This migrates the relevant schema objects from the `('yes', 'no')`
definition to the `('0', '1', 'off', 'on', 'false', 'true', 'yes', 'no')`
one.
Fixes#617
Why do we need a refactor?
The original stir/shaken implementation was started over 3 years ago
when little was understood about practical implementation. The
result was an implementation that wouldn't actually interoperate
with any other stir-shaken implementations.
There were also a number of stir-shaken features and RFC
requirements that were never implemented such as TNAuthList
certificate validation, sending Reason headers in SIP responses
when verification failed but we wished to continue the call, and
the ability to send Media Key(mky) grants in the Identity header
when the call involved DTLS.
Finally, there were some performance concerns around outgoing
calls and selection of the correct certificate and private key.
The configuration was keyed by an arbitrary name which meant that
for every outgoing call, we had to scan the entire list of
configured TNs to find the correct cert to use. With only a few
TNs configured, this wasn't an issue but if you have a thousand,
it could be.
What's changed?
* Configuration objects have been refactored to be clearer about
their uses and to fix issues.
* The "general" object was renamed to "verification" since it
contains parameters specific to the incoming verification
process. It also never handled ca_path and crl_path
correctly.
* A new "attestation" object was added that controls the
outgoing attestation process. It sets default certificates,
keys, etc.
* The "certificate" object was renamed to "tn" and had it's key
change to telephone number since outgoing call attestation
needs to look up certificates by telephone number.
* The "profile" object had more parameters added to it that can
override default parameters specified in the "attestation"
and "verification" objects.
* The "store" object was removed altogther as it was never
implemented.
* We now use libjwt to create outgoing Identity headers and to
parse and validate signatures on incoming Identiy headers. Our
previous custom implementation was much of the source of the
interoperability issues.
* General code cleanup and refactor.
* Moved things to better places.
* Separated some of the complex functions to smaller ones.
* Using context objects rather than passing tons of parameters
in function calls.
* Removed some complexity and unneeded encapsuation from the
config objects.
Resolves: #351Resolves: #46
UserNote: Asterisk's stir-shaken feature has been refactored to
correct interoperability, RFC compliance, and performance issues.
See https://docs.asterisk.org/Deployment/STIR-SHAKEN for more
information.
UpgradeNote: The stir-shaken refactor is a breaking change but since
it's not working now we don't think it matters. The
stir_shaken.conf file has changed significantly which means that
existing ones WILL need to be changed. The stir_shaken.conf.sample
file in configs/samples/ has quite a bit more information. This is
also an ABI breaking change since some of the existing objects
needed to be changed or removed, and new ones added. Additionally,
if res_stir_shaken is enabled in menuselect, you'll need to either
have the development package for libjwt v1.15.3 installed or use
the --with-libjwt-bundled option with ./configure.
This introduces a setting for outbound registrations to override the
global User-Agent header setting.
Resolves: #515
UserNote: PJSIP outbound registrations now support a per-registration
User-Agent header
When app_macro was deprecated, the macrocontext column was removed from
the INSERT statement but the binds were not renumbered. This broke the
insert.
This change removes the macrocontext column via alembic and re-numbers
the existing columns in the INSERT.
Fixes: #527
UserNote: The fix requires removing the macrocontext column from the
voicemail_messages table in the voicemail database via alembic upgrade.
UpgradeNote: The fix requires that the voicemail database be upgraded via
alembic. Upgrading to the latest voicemail database via alembic will
remove the macrocontext column from the voicemail_messages table.
Instead of searching for the asterisk binary and the modules in the
filesystem, we now get their locations, along with libdir, from
the coredump itself...
For the binary, we can use `gdb -c <coredump> ... "info proc exe"`.
gdb can print this even without having the executable and symbols.
Once we have the binary, we can get the location of the modules with
`gdb ... "print ast_config_AST_MODULE_DIR`
If there was no result then either it's not an asterisk coredump
or there were no symbols loaded. Either way, it's not usable.
For libdir, we now run "strings" on the note0 section of the
coredump (which has the shared library -> memory address xref) and
search for "libasteriskssl|libasteriskpj", then take the dirname.
Since we're now getting everything from the coredump, it has to be
correct as long as we're not crossing namespace boundaries like
running asterisk in a docker container but trying to run
ast_coredumper from the host using a shared file system (which you
shouldn't be doing).
There is still a case for using --asterisk-bin and/or --libdir: If
you've updated asterisk since the coredump was taken, the binary,
libraries and modules won't match the coredump which will render it
useless. If you can restore or rebuild the original files that
match the coredump and place them in a temporary directory, you can
use --asterisk-bin, --libdir, and a new --moddir option to point to
them and they'll be correctly captured in a tarball created
with --tarball-coredumps. If you also use --tarball-config, you can
use a new --etcdir option to point to what normally would be the
/etc/asterisk directory.
Also addressed many "shellcheck" findings.
Resolves: #445
`astcachedir` (added in b0842713) was not added to `live_ast` so
continued to point to the system `/var/cache` directory instead of the
one in the live environment.
This commit introduces an extension to the endpoint and relevant
resource sizes for PJSIP, transitioning from its current 40-character
constraint to a more versatile 255-character capacity. This enhancement
significantly overcomes limitations related to domain qualification and
practical usage, ultimately delivering improved functionality. In
addition, it includes adjustments to accommodate the expanded realm size
within the ARI, specifically enhancing the maximum realm length.
Resolves: #345
UserNote: With this update, the PJSIP realm lengths have been extended
to support up to 255 characters.
UpgradeNote: As part of this update, the maximum allowable length
for PJSIP endpoints and relevant resources has been increased from
40 to 255 characters. To take advantage of this enhancement, it is
recommended to run the necessary procedures (e.g., Alembic) to
update your schemas.
If the safe_asterisk script detects that the /var/lib/asterisk
directory doesn't exist, it now creates it with 755 permissions
instead of 770. safe_asterisk needing to create that directory
should be extremely rare though because it's normally created
by 'make install' which already sets the permissions to 755.
Resolves: #316
Add quoting around the ps_endpoints 100rel column in the ALTER
statements. Although alembic doesn't complain when generating
sql statements, postgresql does (rightly so).
Resolves: #274
Fixes dependency solutions in install_prereq for Debian aarch64
platforms. install_prereq was attempting to forcibly install 32-bit
armhf packages due to the aptitude search for dependencies.
Resolves: #37
In a handful of migrations, the comment header that indicates the
current and previous revisions has drifted from the identifiers
revision and down_revision variables. This updates the comment headers
to match the code.
Adds the loop_last option to res_musiconhold,
which allows the last audio file in the directory
to be looped perpetually once reached, rather than
circling back to the beginning again.
Resolves: #122
ASTERISK-30462
UserNote: The loop_last option in musiconhold.conf now
allows the last file in the directory to be looped once reached.
When Asterisk is restarted it does not preserve paused reason for
members of realtime queues. This was fixed for non-realtime queues in
ASTERISK_25732
Resolves: #66
UpgradeNote: Add a new column to the queue_member table:
reason_paused VARCHAR(80) so the reason can be preserved.
UserNote: Make paused reason in realtime queues persist an
Asterisk restart. This was fixed for non-realtime
queues in ASTERISK_25732.
The Asterisk logrotate script contains explicit
references to files with the .log extension,
which are also included when *log is expanded.
This causes issues with newer versions of logrotate.
This fixes this by ensuring that a log file cannot
be referenced multiple times after expansion occurs.
Resolves: #96
ASTERISK-30442
Reported by: EN Barnett
Tested by: EN Barnett
* Remove .gitreview and switch to pulling the main asterisk branch
version from configure.ac instead.
* Replace references to JIRA with GitHub.
* Other minor cleanup found along the way.
Resolves: #39
`rc.archlinux.asterisk`, which explicitly requests bash in its
shebang, uses the following command syntax:
${DAEMON} -rx "core stop now" > /dev/null 2&>1
The intent of which is to execute:
${DAEMON} -rx "core stop now"
While sending both stdout and stderr to `/dev/null`. Unfortunately,
because the `&` is in the wrong place, bash is interpreting the `2` as
just an additional argument to the `$DAEMON` command and not as a file
descriptor and proceeds to use the bashism `&>` to send stderr and
stdout to a file named `1`.
So we clean it up and just use bash's shortcut syntax.
Issue raised and a fix suggested (but not used) by peutch on GitHub¹.
ASTERISK-30449 #close
1. https://github.com/asterisk/asterisk/pull/31
Change-Id: Ie279bf4efb4d95cbf507313483d316e977303d19
Adds the overlap_context option, which can be used
to explicitly specify a context to use for overlap
dialing extension matches, rather than forcibly
using the context configured for the endpoint.
ASTERISK-30262 #close
Change-Id: Ibbcd4a8b11402428a187fb56b8d4e7408774a0db
chan_sip supported sending AOC-D and AOC-E information in SIP INFO
messages in an "AOC" header in a format that was originally defined by
Snom. In the meantime, ETSI TS 124 647 introduced an XML-based AOC
format that is supported by devices from multiple vendors, including
Snom phones with firmware >= 8.4.2 (released in 2010).
This commit adds a new res_pjsip_aoc module that inserts AOC information
into outgoing messages or sends SIP INFO messages as described below.
It also fixes a small issue in res_pjsip_session which didn't always
call session supplements on outgoing_response.
* AOC-S in the 180/183/200 responses to an INVITE request
* AOC-S in SIP INFO (if a 200 response has already been sent or if the
INVITE was sent by Asterisk)
* AOC-D in SIP INFO
* AOC-D in the 200 response to a BYE request (if the client hangs up)
* AOC-D in a BYE request (if Asterisk hangs up)
* AOC-E in the 200 response to a BYE request (if the client hangs up)
* AOC-E in a BYE request (if Asterisk hangs up)
The specification defines one more, AOC-S in an INVITE request, which
is not implemented here because it is not currently possible in
Asterisk to have AOC data ready at this point in call setup. Once
specifying AOC-S via the dialplan or passing it through from another
SIP channel's INVITE is possible, that might be added.
The SIP INFO requests are sent out immediately when the AOC indication
is received. The others are inserted into an appropriate outgoing
message whenever that is ready to be sent. In the latter case, the XML
is stored in a channel variable at the time the AOC indication is
received. Depending on where the AOC indications are coming from (e.g.
PRI or AMI), it may not always be possible to guarantee that the AOC-E
is available in time for the BYE.
Successfully tested AOC-D and both variants of AOC-E with a Snom D735
running firmware 10.1.127.10. It does not appear to properly support
AOC-S however, so that could only be tested by inspecting SIP traces.
ASTERISK-21502 #close
Reported-by: Matt Jordan <mjordan@digium.com>
Change-Id: Iebb7ad0d5f88526bc6629d3a1f9f11665434d333
Currently chan_pjsip on receiving a re-INVITE without SDP will only
return the codecs that are previously negotiated and not offering
all enabled codecs.
This causes interoperability issues with different equipment (e.g.
from Cisco) for some of our customers and probably also in other
scenarios involving 3PCC infrastructure.
According to RFC 3261, section 14.2 we SHOULD return all codecs
on a re-INVITE without SDP
The PR proposes a new parameter to configure this behaviour:
all_codecs_on_empty_reinvite. It includes the code, documentation,
alembic migrations, CHANGES file and example configuration additions.
ASTERISK-30193 #close
Change-Id: I69763708d5039d512f391e296ee8a4d43a1e2148
This patch adds support for mediasec SIP headers and SDP attributes.
These are defined in RFC 3329, 3GPP TS 24.229 and
draft-dawes-sipcore-mediasec-parameter. The new features are
implemented so that a backbone for RFC 3329 is present to streamline
future work on RFC 3329.
With this patch, Asterisk can communicate with Deutsche Telekom trunks
which require these fields.
ASTERISK-30032
Change-Id: Ia7f5b5ba42db18074fdd5428c4e1838728586be2
This patch adds a new option to the 100rel parameter for pjsip
endpoints called "peer_supported". When an endpoint with this option
receives an incoming request and the request indicated support for the
100rel extension, then Asterisk will send 1xx responses reliably. If
the request did not indicate 100rel support, Asterisk sends 1xx
responses normally.
ASTERISK-30158
Change-Id: Id6d95ffa8f00dab118e0b386146e99f254f287ad
The following required columns were missing,
now added to the ps_endpoints table:
incoming_call_offer_pref
outgoing_call_offer_pref
stir_shaken_profile
ASTERISK-29453
Change-Id: I5cf565edf30195844d6acbc1e1de8c5f0d837568
This commit adds res_pjsip_geolocation which gives chan_pjsip
the ability to use the core geolocation capabilities.
This commit message is intentionally short because this isn't
a simple capability. See the documentation at
https://wiki.asterisk.org/wiki/display/AST/Geolocation
for more information.
THE CAPABILITIES IMPLEMENTED HERE MAY CHANGE BASED ON
USER FEEDBACK!
ASTERISK-30128
Change-Id: Ie2e2bcd87243c2cfabc43eb823d4427c7086f4d9
Rightly the use of wildcards in certificates is disallowed in accordance
with RFC5922. However, RFC2818 does make some allowances with regards to
their use when using subject alt names with DNS name types.
As such this patch creates a new setting for TLS transports called
'allow_wildcard_certs', which when it and 'verify_server' are both enabled
allows DNS name types, as well as the common name that start with '*.'
to match as a wildcard.
For instance: *.example.com
will match for: foo.example.com
Partial matching is not allowed, e.g. f*.example.com, foo.*.com, etc...
And the starting wildcard only matches for a single level.
For instance: *.example.com
will NOT match for: foo.bar.example.com
The new setting is disabled by default.
ASTERISK-30072 #close
Change-Id: If0be3fdab2e09c2a66bb54824fca406ebaac3da4
Currently, PJSIP will randomly wait up to 10 seconds for each
outbound registration's initial attempt. The reason for this
is to avoid having all outbound registrations attempt to register
simultaneously.
This can create limitations with the test suite where we need to
be able to receive inbound calls potentially within 10 seconds of
starting up. For instance, we might register to another server
and then try to receive a call through the registration, but if
the registration hasn't happened yet, this will fail, and hence
this inconsistent behavior can cause tests to fail. Ultimately,
this requires a smaller random value because there may be no good
reason to wait for up to 10 seconds in these circumstances.
To address this, a new config option is introduced which makes this
maximum delay configurable. This allows, for instance, this to be
set to a very small value in test systems to ensure that registrations
happen immediately without an unnecessary delay, and can be used more
generally to control how "tight" the initial outbound registrations
are.
ASTERISK-29965 #close
Change-Id: Iab989a8e94323e645f3a21cbb6082287c7b2f3fd
added new global config option "allow_sending_180_after_183"
that if enabled will preserve 180 after a 183
ASTERISK-29842
Change-Id: I8a53f8c35595b6d16d8e86e241b5f110d92f3d18
Whereas BLFs allow to show a display name for each RLS entry,
the asterisk provides only the extension now.
This is not end user friendly.
This commit adds a new resource_list option, resource_display_name,
to indicate whether display name of resource or the resource name being
provided for RLS entries.
If this option is enabled, the Display Name will be provided.
This option is disabled by default to remain the previous behavior.
If the 'event' set to 'presence' or 'dialog' the non-empty HINT name
will be set as the Display Name.
The 'message-summary' is not supported yet.
ASTERISK-29891 #close
Change-Id: Ic5306bd5a7c73d03f5477fe235e9b0f41c69c681
When OUTPUTDIR is set to another directory and the
--delete-results-after is set, the resulting txt files are
not deleted.
ASTERISK-29794 #close
Change-Id: I1c0071f6809a1e3f5cfc455d6eb08378bc0d7286
In developer mode, use internal documentation as well.
This should produce no warnings. Fix yours!
In noisy mode, output all possible warnings of Doxygen.
This creates zillion of warnings. Double-check your current module!
Any warnings are in the file './doxygen.log'. Beside that, this change
avoids deprecated parameters because the configuration file for Doxygen
contains only those parameters which differ from the default. This
avoids the need to update the file on each run. Furthermore, it adds
AST_VECTOR to be expanded. Finally, the default name for that file is
Doxyfile. Therefore, let us use that!
ASTERISK-26991
ASTERISK-20259
Change-Id: I4129092a199d5e24c319a09cd088614b121015af
Correct typos of the following word families:
standard
increase
comments
valgrind
promiscuous
editing
libtonezone
storage
aggressive
whitespace
russellbryant
consecutive
peternixon
ASTERISK-29714
Change-Id: I9cafbf41b579c9c0c84c81719d2c4f900beec245
The search for a running asterisk when --running is used
has been greatly simplified and in the event it doesn't
work, you can now specify a pid to use on the command
line with --pid.
The search for asterisk modules when --tarball-coredumps
is used has been enhanced to have a better chance of finding
them and in the event it doesn't work, you can now specify
--libdir on the command line to indicate the library directory
where they were installed.
The DATEFORMAT variable was renamed to DATEOPTS and is now
passed to the 'date' utility rather than running DATEFORMAT
as a command.
The coredump and output files are now renamed with DATEOPTS.
This can be disabled by specifying --no-rename.
Several confusing and conflicting options were removed:
--append-coredumps
--conffile
--no-default-search
--tarball-uniqueid
The script was re-structured to make it easier for follow.
Change-Id: I674be64bdde3ef310b6a551d4911c3b600ffee59
In res_pjsip_sdp_rtp, the bind_rtp_to_media_address option and the
fallback use of the transport's bind address solve problems sending
media on systems that cannot send ipv4 packets on ipv6 sockets, and
certain other situations. This change extends both of these behaviors
to UDPTL sessions as well in res_pjsip_t38, to fix fax-specific
problems on these systems, introducing a new option
endpoint/t38_bind_udptl_to_media_address.
ASTERISK-29402
Change-Id: I87220c0e9cdd2fe9d156846cb906debe08c63557
The behavior of max_contacts and remove_existing are connected. If
remove_existing is enabled, the soonest expiring contacts are removed.
This may occur when there is an unavailable contact. Similarly,
when remove_existing is not enabled, registrations from good
endpoints are rejected in favor of retaining unavailable contacts.
This commit adds a new AOR option remove_unavailable, and the effect
of this setting will depend on remove_existing. If remove_existing
is set to no, we will still remove unavailable contacts when they
exceed max_contacts, if there are any. If remove_existing is set to
yes, we will prioritize the removal of unavailable contacts before
those that are expiring soonest.
ASTERISK-29525
Change-Id: Ia2711b08f2b4d1177411b1be23e970d7fdff5784
Adds the "auto" case which is valid with
both chan_sip dtmfmode and chan_pjsip's
dtmf_mode, adds subscribecontext to
subscribe_context conversion, and accounts
for cipher = ALL being invalid.
ASTERISK-29459
Change-Id: Ie27d6606efad3591038000e5f3c34fa94730f6f2
Added .log extension to the sample logs in logger.conf.sample so that
they will be able to be opened in the browser when attached to JIRA
tickets. Because of this, asterisk.logrotate has also been updated to
look for .log extensions instead of no extension for log files such as
full and messages.
Change-Id: I5de743c03f08047d6c6cc80cac5019ae0c4c200f
With newer version of linux /var/run/ is a symlink to /run/ that has
been turned into tmpfs.
Added note that if asterisk has to bind to a specific IP that
systemd has to wait until the network is up.
Added note on how to make sure that the environment variable
HOSTNAME is included.
ASTERISK-29216
Reported by: Mark Petersen
Tested by: Mark Petersen
Change-Id: Ib3e560655befd3e99eec743687144f5569533379
* Wildcards in #includes are now properly expanded
* Implement operators for Section class to allow sorting
ASTERISK-29142 #close
Change-Id: I9b9cd95f4cbe5c24506b75d17173c5aa1a83e5df