Add dialplan application PJSIPNOTIFY to send either pre-configured
NOTIFY messages from pjsip_notify.conf or with headers defined in
dialplan.
Also adds the ability to send pre-configured NOTIFY commands to a
channel via the CLI.
Resolves: #799
UserNote: A new dialplan application PJSIPNotify is now available
which can send SIP NOTIFY requests from the dialplan.
The pjsip send notify CLI command has also been enhanced to allow
sending NOTIFY messages to a specific channel. Syntax:
pjsip send notify <option> channel <channel>
This patch introduces a new identifier for channels: tenantid. It's
a stringfield on the channel that can be used for general purposes. It
will be inherited by other channels the same way that linkedid is.
You can set tenantid in a few ways. The first is to set it in the
dialplan with the Set and CHANNEL functions:
exten => example,1,Set(CHANNEL(tenantid)=My tenant ID)
It can also be accessed via CHANNEL:
exten => example,2,NoOp(CHANNEL(tenantid))
Another method is to use the new tenantid option for pjsip endpoints in
pjsip.conf:
[my_endpoint]
type=endpoint
tenantid=My tenant ID
This is considered the best approach since you will be able to see the
tenant ID as early as the Newchannel event.
It can also be set using set_var in pjsip.conf on the endpoint like
setting other channel variable:
set_var=CHANNEL(tenantid)=My tenant ID
Note that set_var will not show tenant ID on the Newchannel event,
however.
Tenant ID has also been added to CDR. It's read-only and can be accessed
via CDR(tenantid). You can also get the tenant ID of the last channel
communicated with via CDR(peertenantid).
Tenant ID will also show up in CEL records if it has been set, and the
version number has been bumped accordingly.
Fixes: #740
UserNote: tenantid has been added to channels. It can be read in
dialplan via CHANNEL(tenantid), and it can be set using
Set(CHANNEL(tenantid)=My tenant ID). In pjsip.conf, it is recommended to
use the new tenantid option for pjsip endpoints (e.g., tenantid=My
tenant ID) so that it will show up in Newchannel events. You can set it
like any other channel variable using set_var in pjsip.conf as well, but
note that this will NOT show up in Newchannel events. Tenant ID is also
available in CDR and can be accessed with CDR(tenantid). The peer tenant
ID can also be accessed with CDR(peertenantid). CEL includes tenant ID
as well if it has been set.
UpgradeNote: A new versioned struct (ast_channel_initializers) has been
added that gets passed to __ast_channel_alloc_ap. The new function
ast_channel_alloc_with_initializers should be used when creating
channels that require the use of this struct. Currently the only value
in the struct is for tenantid, but now more fields can be added to the
struct as necessary rather than the __ast_channel_alloc_ap function. A
new option (tenantid) has been added to endpoints in pjsip.conf as well.
CEL has had its version bumped to include tenant ID.
This commit adds a new voicemail.conf option 'odbc_audio_on_disk'
which when set causes the ODBC variant of app_voicemail to leave
the message and greeting audio files on disk and only store the
message metadata in the database. This option came from a concern
that the database could grow to large and cause remote access
and/or replication to become slow. In a clustering situation
with this option, all asterisk instances would share the same
database for the metadata and either use a shared filesystem
or other filesystem replication service much more suitable
for synchronizing files.
The changes to app_voicemail to implement this feature were actually
quite small but due to the complexity of the module, the actual
source code changes were greater. They fall into the following
categories:
* Tracing. The module is so complex that it was impossible to
figure out the path taken for various scenarios without the addition
of many SCOPE_ENTER, SCOPE_EXIT and ast_trace statements, even in
code that's not related to the functional change. Making this worse
was the fact that many "if" statements in this module didn't use
braces. Since the tracing macros add multiple statements, many "if"
statements had to be converted to use braces.
* Excessive use of PATH_MAX. Previous maintainers of this module
used PATH_MAX to allocate character arrays for filesystem paths
and SQL statements as though they cost nothing. In fact, PATH_MAX
is defined as 4096 bytes! Some functions had (and still have)
multiples of these. One function has 7. Given that the vast
majority of installations use the default spool directory path
`/var/spool/asterisk/voicemail`, the actual path length is usually
less than 80 bytes. That's over 4000 bytes wasted. It was the
same for SQL statement buffers. A 4K buffer for statement that
only needed 60 bytes. All of these PATH_MAX allocations in the
ODBC related code were changed to dynamically allocated buffers.
The rest will have to be addressed separately.
* Bug fixes. During the development of this feature, several
pre-existing ODBC related bugs were discovered and fixed. They
had to do with leaving orphaned files on disk, not preserving
original message ids when moving messages between folders,
not honoring the "formats" config parameter in certain circumstances,
etc.
UserNote: This commit adds a new voicemail.conf option
'odbc_audio_on_disk' which when set causes the ODBC variant of
app_voicemail_odbc to leave the message and greeting audio files
on disk and only store the message metadata in the database.
Much more information can be found in the voicemail.conf.sample
file.
Add patch to split the log level for invalid packets received on the signaling port.
The warning regarding the packet will move to level 2 so that it can still be displayed,
while the raw packet will be at level 4.
To better co-exist with sounds files that may be managed by
packages, custom sound files may now be placed in
AST_DATA_DIR/sounds/custom instead of the standard
AST_DATA_DIR/sounds/<lang> directory. If the new
"sounds_search_custom_dir" option in asterisk.conf is set
to "true", asterisk will search the custom directory for sounds
files before searching the standard directory. For performance
reasons, the "sounds_search_custom_dir" defaults to "false".
Resolves: #315
UserNote: A new option "sounds_search_custom_dir" has been added to
asterisk.conf that allows asterisk to search
AST_DATA_DIR/sounds/custom for sounds files before searching the
standard AST_DATA_DIR/sounds/<lang> directory.
* Remove .gitreview and switch to pulling the main asterisk branch
version from configure.ac instead.
* Replace references to JIRA with GitHub.
* Other minor cleanup found along the way.
Resolves: #39
Add live_dangerously flag to manager and use this flag to
determine if a configuation file outside of AST_CONFIG_DIR
should be read.
ASTERISK-30176
Change-Id: I46b26af4047433b49ae5c8a85cb8cda806a07404
Also added a note to the geolocation.conf.sample file
and added a README to the res/res_geolocation/wiki
directory.
Change-Id: I89c3c5db8c0701b33127993622d5e4f904bddfbc
You can now specify the location object's format, location_info,
method, location_source and confidence parameters directly on
a profile object for simple scenarios where the location
information isn't common with any other profiles. This is
mutually exclusive with setting location_reference on the
profile.
Updated appdocsxml.dtd to allow xi:include in a configObject
element. This makes it easier to link to complete configOptions
in another object. This is used to add the above fields to the
profile object without having to maintain the option descriptions
in two places.
ASTERISK-30185
Change-Id: Ifd5f05be0a76f0a6ad49fa28d17c394027677569
Added profile parameter "suppress_empty_ca_elements" that
will cause Civic Address elements that are empty to be
suppressed from the outgoing PIDF-LO document.
Fixed a possible SEGV if a sub-parameter value didn't have a
value.
ASTERISK-30177
Change-Id: I924ccc5aa2f45110a3155b22e53dfaf3ef2092dd
The trigger to perform outgoing geolocation processing is the
presence of a geoloc_outgoing_call_profile on an endpoint. This
is intentional so as to not leak location information to
destinations that shouldn't receive it. In a totally dynamic
configuration scenario however, there may not be any profiles
defined in geolocation.conf. This makes it impossible to do
outgoing processing without defining a "dummy" profile in the
config file.
This commit adds 4 built-in profiles:
"<prefer_config>"
"<discard_config>"
"<prefer_incoming>"
"<discard_incoming>"
The profiles are empty except for having their precedence
set and can be set on an endpoint to allow processing without
entries in geolocation.conf. "<discard_config>" is actually the
best one to use in this situation.
ASTERISK-30182
Change-Id: I1819ccfa404ce59802a3a07ad1cabed60fb9480a
* Added processing for the 'confidence' element.
* Added documentation to some APIs.
* removed a lot of complex code related to the very-off-nominal
case of needing to process multiple location info sources.
* Create a new 'ast_geoloc_eprofile_to_pidf' API that just takes
one eprofile instead of a datastore of multiples.
* Plugged a huge leak in XML processing that arose from
insufficient documentation by the libxml/libxslt authors.
* Refactored stylesheets to be more efficient.
* Renamed 'profile_action' to 'profile_precedence' to better
reflect it's purpose.
* Added the config option for 'allow_routing_use' which
sets the value of the 'Geolocation-Routing' header.
* Removed the GeolocProfileCreate and GeolocProfileDelete
dialplan apps.
* Changed the GEOLOC_PROFILE dialplan function as follows:
* Removed the 'profile' argument.
* Automatically create a profile if it doesn't exist.
* Delete a profile if 'inheritable' is set to no.
* Fixed various bugs and leaks
* Updated Asterisk WiKi documentation.
ASTERISK-30167
Change-Id: If38c23f26228e96165be161c2f5e849cb8e16fa0
This commit adds res_pjsip_geolocation which gives chan_pjsip
the ability to use the core geolocation capabilities.
This commit message is intentionally short because this isn't
a simple capability. See the documentation at
https://wiki.asterisk.org/wiki/display/AST/Geolocation
for more information.
THE CAPABILITIES IMPLEMENTED HERE MAY CHANGE BASED ON
USER FEEDBACK!
ASTERISK-30128
Change-Id: Ie2e2bcd87243c2cfabc43eb823d4427c7086f4d9
This commit adds res_geolocation which creates the core capabilities
to manipulate Geolocation information on SIP INVITEs.
An upcoming commit will add res_pjsip_geolocation which will
allow the capabilities to be used with the pjsip channel driver.
This commit message is intentionally short because this isn't
a simple capability. See the documentation at
https://wiki.asterisk.org/wiki/display/AST/Geolocation
for more information.
THE CAPABILITIES IMPLEMENTED HERE MAY CHANGE BASED ON
USER FEEDBACK!
ASTERISK-30127
Change-Id: Ibfde963121b1ecf57fd98ee7060c4f0808416303
Rightly the use of wildcards in certificates is disallowed in accordance
with RFC5922. However, RFC2818 does make some allowances with regards to
their use when using subject alt names with DNS name types.
As such this patch creates a new setting for TLS transports called
'allow_wildcard_certs', which when it and 'verify_server' are both enabled
allows DNS name types, as well as the common name that start with '*.'
to match as a wildcard.
For instance: *.example.com
will match for: foo.example.com
Partial matching is not allowed, e.g. f*.example.com, foo.*.com, etc...
And the starting wildcard only matches for a single level.
For instance: *.example.com
will NOT match for: foo.bar.example.com
The new setting is disabled by default.
ASTERISK-30072 #close
Change-Id: If0be3fdab2e09c2a66bb54824fca406ebaac3da4
Adds a new configuration option, stir_shaken_profile, in pjsip.conf that
can be specified on a per endpoint basis. This option will reference a
stir_shaken_profile that can be configured in stir_shaken.conf. The type
of this option must be 'profile'. The stir_shaken option can be
specified on this object with the same values as before (attest, verify,
on), but it cannot be off since having the profile itself implies wanting
STIR/SHAKEN support. You can also specify an ACL from acl.conf (along
with permit and deny lines in the object itself) that will be used to
limit what interfaces Asterisk will attempt to retrieve information from
when reading the Identity header.
ASTERISK-29476
Change-Id: I87fa61f78a9ea0cd42530691a30da3c781842406
Some databases depending on their configuration using backslashes
for escaping. When combined with the use of ' this can result in
a broken func_odbc query.
This change adds a SQL_ESC_BACKSLASHES dialplan function which can
be used to escape the backslashes.
This is done as a dialplan function instead of being always done
as some databases do not require this, and always doing it would
result in incorrect data being put into the database.
ASTERISK-29838
Change-Id: I152bf34899b96ddb09cca3e767254d8d78f0c83d
Correct typos of the following word families:
password
excludes
undesirable
checksums
through
screening
interpreting
database
causes
initiation
member
busydetect
defined
severely
throughput
recognized
counter
require
indefinitely
accounts
ASTERISK-29714
Change-Id: Ie8f2a7b274a162dd627ee6a2165f5e8a3876527e
The search for a running asterisk when --running is used
has been greatly simplified and in the event it doesn't
work, you can now specify a pid to use on the command
line with --pid.
The search for asterisk modules when --tarball-coredumps
is used has been enhanced to have a better chance of finding
them and in the event it doesn't work, you can now specify
--libdir on the command line to indicate the library directory
where they were installed.
The DATEFORMAT variable was renamed to DATEOPTS and is now
passed to the 'date' utility rather than running DATEFORMAT
as a command.
The coredump and output files are now renamed with DATEOPTS.
This can be disabled by specifying --no-rename.
Several confusing and conflicting options were removed:
--append-coredumps
--conffile
--no-default-search
--tarball-uniqueid
The script was re-structured to make it easier for follow.
Change-Id: I674be64bdde3ef310b6a551d4911c3b600ffee59
In res_pjsip_sdp_rtp, the bind_rtp_to_media_address option and the
fallback use of the transport's bind address solve problems sending
media on systems that cannot send ipv4 packets on ipv6 sockets, and
certain other situations. This change extends both of these behaviors
to UDPTL sessions as well in res_pjsip_t38, to fix fax-specific
problems on these systems, introducing a new option
endpoint/t38_bind_udptl_to_media_address.
ASTERISK-29402
Change-Id: I87220c0e9cdd2fe9d156846cb906debe08c63557
The behavior of max_contacts and remove_existing are connected. If
remove_existing is enabled, the soonest expiring contacts are removed.
This may occur when there is an unavailable contact. Similarly,
when remove_existing is not enabled, registrations from good
endpoints are rejected in favor of retaining unavailable contacts.
This commit adds a new AOR option remove_unavailable, and the effect
of this setting will depend on remove_existing. If remove_existing
is set to no, we will still remove unavailable contacts when they
exceed max_contacts, if there are any. If remove_existing is set to
yes, we will prioritize the removal of unavailable contacts before
those that are expiring soonest.
ASTERISK-29525
Change-Id: Ia2711b08f2b4d1177411b1be23e970d7fdff5784
Adds the ability for users to log to custom log levels
by providing custom log level names in logger.conf. Also
adds a logger show levels CLI command.
ASTERISK-29529
Change-Id: If082703cf81a436ae5a565c75225fa8c0554b702
This allows the STUN server to change its IP address without having to
reload the res_rtp_asterisk module.
The refresh of the name resolution occurs first when the module is
loaded, then recurringly, slightly after the previous DNS answer TTL
expires.
ASTERISK-29508 #close
Change-Id: I7955a046293f913ba121bbd82153b04439e3465f
This changeset is intended to address compatibility issues encountered
when interfacing Asterisk to electromechanical telephone switches that
implement ANI-B, ANI-C, or ANI-D.
In particular the behaviours that this impacts include:
- FGC-CAMA did not work at all when using MF signaling. Modified the
switch case block to send calls to the correct part of the
signaling-handling state machine.
- For FGC-CAMA operation, the delay between called number ST and
second wink for ANI spill has been made configurable; previously
all calls were made to wait for one full second.
- After the ANI spill, previous behavior was to require a 'ST' tone
to advance the call. This has been changed to allow 'STP' 'ST2P'
or 'ST3P' as well, for compatibility with ANI-D.
- Store ANI2 (ANI INFO) digits in the CALLERID(ANI2) channel variable.
- For calls with an ANI failure, No. 1 Crossbar switches will send
forward a single-digit failure code, with no calling number digits
and no ST pulse to terminate the spill. I've made the ANI timeout
configurable so to reduce dead air time on calls with ANI fail.
- ANI info digits configurable. Modern digital switches will send 2
digits, but ANI-B sends only a single info digit. This caused the
ANI reported by Asterisk to be misaligned.
- Changed a confusing log message to be more informative.
ASTERISK-29518
Change-Id: Ib7e27d987aee4ed9bc3663c57ef413e21b404256
Allow mapping pjproject log messages to the Asterisk TRACE
log level. The defaults were also changes to log pjproject
levels 3,4 to DEBUG and 5,6 to TRACE. Previously 3,4,5,6
all went to DEBUG.
ASTERISK-29582
Change-Id: I859a37a8dec263ed68099709cfbd3e665324c72d
Meter types are not well supported,
lacking support in telegraf, datadog and the official statsd servers.
We deprecate meters and provide a compliant fallback for any existing usages.
A flag has been introduced to allow meters to fallback to counters.
ASTERISK-29513
Change-Id: I5fcb385983a1b88f03696ff30a26b55c546a1dd7
A new user option, answer_channel, adds the capability to
prevent answering the channel if it hasn't already been
answered yet.
ASTERISK-29440
Change-Id: I26642729d0345f178c7b8045506605c8402de54b
By default Asterisk reports the PJSIP version in a SOFTWARE attribute
of every STUN packet it sends. This may not be desired in a production
environment, and RFC5389 recommends making the use of the SOFTWARE
attribute a configurable option:
https://datatracker.ietf.org/doc/html/rfc5389#section-16.1.2
This patch adds a `stun_software_attribute` yes/no option to make it
possible to omit the SOFTWARE attribute from STUN packets.
ASTERISK-29434
Change-Id: Id3f2b1dd9584536ebb3a1d7e8395fd8b3e46860b
RFC7616 and RFC8760 allow more than one WWW-Authenticate or
Proxy-Authenticate header per realm, each with different digest
algorithms (including new ones like SHA-256 and SHA-512-256).
Thankfully however a UAS can NOT send back multiple Authenticate
headers for the same realm with the same digest algorithm. The
UAS is also supposed to send the headers in order of preference
with the first one being the most preferred. We're supposed to
send an Authorization header for the first one we encounter for a
realm that we can support.
The UAS can also send multiple realms, especially when it's a
proxy that has forked the request in which case the proxy will
aggregate all of the Authenticate headers and then send them all
back to the UAC.
It doesn't stop there though... Each realm can require a
different username from the others. There's also nothing
preventing each digest algorithm from having a unique password
although I'm not sure if that adds any benefit.
So now... For each Authenticate header we encounter, we have to
determine if we support the digest algorithm and, if not, just
skip the header. We then have to find an auth object that
matches the realm AND the digest algorithm or find a wildcard
object that matches the digest algorithm. If we find one, we add
it to the results vector and read the next Authenticate header.
If the next header is for the same realm AND we already added an
auth object for that realm, we skip the header. Otherwise we
repeat the process for the next header.
In the end, we'll have accumulated a list of credentials we can
pass to pjproject that it can use to add Authentication headers
to a request.
NOTE: Neither we nor pjproject can currently handle digest
algorithms other than MD5. We don't even have a place for it in
the ast_sip_auth object. For this reason, we just skip processing
any Authenticate header that's not MD5. When we support the
others, we'll move the check into the loop that searches the
objects.
Changes:
* Added a new API ast_sip_retrieve_auths_vector() that takes in
a vector of auth ids (usually supplied on a call to
ast_sip_create_request_with_auth()) and populates another
vector with the actual objects.
* Refactored res_pjsip_outbound_authenticator_digest to handle
multiple Authenticate headers and set the stage for handling
additional digest algorithms.
* Added a pjproject patch that allows them to ignore digest
algorithms they don't support. This patch has already been
merged upstream.
* Updated documentation for auth objects in the XML and
in pjsip.conf.sample.
* Although res_pjsip_authenticator_digest isn't affected
by this change, some debugging and a testsuite AMI event
was added to facilitate testing.
Discovered during OpenSIPit 2021.
ASTERISK-29397
Change-Id: I3aef5ce4fe1d27e48d61268520f284d15d650281
Although Asterisk can receive and propogate flash events, it currently
provides no mechanism for doing anything with them itself.
This AMI event allows flash events to be processed by Asterisk.
Additionally, AST_CONTROL_FLASH is included in a switch statement
in channel.c to avoid throwing a warning when we shouldn't.
ASTERISK-29380
Change-Id: Ie17ffe65086e0282c88542e38eed6a461ec79e81
STIR/SHAKEN encodes using base64 URL format. Currently, we just use
base64. New functions have been added that convert to and from base64
encoding.
The origid field should also be an UUID. This means there's no reason to
have it as an option in stir_shaken.conf, as we can simply generate one
when creating the Identity header.
https://wiki.asterisk.org/wiki/display/AST/OpenSIPit+2021
Change-Id: Icf094a2a54e87db91d6b12244c9f5ba4fc2e0b8c
During OpenSIPit, we found out that the public certificates must be of
type X.509. When reading in public keys, we use the corresponding X.509
functions now.
We also discovered that we needed a better naming scheme for the
certificates since certificates with the same name would cause issues
(overwriting certs, etc.). Now when we download a public certificate, we
get the serial number from it and use that as the name of the cached
certificate.
The configuration option public_key_url in stir_shaken.conf has also
been renamed to public_cert_url, which better describes what the option
is for.
https://wiki.asterisk.org/wiki/display/AST/OpenSIPit+2021
Change-Id: Ia00b20835f5f976e3603797f2f2fb19672d8114d
Also removed the sample documentation, and some oddly-placed
documentation about the timeout argument to the Queue() application
itself. There is a large section on the timeout behavior below.
ASTERISK-26614 #close
Change-Id: I8f84e8304b50305b7c4cba2d9787a5d77c3a6217
minargs enables enforcing of minimum count of arguments to pass to
func_odbc, so if you're unconditionally using ARG1 through ARG4 then
this should be set to 4. func_odbc will generate an error in this case,
so for example
[FOO]
minargs = 4
and ODBC_FOO(a,b,c) in dialplan will now error out instead of using a
potentially leaked ARG4 from Gosub().
ARGC is needed if you're using optional argument, to verify whether or
not an argument has been passed, else it's possible to use a leaked ARGn
from Gosub (app_stack). So now you can safely do
${IF($[${ARGC}>3]?${ARGV}:default value)} kind of thing.
Change-Id: I6ca0b137d90b03f6aa9c496991f6cbf1518f6c24
Signed-off-by: Jaco Kroon <jaco@uls.co.za>
If there's no secret specified for an iax2 peer and there's no secret
specified in the dial string, Asterisk will crash if the auth method
requested by the peer is MD5 or plaintext. You also couldn't specify
a default auth method in the [general] section of iax.conf so if you
don't have static peers defined and just use the dial string, Asterisk
will still crash even if you have a secret specified in the dial string.
* Added logic to iax2_call() and authenticate_reply() to print
a warning and hanhup the call if encryption is requested and
there's no secret or auth method. This prevents the crash.
* Added the ability to specify a default "auth" in the [general]
section of iax.conf.
ASTERISK-29624
Reported by: N A
Change-Id: I5928e16137581f7d383fcc7fa04ad96c919e6254
As described in the issue, /tmp is not a suitable location for a
large amount of cached media files, since most distributions make
/tmp a RAM-based tmpfs mount with limited capacity.
I opted for a location that can be configured separately, as opposed
to using a subdirectory of spooldir, given the different storage
profile (transient files vs files that might stay there indefinitely).
This commit just makes the cache directory configurable, but leaves
it at /tmp by default, to ensure backwards compatibility.
A future commit that only targets master could change the default
location to something more sensible such as /var/tmp/asterisk. At
that point, the cachedir could be created and cleaned up during
uninstall by the Makefile script.
ASTERISK-29143
Change-Id: Ic54e95199405abacd9e509cef5f08fa14c510b5d
Currently any response from res_curl where we get an answer from the
web server, regardless of what the response is (404, 403 etc.) Asterisk
currently treats it as a success. This patch allows you to set which
codes should be considered as a failure by Asterisk. If say we set
failurecodes=404,403 then when using curl in realtime if a server gives
a 404 error Asterisk will try to failover to the next option set in
extconfig.conf
ASTERISK-28825
Reported by: Dovid Bender
Code by: Gobinda Paul
Change-Id: I94443e508343e0a3e535e51ea6e0562767639987
