We have a use-case where we generate a *lot* of events on the AMI, and
then when doing `manager show eventq` we would see some events which
would linger for hours or days in there. Obviously something was leaking.
Testing allowed us to track down this logic bug in the ref-counting on
the event purge.
Reproducing the bug was not super trivial, we managed to do it in a
production-like load testing environment with multiple AMI consumers.
The race condition itself:
1. something allocates and links `session`
2. `purge_sessions` iterates over that `session` (takes ref)
3. `purge_session` correctly de-referencess that session
4. `purge_session` re-evaluates the while() loop, taking a reference
5. `purge_session` exits (`n_max > 0` is false)
6. whatever allocated the `session` deallocates it, but a reference is
now lost since we exited the `while` loop before de-referencing.
7. since the destructor is never called, the session->last_ev->usecount
is never decremented, leading to events lingering in the queue
The impact of this bug does not seem major. The events are small and do
not seem, from our testing, to be causing meaningful additional CPU
usage. Mainly we wanted to fix this issue because we are internally
adding prometheus metrics to the eventq and those leaked events were
causing the metrics to show garbage data.
(cherry picked from commit 019d4ef17c)
Under certain circumstances the context/extens/prio are stored in the
after_bridge_goto_info. This info is used when the bridge is broken by
for hangup of the other party. In the situation that the bridge is
broken by an AMI Redirect this info is not used but also not removed.
With the result that when the channel is put back in a bridge and the
bridge is broken the execution continues at the wrong
context/extens/prio.
Resolves: #1144
(cherry picked from commit 6881b6249f)
The `CreateConfig` manager action now ensures that a config file can
only be created in the AST_CONFIG_DIR unless `live_dangerously` is set.
Resolves: #1122
(cherry picked from commit 6f447132b2)
Found via `codespell -q 3 -S "./CREDITS" -L abd,asent,atleast,childrens,contentn,crypted,dne,durationm,exten,inout,leapyear,nd,oclock,offsetp,ot,parm,parms,requestor,ser,slanguage,slin,thirdparty,varn,varns,ues`
(cherry picked from commit 03ec0f2d17)
* Added the "since" element to the XML configObject and configOption elements
in appdocsxml.dtd.
* Added the "Since" section to the following CLI output:
```
config show help <module> <object>
config show help <module> <object> <option>
core show application <app>
core show function <func>
manager show command <command>
manager show event <event>
agi show commands topic <topic>
```
* Refactored the commands above to output their sections in the same order:
Synopsis, Since, Description, Syntax, Arguments, SeeAlso
* Refactored the commands above so they all use the same pattern for writing
the output to the CLI.
* Fixed several memory leaks caused by failure to free temporary output
buffers.
* Added a "since" array to the mustache template for the top-level resources
(Channel, Endpoint, etc.) and to the paths/methods underneath them. These
will be added to the generated markdown if present.
Example:
```
"resourcePath": "/api-docs/channels.{format}",
"requiresModules": [
"res_stasis_answer",
"res_stasis_playback",
"res_stasis_recording",
"res_stasis_snoop"
],
"since": [
"18.0.0",
"21.0.0"
],
"apis": [
{
"path": "/channels",
"description": "Active channels",
"operations": [
{
"httpMethod": "GET",
"since": [
"18.6.0",
"21.8.0"
],
"summary": "List all active channels in Asterisk.",
"nickname": "list",
"responseClass": "List[Channel]"
},
```
NOTE: No versioning information is actually added in this commit.
Those will be added separately and instructions for adding and maintaining
them will be published on the documentation site at a later date.
(cherry picked from commit 3e28ddce78)
This update adds the processed call count to the CoreStatus AMI Action responsie. This output is
similar to the values returned by "core show channels" or "core show calls" in the CLI.
UserNote: The current processed call count is now returned as CoreProcessedCalls from the
CoreStatus AMI Action.
(cherry picked from commit 1ac67c84d4)
When using the ListCategories AMI action, it was possible to traverse
upwards through the directories to files outside of the configured
configuration directory. This action is now restricted to the configured
directory and an error will now be returned if the specified file is
outside of this limitation.
Resolves: #GHSA-33x6-fj46-6rfh
UserNote: The ListCategories AMI action now restricts files to the
configured configuration directory.
This unit test checks that dialplan apps and app data specified
as parameters for the Originate action are allowed with the
permissions the user has.
(cherry picked from commit 5cf699370b)
asterisk.c, manager.c: Increase buffer sizes to avoid truncation warnings.
config.c: Include header file for WIFEXITED/WEXITSTATUS macros.
res_timing_kqueue: Use more portable format specifier.
test_crypto: Use non-linux limits.h header file.
Resolves: #916
(cherry picked from commit b8b21b3f00)
When using the ModuleLoad AMI action, it was possible to traverse
upwards through the directories to files outside of the configured
modules directory. We decided it would be best to restrict access to
modules exclusively in the configured directory. You will now get an
error when the specified module is outside of this limitation.
Fixes: #897
UserNote: The ModuleLoad AMI action now restricts modules to the
configured modules directory.
(cherry picked from commit e8d3869e75)
UserNote: You can now perform more granular filtering on events
in manager.conf using expressions like
`eventfilter(name(Newchannel),header(Channel),method(starts_with)) = PJSIP/`
This is much more efficient than
`eventfilter = Event: Newchannel.*Channel: PJSIP/`
Full syntax guide is in configs/samples/manager.conf.sample.
(cherry picked from commit 92c0bd4b50)
If you run an AMI CoreShowChannelMap on a channel that isn't in a
bridge and you're in DEVMODE, you can get a FRACK because the
bridge id is empty. We now simply return an empty list for that
request.
(cherry picked from commit 63004f2c02)
Added Reload and DBdeltree to the list of dialplan application that
can't be executed via the Originate manager action without also
having write SYSTEM permissions.
Added CURL, DB*, FILE, ODBC and REALTIME* to the list of dialplan
functions that can't be executed via the Originate manager action
without also having write SYSTEM permissions.
If the Queue application is attempted to be run by the Originate
manager action and an AGI parameter is specified in the app data,
it'll be rejected unless the manager user has either the AGI or
SYSTEM permissions.
Resolves: #GHSA-c4cg-9275-6w44
Because of the (often recursive) nature of module dependencies in
Asterisk, hot swapping a module on the fly is cumbersome if a module
is depended on by other modules. Currently, dependencies must be
popped manually by unloading dependents, unloading the module of
interest, and then loading modules again in reverse order.
To make this easier, the ability to do this recursively in certain
circumstances has been added, as an optional extension to the
"module refresh" command. If requested, Asterisk will check if a module
that has a positive usecount could be unloaded safely if anything
recursively dependent on it were unloaded. If so, it will go ahead
and unload all these modules and load them back again. This makes
hot swapping modules that provide dependencies much easier.
Resolves: #474
UserNote: In certain circumstances, modules with dependency relations
can have their dependents automatically recursively unloaded and loaded
again using the "module refresh" CLI command or the ModuleLoad AMI command.
(cherry picked from commit a056e94885)
manager.c: Add new parameter 'PreDialGoSub' to Originate AMI action
The action originate does not has the ability to run an subroutine at initial channel, like the Aplication Originate. This update give this ability for de action originate too.
For example, we can run a routine via Gosub on the channel to request an automatic answer, so the caller does not need to accept the call when using the originate command via manager, making the operation more efficient.
UserNote: When using the Originate AMI Action, we now can pass the PreDialGoSub parameter, instructing the asterisk to perform an subrouting at channel before call start. With this parameter an call initiated by AMI can request the channel to start the call automaticaly, adding a SIP header to using GoSUB, instructing to autoanswer the channel, and proceeding the outbuound extension executing. Exemple of an context to perform the previus indication:
[addautoanswer]
exten => _s,1,Set(PJSIP_HEADER(add,Call-Info)=answer-after=0)
exten => _s,n,Set(PJSIP_HEADER(add,Alert-Info)=answer-after=0)
exten => _s,n,Return()
(cherry picked from commit d4b79cb466)
This adds a CLI command that can be used to manually
kick specific AMI sessions.
Resolves: #485
UserNote: The "manager kick session" CLI command now
allows kicking a specified AMI session.
(cherry picked from commit f4fba80708)
When started with a verbose level of 3, asterisk can emit over 1500
verbose message that serve no real purpose other than to fill up
logs. When asterisk shuts down, it emits another 1100 that are of
even less use. Since the testsuite runs asterisk with a verbose
level of 3, and asterisk starts and stops for every one of the 700+
tests, the number of log messages is staggering. Besides taking up
resources, it also makes it hard to debug failing tests.
This commit changes the log level for those verbose messages to 5
instead of 3 which reduces the number of log messages to only a
handful. Of course, NOTICE, WARNING and ERROR message are
unaffected.
There's also one other minor change...
ast_context_remove_extension_callerid2() logs a DEBUG message
instead of an ERROR if the extension you're deleting doesn't exist.
The pjsip_config_wizard calls that function to clean up the config
and has been triggering that annoying error message for years.
Resolves: #582
(cherry picked from commit a5ae546b88)
Currently, a reload will always occur if the
Reload header is provided for the UpdateConfig
action. However, we should not be doing a reload
if the header value has a falsy value, per the
documentation, so this makes the reload behavior
consistent with the existing documentation.
Resolves: #551
(cherry picked from commit 874ee6e9aa)
Commit 424be34563 introduced
a regression by calling ast_free on memory allocated by
realpath. This causes Asterisk to abort when executing this
function. Since the memory is allocated by glibc, it should
be freed using ast_std_free.
Resolves: #513
(cherry picked from commit bb364fc61f)
Improve the "manager show connected" CLI command
to clarify that the last two columns are permissions
related, not counts, and use sufficient widths
to consistently display these values.
ASTERISK-30143 #close
Resolves: #482
(cherry picked from commit 09bd80c627)
See UserNote below.
Exposed the existing Hangup AMI action in manager.c so we can use
all of it's channel search and AMI protocol handling without
duplicating that code in dialplan_functions.c.
Added a lookup function to res_pjsip.c that takes in the
string represenation of the pjsip_status_code enum and returns
the actual status code. I.E. ast_sip_str2rc("DECLINE") returns
603. This allows the caller to specify PJSIPHangup(decline) in
the dialplan, just like Hangup(call_rejected).
Also extracted the XML documentation to its own file since it was
almost as large as the code itself.
UserNote: A new dialplan app PJSIPHangup and AMI action allows you
to hang up an unanswered incoming PJSIP call with a specific SIP
response code in the 400 -> 699 range.
(cherry picked from commit af7e89ebf8)
To better co-exist with sounds files that may be managed by
packages, custom sound files may now be placed in
AST_DATA_DIR/sounds/custom instead of the standard
AST_DATA_DIR/sounds/<lang> directory. If the new
"sounds_search_custom_dir" option in asterisk.conf is set
to "true", asterisk will search the custom directory for sounds
files before searching the standard directory. For performance
reasons, the "sounds_search_custom_dir" defaults to "false".
Resolves: #315
UserNote: A new option "sounds_search_custom_dir" has been added to
asterisk.conf that allows asterisk to search
AST_DATA_DIR/sounds/custom for sounds files before searching the
standard AST_DATA_DIR/sounds/<lang> directory.
(cherry picked from commit 0e0f99db1d)
When using AMI GetConfig, it was possible to access files outside of the
Asterisk configuration directory by using filenames with ".." and "./"
even while live_dangerously was not enabled. This change resolves the
full path and ensures we are still in the configuration directory before
attempting to access the file.
Adds a new AMI action (CoreShowChannelMap) that takes in a channel name
and provides a list of all channels that are connected to that channel,
following local channel connections as well.
Resolves: #104
UserNote: New AMI action CoreShowChannelMap has been added.
The if statement here is always false after the for
loop finishes, so variables are never appended.
This removes that to properly append to the end
of the variable list.
ASTERISK-30351 #close
Reported by: Sebastian Gutierrez
Change-Id: I1b7f8b85a8918f6a814cb933a479d4278cf16199
Add live_dangerously flag to manager and use this flag to
determine if a configuation file outside of AST_CONFIG_DIR
should be read.
ASTERISK-30176
Change-Id: I46b26af4047433b49ae5c8a85cb8cda806a07404
(cherry picked from commit 81f10e847e)
The ModuleCheck XML documentation falsely
claims that the module's version number is returned.
This has not been the case since 14, since the version
number is not available anymore, but the documentation
was not changed at the time. It is now updated to
reflect this.
ASTERISK-30285 #close
Change-Id: Idde2d1205a11f2623fa1ddab192faa3dc4081e91
If we find that n_max (currently hard wired to 1) sessions were purged,
schedule the next purge for 1ms into the future rather than 5000ms (as
per current). This way we will purge up to 1000 sessions per second
rather than 1 every 5 seconds.
This mitigates a build-up of sessions should http sessions gets
established faster than 1 per 5 seconds.
Change-Id: I9820d39aa080109df44fe98c1325cafae48d54f5
Signed-off-by: Jaco Kroon <jaco@uls.co.za>
The manager XML documentation documents a "FilterList"
action, but there is no such action. Therefore, this can
lead to confusion when people try to use a documented
action that does not, in fact, exist. This is removed
as the action never did exist in the past, nor would it
be trivial to add since we only store the regex_t
objects, so the filter list can't actually be provided
without storing that separately. Most likely, the
documentation was originally added (around version 10)
in anticipation of something that never happened.
ASTERISK-29917 #close
Change-Id: I846b16fd6f80a91d4ddc5d8a861b522d7c6f8f97
Adjusts some logging levels to be more or less important,
that is more prominent when actual problems occur and less
prominent for less noteworthy things.
ASTERISK-30153 #close
Change-Id: Ifc8f7df427aa018627db462125ae744986d3261b
The global event filtering code was only in one
possible execution path, so not all events were
being properly filtered out if requested. This moves
that into the universal AMI handling code so all
events are properly handled.
Additionally, the CLI listing of disabled events can
also get truncated, so we now print out everything.
ASTERISK-30137 #close
Change-Id: If8c42edcb2abc5158552da7eba2a8ff6b20e1959
Adds version information for applications, functions,
and manager events/actions.
This is not completely exhaustive by any means but
covers most new things added that have release
versioning information in the issue tracker.
ASTERISK-29940 #close
Change-Id: I506401e93c799715dbbe97c0a8ba18af2bf5e131
On a write error to an AMI session a flag was set to
indicate that the write error had occurred, with the
expected result being that the session be terminated.
This was not actually happening and instead writing
would continue to be attempted.
This change adds a check for the write error and causes
the session to actually terminate.
ASTERISK-29948
Change-Id: Icaf5d413d4c0d5dc78292a17287fecc8720a31a5
ASTERISK_29853 added the ability to selectively disable
AMI events on a global basis, but the logic for this uses
strstr which means that events with names which are the prefix
of another event, if disabled, could disable those events as
well.
Instead, we account for this possibility to prevent this
undesired behavior from occuring.
ASTERISK_29853
Change-Id: Icccd1872602889806740971e4adf932f92466959
The disabledevents setting has been added to the general section
in manager.conf, which allows users to specify events that
should be globally disabled and not sent to any AMI listeners.
This allows for processing of these AMI events to end sooner and,
for frequent AMI events such as Newexten which users may not have
any need for, allows them to not be processed. Additionally, it also
cleans up core debug as previously when debug was 3 or higher,
the debug was constantly spammed by "Analyzing AMI event" messages
along with a complete dump of the event contents (often for Newexten).
ASTERISK-29853 #close
Change-Id: Id42b9a3722a1f460d745cad1ebc47c537fd4f205
This code was needlessly complex and would fail to properly delimit
the response message if LOW_MEMORY was defined.
Change-Id: Iae50bf09ef4bc34f9dc4b49435daa76f8b2c5b6e
The XML Manager Event Interface (amxml) now generates attribute names
that are compliant with the XML 1.1 specification. Previously, an
attribute name that started with a digit would be rendered as-is, even
though attribute names must not begin with a digit. We now prefix
attribute names that start with a digit with an underscore ('_') to
prevent XML validation failures.
This is not backwards compatible but my assumption is that compliant
XML parsers would already have been complaining about this.
ASTERISK-29886 #close
Change-Id: Icfaa56a131a082d803e9b7db5093806d455a0523
Rename check_manager_enabled() and check_webmanager_enabled() to begin
with ast_ so that the symbols are automatically exported by the
linker.
ASTERISK~29184
Change-Id: I85762b9a5d14500c15f6bad6507138c8858644c9
This patch allows a user of AMI to now specify the type of message
content contained within by setting the 'Content-Type' parameter.
Note, the AMI version has been bumped for this change.
ASTERISK-28945 #close
Change-Id: Ibb5315702532c6b954e1498beddc8855fabdf4bb
named_acl.c (which is really a named_ha) now uses ast_ha_output.
I've also updated main/manager.c to output the actual ACL on "manager
show user <username>" if one is set. If this works then we can add
similar to other modules as required.
Change-Id: I0ec9876a90dddd379c80ec078d48e3ee6991eb0f
If an AMI user without the "system" authorization calls the
Originate AMI command with the Originate application,
the second Originate could run the "System" command.
Action: Originate
Channel: Local/1111
Application: Originate
Data: Local/2222,app,System,touch /tmp/owned
If the "system" authorization isn't set, we now block the
Originate app as well as the System, Exec, etc. apps.
ASTERISK-28580
Reported by: Eliel Sardañons
Change-Id: Ic4c9dedc34c426f03c8c14fce334a71386d8a5fa
This patch fixes several issues reported by the lgtm code analysis tool:
https://lgtm.com/projects/g/asterisk/asterisk
Not all reported issues were addressed in this patch. This patch mostly fixes
confirmed reported errors, potential problematic code points, and a few other
"low hanging" warnings or recommendations found in core supported modules.
These include, but are not limited to the following:
* innapropriate stack allocation in loops
* buffer overflows
* variable declaration "hiding" another variable declaration
* comparisons results that are always the same
* ambiguously signed bit-field members
* missing header guards
Change-Id: Id4a881686605d26c94ab5409bc70fcc21efacc25
The functions that build manager message headers do so in a way that
results in a single messages being split across multiple packets. While
this doesn't matter to the remote end, it makes network captures noisier
and harder to follow, and also means additional system calls.
With this patch, we build up more of the message content into the TLS
buffer before flushing to the network. This change is completely
internal to the manager code and does not affect any of the existing
API's consumers.
Change-Id: I50128b0769060ca5272dbbb5e60242d131eaddf9
