95b79e22e196490fe8b86df7202e1c1cd9fdc355
[asterisk/asterisk.git] / main / manager.c
1 /*
2  * Asterisk -- An open source telephony toolkit.
3  *
4  * Copyright (C) 1999 - 2006, Digium, Inc.
5  *
6  * Mark Spencer <markster@digium.com>
7  *
8  * See http://www.asterisk.org for more information about
9  * the Asterisk project. Please do not directly contact
10  * any of the maintainers of this project for assistance;
11  * the project provides a web site, mailing lists and IRC
12  * channels for your use.
13  *
14  * This program is free software, distributed under the terms of
15  * the GNU General Public License Version 2. See the LICENSE file
16  * at the top of the source tree.
17  */
18
19 /*! \file
20  *
21  * \brief The Asterisk Management Interface - AMI
22  *
23  * \author Mark Spencer <markster@digium.com>
24  *
25  * OpenSSL http://www.openssl.org - for AMI/SSL
26  *
27  * At the moment this file contains a number of functions, namely:
28  *
29  * - data structures storing AMI state
30  * - AMI-related API functions, used by internal asterisk components
31  * - handlers for AMI-related CLI functions
32  * - handlers for AMI functions (available through the AMI socket)
33  * - the code for the main AMI listener thread and individual session threads
34  * - the http handlers invoked for AMI-over-HTTP by the threads in main/http.c
35  *
36  * \ref amiconf
37  */
38
39 /*! \li \ref manager.c uses the configuration file \ref manager.conf and \ref users.conf
40  * \addtogroup configuration_file
41  */
42
43 /*! \page manager.conf manager.conf
44  * \verbinclude manager.conf.sample
45  */
46
47 /*! \page users.conf users.conf
48  * \verbinclude users.conf.sample
49  */
50
51 /*** MODULEINFO
52         <support_level>core</support_level>
53  ***/
54
55 #include "asterisk.h"
56
57 ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
58
59 #include "asterisk/_private.h"
60 #include "asterisk/paths.h"     /* use various ast_config_AST_* */
61 #include <ctype.h>
62 #include <sys/time.h>
63 #include <signal.h>
64 #include <sys/mman.h>
65 #include <sys/types.h>
66 #include <regex.h>
67
68 #include "asterisk/channel.h"
69 #include "asterisk/file.h"
70 #include "asterisk/manager.h"
71 #include "asterisk/module.h"
72 #include "asterisk/config.h"
73 #include "asterisk/callerid.h"
74 #include "asterisk/lock.h"
75 #include "asterisk/cli.h"
76 #include "asterisk/app.h"
77 #include "asterisk/pbx.h"
78 #include "asterisk/md5.h"
79 #include "asterisk/acl.h"
80 #include "asterisk/utils.h"
81 #include "asterisk/tcptls.h"
82 #include "asterisk/http.h"
83 #include "asterisk/ast_version.h"
84 #include "asterisk/threadstorage.h"
85 #include "asterisk/linkedlists.h"
86 #include "asterisk/term.h"
87 #include "asterisk/astobj2.h"
88 #include "asterisk/features.h"
89 #include "asterisk/security_events.h"
90 #include "asterisk/event.h"
91 #include "asterisk/aoc.h"
92 #include "asterisk/strings.h"
93 #include "asterisk/stringfields.h"
94 #include "asterisk/presencestate.h"
95 #include "asterisk/stasis.h"
96 #include "asterisk/stasis_message_router.h"
97 #include "asterisk/test.h"
98 #include "asterisk/json.h"
99 #include "asterisk/bridging.h"
100 #include "asterisk/features_config.h"
101
102 /*** DOCUMENTATION
103         <manager name="Ping" language="en_US">
104                 <synopsis>
105                         Keepalive command.
106                 </synopsis>
107                 <syntax>
108                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
109                 </syntax>
110                 <description>
111                         <para>A 'Ping' action will ellicit a 'Pong' response. Used to keep the
112                         manager connection open.</para>
113                 </description>
114         </manager>
115         <manager name="Events" language="en_US">
116                 <synopsis>
117                         Control Event Flow.
118                 </synopsis>
119                 <syntax>
120                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
121                         <parameter name="EventMask" required="true">
122                                 <enumlist>
123                                         <enum name="on">
124                                                 <para>If all events should be sent.</para>
125                                         </enum>
126                                         <enum name="off">
127                                                 <para>If no events should be sent.</para>
128                                         </enum>
129                                         <enum name="system,call,log,...">
130                                                 <para>To select which flags events should have to be sent.</para>
131                                         </enum>
132                                 </enumlist>
133                         </parameter>
134                 </syntax>
135                 <description>
136                         <para>Enable/Disable sending of events to this manager client.</para>
137                 </description>
138         </manager>
139         <manager name="Logoff" language="en_US">
140                 <synopsis>
141                         Logoff Manager.
142                 </synopsis>
143                 <syntax>
144                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
145                 </syntax>
146                 <description>
147                         <para>Logoff the current manager session.</para>
148                 </description>
149         </manager>
150         <manager name="Login" language="en_US">
151                 <synopsis>
152                         Login Manager.
153                 </synopsis>
154                 <syntax>
155                         <parameter name="ActionID">
156                                 <para>ActionID for this transaction. Will be returned.</para>
157                         </parameter>
158                         <parameter name="Username" required="true">
159                                 <para>Username to login with as specified in manager.conf.</para>
160                         </parameter>
161                         <parameter name="Secret">
162                                 <para>Secret to login with as specified in manager.conf.</para>
163                         </parameter>
164                 </syntax>
165                 <description>
166                         <para>Login Manager.</para>
167                 </description>
168         </manager>
169         <manager name="Challenge" language="en_US">
170                 <synopsis>
171                         Generate Challenge for MD5 Auth.
172                 </synopsis>
173                 <syntax>
174                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
175                         <parameter name="AuthType" required="true">
176                                 <para>Digest algorithm to use in the challenge. Valid values are:</para>
177                                 <enumlist>
178                                         <enum name="MD5" />
179                                 </enumlist>
180                         </parameter>
181                 </syntax>
182                 <description>
183                         <para>Generate a challenge for MD5 authentication.</para>
184                 </description>
185         </manager>
186         <manager name="Hangup" language="en_US">
187                 <synopsis>
188                         Hangup channel.
189                 </synopsis>
190                 <syntax>
191                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
192                         <parameter name="Channel" required="true">
193                                 <para>The exact channel name to be hungup, or to use a regular expression, set this parameter to: /regex/</para>
194                                 <para>Example exact channel: SIP/provider-0000012a</para>
195                                 <para>Example regular expression: /^SIP/provider-.*$/</para>
196                         </parameter>
197                         <parameter name="Cause">
198                                 <para>Numeric hangup cause.</para>
199                         </parameter>
200                 </syntax>
201                 <description>
202                         <para>Hangup a channel.</para>
203                 </description>
204         </manager>
205         <manager name="Status" language="en_US">
206                 <synopsis>
207                         List channel status.
208                 </synopsis>
209                 <syntax>
210                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
211                         <parameter name="Channel" required="true">
212                                 <para>The name of the channel to query for status.</para>
213                         </parameter>
214                         <parameter name="Variables">
215                                 <para>Comma <literal>,</literal> separated list of variable to include.</para>
216                         </parameter>
217                 </syntax>
218                 <description>
219                         <para>Will return the status information of each channel along with the
220                         value for the specified channel variables.</para>
221                 </description>
222         </manager>
223         <manager name="Setvar" language="en_US">
224                 <synopsis>
225                         Set a channel variable.
226                 </synopsis>
227                 <syntax>
228                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
229                         <parameter name="Channel">
230                                 <para>Channel to set variable for.</para>
231                         </parameter>
232                         <parameter name="Variable" required="true">
233                                 <para>Variable name.</para>
234                         </parameter>
235                         <parameter name="Value" required="true">
236                                 <para>Variable value.</para>
237                         </parameter>
238                 </syntax>
239                 <description>
240                         <para>Set a global or local channel variable.</para>
241                         <note>
242                                 <para>If a channel name is not provided then the variable is global.</para>
243                         </note>
244                 </description>
245         </manager>
246         <manager name="Getvar" language="en_US">
247                 <synopsis>
248                         Gets a channel variable.
249                 </synopsis>
250                 <syntax>
251                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
252                         <parameter name="Channel">
253                                 <para>Channel to read variable from.</para>
254                         </parameter>
255                         <parameter name="Variable" required="true">
256                                 <para>Variable name.</para>
257                         </parameter>
258                 </syntax>
259                 <description>
260                         <para>Get the value of a global or local channel variable.</para>
261                         <note>
262                                 <para>If a channel name is not provided then the variable is global.</para>
263                         </note>
264                 </description>
265         </manager>
266         <manager name="GetConfig" language="en_US">
267                 <synopsis>
268                         Retrieve configuration.
269                 </synopsis>
270                 <syntax>
271                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
272                         <parameter name="Filename" required="true">
273                                 <para>Configuration filename (e.g. <filename>foo.conf</filename>).</para>
274                         </parameter>
275                         <parameter name="Category">
276                                 <para>Category in configuration file.</para>
277                         </parameter>
278                 </syntax>
279                 <description>
280                         <para>This action will dump the contents of a configuration
281                         file by category and contents or optionally by specified category only.</para>
282                 </description>
283         </manager>
284         <manager name="GetConfigJSON" language="en_US">
285                 <synopsis>
286                         Retrieve configuration (JSON format).
287                 </synopsis>
288                 <syntax>
289                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
290                         <parameter name="Filename" required="true">
291                                 <para>Configuration filename (e.g. <filename>foo.conf</filename>).</para>
292                         </parameter>
293                 </syntax>
294                 <description>
295                         <para>This action will dump the contents of a configuration file by category
296                         and contents in JSON format. This only makes sense to be used using rawman over
297                         the HTTP interface.</para>
298                 </description>
299         </manager>
300         <manager name="UpdateConfig" language="en_US">
301                 <synopsis>
302                         Update basic configuration.
303                 </synopsis>
304                 <syntax>
305                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
306                         <parameter name="SrcFilename" required="true">
307                                 <para>Configuration filename to read (e.g. <filename>foo.conf</filename>).</para>
308                         </parameter>
309                         <parameter name="DstFilename" required="true">
310                                 <para>Configuration filename to write (e.g. <filename>foo.conf</filename>)</para>
311                         </parameter>
312                         <parameter name="Reload">
313                                 <para>Whether or not a reload should take place (or name of specific module).</para>
314                         </parameter>
315                         <parameter name="Action-XXXXXX">
316                                 <para>Action to take.</para>
317                                 <para>X's represent 6 digit number beginning with 000000.</para>
318                                 <enumlist>
319                                         <enum name="NewCat" />
320                                         <enum name="RenameCat" />
321                                         <enum name="DelCat" />
322                                         <enum name="EmptyCat" />
323                                         <enum name="Update" />
324                                         <enum name="Delete" />
325                                         <enum name="Append" />
326                                         <enum name="Insert" />
327                                 </enumlist>
328                         </parameter>
329                         <parameter name="Cat-XXXXXX">
330                                 <para>Category to operate on.</para>
331                                 <xi:include xpointer="xpointer(/docs/manager[@name='UpdateConfig']/syntax/parameter[@name='Action-XXXXXX']/para[2])" />
332                         </parameter>
333                         <parameter name="Var-XXXXXX">
334                                 <para>Variable to work on.</para>
335                                 <xi:include xpointer="xpointer(/docs/manager[@name='UpdateConfig']/syntax/parameter[@name='Action-XXXXXX']/para[2])" />
336                         </parameter>
337                         <parameter name="Value-XXXXXX">
338                                 <para>Value to work on.</para>
339                                 <xi:include xpointer="xpointer(/docs/manager[@name='UpdateConfig']/syntax/parameter[@name='Action-XXXXXX']/para[2])" />
340                         </parameter>
341                         <parameter name="Match-XXXXXX">
342                                 <para>Extra match required to match line.</para>
343                                 <xi:include xpointer="xpointer(/docs/manager[@name='UpdateConfig']/syntax/parameter[@name='Action-XXXXXX']/para[2])" />
344                         </parameter>
345                         <parameter name="Line-XXXXXX">
346                                 <para>Line in category to operate on (used with delete and insert actions).</para>
347                                 <xi:include xpointer="xpointer(/docs/manager[@name='UpdateConfig']/syntax/parameter[@name='Action-XXXXXX']/para[2])" />
348                         </parameter>
349                 </syntax>
350                 <description>
351                         <para>This action will modify, create, or delete configuration elements
352                         in Asterisk configuration files.</para>
353                 </description>
354         </manager>
355         <manager name="CreateConfig" language="en_US">
356                 <synopsis>
357                         Creates an empty file in the configuration directory.
358                 </synopsis>
359                 <syntax>
360                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
361                         <parameter name="Filename" required="true">
362                                 <para>The configuration filename to create (e.g. <filename>foo.conf</filename>).</para>
363                         </parameter>
364                 </syntax>
365                 <description>
366                         <para>This action will create an empty file in the configuration
367                         directory. This action is intended to be used before an UpdateConfig
368                         action.</para>
369                 </description>
370         </manager>
371         <manager name="ListCategories" language="en_US">
372                 <synopsis>
373                         List categories in configuration file.
374                 </synopsis>
375                 <syntax>
376                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
377                         <parameter name="Filename" required="true">
378                                 <para>Configuration filename (e.g. <filename>foo.conf</filename>).</para>
379                         </parameter>
380                 </syntax>
381                 <description>
382                         <para>This action will dump the categories in a given file.</para>
383                 </description>
384         </manager>
385         <manager name="Redirect" language="en_US">
386                 <synopsis>
387                         Redirect (transfer) a call.
388                 </synopsis>
389                 <syntax>
390                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
391                         <parameter name="Channel" required="true">
392                                 <para>Channel to redirect.</para>
393                         </parameter>
394                         <parameter name="ExtraChannel">
395                                 <para>Second call leg to transfer (optional).</para>
396                         </parameter>
397                         <parameter name="Exten" required="true">
398                                 <para>Extension to transfer to.</para>
399                         </parameter>
400                         <parameter name="ExtraExten">
401                                 <para>Extension to transfer extrachannel to (optional).</para>
402                         </parameter>
403                         <parameter name="Context" required="true">
404                                 <para>Context to transfer to.</para>
405                         </parameter>
406                         <parameter name="ExtraContext">
407                                 <para>Context to transfer extrachannel to (optional).</para>
408                         </parameter>
409                         <parameter name="Priority" required="true">
410                                 <para>Priority to transfer to.</para>
411                         </parameter>
412                         <parameter name="ExtraPriority">
413                                 <para>Priority to transfer extrachannel to (optional).</para>
414                         </parameter>
415                 </syntax>
416                 <description>
417                         <para>Redirect (transfer) a call.</para>
418                 </description>
419         </manager>
420         <manager name="Atxfer" language="en_US">
421                 <synopsis>
422                         Attended transfer.
423                 </synopsis>
424                 <syntax>
425                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
426                         <parameter name="Channel" required="true">
427                                 <para>Transferer's channel.</para>
428                         </parameter>
429                         <parameter name="Exten" required="true">
430                                 <para>Extension to transfer to.</para>
431                         </parameter>
432                         <parameter name="Context" required="true">
433                                 <para>Context to transfer to.</para>
434                         </parameter>
435                         <parameter name="Priority" required="true">
436                                 <para>Priority to transfer to.</para>
437                         </parameter>
438                 </syntax>
439                 <description>
440                         <para>Attended transfer.</para>
441                 </description>
442         </manager>
443         <manager name="Originate" language="en_US">
444                 <synopsis>
445                         Originate a call.
446                 </synopsis>
447                 <syntax>
448                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
449                         <parameter name="Channel" required="true">
450                                 <para>Channel name to call.</para>
451                         </parameter>
452                         <parameter name="Exten">
453                                 <para>Extension to use (requires <literal>Context</literal> and
454                                 <literal>Priority</literal>)</para>
455                         </parameter>
456                         <parameter name="Context">
457                                 <para>Context to use (requires <literal>Exten</literal> and
458                                 <literal>Priority</literal>)</para>
459                         </parameter>
460                         <parameter name="Priority">
461                                 <para>Priority to use (requires <literal>Exten</literal> and
462                                 <literal>Context</literal>)</para>
463                         </parameter>
464                         <parameter name="Application">
465                                 <para>Application to execute.</para>
466                         </parameter>
467                         <parameter name="Data">
468                                 <para>Data to use (requires <literal>Application</literal>).</para>
469                         </parameter>
470                         <parameter name="Timeout" default="30000">
471                                 <para>How long to wait for call to be answered (in ms.).</para>
472                         </parameter>
473                         <parameter name="CallerID">
474                                 <para>Caller ID to be set on the outgoing channel.</para>
475                         </parameter>
476                         <parameter name="Variable">
477                                 <para>Channel variable to set, multiple Variable: headers are allowed.</para>
478                         </parameter>
479                         <parameter name="Account">
480                                 <para>Account code.</para>
481                         </parameter>
482                         <parameter name="EarlyMedia">
483                                 <para>Set to <literal>true</literal> to force call bridge on early media..</para>
484                         </parameter>
485                         <parameter name="Async">
486                                 <para>Set to <literal>true</literal> for fast origination.</para>
487                         </parameter>
488                         <parameter name="Codecs">
489                                 <para>Comma-separated list of codecs to use for this call.</para>
490                         </parameter>
491                 </syntax>
492                 <description>
493                         <para>Generates an outgoing call to a
494                         <replaceable>Extension</replaceable>/<replaceable>Context</replaceable>/<replaceable>Priority</replaceable>
495                         or <replaceable>Application</replaceable>/<replaceable>Data</replaceable></para>
496                 </description>
497                 <see-also>
498                         <ref type="managerEvent">OriginateResponse</ref>
499                 </see-also>
500         </manager>
501         <managerEvent language="en_US" name="OriginateResponse">
502                 <managerEventInstance class="EVENT_FLAG_CALL">
503                         <synopsis>Raised in response to an Originate command.</synopsis>
504                         <syntax>
505                                 <parameter name="ActionID" required="false"/>
506                                 <parameter name="Resonse">
507                                         <enumlist>
508                                                 <enum name="Failure"/>
509                                                 <enum name="Success"/>
510                                         </enumlist>
511                                 </parameter>
512                                 <parameter name="Channel"/>
513                                 <parameter name="Context"/>
514                                 <parameter name="Exten"/>
515                                 <parameter name="Reason"/>
516                                 <parameter name="Uniqueid"/>
517                                 <parameter name="CallerIDNum"/>
518                                 <parameter name="CallerIDName"/>
519                         </syntax>
520                         <see-also>
521                                 <ref type="manager">Originate</ref>
522                         </see-also>
523                 </managerEventInstance>
524         </managerEvent>
525         <manager name="Command" language="en_US">
526                 <synopsis>
527                         Execute Asterisk CLI Command.
528                 </synopsis>
529                 <syntax>
530                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
531                         <parameter name="Command" required="true">
532                                 <para>Asterisk CLI command to run.</para>
533                         </parameter>
534                 </syntax>
535                 <description>
536                         <para>Run a CLI command.</para>
537                 </description>
538         </manager>
539         <manager name="ExtensionState" language="en_US">
540                 <synopsis>
541                         Check Extension Status.
542                 </synopsis>
543                 <syntax>
544                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
545                         <parameter name="Exten" required="true">
546                                 <para>Extension to check state on.</para>
547                         </parameter>
548                         <parameter name="Context" required="true">
549                                 <para>Context for extension.</para>
550                         </parameter>
551                 </syntax>
552                 <description>
553                         <para>Report the extension state for given extension. If the extension has a hint,
554                         will use devicestate to check the status of the device connected to the extension.</para>
555                         <para>Will return an <literal>Extension Status</literal> message. The response will include
556                         the hint for the extension and the status.</para>
557                 </description>
558         </manager>
559         <manager name="PresenceState" language="en_US">
560                 <synopsis>
561                         Check Presence State
562                 </synopsis>
563                 <syntax>
564                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
565                         <parameter name="Provider" required="true">
566                                 <para>Presence Provider to check the state of</para>
567                         </parameter>
568                 </syntax>
569                 <description>
570                         <para>Report the presence state for the given presence provider.</para>
571                         <para>Will return a <literal>Presence State</literal> message. The response will include the
572                         presence state and, if set, a presence subtype and custom message.</para>
573                 </description>
574         </manager>
575         <manager name="AbsoluteTimeout" language="en_US">
576                 <synopsis>
577                         Set absolute timeout.
578                 </synopsis>
579                 <syntax>
580                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
581                         <parameter name="Channel" required="true">
582                                 <para>Channel name to hangup.</para>
583                         </parameter>
584                         <parameter name="Timeout" required="true">
585                                 <para>Maximum duration of the call (sec).</para>
586                         </parameter>
587                 </syntax>
588                 <description>
589                         <para>Hangup a channel after a certain time. Acknowledges set time with
590                         <literal>Timeout Set</literal> message.</para>
591                 </description>
592         </manager>
593         <manager name="MailboxStatus" language="en_US">
594                 <synopsis>
595                         Check mailbox.
596                 </synopsis>
597                 <syntax>
598                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
599                         <parameter name="Mailbox" required="true">
600                                 <para>Full mailbox ID <replaceable>mailbox</replaceable>@<replaceable>vm-context</replaceable>.</para>
601                         </parameter>
602                 </syntax>
603                 <description>
604                         <para>Checks a voicemail account for status.</para>
605                         <para>Returns whether there are messages waiting.</para>
606                         <para>Message: Mailbox Status.</para>
607                         <para>Mailbox: <replaceable>mailboxid</replaceable>.</para>
608                         <para>Waiting: <literal>0</literal> if messages waiting, <literal>1</literal>
609                         if no messages waiting.</para>
610                 </description>
611         </manager>
612         <manager name="MailboxCount" language="en_US">
613                 <synopsis>
614                         Check Mailbox Message Count.
615                 </synopsis>
616                 <syntax>
617                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
618                         <parameter name="Mailbox" required="true">
619                                 <para>Full mailbox ID <replaceable>mailbox</replaceable>@<replaceable>vm-context</replaceable>.</para>
620                         </parameter>
621                 </syntax>
622                 <description>
623                         <para>Checks a voicemail account for new messages.</para>
624                         <para>Returns number of urgent, new and old messages.</para>
625                         <para>Message: Mailbox Message Count</para>
626                         <para>Mailbox: <replaceable>mailboxid</replaceable></para>
627                         <para>UrgentMessages: <replaceable>count</replaceable></para>
628                         <para>NewMessages: <replaceable>count</replaceable></para>
629                         <para>OldMessages: <replaceable>count</replaceable></para>
630                 </description>
631         </manager>
632         <manager name="ListCommands" language="en_US">
633                 <synopsis>
634                         List available manager commands.
635                 </synopsis>
636                 <syntax>
637                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
638                 </syntax>
639                 <description>
640                         <para>Returns the action name and synopsis for every action that
641                         is available to the user.</para>
642                 </description>
643         </manager>
644         <manager name="SendText" language="en_US">
645                 <synopsis>
646                         Send text message to channel.
647                 </synopsis>
648                 <syntax>
649                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
650                         <parameter name="Channel" required="true">
651                                 <para>Channel to send message to.</para>
652                         </parameter>
653                         <parameter name="Message" required="true">
654                                 <para>Message to send.</para>
655                         </parameter>
656                 </syntax>
657                 <description>
658                         <para>Sends A Text Message to a channel while in a call.</para>
659                 </description>
660         </manager>
661         <manager name="UserEvent" language="en_US">
662                 <synopsis>
663                         Send an arbitrary event.
664                 </synopsis>
665                 <syntax>
666                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
667                         <parameter name="UserEvent" required="true">
668                                 <para>Event string to send.</para>
669                         </parameter>
670                         <parameter name="Header1">
671                                 <para>Content1.</para>
672                         </parameter>
673                         <parameter name="HeaderN">
674                                 <para>ContentN.</para>
675                         </parameter>
676                 </syntax>
677                 <description>
678                         <para>Send an event to manager sessions.</para>
679                 </description>
680         </manager>
681         <manager name="WaitEvent" language="en_US">
682                 <synopsis>
683                         Wait for an event to occur.
684                 </synopsis>
685                 <syntax>
686                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
687                         <parameter name="Timeout" required="true">
688                                 <para>Maximum time (in seconds) to wait for events, <literal>-1</literal> means forever.</para>
689                         </parameter>
690                 </syntax>
691                 <description>
692                         <para>This action will ellicit a <literal>Success</literal> response. Whenever
693                         a manager event is queued. Once WaitEvent has been called on an HTTP manager
694                         session, events will be generated and queued.</para>
695                 </description>
696         </manager>
697         <manager name="CoreSettings" language="en_US">
698                 <synopsis>
699                         Show PBX core settings (version etc).
700                 </synopsis>
701                 <syntax>
702                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
703                 </syntax>
704                 <description>
705                         <para>Query for Core PBX settings.</para>
706                 </description>
707         </manager>
708         <manager name="CoreStatus" language="en_US">
709                 <synopsis>
710                         Show PBX core status variables.
711                 </synopsis>
712                 <syntax>
713                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
714                 </syntax>
715                 <description>
716                         <para>Query for Core PBX status.</para>
717                 </description>
718         </manager>
719         <manager name="Reload" language="en_US">
720                 <synopsis>
721                         Send a reload event.
722                 </synopsis>
723                 <syntax>
724                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
725                         <parameter name="Module">
726                                 <para>Name of the module to reload.</para>
727                         </parameter>
728                 </syntax>
729                 <description>
730                         <para>Send a reload event.</para>
731                 </description>
732         </manager>
733         <manager name="CoreShowChannels" language="en_US">
734                 <synopsis>
735                         List currently active channels.
736                 </synopsis>
737                 <syntax>
738                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
739                 </syntax>
740                 <description>
741                         <para>List currently defined channels and some information about them.</para>
742                 </description>
743         </manager>
744         <manager name="ModuleLoad" language="en_US">
745                 <synopsis>
746                         Module management.
747                 </synopsis>
748                 <syntax>
749                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
750                         <parameter name="Module">
751                                 <para>Asterisk module name (including .so extension) or subsystem identifier:</para>
752                                 <enumlist>
753                                         <enum name="cdr" />
754                                         <enum name="dnsmgr" />
755                                         <enum name="extconfig" />
756                                         <enum name="enum" />
757                                         <enum name="acl" />
758                                         <enum name="manager" />
759                                         <enum name="http" />
760                                         <enum name="logger" />
761                                         <enum name="features" />
762                                         <enum name="dsp" />
763                                         <enum name="udptl" />
764                                         <enum name="indications" />
765                                         <enum name="cel" />
766                                         <enum name="plc" />
767                                 </enumlist>
768                         </parameter>
769                         <parameter name="LoadType" required="true">
770                                 <para>The operation to be done on module. Subsystem identifiers may only
771                                 be reloaded.</para>
772                                 <enumlist>
773                                         <enum name="load" />
774                                         <enum name="unload" />
775                                         <enum name="reload" />
776                                 </enumlist>
777                                 <para>If no module is specified for a <literal>reload</literal> loadtype,
778                                 all modules are reloaded.</para>
779                         </parameter>
780                 </syntax>
781                 <description>
782                         <para>Loads, unloads or reloads an Asterisk module in a running system.</para>
783                 </description>
784         </manager>
785         <manager name="ModuleCheck" language="en_US">
786                 <synopsis>
787                         Check if module is loaded.
788                 </synopsis>
789                 <syntax>
790                         <parameter name="Module" required="true">
791                                 <para>Asterisk module name (not including extension).</para>
792                         </parameter>
793                 </syntax>
794                 <description>
795                         <para>Checks if Asterisk module is loaded. Will return Success/Failure.
796                         For success returns, the module revision number is included.</para>
797                 </description>
798         </manager>
799         <manager name="AOCMessage" language="en_US">
800                 <synopsis>
801                         Generate an Advice of Charge message on a channel.
802                 </synopsis>
803                 <syntax>
804                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
805                         <parameter name="Channel" required="true">
806                                 <para>Channel name to generate the AOC message on.</para>
807                         </parameter>
808                         <parameter name="ChannelPrefix">
809                                 <para>Partial channel prefix.  By using this option one can match the beginning part
810                                 of a channel name without having to put the entire name in.  For example
811                                 if a channel name is SIP/snom-00000001 and this value is set to SIP/snom, then
812                                 that channel matches and the message will be sent.  Note however that only
813                                 the first matched channel has the message sent on it. </para>
814                         </parameter>
815                         <parameter name="MsgType" required="true">
816                                 <para>Defines what type of AOC message to create, AOC-D or AOC-E</para>
817                                 <enumlist>
818                                         <enum name="D" />
819                                         <enum name="E" />
820                                 </enumlist>
821                         </parameter>
822                         <parameter name="ChargeType" required="true">
823                                 <para>Defines what kind of charge this message represents.</para>
824                                 <enumlist>
825                                         <enum name="NA" />
826                                         <enum name="FREE" />
827                                         <enum name="Currency" />
828                                         <enum name="Unit" />
829                                 </enumlist>
830                         </parameter>
831                         <parameter name="UnitAmount(0)">
832                                 <para>This represents the amount of units charged. The ETSI AOC standard specifies that
833                                 this value along with the optional UnitType value are entries in a list.  To accommodate this
834                                 these values take an index value starting at 0 which can be used to generate this list of
835                                 unit entries.  For Example, If two unit entires were required this could be achieved by setting the
836                                 paramter UnitAmount(0)=1234 and UnitAmount(1)=5678.  Note that UnitAmount at index 0 is
837                                 required when ChargeType=Unit, all other entries in the list are optional.
838                                 </para>
839                         </parameter>
840                         <parameter name="UnitType(0)">
841                                 <para>Defines the type of unit.  ETSI AOC standard specifies this as an integer
842                                 value between 1 and 16, but this value is left open to accept any positive
843                                 integer.  Like the UnitAmount parameter, this value represents a list entry
844                                 and has an index parameter that starts at 0.
845                                 </para>
846                         </parameter>
847                         <parameter name="CurrencyName">
848                                 <para>Specifies the currency's name.  Note that this value is truncated after 10 characters.</para>
849                         </parameter>
850                         <parameter name="CurrencyAmount">
851                                 <para>Specifies the charge unit amount as a positive integer.  This value is required
852                                 when ChargeType==Currency.</para>
853                         </parameter>
854                         <parameter name="CurrencyMultiplier">
855                                 <para>Specifies the currency multiplier.  This value is required when ChargeType==Currency.</para>
856                                 <enumlist>
857                                         <enum name="OneThousandth" />
858                                         <enum name="OneHundredth" />
859                                         <enum name="OneTenth" />
860                                         <enum name="One" />
861                                         <enum name="Ten" />
862                                         <enum name="Hundred" />
863                                         <enum name="Thousand" />
864                                 </enumlist>
865                         </parameter>
866                         <parameter name="TotalType" default="Total">
867                                 <para>Defines what kind of AOC-D total is represented.</para>
868                                 <enumlist>
869                                         <enum name="Total" />
870                                         <enum name="SubTotal" />
871                                 </enumlist>
872                         </parameter>
873                         <parameter name="AOCBillingId">
874                                 <para>Represents a billing ID associated with an AOC-D or AOC-E message. Note
875                                 that only the first 3 items of the enum are valid AOC-D billing IDs</para>
876                                 <enumlist>
877                                         <enum name="Normal" />
878                                         <enum name="ReverseCharge" />
879                                         <enum name="CreditCard" />
880                                         <enum name="CallFwdUnconditional" />
881                                         <enum name="CallFwdBusy" />
882                                         <enum name="CallFwdNoReply" />
883                                         <enum name="CallDeflection" />
884                                         <enum name="CallTransfer" />
885                                 </enumlist>
886                         </parameter>
887                         <parameter name="ChargingAssociationId">
888                                 <para>Charging association identifier.  This is optional for AOC-E and can be
889                                 set to any value between -32768 and 32767</para>
890                         </parameter>
891                         <parameter name="ChargingAssociationNumber">
892                                 <para>Represents the charging association party number.  This value is optional
893                                 for AOC-E.</para>
894                         </parameter>
895                         <parameter name="ChargingAssociationPlan">
896                                 <para>Integer representing the charging plan associated with the ChargingAssociationNumber.
897                                 The value is bits 7 through 1 of the Q.931 octet containing the type-of-number and
898                                 numbering-plan-identification fields.</para>
899                         </parameter>
900                 </syntax>
901                 <description>
902                         <para>Generates an AOC-D or AOC-E message on a channel.</para>
903                 </description>
904         </manager>
905         <function name="AMI_CLIENT" language="en_US">
906                 <synopsis>
907                         Checks attributes of manager accounts
908                 </synopsis>
909                 <syntax>
910                         <parameter name="loginname" required="true">
911                                 <para>Login name, specified in manager.conf</para>
912                         </parameter>
913                         <parameter name="field" required="true">
914                                 <para>The manager account attribute to return</para>
915                                 <enumlist>
916                                         <enum name="sessions"><para>The number of sessions for this AMI account</para></enum>
917                                 </enumlist>
918                         </parameter>
919                 </syntax>
920                 <description>
921                         <para>
922                                 Currently, the only supported  parameter is "sessions" which will return the current number of
923                                 active sessions for this AMI account.
924                         </para>
925                 </description>
926         </function>
927         <manager name="Filter" language="en_US">
928                 <synopsis>
929                         Dynamically add filters for the current manager session.
930                 </synopsis>
931                 <syntax>
932                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
933                         <parameter name="Operation">
934                                 <enumlist>
935                                         <enum name="Add">
936                                                 <para>Add a filter.</para>
937                                         </enum>
938                                 </enumlist>
939                         </parameter>
940                         <parameter name="Filter">
941                                 <para>Filters can be whitelist or blacklist</para>
942                                 <para>Example whitelist filter: "Event: Newchannel"</para>
943                                 <para>Example blacklist filter: "!Channel: DAHDI.*"</para>
944                                 <para>This filter option is used to whitelist or blacklist events per user to be
945                                 reported with regular expressions and are allowed if both the regex matches
946                                 and the user has read access as defined in manager.conf. Filters are assumed to be for whitelisting
947                                 unless preceeded by an exclamation point, which marks it as being black.
948                                 Evaluation of the filters is as follows:</para>
949                                 <para>- If no filters are configured all events are reported as normal.</para>
950                                 <para>- If there are white filters only: implied black all filter processed first, then white filters.</para>
951                                 <para>- If there are black filters only: implied white all filter processed first, then black filters.</para>
952                                 <para>- If there are both white and black filters: implied black all filter processed first, then white
953                                 filters, and lastly black filters.</para>
954                         </parameter>
955                 </syntax>
956                 <description>
957                         <para>The filters added are only used for the current session.
958                         Once the connection is closed the filters are removed.</para>
959                         <para>This comand requires the system permission because
960                         this command can be used to create filters that may bypass
961                         filters defined in manager.conf</para>
962                 </description>
963         </manager>
964         <manager name="FilterList" language="en_US">
965                 <synopsis>
966                         Show current event filters for this session
967                 </synopsis>
968                 <description>
969                         <para>The filters displayed are for the current session.  Only those filters defined in
970                         manager.conf will be present upon starting a new session.</para>
971                 </description>
972         </manager>
973         <manager name="BlindTransfer" language="en_US">
974                 <synopsis>
975                         Blind transfer channel(s) to the given destination
976                 </synopsis>
977                 <syntax>
978                         <parameter name="Channel" required="true">
979                         </parameter>
980                         <parameter name="Context">
981                         </parameter>
982                         <parameter name="Exten">
983                         </parameter>
984                 </syntax>
985                 <description>
986                         <para>Redirect all channels currently bridged to the specified channel to the specified destination.</para>
987                 </description>
988                 <see-also>
989                         <ref type="manager">Redirect</ref>
990                 </see-also>
991         </manager>
992  ***/
993
994 /*! \addtogroup Group_AMI AMI functions
995 */
996 /*! @{
997  Doxygen group */
998
999 enum error_type {
1000         UNKNOWN_ACTION = 1,
1001         UNKNOWN_CATEGORY,
1002         UNSPECIFIED_CATEGORY,
1003         UNSPECIFIED_ARGUMENT,
1004         FAILURE_ALLOCATION,
1005         FAILURE_NEWCAT,
1006         FAILURE_DELCAT,
1007         FAILURE_EMPTYCAT,
1008         FAILURE_UPDATE,
1009         FAILURE_DELETE,
1010         FAILURE_APPEND
1011 };
1012
1013 enum add_filter_result {
1014         FILTER_SUCCESS,
1015         FILTER_ALLOC_FAILED,
1016         FILTER_COMPILE_FAIL,
1017 };
1018
1019 /*!
1020  * Linked list of events.
1021  * Global events are appended to the list by append_event().
1022  * The usecount is the number of stored pointers to the element,
1023  * excluding the list pointers. So an element that is only in
1024  * the list has a usecount of 0, not 1.
1025  *
1026  * Clients have a pointer to the last event processed, and for each
1027  * of these clients we track the usecount of the elements.
1028  * If we have a pointer to an entry in the list, it is safe to navigate
1029  * it forward because elements will not be deleted, but only appended.
1030  * The worst that can happen is seeing the pointer still NULL.
1031  *
1032  * When the usecount of an element drops to 0, and the element is the
1033  * first in the list, we can remove it. Removal is done within the
1034  * main thread, which is woken up for the purpose.
1035  *
1036  * For simplicity of implementation, we make sure the list is never empty.
1037  */
1038 struct eventqent {
1039         int usecount;           /*!< # of clients who still need the event */
1040         int category;
1041         unsigned int seq;       /*!< sequence number */
1042         struct timeval tv;  /*!< When event was allocated */
1043         AST_RWLIST_ENTRY(eventqent) eq_next;
1044         char eventdata[1];      /*!< really variable size, allocated by append_event() */
1045 };
1046
1047 static AST_RWLIST_HEAD_STATIC(all_events, eventqent);
1048
1049 static int displayconnects = 1;
1050 static int allowmultiplelogin = 1;
1051 static int timestampevents;
1052 static int httptimeout = 60;
1053 static int broken_events_action = 0;
1054 static int manager_enabled = 0;
1055 static int webmanager_enabled = 0;
1056 static int manager_debug = 0;   /*!< enable some debugging code in the manager */
1057 static int authtimeout;
1058 static int authlimit;
1059 static char *manager_channelvars;
1060
1061 #define DEFAULT_REALM           "asterisk"
1062 static char global_realm[MAXHOSTNAMELEN];       /*!< Default realm */
1063
1064 static int block_sockets;
1065 static int unauth_sessions = 0;
1066 static struct stasis_subscription *acl_change_sub;
1067
1068 /*! \brief A \ref stasis_topic that all topics AMI cares about will be forwarded to */
1069 static struct stasis_topic *manager_topic;
1070
1071 /*! \brief The \ref stasis_message_router for all \ref stasis messages */
1072 static struct stasis_message_router *stasis_router;
1073
1074 #define MGR_SHOW_TERMINAL_WIDTH 80
1075
1076 #define MAX_VARS 128
1077
1078 /*! \brief
1079  * Descriptor for a manager session, either on the AMI socket or over HTTP.
1080  *
1081  * \note
1082  * AMI session have managerid == 0; the entry is created upon a connect,
1083  * and destroyed with the socket.
1084  * HTTP sessions have managerid != 0, the value is used as a search key
1085  * to lookup sessions (using the mansession_id cookie, or nonce key from
1086  * Digest Authentication http header).
1087  */
1088 #define MAX_BLACKLIST_CMD_LEN 2
1089 static const struct {
1090         const char *words[AST_MAX_CMD_LEN];
1091 } command_blacklist[] = {
1092         {{ "module", "load", NULL }},
1093         {{ "module", "unload", NULL }},
1094         {{ "restart", "gracefully", NULL }},
1095 };
1096
1097 static void acl_change_stasis_cb(void *data, struct stasis_subscription *sub, struct stasis_topic *topic, struct stasis_message *message);
1098
1099 static void acl_change_stasis_subscribe(void)
1100 {
1101         if (!acl_change_sub) {
1102                 acl_change_sub = stasis_subscribe(ast_security_topic(),
1103                         acl_change_stasis_cb, NULL);
1104         }
1105 }
1106
1107 static void acl_change_stasis_unsubscribe(void)
1108 {
1109         acl_change_sub = stasis_unsubscribe_and_join(acl_change_sub);
1110 }
1111
1112 /* In order to understand what the heck is going on with the
1113  * mansession_session and mansession structs, we need to have a bit of a history
1114  * lesson.
1115  *
1116  * In the beginning, there was the mansession. The mansession contained data that was
1117  * intrinsic to a manager session, such as the time that it started, the name of the logged-in
1118  * user, etc. In addition to these parameters were the f and fd parameters. For typical manager
1119  * sessions, these were used to represent the TCP socket over which the AMI session was taking
1120  * place. It makes perfect sense for these fields to be a part of the session-specific data since
1121  * the session actually defines this information.
1122  *
1123  * Then came the HTTP AMI sessions. With these, the f and fd fields need to be opened and closed
1124  * for every single action that occurs. Thus the f and fd fields aren't really specific to the session
1125  * but rather to the action that is being executed. Because a single session may execute many commands
1126  * at once, some sort of safety needed to be added in order to be sure that we did not end up with fd
1127  * leaks from one action overwriting the f and fd fields used by a previous action before the previous action
1128  * has had a chance to properly close its handles.
1129  *
1130  * The initial idea to solve this was to use thread synchronization, but this prevented multiple actions
1131  * from being run at the same time in a single session. Some manager actions may block for a long time, thus
1132  * creating a large queue of actions to execute. In addition, this fix did not address the basic architectural
1133  * issue that for HTTP manager sessions, the f and fd variables are not really a part of the session, but are
1134  * part of the action instead.
1135  *
1136  * The new idea was to create a structure on the stack for each HTTP Manager action. This structure would
1137  * contain the action-specific information, such as which file to write to. In order to maintain expectations
1138  * of action handlers and not have to change the public API of the manager code, we would need to name this
1139  * new stacked structure 'mansession' and contain within it the old mansession struct that we used to use.
1140  * We renamed the old mansession struct 'mansession_session' to hopefully convey that what is in this structure
1141  * is session-specific data. The structure that it is wrapped in, called a 'mansession' really contains action-specific
1142  * data.
1143  */
1144 struct mansession_session {
1145                                 /*! \todo XXX need to document which fields it is protecting */
1146         struct ast_sockaddr addr;       /*!< address we are connecting from */
1147         FILE *f;                /*!< fdopen() on the underlying fd */
1148         int fd;                 /*!< descriptor used for output. Either the socket (AMI) or a temporary file (HTTP) */
1149         int inuse;              /*!< number of HTTP sessions using this entry */
1150         int needdestroy;        /*!< Whether an HTTP session should be destroyed */
1151         pthread_t waiting_thread;       /*!< Sleeping thread using this descriptor */
1152         uint32_t managerid;     /*!< Unique manager identifier, 0 for AMI sessions */
1153         time_t sessionstart;    /*!< Session start time */
1154         struct timeval sessionstart_tv; /*!< Session start time */
1155         time_t sessiontimeout;  /*!< Session timeout if HTTP */
1156         char username[80];      /*!< Logged in username */
1157         char challenge[10];     /*!< Authentication challenge */
1158         int authenticated;      /*!< Authentication status */
1159         int readperm;           /*!< Authorization for reading */
1160         int writeperm;          /*!< Authorization for writing */
1161         char inbuf[1025];       /*!< Buffer -  we use the extra byte to add a '\\0' and simplify parsing */
1162         int inlen;              /*!< number of buffered bytes */
1163         struct ao2_container *whitefilters;     /*!< Manager event filters - white list */
1164         struct ao2_container *blackfilters;     /*!< Manager event filters - black list */
1165         struct ast_variable *chanvars;  /*!< Channel variables to set for originate */
1166         int send_events;        /*!<  XXX what ? */
1167         struct eventqent *last_ev;      /*!< last event processed. */
1168         int writetimeout;       /*!< Timeout for ast_carefulwrite() */
1169         time_t authstart;
1170         int pending_event;         /*!< Pending events indicator in case when waiting_thread is NULL */
1171         time_t noncetime;       /*!< Timer for nonce value expiration */
1172         unsigned long oldnonce; /*!< Stale nonce value */
1173         unsigned long nc;       /*!< incremental  nonce counter */
1174         AST_LIST_HEAD_NOLOCK(mansession_datastores, ast_datastore) datastores; /*!< Data stores on the session */
1175         AST_LIST_ENTRY(mansession_session) list;
1176 };
1177
1178 enum mansession_message_parsing {
1179         MESSAGE_OKAY,
1180         MESSAGE_LINE_TOO_LONG
1181 };
1182
1183 /*! \brief In case you didn't read that giant block of text above the mansession_session struct, the
1184  * \ref struct mansession is named this solely to keep the API the same in Asterisk. This structure really
1185  * represents data that is different from Manager action to Manager action. The mansession_session pointer
1186  * contained within points to session-specific data.
1187  */
1188 struct mansession {
1189         struct mansession_session *session;
1190         struct ast_tcptls_session_instance *tcptls_session;
1191         FILE *f;
1192         int fd;
1193         enum mansession_message_parsing parsing;
1194         int write_error:1;
1195         struct manager_custom_hook *hook;
1196         ast_mutex_t lock;
1197 };
1198
1199 static struct ao2_container *sessions = NULL;
1200
1201 /*! \brief user descriptor, as read from the config file.
1202  *
1203  * \note It is still missing some fields -- e.g. we can have multiple permit and deny
1204  * lines which are not supported here, and readperm/writeperm/writetimeout
1205  * are not stored.
1206  */
1207 struct ast_manager_user {
1208         char username[80];
1209         char *secret;                   /*!< Secret for logging in */
1210         int readperm;                   /*!< Authorization for reading */
1211         int writeperm;                  /*!< Authorization for writing */
1212         int writetimeout;               /*!< Per user Timeout for ast_carefulwrite() */
1213         int displayconnects;            /*!< XXX unused */
1214         int keep;                       /*!< mark entries created on a reload */
1215         struct ao2_container *whitefilters; /*!< Manager event filters - white list */
1216         struct ao2_container *blackfilters; /*!< Manager event filters - black list */
1217         struct ast_acl_list *acl;       /*!< ACL setting */
1218         char *a1_hash;                  /*!< precalculated A1 for Digest auth */
1219         struct ast_variable *chanvars;  /*!< Channel variables to set for originate */
1220         AST_RWLIST_ENTRY(ast_manager_user) list;
1221 };
1222
1223 /*! \brief list of users found in the config file */
1224 static AST_RWLIST_HEAD_STATIC(users, ast_manager_user);
1225
1226 /*! \brief list of actions registered */
1227 static AST_RWLIST_HEAD_STATIC(actions, manager_action);
1228
1229 /*! \brief list of hooks registered */
1230 static AST_RWLIST_HEAD_STATIC(manager_hooks, manager_custom_hook);
1231
1232 /*! \brief A container of event documentation nodes */
1233 AO2_GLOBAL_OBJ_STATIC(event_docs);
1234
1235 static enum add_filter_result manager_add_filter(const char *filter_pattern, struct ao2_container *whitefilters, struct ao2_container *blackfilters);
1236
1237 /*!
1238  * @{ \brief Define AMI message types.
1239  */
1240 STASIS_MESSAGE_TYPE_DEFN(ast_manager_get_generic_type);
1241 /*! @} */
1242
1243 /*!
1244  * \internal
1245  * \brief Find a registered action object.
1246  *
1247  * \param name Name of AMI action to find.
1248  *
1249  * \return Reffed action found or NULL
1250  */
1251 static struct manager_action *action_find(const char *name)
1252 {
1253         struct manager_action *act;
1254
1255         AST_RWLIST_RDLOCK(&actions);
1256         AST_RWLIST_TRAVERSE(&actions, act, list) {
1257                 if (!strcasecmp(name, act->action)) {
1258                         ao2_t_ref(act, +1, "found action object");
1259                         break;
1260                 }
1261         }
1262         AST_RWLIST_UNLOCK(&actions);
1263
1264         return act;
1265 }
1266
1267 struct stasis_topic *ast_manager_get_topic(void)
1268 {
1269         return manager_topic;
1270 }
1271
1272 struct stasis_message_router *ast_manager_get_message_router(void)
1273 {
1274         return stasis_router;
1275 }
1276
1277 struct ast_str *ast_manager_str_from_json_object(struct ast_json *blob, key_exclusion_cb exclusion_cb)
1278 {
1279         struct ast_str *output_str = ast_str_create(32);
1280         struct ast_json *value;
1281         const char *key;
1282         if (!output_str) {
1283                 return NULL;
1284         }
1285
1286         ast_json_object_foreach(blob, key, value) {
1287                 if (exclusion_cb && exclusion_cb(key)) {
1288                         continue;
1289                 }
1290                 ast_str_append(&output_str, 0, "%s: %s\r\n", key, ast_json_string_get(value));
1291                 if (!output_str) {
1292                         return NULL;
1293                 }
1294         }
1295
1296         return output_str;
1297 }
1298
1299 static void manager_generic_msg_cb(void *data, struct stasis_subscription *sub,
1300                                     struct stasis_topic *topic,
1301                                     struct stasis_message *message)
1302 {
1303         struct ast_json_payload *payload = stasis_message_data(message);
1304         int class_type = ast_json_integer_get(ast_json_object_get(payload->json, "class_type"));
1305         const char *type = ast_json_string_get(ast_json_object_get(payload->json, "type"));
1306         struct ast_json *event = ast_json_object_get(payload->json, "event");
1307         RAII_VAR(struct ast_str *, event_buffer, NULL, ast_free);
1308
1309         event_buffer = ast_manager_str_from_json_object(event, NULL);
1310         if (!event_buffer) {
1311                 ast_log(AST_LOG_WARNING, "Error while creating payload for event %s\n", type);
1312                 return;
1313         }
1314         manager_event(class_type, type, "%s", ast_str_buffer(event_buffer));
1315 }
1316
1317 void ast_manager_publish_event(const char *type, int class_type, struct ast_json *obj)
1318 {
1319         RAII_VAR(struct ast_json *, event_info, NULL, ast_json_unref);
1320         RAII_VAR(struct ast_json_payload *, payload, NULL, ao2_cleanup);
1321         RAII_VAR(struct stasis_message *, message, NULL, ao2_cleanup);
1322
1323         if (!obj) {
1324                 return;
1325         }
1326
1327         ast_json_ref(obj);
1328         event_info = ast_json_pack("{s: s, s: i, s: o}",
1329                         "type", type,
1330                         "class_type", class_type,
1331                         "event", obj);
1332         if (!event_info) {
1333                 return;
1334         }
1335
1336         payload = ast_json_payload_create(event_info);
1337         if (!payload) {
1338                 return;
1339         }
1340         message = stasis_message_create(ast_manager_get_generic_type(), payload);
1341         if (!message) {
1342                 return;
1343         }
1344         stasis_publish(ast_manager_get_topic(), message);
1345 }
1346
1347 /*! \brief Add a custom hook to be called when an event is fired */
1348 void ast_manager_register_hook(struct manager_custom_hook *hook)
1349 {
1350         AST_RWLIST_WRLOCK(&manager_hooks);
1351         AST_RWLIST_INSERT_TAIL(&manager_hooks, hook, list);
1352         AST_RWLIST_UNLOCK(&manager_hooks);
1353 }
1354
1355 /*! \brief Delete a custom hook to be called when an event is fired */
1356 void ast_manager_unregister_hook(struct manager_custom_hook *hook)
1357 {
1358         AST_RWLIST_WRLOCK(&manager_hooks);
1359         AST_RWLIST_REMOVE(&manager_hooks, hook, list);
1360         AST_RWLIST_UNLOCK(&manager_hooks);
1361 }
1362
1363 int check_manager_enabled(void)
1364 {
1365         return manager_enabled;
1366 }
1367
1368 int check_webmanager_enabled(void)
1369 {
1370         return (webmanager_enabled && manager_enabled);
1371 }
1372
1373 /*!
1374  * Grab a reference to the last event, update usecount as needed.
1375  * Can handle a NULL pointer.
1376  */
1377 static struct eventqent *grab_last(void)
1378 {
1379         struct eventqent *ret;
1380
1381         AST_RWLIST_WRLOCK(&all_events);
1382         ret = AST_RWLIST_LAST(&all_events);
1383         /* the list is never empty now, but may become so when
1384          * we optimize it in the future, so be prepared.
1385          */
1386         if (ret) {
1387                 ast_atomic_fetchadd_int(&ret->usecount, 1);
1388         }
1389         AST_RWLIST_UNLOCK(&all_events);
1390         return ret;
1391 }
1392
1393 /*!
1394  * Purge unused events. Remove elements from the head
1395  * as long as their usecount is 0 and there is a next element.
1396  */
1397 static void purge_events(void)
1398 {
1399         struct eventqent *ev;
1400         struct timeval now = ast_tvnow();
1401
1402         AST_RWLIST_WRLOCK(&all_events);
1403         while ( (ev = AST_RWLIST_FIRST(&all_events)) &&
1404             ev->usecount == 0 && AST_RWLIST_NEXT(ev, eq_next)) {
1405                 AST_RWLIST_REMOVE_HEAD(&all_events, eq_next);
1406                 ast_free(ev);
1407         }
1408
1409         AST_RWLIST_TRAVERSE_SAFE_BEGIN(&all_events, ev, eq_next) {
1410                 /* Never release the last event */
1411                 if (!AST_RWLIST_NEXT(ev, eq_next)) {
1412                         break;
1413                 }
1414
1415                 /* 2.5 times whatever the HTTP timeout is (maximum 2.5 hours) is the maximum time that we will definitely cache an event */
1416                 if (ev->usecount == 0 && ast_tvdiff_sec(now, ev->tv) > (httptimeout > 3600 ? 3600 : httptimeout) * 2.5) {
1417                         AST_RWLIST_REMOVE_CURRENT(eq_next);
1418                         ast_free(ev);
1419                 }
1420         }
1421         AST_RWLIST_TRAVERSE_SAFE_END;
1422         AST_RWLIST_UNLOCK(&all_events);
1423 }
1424
1425 /*!
1426  * helper functions to convert back and forth between
1427  * string and numeric representation of set of flags
1428  */
1429 static const struct permalias {
1430         int num;
1431         const char *label;
1432 } perms[] = {
1433         { EVENT_FLAG_SYSTEM, "system" },
1434         { EVENT_FLAG_CALL, "call" },
1435         { EVENT_FLAG_LOG, "log" },
1436         { EVENT_FLAG_VERBOSE, "verbose" },
1437         { EVENT_FLAG_COMMAND, "command" },
1438         { EVENT_FLAG_AGENT, "agent" },
1439         { EVENT_FLAG_USER, "user" },
1440         { EVENT_FLAG_CONFIG, "config" },
1441         { EVENT_FLAG_DTMF, "dtmf" },
1442         { EVENT_FLAG_REPORTING, "reporting" },
1443         { EVENT_FLAG_CDR, "cdr" },
1444         { EVENT_FLAG_DIALPLAN, "dialplan" },
1445         { EVENT_FLAG_ORIGINATE, "originate" },
1446         { EVENT_FLAG_AGI, "agi" },
1447         { EVENT_FLAG_CC, "cc" },
1448         { EVENT_FLAG_AOC, "aoc" },
1449         { EVENT_FLAG_TEST, "test" },
1450         { EVENT_FLAG_MESSAGE, "message" },
1451         { INT_MAX, "all" },
1452         { 0, "none" },
1453 };
1454
1455 /*! \brief Checks to see if a string which can be used to evaluate functions should be rejected */
1456 static int function_capable_string_allowed_with_auths(const char *evaluating, int writepermlist)
1457 {
1458         if (!(writepermlist & EVENT_FLAG_SYSTEM)
1459                 && (
1460                         strstr(evaluating, "SHELL") ||       /* NoOp(${SHELL(rm -rf /)})  */
1461                         strstr(evaluating, "EVAL")           /* NoOp(${EVAL(${some_var_containing_SHELL})}) */
1462                 )) {
1463                 return 0;
1464         }
1465         return 1;
1466 }
1467
1468 /*! \brief Convert authority code to a list of options for a user. This will only
1469  * display those authority codes that have an explicit match on authority */
1470 static const char *user_authority_to_str(int authority, struct ast_str **res)
1471 {
1472         int i;
1473         char *sep = "";
1474
1475         ast_str_reset(*res);
1476         for (i = 0; i < ARRAY_LEN(perms) - 1; i++) {
1477                 if ((authority & perms[i].num) == perms[i].num) {
1478                         ast_str_append(res, 0, "%s%s", sep, perms[i].label);
1479                         sep = ",";
1480                 }
1481         }
1482
1483         if (ast_str_strlen(*res) == 0)  /* replace empty string with something sensible */
1484                 ast_str_append(res, 0, "<none>");
1485
1486         return ast_str_buffer(*res);
1487 }
1488
1489
1490 /*! \brief Convert authority code to a list of options. Note that the EVENT_FLAG_ALL
1491  * authority will always be returned. */
1492 static const char *authority_to_str(int authority, struct ast_str **res)
1493 {
1494         int i;
1495         char *sep = "";
1496
1497         ast_str_reset(*res);
1498         for (i = 0; i < ARRAY_LEN(perms) - 1; i++) {
1499                 if (authority & perms[i].num) {
1500                         ast_str_append(res, 0, "%s%s", sep, perms[i].label);
1501                         sep = ",";
1502                 }
1503         }
1504
1505         if (ast_str_strlen(*res) == 0)  /* replace empty string with something sensible */
1506                 ast_str_append(res, 0, "<none>");
1507
1508         return ast_str_buffer(*res);
1509 }
1510
1511 /*! Tells you if smallstr exists inside bigstr
1512    which is delim by delim and uses no buf or stringsep
1513    ast_instring("this|that|more","this",'|') == 1;
1514
1515    feel free to move this to app.c -anthm */
1516 static int ast_instring(const char *bigstr, const char *smallstr, const char delim)
1517 {
1518         const char *val = bigstr, *next;
1519
1520         do {
1521                 if ((next = strchr(val, delim))) {
1522                         if (!strncmp(val, smallstr, (next - val))) {
1523                                 return 1;
1524                         } else {
1525                                 continue;
1526                         }
1527                 } else {
1528                         return !strcmp(smallstr, val);
1529                 }
1530         } while (*(val = (next + 1)));
1531
1532         return 0;
1533 }
1534
1535 static int get_perm(const char *instr)
1536 {
1537         int x = 0, ret = 0;
1538
1539         if (!instr) {
1540                 return 0;
1541         }
1542
1543         for (x = 0; x < ARRAY_LEN(perms); x++) {
1544                 if (ast_instring(instr, perms[x].label, ',')) {
1545                         ret |= perms[x].num;
1546                 }
1547         }
1548
1549         return ret;
1550 }
1551
1552 /*!
1553  * A number returns itself, false returns 0, true returns all flags,
1554  * other strings return the flags that are set.
1555  */
1556 static int strings_to_mask(const char *string)
1557 {
1558         const char *p;
1559
1560         if (ast_strlen_zero(string)) {
1561                 return -1;
1562         }
1563
1564         for (p = string; *p; p++) {
1565                 if (*p < '0' || *p > '9') {
1566                         break;
1567                 }
1568         }
1569         if (!*p) { /* all digits */
1570                 return atoi(string);
1571         }
1572         if (ast_false(string)) {
1573                 return 0;
1574         }
1575         if (ast_true(string)) { /* all permissions */
1576                 int x, ret = 0;
1577                 for (x = 0; x < ARRAY_LEN(perms); x++) {
1578                         ret |= perms[x].num;
1579                 }
1580                 return ret;
1581         }
1582         return get_perm(string);
1583 }
1584
1585 /*! \brief Unreference manager session object.
1586      If no more references, then go ahead and delete it */
1587 static struct mansession_session *unref_mansession(struct mansession_session *s)
1588 {
1589         int refcount = ao2_ref(s, -1);
1590         if (manager_debug) {
1591                 ast_debug(1, "Mansession: %p refcount now %d\n", s, refcount - 1);
1592         }
1593         return s;
1594 }
1595
1596 static void event_filter_destructor(void *obj)
1597 {
1598         regex_t *regex_filter = obj;
1599         regfree(regex_filter);
1600 }
1601
1602 static void session_destructor(void *obj)
1603 {
1604         struct mansession_session *session = obj;
1605         struct eventqent *eqe = session->last_ev;
1606         struct ast_datastore *datastore;
1607
1608         /* Get rid of each of the data stores on the session */
1609         while ((datastore = AST_LIST_REMOVE_HEAD(&session->datastores, entry))) {
1610                 /* Free the data store */
1611                 ast_datastore_free(datastore);
1612         }
1613
1614         if (session->f != NULL) {
1615                 fclose(session->f);
1616         }
1617         if (eqe) {
1618                 ast_atomic_fetchadd_int(&eqe->usecount, -1);
1619         }
1620         if (session->chanvars) {
1621                 ast_variables_destroy(session->chanvars);
1622         }
1623
1624         if (session->whitefilters) {
1625                 ao2_t_callback(session->whitefilters, OBJ_UNLINK | OBJ_NODATA | OBJ_MULTIPLE, NULL, NULL, "unlink all white filters");
1626                 ao2_t_ref(session->whitefilters, -1 , "decrement ref for white container, should be last one");
1627         }
1628
1629         if (session->blackfilters) {
1630                 ao2_t_callback(session->blackfilters, OBJ_UNLINK | OBJ_NODATA | OBJ_MULTIPLE, NULL, NULL, "unlink all black filters");
1631                 ao2_t_ref(session->blackfilters, -1 , "decrement ref for black container, should be last one");
1632         }
1633 }
1634
1635 /*! \brief Allocate manager session structure and add it to the list of sessions */
1636 static struct mansession_session *build_mansession(const struct ast_sockaddr *addr)
1637 {
1638         struct mansession_session *newsession;
1639
1640         if (!(newsession = ao2_alloc(sizeof(*newsession), session_destructor))) {
1641                 return NULL;
1642         }
1643
1644         if (!(newsession->whitefilters = ao2_container_alloc(1, NULL, NULL))) {
1645                 ao2_ref(newsession, -1);
1646                 return NULL;
1647         }
1648
1649         if (!(newsession->blackfilters = ao2_container_alloc(1, NULL, NULL))) {
1650                 ao2_ref(newsession, -1); /* session_destructor will cleanup the other filter */
1651                 return NULL;
1652         }
1653
1654         newsession->fd = -1;
1655         newsession->waiting_thread = AST_PTHREADT_NULL;
1656         newsession->writetimeout = 100;
1657         newsession->send_events = -1;
1658         ast_sockaddr_copy(&newsession->addr, addr);
1659
1660         ao2_link(sessions, newsession);
1661
1662         return newsession;
1663 }
1664
1665 static int mansession_cmp_fn(void *obj, void *arg, int flags)
1666 {
1667         struct mansession_session *s = obj;
1668         char *str = arg;
1669         return !strcasecmp(s->username, str) ? CMP_MATCH : 0;
1670 }
1671
1672 static void session_destroy(struct mansession_session *s)
1673 {
1674         unref_mansession(s);
1675         ao2_unlink(sessions, s);
1676 }
1677
1678
1679 static int check_manager_session_inuse(const char *name)
1680 {
1681         struct mansession_session *session = ao2_find(sessions, (char *) name, 0);
1682         int inuse = 0;
1683
1684         if (session) {
1685                 inuse = 1;
1686                 unref_mansession(session);
1687         }
1688         return inuse;
1689 }
1690
1691
1692 /*!
1693  * lookup an entry in the list of registered users.
1694  * must be called with the list lock held.
1695  */
1696 static struct ast_manager_user *get_manager_by_name_locked(const char *name)
1697 {
1698         struct ast_manager_user *user = NULL;
1699
1700         AST_RWLIST_TRAVERSE(&users, user, list) {
1701                 if (!strcasecmp(user->username, name)) {
1702                         break;
1703                 }
1704         }
1705
1706         return user;
1707 }
1708
1709 /*! \brief Get displayconnects config option.
1710  *  \param session manager session to get parameter from.
1711  *  \return displayconnects config option value.
1712  */
1713 static int manager_displayconnects (struct mansession_session *session)
1714 {
1715         struct ast_manager_user *user = NULL;
1716         int ret = 0;
1717
1718         AST_RWLIST_RDLOCK(&users);
1719         if ((user = get_manager_by_name_locked (session->username))) {
1720                 ret = user->displayconnects;
1721         }
1722         AST_RWLIST_UNLOCK(&users);
1723
1724         return ret;
1725 }
1726
1727 static char *handle_showmancmd(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
1728 {
1729         struct manager_action *cur;
1730         struct ast_str *authority;
1731         int num, l, which;
1732         char *ret = NULL;
1733 #ifdef AST_XML_DOCS
1734         char syntax_title[64], description_title[64], synopsis_title[64], seealso_title[64], arguments_title[64], privilege_title[64];
1735 #endif
1736
1737         switch (cmd) {
1738         case CLI_INIT:
1739                 e->command = "manager show command";
1740                 e->usage =
1741                         "Usage: manager show command <actionname> [<actionname> [<actionname> [...]]]\n"
1742                         "       Shows the detailed description for a specific Asterisk manager interface command.\n";
1743                 return NULL;
1744         case CLI_GENERATE:
1745                 l = strlen(a->word);
1746                 which = 0;
1747                 AST_RWLIST_RDLOCK(&actions);
1748                 AST_RWLIST_TRAVERSE(&actions, cur, list) {
1749                         if (!strncasecmp(a->word, cur->action, l) && ++which > a->n) {
1750                                 ret = ast_strdup(cur->action);
1751                                 break;  /* make sure we exit even if ast_strdup() returns NULL */
1752                         }
1753                 }
1754                 AST_RWLIST_UNLOCK(&actions);
1755                 return ret;
1756         }
1757         authority = ast_str_alloca(80);
1758         if (a->argc < 4) {
1759                 return CLI_SHOWUSAGE;
1760         }
1761
1762 #ifdef AST_XML_DOCS
1763         /* setup the titles */
1764         term_color(synopsis_title, "[Synopsis]\n", COLOR_MAGENTA, 0, 40);
1765         term_color(description_title, "[Description]\n", COLOR_MAGENTA, 0, 40);
1766         term_color(syntax_title, "[Syntax]\n", COLOR_MAGENTA, 0, 40);
1767         term_color(seealso_title, "[See Also]\n", COLOR_MAGENTA, 0, 40);
1768         term_color(arguments_title, "[Arguments]\n", COLOR_MAGENTA, 0, 40);
1769         term_color(privilege_title, "[Privilege]\n", COLOR_MAGENTA, 0, 40);
1770 #endif
1771
1772         AST_RWLIST_RDLOCK(&actions);
1773         AST_RWLIST_TRAVERSE(&actions, cur, list) {
1774                 for (num = 3; num < a->argc; num++) {
1775                         if (!strcasecmp(cur->action, a->argv[num])) {
1776                                 authority_to_str(cur->authority, &authority);
1777
1778 #ifdef AST_XML_DOCS
1779                                 if (cur->docsrc == AST_XML_DOC) {
1780                                         ast_cli(a->fd, "%s%s\n\n%s%s\n\n%s%s\n\n%s%s\n\n%s%s\n\n%s%s\n\n",
1781                                                 syntax_title,
1782                                                 ast_xmldoc_printable(S_OR(cur->syntax, "Not available"), 1),
1783                                                 synopsis_title,
1784                                                 ast_xmldoc_printable(S_OR(cur->synopsis, "Not available"), 1),
1785                                                 description_title,
1786                                                 ast_xmldoc_printable(S_OR(cur->description, "Not available"), 1),
1787                                                 arguments_title,
1788                                                 ast_xmldoc_printable(S_OR(cur->arguments, "Not available"), 1),
1789                                                 seealso_title,
1790                                                 ast_xmldoc_printable(S_OR(cur->seealso, "Not available"), 1),
1791                                                 privilege_title,
1792                                                 ast_xmldoc_printable(S_OR(authority->str, "Not available"), 1));
1793                                 } else
1794 #endif
1795                                 {
1796                                         ast_cli(a->fd, "Action: %s\nSynopsis: %s\nPrivilege: %s\n%s\n",
1797                                                 cur->action, cur->synopsis,
1798                                                 authority->str,
1799                                                 S_OR(cur->description, ""));
1800                                 }
1801                         }
1802                 }
1803         }
1804         AST_RWLIST_UNLOCK(&actions);
1805
1806         return CLI_SUCCESS;
1807 }
1808
1809 static char *handle_mandebug(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
1810 {
1811         switch (cmd) {
1812         case CLI_INIT:
1813                 e->command = "manager set debug [on|off]";
1814                 e->usage = "Usage: manager set debug [on|off]\n Show, enable, disable debugging of the manager code.\n";
1815                 return NULL;
1816         case CLI_GENERATE:
1817                 return NULL;
1818         }
1819
1820         if (a->argc == 3) {
1821                 ast_cli(a->fd, "manager debug is %s\n", manager_debug? "on" : "off");
1822         } else if (a->argc == 4) {
1823                 if (!strcasecmp(a->argv[3], "on")) {
1824                         manager_debug = 1;
1825                 } else if (!strcasecmp(a->argv[3], "off")) {
1826                         manager_debug = 0;
1827                 } else {
1828                         return CLI_SHOWUSAGE;
1829                 }
1830         }
1831         return CLI_SUCCESS;
1832 }
1833
1834 static char *handle_showmanager(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
1835 {
1836         struct ast_manager_user *user = NULL;
1837         int l, which;
1838         char *ret = NULL;
1839         struct ast_str *rauthority = ast_str_alloca(128);
1840         struct ast_str *wauthority = ast_str_alloca(128);
1841         struct ast_variable *v;
1842
1843         switch (cmd) {
1844         case CLI_INIT:
1845                 e->command = "manager show user";
1846                 e->usage =
1847                         " Usage: manager show user <user>\n"
1848                         "        Display all information related to the manager user specified.\n";
1849                 return NULL;
1850         case CLI_GENERATE:
1851                 l = strlen(a->word);
1852                 which = 0;
1853                 if (a->pos != 3) {
1854                         return NULL;
1855                 }
1856                 AST_RWLIST_RDLOCK(&users);
1857                 AST_RWLIST_TRAVERSE(&users, user, list) {
1858                         if ( !strncasecmp(a->word, user->username, l) && ++which > a->n ) {
1859                                 ret = ast_strdup(user->username);
1860                                 break;
1861                         }
1862                 }
1863                 AST_RWLIST_UNLOCK(&users);
1864                 return ret;
1865         }
1866
1867         if (a->argc != 4) {
1868                 return CLI_SHOWUSAGE;
1869         }
1870
1871         AST_RWLIST_RDLOCK(&users);
1872
1873         if (!(user = get_manager_by_name_locked(a->argv[3]))) {
1874                 ast_cli(a->fd, "There is no manager called %s\n", a->argv[3]);
1875                 AST_RWLIST_UNLOCK(&users);
1876                 return CLI_SUCCESS;
1877         }
1878
1879         ast_cli(a->fd, "\n");
1880         ast_cli(a->fd,
1881                 "       username: %s\n"
1882                 "         secret: %s\n"
1883                 "            ACL: %s\n"
1884                 "      read perm: %s\n"
1885                 "     write perm: %s\n"
1886                 "displayconnects: %s\n",
1887                 (user->username ? user->username : "(N/A)"),
1888                 (user->secret ? "<Set>" : "(N/A)"),
1889                 ((user->acl && !ast_acl_list_is_empty(user->acl)) ? "yes" : "no"),
1890                 user_authority_to_str(user->readperm, &rauthority),
1891                 user_authority_to_str(user->writeperm, &wauthority),
1892                 (user->displayconnects ? "yes" : "no"));
1893         ast_cli(a->fd, "      Variables: \n");
1894                 for (v = user->chanvars ; v ; v = v->next) {
1895                         ast_cli(a->fd, "                 %s = %s\n", v->name, v->value);
1896                 }
1897
1898         AST_RWLIST_UNLOCK(&users);
1899
1900         return CLI_SUCCESS;
1901 }
1902
1903 static char *handle_showmanagers(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
1904 {
1905         struct ast_manager_user *user = NULL;
1906         int count_amu = 0;
1907         switch (cmd) {
1908         case CLI_INIT:
1909                 e->command = "manager show users";
1910                 e->usage =
1911                         "Usage: manager show users\n"
1912                         "       Prints a listing of all managers that are currently configured on that\n"
1913                         " system.\n";
1914                 return NULL;
1915         case CLI_GENERATE:
1916                 return NULL;
1917         }
1918         if (a->argc != 3) {
1919                 return CLI_SHOWUSAGE;
1920         }
1921
1922         AST_RWLIST_RDLOCK(&users);
1923
1924         /* If there are no users, print out something along those lines */
1925         if (AST_RWLIST_EMPTY(&users)) {
1926                 ast_cli(a->fd, "There are no manager users.\n");
1927                 AST_RWLIST_UNLOCK(&users);
1928                 return CLI_SUCCESS;
1929         }
1930
1931         ast_cli(a->fd, "\nusername\n--------\n");
1932
1933         AST_RWLIST_TRAVERSE(&users, user, list) {
1934                 ast_cli(a->fd, "%s\n", user->username);
1935                 count_amu++;
1936         }
1937
1938         AST_RWLIST_UNLOCK(&users);
1939
1940         ast_cli(a->fd,"-------------------\n"
1941                       "%d manager users configured.\n", count_amu);
1942         return CLI_SUCCESS;
1943 }
1944
1945 /*! \brief  CLI command  manager list commands */
1946 static char *handle_showmancmds(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
1947 {
1948         struct manager_action *cur;
1949         int name_len = 1;
1950         int space_remaining;
1951 #define HSMC_FORMAT "  %-*.*s  %-.*s\n"
1952         switch (cmd) {
1953         case CLI_INIT:
1954                 e->command = "manager show commands";
1955                 e->usage =
1956                         "Usage: manager show commands\n"
1957                         "       Prints a listing of all the available Asterisk manager interface commands.\n";
1958                 return NULL;
1959         case CLI_GENERATE:
1960                 return NULL;
1961         }
1962
1963         AST_RWLIST_RDLOCK(&actions);
1964         AST_RWLIST_TRAVERSE(&actions, cur, list) {
1965                 int incoming_len = strlen(cur->action);
1966                 if (incoming_len > name_len) {
1967                         name_len = incoming_len;
1968                 }
1969         }
1970
1971         space_remaining = MGR_SHOW_TERMINAL_WIDTH - name_len - 4;
1972         if (space_remaining < 0) {
1973                 space_remaining = 0;
1974         }
1975
1976         ast_cli(a->fd, HSMC_FORMAT, name_len, name_len, "Action", space_remaining, "Synopsis");
1977         ast_cli(a->fd, HSMC_FORMAT, name_len, name_len, "------", space_remaining, "--------");
1978
1979         AST_RWLIST_TRAVERSE(&actions, cur, list) {
1980                 ast_cli(a->fd, HSMC_FORMAT, name_len, name_len, cur->action, space_remaining, cur->synopsis);
1981         }
1982         AST_RWLIST_UNLOCK(&actions);
1983
1984         return CLI_SUCCESS;
1985 }
1986
1987 /*! \brief CLI command manager list connected */
1988 static char *handle_showmanconn(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
1989 {
1990         struct mansession_session *session;
1991         time_t now = time(NULL);
1992 #define HSMCONN_FORMAT1 "  %-15.15s  %-55.55s  %-10.10s  %-10.10s  %-8.8s  %-8.8s  %-5.5s  %-5.5s\n"
1993 #define HSMCONN_FORMAT2 "  %-15.15s  %-55.55s  %-10d  %-10d  %-8d  %-8d  %-5.5d  %-5.5d\n"
1994         int count = 0;
1995         struct ao2_iterator i;
1996
1997         switch (cmd) {
1998         case CLI_INIT:
1999                 e->command = "manager show connected";
2000                 e->usage =
2001                         "Usage: manager show connected\n"
2002                         "       Prints a listing of the users that are currently connected to the\n"
2003                         "Asterisk manager interface.\n";
2004                 return NULL;
2005         case CLI_GENERATE:
2006                 return NULL;
2007         }
2008
2009         ast_cli(a->fd, HSMCONN_FORMAT1, "Username", "IP Address", "Start", "Elapsed", "FileDes", "HttpCnt", "Read", "Write");
2010
2011         i = ao2_iterator_init(sessions, 0);
2012         while ((session = ao2_iterator_next(&i))) {
2013                 ao2_lock(session);
2014                 ast_cli(a->fd, HSMCONN_FORMAT2, session->username, ast_sockaddr_stringify_addr(&session->addr), (int)(session->sessionstart), (int)(now - session->sessionstart), session->fd, session->inuse, session->readperm, session->writeperm);
2015                 count++;
2016                 ao2_unlock(session);
2017                 unref_mansession(session);
2018         }
2019         ao2_iterator_destroy(&i);
2020         ast_cli(a->fd, "%d users connected.\n", count);
2021
2022         return CLI_SUCCESS;
2023 }
2024
2025 /*! \brief CLI command manager list eventq */
2026 /* Should change to "manager show connected" */
2027 static char *handle_showmaneventq(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
2028 {
2029         struct eventqent *s;
2030         switch (cmd) {
2031         case CLI_INIT:
2032                 e->command = "manager show eventq";
2033                 e->usage =
2034                         "Usage: manager show eventq\n"
2035                         "       Prints a listing of all events pending in the Asterisk manger\n"
2036                         "event queue.\n";
2037                 return NULL;
2038         case CLI_GENERATE:
2039                 return NULL;
2040         }
2041         AST_RWLIST_RDLOCK(&all_events);
2042         AST_RWLIST_TRAVERSE(&all_events, s, eq_next) {
2043                 ast_cli(a->fd, "Usecount: %d\n", s->usecount);
2044                 ast_cli(a->fd, "Category: %d\n", s->category);
2045                 ast_cli(a->fd, "Event:\n%s", s->eventdata);
2046         }
2047         AST_RWLIST_UNLOCK(&all_events);
2048
2049         return CLI_SUCCESS;
2050 }
2051
2052 /*! \brief CLI command manager reload */
2053 static char *handle_manager_reload(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
2054 {
2055         switch (cmd) {
2056         case CLI_INIT:
2057                 e->command = "manager reload";
2058                 e->usage =
2059                         "Usage: manager reload\n"
2060                         "       Reloads the manager configuration.\n";
2061                 return NULL;
2062         case CLI_GENERATE:
2063                 return NULL;
2064         }
2065         if (a->argc > 2) {
2066                 return CLI_SHOWUSAGE;
2067         }
2068         reload_manager();
2069         return CLI_SUCCESS;
2070 }
2071
2072 static struct eventqent *advance_event(struct eventqent *e)
2073 {
2074         struct eventqent *next;
2075
2076         AST_RWLIST_RDLOCK(&all_events);
2077         if ((next = AST_RWLIST_NEXT(e, eq_next))) {
2078                 ast_atomic_fetchadd_int(&next->usecount, 1);
2079                 ast_atomic_fetchadd_int(&e->usecount, -1);
2080         }
2081         AST_RWLIST_UNLOCK(&all_events);
2082         return next;
2083 }
2084
2085 #define GET_HEADER_FIRST_MATCH  0
2086 #define GET_HEADER_LAST_MATCH   1
2087 #define GET_HEADER_SKIP_EMPTY   2
2088
2089 /*!
2090  * \brief Return a matching header value.
2091  *
2092  * \details
2093  * Generic function to return either the first or the last
2094  * matching header from a list of variables, possibly skipping
2095  * empty strings.
2096  *
2097  * \note At the moment there is only one use of this function in
2098  * this file, so we make it static.
2099  *
2100  * \note Never returns NULL.
2101  */
2102 static const char *__astman_get_header(const struct message *m, char *var, int mode)
2103 {
2104         int x, l = strlen(var);
2105         const char *result = "";
2106
2107         if (!m) {
2108                 return result;
2109         }
2110
2111         for (x = 0; x < m->hdrcount; x++) {
2112                 const char *h = m->headers[x];
2113                 if (!strncasecmp(var, h, l) && h[l] == ':') {
2114                         const char *value = h + l + 1;
2115                         value = ast_skip_blanks(value); /* ignore leading spaces in the value */
2116                         /* found a potential candidate */
2117                         if ((mode & GET_HEADER_SKIP_EMPTY) && ast_strlen_zero(value)) {
2118                                 continue;       /* not interesting */
2119                         }
2120                         if (mode & GET_HEADER_LAST_MATCH) {
2121                                 result = value; /* record the last match so far */
2122                         } else {
2123                                 return value;
2124                         }
2125                 }
2126         }
2127
2128         return result;
2129 }
2130
2131 /*!
2132  * \brief Return the first matching variable from an array.
2133  *
2134  * \note This is the legacy function and is implemented in
2135  * therms of __astman_get_header().
2136  *
2137  * \note Never returns NULL.
2138  */
2139 const char *astman_get_header(const struct message *m, char *var)
2140 {
2141         return __astman_get_header(m, var, GET_HEADER_FIRST_MATCH);
2142 }
2143
2144 /*!
2145  * \internal
2146  * \brief Process one "Variable:" header value string.
2147  *
2148  * \param head Current list of AMI variables to get new values added.
2149  * \param hdr_val Header value string to process.
2150  *
2151  * \return New variable list head.
2152  */
2153 static struct ast_variable *man_do_variable_value(struct ast_variable *head, const char *hdr_val)
2154 {
2155         char *parse;
2156         AST_DECLARE_APP_ARGS(args,
2157                 AST_APP_ARG(vars)[64];
2158         );
2159
2160         hdr_val = ast_skip_blanks(hdr_val); /* ignore leading spaces in the value */
2161         parse = ast_strdupa(hdr_val);
2162
2163         /* Break the header value string into name=val pair items. */
2164         AST_STANDARD_APP_ARGS(args, parse);
2165         if (args.argc) {
2166                 int y;
2167
2168                 /* Process each name=val pair item. */
2169                 for (y = 0; y < args.argc; y++) {
2170                         struct ast_variable *cur;
2171                         char *var;
2172                         char *val;
2173
2174                         if (!args.vars[y]) {
2175                                 continue;
2176                         }
2177                         var = val = args.vars[y];
2178                         strsep(&val, "=");
2179
2180                         /* XXX We may wish to trim whitespace from the strings. */
2181                         if (!val || ast_strlen_zero(var)) {
2182                                 continue;
2183                         }
2184
2185                         /* Create new variable list node and prepend it to the list. */
2186                         cur = ast_variable_new(var, val, "");
2187                         if (cur) {
2188                                 cur->next = head;
2189                                 head = cur;
2190                         }
2191                 }
2192         }
2193
2194         return head;
2195 }
2196
2197 struct ast_variable *astman_get_variables(const struct message *m)
2198 {
2199         int varlen;
2200         int x;
2201         struct ast_variable *head = NULL;
2202
2203         static const char var_hdr[] = "Variable:";
2204
2205         /* Process all "Variable:" headers. */
2206         varlen = strlen(var_hdr);
2207         for (x = 0; x < m->hdrcount; x++) {
2208                 if (strncasecmp(var_hdr, m->headers[x], varlen)) {
2209                         continue;
2210                 }
2211                 head = man_do_variable_value(head, m->headers[x] + varlen);
2212         }
2213
2214         return head;
2215 }
2216
2217 /*! \brief access for hooks to send action messages to ami */
2218 int ast_hook_send_action(struct manager_custom_hook *hook, const char *msg)
2219 {
2220         const char *action;
2221         int ret = 0;
2222         struct manager_action *act_found;
2223         struct mansession s = {.session = NULL, };
2224         struct message m = { 0 };
2225         char *dup_str;
2226         char *src;
2227         int x = 0;
2228         int curlen;
2229
2230         if (hook == NULL) {
2231                 return -1;
2232         }
2233
2234         /* Create our own copy of the AMI action msg string. */
2235         src = dup_str = ast_strdup(msg);
2236         if (!dup_str) {
2237                 return -1;
2238         }
2239
2240         /* convert msg string to message struct */
2241         curlen = strlen(src);
2242         for (x = 0; x < curlen; x++) {
2243                 int cr; /* set if we have \r */
2244                 if (src[x] == '\r' && x+1 < curlen && src[x+1] == '\n')
2245                         cr = 2; /* Found. Update length to include \r\n */
2246                 else if (src[x] == '\n')
2247                         cr = 1; /* also accept \n only */
2248                 else
2249                         continue;
2250                 /* don't keep empty lines */
2251                 if (x && m.hdrcount < ARRAY_LEN(m.headers)) {
2252                         /* ... but trim \r\n and terminate the header string */
2253                         src[x] = '\0';
2254                         m.headers[m.hdrcount++] = src;
2255                 }
2256                 x += cr;
2257                 curlen -= x;            /* remaining size */
2258                 src += x;               /* update pointer */
2259                 x = -1;                 /* reset loop */
2260         }
2261
2262         action = astman_get_header(&m, "Action");
2263         if (strcasecmp(action, "login")) {
2264                 act_found = action_find(action);
2265                 if (act_found) {
2266                         /*
2267                          * we have to simulate a session for this action request
2268                          * to be able to pass it down for processing
2269                          * This is necessary to meet the previous design of manager.c
2270                          */
2271                         s.hook = hook;
2272                         s.f = (void*)1; /* set this to something so our request will make it through all functions that test it*/
2273
2274                         ao2_lock(act_found);
2275                         if (act_found->registered && act_found->func) {
2276                                 if (act_found->module) {
2277                                         ast_module_ref(act_found->module);
2278                                 }
2279                                 ao2_unlock(act_found);
2280                                 ret = act_found->func(&s, &m);
2281                                 ao2_lock(act_found);
2282                                 if (act_found->module) {
2283                                         ast_module_unref(act_found->module);
2284                                 }
2285                         } else {
2286                                 ret = -1;
2287                         }
2288                         ao2_unlock(act_found);
2289                         ao2_t_ref(act_found, -1, "done with found action object");
2290                 }
2291         }
2292         ast_free(dup_str);
2293         return ret;
2294 }
2295
2296
2297 /*!
2298  * helper function to send a string to the socket.
2299  * Return -1 on error (e.g. buffer full).
2300  */
2301 static int send_string(struct mansession *s, char *string)
2302 {
2303         int res;
2304         FILE *f = s->f ? s->f : s->session->f;
2305         int fd = s->f ? s->fd : s->session->fd;
2306
2307         /* It's a result from one of the hook's action invocation */
2308         if (s->hook) {
2309                 /*
2310                  * to send responses, we're using the same function
2311                  * as for receiving events. We call the event "HookResponse"
2312                  */
2313                 s->hook->helper(EVENT_FLAG_HOOKRESPONSE, "HookResponse", string);
2314                 return 0;
2315         }
2316
2317         if ((res = ast_careful_fwrite(f, fd, string, strlen(string), s->session->writetimeout))) {
2318                 s->write_error = 1;
2319         }
2320
2321         return res;
2322 }
2323
2324 /*!
2325  * \brief thread local buffer for astman_append
2326  *
2327  * \note This can not be defined within the astman_append() function
2328  *       because it declares a couple of functions that get used to
2329  *       initialize the thread local storage key.
2330  */
2331 AST_THREADSTORAGE(astman_append_buf);
2332
2333 AST_THREADSTORAGE(userevent_buf);
2334
2335 /*! \brief initial allocated size for the astman_append_buf and astman_send_*_va */
2336 #define ASTMAN_APPEND_BUF_INITSIZE   256
2337
2338 /*!
2339  * utility functions for creating AMI replies
2340  */
2341 void astman_append(struct mansession *s, const char *fmt, ...)
2342 {
2343         va_list ap;
2344         struct ast_str *buf;
2345
2346         if (!(buf = ast_str_thread_get(&astman_append_buf, ASTMAN_APPEND_BUF_INITSIZE))) {
2347                 return;
2348         }
2349
2350         va_start(ap, fmt);
2351         ast_str_set_va(&buf, 0, fmt, ap);
2352         va_end(ap);
2353
2354         if (s->f != NULL || s->session->f != NULL) {
2355                 send_string(s, ast_str_buffer(buf));
2356         } else {
2357                 ast_verbose("fd == -1 in astman_append, should not happen\n");
2358         }
2359 }
2360
2361 /*! \note NOTE: XXX this comment is unclear and possibly wrong.
2362    Callers of astman_send_error(), astman_send_response() or astman_send_ack() must EITHER
2363    hold the session lock _or_ be running in an action callback (in which case s->session->busy will
2364    be non-zero). In either of these cases, there is no need to lock-protect the session's
2365    fd, since no other output will be sent (events will be queued), and no input will
2366    be read until either the current action finishes or get_input() obtains the session
2367    lock.
2368  */
2369
2370 /*! \todo XXX MSG_MOREDATA should go to a header file. */
2371 #define MSG_MOREDATA    ((char *)astman_send_response)
2372
2373 /*! \brief send a response with an optional message,
2374  * and terminate it with an empty line.
2375  * m is used only to grab the 'ActionID' field.
2376  *
2377  * Use the explicit constant MSG_MOREDATA to remove the empty line.
2378  * XXX MSG_MOREDATA should go to a header file.
2379  */
2380 static void astman_send_response_full(struct mansession *s, const struct message *m, char *resp, char *msg, char *listflag)
2381 {
2382         const char *id = astman_get_header(m, "ActionID");
2383
2384         astman_append(s, "Response: %s\r\n", resp);
2385         if (!ast_strlen_zero(id)) {
2386                 astman_append(s, "ActionID: %s\r\n", id);
2387         }
2388         if (listflag) {
2389                 astman_append(s, "EventList: %s\r\n", listflag);        /* Start, complete, cancelled */
2390         }
2391         if (msg == MSG_MOREDATA) {
2392                 return;
2393         } else if (msg) {
2394                 astman_append(s, "Message: %s\r\n\r\n", msg);
2395         } else {
2396                 astman_append(s, "\r\n");
2397         }
2398 }
2399
2400 void astman_send_response(struct mansession *s, const struct message *m, char *resp, char *msg)
2401 {
2402         astman_send_response_full(s, m, resp, msg, NULL);
2403 }
2404
2405 void astman_send_error(struct mansession *s, const struct message *m, char *error)
2406 {
2407         astman_send_response_full(s, m, "Error", error, NULL);
2408 }
2409
2410 void astman_send_error_va(struct mansession *s, const struct message *m, const char *fmt, ...)
2411 {
2412         va_list ap;
2413         struct ast_str *buf;
2414         char *msg;
2415
2416         if (!(buf = ast_str_thread_get(&astman_append_buf, ASTMAN_APPEND_BUF_INITSIZE))) {
2417                 return;
2418         }
2419
2420         va_start(ap, fmt);
2421         ast_str_set_va(&buf, 0, fmt, ap);
2422         va_end(ap);
2423
2424         /* astman_append will use the same underlying buffer, so copy the message out
2425          * before sending the response */
2426         msg = ast_str_buffer(buf);
2427         if (msg) {
2428                 msg = ast_strdupa(msg);
2429         }
2430         astman_send_response_full(s, m, "Error", msg, NULL);
2431 }
2432
2433 void astman_send_ack(struct mansession *s, const struct message *m, char *msg)
2434 {
2435         astman_send_response_full(s, m, "Success", msg, NULL);
2436 }
2437
2438 static void astman_start_ack(struct mansession *s, const struct message *m)
2439 {
2440         astman_send_response_full(s, m, "Success", MSG_MOREDATA, NULL);
2441 }
2442
2443 void astman_send_listack(struct mansession *s, const struct message *m, char *msg, char *listflag)
2444 {
2445         astman_send_response_full(s, m, "Success", msg, listflag);
2446 }
2447
2448 /*! \brief Lock the 'mansession' structure. */
2449 static void mansession_lock(struct mansession *s)
2450 {
2451         ast_mutex_lock(&s->lock);
2452 }
2453
2454 /*! \brief Unlock the 'mansession' structure. */
2455 static void mansession_unlock(struct mansession *s)
2456 {
2457         ast_mutex_unlock(&s->lock);
2458 }
2459
2460 /*! \brief
2461    Rather than braindead on,off this now can also accept a specific int mask value
2462    or a ',' delim list of mask strings (the same as manager.conf) -anthm
2463 */
2464 static int set_eventmask(struct mansession *s, const char *eventmask)
2465 {
2466         int maskint = strings_to_mask(eventmask);
2467
2468         ao2_lock(s->session);
2469         if (maskint >= 0) {
2470                 s->session->send_events = maskint;
2471         }
2472         ao2_unlock(s->session);
2473
2474         return maskint;
2475 }
2476
2477 static enum ast_transport mansession_get_transport(const struct mansession *s)
2478 {
2479         return s->tcptls_session->parent->tls_cfg ? AST_TRANSPORT_TLS :
2480                         AST_TRANSPORT_TCP;
2481 }
2482
2483 static void report_invalid_user(const struct mansession *s, const char *username)
2484 {
2485         char session_id[32];
2486         struct ast_security_event_inval_acct_id inval_acct_id = {
2487                 .common.event_type = AST_SECURITY_EVENT_INVAL_ACCT_ID,
2488                 .common.version    = AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION,
2489                 .common.service    = "AMI",
2490                 .common.account_id = username,
2491                 .common.session_tv = &s->session->sessionstart_tv,
2492                 .common.local_addr = {
2493                         .addr      = &s->tcptls_session->parent->local_address,
2494                         .transport = mansession_get_transport(s),
2495                 },
2496                 .common.remote_addr = {
2497                         .addr      = &s->session->addr,
2498                         .transport = mansession_get_transport(s),
2499                 },
2500                 .common.session_id = session_id,
2501         };
2502
2503         snprintf(session_id, sizeof(session_id), "%p", s);
2504
2505         ast_security_event_report(AST_SEC_EVT(&inval_acct_id));
2506 }
2507
2508 static void report_failed_acl(const struct mansession *s, const char *username)
2509 {
2510         char session_id[32];
2511         struct ast_security_event_failed_acl failed_acl_event = {
2512                 .common.event_type = AST_SECURITY_EVENT_FAILED_ACL,
2513                 .common.version    = AST_SECURITY_EVENT_FAILED_ACL_VERSION,
2514                 .common.service    = "AMI",
2515                 .common.account_id = username,
2516                 .common.session_tv = &s->session->sessionstart_tv,
2517                 .common.local_addr = {
2518                         .addr      = &s->tcptls_session->parent->local_address,
2519                         .transport = mansession_get_transport(s),
2520                 },
2521                 .common.remote_addr = {
2522                         .addr      = &s->session->addr,
2523                         .transport = mansession_get_transport(s),
2524                 },
2525                 .common.session_id = session_id,
2526         };
2527
2528         snprintf(session_id, sizeof(session_id), "%p", s->session);
2529
2530         ast_security_event_report(AST_SEC_EVT(&failed_acl_event));
2531 }
2532
2533 static void report_inval_password(const struct mansession *s, const char *username)
2534 {
2535         char session_id[32];
2536         struct ast_security_event_inval_password inval_password = {
2537                 .common.event_type = AST_SECURITY_EVENT_INVAL_PASSWORD,
2538                 .common.version    = AST_SECURITY_EVENT_INVAL_PASSWORD_VERSION,
2539                 .common.service    = "AMI",
2540                 .common.account_id = username,
2541                 .common.session_tv = &s->session->sessionstart_tv,
2542                 .common.local_addr = {
2543                         .addr      = &s->tcptls_session->parent->local_address,
2544                         .transport = mansession_get_transport(s),
2545                 },
2546                 .common.remote_addr = {
2547                         .addr      = &s->session->addr,
2548                         .transport = mansession_get_transport(s),
2549                 },
2550                 .common.session_id = session_id,
2551         };
2552
2553         snprintf(session_id, sizeof(session_id), "%p", s->session);
2554
2555         ast_security_event_report(AST_SEC_EVT(&inval_password));
2556 }
2557
2558 static void report_auth_success(const struct mansession *s)
2559 {
2560         char session_id[32];
2561         struct ast_security_event_successful_auth successful_auth = {
2562                 .common.event_type = AST_SECURITY_EVENT_SUCCESSFUL_AUTH,
2563                 .common.version    = AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION,
2564                 .common.service    = "AMI",
2565                 .common.account_id = s->session->username,
2566                 .common.session_tv = &s->session->sessionstart_tv,
2567                 .common.local_addr = {
2568                         .addr      = &s->tcptls_session->parent->local_address,
2569                         .transport = mansession_get_transport(s),
2570                 },
2571                 .common.remote_addr = {
2572                         .addr      = &s->session->addr,
2573                         .transport = mansession_get_transport(s),
2574                 },
2575                 .common.session_id = session_id,
2576         };
2577
2578         snprintf(session_id, sizeof(session_id), "%p", s->session);
2579
2580         ast_security_event_report(AST_SEC_EVT(&successful_auth));
2581 }
2582
2583 static void report_req_not_allowed(const struct mansession *s, const char *action)
2584 {
2585         char session_id[32];
2586         char request_type[64];
2587         struct ast_security_event_req_not_allowed req_not_allowed = {
2588                 .common.event_type = AST_SECURITY_EVENT_REQ_NOT_ALLOWED,
2589                 .common.version    = AST_SECURITY_EVENT_REQ_NOT_ALLOWED_VERSION,
2590                 .common.service    = "AMI",
2591                 .common.account_id = s->session->username,
2592                 .common.session_tv = &s->session->sessionstart_tv,
2593                 .common.local_addr = {
2594                         .addr      = &s->tcptls_session->parent->local_address,
2595                         .transport = mansession_get_transport(s),
2596                 },
2597                 .common.remote_addr = {
2598                         .addr      = &s->session->addr,
2599                         .transport = mansession_get_transport(s),
2600                 },
2601                 .common.session_id = session_id,
2602
2603                 .request_type      = request_type,
2604         };
2605
2606         snprintf(session_id, sizeof(session_id), "%p", s->session);
2607         snprintf(request_type, sizeof(request_type), "Action: %s", action);
2608
2609         ast_security_event_report(AST_SEC_EVT(&req_not_allowed));
2610 }
2611
2612 static void report_req_bad_format(const struct mansession *s, const char *action)
2613 {
2614         char session_id[32];
2615         char request_type[64];
2616         struct ast_security_event_req_bad_format req_bad_format = {
2617                 .common.event_type = AST_SECURITY_EVENT_REQ_BAD_FORMAT,
2618                 .common.version    = AST_SECURITY_EVENT_REQ_BAD_FORMAT_VERSION,
2619                 .common.service    = "AMI",
2620                 .common.account_id = s->session->username,
2621                 .common.session_tv = &s->session->sessionstart_tv,
2622                 .common.local_addr = {
2623                         .addr      = &s->tcptls_session->parent->local_address,
2624                         .transport = mansession_get_transport(s),
2625                 },
2626                 .common.remote_addr = {
2627                         .addr      = &s->session->addr,
2628                         .transport = mansession_get_transport(s),
2629                 },
2630                 .common.session_id = session_id,
2631
2632                 .request_type      = request_type,
2633         };
2634
2635         snprintf(session_id, sizeof(session_id), "%p", s->session);
2636         snprintf(request_type, sizeof(request_type), "Action: %s", action);
2637
2638         ast_security_event_report(AST_SEC_EVT(&req_bad_format));
2639 }
2640
2641 static void report_failed_challenge_response(const struct mansession *s,
2642                 const char *response, const char *expected_response)
2643 {
2644         char session_id[32];
2645         struct ast_security_event_chal_resp_failed chal_resp_failed = {
2646                 .common.event_type = AST_SECURITY_EVENT_CHAL_RESP_FAILED,
2647                 .common.version    = AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION,
2648                 .common.service    = "AMI",
2649                 .common.account_id = s->session->username,
2650                 .common.session_tv = &s->session->sessionstart_tv,
2651                 .common.local_addr = {
2652                         .addr      = &s->tcptls_session->parent->local_address,
2653                         .transport = mansession_get_transport(s),
2654                 },
2655                 .common.remote_addr = {
2656                         .addr      = &s->session->addr,
2657                         .transport = mansession_get_transport(s),
2658                 },
2659                 .common.session_id = session_id,
2660
2661                 .challenge         = s->session->challenge,
2662                 .response          = response,
2663                 .expected_response = expected_response,
2664         };
2665
2666         snprintf(session_id, sizeof(session_id), "%p", s->session);
2667
2668         ast_security_event_report(AST_SEC_EVT(&chal_resp_failed));
2669 }
2670
2671 static void report_session_limit(const struct mansession *s)
2672 {
2673         char session_id[32];
2674         struct ast_security_event_session_limit session_limit = {
2675                 .common.event_type = AST_SECURITY_EVENT_SESSION_LIMIT,
2676                 .common.version    = AST_SECURITY_EVENT_SESSION_LIMIT_VERSION,
2677                 .common.service    = "AMI",
2678                 .common.account_id = s->session->username,
2679                 .common.session_tv = &s->session->sessionstart_tv,
2680                 .common.local_addr = {
2681                         .addr      = &s->tcptls_session->parent->local_address,
2682                         .transport = mansession_get_transport(s),
2683                 },
2684                 .common.remote_addr = {
2685                         .addr      = &s->session->addr,
2686                         .transport = mansession_get_transport(s),
2687                 },
2688                 .common.session_id = session_id,
2689         };
2690
2691         snprintf(session_id, sizeof(session_id), "%p", s->session);
2692
2693         ast_security_event_report(AST_SEC_EVT(&session_limit));
2694 }
2695
2696 /*
2697  * Here we start with action_ handlers for AMI actions,
2698  * and the internal functions used by them.
2699  * Generally, the handlers are called action_foo()
2700  */
2701
2702 /* helper function for action_login() */
2703 static int authenticate(struct mansession *s, const struct message *m)
2704 {
2705         const char *username = astman_get_header(m, "Username");
2706         const char *password = astman_get_header(m, "Secret");
2707         int error = -1;
2708         struct ast_manager_user *user = NULL;
2709         regex_t *regex_filter;
2710         struct ao2_iterator filter_iter;
2711
2712         if (ast_strlen_zero(username)) {        /* missing username */
2713                 return -1;
2714         }
2715
2716         /* locate user in locked state */
2717         AST_RWLIST_WRLOCK(&users);
2718
2719         if (!(user = get_manager_by_name_locked(username))) {
2720                 report_invalid_user(s, username);
2721                 ast_log(LOG_NOTICE, "%s tried to authenticate with nonexistent user '%s'\n", ast_sockaddr_stringify_addr(&s->session->addr), username);
2722         } else if (user->acl && (ast_apply_acl(user->acl, &s->session->addr, "Manager User ACL: ") == AST_SENSE_DENY)) {
2723                 report_failed_acl(s, username);
2724                 ast_log(LOG_NOTICE, "%s failed to pass IP ACL as '%s'\n", ast_sockaddr_stringify_addr(&s->session->addr), username);
2725         } else if (!strcasecmp(astman_get_header(m, "AuthType"), "MD5")) {
2726                 const char *key = astman_get_header(m, "Key");
2727                 if (!ast_strlen_zero(key) && !ast_strlen_zero(s->session->challenge) && user->secret) {
2728                         int x;
2729                         int len = 0;
2730                         char md5key[256] = "";
2731                         struct MD5Context md5;
2732                         unsigned char digest[16];
2733
2734                         MD5Init(&md5);
2735                         MD5Update(&md5, (unsigned char *) s->session->challenge, strlen(s->session->challenge));
2736                         MD5Update(&md5, (unsigned char *) user->secret, strlen(user->secret));
2737                         MD5Final(digest, &md5);
2738                         for (x = 0; x < 16; x++)
2739                                 len += sprintf(md5key + len, "%2.2x", digest[x]);
2740                         if (!strcmp(md5key, key)) {
2741                                 error = 0;
2742                         } else {
2743                                 report_failed_challenge_response(s, key, md5key);
2744                         }
2745                 } else {
2746                         ast_debug(1, "MD5 authentication is not possible.  challenge: '%s'\n",
2747                                 S_OR(s->session->challenge, ""));
2748                 }
2749         } else if (user->secret) {
2750                 if (!strcmp(password, user->secret)) {
2751                         error = 0;
2752                 } else {
2753                         report_inval_password(s, username);
2754                 }
2755         }
2756
2757         if (error) {
2758                 ast_log(LOG_NOTICE, "%s failed to authenticate as '%s'\n", ast_sockaddr_stringify_addr(&s->session->addr), username);
2759                 AST_RWLIST_UNLOCK(&users);
2760                 return -1;
2761         }
2762
2763         /* auth complete */
2764
2765         /* All of the user parameters are copied to the session so that in the event
2766         * of a reload and a configuration change, the session parameters are not
2767         * changed. */
2768         ast_copy_string(s->session->username, username, sizeof(s->session->username));
2769         s->session->readperm = user->readperm;
2770         s->session->writeperm = user->writeperm;
2771         s->session->writetimeout = user->writetimeout;
2772         if (user->chanvars) {
2773                 s->session->chanvars = ast_variables_dup(user->chanvars);
2774         }
2775
2776         filter_iter = ao2_iterator_init(user->whitefilters, 0);
2777         while ((regex_filter = ao2_iterator_next(&filter_iter))) {
2778                 ao2_t_link(s->session->whitefilters, regex_filter, "add white user filter to session");
2779                 ao2_t_ref(regex_filter, -1, "remove iterator ref");
2780         }
2781         ao2_iterator_destroy(&filter_iter);
2782
2783         filter_iter = ao2_iterator_init(user->blackfilters, 0);
2784         while ((regex_filter = ao2_iterator_next(&filter_iter))) {
2785                 ao2_t_link(s->session->blackfilters, regex_filter, "add black user filter to session");
2786                 ao2_t_ref(regex_filter, -1, "remove iterator ref");
2787         }
2788         ao2_iterator_destroy(&filter_iter);
2789
2790         s->session->sessionstart = time(NULL);
2791         s->session->sessionstart_tv = ast_tvnow();
2792         set_eventmask(s, astman_get_header(m, "Events"));
2793
2794         report_auth_success(s);
2795
2796         AST_RWLIST_UNLOCK(&users);
2797         return 0;
2798 }
2799
2800 static int action_ping(struct mansession *s, const struct message *m)
2801 {
2802         const char *actionid = astman_get_header(m, "ActionID");
2803         struct timeval now = ast_tvnow();
2804
2805         astman_append(s, "Response: Success\r\n");
2806         if (!ast_strlen_zero(actionid)){
2807                 astman_append(s, "ActionID: %s\r\n", actionid);
2808         }
2809         astman_append(
2810                 s,
2811                 "Ping: Pong\r\n"
2812                 "Timestamp: %ld.%06lu\r\n"
2813                 "\r\n",
2814                 (long) now.tv_sec, (unsigned long) now.tv_usec);
2815         return 0;
2816 }
2817
2818 static int action_getconfig(struct mansession *s, const struct message *m)
2819 {
2820         struct ast_config *cfg;
2821         const char *fn = astman_get_header(m, "Filename");
2822         const char *category = astman_get_header(m, "Category");
2823         int catcount = 0;
2824         int lineno = 0;
2825         char *cur_category = NULL;
2826         struct ast_variable *v;
2827         struct ast_flags config_flags = { CONFIG_FLAG_WITHCOMMENTS | CONFIG_FLAG_NOCACHE };
2828
2829         if (ast_strlen_zero(fn)) {
2830                 astman_send_error(s, m, "Filename not specified");
2831                 return 0;
2832         }
2833         cfg = ast_config_load2(fn, "manager", config_flags);
2834         if (cfg == CONFIG_STATUS_FILEMISSING) {
2835                 astman_send_error(s, m, "Config file not found");
2836                 return 0;
2837         } else if (cfg == CONFIG_STATUS_FILEINVALID) {
2838                 astman_send_error(s, m, "Config file has invalid format");
2839                 return 0;
2840         }
2841
2842         astman_start_ack(s, m);
2843         while ((cur_category = ast_category_browse(cfg, cur_category))) {
2844                 if (ast_strlen_zero(category) || (!ast_strlen_zero(category) && !strcmp(category, cur_category))) {
2845                         lineno = 0;
2846                         astman_append(s, "Category-%06d: %s\r\n", catcount, cur_category);
2847                         for (v = ast_variable_browse(cfg, cur_category); v; v = v->next) {
2848                                 astman_append(s, "Line-%06d-%06d: %s=%s\r\n", catcount, lineno++, v->name, v->value);
2849                         }
2850                         catcount++;
2851                 }
2852         }
2853         if (!ast_strlen_zero(category) && catcount == 0) { /* TODO: actually, a config with no categories doesn't even get loaded */
2854                 astman_append(s, "No categories found\r\n");
2855         }
2856         ast_config_destroy(cfg);
2857         astman_append(s, "\r\n");
2858
2859         return 0;
2860 }
2861
2862 static int action_listcategories(struct mansession *s, const struct message *m)
2863 {
2864         struct ast_config *cfg;
2865         const char *fn = astman_get_header(m, "Filename");
2866         char *category = NULL;
2867         struct ast_flags config_flags = { CONFIG_FLAG_WITHCOMMENTS | CONFIG_FLAG_NOCACHE };
2868         int catcount = 0;
2869
2870         if (ast_strlen_zero(fn)) {
2871                 astman_send_error(s, m, "Filename not specified");
2872                 return 0;
2873         }
2874         if (!(cfg = ast_config_load2(fn, "manager", config_flags))) {
2875                 astman_send_error(s, m, "Config file not found");
2876                 return 0;
2877         } else if (cfg == CONFIG_STATUS_FILEINVALID) {
2878                 astman_send_error(s, m, "Config file has invalid format");
2879                 return 0;
2880         }
2881         astman_start_ack(s, m);
2882         while ((category = ast_category_browse(cfg, category))) {
2883                 astman_append(s, "Category-%06d: %s\r\n", catcount, category);
2884                 catcount++;
2885         }
2886         if (catcount == 0) { /* TODO: actually, a config with no categories doesn't even get loaded */
2887                 astman_append(s, "Error: no categories found\r\n");
2888         }
2889         ast_config_destroy(cfg);
2890         astman_append(s, "\r\n");
2891
2892         return 0;
2893 }
2894
2895
2896
2897
2898 /*! The amount of space in out must be at least ( 2 * strlen(in) + 1 ) */
2899 static void json_escape(char *out, const char *in)
2900 {
2901         for (; *in; in++) {
2902                 if (*in == '\\' || *in == '\"') {
2903                         *out++ = '\\';
2904                 }
2905                 *out++ = *in;
2906         }
2907         *out = '\0';
2908 }
2909
2910 /*!
2911  * \internal
2912  * \brief Append a JSON escaped string to the manager stream.
2913  *
2914  * \param s AMI stream to append a string.
2915  * \param str String to append to the stream after JSON escaping it.
2916  *
2917  * \return Nothing
2918  */
2919 static void astman_append_json(struct mansession *s, const char *str)
2920 {
2921         char *buf;
2922
2923         buf = ast_alloca(2 * strlen(str) + 1);
2924         json_escape(buf, str);
2925         astman_append(s, "%s", buf);
2926 }
2927
2928 static int action_getconfigjson(struct mansession *s, const struct message *m)
2929 {
2930         struct ast_config *cfg;
2931         const char *fn = astman_get_header(m, "Filename");
2932         char *category = NULL;
2933         struct ast_variable *v;
2934         int comma1 = 0;
2935         struct ast_flags config_flags = { CONFIG_FLAG_WITHCOMMENTS | CONFIG_FLAG_NOCACHE };
2936
2937         if (ast_strlen_zero(fn)) {
2938                 astman_send_error(s, m, "Filename not specified");
2939                 return 0;
2940         }
2941
2942         if (!(cfg = ast_config_load2(fn, "manager", config_flags))) {
2943                 astman_send_error(s, m, "Config file not found");
2944                 return 0;
2945         } else if (cfg == CONFIG_STATUS_FILEINVALID) {
2946                 astman_send_error(s, m, "Config file has invalid format");
2947                 return 0;
2948         }
2949
2950         astman_start_ack(s, m);
2951         astman_append(s, "JSON: {");
2952         while ((category = ast_category_browse(cfg, category))) {
2953                 int comma2 = 0;
2954
2955                 astman_append(s, "%s\"", comma1 ? "," : "");
2956                 astman_append_json(s, category);
2957                 astman_append(s, "\":[");
2958                 comma1 = 1;
2959                 for (v = ast_variable_browse(cfg, category); v; v = v->next) {
2960                         astman_append(s, "%s\"", comma2 ? "," : "");
2961                         astman_append_json(s, v->name);
2962                         astman_append(s, "\":\"");
2963                         astman_append_json(s, v->value);
2964                         astman_append(s, "\"");
2965                         comma2 = 1;
2966                 }
2967                 astman_append(s, "]");
2968         }
2969         astman_append(s, "}\r\n\r\n");
2970
2971         ast_config_destroy(cfg);
2972
2973         return 0;
2974 }
2975
2976 /*! \brief helper function for action_updateconfig */
2977 static enum error_type handle_updates(struct mansession *s, const struct message *m, struct ast_config *cfg, const char *dfn)
2978 {
2979         int x;
2980         char hdr[40];
2981         const char *action, *cat, *var, *value, *match, *line;
2982         struct ast_category *category;
2983         struct ast_variable *v;
2984         struct ast_str *str1 = ast_str_create(16), *str2 = ast_str_create(16);
2985         enum error_type result = 0;
2986
2987         for (x = 0; x < 100000; x++) {  /* 100000 = the max number of allowed updates + 1 */
2988                 unsigned int object = 0;
2989
2990                 snprintf(hdr, sizeof(hdr), "Action-%06d", x);
2991                 action = astman_get_header(m, hdr);
2992                 if (ast_strlen_zero(action))            /* breaks the for loop if no action header */
2993                         break;                          /* this could cause problems if actions come in misnumbered */
2994
2995                 snprintf(hdr, sizeof(hdr), "Cat-%06d", x);
2996                 cat = astman_get_header(m, hdr);
2997                 if (ast_strlen_zero(cat)) {             /* every action needs a category */
2998                         result =  UNSPECIFIED_CATEGORY;
2999                         break;
3000                 }
3001
3002                 snprintf(hdr, sizeof(hdr), "Var-%06d", x);
3003                 var = astman_get_header(m, hdr);
3004
3005                 snprintf(hdr, sizeof(hdr), "Value-%06d", x);
3006                 value = astman_get_header(m, hdr);
3007
3008                 if (!ast_strlen_zero(value) && *value == '>') {
3009                         object = 1;
3010                         value++;
3011                 }
3012
3013                 snprintf(hdr, sizeof(hdr), "Match-%06d", x);
3014                 match = astman_get_header(m, hdr);
3015
3016                 snprintf(hdr, sizeof(hdr), "Line-%06d", x);
3017                 line = astman_get_header(m, hdr);
3018
3019                 if (!strcasecmp(action, "newcat")) {
3020                         if (ast_category_get(cfg,cat)) {        /* check to make sure the cat doesn't */
3021                                 result = FAILURE_NEWCAT;        /* already exist */
3022                                 break;
3023                         }
3024                         if (!(category = ast_category_new(cat, dfn, -1))) {
3025                                 result = FAILURE_ALLOCATION;
3026                                 break;
3027                         }
3028                         if (ast_strlen_zero(match)) {
3029                                 ast_category_append(cfg, category);
3030                         } else {
3031                                 ast_category_insert(cfg, category, match);
3032                         }
3033                 } else if (!strcasecmp(action, "renamecat")) {
3034                         if (ast_strlen_zero(value)) {
3035                                 result = UNSPECIFIED_ARGUMENT;
3036                                 break;
3037                         }
3038                         if (!(category = ast_category_get(cfg, cat))) {
3039                                 result = UNKNOWN_CATEGORY;
3040                                 break;
3041                         }
3042                         ast_category_rename(category, value);
3043                 } else if (!strcasecmp(action, "delcat")) {
3044                         if (ast_category_delete(cfg, cat)) {
3045                                 result = FAILURE_DELCAT;
3046                                 break;
3047                         }
3048                 } else if (!strcasecmp(action, "emptycat")) {
3049                         if (ast_category_empty(cfg, cat)) {
3050                                 result = FAILURE_EMPTYCAT;
3051                       &n