PJSIP: Prevent crash on blind transfer
[asterisk/asterisk.git] / res / res_pjsip_refer.c
1 /*
2  * Asterisk -- An open source telephony toolkit.
3  *
4  * Copyright (C) 2013, Digium, Inc.
5  *
6  * Joshua Colp <jcolp@digium.com>
7  *
8  * See http://www.asterisk.org for more information about
9  * the Asterisk project. Please do not directly contact
10  * any of the maintainers of this project for assistance;
11  * the project provides a web site, mailing lists and IRC
12  * channels for your use.
13  *
14  * This program is free software, distributed under the terms of
15  * the GNU General Public License Version 2. See the LICENSE file
16  * at the top of the source tree.
17  */
18
19 /*** MODULEINFO
20         <depend>pjproject</depend>
21         <depend>res_pjsip</depend>
22         <depend>res_pjsip_session</depend>
23         <depend>res_pjsip_pubsub</depend>
24         <support_level>core</support_level>
25  ***/
26
27 #include "asterisk.h"
28
29 #include <pjsip.h>
30 #include <pjsip_ua.h>
31
32 #include "asterisk/res_pjsip.h"
33 #include "asterisk/res_pjsip_session.h"
34 #include "asterisk/module.h"
35 #include "asterisk/pbx.h"
36 #include "asterisk/taskprocessor.h"
37 #include "asterisk/bridge.h"
38 #include "asterisk/framehook.h"
39 #include "asterisk/stasis_bridges.h"
40 #include "asterisk/stasis_channels.h"
41
42 /*! \brief REFER Progress structure */
43 struct refer_progress {
44         /*! \brief Subscription to provide updates on */
45         pjsip_evsub *sub;
46         /*! \brief Dialog for subscription */
47         pjsip_dialog *dlg;
48         /*! \brief Received packet, used to construct final response in case no subscription exists */
49         pjsip_rx_data *rdata;
50         /*! \brief Frame hook for monitoring REFER progress */
51         int framehook;
52         /*! \brief Last received subclass in frame hook */
53         int subclass;
54         /*! \brief Serializer for notifications */
55         struct ast_taskprocessor *serializer;
56         /*! \brief Stasis subscription for bridge events */
57         struct stasis_subscription *bridge_sub;
58         /*! \brief Reference to transfer_channel_data related to the refer */
59         struct transfer_channel_data *transfer_data;
60         /*! \brief Uniqueid of transferee channel */
61         char *transferee;
62 };
63
64 /*! \brief REFER Progress notification structure */
65 struct refer_progress_notification {
66         /*! \brief Refer progress structure to send notification on */
67         struct refer_progress *progress;
68         /*! \brief SIP response code to send */
69         int response;
70         /*! \brief Subscription state */
71         pjsip_evsub_state state;
72 };
73
74 /*! \brief REFER Progress module, used to attach REFER progress structure to subscriptions */
75 static pjsip_module refer_progress_module = {
76         .name = { "REFER Progress", 14 },
77         .id = -1,
78 };
79
80 /*! \brief Destructor for REFER Progress notification structure */
81 static void refer_progress_notification_destroy(void *obj)
82 {
83         struct refer_progress_notification *notification = obj;
84
85         ao2_cleanup(notification->progress);
86 }
87
88 /*! \brief Allocator for REFER Progress notification structure */
89 static struct refer_progress_notification *refer_progress_notification_alloc(struct refer_progress *progress, int response,
90         pjsip_evsub_state state)
91 {
92         struct refer_progress_notification *notification = ao2_alloc(sizeof(*notification), refer_progress_notification_destroy);
93
94         if (!notification) {
95                 return NULL;
96         }
97
98         ao2_ref(progress, +1);
99         notification->progress = progress;
100         notification->response = response;
101         notification->state = state;
102
103         return notification;
104 }
105
106 /*! \brief Serialized callback for subscription notification */
107 static int refer_progress_notify(void *data)
108 {
109         RAII_VAR(struct refer_progress_notification *, notification, data, ao2_cleanup);
110         pjsip_evsub *sub;
111         pjsip_tx_data *tdata;
112
113         /* If the subscription has already been terminated we can't send a notification */
114         if (!(sub = notification->progress->sub)) {
115                 ast_debug(3, "Not sending NOTIFY of response '%d' and state '%u' on progress monitor '%p' as subscription has been terminated\n",
116                         notification->response, notification->state, notification->progress);
117                 return 0;
118         }
119
120         /* If the subscription is being terminated we want to actually remove the progress structure here to
121          * stop a deadlock from occurring - basically terminated changes the state which queues a synchronous task
122          * but we are already running a task... thus it would deadlock */
123         if (notification->state == PJSIP_EVSUB_STATE_TERMINATED) {
124                 ast_debug(3, "Subscription '%p' is being terminated as a result of a NOTIFY, removing REFER progress structure early on progress monitor '%p'\n",
125                         notification->progress->sub, notification->progress);
126                 pjsip_dlg_inc_lock(notification->progress->dlg);
127                 pjsip_evsub_set_mod_data(notification->progress->sub, refer_progress_module.id, NULL);
128                 pjsip_dlg_dec_lock(notification->progress->dlg);
129
130                 /* This is for dropping the reference on the subscription */
131                 ao2_cleanup(notification->progress);
132
133                 notification->progress->sub = NULL;
134         }
135
136         ast_debug(3, "Sending NOTIFY with response '%d' and state '%u' on subscription '%p' and progress monitor '%p'\n",
137                 notification->response, notification->state, sub, notification->progress);
138
139         /* Actually send the notification */
140         if (pjsip_xfer_notify(sub, notification->state, notification->response, NULL, &tdata) == PJ_SUCCESS) {
141                 pjsip_xfer_send_request(sub, tdata);
142         }
143
144         return 0;
145 }
146
147 static void refer_progress_bridge(void *data, struct stasis_subscription *sub,
148                 struct stasis_message *message)
149 {
150         struct refer_progress *progress = data;
151         struct ast_bridge_blob *enter_blob;
152         struct refer_progress_notification *notification;
153
154         if (stasis_subscription_final_message(sub, message)) {
155                 ao2_ref(progress, -1);
156                 return;
157         }
158
159         if (ast_channel_entered_bridge_type() != stasis_message_type(message)) {
160                 /* Don't care */
161                 return;
162         }
163
164         enter_blob = stasis_message_data(message);
165         if (strcmp(enter_blob->channel->uniqueid, progress->transferee)) {
166                 /* Don't care */
167                 return;
168         }
169
170         if (!progress->transfer_data->completed) {
171                 /* We can't act on this message because the transfer_channel_data doesn't show that
172                  * the transfer is ready to progress */
173                 return;
174         }
175
176         /* OMG the transferee is joining a bridge. His call got answered! */
177         notification = refer_progress_notification_alloc(progress, 200, PJSIP_EVSUB_STATE_TERMINATED);
178         if (notification) {
179                 if (ast_sip_push_task(progress->serializer, refer_progress_notify, notification)) {
180                         ao2_cleanup(notification);
181                 }
182                 progress->bridge_sub = stasis_unsubscribe(progress->bridge_sub);
183         }
184 }
185
186 /*! \brief Progress monitoring frame hook - examines frames to determine state of transfer */
187 static struct ast_frame *refer_progress_framehook(struct ast_channel *chan, struct ast_frame *f, enum ast_framehook_event event, void *data)
188 {
189         struct refer_progress *progress = data;
190         struct refer_progress_notification *notification = NULL;
191
192         /* We only care about frames *to* the channel */
193         if (!f || (event != AST_FRAMEHOOK_EVENT_WRITE)) {
194                 return f;
195         }
196
197         /* If the completed flag hasn't been raised, skip this pass. */
198         if (!progress->transfer_data->completed) {
199                 return f;
200         }
201
202         /* Determine the state of the REFER based on the control frames (or voice frames) passing */
203         if (f->frametype == AST_FRAME_VOICE && !progress->subclass) {
204                 /* Media is passing without progress, this means the call has been answered */
205                 notification = refer_progress_notification_alloc(progress, 200, PJSIP_EVSUB_STATE_TERMINATED);
206         } else if (f->frametype == AST_FRAME_CONTROL) {
207                 /* Based on the control frame being written we can send a NOTIFY advising of the progress */
208                 if ((f->subclass.integer == AST_CONTROL_RING) || (f->subclass.integer == AST_CONTROL_RINGING)) {
209                         progress->subclass = f->subclass.integer;
210                         notification = refer_progress_notification_alloc(progress, 180, PJSIP_EVSUB_STATE_ACTIVE);
211                 } else if (f->subclass.integer == AST_CONTROL_BUSY) {
212                         progress->subclass = f->subclass.integer;
213                         notification = refer_progress_notification_alloc(progress, 486, PJSIP_EVSUB_STATE_TERMINATED);
214                 } else if (f->subclass.integer == AST_CONTROL_CONGESTION) {
215                         progress->subclass = f->subclass.integer;
216                         notification = refer_progress_notification_alloc(progress, 503, PJSIP_EVSUB_STATE_TERMINATED);
217                 } else if (f->subclass.integer == AST_CONTROL_PROGRESS) {
218                         progress->subclass = f->subclass.integer;
219                         notification = refer_progress_notification_alloc(progress, 183, PJSIP_EVSUB_STATE_ACTIVE);
220                 } else if (f->subclass.integer == AST_CONTROL_PROCEEDING) {
221                         progress->subclass = f->subclass.integer;
222                         notification = refer_progress_notification_alloc(progress, 100, PJSIP_EVSUB_STATE_ACTIVE);
223                 } else if (f->subclass.integer == AST_CONTROL_ANSWER) {
224                         progress->subclass = f->subclass.integer;
225                         notification = refer_progress_notification_alloc(progress, 200, PJSIP_EVSUB_STATE_TERMINATED);
226                 }
227         }
228
229         /* If a notification is due to be sent push it to the thread pool */
230         if (notification) {
231                 if (ast_sip_push_task(progress->serializer, refer_progress_notify, notification)) {
232                         ao2_cleanup(notification);
233                 }
234
235                 /* If the subscription is being terminated we don't need the frame hook any longer */
236                 if (notification->state == PJSIP_EVSUB_STATE_TERMINATED) {
237                         ast_debug(3, "Detaching REFER progress monitoring hook from '%s' as subscription is being terminated\n",
238                                 ast_channel_name(chan));
239                         ast_framehook_detach(chan, progress->framehook);
240                 }
241         }
242
243         return f;
244 }
245
246 /*! \brief Destroy callback for monitoring framehook */
247 static void refer_progress_framehook_destroy(void *data)
248 {
249         struct refer_progress *progress = data;
250         struct refer_progress_notification *notification = refer_progress_notification_alloc(progress, 503, PJSIP_EVSUB_STATE_TERMINATED);
251
252         if (notification && ast_sip_push_task(progress->serializer, refer_progress_notify, notification)) {
253                 ao2_cleanup(notification);
254         }
255
256         if (progress->bridge_sub) {
257                 progress->bridge_sub = stasis_unsubscribe(progress->bridge_sub);
258         }
259
260         ao2_cleanup(progress);
261 }
262
263 /*! \brief Serialized callback for subscription termination */
264 static int refer_progress_terminate(void *data)
265 {
266         struct refer_progress *progress = data;
267
268         /* The subscription is no longer valid */
269         progress->sub = NULL;
270
271         return 0;
272 }
273
274 /*! \brief Callback for REFER subscription state changes */
275 static void refer_progress_on_evsub_state(pjsip_evsub *sub, pjsip_event *event)
276 {
277         struct refer_progress *progress = pjsip_evsub_get_mod_data(sub, refer_progress_module.id);
278
279         /* If being destroyed queue it up to the serializer */
280         if (progress && (pjsip_evsub_get_state(sub) == PJSIP_EVSUB_STATE_TERMINATED)) {
281                 /* To prevent a deadlock race condition we unlock the dialog so other serialized tasks can execute */
282                 ast_debug(3, "Subscription '%p' has been remotely terminated, waiting for other tasks to complete on progress monitor '%p'\n",
283                         sub, progress);
284
285                 /* It's possible that a task is waiting to remove us already, so bump the refcount of progress so it doesn't get destroyed */
286                 ao2_ref(progress, +1);
287                 pjsip_dlg_dec_lock(progress->dlg);
288                 ast_sip_push_task_synchronous(progress->serializer, refer_progress_terminate, progress);
289                 pjsip_dlg_inc_lock(progress->dlg);
290                 ao2_ref(progress, -1);
291
292                 ast_debug(3, "Subscription '%p' removed from progress monitor '%p'\n", sub, progress);
293
294                 /* Since it was unlocked it is possible for this to have been removed already, so check again */
295                 if (pjsip_evsub_get_mod_data(sub, refer_progress_module.id)) {
296                         pjsip_evsub_set_mod_data(sub, refer_progress_module.id, NULL);
297                         ao2_cleanup(progress);
298                 }
299         }
300 }
301
302 /*! \brief Callback structure for subscription */
303 static pjsip_evsub_user refer_progress_evsub_cb = {
304         .on_evsub_state = refer_progress_on_evsub_state,
305 };
306
307 /*! \brief Destructor for REFER progress sutrcture */
308 static void refer_progress_destroy(void *obj)
309 {
310         struct refer_progress *progress = obj;
311
312         if (progress->bridge_sub) {
313                 progress->bridge_sub = stasis_unsubscribe(progress->bridge_sub);
314         }
315
316         ao2_cleanup(progress->transfer_data);
317
318         ast_free(progress->transferee);
319         ast_taskprocessor_unreference(progress->serializer);
320 }
321
322 /*! \brief Internal helper function which sets up a refer progress structure if needed */
323 static int refer_progress_alloc(struct ast_sip_session *session, pjsip_rx_data *rdata, struct refer_progress **progress)
324 {
325         const pj_str_t str_refer_sub = { "Refer-Sub", 9 };
326         pjsip_generic_string_hdr *refer_sub = NULL;
327         const pj_str_t str_true = { "true", 4 };
328         pjsip_tx_data *tdata;
329         pjsip_hdr hdr_list;
330
331         *progress = NULL;
332
333         /* Grab the optional Refer-Sub header, it can be used to suppress the implicit subscription */
334         refer_sub = pjsip_msg_find_hdr_by_name(rdata->msg_info.msg, &str_refer_sub, NULL);
335         if ((refer_sub && pj_strnicmp(&refer_sub->hvalue, &str_true, 4))) {
336                 return 0;
337         }
338
339         if (!(*progress = ao2_alloc(sizeof(struct refer_progress), refer_progress_destroy))) {
340                 return -1;
341         }
342
343         ast_debug(3, "Created progress monitor '%p' for transfer occurring from channel '%s' and endpoint '%s'\n",
344                 progress, ast_channel_name(session->channel), ast_sorcery_object_get_id(session->endpoint));
345
346         (*progress)->framehook = -1;
347
348         /* To prevent a potential deadlock we need the dialog so we can lock/unlock */
349         (*progress)->dlg = session->inv_session->dlg;
350
351         if (!((*progress)->serializer = ast_sip_create_serializer())) {
352                 goto error;
353         }
354
355         /* Create the implicit subscription for monitoring of this transfer */
356         if (pjsip_xfer_create_uas(session->inv_session->dlg, &refer_progress_evsub_cb, rdata, &(*progress)->sub) != PJ_SUCCESS) {
357                 goto error;
358         }
359
360         /* Associate the REFER progress structure with the subscription */
361         ao2_ref(*progress, +1);
362         pjsip_evsub_set_mod_data((*progress)->sub, refer_progress_module.id, *progress);
363
364         pj_list_init(&hdr_list);
365         if (refer_sub) {
366                 pjsip_hdr *hdr = (pjsip_hdr*)pjsip_generic_string_hdr_create(session->inv_session->dlg->pool, &str_refer_sub, &str_true);
367
368                 pj_list_push_back(&hdr_list, hdr);
369         }
370
371         /* Accept the REFER request */
372         ast_debug(3, "Accepting REFER request for progress monitor '%p'\n", *progress);
373         pjsip_xfer_accept((*progress)->sub, rdata, 202, &hdr_list);
374
375         /* Send initial NOTIFY Request */
376         ast_debug(3, "Sending initial 100 Trying NOTIFY for progress monitor '%p'\n", *progress);
377         if (pjsip_xfer_notify((*progress)->sub, PJSIP_EVSUB_STATE_ACTIVE, 100, NULL, &tdata) == PJ_SUCCESS) {
378                 pjsip_xfer_send_request((*progress)->sub, tdata);
379         }
380
381         return 0;
382
383 error:
384         ao2_cleanup(*progress);
385         *progress = NULL;
386         return -1;
387 }
388
389 /*! \brief Structure for attended transfer task */
390 struct refer_attended {
391         /*! \brief Transferer session */
392         struct ast_sip_session *transferer;
393         /*! \brief Transferer channel */
394         struct ast_channel *transferer_chan;
395         /*! \brief Second transferer session */
396         struct ast_sip_session *transferer_second       ;
397         /*! \brief Optional refer progress structure */
398         struct refer_progress *progress;
399 };
400
401 /*! \brief Destructor for attended transfer task */
402 static void refer_attended_destroy(void *obj)
403 {
404         struct refer_attended *attended = obj;
405
406         ao2_cleanup(attended->transferer);
407         ast_channel_unref(attended->transferer_chan);
408         ao2_cleanup(attended->transferer_second);
409 }
410
411 /*! \brief Allocator for attended transfer task */
412 static struct refer_attended *refer_attended_alloc(struct ast_sip_session *transferer, struct ast_sip_session *transferer_second,
413         struct refer_progress *progress)
414 {
415         struct refer_attended *attended = ao2_alloc(sizeof(*attended), refer_attended_destroy);
416
417         if (!attended) {
418                 return NULL;
419         }
420
421         ao2_ref(transferer, +1);
422         attended->transferer = transferer;
423         ast_channel_ref(transferer->channel);
424         attended->transferer_chan = transferer->channel;
425         ao2_ref(transferer_second, +1);
426         attended->transferer_second = transferer_second;
427
428         if (progress) {
429                 ao2_ref(progress, +1);
430                 attended->progress = progress;
431         }
432
433         return attended;
434 }
435
436 /*! \brief Task for attended transfer */
437 static int refer_attended(void *data)
438 {
439         RAII_VAR(struct refer_attended *, attended, data, ao2_cleanup);
440         int response = 0;
441
442         if (!attended->transferer_second->channel) {
443                 return -1;
444         }
445
446         ast_debug(3, "Performing a REFER attended transfer - Transferer #1: %s Transferer #2: %s\n",
447                 ast_channel_name(attended->transferer_chan), ast_channel_name(attended->transferer_second->channel));
448
449         switch (ast_bridge_transfer_attended(attended->transferer_chan, attended->transferer_second->channel)) {
450         case AST_BRIDGE_TRANSFER_INVALID:
451                 response = 400;
452                 break;
453         case AST_BRIDGE_TRANSFER_NOT_PERMITTED:
454                 response = 403;
455                 break;
456         case AST_BRIDGE_TRANSFER_FAIL:
457                 response = 500;
458                 break;
459         case AST_BRIDGE_TRANSFER_SUCCESS:
460                 response = 200;
461                 ast_sip_session_defer_termination(attended->transferer);
462                 break;
463         }
464
465         ast_debug(3, "Final response for REFER attended transfer - Transferer #1: %s Transferer #2: %s is '%d'\n",
466                 ast_channel_name(attended->transferer_chan), ast_channel_name(attended->transferer_second->channel), response);
467
468         if (attended->progress && response) {
469                 struct refer_progress_notification *notification = refer_progress_notification_alloc(attended->progress, response, PJSIP_EVSUB_STATE_TERMINATED);
470
471                 if (notification) {
472                         refer_progress_notify(notification);
473                 }
474         }
475
476         return 0;
477 }
478
479 /*! \brief Structure for blind transfer callback details */
480 struct refer_blind {
481         /*! \brief Context being used for transfer */
482         const char *context;
483         /*! \brief Optional progress structure */
484         struct refer_progress *progress;
485         /*! \brief REFER message */
486         pjsip_rx_data *rdata;
487         /*! \brief Optional Replaces header */
488         pjsip_replaces_hdr *replaces;
489         /*! \brief Optional Refer-To header */
490         pjsip_sip_uri *refer_to;
491 };
492
493 /*! \brief Blind transfer callback function */
494 static void refer_blind_callback(struct ast_channel *chan, struct transfer_channel_data *user_data_wrapper,
495         enum ast_transfer_type transfer_type)
496 {
497         struct refer_blind *refer = user_data_wrapper->data;
498         pjsip_generic_string_hdr *referred_by;
499
500         static const pj_str_t str_referred_by = { "Referred-By", 11 };
501
502         pbx_builtin_setvar_helper(chan, "SIPTRANSFER", "yes");
503
504         /* If progress monitoring is being done attach a frame hook so we can monitor it */
505         if (refer->progress) {
506                 struct ast_framehook_interface hook = {
507                         .version = AST_FRAMEHOOK_INTERFACE_VERSION,
508                         .event_cb = refer_progress_framehook,
509                         .destroy_cb = refer_progress_framehook_destroy,
510                         .data = refer->progress,
511                 };
512
513                 refer->progress->transferee = ast_strdup(ast_channel_uniqueid(chan));
514                 if (!refer->progress->transferee) {
515                         struct refer_progress_notification *notification = refer_progress_notification_alloc(refer->progress, 200,
516                                 PJSIP_EVSUB_STATE_TERMINATED);
517
518                         ast_log(LOG_WARNING, "Could not copy channel name '%s' during transfer - assuming success\n",
519                                 ast_channel_name(chan));
520
521                         if (notification) {
522                                 refer_progress_notify(notification);
523                         }
524                 }
525
526                 /* Progress needs a reference to the transfer_channel_data so that it can track the completed status of the transfer */
527                 ao2_ref(user_data_wrapper, +1);
528                 refer->progress->transfer_data = user_data_wrapper;
529
530                 /* We need to bump the reference count up on the progress structure since it is in the frame hook now */
531                 ao2_ref(refer->progress, +1);
532
533                 /* If we can't attach a frame hook for whatever reason send a notification of success immediately */
534                 if ((refer->progress->framehook = ast_framehook_attach(chan, &hook)) < 0) {
535                         struct refer_progress_notification *notification = refer_progress_notification_alloc(refer->progress, 200,
536                                 PJSIP_EVSUB_STATE_TERMINATED);
537
538                         ast_log(LOG_WARNING, "Could not attach REFER transfer progress monitoring hook to channel '%s' - assuming success\n",
539                                 ast_channel_name(chan));
540
541                         if (notification) {
542                                 refer_progress_notify(notification);
543                         }
544
545                         ao2_cleanup(refer->progress);
546                 }
547
548                 /* We need to bump the reference count for the stasis subscription */
549                 ao2_ref(refer->progress, +1);
550                 /* We also will need to detect if the transferee enters a bridge. This is currently the only reliable way to
551                  * detect if the transfer target has answered the call
552                  */
553                 refer->progress->bridge_sub = stasis_subscribe(ast_bridge_topic_all(), refer_progress_bridge, refer->progress);
554                 if (!refer->progress->bridge_sub) {
555                         struct refer_progress_notification *notification = refer_progress_notification_alloc(refer->progress, 200,
556                                 PJSIP_EVSUB_STATE_TERMINATED);
557
558                         ast_log(LOG_WARNING, "Could not create bridge stasis subscription for monitoring progress on transfer of channel '%s' - assuming success\n",
559                                         ast_channel_name(chan));
560
561                         if (notification) {
562                                 refer_progress_notify(notification);
563                         }
564
565                         ast_framehook_detach(chan, refer->progress->framehook);
566
567                         ao2_cleanup(refer->progress);
568                 }
569         }
570
571         pbx_builtin_setvar_helper(chan, "SIPREFERRINGCONTEXT", S_OR(refer->context, NULL));
572
573         referred_by = pjsip_msg_find_hdr_by_name(refer->rdata->msg_info.msg,
574                 &str_referred_by, NULL);
575         if (referred_by) {
576                 size_t uri_size = pj_strlen(&referred_by->hvalue) + 1;
577                 char *uri = ast_alloca(uri_size);
578
579                 ast_copy_pj_str(uri, &referred_by->hvalue, uri_size);
580                 pbx_builtin_setvar_helper(chan, "__SIPREFERREDBYHDR", S_OR(uri, NULL));
581         } else {
582                 pbx_builtin_setvar_helper(chan, "SIPREFERREDBYHDR", NULL);
583         }
584
585         if (refer->replaces) {
586                 char replaces[512];
587
588                 pjsip_hdr_print_on(refer->replaces, replaces, sizeof(replaces));
589                 pbx_builtin_setvar_helper(chan, "__SIPREPLACESHDR", S_OR(replaces, NULL));
590         } else {
591                 pbx_builtin_setvar_helper(chan, "SIPREPLACESHDR", NULL);
592         }
593
594         if (refer->refer_to) {
595                 char refer_to[PJSIP_MAX_URL_SIZE];
596
597                 pjsip_uri_print(PJSIP_URI_IN_REQ_URI, refer->refer_to, refer_to, sizeof(refer_to));
598                 pbx_builtin_setvar_helper(chan, "SIPREFERTOHDR", S_OR(refer_to, NULL));
599         } else {
600                 pbx_builtin_setvar_helper(chan, "SIPREFERTOHDR", NULL);
601         }
602 }
603
604 static int refer_incoming_attended_request(struct ast_sip_session *session, pjsip_rx_data *rdata, pjsip_sip_uri *target_uri,
605         pjsip_param *replaces_param, struct refer_progress *progress)
606 {
607         const pj_str_t str_replaces = { "Replaces", 8 };
608         pj_str_t replaces_content;
609         pjsip_replaces_hdr *replaces;
610         int parsed_len;
611         pjsip_dialog *dlg;
612
613         pj_strdup_with_null(rdata->tp_info.pool, &replaces_content, &replaces_param->value);
614
615         /* Parsing the parameter as a Replaces header easily grabs the needed information */
616         if (!(replaces = pjsip_parse_hdr(rdata->tp_info.pool, &str_replaces, replaces_content.ptr,
617                 pj_strlen(&replaces_content), &parsed_len))) {
618                 ast_log(LOG_ERROR, "Received REFER request on channel '%s' from endpoint '%s' with invalid Replaces header, rejecting\n",
619                         ast_channel_name(session->channel), ast_sorcery_object_get_id(session->endpoint));
620                 return 400;
621         }
622
623         /* See if the dialog is local, or remote */
624         if ((dlg = pjsip_ua_find_dialog(&replaces->call_id, &replaces->to_tag, &replaces->from_tag, PJ_TRUE))) {
625                 RAII_VAR(struct ast_sip_session *, other_session, ast_sip_dialog_get_session(dlg), ao2_cleanup);
626                 struct refer_attended *attended;
627
628                 pjsip_dlg_dec_lock(dlg);
629
630                 if (!other_session) {
631                         ast_debug(3, "Received REFER request on channel '%s' from endpoint '%s' for local dialog but no session exists on it\n",
632                                 ast_channel_name(session->channel), ast_sorcery_object_get_id(session->endpoint));
633                         return 603;
634                 }
635
636                 /* We defer actually doing the attended transfer to the other session so no deadlock can occur */
637                 if (!(attended = refer_attended_alloc(session, other_session, progress))) {
638                         ast_log(LOG_ERROR, "Received REFER request on channel '%s' from endpoint '%s' for local dialog but could not allocate structure to complete, rejecting\n",
639                                 ast_channel_name(session->channel), ast_sorcery_object_get_id(session->endpoint));
640                         return 500;
641                 }
642
643                 /* Push it to the other session, which will have both channels with minimal locking */
644                 if (ast_sip_push_task(other_session->serializer, refer_attended, attended)) {
645                         ao2_cleanup(attended);
646                         return 500;
647                 }
648
649                 ast_debug(3, "Attended transfer from '%s' pushed to second channel serializer\n",
650                         ast_channel_name(session->channel));
651
652                 return 200;
653         } else {
654                 const char *context = (session->channel ? pbx_builtin_getvar_helper(session->channel, "TRANSFER_CONTEXT") : "");
655                 struct refer_blind refer = { 0, };
656
657                 if (ast_strlen_zero(context)) {
658                         context = session->endpoint->context;
659                 }
660
661                 if (!ast_exists_extension(NULL, context, "external_replaces", 1, NULL)) {
662                         ast_log(LOG_ERROR, "Received REFER for remote session on channel '%s' from endpoint '%s' but 'external_replaces' context does not exist for handling\n",
663                                 ast_channel_name(session->channel), ast_sorcery_object_get_id(session->endpoint));
664                         return 404;
665                 }
666
667                 refer.context = context;
668                 refer.progress = progress;
669                 refer.rdata = rdata;
670                 refer.replaces = replaces;
671                 refer.refer_to = target_uri;
672
673                 switch (ast_bridge_transfer_blind(1, session->channel, "external_replaces", context, refer_blind_callback, &refer)) {
674                 case AST_BRIDGE_TRANSFER_INVALID:
675                         return 400;
676                 case AST_BRIDGE_TRANSFER_NOT_PERMITTED:
677                         return 403;
678                 case AST_BRIDGE_TRANSFER_FAIL:
679                         return 500;
680                 case AST_BRIDGE_TRANSFER_SUCCESS:
681                         ast_sip_session_defer_termination(session);
682                         return 200;
683                 }
684
685                 return 503;
686         }
687
688         return 0;
689 }
690
691 static int refer_incoming_blind_request(struct ast_sip_session *session, pjsip_rx_data *rdata, pjsip_sip_uri *target,
692         struct refer_progress *progress)
693 {
694         const char *context;
695         char exten[AST_MAX_EXTENSION];
696         struct refer_blind refer = { 0, };
697
698         if (!session->channel) {
699                 return 404;
700         }
701
702         /* If no explicit transfer context has been provided use their configured context */
703         context = pbx_builtin_getvar_helper(session->channel, "TRANSFER_CONTEXT");
704         if (ast_strlen_zero(context)) {
705                 context = session->endpoint->context;
706         }
707
708         /* Using the user portion of the target URI see if it exists as a valid extension in their context */
709         ast_copy_pj_str(exten, &target->user, sizeof(exten));
710         if (!ast_exists_extension(NULL, context, exten, 1, NULL)) {
711                 ast_log(LOG_ERROR, "Channel '%s' from endpoint '%s' attempted blind transfer to '%s@%s' but target does not exist\n",
712                         ast_channel_name(session->channel), ast_sorcery_object_get_id(session->endpoint), exten, context);
713                 return 404;
714         }
715
716         refer.context = context;
717         refer.progress = progress;
718         refer.rdata = rdata;
719         refer.refer_to = target;
720
721         switch (ast_bridge_transfer_blind(1, session->channel, exten, context, refer_blind_callback, &refer)) {
722         case AST_BRIDGE_TRANSFER_INVALID:
723                 return 400;
724         case AST_BRIDGE_TRANSFER_NOT_PERMITTED:
725                 return 403;
726         case AST_BRIDGE_TRANSFER_FAIL:
727                 return 500;
728         case AST_BRIDGE_TRANSFER_SUCCESS:
729                 ast_sip_session_defer_termination(session);
730                 return 200;
731         }
732
733         return 503;
734 }
735
736 /*! \brief Structure used to retrieve channel from another session */
737 struct invite_replaces {
738         /*! \brief Session we want the channel from */
739         struct ast_sip_session *session;
740         /*! \brief Channel from the session (with reference) */
741         struct ast_channel *channel;
742         /*! \brief Bridge the channel is in */
743         struct ast_bridge *bridge;
744 };
745
746 /*! \brief Task for invite replaces */
747 static int invite_replaces(void *data)
748 {
749         struct invite_replaces *invite = data;
750
751         if (!invite->session->channel) {
752                 return -1;
753         }
754
755         ast_channel_ref(invite->session->channel);
756         invite->channel = invite->session->channel;
757
758         ast_channel_lock(invite->channel);
759         invite->bridge = ast_channel_get_bridge(invite->channel);
760         ast_channel_unlock(invite->channel);
761
762         return 0;
763 }
764
765 static int refer_incoming_invite_request(struct ast_sip_session *session, struct pjsip_rx_data *rdata)
766 {
767         pjsip_dialog *other_dlg = NULL;
768         pjsip_tx_data *packet;
769         int response = 0;
770         RAII_VAR(struct ast_sip_session *, other_session, NULL, ao2_cleanup);
771         struct invite_replaces invite;
772
773         /* If a Replaces header is present make sure it is valid */
774         if (pjsip_replaces_verify_request(rdata, &other_dlg, PJ_TRUE, &packet) != PJ_SUCCESS) {
775                 response = packet->msg->line.status.code;
776                 pjsip_tx_data_dec_ref(packet);
777                 goto end;
778         }
779
780         /* If no other dialog exists then this INVITE request does not have a Replaces header */
781         if (!other_dlg) {
782                 return 0;
783         }
784
785         other_session = ast_sip_dialog_get_session(other_dlg);
786         pjsip_dlg_dec_lock(other_dlg);
787
788         if (!other_session) {
789                 response = 481;
790                 ast_debug(3, "INVITE with Replaces received on channel '%s' from endpoint '%s', but requested session does not exist\n",
791                         ast_channel_name(session->channel), ast_sorcery_object_get_id(session->endpoint));
792                 goto end;
793         }
794
795         invite.session = other_session;
796
797         if (ast_sip_push_task_synchronous(other_session->serializer, invite_replaces, &invite)) {
798                 response = 481;
799                 goto end;
800         }
801
802         ast_channel_lock(session->channel);
803         ast_setstate(session->channel, AST_STATE_RING);
804         ast_channel_unlock(session->channel);
805         ast_raw_answer(session->channel);
806
807         if (!invite.bridge) {
808                 struct ast_channel *chan = session->channel;
809
810                 /* This will use a synchronous task but we aren't operating in the serializer at this point in time, so it
811                  * won't deadlock */
812                 if (!ast_channel_move(invite.channel, session->channel)) {
813                         ast_hangup(chan);
814                 } else {
815                         response = 500;
816                 }
817         } else {
818                 if (ast_bridge_impart(invite.bridge, session->channel, invite.channel, NULL,
819                         AST_BRIDGE_IMPART_CHAN_INDEPENDENT)) {
820                         response = 500;
821                 }
822         }
823
824         if (!response) {
825                 ast_debug(3, "INVITE with Replaces successfully completed on channels '%s' and '%s'\n",
826                         ast_channel_name(session->channel), ast_channel_name(invite.channel));
827         }
828
829         ast_channel_unref(invite.channel);
830         ao2_cleanup(invite.bridge);
831
832 end:
833         if (response) {
834                 ast_debug(3, "INVITE with Replaces failed on channel '%s', sending response of '%d'\n",
835                         ast_channel_name(session->channel), response);
836                 session->defer_terminate = 1;
837                 ast_hangup(session->channel);
838                 session->channel = NULL;
839
840                 if (pjsip_inv_end_session(session->inv_session, response, NULL, &packet) == PJ_SUCCESS) {
841                         ast_sip_session_send_response(session, packet);
842                 }
843         }
844
845         return 1;
846 }
847
848 static int refer_incoming_refer_request(struct ast_sip_session *session, struct pjsip_rx_data *rdata)
849 {
850         pjsip_generic_string_hdr *refer_to;
851         pjsip_fromto_hdr *target;
852         pjsip_sip_uri *target_uri;
853         RAII_VAR(struct refer_progress *, progress, NULL, ao2_cleanup);
854         pjsip_param *replaces;
855         int response;
856
857         static const pj_str_t str_refer_to = { "Refer-To", 8 };
858         static const pj_str_t str_to = { "To", 2 };
859         static const pj_str_t str_replaces = { "Replaces", 8 };
860
861         if (!session->endpoint->allowtransfer) {
862                 pjsip_dlg_respond(session->inv_session->dlg, rdata, 603, NULL, NULL, NULL);
863                 ast_log(LOG_WARNING, "Endpoint %s transfer attempt blocked due to configuration\n",
864                                 ast_sorcery_object_get_id(session->endpoint));
865                 return 0;
866         }
867
868         /* A Refer-To header is required */
869         refer_to = pjsip_msg_find_hdr_by_name(rdata->msg_info.msg, &str_refer_to, NULL);
870         if (!refer_to) {
871                 pjsip_dlg_respond(session->inv_session->dlg, rdata, 400, NULL, NULL, NULL);
872                 ast_debug(3, "Received a REFER without Refer-To on channel '%s' from endpoint '%s'\n",
873                         ast_channel_name(session->channel), ast_sorcery_object_get_id(session->endpoint));
874                 return 0;
875         }
876
877         /* Parse the provided URI string as a To header so we can get the target */
878         target = pjsip_parse_hdr(rdata->tp_info.pool, &str_to,
879                 (char *) pj_strbuf(&refer_to->hvalue), pj_strlen(&refer_to->hvalue), NULL);
880         if (!target
881                 || (!PJSIP_URI_SCHEME_IS_SIP(target->uri)
882                         && !PJSIP_URI_SCHEME_IS_SIPS(target->uri))) {
883                 size_t uri_size = pj_strlen(&refer_to->hvalue) + 1;
884                 char *uri = ast_alloca(uri_size);
885
886                 ast_copy_pj_str(uri, &refer_to->hvalue, uri_size);
887
888                 pjsip_dlg_respond(session->inv_session->dlg, rdata, 400, NULL, NULL, NULL);
889                 ast_debug(3, "Received a REFER without a parseable Refer-To ('%s') on channel '%s' from endpoint '%s'\n",
890                         uri, ast_channel_name(session->channel), ast_sorcery_object_get_id(session->endpoint));
891                 return 0;
892         }
893         target_uri = pjsip_uri_get_uri(target->uri);
894
895         /* Set up REFER progress subscription if requested/possible */
896         if (refer_progress_alloc(session, rdata, &progress)) {
897                 pjsip_dlg_respond(session->inv_session->dlg, rdata, 500, NULL, NULL, NULL);
898                 ast_debug(3, "Could not set up subscription for REFER on channel '%s' from endpoint '%s'\n",
899                         ast_channel_name(session->channel), ast_sorcery_object_get_id(session->endpoint));
900                 return 0;
901         }
902
903         /* Determine if this is an attended or blind transfer */
904         if ((replaces = pjsip_param_find(&target_uri->header_param, &str_replaces)) ||
905                 (replaces = pjsip_param_find(&target_uri->other_param, &str_replaces))) {
906                 response = refer_incoming_attended_request(session, rdata, target_uri, replaces, progress);
907         } else {
908                 response = refer_incoming_blind_request(session, rdata, target_uri, progress);
909         }
910
911         if (!progress) {
912                 /* The transferer has requested no subscription, so send a final response immediately */
913                 pjsip_tx_data *tdata;
914                 const pj_str_t str_refer_sub = { "Refer-Sub", 9 };
915                 const pj_str_t str_false = { "false", 5 };
916                 pjsip_hdr *hdr;
917
918                 ast_debug(3, "Progress monitoring not requested for REFER on channel '%s' from endpoint '%s', sending immediate response of '%d'\n",
919                         ast_channel_name(session->channel), ast_sorcery_object_get_id(session->endpoint), response);
920
921                 if (pjsip_dlg_create_response(session->inv_session->dlg, rdata, response, NULL, &tdata) != PJ_SUCCESS) {
922                         pjsip_dlg_respond(session->inv_session->dlg, rdata, response, NULL, NULL, NULL);
923                         return 0;
924                 }
925
926                 hdr = (pjsip_hdr*)pjsip_generic_string_hdr_create(tdata->pool, &str_refer_sub, &str_false);
927                 pjsip_msg_add_hdr(tdata->msg, hdr);
928
929                 pjsip_dlg_send_response(session->inv_session->dlg, pjsip_rdata_get_tsx(rdata), tdata);
930         } else if (response != 200) {
931                 /* Since this failed we can send a final NOTIFY now and terminate the subscription */
932                 struct refer_progress_notification *notification = refer_progress_notification_alloc(progress, response, PJSIP_EVSUB_STATE_TERMINATED);
933
934                 if (notification) {
935                         /* The refer_progress_notify function will call ao2_cleanup on this for us */
936                         refer_progress_notify(notification);
937                 }
938         }
939
940         return 0;
941 }
942
943 static int refer_incoming_request(struct ast_sip_session *session, pjsip_rx_data *rdata)
944 {
945         if (!pjsip_method_cmp(&rdata->msg_info.msg->line.req.method, pjsip_get_refer_method())) {
946                 return refer_incoming_refer_request(session, rdata);
947         } else if (!pjsip_method_cmp(&rdata->msg_info.msg->line.req.method, &pjsip_invite_method)) {
948                 return refer_incoming_invite_request(session, rdata);
949         } else {
950                 return 0;
951         }
952 }
953
954 static void refer_outgoing_request(struct ast_sip_session *session, struct pjsip_tx_data *tdata)
955 {
956         const char *hdr;
957
958         if (pjsip_method_cmp(&tdata->msg->line.req.method, &pjsip_invite_method)
959                 || !session->channel
960                 || session->inv_session->state != PJSIP_INV_STATE_NULL) {
961                 return;
962         }
963
964         ast_channel_lock(session->channel);
965         hdr = pbx_builtin_getvar_helper(session->channel, "SIPREPLACESHDR");
966         if (!ast_strlen_zero(hdr)) {
967                 ast_sip_add_header(tdata, "Replaces", hdr);
968         }
969
970         hdr = pbx_builtin_getvar_helper(session->channel, "SIPREFERREDBYHDR");
971         if (!ast_strlen_zero(hdr)) {
972                 ast_sip_add_header(tdata, "Referred-By", hdr);
973         }
974         ast_channel_unlock(session->channel);
975 }
976
977 static struct ast_sip_session_supplement refer_supplement = {
978         .priority = AST_SIP_SUPPLEMENT_PRIORITY_CHANNEL + 1,
979         .incoming_request = refer_incoming_request,
980         .outgoing_request = refer_outgoing_request,
981 };
982
983 static int load_module(void)
984 {
985         const pj_str_t str_norefersub = { "norefersub", 10 };
986
987         pjsip_replaces_init_module(ast_sip_get_pjsip_endpoint());
988         pjsip_xfer_init_module(ast_sip_get_pjsip_endpoint());
989         pjsip_endpt_add_capability(ast_sip_get_pjsip_endpoint(), NULL, PJSIP_H_SUPPORTED, NULL, 1, &str_norefersub);
990
991         ast_sip_register_service(&refer_progress_module);
992         ast_sip_session_register_supplement(&refer_supplement);
993
994         return AST_MODULE_LOAD_SUCCESS;
995 }
996
997 static int unload_module(void)
998 {
999         ast_sip_session_unregister_supplement(&refer_supplement);
1000         ast_sip_unregister_service(&refer_progress_module);
1001
1002         return 0;
1003 }
1004
1005 AST_MODULE_INFO(ASTERISK_GPL_KEY, AST_MODFLAG_LOAD_ORDER, "PJSIP Blind and Attended Transfer Support",
1006                 .load = load_module,
1007                 .unload = unload_module,
1008                 .load_pri = AST_MODPRI_APP_DEPEND,
1009                    );