Issues:
* The bridging core allowed multiple bridges to be created with the same
unique bridgeId at the same time. Only the last bridge created with the
duplicate name was actually saved to the core bridges container.
* The bridging core was creating a stasis topic for the bridge and saving it
in the bridge->topic field but not increasing its reference count. In the
case where two bridges were created with the same uniqueid (which is also
the topic name), the second bridge would get the _existing_ topic the first
bridge created. When the first bridge was destroyed, it would take the
topic with it so when the second bridge attempted to publish a message to
it it either FRACKed or SEGVd.
* The bridge destructor, which also destroys the bridge topic, is run from the
bridge manager thread not the caller's thread. This makes it possible for
an ARI developer to create a new one with the same uniqueid believing the
old one was destroyed when, in fact, the old one's destructor hadn't
completed. This could cause the new bridge to get the old one's topic just
before the topic was destroyed. When the new bridge attempted to publish
a message on that topic, asterisk could either FRACK or SEGV.
* The ARI bridges resource also allowed multiple bridges to be created with
the same uniqueid but it kept the duplicate bridges in its app_bridges
container. This created a situation where if you added two bridges with
the same "bridge1" uniqueid, all operations on "bridge1" were performed on
the first bridge created and the second was basically orphaned. If you
attempted to delete what you thought was the second bridge, you actually
deleted the first one created.
Changes:
* A new API `ast_bridge_topic_exists(uniqueid)` was created to determine if
a topic already exists for a bridge.
* `bridge_base_init()` in bridge.c and `ast_ari_bridges_create()` in
resource_bridges.c now call `ast_bridge_topic_exists(uniqueid)` to check
if a bridge with the requested uniqueid already exists and will fail if it
does.
* `bridge_register()` in bridges.c now checks the core bridges container to
make sure a bridge doesn't already exist with the requested uniqueid.
Although most callers of `bridge_register()` will have already called
`bridge_base_init()`, which will now fail on duplicate bridges, there
is no guarantee of this so we must check again.
* The core bridges container allocation was changed to reject duplicate
uniqueids instead of silently replacing an existing one. This is a "belt
and suspenders" check.
* A global mutex was added to bridge.c to prevent concurrent calls to
`bridge_base_init()` and `bridge_register()`.
* Even though you can no longer create multiple bridges with the same uniqueid
at the same time, it's still possible that the bridge topic might be
destroyed while a second bridge with the same uniqueid was trying to use
it. To address this, the bridging core now increments the reference count
on bridge->topic when a bridge is created and decrements it when the
bridge is destroyed.
* `bridge_create_common()` in res_stasis.c now checks the stasis app_bridges
container to make sure a bridge with the requested uniqueid doesn't already
exist. This may seem like overkill but there are so many entrypoints to
bridge creation that we need to be safe and catch issues as soon in the
process as possible.
* The stasis app_bridges container allocation was changed to reject duplicate
uniqueids instead of adding them. This is a "belt and suspenders" check.
* The `bridge show all` CLI command now shows the bridge name as well as the
bridge id.
* Response code 409 "Conflict" was added as a possible response from the ARI
bridge create resources to signal that a bridge with the requested uniqueid
already exists.
* Additional debugging was added to multiple bridging and stasis files.
Resolves: #211
GitHub strikes again. Apparently the github.ref context variable only
contains the PR number if the workflow is triggered by "pull_request" so
since we just changed the trigger to "pull_request_target" the variable
no longer contains the PR number and is therefore not unique and can't be
used as a concurrency group id. We now use
`github.triggering_actor-github.head_ref`.
Due to a potential race condition via ARI when hanging up a channel hangup with cause
while also deleting a bridge containing that channel, the bridge delete can over-write
the hangup cause code resulting in Normal Call Clearing instead of the set value.
With this change, bridge deletion will only set the hangup code if it hasn't been
previously set.
Resolves: #1124
After careful review, we believe we can now use the "pull_request_target"
workflow trigger instead of "pull_request" which required a separate
privliged workflow to add labels and comments to PRs when they are submitted
or updated. This allows us to greatly streamline our workflows and remove
unneeded ones.
* The OnPRChanged workflow was...
* Renamed to OnPRCheck
* Changed to trigger on pull_request_target and the "recheckpr" label.
* Changed to simply call reusable workflows in asterisk-ci-actions.
* Changed to use better concurrency groups.
* The OnPRCPCheck and OnPRMergeApproved workflows were also...
* Changed to simply call reusable workflows in asterisk-ci-actions.
* Changed to use better concurrency groups.
* The NightlyTest and CreateDocs were also tweaked
The verification check for missing or anonymous callerid was happening before
the endpoint's profile was retrieved which meant that the failure_action
parameter wasn't available. Therefore, if verification was enabled and there
was no callerid or it was "anonymous", the call was immediately terminated
instead of giving the dialplan the ability to decide what to do with the call.
* The callerid check now happens after the verification context is created and
the endpoint's stir_shaken_profile is available.
* The check now processes the callerid failure just as it does for other
verification failures and respects the failure_action parameter. If set
to "continue" or "continue_return_reason", `STIR_SHAKEN(0,verify_result)`
in the dialplan will return "invalid_or_no_callerid".
* If the endpoint's failure_action is "reject_request", the call will be
rejected with `433 "Anonymity Disallowed"`.
* If the endpoint's failure_action is "continue_return_reason", the call will
continue but a `Reason: STIR; cause=433; text="Anonymity Disallowed"`
header will be added to the next provisional or final response.
Resolves: #1112
Between ast_ari_channels_external_media(), external_media_rtp_udp(),
and external_media_audiosocket_tcp(), the `variables` structure being passed
around wasn't being cleaned up properly when there was a failure.
* In ast_ari_channels_external_media(), the `variables` structure is now
defined with RAII_VAR to ensure it always gets cleaned up.
* The ast_variables_destroy() call was removed from external_media_rtp_udp().
* The ast_variables_destroy() call was removed from
external_media_audiosocket_tcp(), its `endpoint` allocation was changed to
to use ast_asprintf() as external_media_rtp_udp() does, and it now
returns an error on failure.
* ast_ari_channels_external_media() now checks the new return code from
external_media_audiosocket_tcp() and sets the appropriate error response.
Resolves: #1109
Introduce a ChannelTransfer event and the ability to notify progress to
ARI. Implement emitting this event from the PJSIP channel instead of
handling the transfer in Asterisk when configured.
Introduce a dialplan function to the PJSIP channel to switch between the
"core" and "ari-only" behavior.
UserNote: Call transfers on the PJSIP channel can now be controlled by
ARI. This can be enabled by using the PJSIP_TRANSFER_HANDLING(ari-only)
dialplan function.
Nothing ever sets the `AST_GENERATOR_FD`, so this block of code will
never execute. It also is the only place where the `generate` callback
is called with the channel lock held which made it difficult to reason
about the thread safety of `ast_generator`s.
In passing, also note that `AST_AGENT_FD` isn't used either.
When in single-argument mode (very rarely used), a malformation of a column
name (also very rare) could cause a NULL to be returned when retrieving the
channel variable for that column. Passing that to strncat causes a SEGV. We
now check for the NULL and print a warning message.
Resolves: #1101
This process was a bit different than the others because everything
is in the same file, there's an array that contains the command
names and their handler functions, and the last command was created
over 15 years ago.
* Dump a `git blame` of res/res_agi.c from BEFORE the handle_* prototypes
were changed.
* Create a command <> handler function xref by parsing the the agi_command
array.
* For each entry, grep the function definition line "static int handle_*"
from the git blame output and capture the commit. This will be the
commit the command was created in.
* Do a `git tag --contains <commit> | sort -V | head -1` to get the
tag the function was created in.
* Add a single since/version element to the command XML. Multiple versions
aren't supported here because the branching and tagging scheme changed
several times in the 2000's.
Newer versions of gcc now warn about old style definitions, such
as those in libdb, which causes compilation failure with DEVMODE
enabled. Ignore these warnings for libdb.
Resolves: #1085
* Dump a git blame of each file in rest-api/api-docs.
* Get the commit for each "resourcePath" and "httpMethod" entry.
* Find the tags for each commit (same as other processes).
* Insert a "since" array after each "resourcePath" and "httpMethod" entry.
When an incoming request can't be matched to an endpoint, the "artificial"
auth object is used to create a challenge to return in a 401 response and we
emit a "No matching endpoint found" log message. If the client then responds
with an Authorization header but the request still can't be matched to an
endpoint, the verification will fail and, as before, we'll create a challenge
to return in a 401 response and we emit a "No matching endpoint found" log
message. HOWEVER, because there WAS an Authorization header and it failed
verification, we should have also been emitting a "Failed to authenticate"
log message but weren't because there was a check that short-circuited that
it if the artificial auth was used. Since many admins use the "Failed to
authenticate" message with log parsers like fail2ban, those attempts were not
being recognized as suspicious.
Changes:
* digest_check_auth() now always emits the "Failed to authenticate" log
message if verification of an Authorization header failed even if the
artificial auth was used.
* The verification logic was refactored to be clearer about the handling
of the return codes from verify().
* Comments were added clarify what return codes digest_check_auth() should
return to the distributor and the implications of changing them.
Resolves: #1095
This commit doesn't actually change anything. It just adds the following
upgrade notes that were omitted from the original commits.
Resolves: #1097
UpgradeNote: Two commits in this release...
'Add SHA-256 and SHA-512-256 as authentication digest algorithms'
'res_pjsip: Add new AOR option "qualify_2xx_only"'
...have modified alembic scripts for the following database tables: ps_aors,
ps_contacts, ps_auths, ps_globals. If you don't use the scripts to update
your database, reads from those tables will succeeed but inserts into the
ps_contacts table by res_pjsip_registrar will fail.
An issue in config_auth.c:ast_sip_auth_digest_algorithms_vector_init() was
causing double allocations for the two supported_algorithms vectors to the
tune of 915 bytes. The leak only happens on startup and when a reload is done
and doesn't get bigger with the number of auth objects defined.
* Pre-initialized the two vectors in config_auth:auth_alloc().
* Removed the allocations in ast_sip_auth_digest_algorithms_vector_init().
* Added a note to the doc for ast_sip_auth_digest_algorithms_vector_init()
noting that the vector passed in should be initialized and empty.
* Simplified the create_artificial_auth() function in pjsip_distributor.
* Set the vector initialization count to 0 in config_global:global_apply().
* Do a git blame on the embedded XML application or function element.
* From the commit hash, grab the summary line.
* Do a git log --grep <summary> to find the cherry-pick commits in all
branches that match.
* Do a git patch-id to ensure the commits are all related and didn't get
a false match on the summary.
* Do a git tag --contains <commit> to find the tags that contain each
commit.
* Weed out all tags not ..0.
* Sort and discard any .0.0 and following tags where the commit
appeared in an earlier branch.
* The result is a single tag for each branch where the application or function
was defined.
The applications and functions defined in the following files were done by
hand because the XML was extracted from the C source file relatively recently.
* channels/pjsip/dialplan_functions_doc.xml
* main/logger_doc.xml
* main/manager_doc.xml
* res/res_geolocation/geoloc_doc.xml
* res/res_stir_shaken/stir_shaken_doc.xml
* Do a git blame on the embedded XML managerEvent elements.
* From the commit hash, grab the summary line.
* Do a git log --grep <summary> to find the cherry-pick commits in all
branches that match.
* Do a git patch-id to ensure the commits are all related and didn't get
a false match on the summary.
* Do a git tag --contains <commit> to find the tags that contain each
commit.
* Weed out all tags not ..0.
* Sort and discard any .0.0 and following tags where the commit
appeared in an earlier branch.
* The result is a single tag for each branch where the application or function
was defined.
The events defined in res/res_pjsip/pjsip_manager.xml were done by hand
because the XML was extracted from the C source file relatively recently.
Two bugs were fixed along the way...
* The get_documentation awk script was exiting after it processed the first
DOCUMENTATION block it found in a file. We have at least 1 source file
with multiple DOCUMENTATION blocks so only the first one in them was being
processed. The awk script was changed to continue searching rather
than exiting after the first block.
* Fixing the awk script revealed an issue in logger.c where the third
DOCUMENTATION block contained a XML fragment that consisted only of
a managerEventInstance element that wasn't wrapped in a managerEvent
element. Since logger_doc.xml already existed, the remaining fragments
in logger.c were moved to it and properly organized.
This should resolve the Prometheus error:
> Error scraping target: non-compliant scrape target
sending blank Content-Type and no
fallback_scrape_protocol specified for target.
Resolves: #1075
Most of the configObjects and configOptions that are implemented with
ACO or Sorcery now have `<since>/<version>` elements added. There are
probably some that the script I used didn't catch. The version tags were
determined by the following...
* Do a git blame on the API call that created the object or option.
* From the commit hash, grab the summary line.
* Do a `git log --grep <summary>` to find the cherry-pick commits in all
branches that match.
* Do a `git patch-id` to ensure the commits are all related and didn't get
a false match on the summary.
* Do a `git tag --contains <commit>` to find the tags that contain each
commit.
* Weed out all tags not <major>.<minor>.0.
* Sort and discard any <major>.0.0 and following tags where the commit
appeared in an earlier branch.
* The result is a single tag for each branch where the API was last touched.
configObjects and configOptions elements implemented with the base
ast_config APIs were just not possible to find due to the non-deterministic
way they are accessed.
Also note that if the API call was on modified after it was added, the
version will be the one it was last modified in.
Final note: The configObject and configOption elements were introduced in
12.0.0 so options created before then may not have any XML documentation.
The return code fom digest_check_auth wasn't explicitly being initialized.
The return code also wasn't explicitly set to CHALLENGE when challenges
were sent. When optimization was turned off (DONT_OPTIMIZE), the compiler
was setting it to "0"(CHALLENGE) which worked fine. However, with
optimization turned on, it was setting it to "1" (SUCCESS) so if there was
no incoming Authorization header, the function was returning SUCCESS to the
distributor allowing the request to incorrectly succeed.
The return code is now initialized correctly and is now explicitly set
to CHALLENGE when we send challenges.
Currently, the ast_tls_cert file is hardcoded to use the -des3 option
for 3DES encryption, and the script needs to be manually modified
to not require a passphrase. Add an option (-e) that disables
encryption of the CA private key so no passphrase is required.
Resolves: #1064
Currently, when receiving an unauthenticated call, we keep track
of the negotiated format in the chosenformat, which allows us
to later create the channel using the right format. However,
this was not done for authenticated calls. This meant that in
certain circumstances, if we had not yet received a voice frame
from the peer, only certain other types of frames (e.g. text),
there were no variables containing the appropriate frame.
This led to problems in the jitterbuffer callback where we
unnecessarily bailed out of retrieving a frame from the jitterbuffer.
This was logic intentionally added in commit 73103bdcd5
in response to an earlier regression, and while this prevents
crashes, it also backlogs legitimate frames unnecessarily.
The abort logic was initially added because at this point in the
code, we did not have the negotiated format available to us.
However, it should always be available to us as a last resort
in chosenformat, so we now pull it from there if needed. This
allows us to process frames the jitterbuffer even if voicefmt
and peerfmt aren't set and still avoid the crash. The failsafe
logic is retained, but now it shouldn't be triggered anymore.
Resolves: #1054
Correct an issue in ast_config_text_file_save2() when updating configuration
files with "#tryinclude" statements. The API currently replaces "#tryinclude"
with "#include". The API also creates empty template files if the referenced
files do not exist. This change resolves these problems.
Resolves: https://github.com/asterisk/asterisk/issues/920
This adds the Last Number Redial feature to
simple switch.
UserNote: Users can now redial the last number
called if the lastnumredial setting is set to yes.
Resolves: #437
* channels/pjsip/dialplan_functions_doc.xml: Added xmlns:xi to docs element.
* main/bucket.c: Removed XML completely since the "bucket" and "file" objects
are internal only with no config file.
* main/named_acl.c: Fixed the configFile element name. It was "named_acl.conf"
and should have been "acl.conf"
* res/res_geolocation/geoloc_doc.xml: Added xmlns:xi to docs element.
* res/res_http_media_cache.c: Fixed the configFile element name. It was
"http_media_cache.conf" and should have been "res_http_media_cache.conf".
Essentially, we were treating 1234x1234 and 1234x5678 as 'equal'
because we were able to convert the prefix of each of these strings to
the same number.
Resolves: #1028
* Added the "since" element to the XML configObject and configOption elements
in appdocsxml.dtd.
* Added the "Since" section to the following CLI output:
```
config show help <module> <object>
config show help <module> <object> <option>
core show application <app>
core show function <func>
manager show command <command>
manager show event <event>
agi show commands topic <topic>
```
* Refactored the commands above to output their sections in the same order:
Synopsis, Since, Description, Syntax, Arguments, SeeAlso
* Refactored the commands above so they all use the same pattern for writing
the output to the CLI.
* Fixed several memory leaks caused by failure to free temporary output
buffers.
* Added a "since" array to the mustache template for the top-level resources
(Channel, Endpoint, etc.) and to the paths/methods underneath them. These
will be added to the generated markdown if present.
Example:
```
"resourcePath": "/api-docs/channels.{format}",
"requiresModules": [
"res_stasis_answer",
"res_stasis_playback",
"res_stasis_recording",
"res_stasis_snoop"
],
"since": [
"18.0.0",
"21.0.0"
],
"apis": [
{
"path": "/channels",
"description": "Active channels",
"operations": [
{
"httpMethod": "GET",
"since": [
"18.6.0",
"21.8.0"
],
"summary": "List all active channels in Asterisk.",
"nickname": "list",
"responseClass": "List[Channel]"
},
```
NOTE: No versioning information is actually added in this commit.
Those will be added separately and instructions for adding and maintaining
them will be published on the documentation site at a later date.
* Refactored pjproject code to support the new algorithms and
added a patch file to third-party/pjproject/patches
* Added new parameters to the pjsip auth object:
* password_digest = <algorithm>:<digest>
* supported_algorithms_uac = List of algorithms to support
when acting as a UAC.
* supported_algorithms_uas = List of algorithms to support
when acting as a UAS.
See the auth object in pjsip.conf.sample for detailed info.
* Updated both res_pjsip_authenticator_digest.c (for UAS) and
res_pjsip_outbound_authentocator_digest.c (UAC) to suport the
new algorithms.
The new algorithms are only available with the bundled version
of pjproject, or an external version > 2.14.1. OpenSSL version
1.1.1 or greater is required to support SHA-512-256.
Resolves: #948
UserNote: The SHA-256 and SHA-512-256 algorithms are now available
for authentication as both a UAS and a UAC.
Configurations loaded with the ast_config_load2() API and later written
out with ast_config_text_file_save2() will have any leading whitespace
stripped away. The APIs should make reasonable efforts to maintain the
content and formatting of the configuration files.
This change retains any leading whitespace from comment lines that start
with a ";".
Resolves: https://github.com/asterisk/asterisk/issues/970
When using the ListCategories AMI action, it was possible to traverse
upwards through the directories to files outside of the configured
configuration directory. This action is now restricted to the configured
directory and an error will now be returned if the specified file is
outside of this limitation.
Resolves: #GHSA-33x6-fj46-6rfh
UserNote: The ListCategories AMI action now restricts files to the
configured configuration directory.
