Adds support for encryption to RSA-authenticated
calls. Also prevents crashes if an RSA IAX2 call
is initiated to a switch requiring encryption
but no secret is provided.
ASTERISK-20219
Change-Id: I18f1f9d7c59b4f9cffa00f3b94a4c875846efd40
STIR/SHAKEN encodes using base64 URL format. Currently, we just use
base64. New functions have been added that convert to and from base64
encoding.
The origid field should also be an UUID. This means there's no reason to
have it as an option in stir_shaken.conf, as we can simply generate one
when creating the Identity header.
https://wiki.asterisk.org/wiki/display/AST/OpenSIPit+2021
Change-Id: Icf094a2a54e87db91d6b12244c9f5ba4fc2e0b8c
During OpenSIPit, we found out that the public certificates must be of
type X.509. When reading in public keys, we use the corresponding X.509
functions now.
We also discovered that we needed a better naming scheme for the
certificates since certificates with the same name would cause issues
(overwriting certs, etc.). Now when we download a public certificate, we
get the serial number from it and use that as the name of the cached
certificate.
The configuration option public_key_url in stir_shaken.conf has also
been renamed to public_cert_url, which better describes what the option
is for.
https://wiki.asterisk.org/wiki/display/AST/OpenSIPit+2021
Change-Id: Ia00b20835f5f976e3603797f2f2fb19672d8114d
There are a lot of moving parts in this patch, but the focus of it is on
the verification of the signature using a public key located at the
public key URL provided in the JSON payload. First, we check the
database to see if we have already downloaded the key. If so, check to
see if it has expired. If it has, redownload from the URL. If we don't
have an entry in the database, just go ahead and download the public
key. The expiration is tested each time we download the file. After
that, read the public key from the file and use it to verify the
signature. All sanity checking is done when the payload is first
received, so the verification is complete once this point is reached.
The XML has also been added since a new config option was added to
general (curl_timeout). The maximum amount of time to wait for a
download can be configured through this option, with a low value by
default.
Change-Id: I3ba4c63880493bf8c7d17a9cfca1af0e934d1a1c
Some places in Asterisk did not treat the formats on a stream
as immutable when they are.
The ast_stream_get_formats function is now const to enforce this
and parts of Asterisk have been updated to take this into account.
Some violations of this were also fixed along the way.
An additional minor tweak is that streams are now allocated with
an empty format capabilities structure removing the need in various
places to check that one is present on the stream.
ASTERISK-28846
Change-Id: I32f29715330db4ff48edd6f1f359090458a9bfbe
When a text message was received any associated variable was not written to
the ARI TextMessageReceived event. This occurred because Asterisk only wrote
out "send" variables. However, even those "send" variables would fail ARI
validation due to a TextMessageVariable formatting bug.
Since it seems the TextMessageReceived event has never been able to include
actual variables it was decided to remove the TextMessageVariable object type
from ARI, and simply return a JSON object of key/value pairs for variables.
This aligns more with how the ARI sendMessage handles variables, and other
places in ARI.
That being the case, and since this is technically an API breaking change (no
one should really be affected since things never really worked) the ARI version
was updated to reflect that.
ASTERISK-28755 #close
Change-Id: Ia6051c01a53b30cf7edef84c27df4ed4479b8b6f
Although the wiki page for the new CHANGES and UPGRADE scheme
states that the files must have the ".txt" suffix, the READMEs
didn't.
Change-Id: I490306aa2cc24d6f014738e9ebbc78592efe0f05
(cherry picked from commit 7416703f04)
If an AMI user without the "system" authorization calls the
Originate AMI command with the Originate application,
the second Originate could run the "System" command.
Action: Originate
Channel: Local/1111
Application: Originate
Data: Local/2222,app,System,touch /tmp/owned
If the "system" authorization isn't set, we now block the
Originate app as well as the System, Exec, etc. apps.
ASTERISK-28580
Reported by: Eliel Sardañons
Change-Id: Ic4c9dedc34c426f03c8c14fce334a71386d8a5fa
Previously, when a Transfer (REFER) was performed, chan_pjsip would set
the TRANSFERSTATUS to SUCCESS when the REFER was queued up. This did not
reflect a successful/unsuccessful transfer the way chan_sip did.
Added a callback module to process the refer subscription information.
Now depends on res_pjsip_pubsub so call transfer progress can be monitored
and reported
ASTERISK-26968 #close
Reported-by: Dan Cropp
Change-Id: If6c27c757c66f71e8b75e3fe49da53ebe62395dc
This changes the way that we handle adding changes to CHANGES and
UPGRADE.txt. The reason for this is because whenever someone needed to
make a change to one of these files and someone else had already done
so, you would run into merge conflicts. With this new setup, there will
never be merge conflicts since all changes will be documented in the
doc/<file>-staging directory. The release script is now responsible for
merging all of these changes into the appropriate files.
There is a special format that these files have to follow in order to be
parsed. The files do not need to have a meaningful name, but it is
strongly recommended. For example, if you made a change to pjsip, you
may have something like this "res_pjsip_relative_title", where
"relative_title" is something more descriptive than that. Inside each
file, you will need a subject line for your change, followed by a
description. There can be multiple subject lines. The file may look
something like this:
Subject: res_pjsip
Subject: Core
A description that explains the changes made and why. The release
script will handle the bulleting and section separators!
You can still separate with new lines within your
description.
The headers ("Subject" and "Master-Only") are case sensative, but the
value for "Master-Only" ("true" or "True") is not.
For more information, check out the wiki page:
https://wiki.asterisk.org/wiki/display/AST/CHANGES+and+UPGRADE.txt
ASTERISK-28111 #close
Change-Id: I19cf4b569321c88155a65e9b0b80f6d58075dd47
This is the first step in changing the release process so that changes
made to the CHANGES and UPGRADE.txt files do not result in merge
conflicts every time multiple people modify these files. The changes
made will go in these new directories: doc/CHANGES-staging and
doc/UPGRADE-staging. The README.md files explain how things will work,
but here's a little overview. When you make a change that would go in
either CHANGES or UPGRADE.txt, this should instead be documented in a
new file in the doc/CHANGES-staging or doc/UPGRADE-staging directory,
respectively. The format will look like this:
Subject: res_pjsip
A description that explains the changes made and why. The release
script will handle the bulleting and section separators! The
'Subject:' header is case-sensitive.
You can still separate with new lines within your description.
Subject: res_ari
Master-Only: true
You can have more than one subject, and they don't have to be the
same! Also, the 'Master-Only' header should always be true and is
also case-sensitive (but the value is not - you can have 'true' or
'True'). This header will only ever be present in the master branch.
For more information, check out the wiki page:
https://wiki.asterisk.org/wiki/display/AST/CHANGES+and+UPGRADE.txt
This is an initial change for ASTERISK_28111. Functionally, this will
make no difference, but it will prep the directories for when the
changes from CHANGES and UPGRADE.txt are extracted.
Change-Id: I8d852f284f66ac456b26dcb899ee46babf7d15b6
