The stir_shaken configuration option now has 4 different choices to pick
from: off, attest, verify, and on. Off and on behave the same way they
do now. Attest will only perform attestation on the endpoint, and verify
will only perform verification on the endpoint.
Certain responses are required to be sent based on certain conditions
for STIR/SHAKEN. For example, if we get a Date header that is outside of
the time range that is considered valid, a 403 Stale Date response
should be sent. This and several other responses have been added.
Change-Id: I4ac1ecf652cd0e336006b0ca638dc826b5b1ebf7
Add a new function that converts a speech results type to a string.
Also add another function to unregister an engine, but returns a
pointer to the unregistered engine object instead of a success/fail
integer.
Change-Id: I0f7de17cb411021c09fb03988bc2b904e1380192
In res_pjsip_sdp_rtp, the bind_rtp_to_media_address option and the
fallback use of the transport's bind address solve problems sending
media on systems that cannot send ipv4 packets on ipv6 sockets, and
certain other situations. This change extends both of these behaviors
to UDPTL sessions as well in res_pjsip_t38, to fix fax-specific
problems on these systems, introducing a new option
endpoint/t38_bind_udptl_to_media_address.
ASTERISK-29402
Change-Id: I87220c0e9cdd2fe9d156846cb906debe08c63557
The behavior of max_contacts and remove_existing are connected. If
remove_existing is enabled, the soonest expiring contacts are removed.
This may occur when there is an unavailable contact. Similarly,
when remove_existing is not enabled, registrations from good
endpoints are rejected in favor of retaining unavailable contacts.
This commit adds a new AOR option remove_unavailable, and the effect
of this setting will depend on remove_existing. If remove_existing
is set to no, we will still remove unavailable contacts when they
exceed max_contacts, if there are any. If remove_existing is set to
yes, we will prioritize the removal of unavailable contacts before
those that are expiring soonest.
ASTERISK-29525
Change-Id: Ia2711b08f2b4d1177411b1be23e970d7fdff5784
When listing bridges we go through the ones present in
ARI, get their snapshot, turn it into JSON, and add it
to the payload we ultimately return.
An invisible "dial bridge" exists within ARI that would
also try to be added to this payload if the channel
"create" and "dial" routes were used. This would ultimately
fail due to invisible bridges having no snapshot
resulting in the listing of bridges failing.
This change makes it so that the listing of bridges
ignores invisible ones.
ASTERISK-29668
Change-Id: I14fa4b589b4657d1c2a5226b0f527f45a0cd370a
Rather than stripping parameters from Content-Type headers before
comparison, first try to compare the whole string. If no match is
found, strip the parameters and try that way.
ASTERISK-29275 #close
Change-Id: I2963c8ecbb3a9605b78b6421c415108d77a66a0f
Some code has been added referencing symbols defined in a block
protected by #ifdef HAVE_PJPROJECT. Protect those code parts in
ifdef blocks too.
ASTERISK-29660
Change-Id: Ib18d4392d51ac80ca5481dabf6e498a4e3e49e6f
Adds parsing of ANI II digits (Originating
Line Information) to PJSIP, on par with
what currently exists in chan_sip.
ASTERISK-29472
Change-Id: Ifc938a7a7d45ce33999ebf3656a542226f6d3847
dsp.c contains arbitrary tone detection functionality
which is currently only used for fax tone recognition.
This change makes this functionality publicly
accessible so that other modules can take advantage
of this.
Additionally, a WaitForTone and TONE_DETECT app and
function are included to allow users to do their
own tone detection operations in the dialplan.
ASTERISK-29546
Change-Id: Ie38c395000f4fd4d04e942e8658e177f8f499b26
With gcc 11, res/res_snmp.c and res/snmp/agent.c need the
-fPIC option added to its _ASTCFLAGS.
ASTERISK-29634
Change-Id: I34649c85e075fd954e578378fabf798c3f038f50
When compiled without extended srtp crypto suites also disable parsing
these from received SDP. This prevents using these, as some client
implementations are not stable.
ASTERISK-29625
Change-Id: I7dafb29be1cdaabdc984002573f4bea87520533a
This allows the STUN server to change its IP address without having to
reload the res_rtp_asterisk module.
The refresh of the name resolution occurs first when the module is
loaded, then recurringly, slightly after the previous DNS answer TTL
expires.
ASTERISK-29508 #close
Change-Id: I7955a046293f913ba121bbd82153b04439e3465f
Allow mapping pjproject log messages to the Asterisk TRACE
log level. The defaults were also changes to log pjproject
levels 3,4 to DEBUG and 5,6 to TRACE. Previously 3,4,5,6
all went to DEBUG.
ASTERISK-29582
Change-Id: I859a37a8dec263ed68099709cfbd3e665324c72d
Commit 305ce3d added -Wno-parentheses-equality to Makefile.rules,
turning the previous two warning suppressions from commit e9520db
redundant. Let us remove the latter.
Change-Id: I0b471254b31e6e05902062761dded4b3e626c7ac
app_meetme is deprecated in 19, to be removed in 21.
app_osplookup is deprecated in 19, to be removed in 21.
chan_alsa is deprecated in 19, to be removed in 21.
chan_mgcp is deprecated in 19, to be removed in 21.
chan_skinny is deprecated in 19, to be removed in 21.
res_pktccops is deprecated in 19, to be removed in 21.
app_macro was deprecated in 16, to be removed in 21.
chan_sip was deprecated in 17, to be removed in 21.
res_monitor was deprecated in 16, to be removed in 21.
ASTERISK-29548
ASTERISK-29549
ASTERISK-29550
ASTERISK-29551
ASTERISK-29552
ASTERISK-29553
ASTERISK-29558
ASTERISK-29567
ASTERISK-29572
Change-Id: Ic3bee31a10d42c4b3bbc913d893f7b2a28a27131
PJSIP currently does not provide a function to replace SIP_HEADERS() function to get a list of headers from INVITE request.
It may be used to get all X- headers in case the actual set and names of headers unknown.
ASTERISK-29389
Change-Id: Ic09d395de71a0021e0d6c5c29e1e19d689079f8b
Meter types are not well supported,
lacking support in telegraf, datadog and the official statsd servers.
We deprecate meters and provide a compliant fallback for any existing usages.
A flag has been introduced to allow meters to fallback to counters.
ASTERISK-29513
Change-Id: I5fcb385983a1b88f03696ff30a26b55c546a1dd7
Asterisk first looks at the end of the URL to determine the file
extension of the returned audio, which in many cases will not work
because the URL may end with a query string or a URL fragment. If that
fails, Asterisk then looks at the Content-Type header and then finally
parses the URL to get the extension.
The order has been changed such that we look at the Content-Type
header first, followed by looking for the extension of the parsed
URL. We no longer look at the end of the URL, which was error prone.
ASTERISK-29527 #close
Change-Id: I1e3f83b339ef2b80661704717c23568536511032
If a re-INVITE is received after we have sent a BYE request then it
is possible for no channel to be present on the session. If this
occurs we allow PJSIP to produce the offer instead. Since the call
is being hung up if it produces an incorrect offer it doesn't
actually matter. This also ensures that code which produces SDP
does not need to handle if a channel is not present.
ASTERISK-29381
Change-Id: I673cb88c432f38f69b2e0851d55cc57a62236042
(cherry picked from commit 523a795289)
Verify `ast_check_hangup` before looping to the next sound file.
If the call is already hangup we just break the cycle.
It also ensures that the PlaybackFinished event is sent if the call was hangup.
This is also use-full when we are playing a big list of file for a channel that is hangup.
Before this patch Asterisk will give a warning for every sound not played and fire a PlaybackStart for every sound file on the list tried to be played.
With the patch we just break the playback cycle when the chan is hangup.
ASTERISK-29501 #close
Change-Id: Ic4e1c01b974c9a1f2d9678c9d6b380bcfc69feb8
From RFC 8225 Section 5.2.1:
The "dest" claim is a JSON object with the claim name of "dest"
and MUST have at least one identity claim object. The "dest"
claim value is an array containing one or more identity claim JSON
objects representing the destination identities of any type
(currently "tn" or "uri"). If the "dest" claim value array
contains both "tn" and "uri" claim names, the JSON object should
list the "tn" array first and the "uri" array second. Within the
"tn" and "uri" arrays, the identity strings should be put in
lexicographical order, including the scheme-specific portion of
the URI characters.
Additionally, make it clear that there was a failure to sign the JWT
payload and not necessarily a memory allocation failure.
Change-Id: Ia8733b861aef6edfaa9c2136e97b447a01578dc9
Use cURL's URL parsing API, falling back to the urlparser library, to
parse playback URLs in order to find their file extensions.
For backwards compatibility, we first look at the full URL, then at
any Content-Type header, and finally at just the path portion of the
URL.
ASTERISK-27871 #close
Change-Id: I16d0682f6d794be96539261b3e48f237909139cb
Add check that data parameter specified when audiosocket used for externalMedia.
ASTERISK-29514 #close
Change-Id: Ie562f03c5d6c3835a3631f376b3d43e75b8f9617
In f8b0c2c9 we added support for port numbers in 'match' statements
but neglected to include that support in the PJSIP config wizard.
The removed code would have also prevented IPv6 addresses from being
successfully used in the config wizard as well.
ASTERISK-29503 #close
Change-Id: Idd5bbfd48009e7a741757743dbaea68e2835a34d
When we try to play a list of sound files in the same Play command,
we get only one PlaybackFinish event, after all sounds are played.
But in the case where the Play fails (because channel is destroyed
for example), Asterisk will send one PlaybackFinish event for each
sound file still to be played. If the list is big, Asterisk is
sending many events.
This patch adds a failed state so we can understand that the play
failed. On that case we don't send the event, if we still have a
list of sounds to be played.
When we reach the last sound, we send the PlaybackFinish with
the failed state.
ASTERISK-29464 #close
Change-Id: I4c2e5921cc597702513af0d7c6c2c982e1798322
With the fix for ASTERISK_28754 channels are no longer put on hold if an
outbound INVITE is answered with a "Session Progress" containing
"inactive" audio.
The previous change moved the evaluation of the media attributes to
`negotiate_incoming_sdp_stream()` to have the `remotely_held` status
available when building the SDP in `create_outgoing_sdp_stream()`.
This however means that an answer to an outbound INVITE, which does not
traverse `negotiate_incoming_sdp_stream()`, cannot set the
`remotely_held` status anymore.
This change moves the check so that both, `negotiate_incoming_sdp_stream()` and
`apply_negotiated_sdp_stream()` can do the checks.
ASTERISK-29479
Change-Id: Icde805a819399d5123b688e1ed1d2bcd9d5b0f75
When the MessageSend destination is in the form
PJSIP/<number>@<endpoint> and the endpoint's contact
URI already has a user component, that user component
will now be replaced with <number> when creating the
request URI.
ASTERISK_29404
Change-Id: I80e5910fa25c803d1440da0594a0d6b34b6b4ad5
Set preferred transport when querying the local address to use in
filter_on_tx_messages(). This prevents the module to erroneously select
the wrong transport if more than one transports of the same type (TCP or
TLS) are configured.
ASTERISK-29241
Change-Id: I598e60257a7f92b29efce1fb3e9a2fc06f1439b6
The text description needs to be the last thing on the AST_MODULE_INFO
line to be pulled in properly by menuselect.
Change-Id: I0c913e36fea8b661f42e56920b6c5513ae8fd832
* Implemented the new "to" parameter of the MessageSend()
dialplan application. This allows a user to specify
a complete SIP "To" header separate from the Request URI.
* Completely refactored the get_outbound_endpoint() function
to actually handle all the destination combinations that
we advertized as supporting.
* We now also accept a destination in the same format
as Dial()... PJSIP/number@endpoint
* Added lots of debugging.
ASTERISK-29404
Reported by Brian J. Murrell
Change-Id: I67a485196d9199916468f7f98bfb9a0b993a4cce
STIR/SHAKEN requires a Date header alongside the Identity header, so
that has been added. Still on the outgoing side, we were missing the
dest->tn section of the JSON payload, so that has been added as well.
Moving to the incoming side, URL checking has been added to the public
cert URL to ensure that it starts with http.
https://wiki.asterisk.org/wiki/display/AST/OpenSIPit+2021
Change-Id: Idee5b1b5e45bc3b483b3070e46ce322dca5b3f1c
For connection oriented transports PJSIP uses factories to
produce transports. When doing a partial transport reload
we need to also move the factory of the transport over so
that anything referencing the transport (such as an endpoint)
has the factory available.
ASTERISK-29441
Change-Id: Ieae0fb98eab2d9257cad996a1136e5a62d307161
When unsubscribing from an endpoint technology a FRACK
would occur due to incorrect reference counting. This fixes
that issue, along with some other issues.
Fixed a typo in get_subscription when calling ao2_find as it
needed to pass the endpoint ID and not the entire object.
Fixed scenario where a subscription would get returned when
it shouldn't have been when searching based on endpoint
technology.
A doulbe unreference has also been resolved by only explicitly
releasing the reference held by tech_subscriptions.
ASTERISK-28237 #close
Reported by: Lucas Tardioli Silveira
Change-Id: Ia91b15f8e5ea68f850c66889a6325d9575901729
In multidomain environments, it is desirable to create
PJSIP endpoints with the domain info in the endpoint name
in pjsip_endpoint.conf. This resulted in an error with
registrations, NOTIFY, and OPTIONS packet generation.
This commit will detect if there is an @ in the endpoint
identifier and generate the URI accordingly so NOTIFY and
OPTIONS From headers will generate correctly.
ASTERISK-28393
Change-Id: I96f8d01dfdd5573ba7a28299e46271dd4210b619
RTCP ICE candidates use a base address derived from the RTP
candidate. The port on the base address was not being updated to
the RTCP port.
This change sets the base port to the RTCP port and all is well.
ASTERISK-29433
Change-Id: Ide2d2115b307bfd3c2dfbc4d187515d724519040
By default Asterisk reports the PJSIP version in a SOFTWARE attribute
of every STUN packet it sends. This may not be desired in a production
environment, and RFC5389 recommends making the use of the SOFTWARE
attribute a configurable option:
https://datatracker.ietf.org/doc/html/rfc5389#section-16.1.2
This patch adds a `stun_software_attribute` yes/no option to make it
possible to omit the SOFTWARE attribute from STUN packets.
ASTERISK-29434
Change-Id: Id3f2b1dd9584536ebb3a1d7e8395fd8b3e46860b
RFC7616 and RFC8760 allow more than one WWW-Authenticate or
Proxy-Authenticate header per realm, each with different digest
algorithms (including new ones like SHA-256 and SHA-512-256).
Thankfully however a UAS can NOT send back multiple Authenticate
headers for the same realm with the same digest algorithm. The
UAS is also supposed to send the headers in order of preference
with the first one being the most preferred. We're supposed to
send an Authorization header for the first one we encounter for a
realm that we can support.
The UAS can also send multiple realms, especially when it's a
proxy that has forked the request in which case the proxy will
aggregate all of the Authenticate headers and then send them all
back to the UAC.
It doesn't stop there though... Each realm can require a
different username from the others. There's also nothing
preventing each digest algorithm from having a unique password
although I'm not sure if that adds any benefit.
So now... For each Authenticate header we encounter, we have to
determine if we support the digest algorithm and, if not, just
skip the header. We then have to find an auth object that
matches the realm AND the digest algorithm or find a wildcard
object that matches the digest algorithm. If we find one, we add
it to the results vector and read the next Authenticate header.
If the next header is for the same realm AND we already added an
auth object for that realm, we skip the header. Otherwise we
repeat the process for the next header.
In the end, we'll have accumulated a list of credentials we can
pass to pjproject that it can use to add Authentication headers
to a request.
NOTE: Neither we nor pjproject can currently handle digest
algorithms other than MD5. We don't even have a place for it in
the ast_sip_auth object. For this reason, we just skip processing
any Authenticate header that's not MD5. When we support the
others, we'll move the check into the loop that searches the
objects.
Changes:
* Added a new API ast_sip_retrieve_auths_vector() that takes in
a vector of auth ids (usually supplied on a call to
ast_sip_create_request_with_auth()) and populates another
vector with the actual objects.
* Refactored res_pjsip_outbound_authenticator_digest to handle
multiple Authenticate headers and set the stage for handling
additional digest algorithms.
* Added a pjproject patch that allows them to ignore digest
algorithms they don't support. This patch has already been
merged upstream.
* Updated documentation for auth objects in the XML and
in pjsip.conf.sample.
* Although res_pjsip_authenticator_digest isn't affected
by this change, some debugging and a testsuite AMI event
was added to facilitate testing.
Discovered during OpenSIPit 2021.
ASTERISK-29397
Change-Id: I3aef5ce4fe1d27e48d61268520f284d15d650281
RFC 4235 Section 4.1.6 describes XML elements that should be
sent to subscribed endpoints to identify the local and remote
participants in the dialog.
This patch adds this functionality to PJSIP by iterating through the
ringing channels causing the NOTIFY, and inserts the channel info
into the dialog so that information is properly passed to the endpoint
in dialog-info+xml.
ASTERISK-24601
Patch submitted: Joshua Elson
Modified by: Joseph Nadiv and Sean Bright
Tested by: Joseph Nadiv
Change-Id: I20c5cf5b45f34d7179df6573c5abf863eb72964b
STIR/SHAKEN encodes using base64 URL format. Currently, we just use
base64. New functions have been added that convert to and from base64
encoding.
The origid field should also be an UUID. This means there's no reason to
have it as an option in stir_shaken.conf, as we can simply generate one
when creating the Identity header.
https://wiki.asterisk.org/wiki/display/AST/OpenSIPit+2021
Change-Id: Icf094a2a54e87db91d6b12244c9f5ba4fc2e0b8c
We're getting the serial number of the certificate from openssl and
freeing it with ast_free(), but it needs to be freed with OPENSSL_free()
instead. Now we duplicate the string and free the one from openssl with
OPENSSL_free(), which means we can still use ast_free() on the returned
string.
https://wiki.asterisk.org/wiki/display/AST/OpenSIPit+2021
Change-Id: Ia6e1a4028c1933a0e1d204b769ebb9f5a11f00ab