[asterisk-commits] oej: branch oej/pinefool-poor-mans-plc-1.8 r384916 - in /team/oej/pinefool-po...
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Mon Apr 8 09:59:09 CDT 2013
Author: oej
Date: Mon Apr 8 09:59:04 2013
New Revision: 384916
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=384916
Log:
Reset automerge
Modified:
team/oej/pinefool-poor-mans-plc-1.8/ (props changed)
team/oej/pinefool-poor-mans-plc-1.8/Makefile
team/oej/pinefool-poor-mans-plc-1.8/apps/app_meetme.c
team/oej/pinefool-poor-mans-plc-1.8/apps/app_voicemail.c
team/oej/pinefool-poor-mans-plc-1.8/channels/chan_dahdi.c
team/oej/pinefool-poor-mans-plc-1.8/channels/chan_sip.c
team/oej/pinefool-poor-mans-plc-1.8/channels/sig_pri.c
team/oej/pinefool-poor-mans-plc-1.8/channels/sig_pri.h
team/oej/pinefool-poor-mans-plc-1.8/channels/sip/include/sip.h
team/oej/pinefool-poor-mans-plc-1.8/configs/chan_dahdi.conf.sample
team/oej/pinefool-poor-mans-plc-1.8/contrib/realtime/mysql/sippeers.sql
team/oej/pinefool-poor-mans-plc-1.8/contrib/realtime/postgresql/realtime.sql
team/oej/pinefool-poor-mans-plc-1.8/funcs/func_channel.c
team/oej/pinefool-poor-mans-plc-1.8/funcs/func_curl.c
team/oej/pinefool-poor-mans-plc-1.8/main/cdr.c
team/oej/pinefool-poor-mans-plc-1.8/main/http.c
team/oej/pinefool-poor-mans-plc-1.8/res/res_config_curl.c
team/oej/pinefool-poor-mans-plc-1.8/res/res_rtp_asterisk.c
Propchange: team/oej/pinefool-poor-mans-plc-1.8/
------------------------------------------------------------------------------
automerge = Is-there-life-off-net?
Propchange: team/oej/pinefool-poor-mans-plc-1.8/
------------------------------------------------------------------------------
--- svnmerge-integrated (original)
+++ svnmerge-integrated Mon Apr 8 09:59:04 2013
@@ -1,1 +1,1 @@
-/branches/1.8:1-383446
+/branches/1.8:1-384914
Modified: team/oej/pinefool-poor-mans-plc-1.8/Makefile
URL: http://svnview.digium.com/svn/asterisk/team/oej/pinefool-poor-mans-plc-1.8/Makefile?view=diff&rev=384916&r1=384915&r2=384916
==============================================================================
--- team/oej/pinefool-poor-mans-plc-1.8/Makefile (original)
+++ team/oej/pinefool-poor-mans-plc-1.8/Makefile Mon Apr 8 09:59:04 2013
@@ -350,30 +350,31 @@
$(OTHER_SUBDIRS):
+ at _ASTCFLAGS="$(OTHER_SUBDIR_CFLAGS) $(_ASTCFLAGS)" ASTCFLAGS="$(ASTCFLAGS)" _ASTLDFLAGS="$(_ASTLDFLAGS)" ASTLDFLAGS="$(ASTLDFLAGS)" $(SUBMAKE) --no-builtin-rules -C $@ SUBDIR=$@ all
-defaults.h: makeopts
+defaults.h: makeopts cleantest
@build_tools/make_defaults_h > $@.tmp
@cmp -s $@.tmp $@ || mv $@.tmp $@
@rm -f $@.tmp
-main/version.c: FORCE
+main/version.c: FORCE cleantest
@build_tools/make_version_c > $@.tmp
@cmp -s $@.tmp $@ || mv $@.tmp $@
@rm -f $@.tmp
-include/asterisk/version.h: FORCE
+include/asterisk/version.h: FORCE cleantest
@build_tools/make_version_h > $@.tmp
@cmp -s $@.tmp $@ || mv $@.tmp $@
@rm -f $@.tmp
-include/asterisk/buildopts.h: menuselect.makeopts
+include/asterisk/buildopts.h: menuselect.makeopts cleantest
@build_tools/make_buildopts_h > $@.tmp
@cmp -s $@.tmp $@ || mv $@.tmp $@
@rm -f $@.tmp
-include/asterisk/build.h:
- @build_tools/make_build_h > $@.tmp
- @cmp -s $@.tmp $@ || mv $@.tmp $@
- @rm -f $@.tmp
+# build.h must depend on cleantest, or parallel make may wipe it out after it's
+# been created. But since build.h contains a timestamp, the cmp trick used above
+# won't work. Just testing for existence is good enough.
+include/asterisk/build.h: cleantest
+ @test -f $@ || build_tools/make_build_h > $@
$(SUBDIRS_CLEAN):
+@$(SUBMAKE) -C $(@:-clean=) clean
@@ -420,7 +421,7 @@
done
$(MAKE) -C sounds install
-doc/core-en_US.xml: $(foreach dir,$(MOD_SUBDIRS),$(shell $(GREP) -l "language=\"en_US\"" $(dir)/*.c $(dir)/*.cc 2>/dev/null))
+doc/core-en_US.xml: cleantest $(foreach dir,$(MOD_SUBDIRS),$(shell $(GREP) -l "language=\"en_US\"" $(dir)/*.c $(dir)/*.cc 2>/dev/null))
@printf "Building Documentation For: "
@echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" > $@
@echo "<!DOCTYPE docs SYSTEM \"appdocsxml.dtd\">" >> $@
Modified: team/oej/pinefool-poor-mans-plc-1.8/apps/app_meetme.c
URL: http://svnview.digium.com/svn/asterisk/team/oej/pinefool-poor-mans-plc-1.8/apps/app_meetme.c?view=diff&rev=384916&r1=384915&r2=384916
==============================================================================
--- team/oej/pinefool-poor-mans-plc-1.8/apps/app_meetme.c (original)
+++ team/oej/pinefool-poor-mans-plc-1.8/apps/app_meetme.c Mon Apr 8 09:59:04 2013
@@ -5637,7 +5637,16 @@
ringing_trunk = sla_choose_ringing_trunk(ringing_station->station, &s_trunk_ref, 1);
ast_mutex_unlock(&sla.lock);
if (!ringing_trunk) {
+ /* This case happens in a bit of a race condition. If two stations answer
+ * the outbound call at the same time, the first one will get connected to
+ * the trunk. When the second one gets here, it will not see any trunks
+ * ringing so we have no idea what to conect it to. So, we just hang up
+ * on it. */
ast_debug(1, "Found no ringing trunk for station '%s' to answer!\n", ringing_station->station->name);
+ ast_dial_join(ringing_station->station->dial);
+ ast_dial_destroy(ringing_station->station->dial);
+ ringing_station->station->dial = NULL;
+ ast_free(ringing_station);
break;
}
/* Track the channel that answered this trunk */
Modified: team/oej/pinefool-poor-mans-plc-1.8/apps/app_voicemail.c
URL: http://svnview.digium.com/svn/asterisk/team/oej/pinefool-poor-mans-plc-1.8/apps/app_voicemail.c?view=diff&rev=384916&r1=384915&r2=384916
==============================================================================
--- team/oej/pinefool-poor-mans-plc-1.8/apps/app_voicemail.c (original)
+++ team/oej/pinefool-poor-mans-plc-1.8/apps/app_voicemail.c Mon Apr 8 09:59:04 2013
@@ -5566,7 +5566,10 @@
if (inboxcount2(ext_context, &urgentvoicemails, &newvoicemails, &oldvoicemails)) {
ast_log(AST_LOG_ERROR, "Problem in calculating number of voicemail messages available for extension %s\n", extension);
} else {
- snprintf(arguments, sizeof(arguments), "%s %s %s %d %d %d &", externnotify, context, extension, newvoicemails, oldvoicemails, urgentvoicemails);
+ snprintf(arguments, sizeof(arguments), "%s %s %s %d %d %d &",
+ externnotify, S_OR(context, "\"\""),
+ extension, newvoicemails,
+ oldvoicemails, urgentvoicemails);
ast_debug(1, "Executing %s\n", arguments);
ast_safe_system(arguments);
}
Modified: team/oej/pinefool-poor-mans-plc-1.8/channels/chan_dahdi.c
URL: http://svnview.digium.com/svn/asterisk/team/oej/pinefool-poor-mans-plc-1.8/channels/chan_dahdi.c?view=diff&rev=384916&r1=384915&r2=384916
==============================================================================
--- team/oej/pinefool-poor-mans-plc-1.8/channels/chan_dahdi.c (original)
+++ team/oej/pinefool-poor-mans-plc-1.8/channels/chan_dahdi.c Mon Apr 8 09:59:04 2013
@@ -1365,6 +1365,7 @@
.localdialplan = PRI_NATIONAL_ISDN + 1,
.nodetype = PRI_CPE,
.qsigchannelmapping = DAHDI_CHAN_MAPPING_PHYSICAL,
+ .inband_on_proceeding = 1,
#if defined(HAVE_PRI_CCSS)
.cc_ptmp_recall_mode = 1,/* specificRecall */
@@ -12680,6 +12681,7 @@
pris[span].pri.layer1_ignored = 0;
}
pris[span].pri.append_msn_to_user_tag = conf->pri.pri.append_msn_to_user_tag;
+ pris[span].pri.inband_on_proceeding = conf->pri.pri.inband_on_proceeding;
ast_copy_string(pris[span].pri.initial_user_tag, conf->chan.cid_tag, sizeof(pris[span].pri.initial_user_tag));
ast_copy_string(pris[span].pri.msn_list, conf->pri.pri.msn_list, sizeof(pris[span].pri.msn_list));
#if defined(HAVE_PRI_MWI)
@@ -17677,6 +17679,8 @@
#endif /* defined(HAVE_PRI_MWI) */
} else if (!strcasecmp(v->name, "append_msn_to_cid_tag")) {
confp->pri.pri.append_msn_to_user_tag = ast_true(v->value);
+ } else if (!strcasecmp(v->name, "inband_on_proceeding")) {
+ confp->pri.pri.inband_on_proceeding = ast_true(v->value);
} else if (!strcasecmp(v->name, "layer1_presence")) {
if (!strcasecmp(v->value, "required")) {
confp->pri.pri.layer1_ignored = 0;
Modified: team/oej/pinefool-poor-mans-plc-1.8/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/team/oej/pinefool-poor-mans-plc-1.8/channels/chan_sip.c?view=diff&rev=384916&r1=384915&r2=384916
==============================================================================
--- team/oej/pinefool-poor-mans-plc-1.8/channels/chan_sip.c (original)
+++ team/oej/pinefool-poor-mans-plc-1.8/channels/chan_sip.c Mon Apr 8 09:59:04 2013
@@ -1110,6 +1110,11 @@
static struct ao2_container *peers;
static struct ao2_container *peers_by_ip;
+/*! \brief A bogus peer, to be used when authentication should fail */
+static struct sip_peer *bogus_peer;
+/*! \brief We can recognise the bogus peer by this invalid MD5 hash */
+#define BOGUS_PEER_MD5SECRET "intentionally_invalid_md5_string"
+
/*! \brief The register list: Other SIP proxies we register with and receive calls from */
static struct ast_register_list {
ASTOBJ_CONTAINER_COMPONENTS(struct sip_registry);
@@ -1250,7 +1255,7 @@
static int transmit_response_with_auth(struct sip_pvt *p, const char *msg, const struct sip_request *req, const char *rand, enum xmittype reliable, const char *header, int stale);
static int transmit_provisional_response(struct sip_pvt *p, const char *msg, const struct sip_request *req, int with_sdp);
static int transmit_response_with_allow(struct sip_pvt *p, const char *msg, const struct sip_request *req, enum xmittype reliable);
-static void transmit_fake_auth_response(struct sip_pvt *p, int sipmethod, struct sip_request *req, enum xmittype reliable);
+static void transmit_fake_auth_response(struct sip_pvt *p, struct sip_request *req, enum xmittype reliable);
static int transmit_request(struct sip_pvt *p, int sipmethod, uint32_t seqno, enum xmittype reliable, int newbranch);
static int transmit_request_with_auth(struct sip_pvt *p, int sipmethod, uint32_t seqno, enum xmittype reliable, int newbranch);
static int transmit_publish(struct sip_epa_entry *epa_entry, enum sip_publish_type publish_type, const char * const explicit_uri);
@@ -1486,7 +1491,7 @@
static int get_also_info(struct sip_pvt *p, struct sip_request *oreq);
static int parse_ok_contact(struct sip_pvt *pvt, struct sip_request *req);
static int set_address_from_contact(struct sip_pvt *pvt);
-static void check_via(struct sip_pvt *p, struct sip_request *req);
+static void check_via(struct sip_pvt *p, const struct sip_request *req);
static int get_rpid(struct sip_pvt *p, struct sip_request *oreq);
static int get_rdnis(struct sip_pvt *p, struct sip_request *oreq, char **name, char **number, int *reason);
static enum sip_get_dest_result get_destination(struct sip_pvt *p, struct sip_request *oreq, int *cc_recall_core_id);
@@ -14671,7 +14676,9 @@
ast_verbose(VERBOSE_PREFIX_3 "Registered SIP '%s' at %s\n", peer->name,
ast_sockaddr_stringify(&peer->addr));
}
+ sip_pvt_unlock(pvt);
sip_poke_peer(peer, 0);
+ sip_pvt_lock(pvt);
register_peer_exten(peer, 1);
/* Save User agent */
@@ -14858,6 +14865,7 @@
char a1_hash[256];
char resp_hash[256]="";
char *c;
+ int is_bogus_peer = 0;
int wrongnonce = FALSE;
int good_response;
const char *usednonce = p->randdata;
@@ -14952,8 +14960,14 @@
}
}
+ /* We cannot rely on the bogus_peer having a bad md5 value. Someone could
+ * use it to construct valid auth. */
+ if (md5secret && strcmp(md5secret, BOGUS_PEER_MD5SECRET) == 0) {
+ is_bogus_peer = 1;
+ }
+
/* Verify that digest username matches the username we auth as */
- if (strcmp(username, keys[K_USER].s)) {
+ if (strcmp(username, keys[K_USER].s) && !is_bogus_peer) {
ast_log(LOG_WARNING, "username mismatch, have <%s>, digest has <%s>\n",
username, keys[K_USER].s);
/* Oops, we're trying something here */
@@ -14992,7 +15006,8 @@
}
good_response = keys[K_RESP].s &&
- !strncasecmp(keys[K_RESP].s, resp_hash, strlen(resp_hash));
+ !strncasecmp(keys[K_RESP].s, resp_hash, strlen(resp_hash)) &&
+ !is_bogus_peer; /* lastly, check that the peer isn't the fake peer */
if (wrongnonce) {
if (good_response) {
if (sipdebug)
@@ -15136,7 +15151,7 @@
/*! \brief Send a fake 401 Unauthorized response when the administrator
wants to hide the names of local devices from fishers
*/
-static void transmit_fake_auth_response(struct sip_pvt *p, int sipmethod, struct sip_request *req, enum xmittype reliable)
+static void transmit_fake_auth_response(struct sip_pvt *p, struct sip_request *req, enum xmittype reliable)
{
/* We have to emulate EXACTLY what we'd get with a good peer
* and a bad password, or else we leak information. */
@@ -15175,13 +15190,13 @@
}
if (!(buf = ast_str_thread_get(&check_auth_buf, CHECK_AUTH_BUF_INITLEN))) {
- transmit_response(p, "403 Forbidden (Bad auth)", &p->initreq);
+ __transmit_response(p, "403 Forbidden", &p->initreq, reliable);
return;
}
/* Make a copy of the response and parse it */
if (ast_str_set(&buf, 0, "%s", authtoken) == AST_DYNSTR_BUILD_FAILED) {
- transmit_response(p, "403 Forbidden (Bad auth)", &p->initreq);
+ __transmit_response(p, "403 Forbidden", &p->initreq, reliable);
return;
}
@@ -15219,7 +15234,7 @@
/* Schedule auto destroy in 32 seconds */
sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
} else {
- transmit_response(p, "403 Forbidden (Bad auth)", &p->initreq);
+ __transmit_response(p, "403 Forbidden", &p->initreq, reliable);
}
}
@@ -15329,7 +15344,7 @@
if (!AST_LIST_EMPTY(&domain_list)) {
if (!check_sip_domain(domain, NULL, 0)) {
if (sip_cfg.alwaysauthreject) {
- transmit_fake_auth_response(p, SIP_REGISTER, &p->initreq, XMIT_UNRELIABLE);
+ transmit_fake_auth_response(p, &p->initreq, XMIT_UNRELIABLE);
} else {
transmit_response(p, "404 Not found (unknown domain)", &p->initreq);
}
@@ -15355,6 +15370,13 @@
}
}
peer = find_peer(name, NULL, TRUE, FINDPEERS, FALSE, 0);
+
+ /* If we don't want username disclosure, use the bogus_peer when a user
+ * is not found. */
+ if (!peer && sip_cfg.alwaysauthreject && !sip_cfg.autocreatepeer) {
+ peer = bogus_peer;
+ ref_peer(peer, "register_verify: ref the bogus_peer");
+ }
if (!(peer && ast_apply_ha(peer->ha, addr))) {
/* Peer fails ACL check */
@@ -15431,7 +15453,7 @@
switch (parse_register_contact(p, peer, req)) {
case PARSE_REGISTER_DENIED:
ast_log(LOG_WARNING, "Registration denied because of contact ACL\n");
- transmit_response_with_date(p, "403 Forbidden (ACL)", req);
+ transmit_response_with_date(p, "403 Forbidden", req);
res = 0;
break;
case PARSE_REGISTER_FAILED:
@@ -15459,7 +15481,9 @@
}
if (!res) {
if (send_mwi) {
+ sip_pvt_unlock(p);
sip_send_mwi_to_peer(peer, 0);
+ sip_pvt_lock(p);
} else {
update_peer_lastmsgssent(peer, -1, 0);
}
@@ -15469,7 +15493,7 @@
switch (res) {
case AUTH_SECRET_FAILED:
/* Wrong password in authentication. Go away, don't try again until you fixed it */
- transmit_response(p, "403 Forbidden (Bad auth)", &p->initreq);
+ transmit_response(p, "403 Forbidden", &p->initreq);
if (global_authfailureevents) {
const char *peer_addr = ast_strdupa(ast_sockaddr_stringify_addr(addr));
const char *peer_port = ast_strdupa(ast_sockaddr_stringify_port(addr));
@@ -15492,7 +15516,7 @@
case AUTH_PEER_NOT_DYNAMIC:
case AUTH_ACL_FAILED:
if (sip_cfg.alwaysauthreject) {
- transmit_fake_auth_response(p, SIP_REGISTER, &p->initreq, XMIT_UNRELIABLE);
+ transmit_fake_auth_response(p, &p->initreq, XMIT_UNRELIABLE);
if (global_authfailureevents) {
const char *peer_addr = ast_strdupa(ast_sockaddr_stringify_addr(addr));
const char *peer_port = ast_strdupa(ast_sockaddr_stringify_port(addr));
@@ -16428,7 +16452,7 @@
}
/*! \brief check Via: header for hostname, port and rport request/answer */
-static void check_via(struct sip_pvt *p, struct sip_request *req)
+static void check_via(struct sip_pvt *p, const struct sip_request *req)
{
char via[512];
char *c, *maddr;
@@ -16522,7 +16546,19 @@
ast_verbose("No matching peer for '%s' from '%s'\n",
of, ast_sockaddr_stringify(&p->recv));
}
- return AUTH_DONT_KNOW;
+
+ /* If you don't mind, we can return 404s for devices that do
+ * not exist: username disclosure. If we allow guests, there
+ * is no way around that. */
+ if (sip_cfg.allowguest || !sip_cfg.alwaysauthreject) {
+ return AUTH_DONT_KNOW;
+ }
+
+ /* If you do mind, we use a peer that will never authenticate.
+ * This ensures that we follow the same code path as regular
+ * auth: less chance for username disclosure. */
+ peer = bogus_peer;
+ ref_peer(peer, "ref_peer: check_peer_ok: must ref bogus_peer so unreffing it does not fail");
}
if (!ast_apply_ha(peer->ha, addr)) {
@@ -16530,9 +16566,10 @@
unref_peer(peer, "unref_peer: check_peer_ok: from find_peer call, early return of AUTH_ACL_FAILED");
return AUTH_ACL_FAILED;
}
- if (debug)
+ if (debug && peer != bogus_peer) {
ast_verbose("Found peer '%s' for '%s' from %s\n",
peer->name, of, ast_sockaddr_stringify(&p->recv));
+ }
/* XXX what about p->prefs = peer->prefs; ? */
/* Set Frame packetization */
@@ -16801,8 +16838,6 @@
} else {
res = AUTH_RTP_FAILED;
}
- } else if (sip_cfg.alwaysauthreject) {
- res = AUTH_FAKE_AUTH; /* reject with fake authorization request */
} else {
res = AUTH_SECRET_FAILED; /* we don't want any guests, authentication will fail */
}
@@ -22585,13 +22620,8 @@
return 0;
}
if (res < 0) { /* Something failed in authentication */
- if (res == AUTH_FAKE_AUTH) {
- ast_log(LOG_NOTICE, "Sending fake auth rejection for device %s\n", get_header(req, "From"));
- transmit_fake_auth_response(p, SIP_OPTIONS, req, XMIT_UNRELIABLE);
- } else {
- ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", get_header(req, "From"));
- transmit_response(p, "403 Forbidden", req);
- }
+ ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", get_header(req, "From"));
+ transmit_response(p, "403 Forbidden", req);
sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
return 0;
}
@@ -23251,13 +23281,8 @@
goto request_invite_cleanup;
}
if (res < 0) { /* Something failed in authentication */
- if (res == AUTH_FAKE_AUTH) {
- ast_log(LOG_NOTICE, "Sending fake auth rejection for device %s\n", get_header(req, "From"));
- transmit_fake_auth_response(p, SIP_INVITE, req, XMIT_RELIABLE);
- } else {
- ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", get_header(req, "From"));
- transmit_response_reliable(p, "403 Forbidden", req);
- }
+ ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", get_header(req, "From"));
+ transmit_response_reliable(p, "403 Forbidden", req);
p->invitestate = INV_COMPLETED;
sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
res = 0;
@@ -23420,7 +23445,7 @@
/* Session-Timers */
if ((p->sipoptions & SIP_OPT_TIMER)) {
- enum st_refresher_param st_ref_param;
+ enum st_refresher_param st_ref_param = SESSION_TIMER_REFRESHER_PARAM_UNKNOWN;
/* The UAC has requested session-timers for this session. Negotiate
the session refresh interval and who will be the refresher */
@@ -25084,18 +25109,13 @@
return -1;
}
- auth_result = check_user(p, req, SIP_PUBLISH, uri, XMIT_RELIABLE, addr);
+ auth_result = check_user(p, req, SIP_PUBLISH, uri, XMIT_UNRELIABLE, addr);
if (auth_result == AUTH_CHALLENGE_SENT) {
p->lastinvite = seqno;
return 0;
} else if (auth_result < 0) {
- if (auth_result == AUTH_FAKE_AUTH) {
- ast_log(LOG_NOTICE, "Sending fake auth rejection for device %s\n", get_header(req, "From"));
- transmit_fake_auth_response(p, SIP_INVITE, req, XMIT_RELIABLE);
- } else {
- ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", get_header(req, "From"));
- transmit_response_reliable(p, "403 Forbidden", req);
- }
+ ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", get_header(req, "From"));
+ transmit_response(p, "403 Forbidden", req);
sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
ast_string_field_set(p, theirtag, NULL);
return 0;
@@ -25308,19 +25328,14 @@
* use if !req->ignore, because then we'll end up sending
* a 200 OK if someone retransmits without sending auth */
if (p->subscribed == NONE || resubscribe) {
- res = check_user_full(p, req, SIP_SUBSCRIBE, e, 0, addr, &authpeer);
+ res = check_user_full(p, req, SIP_SUBSCRIBE, e, XMIT_UNRELIABLE, addr, &authpeer);
/* if an authentication response was sent, we are done here */
if (res == AUTH_CHALLENGE_SENT) /* authpeer = NULL here */
return 0;
if (res != AUTH_SUCCESSFUL) {
- if (res == AUTH_FAKE_AUTH) {
- ast_log(LOG_NOTICE, "Sending fake auth rejection for device %s\n", get_header(req, "From"));
- transmit_fake_auth_response(p, SIP_SUBSCRIBE, req, XMIT_UNRELIABLE);
- } else {
- ast_log(LOG_NOTICE, "Failed to authenticate device %s for SUBSCRIBE\n", get_header(req, "From"));
- transmit_response_reliable(p, "403 Forbidden", req);
- }
+ ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", get_header(req, "From"));
+ transmit_response(p, "403 Forbidden", req);
pvt_set_needdestroy(p, "authentication failed");
return 0;
@@ -26069,7 +26084,10 @@
owner_chan_ref = sip_pvt_lock_full(p);
copy_socket_data(&p->socket, &req->socket);
- ast_sockaddr_copy(&p->recv, addr);
+
+ if (ast_sockaddr_isnull(&p->recv)) { /* This may already be set before getting here */
+ ast_sockaddr_copy(&p->recv, addr);
+ }
/* if we have an owner, then this request has been authenticated */
if (p->owner) {
@@ -26972,6 +26990,9 @@
\note This is done with 60 seconds between each ping,
unless forced by cli or manager. If peer is unreachable,
we check every 10th second by default.
+\note Do *not* hold a pvt lock while calling this function.
+ This function calls sip_alloc, which can cause a deadlock
+ if another sip_pvt is held.
*/
static int sip_poke_peer(struct sip_peer *peer, int force)
{
@@ -28140,7 +28161,7 @@
} else if (!strcasecmp(v->name, "host")) {
if (!strcasecmp(v->value, "dynamic")) {
/* They'll register with us */
- if ((!found && !realtime) || !peer->host_dynamic) {
+ if ((!found && !ast_test_flag(&global_flags[1], SIP_PAGE2_RTCACHEFRIENDS)) || !peer->host_dynamic) {
/* Initialize stuff if this is a new peer, or if it used to
* not be dynamic before the reload. */
ast_sockaddr_setnull(&peer->addr);
@@ -28460,6 +28481,10 @@
set_socket_transport(&peer->socket, peer->default_outbound_transport);
}
+ ast_copy_flags(&peer->flags[0], &peerflags[0], mask[0].flags);
+ ast_copy_flags(&peer->flags[1], &peerflags[1], mask[1].flags);
+ ast_copy_flags(&peer->flags[2], &peerflags[2], mask[2].flags);
+
if (ast_str_strlen(fullcontact)) {
ast_string_field_set(peer, fullcontact, ast_str_buffer(fullcontact));
peer->rt_fromcontact = TRUE;
@@ -28553,9 +28578,6 @@
sip_poke_peer(peer, 0);
}
- ast_copy_flags(&peer->flags[0], &peerflags[0], mask[0].flags);
- ast_copy_flags(&peer->flags[1], &peerflags[1], mask[1].flags);
- ast_copy_flags(&peer->flags[2], &peerflags[2], mask[2].flags);
if (ast_test_flag(&peer->flags[1], SIP_PAGE2_ALLOWSUBSCRIBE)) {
sip_cfg.allowsubscribe = TRUE; /* No global ban any more */
}
@@ -30464,6 +30486,7 @@
/*! \brief Force reload of module from cli */
static char *sip_reload(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
{
+ static struct sip_peer *tmp_peer, *new_peer;
switch (cmd) {
case CLI_INIT:
@@ -30485,6 +30508,18 @@
}
ast_mutex_unlock(&sip_reload_lock);
restart_monitor();
+
+ tmp_peer = bogus_peer;
+ /* Create new bogus peer possibly with new global settings. */
+ if ((new_peer = temp_peer("(bogus_peer)"))) {
+ ast_string_field_set(new_peer, md5secret, BOGUS_PEER_MD5SECRET);
+ ast_clear_flag(&new_peer->flags[0], SIP_INSECURE);
+ bogus_peer = new_peer;
+ ao2_t_ref(tmp_peer, -1, "unref the old bogus_peer during reload");
+ } else {
+ ast_log(LOG_ERROR, "Could not update the fake authentication peer.\n");
+ /* You probably have bigger (memory?) issues to worry about though.. */
+ }
return CLI_SUCCESS;
}
@@ -31669,6 +31704,17 @@
return AST_MODULE_LOAD_DECLINE;
}
+ /* Initialize bogus peer. Can be done first after reload_config() */
+ if (!(bogus_peer = temp_peer("(bogus_peer)"))) {
+ ast_log(LOG_ERROR, "Unable to create bogus_peer for authentication\n");
+ io_context_destroy(io);
+ sched_context_destroy(sched);
+ return AST_MODULE_LOAD_FAILURE;
+ }
+ /* Make sure the auth will always fail. */
+ ast_string_field_set(bogus_peer, md5secret, BOGUS_PEER_MD5SECRET);
+ ast_clear_flag(&bogus_peer->flags[0], SIP_INSECURE);
+
/* Prepare the version that does not require DTMF BEGIN frames.
* We need to use tricks such as memcpy and casts because the variable
* has const fields.
@@ -31679,6 +31725,7 @@
/* Make sure we can register our sip channel type */
if (ast_channel_register(&sip_tech)) {
ast_log(LOG_ERROR, "Unable to register channel type 'SIP'\n");
+ ao2_t_ref(bogus_peer, -1, "unref the bogus_peer");
io_context_destroy(io);
sched_context_destroy(sched);
return AST_MODULE_LOAD_FAILURE;
@@ -31920,6 +31967,8 @@
ast_debug(2, "TCP/TLS thread container did not become empty :(\n");
}
+ ao2_t_ref(bogus_peer, -1, "unref the bogus_peer");
+
ao2_t_ref(peers, -1, "unref the peers table");
ao2_t_ref(peers_by_ip, -1, "unref the peers_by_ip table");
ao2_t_ref(dialogs, -1, "unref the dialogs table");
Modified: team/oej/pinefool-poor-mans-plc-1.8/channels/sig_pri.c
URL: http://svnview.digium.com/svn/asterisk/team/oej/pinefool-poor-mans-plc-1.8/channels/sig_pri.c?view=diff&rev=384916&r1=384915&r2=384916
==============================================================================
--- team/oej/pinefool-poor-mans-plc-1.8/channels/sig_pri.c (original)
+++ team/oej/pinefool-poor-mans-plc-1.8/channels/sig_pri.c Mon Apr 8 09:59:04 2013
@@ -5349,6 +5349,10 @@
snprintf(calledtonstr, sizeof(calledtonstr), "%d", e->ring.calledplan);
pbx_builtin_setvar_helper(c, "CALLEDTON", calledtonstr);
+ ast_channel_lock(c);
+ c->dialed.number.plan = e->ring.calledplan;
+ ast_channel_unlock(c);
+
if (e->ring.redirectingreason >= 0) {
/* This is now just a status variable. Use REDIRECTING() dialplan function. */
pbx_builtin_setvar_helper(c, "PRIREDIRECTREASON", redirectingreason2str(e->ring.redirectingreason));
@@ -5487,10 +5491,12 @@
snprintf(calledtonstr, sizeof(calledtonstr), "%d", e->ring.calledplan);
pbx_builtin_setvar_helper(c, "CALLEDTON", calledtonstr);
+ ast_channel_lock(c);
+ c->dialed.number.plan = e->ring.calledplan;
+ ast_channel_unlock(c);
sig_pri_handle_subcmds(pri, chanpos, e->e, e->ring.channel,
e->ring.subcmds, e->ring.call);
-
}
if (c && !ast_pbx_start(c)) {
ast_verb(3, "Accepting call from '%s' to '%s' on channel %d/%d, span %d\n",
@@ -5672,9 +5678,11 @@
/* Bring voice path up */
pri_queue_control(pri, chanpos, AST_CONTROL_PROGRESS);
pri->pvts[chanpos]->progress = 1;
+ sig_pri_set_dialing(pri->pvts[chanpos], 0);
sig_pri_open_media(pri->pvts[chanpos]);
- }
- sig_pri_set_dialing(pri->pvts[chanpos], 0);
+ } else if (pri->inband_on_proceeding) {
+ sig_pri_set_dialing(pri->pvts[chanpos], 0);
+ }
sig_pri_unlock_private(pri->pvts[chanpos]);
break;
case PRI_EVENT_FACILITY:
Modified: team/oej/pinefool-poor-mans-plc-1.8/channels/sig_pri.h
URL: http://svnview.digium.com/svn/asterisk/team/oej/pinefool-poor-mans-plc-1.8/channels/sig_pri.h?view=diff&rev=384916&r1=384915&r2=384916
==============================================================================
--- team/oej/pinefool-poor-mans-plc-1.8/channels/sig_pri.h (original)
+++ team/oej/pinefool-poor-mans-plc-1.8/channels/sig_pri.h Mon Apr 8 09:59:04 2013
@@ -393,6 +393,8 @@
* appended to the initial_user_tag[].
*/
unsigned int append_msn_to_user_tag:1;
+ /*! TRUE if a PROCEEDING message needs to unsquelch the received audio. */
+ unsigned int inband_on_proceeding:1;
int dialplan; /*!< Dialing plan */
int localdialplan; /*!< Local dialing plan */
char internationalprefix[10]; /*!< country access code ('00' for european dialplans) */
Modified: team/oej/pinefool-poor-mans-plc-1.8/channels/sip/include/sip.h
URL: http://svnview.digium.com/svn/asterisk/team/oej/pinefool-poor-mans-plc-1.8/channels/sip/include/sip.h?view=diff&rev=384916&r1=384915&r2=384916
==============================================================================
--- team/oej/pinefool-poor-mans-plc-1.8/channels/sip/include/sip.h (original)
+++ team/oej/pinefool-poor-mans-plc-1.8/channels/sip/include/sip.h Mon Apr 8 09:59:04 2013
@@ -472,7 +472,6 @@
AUTH_SECRET_FAILED = -1,
AUTH_USERNAME_MISMATCH = -2,
AUTH_NOT_FOUND = -3, /*!< returned by register_verify */
- AUTH_FAKE_AUTH = -4,
AUTH_UNKNOWN_DOMAIN = -5,
AUTH_PEER_NOT_DYNAMIC = -6,
AUTH_ACL_FAILED = -7,
Modified: team/oej/pinefool-poor-mans-plc-1.8/configs/chan_dahdi.conf.sample
URL: http://svnview.digium.com/svn/asterisk/team/oej/pinefool-poor-mans-plc-1.8/configs/chan_dahdi.conf.sample?view=diff&rev=384916&r1=384915&r2=384916
==============================================================================
--- team/oej/pinefool-poor-mans-plc-1.8/configs/chan_dahdi.conf.sample (original)
+++ team/oej/pinefool-poor-mans-plc-1.8/configs/chan_dahdi.conf.sample Mon Apr 8 09:59:04 2013
@@ -168,6 +168,18 @@
; B channels; defaults to 'never'.
;
;resetinterval = 3600
+;
+; Assume inband audio may be present when a PROCEEDING message is received.
+; Q.931 Section 5.1.2 says the network cannot assume that the CPE side has
+; attached to the B channel at this time without explicitly sending the
+; progress indicator ie informing the CPE side to attach to the B channel
+; for audio. However, some non-compliant ISDN switches send a PROCEEDING
+; without the progress indicator ie indicating inband audio is available and
+; assume that the CPE device has connected the media path for listening to
+; ringback and other messages.
+; Default yes in current release branches for backward compatibility.
+;
+;inband_on_proceeding=yes
;
; Overlap dialing mode (sending overlap digits)
; Cannot be changed on a reload.
Modified: team/oej/pinefool-poor-mans-plc-1.8/contrib/realtime/mysql/sippeers.sql
URL: http://svnview.digium.com/svn/asterisk/team/oej/pinefool-poor-mans-plc-1.8/contrib/realtime/mysql/sippeers.sql?view=diff&rev=384916&r1=384915&r2=384916
==============================================================================
--- team/oej/pinefool-poor-mans-plc-1.8/contrib/realtime/mysql/sippeers.sql (original)
+++ team/oej/pinefool-poor-mans-plc-1.8/contrib/realtime/mysql/sippeers.sql Mon Apr 8 09:59:04 2013
@@ -24,7 +24,7 @@
`transport` enum('udp','tcp','udp,tcp','tcp,udp') DEFAULT NULL,
`dtmfmode` enum('rfc2833','info','shortinfo','inband','auto') DEFAULT NULL,
`directmedia` enum('yes','no','nonat','update') DEFAULT NULL,
- `nat` enum('yes','no','never','route') DEFAULT NULL,
+ `nat` varchar(29) DEFAULT NULL,
`callgroup` varchar(40) DEFAULT NULL,
`pickupgroup` varchar(40) DEFAULT NULL,
`language` varchar(40) DEFAULT NULL,
Modified: team/oej/pinefool-poor-mans-plc-1.8/contrib/realtime/postgresql/realtime.sql
URL: http://svnview.digium.com/svn/asterisk/team/oej/pinefool-poor-mans-plc-1.8/contrib/realtime/postgresql/realtime.sql?view=diff&rev=384916&r1=384915&r2=384916
==============================================================================
--- team/oej/pinefool-poor-mans-plc-1.8/contrib/realtime/postgresql/realtime.sql (original)
+++ team/oej/pinefool-poor-mans-plc-1.8/contrib/realtime/postgresql/realtime.sql Mon Apr 8 09:59:04 2013
@@ -48,7 +48,7 @@
"language" character varying(2),
mailbox character varying(50),
md5secret character varying(80),
-nat character varying(5) DEFAULT 'no' NOT NULL,
+nat character varying(29) DEFAULT '' NOT NULL,
permit character varying(95),
deny character varying(95),
mask character varying(95),
Modified: team/oej/pinefool-poor-mans-plc-1.8/funcs/func_channel.c
URL: http://svnview.digium.com/svn/asterisk/team/oej/pinefool-poor-mans-plc-1.8/funcs/func_channel.c?view=diff&rev=384916&r1=384915&r2=384916
==============================================================================
--- team/oej/pinefool-poor-mans-plc-1.8/funcs/func_channel.c (original)
+++ team/oej/pinefool-poor-mans-plc-1.8/funcs/func_channel.c Mon Apr 8 09:59:04 2013
@@ -77,6 +77,20 @@
<parameter name="item" required="true">
<para>Standard items (provided by all channel technologies) are:</para>
<enumlist>
+ <enum name="amaflags">
+ <para>R/W the Automatic Message Accounting (AMA) flags on the channel.
+ When read from a channel, the integer value will always be returned.
+ When written to a channel, both the string format or integer value
+ is accepted.</para>
+ <enumlist>
+ <enum name="1"><para><literal>OMIT</literal></para></enum>
+ <enum name="2"><para><literal>BILLING</literal></para></enum>
+ <enum name="3"><para><literal>DOCUMENTATION</literal></para></enum>
+ </enumlist>
+ </enum>
+ <enum name="accountcode">
+ <para>R/W the channel's account code.</para>
+ </enum>
<enum name="audioreadformat">
<para>R/O format currently being read.</para>
</enum>
Modified: team/oej/pinefool-poor-mans-plc-1.8/funcs/func_curl.c
URL: http://svnview.digium.com/svn/asterisk/team/oej/pinefool-poor-mans-plc-1.8/funcs/func_curl.c?view=diff&rev=384916&r1=384915&r2=384916
==============================================================================
--- team/oej/pinefool-poor-mans-plc-1.8/funcs/func_curl.c (original)
+++ team/oej/pinefool-poor-mans-plc-1.8/funcs/func_curl.c Mon Apr 8 09:59:04 2013
@@ -568,6 +568,7 @@
struct ast_datastore *store = NULL;
int hashcompat = 0;
AST_LIST_HEAD(global_curl_info, curl_settings) *list = NULL;
+ char curl_errbuf[CURL_ERROR_SIZE + 1]; /* add one to be safe */
if (buf) {
*buf = '\0';
@@ -629,7 +630,19 @@
curl_easy_setopt(*curl, CURLOPT_POSTFIELDS, args.postdata);
}
- curl_easy_perform(*curl);
+ /* Temporarily assign a buffer for curl to write errors to. */
+ curl_errbuf[0] = curl_errbuf[CURL_ERROR_SIZE] = '\0';
+ curl_easy_setopt(*curl, CURLOPT_ERRORBUFFER, curl_errbuf);
+
+ if (curl_easy_perform(*curl) != 0) {
+ ast_log(LOG_WARNING, "%s ('%s')\n", curl_errbuf, args.url);
+ }
+
+ /* Reset buffer to NULL so curl doesn't try to write to it when the
+ * buffer is deallocated. Documentation is vague about allowing NULL
+ * here, but the source allows it. See: "typecheck: allow NULL to unset
+ * CURLOPT_ERRORBUFFER" (62bcf005f4678a93158358265ba905bace33b834). */
+ curl_easy_setopt(*curl, CURLOPT_ERRORBUFFER, (char*)NULL);
if (store) {
AST_LIST_UNLOCK(list);
Modified: team/oej/pinefool-poor-mans-plc-1.8/main/cdr.c
URL: http://svnview.digium.com/svn/asterisk/team/oej/pinefool-poor-mans-plc-1.8/main/cdr.c?view=diff&rev=384916&r1=384915&r2=384916
==============================================================================
--- team/oej/pinefool-poor-mans-plc-1.8/main/cdr.c (original)
+++ team/oej/pinefool-poor-mans-plc-1.8/main/cdr.c Mon Apr 8 09:59:04 2013
@@ -108,6 +108,8 @@
static int batchsafeshutdown;
static const int BATCH_SAFE_SHUTDOWN_DEFAULT = 1;
+
+AST_MUTEX_DEFINE_STATIC(cdr_sched_lock);
AST_MUTEX_DEFINE_STATIC(cdr_batch_lock);
@@ -1300,17 +1302,24 @@
{
ast_cdr_submit_batch(0);
/* manually reschedule from this point in time */
+ ast_mutex_lock(&cdr_sched_lock);
cdr_sched = ast_sched_add(sched, batchtime * 1000, submit_scheduled_batch, NULL);
+ ast_mutex_unlock(&cdr_sched_lock);
/* returning zero so the scheduler does not automatically reschedule */
return 0;
}
+/*! Do not hold the batch lock while calling this function */
static void submit_unscheduled_batch(void)
{
+ /* Prevent two deletes from happening at the same time */
+ ast_mutex_lock(&cdr_sched_lock);
/* this is okay since we are not being called from within the scheduler */
AST_SCHED_DEL(sched, cdr_sched);
/* schedule the submission to occur ASAP (1 ms) */
cdr_sched = ast_sched_add(sched, 1, submit_scheduled_batch, NULL);
+ ast_mutex_unlock(&cdr_sched_lock);
+
/* signal the do_cdr thread to wakeup early and do some work (that lazy thread ;) */
ast_mutex_lock(&cdr_pending_lock);
ast_cond_signal(&cdr_pending_cond);
@@ -1321,6 +1330,7 @@
{
struct ast_cdr_batch_item *newtail;
int curr;
+ int submit_batch = 0;
if (!cdr)
return;
@@ -1367,10 +1377,14 @@
/* if we have enough stuff to post, then do it */
if (curr >= (batchsize - 1)) {
+ submit_batch = 1;
+ }
+ ast_mutex_unlock(&cdr_batch_lock);
+
+ /* Don't call submit_unscheduled_batch with the cdr_batch_lock held */
+ if (submit_batch) {
submit_unscheduled_batch();
}
-
- ast_mutex_unlock(&cdr_batch_lock);
}
static void *do_cdr(void *data)
@@ -1522,7 +1536,9 @@
}
/* don't run the next scheduled CDR posting while reloading */
+ ast_mutex_lock(&cdr_sched_lock);
AST_SCHED_DEL(sched, cdr_sched);
+ ast_mutex_unlock(&cdr_sched_lock);
if (config) {
if ((enabled_value = ast_variable_retrieve(config, "general", "enable"))) {
@@ -1565,7 +1581,9 @@
if (enabled && !batchmode) {
ast_log(LOG_NOTICE, "CDR simple logging enabled.\n");
} else if (enabled && batchmode) {
+ ast_mutex_lock(&cdr_sched_lock);
cdr_sched = ast_sched_add(sched, batchtime * 1000, submit_scheduled_batch, NULL);
+ ast_mutex_unlock(&cdr_sched_lock);
ast_log(LOG_NOTICE, "CDR batch mode logging enabled, first of either size %d or time %d seconds.\n", batchsize, batchtime);
} else {
ast_log(LOG_NOTICE, "CDR logging disabled, data will be lost.\n");
@@ -1577,7 +1595,9 @@
ast_cond_init(&cdr_pending_cond, NULL);
if (ast_pthread_create_background(&cdr_thread, NULL, do_cdr, NULL) < 0) {
ast_log(LOG_ERROR, "Unable to start CDR thread.\n");
+ ast_mutex_lock(&cdr_sched_lock);
AST_SCHED_DEL(sched, cdr_sched);
+ ast_mutex_unlock(&cdr_sched_lock);
} else {
ast_cli_register(&cli_submit);
ast_register_atexit(ast_cdr_engine_term);
Modified: team/oej/pinefool-poor-mans-plc-1.8/main/http.c
URL: http://svnview.digium.com/svn/asterisk/team/oej/pinefool-poor-mans-plc-1.8/main/http.c?view=diff&rev=384916&r1=384915&r2=384916
==============================================================================
--- team/oej/pinefool-poor-mans-plc-1.8/main/http.c (original)
+++ team/oej/pinefool-poor-mans-plc-1.8/main/http.c Mon Apr 8 09:59:04 2013
@@ -230,7 +230,7 @@
goto out403;
}
- /* Disallow any funny filenames at all */
+ /* Disallow any funny filenames at all (checking first character only??) */
if ((uri[0] < 33) || strchr("./|~@#$%^&*() \t", uri[0])) {
goto out403;
}
@@ -245,6 +245,7 @@
if (!(mtype = ast_http_ftype2mtype(ftype))) {
snprintf(wkspace, sizeof(wkspace), "text/%s", S_OR(ftype, "plain"));
+ mtype = wkspace;
}
/* Cap maximum length */
@@ -262,12 +263,12 @@
goto out404;
}
+ if (strstr(path, "/private/") && !astman_is_authed(ast_http_manid_from_vars(headers))) {
+ goto out403;
+ }
+
fd = open(path, O_RDONLY);
if (fd < 0) {
- goto out403;
- }
-
- if (strstr(path, "/private/") && !astman_is_authed(ast_http_manid_from_vars(headers))) {
goto out403;
}
@@ -290,6 +291,7 @@
}
if ( (http_header = ast_str_create(255)) == NULL) {
+ close(fd);
return -1;
}
@@ -612,6 +614,8 @@
ast_uri_decode(s);
}
+#define MAX_POST_CONTENT 1025
+
/*
* get post variables from client Request Entity-Body, if content type is
* application/x-www-form-urlencoded
@@ -641,6 +645,13 @@
}
if (content_length <= 0) {
+ return NULL;
+ }
+
[... 103 lines stripped ...]
More information about the asterisk-commits
mailing list