Previously, Asterisk used its script ./configure, to test whether OpenSSL was
built with no-srtp (or was simply too old). However, the header file
<openssl/opensslconf.h> is the preferred way to detect the local configuration
of OpenSSL.
As a positive side-effect the script ./configure does not interleave the
detection of the Open Settlement Protocol Toolkit (OSPTK) with the detection of
individual features of OpenSSL anymore.
Change-Id: I3c77c7b00b2ffa2e935632097fa057b9fdf480c0
When endpoint specific ACL rules block a SIP request they respond with a
403 forbidden. However, if an endpoint is not identified then a 401
unauthorized response is sent. This vulnerability just discloses which
requests hit a defined endpoint. The ACL rules cannot be bypassed to gain
access to the disclosed endpoints.
* Made endpoint specific ACL rules now respond with a 401 unauthorized
which is the same as if an endpoint were not identified. The fix is
accomplished by replacing the found endpoint with the artificial endpoint
which always fails authentication.
ASTERISK-27818
Change-Id: Icb275a54ff8e2df6c671a6d9bda37b5d732b3b32
Furthermore, allow OpenSSL configured with no-dh. Additionally, this change
allows auto-negotiation of the elliptic curve/group for servers, not only with
OpenSSL 1.0.2 but also with OpenSSL 1.1.0 and newer. This enables X25519
(since OpenSSL 1.1.0) and X448 (since OpenSSL 1.1.1) as a side-effect.
ASTERISK-27910
Change-Id: I5b0dd47c5194ee17f830f869d629d7ef212cf537
Currentrly pjsip_options code does not handle the situation when the
qualify options were changed in realtime database.
Only 'module reload res_pjsip' helps.
This patch add a check on contact add/update observers if the contact
qualify options are different than local aor qualify options.
If the qualify options were modified then synchronize
the pjsip_options AOR local state.
ASTERISK-27872
Change-Id: Id55210a18e62ed5d35a88e408d5fe84a3c513c62
Certain race conditions between changing bridge types and DTMF can
cause the current FLAG_NEED_MARKER_BIT to send the marker bit before
the actual first packet of native bridging.
This logic keeps track of the ssrc the bridge is currently sending
and will correctly ensure the marker bit is set if SSRC as changed
from the previous sent packet.
ASTERISK-27845
Change-Id: I01858bd0235f1e5e629e20de71b422b16f55759b
Currentrly pjsip_options code does not handle the situation when the
AOR qualify options were changed.
Also there is no way to find out what qualify options are using.
This patch add CLI commands to show and synchronize Aor qualify options:
pjsip show qualify endpoint <id>
Show the current qualify options for all Aors on the PJSIP endpoint.
pjsip show qualify aor <id>
Show the PJSIP Aor current qualify options.
pjsip reload qualify endpoint <id>
Synchronize the qualify options for all Aors on the PJSIP endpoint.
pjsip reload qualify aor <id>
Synchronize the PJSIP Aor qualify options.
ASTERISK-27872
Change-Id: I1746d10ef2b7954f2293f2e606cdd7428068c38c
Asterisk uses Reference Counting to track whether a module can be unloaded.
Every consumer who requires a module, increases the reference count. When the
consumer goes, is unloaded itself, it has to decrease the reference count on
all its used/required modules. That way
core stop gracefully
works on the command-line interface (CLI): One module after the other is
unloaded. A recent change broke this for the module res_pjsip.
ASTERISK-27861
Change-Id: I261abcb411d026bbb0691cc78f28300bfd3103a3
The module (res_)pjsip_transport_management got moved into res_pjsip. It is no
longer an independent/external module with (un)load_module and therefore has to
register just internally with res_pjsip.
ASTERISK-27860
Change-Id: Icd0413be7d2e98b92f51e6d6c353f2570bb4be95
This fixes build warnings found by GCC 8. In some cases format
truncation is intentional so the warning is just suppressed.
ASTERISK-27824 #close
Change-Id: I724f146cbddba8b86619d4c4a9931ee877995c84
Previously, only an IP address would be accepted for the capture_address config
setting in hep.conf. This change allows capture_address to be a resolvable
hostname or an IP address.
ASTERISK-27796 #close
Reported-By: Sebastian Gutierrez
Change-Id: I33e1a37a8b86e20505dadeda760b861a9ef51f6f
The "ari set debug" code for incoming requests incorrectly assumed
that all requests would contain a body. If one did not exist the
request would be incorrectly rejected. The response that was sent
was also incomplete as an incorrect function was used to construct
the response.
The code has now been changed to no longer require a request to have
a body and the response updated to use the correct function.
ASTERISK-27801
Change-Id: I4eef036ad54550a4368118cc348765ecac25e0f8
* Increase maximum number of ciphers from 100 to 256 (or whatever
PJ_SSL_SOCK_MAX_CIPHERS is #define'd to)
* Simplify logic in cipher_name_to_id()
* Make signed/unsigned comparison consistent
Re: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897412
Reported by: Ondřej Holas
Change-Id: Iea620f03915a1b873e79743154255c3148a514e7
The OPTIONS support in PJSIP has organically grown, like many things in
Asterisk. It has been tweaked, changed, and adapted based on situations
run into. Unfortunately this has taken its toll. Configuration file
based objects have poor performance and even dynamic ones aren't that
great.
This change scraps the existing code and starts fresh with new eyes. It
leverages all of the APIs made available such as sorcery observers and
serializers to provide a better implementation.
1. The state of contacts, AORs, and endpoints relevant to the qualify
process is maintained. This state can be updated by external forces (such
as a device registering/unregistering) and also the reload process. This
state also includes the association between endpoints and AORs.
2. AORs are scheduled and not contacts. This reduces the amount of work
spent juggling scheduled items.
3. Manipulation of which AORs are being qualified and the endpoint states
all occur within a serializer to reduce the conflict that can occur with
multiple threads attempting to modify things.
4. Operations regarding an AOR use a serializer specific to that AOR.
5. AORs and endpoint state act as state compositors. They take input
from lower level objects (contacts feed AORs, AORs feed endpoint state)
and determine if a sufficient enough change has occurred to be fed further
up the chain.
6. Realtime is supported by using observers to know when a contact has
been registered. If state does not exist for the associated AOR then it
is retrieved and becomes active as appropriate.
The end result of all of this is best shown with a configuration file of
3000 endpoints each with an AOR that has a static contact. In the old
code it would take over a minute to load and use all 8 of my cores. This
new code takes 2-3 seconds and barely touches the CPU even while dealing
with all of the OPTIONS requests.
ASTERISK-26806
Change-Id: I6a5ebbfca9001dfe933eaeac4d3babd8d2e6f082
Core bridging and, more specifically, bridge_softmix have been
enhanced to relay received frames of type TEXT or TEXT_DATA to all
participants in a softmix bridge. res_pjsip_messaging and
chan_pjsip have been enhanced to take advantage of this so when
res_pjsip_messaging receives an in-dialog MESSAGE message from a
user in a conference call, it's relayed to all other participants
in the call.
res_pjsip_messaging already queues TEXT frames to the channel when
it receives an in-dialog MESSAGE from an endpoint and chan_pjsip
will send an MESSAGE when it gets a TEXT frame. On a normal
point-to-point call, the frames are forwarded between the two
correctly. bridge_softmix was not though so messages weren't
getting forwarded to conference bridge participants. Even if they
were, the bridging code had no way to tell the participants who
sent the message so it would look like it came from the bridge
itself.
* The TEXT frame type doesn't allow storage of any meta data, such
as sender, on the frame so a new TEXT_DATA frame type was added that
uses the new ast_msg_data structure as its payload. A channel
driver can queue a frame of that type when it receives a message
from outside. A channel driver can use it for sending messages
by implementing the new send_text_data channel tech callback and
setting the new AST_CHAN_TP_SEND_TEXT_DATA flag in its tech
properties. If set, the bridging/channel core will use it instead
of the original send_text callback and it will get the ast_msg_data
structure. Channel drivers aren't required to implement this. Even
if a TEXT_DATA enabled driver uses it for incoming messages, an
outgoing channel driver that doesn't will still have it's send_text
callback called with only the message text just as before.
* res_pjsip_messaging now creates a TEXT_DATA frame for incoming
in-dialog messages and sets the "from" to the display name in the
"From" header, or if that's empty, the caller id name from the
channel. This allows the chat client user to set a friendly name
for the chat.
* bridge_softmix now forwards TEXT and TEXT_DATA frames to all
participants (except the sender).
* A new function "ast_sendtext_data" was added to channel which
takes an ast_msg_data structure and calls a channel's
send_text_data callback, or if that's not defined, the original
send_text callback.
* bridge_channel now calls ast_sendtext_data for TEXT_DATA frame
types and ast_sendtext for TEXT frame types.
* chan_pjsip now uses the "from" name in the ast_msg_data structure
(if it exists) to set the "From" header display name on outgoing text
messages.
Change-Id: Idacf5900bfd5f22ab8cd235aa56dfad090d18489
This reverts a problem introduced by the fix for ASTERISK_24329.
Now, when an announcement is played while waiting in a queue, music on
hold will not restart from the beginning of the sound file and will
instead pick up where it left off. However, the incorrect behavior in
ASTERISK_24329 is now present again; if an announcement X seconds
long is played when music on hold starts, music on hold will start X
seconds into the file.
ASTERISK-27774 #close
Reported by: lvl
Change-Id: I86b2885ee7063268f9b9747eddb788336ade989b
When a scheduled task is created you can pass in the
AST_SIP_SCHED_TASK_TRACK flag. This new flag causes scheduling events to
be logged.
Change-Id: I91967eb3d5a220915ce86881a28af772f9a7f56b
ast_sip_push_task_synchronous() did not necessarily execute the passed in
task under the specified serializer. If the current thread is any
registered pjsip thread then it would execute the task immediately instead
of under the specified serializer. Reentrancy issues could result if the
task does not execute with the right serializer.
The original reason ast_sip_push_task_synchronous() checked to see if the
current thread was a registered pjsip thread was because of a deadlock
with masquerades and the channel technology's fixup callback
(ASTERISK_22936). A subsequent masquerade deadlock fix (ASTERISK_24356)
involving call pickups avoided the original deadlock situation entirely.
The PJSIP channel technology's fixup callback no longer needed to call
ast_sip_push_task_synchronous().
However, there are a few places where this unexpected behavior is still
required to avoid deadlocks. The pjsip monitor thread executes callbacks
that do calls to ast_sip_push_task_synchronous() that would deadlock if
the task were actually pushed to the specified serializer. I ran into one
dealing with the pubsub subscriptions where an ao2 destructor called
ast_sip_push_task_synchronous().
* Split ast_sip_push_task_synchronous() into
ast_sip_push_task_wait_servant() and ast_sip_push_task_wait_serializer().
ast_sip_push_task_wait_servant() has the old behavior of
ast_sip_push_task_synchronous(). ast_sip_push_task_wait_serializer() has
the new behavior where the task is always executed by the specified
serializer or a picked serializer if one is not passed in. Both functions
behave the same if the current thread is not a SIP servant.
* Redirected ast_sip_push_task_synchronous() to
ast_sip_push_task_wait_servant() to preserve API for released branches.
ASTERISK_26806
Change-Id: Id040fa42c0e5972f4c8deef380921461d213b9f3
* Fix the periodic interval wander because it may take significant time
between the sched thread queueing the task in the serializer and the
serializer actually executing the task. The time it takes to actually
execute the task was already taken into account.
* Pass a schtd ref to the serializer when we queue a scheduled task on
the serializer. We don't want it going away on us while it is in the
serializer queue.
* Skip the scheduled task if the task was canceled between queueing the
task to the serializer and the serializer actually executing the task.
* Reorder struct ast_sip_sched_task to avoid unnecessary padding. Removed
task_id and added next_periodic.
* Hold a ref to the passed in serializer so the serializer cannot go away
on the scheduled task.
ASTERISK_26806
Change-Id: I6c8046b75f6953792c8c30e55b836a4291143f24
* A side benefit is that the scheduled tasks are not completely blocked
while the CLI command executes.
* Adjusted the "Task Name" column width to have more room for longer
names.
Change-Id: Iec64aa463ee8b10eef90120e00c38b1fb444087e
It now appends the external IP address on the
o= line of the SDP packet. The decision was made to write
the numeric IP address as opposed to the RFC that states
the FQDN should be used if and when available. We believe
the usage of literal IP address will help avoid
potential problems.
ASTERISK-27614 #close
Change-Id: I84f3360f3606b8c4e8d161edb228799ec0b8a302
This patch adds support to send in-dialog SIP NOTIFY commands on
chan_pjsip channels, similar to the functionality recently added
for chan_sip (ASTERISK_27461).
This extends res_pjsip_notify to allow for in-dialog messages.
ASTERISK-27697
Change-Id: If7f3151a6d633e414d5dc319d5efc1443c43dd29
* Removed several invalid uses of OBJ_NOLOCK. These uses resulted in the
'tasks' container being accessed without a lock in a multi-threaded
environment. A recipe for crashes.
* Removed needlessly obtaining schtd object references. If the caller
providing you a pointer to an object doesn't have a valid reference then
you cannot safely get one from it.
* Getting a ref to 'tasks' when you aren't copying the pointer into
another location is useless. The 'tasks' container pointer is global.
* Removed many unnecessary uses of RAII_VAR.
* Make ast_sip_schedule_task() name parameter const.
ASTERISK_26806
Change-Id: I5c62488e651314e2a1dbc01f5b078a15512d73db
