.

Resolves: #1054
2025-01-16 16:31:30 +00:00
Allan Nathanson
7e58e8d4f6 config.c: fix #tryinclude being converted to #include on rewrite
Correct an issue in ast_config_text_file_save2() when updating configuration
files with "#tryinclude" statements. The API currently replaces "#tryinclude"
with "#include". The API also creates empty template files if the referenced
files do not exist. This change resolves these problems.

Resolves: https://github.com/asterisk/asterisk/issues/920
2025-01-16 16:12:56 +00:00
Naveen Albert
abfa8206f3 sig_analog: Add Last Number Redial feature.
This adds the Last Number Redial feature to
simple switch.

UserNote: Users can now redial the last number
called if the lastnumredial setting is set to yes.

Resolves: #437
2025-01-16 15:47:25 +00:00
George Joseph
15ed357747 docs: Various XML fixes
* channels/pjsip/dialplan_functions_doc.xml: Added xmlns:xi to docs element.

* main/bucket.c: Removed XML completely since the "bucket" and "file" objects
  are internal only with no config file.

* main/named_acl.c: Fixed the configFile element name. It was "named_acl.conf"
  and should have been "acl.conf"

* res/res_geolocation/geoloc_doc.xml: Added xmlns:xi to docs element.

* res/res_http_media_cache.c: Fixed the configFile element name. It was
  "http_media_cache.conf" and should have been "res_http_media_cache.conf".
2025-01-16 15:32:52 +00:00
Sean Bright
dafac1f6f4 strings.c: Improve numeric detection in ast_strings_match().
Essentially, we were treating 1234x1234 and 1234x5678 as 'equal'
because we were able to convert the prefix of each of these strings to
the same number.

Resolves: #1028
2025-01-16 14:20:48 +00:00
George Joseph
3c867e6e6c docs: Enable since/version handling for XML, CLI and ARI documentation
* Added the "since" element to the XML configObject and configOption elements
  in appdocsxml.dtd.

* Added the "Since" section to the following CLI output:
  ```
  config show help <module> <object>
  config show help <module> <object> <option>
  core show application <app>
  core show function <func>
  manager show command <command>
  manager show event <event>
  agi show commands topic <topic>
  ```

* Refactored the commands above to output their sections in the same order:
  Synopsis, Since, Description, Syntax, Arguments, SeeAlso

* Refactored the commands above so they all use the same pattern for writing
  the output to the CLI.

* Fixed several memory leaks caused by failure to free temporary output
  buffers.

* Added a "since" array to the mustache template for the top-level resources
  (Channel, Endpoint, etc.) and to the paths/methods underneath them. These
  will be added to the generated markdown if present.
  Example:
  ```
    "resourcePath": "/api-docs/channels.{format}",
    "requiresModules": [
        "res_stasis_answer",
        "res_stasis_playback",
        "res_stasis_recording",
        "res_stasis_snoop"
    ],
    "since": [
        "18.0.0",
        "21.0.0"
    ],
    "apis": [
        {
            "path": "/channels",
            "description": "Active channels",
            "operations": [
                {
                    "httpMethod": "GET",
                    "since": [
                        "18.6.0",
                        "21.8.0"
                    ],
                    "summary": "List all active channels in Asterisk.",
                    "nickname": "list",
                    "responseClass": "List[Channel]"
                },

  ```

NOTE:  No versioning information is actually added in this commit.
Those will be added separately and instructions for adding and maintaining
them will be published on the documentation site at a later date.
2025-01-16 14:20:35 +00:00
Artem Umerov
92d69897b7 logger.h: Fix build when AST_DEVMODE is not defined.
Resolves: #1058
2025-01-15 21:28:29 +00:00
Sean Bright
032235bd29 dialplan_functions_doc.xml: Document PJSIP_MEDIA_OFFER's media argument.
Resolves: #1023
2025-01-15 19:46:12 +00:00
Abdelkader Boudih
4b6d40bd66 samples: Use "asterisk" instead of "postgres" for username 2025-01-13 17:09:07 +00:00
Sean Bright
131682c2c5 manager: Add <since> tags for all AMI actions. 2025-01-13 17:08:19 +00:00
Steffen Arntz
d31b79b2f8 logger.c fix: malformed JSON template
this typo was mentioned before, but never got fixed. 
https://community.asterisk.org/t/logger-cannot-log-long-json-lines-properly/87618/6
2025-01-10 18:09:36 +00:00
Sean Bright
e4635e817f manager.c: Rename restrictedFile to is_restricted_file.
Also correct the spelling of 'privileges.'
2025-01-10 18:09:14 +00:00
Abdelkader Boudih
7c40d82f02 res_config_pgsql: normalize database connection option with cel and cdr by supporting new options name 2025-01-10 18:08:26 +00:00
Stanislav Abramenkov
e95f97ad38 res_pjproject: Fix typo (OpenmSSL->OpenSSL)
Fix typo (OpenmSSL->OpenSSL) mentioned by bkford in #972
2025-01-10 17:50:45 +00:00
George Joseph
7dc9d85f2b Add SHA-256 and SHA-512-256 as authentication digest algorithms
* Refactored pjproject code to support the new algorithms and
added a patch file to third-party/pjproject/patches

* Added new parameters to the pjsip auth object:
  * password_digest = <algorithm>:<digest>
  * supported_algorithms_uac = List of algorithms to support
    when acting as a UAC.
  * supported_algorithms_uas = List of algorithms to support
    when acting as a UAS.
  See the auth object in pjsip.conf.sample for detailed info.

* Updated both res_pjsip_authenticator_digest.c (for UAS) and
res_pjsip_outbound_authentocator_digest.c (UAC) to suport the
new algorithms.

The new algorithms are only available with the bundled version
of pjproject, or an external version > 2.14.1.  OpenSSL version
1.1.1 or greater is required to support SHA-512-256.

Resolves: #948

UserNote: The SHA-256 and SHA-512-256 algorithms are now available
for authentication as both a UAS and a UAC.
2025-01-10 16:21:21 +00:00
Allan Nathanson
1cb741df4a config.c: retain leading whitespace before comments
Configurations loaded with the ast_config_load2() API and later written
out with ast_config_text_file_save2() will have any leading whitespace
stripped away.  The APIs should make reasonable efforts to maintain the
content and formatting of the configuration files.

This change retains any leading whitespace from comment lines that start
with a ";".

Resolves: https://github.com/asterisk/asterisk/issues/970
2025-01-10 16:10:17 +00:00
Ben Ford
e358ce0762 manager.c: Restrict ListCategories to the configuration directory.
When using the ListCategories AMI action, it was possible to traverse
upwards through the directories to files outside of the configured
configuration directory. This action is now restricted to the configured
directory and an error will now be returned if the specified file is
outside of this limitation.

Resolves: #GHSA-33x6-fj46-6rfh

UserNote: The ListCategories AMI action now restricts files to the
configured configuration directory.
2025-01-09 19:05:00 +00:00
Sean Bright
6b3dadfbe2 config.c: Fix off-nominal reference leak.
This was identified and fixed by @Allan-N in #918 but it is an
important fix in its own right.

The fix here is slightly different than Allan's in that we just move
the initialization of the problematic AO2 container to where it is
first used.

Fixes #1046
2025-01-08 15:41:38 +00:00
Abdelkader Boudih
cc2b5ec88b normalize contrib/ast-db-manage/queue_log.ini.sample 2025-01-07 17:07:19 +00:00
George Joseph
79427c1ac1 Add C++ Standard detection to configure and fix a new C++20 compile issue
* The autoconf-archive package contains macros useful for detecting C++
  standard and testing other C++ capabilities but that package was never
  included in the install_prereq script so many existing build environments
  won't have it.  Even if it is installed, older versions won't newer C++
  standards and will actually cause an error if you try to test for that
  version. To make it available for those environments, the
  ax_cxx_compile_stdcxx.m4 macro has copied from the latest release of
  autoconf-archive into the autoconf directory.

* A convenience wrapper(ast_cxx_check_std) around ax_cxx_compile_stdcxx was
  also added so checking the standard version and setting the
  asterisk-specific PBX_ variables becomes a one-liner:
  `AST_CXX_CHECK_STD([std], [force_latest_std])`.
  Calling that with a version of `17` for instance, will set PBX_CXX17
  to 0 or 1 depending on whether the current c++ compiler supports stdc++17.
  HAVE_CXX17 will also be 'defined" or not depending on the result.

* C++ compilers hardly ever default to the latest standard they support.  g++
  version 14 for instance supports up to C++23 but only uses C++17 by default.
  If you want to use C++23, you have to add `-std=gnu++=23` to the g++
  command line.  If you set the second argument of AST_CXX_CHECK_STD to "yes",
  the macro will automatically keep the highest `-std=gnu++` value that
  worked and pass that to the Makefiles.

* The autoconf-archive package was added to install_prereq for future use.

* Updated configure.ac to use AST_CXX_CHECK_STD() to check for C++
  versions 11, 14, 17, 20 and 23.

* Updated configure.ac to accept the `--enable-latest-cxx-std` option which
  will set the second option to AST_CXX_CHECK_STD() to "yes".  The default
  is "no".

* ast_copy_string() in strings.h declares the 'sz' variable as volatile and
  does an `sz--` on it later.  C++20 no longer allows the `++` and `--`
  increment and decrement operators to be used on variables declared as
  volatile however so that was changed to `sz -= 1`.
2025-01-06 12:48:24 -07:00
Naveen Albert
afd15274e7 chan_dahdi: Fix wrong channel state when RINGING recieved.
Previously, when AST_CONTROL_RINGING was received by
a DAHDI device, it would set its channel state to
AST_STATE_RINGING. However, an analysis of the codebase
and other channel drivers reveals RINGING corresponds to
physical power ringing, whereas AST_STATE_RING should be
used for audible ringback on the channel. This also ensures
the correct device state is returned by the channel state
to device state conversion.

Since there seems to be confusion in various places regarding
AST_STATE_RING vs. AST_STATE_RINGING, some documentation has
been added or corrected to clarify the actual purposes of these
two channel states, and the associated device state mapping.

An edge case that prompted this fix, but isn't explicitly
addressed here, is that of an incoming call to an FXO port.
The channel state will be "Ring", which maps to a device state
of "In Use", not "Ringing" as would be more intuitive. However,
this is semantic, since technically, Asterisk is treating this
the same as any other incoming call, and so "Ring" is the
semantic state (put another way, Asterisk isn't ringing anything,
like in the cases where channels are in the "Ringing" state).

Since FXO ports don't currently support Call Waiting, a suitable
workaround for the above would be to ignore the device state and
instead check the channel state (e.g. IMPORT(DAHDI/1-1,CHANNEL(state)))
since it will be Ring if the FXO port is idle (but a call is ringing
on it) and Up if the FXO port is actually in use. (In both cases,
the device state would misleadingly be "In Use".)

Resolves: #1029
2025-01-06 14:56:39 +00:00
Stanislav Abramenkov
2e8d8c4a08 Upgrade bundled pjproject to 2.15.1
Resolves: asterisk#1016

UserNote: Bundled pjproject has been upgraded to 2.15.1. For more
information visit pjproject Github page: https://github.com/pjsip/pjproject/releases/tag/2.15.1
2025-01-06 13:52:24 +00:00
George Joseph
5beb61317a .github: Set exit 0 in CherryPick and Recheck workflow Cleanup steps 2025-01-05 10:37:59 -07:00
George Joseph
6fa7c40b57 gcc14: Fix issues caught by gcc 14
* test_message.c: Fix segfaults caused by passing NULL as an sprintf fmt.
2025-01-03 23:26:04 +00:00
George Joseph
e677ec8473 Header fixes for compiling C++ source files
A few tweaks needed to be done to some existing header files to allow them to
be compiled when included from C++ source files.

logger.h had declarations for ast_register_verbose() and
ast_unregister_verbose() which caused C++ issues but those functions were
actually removed from logger.c many years ago so the declarations were just
removed from logger.h.
2025-01-02 14:52:35 +00:00
George Joseph
2fa9dcd51c Add ability to pass arguments to unit tests from the CLI
Unit tests can now be passed custom arguments from the command
line.  For example, the following command would run the "mytest" test
in the "/main/mycat" category with the option "myoption=54"

`CLI> test execute category /main/mycat name mytest options myoption=54`

You can also pass options to an entire category...

`CLI> test execute category /main/mycat options myoption=54`

Basically, everything after the "options" keyword is passed verbatim to
the test which must decide what to do with it.

* A new API ast_test_get_cli_args() was created to give the tests access to
the cli_args->argc and cli_args->argv elements.

* Although not needed for the option processing, a new macro
ast_test_validate_cleanup_custom() was added to test.h that allows you
to specify a custom error message instead of just "Condition failed".

* The test_skel.c was updated to demonstrate parsing options and the use
of the ast_test_validate_cleanup_custom() macro.
2025-01-02 14:52:16 +00:00
Kent
21dba60ff2 res_pjsip: Add new AOR option "qualify_2xx_only"
Added a new option "qualify_2xx_only" to the res_pjsip AOR qualify
feature to mark a contact as available only if an OPTIONS request
returns a 2XX response. If the option is not specified or is false,
any response to the OPTIONS request marks the contact as available.

UserNote: The pjsip.conf AOR section now has a "qualify_2xx_only"
option that can be set so that only 2XX responses to OPTIONS requests
used to qualify a contact will mark the contact as available.
2024-12-26 14:58:08 +00:00
George Joseph
865c8b8232 .github: Change the run name for OnPRStateChangedPriv 2024-12-18 08:19:44 -07:00
Jaco Kroon
9b45103bc8 res_odbc: release threads from potential starvation.
Whenever a slot is freed up due to a failed connection, wake up a waiter
before failing.

In the case of a dead connection there could be waiters, for example,
let's say two threads tries to acquire objects at the same time, with
one in the cached connections, one will acquire the dead connection, and
the other will enter into the wait state.  The thread with the dead
connection will clear up the dead connection, and then attempt a
re-acquire (at this point there cannot be cached connections else the
other thread would have received that and tried to clean up), as such,
at this point we're guaranteed that either there are no waiting threads,
or that the maxconnections - connection_cnt threads will attempt to
re-acquire connections, and then either succeed, using those
connections, or failing, and then signalling to release more waiters.

Also fix the pointer log for ODBC handle %p dead which would always
reflect NULL.

Signed-off-by: Jaco Kroon <jaco@uls.co.za>
2024-12-17 15:10:26 +00:00
Sperl Viktor
d832aae1d7 app_queue: indicate the paused state of a dynamically added member in queue_log.
Fixes: #1021
2024-12-10 14:24:06 +00:00
George Joseph
9a1180c6af Allow C++ source files (as extension .cc) in the main directory
Although C++ files (as extension .cc) have been handled in the module
directories for many years, the main directory was missing one line in its
Makefile that prevented C++ files from being recognised there.
2024-12-10 14:23:40 +00:00
Alexey Khabulyak
ced3b41327 format_gsm.c: Added mime type
Sometimes it's impossible to get a file extension from URL
(eg. http://example.com/gsm/your) so we have to rely on content-type header.
Currenly, asterisk does not support content-type for gsm format(unlike wav).
Added audio/gsm according to https://www.rfc-editor.org/rfc/rfc4856.html
2024-12-10 13:25:06 +00:00
Maksim Nesterov
c50dea93a5 func_uuid: Add a new dialplan function to generate UUIDs
This function is useful for uniquely identifying calls, recordings, and other entities in distributed environments, as well as for generating an argument for the AudioSocket application.
2024-12-03 18:07:54 +00:00
Sperl Viktor
7b7df5d30e app_queue: allow dynamically adding a queue member in paused state.
Fixes: #1007

UserNote: use the p option of AddQueueMember() for paused member state.
Optionally, use the r(reason) option to specify a custom reason for the pause.
2024-12-03 14:37:04 +00:00
Naveen Albert
be2bea854e chan_iax2: Add log message for rejected calls.
Add a log message for a path that currently silently drops IAX2
frames without indicating that anything is wrong.
2024-12-03 14:36:47 +00:00
Maximilian Fridrich
45c5d39c58 chan_pjsip: Send VIDUPDATE RTP frame for all H.264 streams
Currently, when a chan_pjsip channel receives a VIDUPDATE indication,
an RTP VIDUPDATE frame is only queued on a H.264 stream if WebRTC is
enabled on that endpoint. This restriction does not really make sense.

Now, a VIDUPDATE RTP frame is written even if WebRTC is not enabled (as
is the case with VP8, VP9, and H.265 streams).

Resolves: #1013
2024-12-03 13:57:33 +00:00
Tinet-mucw
3ac5f82d49 audiohook.c: resolving the issue with audiohook both reading when packet loss on one side of the call
When there is 0% packet loss on one side of the call and 15% packet loss on the other side, reading frame is often failed when reading direction_both audiohook. when read_factory available = 0, write_factory available = 320; i think write factory is usable read; because after reading one frame, there is still another frame that can be read together with the next read factory frame.

Resolves: #851
2024-12-02 20:21:53 +00:00
Mike Pultz
424e4ee761 res_curl.conf.sample: clean up sample configuration and add new SSL options
This update properly documents all the current configuration options supported
by the curl implementation, including the new ssl_* options.
2024-12-02 13:00:53 +00:00
Viktor Litvinov
2599aa3be0 res_rtp_asterisk.c: Set Mark on rtp when timestamp skew is too big
Set Mark bit in rtp stream when timestamp skew is bigger than MAX_TIMESTAMP_SKEW.

Fixes: #927
2024-12-02 12:58:53 +00:00
Alexey Vasilyev
e96d1cf2ae res_rtp_asterisk.c: Fix bridged_payload matching with sample rate for DTMF
Fixes #1004
2024-12-02 12:56:16 +00:00
Mike Pultz
0c193b725b manager.c: Add Processed Call Count to CoreStatus output
This update adds the processed call count to the CoreStatus AMI Action responsie. This output is
similar to the values returned by "core show channels" or "core show calls" in the CLI.

UserNote: The current processed call count is now returned as CoreProcessedCalls from the
CoreStatus AMI Action.
2024-12-02 12:55:17 +00:00
Mike Pultz
8e289af9de func_curl.c: Add additional CURL options for SSL requests
This patch adds additional CURL TLS options / options to support mTLS authenticated requests:

* ssl_verifyhost - perform a host verification on the peer certificate (CURLOPT_SSL_VERIFYHOST)
* ssl_cainfo - define a CA certificate file (CURLOPT_CAINFO)
* ssl_capath - define a CA certificate directory (CURLOPT_CAPATH)
* ssl_cert - define a client certificate for the request (CURLOPT_SSLCERT)
* ssl_certtype - specify the client certificate type (CURLOPT_SSLCERTTYPE)
* ssl_key - define a client private key for the request (CURLOPT_SSLKEY)
* ssl_keytype - specify the client private key type (CURLOPT_SSLKEYTYPE)
* ssl_keypasswd - set a password for the private key, if required (CURLOPT_KEYPASSWD)

UserNote: The following new configuration options are now available
in the res_curl.conf file, and the CURL() function: 'ssl_verifyhost'
(CURLOPT_SSL_VERIFYHOST), 'ssl_cainfo' (CURLOPT_CAINFO), 'ssl_capath'
(CURLOPT_CAPATH), 'ssl_cert' (CURLOPT_SSLCERT), 'ssl_certtype'
(CURLOPT_SSLCERTTYPE), 'ssl_key' (CURLOPT_SSLKEY), 'ssl_keytype',
(CURLOPT_SSLKEYTYPE) and 'ssl_keypasswd' (CURLOPT_KEYPASSWD). See the
libcurl documentation for more details.
2024-11-20 22:43:45 +00:00
Naveen Albert
4f0a506c67 sig_analog: Fix regression with FGD and E911 signaling.
Commit 466eb4a52b introduced a regression
which completely broke Feature Group D and E911 signaling, by removing
the call to analog_my_getsigstr, which affected multiple switch cases.
Restore the original behavior for all protocols except Feature Group C
CAMA (MF), which is all that patch was attempting to target.

Resolves: #993
2024-11-20 22:42:22 +00:00
James Terhune
d6b7554012 main/stasis_channels.c: Fix crash when setting a global variable with invalid UTF8 characters
Add check for null value of chan before referencing it with ast_channel_name()

Resolves: #999
2024-11-20 22:41:08 +00:00
George Joseph
e9f336b47b res_stir_shaken: Allow sending Identity headers for unknown TNs
Added a new option "unknown_tn_attest_level" to allow Identity
headers to be sent when a callerid TN isn't explicitly configured
in stir_shaken.conf.  Since there's no TN object, a private_key_file
and public_cert_url must be configured in the attestation or profile
objects.

Since "unknown_tn_attest_level" uses the same enum as attest_level,
some of the sorcery macros had to be refactored to allow sharing
the enum and to/from string conversion functions.

Also fixed a memory leak in crypto_utils:pem_file_cb().

Resolves: #921

UserNote: You can now set the "unknown_tn_attest_level" option
in the attestation and/or profile objects in stir_shaken.conf to
enable sending Identity headers for callerid TNs not explicitly
configured.
2024-11-20 21:38:37 +00:00
George Joseph
1f67825a91 res_pjsip: Change suppress_moh_on_sendonly to OPT_BOOL_T
The suppress_moh_on_sendonly endpoint option should have been
defined as OPT_BOOL_T in pjsip_configuration.c and AST_BOOL_VALUES
in the alembic script instead of OPT_YESNO_T and YESNO_VALUES.

Also updated contrib/ast-db-manage/README.md to indicate that
AST_BOOL_VALUES should always be used and provided an example.

Resolves: #995
2024-11-18 16:29:46 +00:00
George Joseph
03ab004e26 res_pjsip: Add new endpoint option "suppress_moh_on_sendonly"
Normally, when one party in a call sends Asterisk an SDP with
a "sendonly" or "inactive" attribute it means "hold" and causes
Asterisk to start playing MOH back to the other party. This can be
problematic if it happens at certain times, such as in a 183
Progress message, because the MOH will replace any early media you
may be playing to the calling party. If you set this option
to "yes" on an endpoint and the endpoint receives an SDP
with "sendonly" or "inactive", Asterisk will NOT play MOH back to
the other party.

Resolves: #979

UserNote: The new "suppress_moh_on_sendonly" endpoint option
can be used to prevent playing MOH back to a caller if the remote
end sends "sendonly" or "inactive" (hold) to Asterisk in an SDP.
2024-11-13 16:06:50 +00:00
Sean Bright
1c0fcd583d res_pjsip.c: Fix Contact header rendering for IPv6 addresses.
Fix suggested by @nvsystems.

Fixes #985
2024-11-13 14:18:28 +00:00