This unit test checks that dialplan apps and app data specified
as parameters for the Originate action are allowed with the
permissions the user has.
(cherry picked from commit 5cf699370b)
asterisk.c, manager.c: Increase buffer sizes to avoid truncation warnings.
config.c: Include header file for WIFEXITED/WEXITSTATUS macros.
res_timing_kqueue: Use more portable format specifier.
test_crypto: Use non-linux limits.h header file.
Resolves: #916
(cherry picked from commit b8b21b3f00)
When using the ModuleLoad AMI action, it was possible to traverse
upwards through the directories to files outside of the configured
modules directory. We decided it would be best to restrict access to
modules exclusively in the configured directory. You will now get an
error when the specified module is outside of this limitation.
Fixes: #897
UserNote: The ModuleLoad AMI action now restricts modules to the
configured modules directory.
(cherry picked from commit e8d3869e75)
UserNote: You can now perform more granular filtering on events
in manager.conf using expressions like
`eventfilter(name(Newchannel),header(Channel),method(starts_with)) = PJSIP/`
This is much more efficient than
`eventfilter = Event: Newchannel.*Channel: PJSIP/`
Full syntax guide is in configs/samples/manager.conf.sample.
(cherry picked from commit 92c0bd4b50)
If you run an AMI CoreShowChannelMap on a channel that isn't in a
bridge and you're in DEVMODE, you can get a FRACK because the
bridge id is empty. We now simply return an empty list for that
request.
(cherry picked from commit 63004f2c02)
Added Reload and DBdeltree to the list of dialplan application that
can't be executed via the Originate manager action without also
having write SYSTEM permissions.
Added CURL, DB*, FILE, ODBC and REALTIME* to the list of dialplan
functions that can't be executed via the Originate manager action
without also having write SYSTEM permissions.
If the Queue application is attempted to be run by the Originate
manager action and an AGI parameter is specified in the app data,
it'll be rejected unless the manager user has either the AGI or
SYSTEM permissions.
Resolves: #GHSA-c4cg-9275-6w44
Because of the (often recursive) nature of module dependencies in
Asterisk, hot swapping a module on the fly is cumbersome if a module
is depended on by other modules. Currently, dependencies must be
popped manually by unloading dependents, unloading the module of
interest, and then loading modules again in reverse order.
To make this easier, the ability to do this recursively in certain
circumstances has been added, as an optional extension to the
"module refresh" command. If requested, Asterisk will check if a module
that has a positive usecount could be unloaded safely if anything
recursively dependent on it were unloaded. If so, it will go ahead
and unload all these modules and load them back again. This makes
hot swapping modules that provide dependencies much easier.
Resolves: #474
UserNote: In certain circumstances, modules with dependency relations
can have their dependents automatically recursively unloaded and loaded
again using the "module refresh" CLI command or the ModuleLoad AMI command.
(cherry picked from commit a056e94885)
manager.c: Add new parameter 'PreDialGoSub' to Originate AMI action
The action originate does not has the ability to run an subroutine at initial channel, like the Aplication Originate. This update give this ability for de action originate too.
For example, we can run a routine via Gosub on the channel to request an automatic answer, so the caller does not need to accept the call when using the originate command via manager, making the operation more efficient.
UserNote: When using the Originate AMI Action, we now can pass the PreDialGoSub parameter, instructing the asterisk to perform an subrouting at channel before call start. With this parameter an call initiated by AMI can request the channel to start the call automaticaly, adding a SIP header to using GoSUB, instructing to autoanswer the channel, and proceeding the outbuound extension executing. Exemple of an context to perform the previus indication:
[addautoanswer]
exten => _s,1,Set(PJSIP_HEADER(add,Call-Info)=answer-after=0)
exten => _s,n,Set(PJSIP_HEADER(add,Alert-Info)=answer-after=0)
exten => _s,n,Return()
(cherry picked from commit d4b79cb466)
This adds a CLI command that can be used to manually
kick specific AMI sessions.
Resolves: #485
UserNote: The "manager kick session" CLI command now
allows kicking a specified AMI session.
(cherry picked from commit f4fba80708)
When started with a verbose level of 3, asterisk can emit over 1500
verbose message that serve no real purpose other than to fill up
logs. When asterisk shuts down, it emits another 1100 that are of
even less use. Since the testsuite runs asterisk with a verbose
level of 3, and asterisk starts and stops for every one of the 700+
tests, the number of log messages is staggering. Besides taking up
resources, it also makes it hard to debug failing tests.
This commit changes the log level for those verbose messages to 5
instead of 3 which reduces the number of log messages to only a
handful. Of course, NOTICE, WARNING and ERROR message are
unaffected.
There's also one other minor change...
ast_context_remove_extension_callerid2() logs a DEBUG message
instead of an ERROR if the extension you're deleting doesn't exist.
The pjsip_config_wizard calls that function to clean up the config
and has been triggering that annoying error message for years.
Resolves: #582
(cherry picked from commit a5ae546b88)
Currently, a reload will always occur if the
Reload header is provided for the UpdateConfig
action. However, we should not be doing a reload
if the header value has a falsy value, per the
documentation, so this makes the reload behavior
consistent with the existing documentation.
Resolves: #551
(cherry picked from commit 874ee6e9aa)
Commit 424be34563 introduced
a regression by calling ast_free on memory allocated by
realpath. This causes Asterisk to abort when executing this
function. Since the memory is allocated by glibc, it should
be freed using ast_std_free.
Resolves: #513
(cherry picked from commit bb364fc61f)
Improve the "manager show connected" CLI command
to clarify that the last two columns are permissions
related, not counts, and use sufficient widths
to consistently display these values.
ASTERISK-30143 #close
Resolves: #482
(cherry picked from commit 09bd80c627)
See UserNote below.
Exposed the existing Hangup AMI action in manager.c so we can use
all of it's channel search and AMI protocol handling without
duplicating that code in dialplan_functions.c.
Added a lookup function to res_pjsip.c that takes in the
string represenation of the pjsip_status_code enum and returns
the actual status code. I.E. ast_sip_str2rc("DECLINE") returns
603. This allows the caller to specify PJSIPHangup(decline) in
the dialplan, just like Hangup(call_rejected).
Also extracted the XML documentation to its own file since it was
almost as large as the code itself.
UserNote: A new dialplan app PJSIPHangup and AMI action allows you
to hang up an unanswered incoming PJSIP call with a specific SIP
response code in the 400 -> 699 range.
(cherry picked from commit af7e89ebf8)
To better co-exist with sounds files that may be managed by
packages, custom sound files may now be placed in
AST_DATA_DIR/sounds/custom instead of the standard
AST_DATA_DIR/sounds/<lang> directory. If the new
"sounds_search_custom_dir" option in asterisk.conf is set
to "true", asterisk will search the custom directory for sounds
files before searching the standard directory. For performance
reasons, the "sounds_search_custom_dir" defaults to "false".
Resolves: #315
UserNote: A new option "sounds_search_custom_dir" has been added to
asterisk.conf that allows asterisk to search
AST_DATA_DIR/sounds/custom for sounds files before searching the
standard AST_DATA_DIR/sounds/<lang> directory.
(cherry picked from commit 0e0f99db1d)
When using AMI GetConfig, it was possible to access files outside of the
Asterisk configuration directory by using filenames with ".." and "./"
even while live_dangerously was not enabled. This change resolves the
full path and ensures we are still in the configuration directory before
attempting to access the file.
Adds a new AMI action (CoreShowChannelMap) that takes in a channel name
and provides a list of all channels that are connected to that channel,
following local channel connections as well.
Resolves: #104
UserNote: New AMI action CoreShowChannelMap has been added.
The if statement here is always false after the for
loop finishes, so variables are never appended.
This removes that to properly append to the end
of the variable list.
ASTERISK-30351 #close
Reported by: Sebastian Gutierrez
Change-Id: I1b7f8b85a8918f6a814cb933a479d4278cf16199
Add live_dangerously flag to manager and use this flag to
determine if a configuation file outside of AST_CONFIG_DIR
should be read.
ASTERISK-30176
Change-Id: I46b26af4047433b49ae5c8a85cb8cda806a07404
(cherry picked from commit 81f10e847e)
The ModuleCheck XML documentation falsely
claims that the module's version number is returned.
This has not been the case since 14, since the version
number is not available anymore, but the documentation
was not changed at the time. It is now updated to
reflect this.
ASTERISK-30285 #close
Change-Id: Idde2d1205a11f2623fa1ddab192faa3dc4081e91
If we find that n_max (currently hard wired to 1) sessions were purged,
schedule the next purge for 1ms into the future rather than 5000ms (as
per current). This way we will purge up to 1000 sessions per second
rather than 1 every 5 seconds.
This mitigates a build-up of sessions should http sessions gets
established faster than 1 per 5 seconds.
Change-Id: I9820d39aa080109df44fe98c1325cafae48d54f5
Signed-off-by: Jaco Kroon <jaco@uls.co.za>
The manager XML documentation documents a "FilterList"
action, but there is no such action. Therefore, this can
lead to confusion when people try to use a documented
action that does not, in fact, exist. This is removed
as the action never did exist in the past, nor would it
be trivial to add since we only store the regex_t
objects, so the filter list can't actually be provided
without storing that separately. Most likely, the
documentation was originally added (around version 10)
in anticipation of something that never happened.
ASTERISK-29917 #close
Change-Id: I846b16fd6f80a91d4ddc5d8a861b522d7c6f8f97
Adjusts some logging levels to be more or less important,
that is more prominent when actual problems occur and less
prominent for less noteworthy things.
ASTERISK-30153 #close
Change-Id: Ifc8f7df427aa018627db462125ae744986d3261b
The global event filtering code was only in one
possible execution path, so not all events were
being properly filtered out if requested. This moves
that into the universal AMI handling code so all
events are properly handled.
Additionally, the CLI listing of disabled events can
also get truncated, so we now print out everything.
ASTERISK-30137 #close
Change-Id: If8c42edcb2abc5158552da7eba2a8ff6b20e1959
Adds version information for applications, functions,
and manager events/actions.
This is not completely exhaustive by any means but
covers most new things added that have release
versioning information in the issue tracker.
ASTERISK-29940 #close
Change-Id: I506401e93c799715dbbe97c0a8ba18af2bf5e131
On a write error to an AMI session a flag was set to
indicate that the write error had occurred, with the
expected result being that the session be terminated.
This was not actually happening and instead writing
would continue to be attempted.
This change adds a check for the write error and causes
the session to actually terminate.
ASTERISK-29948
Change-Id: Icaf5d413d4c0d5dc78292a17287fecc8720a31a5
ASTERISK_29853 added the ability to selectively disable
AMI events on a global basis, but the logic for this uses
strstr which means that events with names which are the prefix
of another event, if disabled, could disable those events as
well.
Instead, we account for this possibility to prevent this
undesired behavior from occuring.
ASTERISK_29853
Change-Id: Icccd1872602889806740971e4adf932f92466959
The disabledevents setting has been added to the general section
in manager.conf, which allows users to specify events that
should be globally disabled and not sent to any AMI listeners.
This allows for processing of these AMI events to end sooner and,
for frequent AMI events such as Newexten which users may not have
any need for, allows them to not be processed. Additionally, it also
cleans up core debug as previously when debug was 3 or higher,
the debug was constantly spammed by "Analyzing AMI event" messages
along with a complete dump of the event contents (often for Newexten).
ASTERISK-29853 #close
Change-Id: Id42b9a3722a1f460d745cad1ebc47c537fd4f205
This code was needlessly complex and would fail to properly delimit
the response message if LOW_MEMORY was defined.
Change-Id: Iae50bf09ef4bc34f9dc4b49435daa76f8b2c5b6e
The XML Manager Event Interface (amxml) now generates attribute names
that are compliant with the XML 1.1 specification. Previously, an
attribute name that started with a digit would be rendered as-is, even
though attribute names must not begin with a digit. We now prefix
attribute names that start with a digit with an underscore ('_') to
prevent XML validation failures.
This is not backwards compatible but my assumption is that compliant
XML parsers would already have been complaining about this.
ASTERISK-29886 #close
Change-Id: Icfaa56a131a082d803e9b7db5093806d455a0523
Rename check_manager_enabled() and check_webmanager_enabled() to begin
with ast_ so that the symbols are automatically exported by the
linker.
ASTERISK~29184
Change-Id: I85762b9a5d14500c15f6bad6507138c8858644c9
This patch allows a user of AMI to now specify the type of message
content contained within by setting the 'Content-Type' parameter.
Note, the AMI version has been bumped for this change.
ASTERISK-28945 #close
Change-Id: Ibb5315702532c6b954e1498beddc8855fabdf4bb
named_acl.c (which is really a named_ha) now uses ast_ha_output.
I've also updated main/manager.c to output the actual ACL on "manager
show user <username>" if one is set. If this works then we can add
similar to other modules as required.
Change-Id: I0ec9876a90dddd379c80ec078d48e3ee6991eb0f
If an AMI user without the "system" authorization calls the
Originate AMI command with the Originate application,
the second Originate could run the "System" command.
Action: Originate
Channel: Local/1111
Application: Originate
Data: Local/2222,app,System,touch /tmp/owned
If the "system" authorization isn't set, we now block the
Originate app as well as the System, Exec, etc. apps.
ASTERISK-28580
Reported by: Eliel Sardañons
Change-Id: Ic4c9dedc34c426f03c8c14fce334a71386d8a5fa
This patch fixes several issues reported by the lgtm code analysis tool:
https://lgtm.com/projects/g/asterisk/asterisk
Not all reported issues were addressed in this patch. This patch mostly fixes
confirmed reported errors, potential problematic code points, and a few other
"low hanging" warnings or recommendations found in core supported modules.
These include, but are not limited to the following:
* innapropriate stack allocation in loops
* buffer overflows
* variable declaration "hiding" another variable declaration
* comparisons results that are always the same
* ambiguously signed bit-field members
* missing header guards
Change-Id: Id4a881686605d26c94ab5409bc70fcc21efacc25
The functions that build manager message headers do so in a way that
results in a single messages being split across multiple packets. While
this doesn't matter to the remote end, it makes network captures noisier
and harder to follow, and also means additional system calls.
With this patch, we build up more of the message content into the TLS
buffer before flushing to the network. This change is completely
internal to the manager code and does not affect any of the existing
API's consumers.
Change-Id: I50128b0769060ca5272dbbb5e60242d131eaddf9
When manager debugging is turned on, this patch makes it so incoming AMI actions
are now also logged.
Change-Id: I8047524510e7ac97d99482b2448f8e368f29cd47
There is enough MWI functionality to warrant it having its own 'c' and header
files. This patch moves all current core MWI data structures, and functions
into the following files:
main/mwi.h
main/mwi.c
Note, code was simply moved, and not modified. However, this patch is also in
preparation for core MWI changes, and additions to come.
Change-Id: I9dde8bfae1e7ec254fa63166e090f77e4d3097e0
When notifying a manager session that new events were available
the same lock was used that was also held when doing things within
the session (such as sending events out). If the manager session
blocked for a period of time this would cause a back up of messages
in Stasis and would also block any other sessions from receiving
events.
This change adds a separate lock to the manager session which is
strictly used for notifying it that new events are available.
ASTERISK-28350
Change-Id: Ifbcac007faca9ad0231640f5e82a6ca9228f261b
Topic names now follow: <subsystem>:<functionality>[/<object>]
This ensures that they are all unique, and also provides better
insight in to what each topic is for.
Subscriber ids now also use the main topic name they are
subscribed to and an incrementing integer as their identifier to
make it easier to understand what the subscription is primarily
responsible for.
Both the CLI commands for listing topic and subscription statistics
now sort to make it a bit easier to see what is going on.
Subscriptions will now show all topics that they are receiving messages
from, not just the main topic they were subscribed to.
ASTERISK-28335
Change-Id: I484e971a38c3640f2bd156282e532eed84bf220d
Previously both AMI and ARI used a default route on
their stasis message router to handle some of the
messages for publishing out their respective
connection. This caused messages to be given to
their subscription that could not be formatted
into AMI or JSON.
This change adds an API call to the stasis message
router which allows a default route to be set as well
as formatters that the default route is expecting.
This allows both AMI and ARI to specify that their
default route only wants messages of their given
formatter. By doing so stasis can more intelligently
filter at publishing time so that they do not receive
messages which will not be turned into AMI or JSON.
ASTERISK-28244
Change-Id: I65272819a53ce99f869181d1d370da559a7d1703
When a channel snapshot was created it used to be done
from scratch, copying all data (many strings). This incurs
a cost when doing so.
This change segments the channel snapshot into different
components which can be reused if unchanged from the
previous snapshot creation, reducing the cost. In normal
cases this results in some pointers being copied with
reference count being bumped, some integers being set,
and a string or two copied. The other benefit is that it
is now possible to determine if a channel snapshot update
is redundant and thus stop it before a message is published
to stasis.
The specific segments in the channel snapshot were split up
based on whether they are changed together, how often they
are changed, and their general grouping. In practice only
1 (or 0) of the segments actually get changed in normal
operation.
Invalidation is done by setting a flag on the channel when
the segment source is changed, forcing creation of a new
segment when the channel snapshot is created.
ASTERISK-28119
Change-Id: I5d7ef3df963a88ac47bc187d73c5225c315f8423
Channels no longer use the Stasis cache for channel snapshots. Instead
they are stored in a hash table in stasis_channels which reduces the
number of Stasis messages created and allows better storage.
As a result the following APIs are no longer available since the stasis
cache is no longer used:
ast_channel_topic_cached()
ast_channel_topic_all_cached()
The ast_channel_cache_all() and ast_channel_cache_by_name() functions
now return an ao2_container of ast_channel_snapshots rather than
a container of stasis_messages therefore you can't (and don't need
to) call stasis_cache functions on it.
The ast_channel_topic_all() function now returns a normal topic not
a cached one so you can't use stasis cache functions on it either.
The ast_channel_snapshot_type() stasis message now has the
ast_channel_snapshot_update structure as it's data. It contains the
last snapshot and the new one.
ast_channel_snapshot_get_latest() still returns the latest snapshot.
The latest snapshot is now stored on the channel itself to eliminate
cache hits when Stasis messages that have the snapshot as a payload
are created.
ASTERISK-28102
Change-Id: I9334febff60a82d7c39703e49059fa3a68825786
Replace usage of ao2_container_alloc with ao2_container_alloc_hash or
ao2_container_alloc_list. Remove ao2_container_alloc macro.
Change-Id: I0907d78bc66efc775672df37c8faad00f2f6c088
