Change-Id: Ic50e95b4fc10f74ab15416d908e8a87ee8ec2f85

Adds the overlap_context option, which can be used
to explicitly specify a context to use for overlap
dialing extension matches, rather than forcibly
using the context configured for the endpoint.

ASTERISK-30262 #close

Change-Id: Ibbcd4a8b11402428a187fb56b8d4e7408774a0db

chan_sip supported sending AOC-D and AOC-E information in SIP INFO
messages in an "AOC" header in a format that was originally defined by
Snom. In the meantime, ETSI TS 124 647 introduced an XML-based AOC
format that is supported by devices from multiple vendors, including
Snom phones with firmware >= 8.4.2 (released in 2010).

This commit adds a new res_pjsip_aoc module that inserts AOC information
into outgoing messages or sends SIP INFO messages as described below.
It also fixes a small issue in res_pjsip_session which didn't always
call session supplements on outgoing_response.

* AOC-S in the 180/183/200 responses to an INVITE request
* AOC-S in SIP INFO (if a 200 response has already been sent or if the
  INVITE was sent by Asterisk)
* AOC-D in SIP INFO
* AOC-D in the 200 response to a BYE request (if the client hangs up)
* AOC-D in a BYE request (if Asterisk hangs up)
* AOC-E in the 200 response to a BYE request (if the client hangs up)
* AOC-E in a BYE request (if Asterisk hangs up)

The specification defines one more, AOC-S in an INVITE request, which
is not implemented here because it is not currently possible in
Asterisk to have AOC data ready at this point in call setup. Once
specifying AOC-S via the dialplan or passing it through from another
SIP channel's INVITE is possible, that might be added.

The SIP INFO requests are sent out immediately when the AOC indication
is received. The others are inserted into an appropriate outgoing
message whenever that is ready to be sent. In the latter case, the XML
is stored in a channel variable at the time the AOC indication is
received. Depending on where the AOC indications are coming from (e.g.
PRI or AMI), it may not always be possible to guarantee that the AOC-E
is available in time for the BYE.

Successfully tested AOC-D and both variants of AOC-E with a Snom D735
running firmware 10.1.127.10. It does not appear to properly support
AOC-S however, so that could only be tested by inspecting SIP traces.

ASTERISK-21502 #close
Reported-by: Matt Jordan <mjordan@digium.com>

Change-Id: Iebb7ad0d5f88526bc6629d3a1f9f11665434d333

This fixes a small typo in the from_domain documentation on the endpoint documentation

ASTERISK-30328 #close

Change-Id: Ia6f0897c3f5cab899ef2cde6b3ac07265b8beb21

It was possible for a module that registered for transport monitor
events to pass in a pjsip_transport that had already been freed.
This caused pjsip_transport_events to crash when looking up the
monitor for the transport.  The fix is a two pronged approach.

1. We now increment the reference count on pjsip_transports when we
create monitors for them, then decrement the count when the
transport is going to be destroyed.

2. There are now APIs to register and unregister monitor callbacks
by "transport key" which is a string concatenation of the remote ip
address and port.  This way the module needing to monitor the
transport doesn't have to hold on to the transport object itself to
unregister.  It just has to save the transport_key.

* Added the pjsip_transport reference increment and decrement.

* Changed the internal transport monitor container key from the
  transport->obj_name (which may not be unique anyway) to the
  transport_key.

* Added a helper macro AST_SIP_MAKE_REMOTE_IPADDR_PORT_STR() that
  fills a buffer with the transport_key using a passed-in
  pjsip_transport.

* Added the following functions:
  ast_sip_transport_monitor_register_key
  ast_sip_transport_monitor_register_replace_key
  ast_sip_transport_monitor_unregister_key
  and marked their non-key counterparts as deprecated.

* Updated res_pjsip_pubsub and res_pjsip_outbound_register to use
  the new "key" monitor functions.

NOTE: res_pjsip_registrar also uses the transport monitor
functionality but doesn't have a persistent object other than
contact to store a transport key.  At this time, it continues to
use the non-key monitor functions.

ASTERISK-30244

Change-Id: I1a20baf2a8643c272dcf819871d6c395f148f00b

Currently chan_pjsip on receiving a re-INVITE without SDP will only
return the codecs that are previously negotiated and not offering
all enabled codecs.

This causes interoperability issues with different equipment (e.g.
from Cisco) for some of our customers and probably also in other
scenarios involving 3PCC infrastructure.

According to RFC 3261, section 14.2 we SHOULD return all codecs
on a re-INVITE without SDP

The PR proposes a new parameter to configure this behaviour:
all_codecs_on_empty_reinvite. It includes the code, documentation,
alembic migrations, CHANGES file and example configuration additions.

ASTERISK-30193 #close

Change-Id: I69763708d5039d512f391e296ee8a4d43a1e2148

This patch adds support for mediasec SIP headers and SDP attributes.
These are defined in RFC 3329, 3GPP TS 24.229 and
draft-dawes-sipcore-mediasec-parameter. The new features are
implemented so that a backbone for RFC 3329 is present to streamline
future work on RFC 3329.

With this patch, Asterisk can communicate with Deutsche Telekom trunks
which require these fields.

ASTERISK-30032

Change-Id: Ia7f5b5ba42db18074fdd5428c4e1838728586be2

This patch adds a new option to the 100rel parameter for pjsip
endpoints called "peer_supported". When an endpoint with this option
receives an incoming request and the request indicated support for the
100rel extension, then Asterisk will send 1xx responses reliably. If
the request did not indicate 100rel support, Asterisk sends 1xx
responses normally.

ASTERISK-30158

Change-Id: Id6d95ffa8f00dab118e0b386146e99f254f287ad

This change allows TEL URI requests to come through for basic calls. The
allowed requests are INVITE, ACK, BYE, and CANCEL. The From and To
headers will now allow TEL URIs, as well as the request URI.

Support is only for TEL URIs present in traffic from a remote party.
Asterisk does not generate any TEL URIs on its own.

ASTERISK-26894

Change-Id: If5729e6cd583be7acf666373bf9f1b9d653ec29a

This change adds support using the pjsip_tls_transport_restart
function for reloading the TLS certificate and key, if the filenames
remain unchanged. This is useful for Let's Encrypt and other
situations. Note that no restart of the transport will occur if
the certificate and key remain unchanged.

ASTERISK-30186

Change-Id: I9bc95a6bf791830a9491ad9fa43c17d4010028d0

Adjusts some logging levels to be more or less important,
that is more prominent when actual problems occur and less
prominent for less noteworthy things.

ASTERISK-30153 #close

Change-Id: Ifc8f7df427aa018627db462125ae744986d3261b

Move the call to ast_sip_location_prune_boot_contacts() *after* the call
to ast_res_pjsip_init_options_handling() so that
res/res_pjsip/pjsip_options.c is informed about the contact deletion and
updates its sip_options_contact_statuses list. This allows for an AMI
event to be sent by res/res_pjsip/pjsip_options.c if the endpoint
registers again from the same remote address and port (i.e., same URI)
as used before the Asterisk restart.

ASTERISK-30109
Reported-by: Michael Neuhauser

Change-Id: I1ba4478019e4931a7085f62708d9b66837e901a8

This commit adds res_pjsip_geolocation which gives chan_pjsip
the ability to use the core geolocation capabilities.

This commit message is intentionally short because this isn't
a simple capability.  See the documentation at
https://wiki.asterisk.org/wiki/display/AST/Geolocation
for more information.

THE CAPABILITIES IMPLEMENTED HERE MAY CHANGE BASED ON
USER FEEDBACK!

ASTERISK-30128

Change-Id: Ie2e2bcd87243c2cfabc43eb823d4427c7086f4d9

Rightly the use of wildcards in certificates is disallowed in accordance
with RFC5922. However, RFC2818 does make some allowances with regards to
their use when using subject alt names with DNS name types.

As such this patch creates a new setting for TLS transports called
'allow_wildcard_certs', which when it and 'verify_server' are both enabled
allows DNS name types, as well as the common name that start with '*.'
to match as a wildcard.

For instance: *.example.com
will match for: foo.example.com

Partial matching is not allowed, e.g. f*.example.com, foo.*.com, etc...
And the starting wildcard only matches for a single level.

For instance: *.example.com
will NOT match for: foo.bar.example.com

The new setting is disabled by default.

ASTERISK-30072 #close

Change-Id: If0be3fdab2e09c2a66bb54824fca406ebaac3da4

When a pjsip endpoint is defined with timers=always, this has been a
functional noop.  This patch correctly sets the feature bitmap to both
enable support for session timers and to enable them even when the
endpoint itself does not request or support timers.

ASTERISK-29603
Reported-By: Ray Crumrine

Change-Id: I8b5eeaa9ec7f50cc6d96dd34c2b4aa9c53fb5440

added new global config option "allow_sending_180_after_183"
that if enabled will preserve 180 after a 183

ASTERISK-29842

Change-Id: I8a53f8c35595b6d16d8e86e241b5f110d92f3d18

The async_operations setting on a transport configures how
many simultaneous incoming packets the transport can handle
when multiple threads are polling and waiting on the transport.
As we only use a single thread this was needlessly creating
incoming packets when set to a non-default value, wasting memory.

ASTERISK-30006

Change-Id: I1915973ef352862dc2852a6ba4cfce2ed536e68f

Adds a new configuration option, stir_shaken_profile, in pjsip.conf that
can be specified on a per endpoint basis. This option will reference a
stir_shaken_profile that can be configured in stir_shaken.conf. The type
of this option must be 'profile'. The stir_shaken option can be
specified on this object with the same values as before (attest, verify,
on), but it cannot be off since having the profile itself implies wanting
STIR/SHAKEN support. You can also specify an ACL from acl.conf (along
with permit and deny lines in the object itself) that will be used to
limit what interfaces Asterisk will attempt to retrieve information from
when reading the Identity header.

ASTERISK-29476

Change-Id: I87fa61f78a9ea0cd42530691a30da3c781842406

Treat time_t's as entirely unique and use the POSIX API's for
converting to/from strings.

Lastly, a 64-bit integer formats as 20 digits at most in base10.
Don't need to have any 100 byte buffers to hold that.

ASTERISK-29674 #close

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Change-Id: Id7b25bdca8f92e34229f6454f6c3e500f2cd6f56

Added the missing xml-stylesheet and Xinclude namespace
declarations in pjsip_config.xml and pjsip_manager.xml.

Updated make_xml_documentation to show detailed errors when
xmlstarlet is the validator.  It's now run once with the '-q'
option to suppress harmless/expected messages and if it actually
fails, it's run again without '-q' but with '-e' to show
the actual errors.

Change-Id: I4bdc9d2ea6741e8d2e5eb82df60c68ccc59e1f5e

Moved the xmldoc build logic from the top-level Makefile into
its own script "make_xml_documentation" in the build_tools
directory.

Created a new utility script "get_sourceable_makeopts", also in
the build_tools directory, that dumps the top-level "makeopts"
file in a format that can be "sourced" from shell sscripts.
This allows scripts to easily get the values of common make
build variables such as the location of the GREP, SED, AWK, etc.
utilities as well as the AST* and library *_LIB and *_INCLUDE
variables.

Besides moving logic out of the Makefile, some optimizations
were done like removing "third-party" from the list of
subdirectories to be searched for documentation and changing some
assignments from "=" to ":=" so they're only evaluated once.
The speed increase is noticeable.

The makeopts.in file was updated to include the paths to
REALPATH and DIRNAME.  The ./conifgure script was setting them
but makeopts.in wasn't including them.

So...

With this change, you can now place documentation in any"c"
source file AND you can now place it in a separate XML file
altogether.  The following are examples of valid locations:

res/res_pjsip.c
    Using the existing /*** DOCUMENTATION ***/ fragment.

res/res_pjsip/pjsip_configuration.c
    Using the existing /*** DOCUMENTATION ***/ fragment.

res/res_pjsip/pjsip_doc.xml
    A fully-formed XML file.  The "configInfo", "manager",
    "managerEvent", etc. elements that would be in the "c"
    file DOCUMENTATION fragment should be wrapped in proper
    XML.  Example for "somemodule.xml":

    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE docs SYSTEM "appdocsxml.dtd">
    <docs>
        <configInfo>
        ...
        </configInfo>
    </docs>

It's the "appdocsxml.dtd" that tells make_xml_documentation
that this is a documentation XML file and not some other XML file.
It also allows many XML-capable editors to do formatting and
validation.

Other than the ".xml" suffix, the name of the file is not
significant.

As a start... This change also moves the documentation that was
in res_pjsip.c to 2 new XML files in res/res_pjsip:
pjsip_config.xml and pjsip_manager.xml.  This cut the number of
lines in res_pjsip.c in half. :)

Change-Id: I486c16c0b5a44d7a8870008e10c941fb19b71ade

Neither pjsip_message_filter's filter_on_tx_message() nor
res_pjsip_session's session_outgoing_nat_hook() were multipart
aware and just assumed that an SDP would be the only thing in
a message body.  Both were changed to use the new
pjsip_get_sdp_info() function which searches for an sdp in
both single- and multi- part message bodies.

ASTERISK-29813

Change-Id: I8f5b8cfdc27f1d4bd3e7491ea9090951a4525c56

These are the remaining issues found in /res.

ASTERISK-29761

Change-Id: I572e6019c422780dde5ce8448b6c85c77af6046d

ASTERISK-29779

Change-Id: If338163488498f65fa7248b60e80299c0a928e4b

ASTERISK-29776

Change-Id: I86e5eca66fb775a5744af0c929fb269e70575a73

ASTERISK-29747

Change-Id: Ic7a1e9453f805a6264fe86c96b7d18b87b376084

Correct typos of the following word families:

identifying
structures
actcount
initializer
attributes
statement
enough
locking
declaration
userevent
provides
unregister
session
execute
searches
verification
suppressed
prepared
passwords
recipients
event
because
brief
unidentified
redundancy
character
the
module
reload
operation
backslashes
accurate
incorrect
collision
initializing
instance
interpreted
buddies
omitted
manually
requires
queries
generator
scheduler
configuration has
owner
resource
performed
masquerade
apparently
routable

ASTERISK-29714

Change-Id: I88485116d2c59b776aa2e1f8b4ce8239a21decda

The stir_shaken configuration option now has 4 different choices to pick
from: off, attest, verify, and on. Off and on behave the same way they
do now. Attest will only perform attestation on the endpoint, and verify
will only perform verification on the endpoint.

Certain responses are required to be sent based on certain conditions
for STIR/SHAKEN. For example, if we get a Date header that is outside of
the time range that is considered valid, a 403 Stale Date response
should be sent. This and several other responses have been added.

Change-Id: I4ac1ecf652cd0e336006b0ca638dc826b5b1ebf7

In res_pjsip_sdp_rtp, the bind_rtp_to_media_address option and the
fallback use of the transport's bind address solve problems sending
media on systems that cannot send ipv4 packets on ipv6 sockets, and
certain other situations. This change extends both of these behaviors
to UDPTL sessions as well in res_pjsip_t38, to fix fax-specific
problems on these systems, introducing a new option
endpoint/t38_bind_udptl_to_media_address.

ASTERISK-29402

Change-Id: I87220c0e9cdd2fe9d156846cb906debe08c63557

The behavior of max_contacts and remove_existing are connected.  If
remove_existing is enabled, the soonest expiring contacts are removed.
This may occur when there is an unavailable contact.  Similarly,
when remove_existing is not enabled, registrations from good
endpoints are rejected in favor of retaining unavailable contacts.

This commit adds a new AOR option remove_unavailable, and the effect
of this setting will depend on remove_existing.  If remove_existing
is set to no, we will still remove unavailable contacts when they
exceed max_contacts, if there are any. If remove_existing is set to
yes, we will prioritize the removal of unavailable contacts before
those that are expiring soonest.

ASTERISK-29525

Change-Id: Ia2711b08f2b4d1177411b1be23e970d7fdff5784

Set preferred transport when querying the local address to use in
filter_on_tx_messages(). This prevents the module to erroneously select
the wrong transport if more than one transports of the same type (TCP or
TLS) are configured.

ASTERISK-29241

Change-Id: I598e60257a7f92b29efce1fb3e9a2fc06f1439b6

For connection oriented transports PJSIP uses factories to
produce transports. When doing a partial transport reload
we need to also move the factory of the transport over so
that anything referencing the transport (such as an endpoint)
has the factory available.

ASTERISK-29441

Change-Id: Ieae0fb98eab2d9257cad996a1136e5a62d307161

RFC7616 and RFC8760 allow more than one WWW-Authenticate or
Proxy-Authenticate header per realm, each with different digest
algorithms (including new ones like SHA-256 and SHA-512-256).
Thankfully however a UAS can NOT send back multiple Authenticate
headers for the same realm with the same digest algorithm.  The
UAS is also supposed to send the headers in order of preference
with the first one being the most preferred.  We're supposed to
send an Authorization header for the first one we encounter for a
realm that we can support.

The UAS can also send multiple realms, especially when it's a
proxy that has forked the request in which case the proxy will
aggregate all of the Authenticate headers and then send them all
back to the UAC.

It doesn't stop there though... Each realm can require a
different username from the others.  There's also nothing
preventing each digest algorithm from having a unique password
although I'm not sure if that adds any benefit.

So now... For each Authenticate header we encounter, we have to
determine if we support the digest algorithm and, if not, just
skip the header.  We then have to find an auth object that
matches the realm AND the digest algorithm or find a wildcard
object that matches the digest algorithm. If we find one, we add
it to the results vector and read the next Authenticate header.
If the next header is for the same realm AND we already added an
auth object for that realm, we skip the header. Otherwise we
repeat the process for the next header.

In the end, we'll have accumulated a list of credentials we can
pass to pjproject that it can use to add Authentication headers
to a request.

NOTE: Neither we nor pjproject can currently handle digest
algorithms other than MD5.  We don't even have a place for it in
the ast_sip_auth object. For this reason, we just skip processing
any Authenticate header that's not MD5.  When we support the
others, we'll move the check into the loop that searches the
objects.

Changes:

 * Added a new API ast_sip_retrieve_auths_vector() that takes in
   a vector of auth ids (usually supplied on a call to
   ast_sip_create_request_with_auth()) and populates another
   vector with the actual objects.

 * Refactored res_pjsip_outbound_authenticator_digest to handle
   multiple Authenticate headers and set the stage for handling
   additional digest algorithms.

 * Added a pjproject patch that allows them to ignore digest
   algorithms they don't support.  This patch has already been
   merged upstream.

 * Updated documentation for auth objects in the XML and
   in pjsip.conf.sample.

 * Although res_pjsip_authenticator_digest isn't affected
   by this change, some debugging and a testsuite AMI event
   was added to facilitate testing.

Discovered during OpenSIPit 2021.

ASTERISK-29397

Change-Id: I3aef5ce4fe1d27e48d61268520f284d15d650281

ASTERISK-27477 #close

Change-Id: I68f6715bba92a525149e35d142a49377a34a1193

Change-Id: I058af496021ff870ccec2d8cbade637b348ab80b

Some configuration items for a transport do not result in
the underlying transport changing, but instead are just
state we keep ourselves and use. It is perfectly reasonable
to change these items.

These include local_net and external_* information.

ASTERISK-29354

Change-Id: I027857ccfe4419f460243e562b5f098434b3d43a

Otherwise, Clang 10 warned because of logical-not-parentheses.

Change-Id: Ia8fb493f727b08070eb2dcf520c08df34ed11d79

Segfault occurs during outbound UDP registration when all
transport states are being iterated over. The transport object
in the transport is accessed, but flow transports have a NULL
transport object.

Modify to not iterate over any flow transport

ASTERISK-29210 #close

Change-Id: If28dc3a18bdcbd0a49598b09b7fe4404d45c996a

RFC 3261 says that the Accept-Encoding header should be present
in an options response. Permitted values according to RFC 2616
are only compression algorithms like gzip or the default identity
encoding. Therefore "text/plain" is not a correct value here.
As long as the header is hard coded, it should be set to "identity".

Without this fix an Alcatel OmniPCX periodically logs warnings like
"[sip_acceptIncorrectHeader] Header Accept-Encoding is malformed"
on a SIP Trunk.

ASTERISK-29165 #close

Change-Id: I0aa2211ebf0b4c2ed554ac7cda794523803a3840

* Added a ONESHOT type that never reschedules.

* Added "like" capability to "pjsip show scheduled_tasks" so you can do
  the following:

  CLI> pjsip show scheduled_tasks like outreg
  PJSIP Scheduled Tasks:

  Task Name                                     Interval  Times Run ...
  ============================================= ========= ========= ...
  pjsip/outreg/testtrunk-reg-0-00000074            50.000   oneshot ...
  pjsip/outreg/voipms-reg-0-00000073              110.000   oneshot ...

* Fixed incorrect display of "Next Start".

* Compacted the displays of times in the CLI.

* Added two new functions (ast_sip_sched_task_get_times2,
  ast_sip_sched_task_get_times_by_name2) that retrieve the interval,
  next start time, and next run time in addition to the times already
  returned by ast_sip_sched_task_get_times().

Change-Id: Ie718ca9fd30490b8a167bedf6b0b06d619dc52f3