Fix segfault regression from r370681
[asterisk/asterisk.git] / main / manager.c
1 /*
2  * Asterisk -- An open source telephony toolkit.
3  *
4  * Copyright (C) 1999 - 2006, Digium, Inc.
5  *
6  * Mark Spencer <markster@digium.com>
7  *
8  * See http://www.asterisk.org for more information about
9  * the Asterisk project. Please do not directly contact
10  * any of the maintainers of this project for assistance;
11  * the project provides a web site, mailing lists and IRC
12  * channels for your use.
13  *
14  * This program is free software, distributed under the terms of
15  * the GNU General Public License Version 2. See the LICENSE file
16  * at the top of the source tree.
17  */
18
19 /*! \file
20  *
21  * \brief The Asterisk Management Interface - AMI
22  *
23  * \author Mark Spencer <markster@digium.com>
24  *
25  * OpenSSL http://www.openssl.org - for AMI/SSL
26  *
27  * At the moment this file contains a number of functions, namely:
28  *
29  * - data structures storing AMI state
30  * - AMI-related API functions, used by internal asterisk components
31  * - handlers for AMI-related CLI functions
32  * - handlers for AMI functions (available through the AMI socket)
33  * - the code for the main AMI listener thread and individual session threads
34  * - the http handlers invoked for AMI-over-HTTP by the threads in main/http.c
35  *
36  * \ref amiconf
37  */
38
39 /*! \addtogroup Group_AMI AMI functions
40 */
41 /*! @{
42  Doxygen group */
43
44 /*** MODULEINFO
45         <support_level>core</support_level>
46  ***/
47
48 #include "asterisk.h"
49
50 ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
51
52 #include "asterisk/_private.h"
53 #include "asterisk/paths.h"     /* use various ast_config_AST_* */
54 #include <ctype.h>
55 #include <sys/time.h>
56 #include <signal.h>
57 #include <sys/mman.h>
58 #include <sys/types.h>
59 #include <regex.h>
60
61 #include "asterisk/channel.h"
62 #include "asterisk/file.h"
63 #include "asterisk/manager.h"
64 #include "asterisk/module.h"
65 #include "asterisk/config.h"
66 #include "asterisk/callerid.h"
67 #include "asterisk/lock.h"
68 #include "asterisk/cli.h"
69 #include "asterisk/app.h"
70 #include "asterisk/pbx.h"
71 #include "asterisk/md5.h"
72 #include "asterisk/acl.h"
73 #include "asterisk/utils.h"
74 #include "asterisk/tcptls.h"
75 #include "asterisk/http.h"
76 #include "asterisk/ast_version.h"
77 #include "asterisk/threadstorage.h"
78 #include "asterisk/linkedlists.h"
79 #include "asterisk/term.h"
80 #include "asterisk/astobj2.h"
81 #include "asterisk/features.h"
82 #include "asterisk/security_events.h"
83 #include "asterisk/event.h"
84 #include "asterisk/aoc.h"
85 #include "asterisk/stringfields.h"
86 #include "asterisk/presencestate.h"
87
88 /*** DOCUMENTATION
89         <manager name="Ping" language="en_US">
90                 <synopsis>
91                         Keepalive command.
92                 </synopsis>
93                 <syntax>
94                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
95                 </syntax>
96                 <description>
97                         <para>A 'Ping' action will ellicit a 'Pong' response. Used to keep the
98                         manager connection open.</para>
99                 </description>
100         </manager>
101         <manager name="Events" language="en_US">
102                 <synopsis>
103                         Control Event Flow.
104                 </synopsis>
105                 <syntax>
106                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
107                         <parameter name="EventMask" required="true">
108                                 <enumlist>
109                                         <enum name="on">
110                                                 <para>If all events should be sent.</para>
111                                         </enum>
112                                         <enum name="off">
113                                                 <para>If no events should be sent.</para>
114                                         </enum>
115                                         <enum name="system,call,log,...">
116                                                 <para>To select which flags events should have to be sent.</para>
117                                         </enum>
118                                 </enumlist>
119                         </parameter>
120                 </syntax>
121                 <description>
122                         <para>Enable/Disable sending of events to this manager client.</para>
123                 </description>
124         </manager>
125         <manager name="Logoff" language="en_US">
126                 <synopsis>
127                         Logoff Manager.
128                 </synopsis>
129                 <syntax>
130                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
131                 </syntax>
132                 <description>
133                         <para>Logoff the current manager session.</para>
134                 </description>
135         </manager>
136         <manager name="Login" language="en_US">
137                 <synopsis>
138                         Login Manager.
139                 </synopsis>
140                 <syntax>
141                         <parameter name="ActionID">
142                                 <para>ActionID for this transaction. Will be returned.</para>
143                         </parameter>
144                         <parameter name="Username" required="true">
145                                 <para>Username to login with as specified in manager.conf.</para>
146                         </parameter>
147                         <parameter name="Secret">
148                                 <para>Secret to login with as specified in manager.conf.</para>
149                         </parameter>
150                 </syntax>
151                 <description>
152                         <para>Login Manager.</para>
153                 </description>
154         </manager>
155         <manager name="Challenge" language="en_US">
156                 <synopsis>
157                         Generate Challenge for MD5 Auth.
158                 </synopsis>
159                 <syntax>
160                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
161                         <parameter name="AuthType" required="true">
162                                 <para>Digest algorithm to use in the challenge. Valid values are:</para>
163                                 <enumlist>
164                                         <enum name="MD5" />
165                                 </enumlist>
166                         </parameter>
167                 </syntax>
168                 <description>
169                         <para>Generate a challenge for MD5 authentication.</para>
170                 </description>
171         </manager>
172         <manager name="Hangup" language="en_US">
173                 <synopsis>
174                         Hangup channel.
175                 </synopsis>
176                 <syntax>
177                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
178                         <parameter name="Channel" required="true">
179                                 <para>The exact channel name to be hungup, or to use a regular expression, set this parameter to: /regex/</para>
180                                 <para>Example exact channel: SIP/provider-0000012a</para>
181                                 <para>Example regular expression: /^SIP/provider-.*$/</para>
182                         </parameter>
183                         <parameter name="Cause">
184                                 <para>Numeric hangup cause.</para>
185                         </parameter>
186                 </syntax>
187                 <description>
188                         <para>Hangup a channel.</para>
189                 </description>
190         </manager>
191         <manager name="Status" language="en_US">
192                 <synopsis>
193                         List channel status.
194                 </synopsis>
195                 <syntax>
196                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
197                         <parameter name="Channel" required="true">
198                                 <para>The name of the channel to query for status.</para>
199                         </parameter>
200                         <parameter name="Variables">
201                                 <para>Comma <literal>,</literal> separated list of variable to include.</para>
202                         </parameter>
203                 </syntax>
204                 <description>
205                         <para>Will return the status information of each channel along with the
206                         value for the specified channel variables.</para>
207                 </description>
208         </manager>
209         <manager name="Setvar" language="en_US">
210                 <synopsis>
211                         Set a channel variable.
212                 </synopsis>
213                 <syntax>
214                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
215                         <parameter name="Channel">
216                                 <para>Channel to set variable for.</para>
217                         </parameter>
218                         <parameter name="Variable" required="true">
219                                 <para>Variable name.</para>
220                         </parameter>
221                         <parameter name="Value" required="true">
222                                 <para>Variable value.</para>
223                         </parameter>
224                 </syntax>
225                 <description>
226                         <para>Set a global or local channel variable.</para>
227                         <note>
228                                 <para>If a channel name is not provided then the variable is global.</para>
229                         </note>
230                 </description>
231         </manager>
232         <manager name="Getvar" language="en_US">
233                 <synopsis>
234                         Gets a channel variable.
235                 </synopsis>
236                 <syntax>
237                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
238                         <parameter name="Channel">
239                                 <para>Channel to read variable from.</para>
240                         </parameter>
241                         <parameter name="Variable" required="true">
242                                 <para>Variable name.</para>
243                         </parameter>
244                 </syntax>
245                 <description>
246                         <para>Get the value of a global or local channel variable.</para>
247                         <note>
248                                 <para>If a channel name is not provided then the variable is global.</para>
249                         </note>
250                 </description>
251         </manager>
252         <manager name="GetConfig" language="en_US">
253                 <synopsis>
254                         Retrieve configuration.
255                 </synopsis>
256                 <syntax>
257                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
258                         <parameter name="Filename" required="true">
259                                 <para>Configuration filename (e.g. <filename>foo.conf</filename>).</para>
260                         </parameter>
261                         <parameter name="Category">
262                                 <para>Category in configuration file.</para>
263                         </parameter>
264                 </syntax>
265                 <description>
266                         <para>This action will dump the contents of a configuration
267                         file by category and contents or optionally by specified category only.</para>
268                 </description>
269         </manager>
270         <manager name="GetConfigJSON" language="en_US">
271                 <synopsis>
272                         Retrieve configuration (JSON format).
273                 </synopsis>
274                 <syntax>
275                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
276                         <parameter name="Filename" required="true">
277                                 <para>Configuration filename (e.g. <filename>foo.conf</filename>).</para>
278                         </parameter>
279                 </syntax>
280                 <description>
281                         <para>This action will dump the contents of a configuration file by category
282                         and contents in JSON format. This only makes sense to be used using rawman over
283                         the HTTP interface.</para>
284                 </description>
285         </manager>
286         <manager name="UpdateConfig" language="en_US">
287                 <synopsis>
288                         Update basic configuration.
289                 </synopsis>
290                 <syntax>
291                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
292                         <parameter name="SrcFilename" required="true">
293                                 <para>Configuration filename to read (e.g. <filename>foo.conf</filename>).</para>
294                         </parameter>
295                         <parameter name="DstFilename" required="true">
296                                 <para>Configuration filename to write (e.g. <filename>foo.conf</filename>)</para>
297                         </parameter>
298                         <parameter name="Reload">
299                                 <para>Whether or not a reload should take place (or name of specific module).</para>
300                         </parameter>
301                         <parameter name="Action-XXXXXX">
302                                 <para>Action to take.</para>
303                                 <para>X's represent 6 digit number beginning with 000000.</para>
304                                 <enumlist>
305                                         <enum name="NewCat" />
306                                         <enum name="RenameCat" />
307                                         <enum name="DelCat" />
308                                         <enum name="EmptyCat" />
309                                         <enum name="Update" />
310                                         <enum name="Delete" />
311                                         <enum name="Append" />
312                                         <enum name="Insert" />
313                                 </enumlist>
314                         </parameter>
315                         <parameter name="Cat-XXXXXX">
316                                 <para>Category to operate on.</para>
317                                 <xi:include xpointer="xpointer(/docs/manager[@name='UpdateConfig']/syntax/parameter[@name='Action-XXXXXX']/para[2])" />
318                         </parameter>
319                         <parameter name="Var-XXXXXX">
320                                 <para>Variable to work on.</para>
321                                 <xi:include xpointer="xpointer(/docs/manager[@name='UpdateConfig']/syntax/parameter[@name='Action-XXXXXX']/para[2])" />
322                         </parameter>
323                         <parameter name="Value-XXXXXX">
324                                 <para>Value to work on.</para>
325                                 <xi:include xpointer="xpointer(/docs/manager[@name='UpdateConfig']/syntax/parameter[@name='Action-XXXXXX']/para[2])" />
326                         </parameter>
327                         <parameter name="Match-XXXXXX">
328                                 <para>Extra match required to match line.</para>
329                                 <xi:include xpointer="xpointer(/docs/manager[@name='UpdateConfig']/syntax/parameter[@name='Action-XXXXXX']/para[2])" />
330                         </parameter>
331                         <parameter name="Line-XXXXXX">
332                                 <para>Line in category to operate on (used with delete and insert actions).</para>
333                                 <xi:include xpointer="xpointer(/docs/manager[@name='UpdateConfig']/syntax/parameter[@name='Action-XXXXXX']/para[2])" />
334                         </parameter>
335                 </syntax>
336                 <description>
337                         <para>This action will modify, create, or delete configuration elements
338                         in Asterisk configuration files.</para>
339                 </description>
340         </manager>
341         <manager name="CreateConfig" language="en_US">
342                 <synopsis>
343                         Creates an empty file in the configuration directory.
344                 </synopsis>
345                 <syntax>
346                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
347                         <parameter name="Filename" required="true">
348                                 <para>The configuration filename to create (e.g. <filename>foo.conf</filename>).</para>
349                         </parameter>
350                 </syntax>
351                 <description>
352                         <para>This action will create an empty file in the configuration
353                         directory. This action is intended to be used before an UpdateConfig
354                         action.</para>
355                 </description>
356         </manager>
357         <manager name="ListCategories" language="en_US">
358                 <synopsis>
359                         List categories in configuration file.
360                 </synopsis>
361                 <syntax>
362                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
363                         <parameter name="Filename" required="true">
364                                 <para>Configuration filename (e.g. <filename>foo.conf</filename>).</para>
365                         </parameter>
366                 </syntax>
367                 <description>
368                         <para>This action will dump the categories in a given file.</para>
369                 </description>
370         </manager>
371         <manager name="Redirect" language="en_US">
372                 <synopsis>
373                         Redirect (transfer) a call.
374                 </synopsis>
375                 <syntax>
376                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
377                         <parameter name="Channel" required="true">
378                                 <para>Channel to redirect.</para>
379                         </parameter>
380                         <parameter name="ExtraChannel">
381                                 <para>Second call leg to transfer (optional).</para>
382                         </parameter>
383                         <parameter name="Exten" required="true">
384                                 <para>Extension to transfer to.</para>
385                         </parameter>
386                         <parameter name="ExtraExten">
387                                 <para>Extension to transfer extrachannel to (optional).</para>
388                         </parameter>
389                         <parameter name="Context" required="true">
390                                 <para>Context to transfer to.</para>
391                         </parameter>
392                         <parameter name="ExtraContext">
393                                 <para>Context to transfer extrachannel to (optional).</para>
394                         </parameter>
395                         <parameter name="Priority" required="true">
396                                 <para>Priority to transfer to.</para>
397                         </parameter>
398                         <parameter name="ExtraPriority">
399                                 <para>Priority to transfer extrachannel to (optional).</para>
400                         </parameter>
401                 </syntax>
402                 <description>
403                         <para>Redirect (transfer) a call.</para>
404                 </description>
405         </manager>
406         <manager name="Atxfer" language="en_US">
407                 <synopsis>
408                         Attended transfer.
409                 </synopsis>
410                 <syntax>
411                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
412                         <parameter name="Channel" required="true">
413                                 <para>Transferer's channel.</para>
414                         </parameter>
415                         <parameter name="Exten" required="true">
416                                 <para>Extension to transfer to.</para>
417                         </parameter>
418                         <parameter name="Context" required="true">
419                                 <para>Context to transfer to.</para>
420                         </parameter>
421                         <parameter name="Priority" required="true">
422                                 <para>Priority to transfer to.</para>
423                         </parameter>
424                 </syntax>
425                 <description>
426                         <para>Attended transfer.</para>
427                 </description>
428         </manager>
429         <manager name="Originate" language="en_US">
430                 <synopsis>
431                         Originate a call.
432                 </synopsis>
433                 <syntax>
434                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
435                         <parameter name="Channel" required="true">
436                                 <para>Channel name to call.</para>
437                         </parameter>
438                         <parameter name="Exten">
439                                 <para>Extension to use (requires <literal>Context</literal> and
440                                 <literal>Priority</literal>)</para>
441                         </parameter>
442                         <parameter name="Context">
443                                 <para>Context to use (requires <literal>Exten</literal> and
444                                 <literal>Priority</literal>)</para>
445                         </parameter>
446                         <parameter name="Priority">
447                                 <para>Priority to use (requires <literal>Exten</literal> and
448                                 <literal>Context</literal>)</para>
449                         </parameter>
450                         <parameter name="Application">
451                                 <para>Application to execute.</para>
452                         </parameter>
453                         <parameter name="Data">
454                                 <para>Data to use (requires <literal>Application</literal>).</para>
455                         </parameter>
456                         <parameter name="Timeout" default="30000">
457                                 <para>How long to wait for call to be answered (in ms.).</para>
458                         </parameter>
459                         <parameter name="CallerID">
460                                 <para>Caller ID to be set on the outgoing channel.</para>
461                         </parameter>
462                         <parameter name="Variable">
463                                 <para>Channel variable to set, multiple Variable: headers are allowed.</para>
464                         </parameter>
465                         <parameter name="Account">
466                                 <para>Account code.</para>
467                         </parameter>
468                         <parameter name="EarlyMedia">
469                                 <para>Set to <literal>true</literal> to force call bridge on early media..</para>
470                         </parameter>
471                         <parameter name="Async">
472                                 <para>Set to <literal>true</literal> for fast origination.</para>
473                         </parameter>
474                         <parameter name="Codecs">
475                                 <para>Comma-separated list of codecs to use for this call.</para>
476                         </parameter>
477                 </syntax>
478                 <description>
479                         <para>Generates an outgoing call to a
480                         <replaceable>Extension</replaceable>/<replaceable>Context</replaceable>/<replaceable>Priority</replaceable>
481                         or <replaceable>Application</replaceable>/<replaceable>Data</replaceable></para>
482                 </description>
483                 <see-also>
484                         <ref type="managerEvent">OriginateResponse</ref>
485                 </see-also>
486         </manager>
487         <managerEvent language="en_US" name="OriginateResponse">
488                 <managerEventInstance class="EVENT_FLAG_CALL">
489                         <synopsis>Raised in response to an Originate command.</synopsis>
490                         <syntax>
491                                 <parameter name="ActionID" required="false"/>
492                                 <parameter name="Resonse">
493                                         <enumlist>
494                                                 <enum name="Failure"/>
495                                                 <enum name="Success"/>
496                                         </enumlist>
497                                 </parameter>
498                                 <parameter name="Channel"/>
499                                 <parameter name="Context"/>
500                                 <parameter name="Exten"/>
501                                 <parameter name="Reason"/>
502                                 <parameter name="Uniqueid"/>
503                                 <parameter name="CallerIDNum"/>
504                                 <parameter name="CallerIDName"/>
505                         </syntax>
506                         <see-also>
507                                 <ref type="manager">Originate</ref>
508                         </see-also>
509                 </managerEventInstance>
510         </managerEvent>
511         <manager name="Command" language="en_US">
512                 <synopsis>
513                         Execute Asterisk CLI Command.
514                 </synopsis>
515                 <syntax>
516                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
517                         <parameter name="Command" required="true">
518                                 <para>Asterisk CLI command to run.</para>
519                         </parameter>
520                 </syntax>
521                 <description>
522                         <para>Run a CLI command.</para>
523                 </description>
524         </manager>
525         <manager name="ExtensionState" language="en_US">
526                 <synopsis>
527                         Check Extension Status.
528                 </synopsis>
529                 <syntax>
530                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
531                         <parameter name="Exten" required="true">
532                                 <para>Extension to check state on.</para>
533                         </parameter>
534                         <parameter name="Context" required="true">
535                                 <para>Context for extension.</para>
536                         </parameter>
537                 </syntax>
538                 <description>
539                         <para>Report the extension state for given extension. If the extension has a hint,
540                         will use devicestate to check the status of the device connected to the extension.</para>
541                         <para>Will return an <literal>Extension Status</literal> message. The response will include
542                         the hint for the extension and the status.</para>
543                 </description>
544         </manager>
545         <manager name="PresenceState" language="en_US">
546                 <synopsis>
547                         Check Presence State
548                 </synopsis>
549                 <syntax>
550                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
551                         <parameter name="Provider" required="true">
552                                 <para>Presence Provider to check the state of</para>
553                         </parameter>
554                 </syntax>
555                 <description>
556                         <para>Report the presence state for the given presence provider.</para>
557                         <para>Will return a <literal>Presence State</literal> message. The response will include the
558                         presence state and, if set, a presence subtype and custom message.</para>
559                 </description>
560         </manager>
561         <manager name="AbsoluteTimeout" language="en_US">
562                 <synopsis>
563                         Set absolute timeout.
564                 </synopsis>
565                 <syntax>
566                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
567                         <parameter name="Channel" required="true">
568                                 <para>Channel name to hangup.</para>
569                         </parameter>
570                         <parameter name="Timeout" required="true">
571                                 <para>Maximum duration of the call (sec).</para>
572                         </parameter>
573                 </syntax>
574                 <description>
575                         <para>Hangup a channel after a certain time. Acknowledges set time with
576                         <literal>Timeout Set</literal> message.</para>
577                 </description>
578         </manager>
579         <manager name="MailboxStatus" language="en_US">
580                 <synopsis>
581                         Check mailbox.
582                 </synopsis>
583                 <syntax>
584                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
585                         <parameter name="Mailbox" required="true">
586                                 <para>Full mailbox ID <replaceable>mailbox</replaceable>@<replaceable>vm-context</replaceable>.</para>
587                         </parameter>
588                 </syntax>
589                 <description>
590                         <para>Checks a voicemail account for status.</para>
591                         <para>Returns number of messages.</para>
592                         <para>Message: Mailbox Status.</para>
593                         <para>Mailbox: <replaceable>mailboxid</replaceable>.</para>
594                         <para>Waiting: <literal>0</literal> if messages waiting, <literal>1</literal>
595                         if no messages waiting.</para>
596                 </description>
597         </manager>
598         <manager name="MailboxCount" language="en_US">
599                 <synopsis>
600                         Check Mailbox Message Count.
601                 </synopsis>
602                 <syntax>
603                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
604                         <parameter name="Mailbox" required="true">
605                                 <para>Full mailbox ID <replaceable>mailbox</replaceable>@<replaceable>vm-context</replaceable>.</para>
606                         </parameter>
607                 </syntax>
608                 <description>
609                         <para>Checks a voicemail account for new messages.</para>
610                         <para>Returns number of urgent, new and old messages.</para>
611                         <para>Message: Mailbox Message Count</para>
612                         <para>Mailbox: <replaceable>mailboxid</replaceable></para>
613                         <para>UrgentMessages: <replaceable>count</replaceable></para>
614                         <para>NewMessages: <replaceable>count</replaceable></para>
615                         <para>OldMessages: <replaceable>count</replaceable></para>
616                 </description>
617         </manager>
618         <manager name="ListCommands" language="en_US">
619                 <synopsis>
620                         List available manager commands.
621                 </synopsis>
622                 <syntax>
623                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
624                 </syntax>
625                 <description>
626                         <para>Returns the action name and synopsis for every action that
627                         is available to the user.</para>
628                 </description>
629         </manager>
630         <manager name="SendText" language="en_US">
631                 <synopsis>
632                         Send text message to channel.
633                 </synopsis>
634                 <syntax>
635                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
636                         <parameter name="Channel" required="true">
637                                 <para>Channel to send message to.</para>
638                         </parameter>
639                         <parameter name="Message" required="true">
640                                 <para>Message to send.</para>
641                         </parameter>
642                 </syntax>
643                 <description>
644                         <para>Sends A Text Message to a channel while in a call.</para>
645                 </description>
646         </manager>
647         <manager name="UserEvent" language="en_US">
648                 <synopsis>
649                         Send an arbitrary event.
650                 </synopsis>
651                 <syntax>
652                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
653                         <parameter name="UserEvent" required="true">
654                                 <para>Event string to send.</para>
655                         </parameter>
656                         <parameter name="Header1">
657                                 <para>Content1.</para>
658                         </parameter>
659                         <parameter name="HeaderN">
660                                 <para>ContentN.</para>
661                         </parameter>
662                 </syntax>
663                 <description>
664                         <para>Send an event to manager sessions.</para>
665                 </description>
666         </manager>
667         <manager name="WaitEvent" language="en_US">
668                 <synopsis>
669                         Wait for an event to occur.
670                 </synopsis>
671                 <syntax>
672                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
673                         <parameter name="Timeout" required="true">
674                                 <para>Maximum time (in seconds) to wait for events, <literal>-1</literal> means forever.</para>
675                         </parameter>
676                 </syntax>
677                 <description>
678                         <para>This action will ellicit a <literal>Success</literal> response. Whenever
679                         a manager event is queued. Once WaitEvent has been called on an HTTP manager
680                         session, events will be generated and queued.</para>
681                 </description>
682         </manager>
683         <manager name="CoreSettings" language="en_US">
684                 <synopsis>
685                         Show PBX core settings (version etc).
686                 </synopsis>
687                 <syntax>
688                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
689                 </syntax>
690                 <description>
691                         <para>Query for Core PBX settings.</para>
692                 </description>
693         </manager>
694         <manager name="CoreStatus" language="en_US">
695                 <synopsis>
696                         Show PBX core status variables.
697                 </synopsis>
698                 <syntax>
699                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
700                 </syntax>
701                 <description>
702                         <para>Query for Core PBX status.</para>
703                 </description>
704         </manager>
705         <manager name="Reload" language="en_US">
706                 <synopsis>
707                         Send a reload event.
708                 </synopsis>
709                 <syntax>
710                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
711                         <parameter name="Module">
712                                 <para>Name of the module to reload.</para>
713                         </parameter>
714                 </syntax>
715                 <description>
716                         <para>Send a reload event.</para>
717                 </description>
718         </manager>
719         <manager name="CoreShowChannels" language="en_US">
720                 <synopsis>
721                         List currently active channels.
722                 </synopsis>
723                 <syntax>
724                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
725                 </syntax>
726                 <description>
727                         <para>List currently defined channels and some information about them.</para>
728                 </description>
729         </manager>
730         <manager name="ModuleLoad" language="en_US">
731                 <synopsis>
732                         Module management.
733                 </synopsis>
734                 <syntax>
735                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
736                         <parameter name="Module">
737                                 <para>Asterisk module name (including .so extension) or subsystem identifier:</para>
738                                 <enumlist>
739                                         <enum name="cdr" />
740                                         <enum name="dnsmgr" />
741                                         <enum name="extconfig" />
742                                         <enum name="enum" />
743                                         <enum name="acl" />
744                                         <enum name="manager" />
745                                         <enum name="http" />
746                                         <enum name="logger" />
747                                         <enum name="features" />
748                                         <enum name="dsp" />
749                                         <enum name="udptl" />
750                                         <enum name="indications" />
751                                         <enum name="cel" />
752                                         <enum name="plc" />
753                                 </enumlist>
754                         </parameter>
755                         <parameter name="LoadType" required="true">
756                                 <para>The operation to be done on module. Subsystem identifiers may only
757                                 be reloaded.</para>
758                                 <enumlist>
759                                         <enum name="load" />
760                                         <enum name="unload" />
761                                         <enum name="reload" />
762                                 </enumlist>
763                                 <para>If no module is specified for a <literal>reload</literal> loadtype,
764                                 all modules are reloaded.</para>
765                         </parameter>
766                 </syntax>
767                 <description>
768                         <para>Loads, unloads or reloads an Asterisk module in a running system.</para>
769                 </description>
770         </manager>
771         <manager name="ModuleCheck" language="en_US">
772                 <synopsis>
773                         Check if module is loaded.
774                 </synopsis>
775                 <syntax>
776                         <parameter name="Module" required="true">
777                                 <para>Asterisk module name (not including extension).</para>
778                         </parameter>
779                 </syntax>
780                 <description>
781                         <para>Checks if Asterisk module is loaded. Will return Success/Failure.
782                         For success returns, the module revision number is included.</para>
783                 </description>
784         </manager>
785         <manager name="AOCMessage" language="en_US">
786                 <synopsis>
787                         Generate an Advice of Charge message on a channel.
788                 </synopsis>
789                 <syntax>
790                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
791                         <parameter name="Channel" required="true">
792                                 <para>Channel name to generate the AOC message on.</para>
793                         </parameter>
794                         <parameter name="ChannelPrefix">
795                                 <para>Partial channel prefix.  By using this option one can match the beginning part
796                                 of a channel name without having to put the entire name in.  For example
797                                 if a channel name is SIP/snom-00000001 and this value is set to SIP/snom, then
798                                 that channel matches and the message will be sent.  Note however that only
799                                 the first matched channel has the message sent on it. </para>
800                         </parameter>
801                         <parameter name="MsgType" required="true">
802                                 <para>Defines what type of AOC message to create, AOC-D or AOC-E</para>
803                                 <enumlist>
804                                         <enum name="D" />
805                                         <enum name="E" />
806                                 </enumlist>
807                         </parameter>
808                         <parameter name="ChargeType" required="true">
809                                 <para>Defines what kind of charge this message represents.</para>
810                                 <enumlist>
811                                         <enum name="NA" />
812                                         <enum name="FREE" />
813                                         <enum name="Currency" />
814                                         <enum name="Unit" />
815                                 </enumlist>
816                         </parameter>
817                         <parameter name="UnitAmount(0)">
818                                 <para>This represents the amount of units charged. The ETSI AOC standard specifies that
819                                 this value along with the optional UnitType value are entries in a list.  To accommodate this
820                                 these values take an index value starting at 0 which can be used to generate this list of
821                                 unit entries.  For Example, If two unit entires were required this could be achieved by setting the
822                                 paramter UnitAmount(0)=1234 and UnitAmount(1)=5678.  Note that UnitAmount at index 0 is
823                                 required when ChargeType=Unit, all other entries in the list are optional.
824                                 </para>
825                         </parameter>
826                         <parameter name="UnitType(0)">
827                                 <para>Defines the type of unit.  ETSI AOC standard specifies this as an integer
828                                 value between 1 and 16, but this value is left open to accept any positive
829                                 integer.  Like the UnitAmount parameter, this value represents a list entry
830                                 and has an index parameter that starts at 0.
831                                 </para>
832                         </parameter>
833                         <parameter name="CurrencyName">
834                                 <para>Specifies the currency's name.  Note that this value is truncated after 10 characters.</para>
835                         </parameter>
836                         <parameter name="CurrencyAmount">
837                                 <para>Specifies the charge unit amount as a positive integer.  This value is required
838                                 when ChargeType==Currency.</para>
839                         </parameter>
840                         <parameter name="CurrencyMultiplier">
841                                 <para>Specifies the currency multiplier.  This value is required when ChargeType==Currency.</para>
842                                 <enumlist>
843                                         <enum name="OneThousandth" />
844                                         <enum name="OneHundredth" />
845                                         <enum name="OneTenth" />
846                                         <enum name="One" />
847                                         <enum name="Ten" />
848                                         <enum name="Hundred" />
849                                         <enum name="Thousand" />
850                                 </enumlist>
851                         </parameter>
852                         <parameter name="TotalType" default="Total">
853                                 <para>Defines what kind of AOC-D total is represented.</para>
854                                 <enumlist>
855                                         <enum name="Total" />
856                                         <enum name="SubTotal" />
857                                 </enumlist>
858                         </parameter>
859                         <parameter name="AOCBillingId">
860                                 <para>Represents a billing ID associated with an AOC-D or AOC-E message. Note
861                                 that only the first 3 items of the enum are valid AOC-D billing IDs</para>
862                                 <enumlist>
863                                         <enum name="Normal" />
864                                         <enum name="ReverseCharge" />
865                                         <enum name="CreditCard" />
866                                         <enum name="CallFwdUnconditional" />
867                                         <enum name="CallFwdBusy" />
868                                         <enum name="CallFwdNoReply" />
869                                         <enum name="CallDeflection" />
870                                         <enum name="CallTransfer" />
871                                 </enumlist>
872                         </parameter>
873                         <parameter name="ChargingAssociationId">
874                                 <para>Charging association identifier.  This is optional for AOC-E and can be
875                                 set to any value between -32768 and 32767</para>
876                         </parameter>
877                         <parameter name="ChargingAssociationNumber">
878                                 <para>Represents the charging association party number.  This value is optional
879                                 for AOC-E.</para>
880                         </parameter>
881                         <parameter name="ChargingAssociationPlan">
882                                 <para>Integer representing the charging plan associated with the ChargingAssociationNumber.
883                                 The value is bits 7 through 1 of the Q.931 octet containing the type-of-number and
884                                 numbering-plan-identification fields.</para>
885                         </parameter>
886                 </syntax>
887                 <description>
888                         <para>Generates an AOC-D or AOC-E message on a channel.</para>
889                 </description>
890         </manager>
891         <function name="AMI_CLIENT" language="en_US">
892                 <synopsis>
893                         Checks attributes of manager accounts
894                 </synopsis>
895                 <syntax>
896                         <parameter name="loginname" required="true">
897                                 <para>Login name, specified in manager.conf</para>
898                         </parameter>
899                         <parameter name="field" required="true">
900                                 <para>The manager account attribute to return</para>
901                                 <enumlist>
902                                         <enum name="sessions"><para>The number of sessions for this AMI account</para></enum>
903                                 </enumlist>
904                         </parameter>
905                 </syntax>
906                 <description>
907                         <para>
908                                 Currently, the only supported  parameter is "sessions" which will return the current number of
909                                 active sessions for this AMI account.
910                         </para>
911                 </description>
912         </function>
913         <manager name="Filter" language="en_US">
914                 <synopsis>
915                         Dynamically add filters for the current manager session.
916                 </synopsis>
917                 <syntax>
918                         <xi:include xpointer="xpointer(/docs/manager[@name='Login']/syntax/parameter[@name='ActionID'])" />
919                         <parameter name="Operation">
920                                 <enumlist>
921                                         <enum name="Add">
922                                                 <para>Add a filter.</para>
923                                         </enum>
924                                 </enumlist>
925                         </parameter>
926                         <parameter name="Filter">
927                                 <para>Filters can be whitelist or blacklist</para>
928                                 <para>Example whitelist filter: "Event: Newchannel"</para>
929                                 <para>Example blacklist filter: "!Channel: DAHDI.*"</para>
930                                 <para>This filter option is used to whitelist or blacklist events per user to be
931                                 reported with regular expressions and are allowed if both the regex matches
932                                 and the user has read access as defined in manager.conf. Filters are assumed to be for whitelisting
933                                 unless preceeded by an exclamation point, which marks it as being black.
934                                 Evaluation of the filters is as follows:</para>
935                                 <para>- If no filters are configured all events are reported as normal.</para>
936                                 <para>- If there are white filters only: implied black all filter processed first, then white filters.</para>
937                                 <para>- If there are black filters only: implied white all filter processed first, then black filters.</para>
938                                 <para>- If there are both white and black filters: implied black all filter processed first, then white
939                                 filters, and lastly black filters.</para>
940                         </parameter>
941                 </syntax>
942                 <description>
943                         <para>The filters added are only used for the current session.
944                         Once the connection is closed the filters are removed.</para>
945                         <para>This comand requires the system permission because
946                         this command can be used to create filters that may bypass
947                         filters defined in manager.conf</para>
948                 </description>
949         </manager>
950         <manager name="FilterList" language="en_US">
951                 <synopsis>
952                         Show current event filters for this session
953                 </synopsis>
954                 <description>
955                         <para>The filters displayed are for the current session.  Only those filters defined in
956                         manager.conf will be present upon starting a new session.</para>
957                 </description>
958         </manager>
959  ***/
960
961 enum error_type {
962         UNKNOWN_ACTION = 1,
963         UNKNOWN_CATEGORY,
964         UNSPECIFIED_CATEGORY,
965         UNSPECIFIED_ARGUMENT,
966         FAILURE_ALLOCATION,
967         FAILURE_NEWCAT,
968         FAILURE_DELCAT,
969         FAILURE_EMPTYCAT,
970         FAILURE_UPDATE,
971         FAILURE_DELETE,
972         FAILURE_APPEND
973 };
974
975 enum add_filter_result {
976         FILTER_SUCCESS,
977         FILTER_ALLOC_FAILED,
978         FILTER_COMPILE_FAIL,
979 };
980
981 /*!
982  * Linked list of events.
983  * Global events are appended to the list by append_event().
984  * The usecount is the number of stored pointers to the element,
985  * excluding the list pointers. So an element that is only in
986  * the list has a usecount of 0, not 1.
987  *
988  * Clients have a pointer to the last event processed, and for each
989  * of these clients we track the usecount of the elements.
990  * If we have a pointer to an entry in the list, it is safe to navigate
991  * it forward because elements will not be deleted, but only appended.
992  * The worst that can happen is seeing the pointer still NULL.
993  *
994  * When the usecount of an element drops to 0, and the element is the
995  * first in the list, we can remove it. Removal is done within the
996  * main thread, which is woken up for the purpose.
997  *
998  * For simplicity of implementation, we make sure the list is never empty.
999  */
1000 struct eventqent {
1001         int usecount;           /*!< # of clients who still need the event */
1002         int category;
1003         unsigned int seq;       /*!< sequence number */
1004         struct timeval tv;  /*!< When event was allocated */
1005         AST_RWLIST_ENTRY(eventqent) eq_next;
1006         char eventdata[1];      /*!< really variable size, allocated by append_event() */
1007 };
1008
1009 static AST_RWLIST_HEAD_STATIC(all_events, eventqent);
1010
1011 static int displayconnects = 1;
1012 static int allowmultiplelogin = 1;
1013 static int timestampevents;
1014 static int httptimeout = 60;
1015 static int broken_events_action = 0;
1016 static int manager_enabled = 0;
1017 static int webmanager_enabled = 0;
1018 static int manager_debug = 0;   /*!< enable some debugging code in the manager */
1019 static int authtimeout;
1020 static int authlimit;
1021 static char *manager_channelvars;
1022
1023 #define DEFAULT_REALM           "asterisk"
1024 static char global_realm[MAXHOSTNAMELEN];       /*!< Default realm */
1025
1026 static int block_sockets;
1027 static int unauth_sessions = 0;
1028 static struct ast_event_sub *acl_change_event_subscription;
1029
1030 /*! \brief
1031  * Descriptor for a manager session, either on the AMI socket or over HTTP.
1032  *
1033  * \note
1034  * AMI session have managerid == 0; the entry is created upon a connect,
1035  * and destroyed with the socket.
1036  * HTTP sessions have managerid != 0, the value is used as a search key
1037  * to lookup sessions (using the mansession_id cookie, or nonce key from
1038  * Digest Authentication http header).
1039  */
1040 #define MAX_BLACKLIST_CMD_LEN 2
1041 static const struct {
1042         const char *words[AST_MAX_CMD_LEN];
1043 } command_blacklist[] = {
1044         {{ "module", "load", NULL }},
1045         {{ "module", "unload", NULL }},
1046         {{ "restart", "gracefully", NULL }},
1047 };
1048
1049 static void acl_change_event_cb(const struct ast_event *event, void *userdata);
1050
1051 static void acl_change_event_subscribe(void)
1052 {
1053         if (!acl_change_event_subscription) {
1054                 acl_change_event_subscription = ast_event_subscribe(AST_EVENT_ACL_CHANGE,
1055                         acl_change_event_cb, "Manager must react to Named ACL changes", NULL, AST_EVENT_IE_END);
1056         }
1057 }
1058
1059 static void acl_change_event_unsubscribe(void)
1060 {
1061         if (acl_change_event_subscription) {
1062                 acl_change_event_subscription = ast_event_unsubscribe(acl_change_event_subscription);
1063         }
1064 }
1065
1066 /* In order to understand what the heck is going on with the
1067  * mansession_session and mansession structs, we need to have a bit of a history
1068  * lesson.
1069  *
1070  * In the beginning, there was the mansession. The mansession contained data that was
1071  * intrinsic to a manager session, such as the time that it started, the name of the logged-in
1072  * user, etc. In addition to these parameters were the f and fd parameters. For typical manager
1073  * sessions, these were used to represent the TCP socket over which the AMI session was taking
1074  * place. It makes perfect sense for these fields to be a part of the session-specific data since
1075  * the session actually defines this information.
1076  *
1077  * Then came the HTTP AMI sessions. With these, the f and fd fields need to be opened and closed
1078  * for every single action that occurs. Thus the f and fd fields aren't really specific to the session
1079  * but rather to the action that is being executed. Because a single session may execute many commands
1080  * at once, some sort of safety needed to be added in order to be sure that we did not end up with fd
1081  * leaks from one action overwriting the f and fd fields used by a previous action before the previous action
1082  * has had a chance to properly close its handles.
1083  *
1084  * The initial idea to solve this was to use thread synchronization, but this prevented multiple actions
1085  * from being run at the same time in a single session. Some manager actions may block for a long time, thus
1086  * creating a large queue of actions to execute. In addition, this fix did not address the basic architectural
1087  * issue that for HTTP manager sessions, the f and fd variables are not really a part of the session, but are
1088  * part of the action instead.
1089  *
1090  * The new idea was to create a structure on the stack for each HTTP Manager action. This structure would
1091  * contain the action-specific information, such as which file to write to. In order to maintain expectations
1092  * of action handlers and not have to change the public API of the manager code, we would need to name this
1093  * new stacked structure 'mansession' and contain within it the old mansession struct that we used to use.
1094  * We renamed the old mansession struct 'mansession_session' to hopefully convey that what is in this structure
1095  * is session-specific data. The structure that it is wrapped in, called a 'mansession' really contains action-specific
1096  * data.
1097  */
1098 struct mansession_session {
1099                                 /*! \todo XXX need to document which fields it is protecting */
1100         struct ast_sockaddr addr;       /*!< address we are connecting from */
1101         FILE *f;                /*!< fdopen() on the underlying fd */
1102         int fd;                 /*!< descriptor used for output. Either the socket (AMI) or a temporary file (HTTP) */
1103         int inuse;              /*!< number of HTTP sessions using this entry */
1104         int needdestroy;        /*!< Whether an HTTP session should be destroyed */
1105         pthread_t waiting_thread;       /*!< Sleeping thread using this descriptor */
1106         uint32_t managerid;     /*!< Unique manager identifier, 0 for AMI sessions */
1107         time_t sessionstart;    /*!< Session start time */
1108         struct timeval sessionstart_tv; /*!< Session start time */
1109         time_t sessiontimeout;  /*!< Session timeout if HTTP */
1110         char username[80];      /*!< Logged in username */
1111         char challenge[10];     /*!< Authentication challenge */
1112         int authenticated;      /*!< Authentication status */
1113         int readperm;           /*!< Authorization for reading */
1114         int writeperm;          /*!< Authorization for writing */
1115         char inbuf[1025];       /*!< Buffer -  we use the extra byte to add a '\\0' and simplify parsing */
1116         int inlen;              /*!< number of buffered bytes */
1117         struct ao2_container *whitefilters;     /*!< Manager event filters - white list */
1118         struct ao2_container *blackfilters;     /*!< Manager event filters - black list */
1119         struct ast_variable *chanvars;  /*!< Channel variables to set for originate */
1120         int send_events;        /*!<  XXX what ? */
1121         struct eventqent *last_ev;      /*!< last event processed. */
1122         int writetimeout;       /*!< Timeout for ast_carefulwrite() */
1123         time_t authstart;
1124         int pending_event;         /*!< Pending events indicator in case when waiting_thread is NULL */
1125         time_t noncetime;       /*!< Timer for nonce value expiration */
1126         unsigned long oldnonce; /*!< Stale nonce value */
1127         unsigned long nc;       /*!< incremental  nonce counter */
1128         AST_LIST_HEAD_NOLOCK(mansession_datastores, ast_datastore) datastores; /*!< Data stores on the session */
1129         AST_LIST_ENTRY(mansession_session) list;
1130 };
1131
1132 enum mansession_message_parsing {
1133         MESSAGE_OKAY,
1134         MESSAGE_LINE_TOO_LONG
1135 };
1136
1137 /*! \brief In case you didn't read that giant block of text above the mansession_session struct, the
1138  * \ref struct mansession is named this solely to keep the API the same in Asterisk. This structure really
1139  * represents data that is different from Manager action to Manager action. The mansession_session pointer
1140  * contained within points to session-specific data.
1141  */
1142 struct mansession {
1143         struct mansession_session *session;
1144         struct ast_tcptls_session_instance *tcptls_session;
1145         FILE *f;
1146         int fd;
1147         enum mansession_message_parsing parsing;
1148         int write_error:1;
1149         struct manager_custom_hook *hook;
1150         ast_mutex_t lock;
1151 };
1152
1153 static struct ao2_container *sessions = NULL;
1154
1155 struct manager_channel_variable {
1156         AST_LIST_ENTRY(manager_channel_variable) entry;
1157         unsigned int isfunc:1;
1158         char name[0]; /* allocate off the end the real size. */
1159 };
1160
1161 static AST_RWLIST_HEAD_STATIC(channelvars, manager_channel_variable);
1162
1163 /*! \brief user descriptor, as read from the config file.
1164  *
1165  * \note It is still missing some fields -- e.g. we can have multiple permit and deny
1166  * lines which are not supported here, and readperm/writeperm/writetimeout
1167  * are not stored.
1168  */
1169 struct ast_manager_user {
1170         char username[80];
1171         char *secret;                   /*!< Secret for logging in */
1172         int readperm;                   /*!< Authorization for reading */
1173         int writeperm;                  /*!< Authorization for writing */
1174         int writetimeout;               /*!< Per user Timeout for ast_carefulwrite() */
1175         int displayconnects;            /*!< XXX unused */
1176         int keep;                       /*!< mark entries created on a reload */
1177         struct ao2_container *whitefilters; /*!< Manager event filters - white list */
1178         struct ao2_container *blackfilters; /*!< Manager event filters - black list */
1179         struct ast_acl_list *acl;       /*!< ACL setting */
1180         char *a1_hash;                  /*!< precalculated A1 for Digest auth */
1181         struct ast_variable *chanvars;  /*!< Channel variables to set for originate */
1182         AST_RWLIST_ENTRY(ast_manager_user) list;
1183 };
1184
1185 /*! \brief list of users found in the config file */
1186 static AST_RWLIST_HEAD_STATIC(users, ast_manager_user);
1187
1188 /*! \brief list of actions registered */
1189 static AST_RWLIST_HEAD_STATIC(actions, manager_action);
1190
1191 /*! \brief list of hooks registered */
1192 static AST_RWLIST_HEAD_STATIC(manager_hooks, manager_custom_hook);
1193
1194 /*! \brief A container of event documentation nodes */
1195 AO2_GLOBAL_OBJ_STATIC(event_docs);
1196
1197 static void free_channelvars(void);
1198
1199 static enum add_filter_result manager_add_filter(const char *filter_pattern, struct ao2_container *whitefilters, struct ao2_container *blackfilters);
1200
1201 /*!
1202  * \internal
1203  * \brief Find a registered action object.
1204  *
1205  * \param name Name of AMI action to find.
1206  *
1207  * \return Reffed action found or NULL
1208  */
1209 static struct manager_action *action_find(const char *name)
1210 {
1211         struct manager_action *act;
1212
1213         AST_RWLIST_RDLOCK(&actions);
1214         AST_RWLIST_TRAVERSE(&actions, act, list) {
1215                 if (!strcasecmp(name, act->action)) {
1216                         ao2_t_ref(act, +1, "found action object");
1217                         break;
1218                 }
1219         }
1220         AST_RWLIST_UNLOCK(&actions);
1221
1222         return act;
1223 }
1224
1225 /*! \brief Add a custom hook to be called when an event is fired */
1226 void ast_manager_register_hook(struct manager_custom_hook *hook)
1227 {
1228         AST_RWLIST_WRLOCK(&manager_hooks);
1229         AST_RWLIST_INSERT_TAIL(&manager_hooks, hook, list);
1230         AST_RWLIST_UNLOCK(&manager_hooks);
1231 }
1232
1233 /*! \brief Delete a custom hook to be called when an event is fired */
1234 void ast_manager_unregister_hook(struct manager_custom_hook *hook)
1235 {
1236         AST_RWLIST_WRLOCK(&manager_hooks);
1237         AST_RWLIST_REMOVE(&manager_hooks, hook, list);
1238         AST_RWLIST_UNLOCK(&manager_hooks);
1239 }
1240
1241 int check_manager_enabled(void)
1242 {
1243         return manager_enabled;
1244 }
1245
1246 int check_webmanager_enabled(void)
1247 {
1248         return (webmanager_enabled && manager_enabled);
1249 }
1250
1251 /*!
1252  * Grab a reference to the last event, update usecount as needed.
1253  * Can handle a NULL pointer.
1254  */
1255 static struct eventqent *grab_last(void)
1256 {
1257         struct eventqent *ret;
1258
1259         AST_RWLIST_WRLOCK(&all_events);
1260         ret = AST_RWLIST_LAST(&all_events);
1261         /* the list is never empty now, but may become so when
1262          * we optimize it in the future, so be prepared.
1263          */
1264         if (ret) {
1265                 ast_atomic_fetchadd_int(&ret->usecount, 1);
1266         }
1267         AST_RWLIST_UNLOCK(&all_events);
1268         return ret;
1269 }
1270
1271 /*!
1272  * Purge unused events. Remove elements from the head
1273  * as long as their usecount is 0 and there is a next element.
1274  */
1275 static void purge_events(void)
1276 {
1277         struct eventqent *ev;
1278         struct timeval now = ast_tvnow();
1279
1280         AST_RWLIST_WRLOCK(&all_events);
1281         while ( (ev = AST_RWLIST_FIRST(&all_events)) &&
1282             ev->usecount == 0 && AST_RWLIST_NEXT(ev, eq_next)) {
1283                 AST_RWLIST_REMOVE_HEAD(&all_events, eq_next);
1284                 ast_free(ev);
1285         }
1286
1287         AST_RWLIST_TRAVERSE_SAFE_BEGIN(&all_events, ev, eq_next) {
1288                 /* Never release the last event */
1289                 if (!AST_RWLIST_NEXT(ev, eq_next)) {
1290                         break;
1291                 }
1292
1293                 /* 2.5 times whatever the HTTP timeout is (maximum 2.5 hours) is the maximum time that we will definitely cache an event */
1294                 if (ev->usecount == 0 && ast_tvdiff_sec(now, ev->tv) > (httptimeout > 3600 ? 3600 : httptimeout) * 2.5) {
1295                         AST_RWLIST_REMOVE_CURRENT(eq_next);
1296                         ast_free(ev);
1297                 }
1298         }
1299         AST_RWLIST_TRAVERSE_SAFE_END;
1300         AST_RWLIST_UNLOCK(&all_events);
1301 }
1302
1303 /*!
1304  * helper functions to convert back and forth between
1305  * string and numeric representation of set of flags
1306  */
1307 static const struct permalias {
1308         int num;
1309         const char *label;
1310 } perms[] = {
1311         { EVENT_FLAG_SYSTEM, "system" },
1312         { EVENT_FLAG_CALL, "call" },
1313         { EVENT_FLAG_LOG, "log" },
1314         { EVENT_FLAG_VERBOSE, "verbose" },
1315         { EVENT_FLAG_COMMAND, "command" },
1316         { EVENT_FLAG_AGENT, "agent" },
1317         { EVENT_FLAG_USER, "user" },
1318         { EVENT_FLAG_CONFIG, "config" },
1319         { EVENT_FLAG_DTMF, "dtmf" },
1320         { EVENT_FLAG_REPORTING, "reporting" },
1321         { EVENT_FLAG_CDR, "cdr" },
1322         { EVENT_FLAG_DIALPLAN, "dialplan" },
1323         { EVENT_FLAG_ORIGINATE, "originate" },
1324         { EVENT_FLAG_AGI, "agi" },
1325         { EVENT_FLAG_CC, "cc" },
1326         { EVENT_FLAG_AOC, "aoc" },
1327         { EVENT_FLAG_TEST, "test" },
1328         { EVENT_FLAG_MESSAGE, "message" },
1329         { INT_MAX, "all" },
1330         { 0, "none" },
1331 };
1332
1333 /*! \brief Checks to see if a string which can be used to evaluate functions should be rejected */
1334 static int function_capable_string_allowed_with_auths(const char *evaluating, int writepermlist)
1335 {
1336         if (!(writepermlist & EVENT_FLAG_SYSTEM)
1337                 && (
1338                         strstr(evaluating, "SHELL") ||       /* NoOp(${SHELL(rm -rf /)})  */
1339                         strstr(evaluating, "EVAL")           /* NoOp(${EVAL(${some_var_containing_SHELL})}) */
1340                 )) {
1341                 return 0;
1342         }
1343         return 1;
1344 }
1345
1346 /*! \brief Convert authority code to a list of options */
1347 static const char *authority_to_str(int authority, struct ast_str **res)
1348 {
1349         int i;
1350         char *sep = "";
1351
1352         ast_str_reset(*res);
1353         for (i = 0; i < ARRAY_LEN(perms) - 1; i++) {
1354                 if (authority & perms[i].num) {
1355                         ast_str_append(res, 0, "%s%s", sep, perms[i].label);
1356                         sep = ",";
1357                 }
1358         }
1359
1360         if (ast_str_strlen(*res) == 0)  /* replace empty string with something sensible */
1361                 ast_str_append(res, 0, "<none>");
1362
1363         return ast_str_buffer(*res);
1364 }
1365
1366 /*! Tells you if smallstr exists inside bigstr
1367    which is delim by delim and uses no buf or stringsep
1368    ast_instring("this|that|more","this",'|') == 1;
1369
1370    feel free to move this to app.c -anthm */
1371 static int ast_instring(const char *bigstr, const char *smallstr, const char delim)
1372 {
1373         const char *val = bigstr, *next;
1374
1375         do {
1376                 if ((next = strchr(val, delim))) {
1377                         if (!strncmp(val, smallstr, (next - val))) {
1378                                 return 1;
1379                         } else {
1380                                 continue;
1381                         }
1382                 } else {
1383                         return !strcmp(smallstr, val);
1384                 }
1385         } while (*(val = (next + 1)));
1386
1387         return 0;
1388 }
1389
1390 static int get_perm(const char *instr)
1391 {
1392         int x = 0, ret = 0;
1393
1394         if (!instr) {
1395                 return 0;
1396         }
1397
1398         for (x = 0; x < ARRAY_LEN(perms); x++) {
1399                 if (ast_instring(instr, perms[x].label, ',')) {
1400                         ret |= perms[x].num;
1401                 }
1402         }
1403
1404         return ret;
1405 }
1406
1407 /*!
1408  * A number returns itself, false returns 0, true returns all flags,
1409  * other strings return the flags that are set.
1410  */
1411 static int strings_to_mask(const char *string)
1412 {
1413         const char *p;
1414
1415         if (ast_strlen_zero(string)) {
1416                 return -1;
1417         }
1418
1419         for (p = string; *p; p++) {
1420                 if (*p < '0' || *p > '9') {
1421                         break;
1422                 }
1423         }
1424         if (!*p) { /* all digits */
1425                 return atoi(string);
1426         }
1427         if (ast_false(string)) {
1428                 return 0;
1429         }
1430         if (ast_true(string)) { /* all permissions */
1431                 int x, ret = 0;
1432                 for (x = 0; x < ARRAY_LEN(perms); x++) {
1433                         ret |= perms[x].num;
1434                 }
1435                 return ret;
1436         }
1437         return get_perm(string);
1438 }
1439
1440 /*! \brief Unreference manager session object.
1441      If no more references, then go ahead and delete it */
1442 static struct mansession_session *unref_mansession(struct mansession_session *s)
1443 {
1444         int refcount = ao2_ref(s, -1);
1445         if (manager_debug) {
1446                 ast_debug(1, "Mansession: %p refcount now %d\n", s, refcount - 1);
1447         }
1448         return s;
1449 }
1450
1451 static void event_filter_destructor(void *obj)
1452 {
1453         regex_t *regex_filter = obj;
1454         regfree(regex_filter);
1455 }
1456
1457 static void session_destructor(void *obj)
1458 {
1459         struct mansession_session *session = obj;
1460         struct eventqent *eqe = session->last_ev;
1461         struct ast_datastore *datastore;
1462
1463         /* Get rid of each of the data stores on the session */
1464         while ((datastore = AST_LIST_REMOVE_HEAD(&session->datastores, entry))) {
1465                 /* Free the data store */
1466                 ast_datastore_free(datastore);
1467         }
1468
1469         if (session->f != NULL) {
1470                 fclose(session->f);
1471         }
1472         if (eqe) {
1473                 ast_atomic_fetchadd_int(&eqe->usecount, -1);
1474         }
1475         if (session->chanvars) {
1476                 ast_variables_destroy(session->chanvars);
1477         }
1478
1479         if (session->whitefilters) {
1480                 ao2_t_callback(session->whitefilters, OBJ_UNLINK | OBJ_NODATA | OBJ_MULTIPLE, NULL, NULL, "unlink all white filters");
1481                 ao2_t_ref(session->whitefilters, -1 , "decrement ref for white container, should be last one");
1482         }
1483
1484         if (session->blackfilters) {
1485                 ao2_t_callback(session->blackfilters, OBJ_UNLINK | OBJ_NODATA | OBJ_MULTIPLE, NULL, NULL, "unlink all black filters");
1486                 ao2_t_ref(session->blackfilters, -1 , "decrement ref for black container, should be last one");
1487         }
1488 }
1489
1490 /*! \brief Allocate manager session structure and add it to the list of sessions */
1491 static struct mansession_session *build_mansession(const struct ast_sockaddr *addr)
1492 {
1493         struct mansession_session *newsession;
1494
1495         if (!(newsession = ao2_alloc(sizeof(*newsession), session_destructor))) {
1496                 return NULL;
1497         }
1498
1499         if (!(newsession->whitefilters = ao2_container_alloc(1, NULL, NULL))) {
1500                 ao2_ref(newsession, -1);
1501                 return NULL;
1502         }
1503
1504         if (!(newsession->blackfilters = ao2_container_alloc(1, NULL, NULL))) {
1505                 ao2_ref(newsession, -1); /* session_destructor will cleanup the other filter */
1506                 return NULL;
1507         }
1508
1509         newsession->fd = -1;
1510         newsession->waiting_thread = AST_PTHREADT_NULL;
1511         newsession->writetimeout = 100;
1512         newsession->send_events = -1;
1513         ast_sockaddr_copy(&newsession->addr, addr);
1514
1515         ao2_link(sessions, newsession);
1516
1517         return newsession;
1518 }
1519
1520 static int mansession_cmp_fn(void *obj, void *arg, int flags)
1521 {
1522         struct mansession_session *s = obj;
1523         char *str = arg;
1524         return !strcasecmp(s->username, str) ? CMP_MATCH : 0;
1525 }
1526
1527 static void session_destroy(struct mansession_session *s)
1528 {
1529         unref_mansession(s);
1530         ao2_unlink(sessions, s);
1531 }
1532
1533
1534 static int check_manager_session_inuse(const char *name)
1535 {
1536         struct mansession_session *session = ao2_find(sessions, (char *) name, 0);
1537         int inuse = 0;
1538
1539         if (session) {
1540                 inuse = 1;
1541                 unref_mansession(session);
1542         }
1543         return inuse;
1544 }
1545
1546
1547 /*!
1548  * lookup an entry in the list of registered users.
1549  * must be called with the list lock held.
1550  */
1551 static struct ast_manager_user *get_manager_by_name_locked(const char *name)
1552 {
1553         struct ast_manager_user *user = NULL;
1554
1555         AST_RWLIST_TRAVERSE(&users, user, list) {
1556                 if (!strcasecmp(user->username, name)) {
1557                         break;
1558                 }
1559         }
1560
1561         return user;
1562 }
1563
1564 /*! \brief Get displayconnects config option.
1565  *  \param session manager session to get parameter from.
1566  *  \return displayconnects config option value.
1567  */
1568 static int manager_displayconnects (struct mansession_session *session)
1569 {
1570         struct ast_manager_user *user = NULL;
1571         int ret = 0;
1572
1573         AST_RWLIST_RDLOCK(&users);
1574         if ((user = get_manager_by_name_locked (session->username))) {
1575                 ret = user->displayconnects;
1576         }
1577         AST_RWLIST_UNLOCK(&users);
1578
1579         return ret;
1580 }
1581
1582 static char *handle_showmancmd(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
1583 {
1584         struct manager_action *cur;
1585         struct ast_str *authority;
1586         int num, l, which;
1587         char *ret = NULL;
1588 #ifdef AST_XML_DOCS
1589         char syntax_title[64], description_title[64], synopsis_title[64], seealso_title[64], arguments_title[64];
1590 #endif
1591
1592         switch (cmd) {
1593         case CLI_INIT:
1594                 e->command = "manager show command";
1595                 e->usage =
1596                         "Usage: manager show command <actionname> [<actionname> [<actionname> [...]]]\n"
1597                         "       Shows the detailed description for a specific Asterisk manager interface command.\n";
1598                 return NULL;
1599         case CLI_GENERATE:
1600                 l = strlen(a->word);
1601                 which = 0;
1602                 AST_RWLIST_RDLOCK(&actions);
1603                 AST_RWLIST_TRAVERSE(&actions, cur, list) {
1604                         if (!strncasecmp(a->word, cur->action, l) && ++which > a->n) {
1605                                 ret = ast_strdup(cur->action);
1606                                 break;  /* make sure we exit even if ast_strdup() returns NULL */
1607                         }
1608                 }
1609                 AST_RWLIST_UNLOCK(&actions);
1610                 return ret;
1611         }
1612         authority = ast_str_alloca(80);
1613         if (a->argc < 4) {
1614                 return CLI_SHOWUSAGE;
1615         }
1616
1617 #ifdef AST_XML_DOCS
1618         /* setup the titles */
1619         term_color(synopsis_title, "[Synopsis]\n", COLOR_MAGENTA, 0, 40);
1620         term_color(description_title, "[Description]\n", COLOR_MAGENTA, 0, 40);
1621         term_color(syntax_title, "[Syntax]\n", COLOR_MAGENTA, 0, 40);
1622         term_color(seealso_title, "[See Also]\n", COLOR_MAGENTA, 0, 40);
1623         term_color(arguments_title, "[Arguments]\n", COLOR_MAGENTA, 0, 40);
1624 #endif
1625
1626         AST_RWLIST_RDLOCK(&actions);
1627         AST_RWLIST_TRAVERSE(&actions, cur, list) {
1628                 for (num = 3; num < a->argc; num++) {
1629                         if (!strcasecmp(cur->action, a->argv[num])) {
1630 #ifdef AST_XML_DOCS
1631                                 if (cur->docsrc == AST_XML_DOC) {
1632                                         ast_cli(a->fd, "%s%s\n\n%s%s\n\n%s%s\n\n%s%s\n\n%s%s\n\n",
1633                                                 syntax_title,
1634                                                 ast_xmldoc_printable(S_OR(cur->syntax, "Not available"), 1),
1635                                                 synopsis_title,
1636                                                 ast_xmldoc_printable(S_OR(cur->synopsis, "Not available"), 1),
1637                                                 description_title,
1638                                                 ast_xmldoc_printable(S_OR(cur->description, "Not available"), 1),
1639                                                 arguments_title,
1640                                                 ast_xmldoc_printable(S_OR(cur->arguments, "Not available"), 1),
1641                                                 seealso_title,
1642                                                 ast_xmldoc_printable(S_OR(cur->seealso, "Not available"), 1));
1643                                 } else
1644 #endif
1645                                 {
1646                                         ast_cli(a->fd, "Action: %s\nSynopsis: %s\nPrivilege: %s\n%s\n",
1647                                                 cur->action, cur->synopsis,
1648                                                 authority_to_str(cur->authority, &authority),
1649                                                 S_OR(cur->description, ""));
1650                                 }
1651                         }
1652                 }
1653         }
1654         AST_RWLIST_UNLOCK(&actions);
1655
1656         return CLI_SUCCESS;
1657 }
1658
1659 static char *handle_mandebug(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
1660 {
1661         switch (cmd) {
1662         case CLI_INIT:
1663                 e->command = "manager set debug [on|off]";
1664                 e->usage = "Usage: manager set debug [on|off]\n Show, enable, disable debugging of the manager code.\n";
1665                 return NULL;
1666         case CLI_GENERATE:
1667                 return NULL;
1668         }
1669
1670         if (a->argc == 3) {
1671                 ast_cli(a->fd, "manager debug is %s\n", manager_debug? "on" : "off");
1672         } else if (a->argc == 4) {
1673                 if (!strcasecmp(a->argv[3], "on")) {
1674                         manager_debug = 1;
1675                 } else if (!strcasecmp(a->argv[3], "off")) {
1676                         manager_debug = 0;
1677                 } else {
1678                         return CLI_SHOWUSAGE;
1679                 }
1680         }
1681         return CLI_SUCCESS;
1682 }
1683
1684 static char *handle_showmanager(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
1685 {
1686         struct ast_manager_user *user = NULL;
1687         int l, which;
1688         char *ret = NULL;
1689         struct ast_str *rauthority = ast_str_alloca(128);
1690         struct ast_str *wauthority = ast_str_alloca(128);
1691         struct ast_variable *v;
1692
1693         switch (cmd) {
1694         case CLI_INIT:
1695                 e->command = "manager show user";
1696                 e->usage =
1697                         " Usage: manager show user <user>\n"
1698                         "        Display all information related to the manager user specified.\n";
1699                 return NULL;
1700         case CLI_GENERATE:
1701                 l = strlen(a->word);
1702                 which = 0;
1703                 if (a->pos != 3) {
1704                         return NULL;
1705                 }
1706                 AST_RWLIST_RDLOCK(&users);
1707                 AST_RWLIST_TRAVERSE(&users, user, list) {
1708                         if ( !strncasecmp(a->word, user->username, l) && ++which > a->n ) {
1709                                 ret = ast_strdup(user->username);
1710                                 break;
1711                         }
1712                 }
1713                 AST_RWLIST_UNLOCK(&users);
1714                 return ret;
1715         }
1716
1717         if (a->argc != 4) {
1718                 return CLI_SHOWUSAGE;
1719         }
1720
1721         AST_RWLIST_RDLOCK(&users);
1722
1723         if (!(user = get_manager_by_name_locked(a->argv[3]))) {
1724                 ast_cli(a->fd, "There is no manager called %s\n", a->argv[3]);
1725                 AST_RWLIST_UNLOCK(&users);
1726                 return CLI_SUCCESS;
1727         }
1728
1729         ast_cli(a->fd, "\n");
1730         ast_cli(a->fd,
1731                 "       username: %s\n"
1732                 "         secret: %s\n"
1733                 "            ACL: %s\n"
1734                 "      read perm: %s\n"
1735                 "     write perm: %s\n"
1736                 "displayconnects: %s\n",
1737                 (user->username ? user->username : "(N/A)"),
1738                 (user->secret ? "<Set>" : "(N/A)"),
1739                 ((user->acl && !ast_acl_list_is_empty(user->acl)) ? "yes" : "no"),
1740                 authority_to_str(user->readperm, &rauthority),
1741                 authority_to_str(user->writeperm, &wauthority),
1742                 (user->displayconnects ? "yes" : "no"));
1743         ast_cli(a->fd, "      Variables: \n");
1744                 for (v = user->chanvars ; v ; v = v->next) {
1745                         ast_cli(a->fd, "                 %s = %s\n", v->name, v->value);
1746                 }
1747
1748         AST_RWLIST_UNLOCK(&users);
1749
1750         return CLI_SUCCESS;
1751 }
1752
1753 static char *handle_showmanagers(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
1754 {
1755         struct ast_manager_user *user = NULL;
1756         int count_amu = 0;
1757         switch (cmd) {
1758         case CLI_INIT:
1759                 e->command = "manager show users";
1760                 e->usage =
1761                         "Usage: manager show users\n"
1762                         "       Prints a listing of all managers that are currently configured on that\n"
1763                         " system.\n";
1764                 return NULL;
1765         case CLI_GENERATE:
1766                 return NULL;
1767         }
1768         if (a->argc != 3) {
1769                 return CLI_SHOWUSAGE;
1770         }
1771
1772         AST_RWLIST_RDLOCK(&users);
1773
1774         /* If there are no users, print out something along those lines */
1775         if (AST_RWLIST_EMPTY(&users)) {
1776                 ast_cli(a->fd, "There are no manager users.\n");
1777                 AST_RWLIST_UNLOCK(&users);
1778                 return CLI_SUCCESS;
1779         }
1780
1781         ast_cli(a->fd, "\nusername\n--------\n");
1782
1783         AST_RWLIST_TRAVERSE(&users, user, list) {
1784                 ast_cli(a->fd, "%s\n", user->username);
1785                 count_amu++;
1786         }
1787
1788         AST_RWLIST_UNLOCK(&users);
1789
1790         ast_cli(a->fd,"-------------------\n"
1791                       "%d manager users configured.\n", count_amu);
1792         return CLI_SUCCESS;
1793 }
1794
1795 /*! \brief  CLI command  manager list commands */
1796 static char *handle_showmancmds(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
1797 {
1798         struct manager_action *cur;
1799         struct ast_str *authority;
1800 #define HSMC_FORMAT "  %-15.15s  %-15.15s  %-55.55s\n"
1801         switch (cmd) {
1802         case CLI_INIT:
1803                 e->command = "manager show commands";
1804                 e->usage =
1805                         "Usage: manager show commands\n"
1806                         "       Prints a listing of all the available Asterisk manager interface commands.\n";
1807                 return NULL;
1808         case CLI_GENERATE:
1809                 return NULL;
1810         }
1811         authority = ast_str_alloca(80);
1812         ast_cli(a->fd, HSMC_FORMAT, "Action", "Privilege", "Synopsis");
1813         ast_cli(a->fd, HSMC_FORMAT, "------", "---------", "--------");
1814
1815         AST_RWLIST_RDLOCK(&actions);
1816         AST_RWLIST_TRAVERSE(&actions, cur, list) {
1817                 ast_cli(a->fd, HSMC_FORMAT, cur->action, authority_to_str(cur->authority, &authority), cur->synopsis);
1818         }
1819         AST_RWLIST_UNLOCK(&actions);
1820
1821         return CLI_SUCCESS;
1822 }
1823
1824 /*! \brief CLI command manager list connected */
1825 static char *handle_showmanconn(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
1826 {
1827         struct mansession_session *session;
1828         time_t now = time(NULL);
1829 #define HSMCONN_FORMAT1 "  %-15.15s  %-55.55s  %-10.10s  %-10.10s  %-8.8s  %-8.8s  %-5.5s  %-5.5s\n"
1830 #define HSMCONN_FORMAT2 "  %-15.15s  %-55.55s  %-10d  %-10d  %-8d  %-8d  %-5.5d  %-5.5d\n"
1831         int count = 0;
1832         struct ao2_iterator i;
1833
1834         switch (cmd) {
1835         case CLI_INIT:
1836                 e->command = "manager show connected";
1837                 e->usage =
1838                         "Usage: manager show connected\n"
1839                         "       Prints a listing of the users that are currently connected to the\n"
1840                         "Asterisk manager interface.\n";
1841                 return NULL;
1842         case CLI_GENERATE:
1843                 return NULL;
1844         }
1845
1846         ast_cli(a->fd, HSMCONN_FORMAT1, "Username", "IP Address", "Start", "Elapsed", "FileDes", "HttpCnt", "Read", "Write");
1847
1848         i = ao2_iterator_init(sessions, 0);
1849         while ((session = ao2_iterator_next(&i))) {
1850                 ao2_lock(session);
1851                 ast_cli(a->fd, HSMCONN_FORMAT2, session->username, ast_sockaddr_stringify_addr(&session->addr), (int)(session->sessionstart), (int)(now - session->sessionstart), session->fd, session->inuse, session->readperm, session->writeperm);
1852                 count++;
1853                 ao2_unlock(session);
1854                 unref_mansession(session);
1855         }
1856         ao2_iterator_destroy(&i);
1857         ast_cli(a->fd, "%d users connected.\n", count);
1858
1859         return CLI_SUCCESS;
1860 }
1861
1862 /*! \brief CLI command manager list eventq */
1863 /* Should change to "manager show connected" */
1864 static char *handle_showmaneventq(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
1865 {
1866         struct eventqent *s;
1867         switch (cmd) {
1868         case CLI_INIT:
1869                 e->command = "manager show eventq";
1870                 e->usage =
1871                         "Usage: manager show eventq\n"
1872                         "       Prints a listing of all events pending in the Asterisk manger\n"
1873                         "event queue.\n";
1874                 return NULL;
1875         case CLI_GENERATE:
1876                 return NULL;
1877         }
1878         AST_RWLIST_RDLOCK(&all_events);
1879         AST_RWLIST_TRAVERSE(&all_events, s, eq_next) {
1880                 ast_cli(a->fd, "Usecount: %d\n", s->usecount);
1881                 ast_cli(a->fd, "Category: %d\n", s->category);
1882                 ast_cli(a->fd, "Event:\n%s", s->eventdata);
1883         }
1884         AST_RWLIST_UNLOCK(&all_events);
1885
1886         return CLI_SUCCESS;
1887 }
1888
1889 /*! \brief CLI command manager reload */
1890 static char *handle_manager_reload(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
1891 {
1892         switch (cmd) {
1893         case CLI_INIT:
1894                 e->command = "manager reload";
1895                 e->usage =
1896                         "Usage: manager reload\n"
1897                         "       Reloads the manager configuration.\n";
1898                 return NULL;
1899         case CLI_GENERATE:
1900                 return NULL;
1901         }
1902         if (a->argc > 2) {
1903                 return CLI_SHOWUSAGE;
1904         }
1905         reload_manager();
1906         return CLI_SUCCESS;
1907 }
1908
1909 static struct eventqent *advance_event(struct eventqent *e)
1910 {
1911         struct eventqent *next;
1912
1913         AST_RWLIST_RDLOCK(&all_events);
1914         if ((next = AST_RWLIST_NEXT(e, eq_next))) {
1915                 ast_atomic_fetchadd_int(&next->usecount, 1);
1916                 ast_atomic_fetchadd_int(&e->usecount, -1);
1917         }
1918         AST_RWLIST_UNLOCK(&all_events);
1919         return next;
1920 }
1921
1922 #define GET_HEADER_FIRST_MATCH  0
1923 #define GET_HEADER_LAST_MATCH   1
1924 #define GET_HEADER_SKIP_EMPTY   2
1925
1926 /*!
1927  * \brief Return a matching header value.
1928  *
1929  * \details
1930  * Generic function to return either the first or the last
1931  * matching header from a list of variables, possibly skipping
1932  * empty strings.
1933  *
1934  * \note At the moment there is only one use of this function in
1935  * this file, so we make it static.
1936  *
1937  * \note Never returns NULL.
1938  */
1939 static const char *__astman_get_header(const struct message *m, char *var, int mode)
1940 {
1941         int x, l = strlen(var);
1942         const char *result = "";
1943
1944         if (!m) {
1945                 return result;
1946         }
1947
1948         for (x = 0; x < m->hdrcount; x++) {
1949                 const char *h = m->headers[x];
1950                 if (!strncasecmp(var, h, l) && h[l] == ':') {
1951                         const char *value = h + l + 1;
1952                         value = ast_skip_blanks(value); /* ignore leading spaces in the value */
1953                         /* found a potential candidate */
1954                         if ((mode & GET_HEADER_SKIP_EMPTY) && ast_strlen_zero(value)) {
1955                                 continue;       /* not interesting */
1956                         }
1957                         if (mode & GET_HEADER_LAST_MATCH) {
1958                                 result = value; /* record the last match so far */
1959                         } else {
1960                                 return value;
1961                         }
1962                 }
1963         }
1964
1965         return result;
1966 }
1967
1968 /*!
1969  * \brief Return the first matching variable from an array.
1970  *
1971  * \note This is the legacy function and is implemented in
1972  * therms of __astman_get_header().
1973  *
1974  * \note Never returns NULL.
1975  */
1976 const char *astman_get_header(const struct message *m, char *var)
1977 {
1978         return __astman_get_header(m, var, GET_HEADER_FIRST_MATCH);
1979 }
1980
1981 /*!
1982  * \internal
1983  * \brief Process one "Variable:" header value string.
1984  *
1985  * \param head Current list of AMI variables to get new values added.
1986  * \param hdr_val Header value string to process.
1987  *
1988  * \return New variable list head.
1989  */
1990 static struct ast_variable *man_do_variable_value(struct ast_variable *head, const char *hdr_val)
1991 {
1992         char *parse;
1993         AST_DECLARE_APP_ARGS(args,
1994                 AST_APP_ARG(vars)[64];
1995         );
1996
1997         hdr_val = ast_skip_blanks(hdr_val); /* ignore leading spaces in the value */
1998         parse = ast_strdupa(hdr_val);
1999
2000         /* Break the header value string into name=val pair items. */
2001         AST_STANDARD_APP_ARGS(args, parse);
2002         if (args.argc) {
2003                 int y;
2004
2005                 /* Process each name=val pair item. */
2006                 for (y = 0; y < args.argc; y++) {
2007                         struct ast_variable *cur;
2008                         char *var;
2009                         char *val;
2010
2011                         if (!args.vars[y]) {
2012                                 continue;
2013                         }
2014                         var = val = args.vars[y];
2015                         strsep(&val, "=");
2016
2017                         /* XXX We may wish to trim whitespace from the strings. */
2018                         if (!val || ast_strlen_zero(var)) {
2019                                 continue;
2020                         }
2021
2022                         /* Create new variable list node and prepend it to the list. */
2023                         cur = ast_variable_new(var, val, "");
2024                         if (cur) {
2025                                 cur->next = head;
2026                                 head = cur;
2027                         }
2028                 }
2029         }
2030
2031         return head;
2032 }
2033
2034 struct ast_variable *astman_get_variables(const struct message *m)
2035 {
2036         int varlen;
2037         int x;
2038         struct ast_variable *head = NULL;
2039
2040         static const char var_hdr[] = "Variable:";
2041
2042         /* Process all "Variable:" headers. */
2043         varlen = strlen(var_hdr);
2044         for (x = 0; x < m->hdrcount; x++) {
2045                 if (strncasecmp(var_hdr, m->headers[x], varlen)) {
2046                         continue;
2047                 }
2048                 head = man_do_variable_value(head, m->headers[x] + varlen);
2049         }
2050
2051         return head;
2052 }
2053
2054 /*! \brief access for hooks to send action messages to ami */
2055 int ast_hook_send_action(struct manager_custom_hook *hook, const char *msg)
2056 {
2057         const char *action;
2058         int ret = 0;
2059         struct manager_action *act_found;
2060         struct mansession s = {.session = NULL, };
2061         struct message m = { 0 };
2062         char *dup_str;
2063         char *src;
2064         int x = 0;
2065         int curlen;
2066
2067         if (hook == NULL) {
2068                 return -1;
2069         }
2070
2071         /* Create our own copy of the AMI action msg string. */
2072         src = dup_str = ast_strdup(msg);
2073         if (!dup_str) {
2074                 return -1;
2075         }
2076
2077         /* convert msg string to message struct */
2078         curlen = strlen(src);
2079         for (x = 0; x < curlen; x++) {
2080                 int cr; /* set if we have \r */
2081                 if (src[x] == '\r' && x+1 < curlen && src[x+1] == '\n')
2082                         cr = 2; /* Found. Update length to include \r\n */
2083                 else if (src[x] == '\n')
2084                         cr = 1; /* also accept \n only */
2085                 else
2086                         continue;
2087                 /* don't keep empty lines */
2088                 if (x && m.hdrcount < ARRAY_LEN(m.headers)) {
2089                         /* ... but trim \r\n and terminate the header string */
2090                         src[x] = '\0';
2091                         m.headers[m.hdrcount++] = src;
2092                 }
2093                 x += cr;
2094                 curlen -= x;            /* remaining size */
2095                 src += x;               /* update pointer */
2096                 x = -1;                 /* reset loop */
2097         }
2098
2099         action = astman_get_header(&m, "Action");
2100         if (strcasecmp(action, "login")) {
2101                 act_found = action_find(action);
2102                 if (act_found) {
2103                         /*
2104                          * we have to simulate a session for this action request
2105                          * to be able to pass it down for processing
2106                          * This is necessary to meet the previous design of manager.c
2107                          */
2108                         s.hook = hook;
2109                         s.f = (void*)1; /* set this to something so our request will make it through all functions that test it*/
2110
2111                         ao2_lock(act_found);
2112                         if (act_found->registered && act_found->func) {
2113                                 if (act_found->module) {
2114                                         ast_module_ref(act_found->module);
2115                                 }
2116                                 ao2_unlock(act_found);
2117                                 ret = act_found->func(&s, &m);
2118                                 ao2_lock(act_found);
2119                                 if (act_found->module) {
2120                                         ast_module_unref(act_found->module);
2121                                 }
2122                         } else {
2123                                 ret = -1;
2124                         }
2125                         ao2_unlock(act_found);
2126                         ao2_t_ref(act_found, -1, "done with found action object");
2127                 }
2128         }
2129         ast_free(dup_str);
2130         return ret;
2131 }
2132
2133
2134 /*!
2135  * helper function to send a string to the socket.
2136  * Return -1 on error (e.g. buffer full).
2137  */
2138 static int send_string(struct mansession *s, char *string)
2139 {
2140         int res;
2141         FILE *f = s->f ? s->f : s->session->f;
2142         int fd = s->f ? s->fd : s->session->fd;
2143
2144         /* It's a result from one of the hook's action invocation */
2145         if (s->hook) {
2146                 /*
2147                  * to send responses, we're using the same function
2148                  * as for receiving events. We call the event "HookResponse"
2149                  */
2150                 s->hook->helper(EVENT_FLAG_HOOKRESPONSE, "HookResponse", string);
2151                 return 0;
2152         }
2153
2154         if ((res = ast_careful_fwrite(f, fd, string, strlen(string), s->session->writetimeout))) {
2155                 s->write_error = 1;
2156         }
2157
2158         return res;
2159 }
2160
2161 /*!
2162  * \brief thread local buffer for astman_append
2163  *
2164  * \note This can not be defined within the astman_append() function
2165  *       because it declares a couple of functions that get used to
2166  *       initialize the thread local storage key.
2167  */
2168 AST_THREADSTORAGE(astman_append_buf);
2169
2170 AST_THREADSTORAGE(userevent_buf);
2171
2172 /*! \brief initial allocated size for the astman_append_buf and astman_send_*_va */
2173 #define ASTMAN_APPEND_BUF_INITSIZE   256
2174
2175 /*!
2176  * utility functions for creating AMI replies
2177  */
2178 void astman_append(struct mansession *s, const char *fmt, ...)
2179 {
2180         va_list ap;
2181         struct ast_str *buf;
2182
2183         if (!(buf = ast_str_thread_get(&astman_append_buf, ASTMAN_APPEND_BUF_INITSIZE))) {
2184                 return;
2185         }
2186
2187         va_start(ap, fmt);
2188         ast_str_set_va(&buf, 0, fmt, ap);
2189         va_end(ap);
2190
2191         if (s->f != NULL || s->session->f != NULL) {
2192                 send_string(s, ast_str_buffer(buf));
2193         } else {
2194                 ast_verbose("fd == -1 in astman_append, should not happen\n");
2195         }
2196 }
2197
2198 /*! \note NOTE: XXX this comment is unclear and possibly wrong.
2199    Callers of astman_send_error(), astman_send_response() or astman_send_ack() must EITHER
2200    hold the session lock _or_ be running in an action callback (in which case s->session->busy will
2201    be non-zero). In either of these cases, there is no need to lock-protect the session's
2202    fd, since no other output will be sent (events will be queued), and no input will
2203    be read until either the current action finishes or get_input() obtains the session
2204    lock.
2205  */
2206
2207 /*! \todo XXX MSG_MOREDATA should go to a header file. */
2208 #define MSG_MOREDATA    ((char *)astman_send_response)
2209
2210 /*! \brief send a response with an optional message,
2211  * and terminate it with an empty line.
2212  * m is used only to grab the 'ActionID' field.
2213  *
2214  * Use the explicit constant MSG_MOREDATA to remove the empty line.
2215  * XXX MSG_MOREDATA should go to a header file.
2216  */
2217 static void astman_send_response_full(struct mansession *s, const struct message *m, char *resp, char *msg, char *listflag)
2218 {
2219         const char *id = astman_get_header(m, "ActionID");
2220
2221         astman_append(s, "Response: %s\r\n", resp);
2222         if (!ast_strlen_zero(id)) {
2223                 astman_append(s, "ActionID: %s\r\n", id);
2224         }
2225         if (listflag) {
2226                 astman_append(s, "EventList: %s\r\n", listflag);        /* Start, complete, cancelled */
2227         }
2228         if (msg == MSG_MOREDATA) {
2229                 return;
2230         } else if (msg) {
2231                 astman_append(s, "Message: %s\r\n\r\n", msg);
2232         } else {
2233                 astman_append(s, "\r\n");
2234         }
2235 }
2236
2237 void astman_send_response(struct mansession *s, const struct message *m, char *resp, char *msg)
2238 {
2239         astman_send_response_full(s, m, resp, msg, NULL);
2240 }
2241
2242 void astman_send_error(struct mansession *s, const struct message *m, char *error)
2243 {
2244         astman_send_response_full(s, m, "Error", error, NULL);
2245 }
2246
2247 void astman_send_error_va(struct mansession *s, const struct message *m, const char *fmt, ...)
2248 {
2249         va_list ap;
2250         struct ast_str *buf;
2251
2252         if (!(buf = ast_str_thread_get(&astman_append_buf, ASTMAN_APPEND_BUF_INITSIZE))) {
2253                 return;
2254         }
2255
2256         va_start(ap, fmt);
2257         ast_str_set_va(&buf, 0, fmt, ap);
2258         va_end(ap);
2259
2260         astman_send_response_full(s, m, "Error", ast_str_buffer(buf), NULL);
2261         ast_free(buf);
2262 }
2263
2264 void astman_send_ack(struct mansession *s, const struct message *m, char *msg)
2265 {
2266         astman_send_response_full(s, m, "Success", msg, NULL);
2267 }
2268
2269 static void astman_start_ack(struct mansession *s, const struct message *m)
2270 {
2271         astman_send_response_full(s, m, "Success", MSG_MOREDATA, NULL);
2272 }
2273
2274 void astman_send_listack(struct mansession *s, const struct message *m, char *msg, char *listflag)
2275 {
2276         astman_send_response_full(s, m, "Success", msg, listflag);
2277 }
2278
2279 /*! \brief Lock the 'mansession' structure. */
2280 static void mansession_lock(struct mansession *s)
2281 {
2282         ast_mutex_lock(&s->lock);
2283 }
2284
2285 /*! \brief Unlock the 'mansession' structure. */
2286 static void mansession_unlock(struct mansession *s)
2287 {
2288         ast_mutex_unlock(&s->lock);
2289 }
2290
2291 /*! \brief
2292    Rather than braindead on,off this now can also accept a specific int mask value
2293    or a ',' delim list of mask strings (the same as manager.conf) -anthm
2294 */
2295 static int set_eventmask(struct mansession *s, const char *eventmask)
2296 {
2297         int maskint = strings_to_mask(eventmask);
2298
2299         ao2_lock(s->session);
2300         if (maskint >= 0) {
2301                 s->session->send_events = maskint;
2302         }
2303         ao2_unlock(s->session);
2304
2305         return maskint;
2306 }
2307
2308 static enum ast_security_event_transport_type mansession_get_transport(const struct mansession *s)
2309 {
2310         return s->tcptls_session->parent->tls_cfg ? AST_SECURITY_EVENT_TRANSPORT_TLS :
2311                         AST_SECURITY_EVENT_TRANSPORT_TCP;
2312 }
2313
2314 static void report_invalid_user(const struct mansession *s, const char *username)
2315 {
2316         char session_id[32];
2317         struct ast_security_event_inval_acct_id inval_acct_id = {
2318                 .common.event_type = AST_SECURITY_EVENT_INVAL_ACCT_ID,
2319                 .common.version    = AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION,
2320                 .common.service    = "AMI",
2321                 .common.account_id = username,
2322                 .common.session_tv = &s->session->sessionstart_tv,
2323                 .common.local_addr = {
2324                         .addr      = &s->tcptls_session->parent->local_address,
2325                         .transport = mansession_get_transport(s),
2326                 },
2327                 .common.remote_addr = {
2328                         .addr      = &s->session->addr,
2329                         .transport = mansession_get_transport(s),
2330                 },
2331                 .common.session_id = session_id,
2332         };
2333
2334         snprintf(session_id, sizeof(session_id), "%p", s);
2335
2336         ast_security_event_report(AST_SEC_EVT(&inval_acct_id));
2337 }
2338
2339 static void report_failed_acl(const struct mansession *s, const char *username)
2340 {
2341         char session_id[32];
2342         struct ast_security_event_failed_acl failed_acl_event = {
2343                 .common.event_type = AST_SECURITY_EVENT_FAILED_ACL,
2344                 .common.version    = AST_SECURITY_EVENT_FAILED_ACL_VERSION,
2345                 .common.service    = "AMI",
2346                 .common.account_id = username,
2347                 .common.session_tv = &s->session->sessionstart_tv,
2348                 .common.local_addr = {
2349                         .addr      = &s->tcptls_session->parent->local_address,
2350                         .transport = mansession_get_transport(s),
2351                 },
2352                 .common.remote_addr = {
2353                         .addr      = &s->session->addr,
2354                         .transport = mansession_get_transport(s),
2355                 },
2356                 .common.session_id = session_id,
2357         };
2358
2359         snprintf(session_id, sizeof(session_id), "%p", s->session);
2360
2361         ast_security_event_report(AST_SEC_EVT(&failed_acl_event));
2362 }
2363
2364 static void report_inval_password(const struct mansession *s, const char *username)
2365 {
2366         char session_id[32];
2367         struct ast_security_event_inval_password inval_password = {
2368                 .common.event_type = AST_SECURITY_EVENT_INVAL_PASSWORD,
2369                 .common.version    = AST_SECURITY_EVENT_INVAL_PASSWORD_VERSION,
2370                 .common.service    = "AMI",
2371                 .common.account_id = username,
2372                 .common.session_tv = &s->session->sessionstart_tv,
2373                 .common.local_addr = {
2374                         .addr      = &s->tcptls_session->parent->local_address,
2375                         .transport = mansession_get_transport(s),
2376                 },
2377                 .common.remote_addr = {
2378                         .addr      = &s->session->addr,
2379                         .transport = mansession_get_transport(s),
2380                 },
2381                 .common.session_id = session_id,
2382         };
2383
2384         snprintf(session_id, sizeof(session_id), "%p", s->session);
2385
2386         ast_security_event_report(AST_SEC_EVT(&inval_password));
2387 }
2388
2389 static void report_auth_success(const struct mansession *s)
2390 {
2391         char session_id[32];
2392         struct ast_security_event_successful_auth successful_auth = {
2393                 .common.event_type = AST_SECURITY_EVENT_SUCCESSFUL_AUTH,
2394                 .common.version    = AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION,
2395                 .common.service    = "AMI",
2396                 .common.account_id = s->session->username,
2397                 .common.session_tv = &s->session->sessionstart_tv,
2398                 .common.local_addr = {
2399                         .addr      = &s->tcptls_session->parent->local_address,
2400                         .transport = mansession_get_transport(s),
2401                 },
2402                 .common.remote_addr = {
2403                         .addr      = &s->session->addr,
2404                         .transport = mansession_get_transport(s),
2405                 },
2406                 .common.session_id = session_id,
2407         };
2408
2409         snprintf(session_id, sizeof(session_id), "%p", s->session);
2410
2411         ast_security_event_report(AST_SEC_EVT(&successful_auth));
2412 }
2413
2414 static void report_req_not_allowed(const struct mansession *s, const char *action)
2415 {
2416         char session_id[32];
2417         char request_type[64];
2418         struct ast_security_event_req_not_allowed req_not_allowed = {
2419                 .common.event_type = AST_SECURITY_EVENT_REQ_NOT_ALLOWED,
2420                 .common.version    = AST_SECURITY_EVENT_REQ_NOT_ALLOWED_VERSION,
2421                 .common.service    = "AMI",
2422                 .common.account_id = s->session->username,
2423                 .common.session_tv = &s->session->sessionstart_tv,
2424                 .common.local_addr = {
2425                         .addr      = &s->tcptls_session->parent->local_address,
2426                         .transport = mansession_get_transport(s),
2427                 },
2428                 .common.remote_addr = {
2429                         .addr      = &s->session->addr,
2430                         .transport = mansession_get_transport(s),
2431                 },
2432                 .common.session_id = session_id,
2433
2434                 .request_type      = request_type,
2435         };
2436
2437         snprintf(session_id, sizeof(session_id), "%p", s->session);
2438         snprintf(request_type, sizeof(request_type), "Action: %s", action);
2439
2440         ast_security_event_report(AST_SEC_EVT(&req_not_allowed));
2441 }
2442
2443 static void report_req_bad_format(const struct mansession *s, const char *action)
2444 {
2445         char session_id[32];
2446         char request_type[64];
2447         struct ast_security_event_req_bad_format req_bad_format = {
2448                 .common.event_type = AST_SECURITY_EVENT_REQ_BAD_FORMAT,
2449                 .common.version    = AST_SECURITY_EVENT_REQ_BAD_FORMAT_VERSION,
2450                 .common.service    = "AMI",
2451                 .common.account_id = s->session->username,
2452                 .common.session_tv = &s->session->sessionstart_tv,
2453                 .common.local_addr = {
2454                         .addr      = &s->tcptls_session->parent->local_address,
2455                         .transport = mansession_get_transport(s),
2456                 },
2457                 .common.remote_addr = {
2458                         .addr      = &s->session->addr,
2459                         .transport = mansession_get_transport(s),
2460                 },
2461                 .common.session_id = session_id,
2462
2463                 .request_type      = request_type,
2464         };
2465
2466         snprintf(session_id, sizeof(session_id), "%p", s->session);
2467         snprintf(request_type, sizeof(request_type), "Action: %s", action);
2468
2469         ast_security_event_report(AST_SEC_EVT(&req_bad_format));
2470 }
2471
2472 static void report_failed_challenge_response(const struct mansession *s,
2473                 const char *response, const char *expected_response)
2474 {
2475         char session_id[32];
2476         struct ast_security_event_chal_resp_failed chal_resp_failed = {
2477                 .common.event_type = AST_SECURITY_EVENT_CHAL_RESP_FAILED,
2478                 .common.version    = AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION,
2479                 .common.service    = "AMI",
2480                 .common.account_id = s->session->username,
2481                 .common.session_tv = &s->session->sessionstart_tv,
2482                 .common.local_addr = {
2483                         .addr      = &s->tcptls_session->parent->local_address,
2484                         .transport = mansession_get_transport(s),
2485                 },
2486                 .common.remote_addr = {
2487                         .addr      = &s->session->addr,
2488                         .transport = mansession_get_transport(s),
2489                 },
2490                 .common.session_id = session_id,
2491
2492                 .challenge         = s->session->challenge,
2493                 .response          = response,
2494                 .expected_response = expected_response,
2495         };
2496
2497         snprintf(session_id, sizeof(session_id), "%p", s->session);
2498
2499         ast_security_event_report(AST_SEC_EVT(&chal_resp_failed));
2500 }
2501
2502 static void report_session_limit(const struct mansession *s)
2503 {
2504         char session_id[32];
2505         struct ast_security_event_session_limit session_limit = {
2506                 .common.event_type = AST_SECURITY_EVENT_SESSION_LIMIT,
2507                 .common.version    = AST_SECURITY_EVENT_SESSION_LIMIT_VERSION,
2508                 .common.service    = "AMI",
2509                 .common.account_id = s->session->username,
2510                 .common.session_tv = &s->session->sessionstart_tv,
2511                 .common.local_addr = {
2512                         .addr      = &s->tcptls_session->parent->local_address,
2513                         .transport = mansession_get_transport(s),
2514                 },
2515                 .common.remote_addr = {
2516                         .addr      = &s->session->addr,
2517                         .transport = mansession_get_transport(s),
2518                 },
2519                 .common.session_id = session_id,
2520         };
2521
2522         snprintf(session_id, sizeof(session_id), "%p", s->session);
2523
2524         ast_security_event_report(AST_SEC_EVT(&session_limit));
2525 }
2526
2527 /*
2528  * Here we start with action_ handlers for AMI actions,
2529  * and the internal functions used by them.
2530  * Generally, the handlers are called action_foo()
2531  */
2532
2533 /* helper function for action_login() */
2534 static int authenticate(struct mansession *s, const struct message *m)
2535 {
2536         const char *username = astman_get_header(m, "Username");
2537         const char *password = astman_get_header(m, "Secret");
2538         int error = -1;
2539         struct ast_manager_user *user = NULL;
2540         regex_t *regex_filter;
2541         struct ao2_iterator filter_iter;
2542
2543         if (ast_strlen_zero(username)) {        /* missing username */
2544                 return -1;
2545         }
2546
2547         /* locate user in locked state */
2548         AST_RWLIST_WRLOCK(&users);
2549
2550         if (!(user = get_manager_by_name_locked(username))) {
2551                 report_invalid_user(s, username);
2552                 ast_log(LOG_NOTICE, "%s tried to authenticate with nonexistent user '%s'\n", ast_sockaddr_stringify_addr(&s->session->addr), username);
2553         } else if (user->acl && (ast_apply_acl(user->acl, &s->session->addr, "Manager User ACL: ") == AST_SENSE_DENY)) {
2554                 report_failed_acl(s, username);
2555                 ast_log(LOG_NOTICE, "%s failed to pass IP ACL as '%s'\n", ast_sockaddr_stringify_addr(&s->session->addr), username);
2556         } else if (!strcasecmp(astman_get_header(m, "AuthType"), "MD5")) {
2557                 const char *key = astman_get_header(m, "Key");
2558                 if (!ast_strlen_zero(key) && !ast_strlen_zero(s->session->challenge) && user->secret) {
2559                         int x;
2560                         int len = 0;
2561                         char md5key[256] = "";
2562                         struct MD5Context md5;
2563                         unsigned char digest[16];
2564
2565                         MD5Init(&md5);
2566                         MD5Update(&md5, (unsigned char *) s->session->challenge, strlen(s->session->challenge));
2567                         MD5Update(&md5, (unsigned char *) user->secret, strlen(user->secret));
2568                         MD5Final(digest, &md5);
2569                         for (x = 0; x < 16; x++)
2570                                 len += sprintf(md5key + len, "%2.2x", digest[x]);
2571                         if (!strcmp(md5key, key)) {
2572                                 error = 0;
2573                         } else {
2574                                 report_failed_challenge_response(s, key, md5key);
2575                         }
2576                 } else {
2577                         ast_debug(1, "MD5 authentication is not possible.  challenge: '%s'\n",
2578                                 S_OR(s->session->challenge, ""));
2579                 }
2580         } else if (user->secret) {
2581                 if (!strcmp(password, user->secret)) {
2582                         error = 0;
2583                 } else {
2584                         report_inval_password(s, username);
2585                 }
2586         }
2587
2588         if (error) {
2589                 ast_log(LOG_NOTICE, "%s failed to authenticate as '%s'\n", ast_sockaddr_stringify_addr(&s->session->addr), username);
2590                 AST_RWLIST_UNLOCK(&users);
2591                 return -1;
2592         }
2593
2594         /* auth complete */
2595
2596         /* All of the user parameters are copied to the session so that in the event
2597         * of a reload and a configuration change, the session parameters are not
2598         * changed. */
2599         ast_copy_string(s->session->username, username, sizeof(s->session->username));
2600         s->session->readperm = user->readperm;
2601         s->session->writeperm = user->writeperm;
2602         s->session->writetimeout = user->writetimeout;
2603         if (user->chanvars) {
2604                 s->session->chanvars = ast_variables_dup(user->chanvars);
2605         }
2606
2607         filter_iter = ao2_iterator_init(user->whitefilters, 0);
2608         while ((regex_filter = ao2_iterator_next(&filter_iter))) {
2609                 ao2_t_link(s->session->whitefilters, regex_filter, "add white user filter to session");
2610                 ao2_t_ref(regex_filter, -1, "remove iterator ref");
2611         }
2612         ao2_iterator_destroy(&filter_iter);
2613
2614         filter_iter = ao2_iterator_init(user->blackfilters, 0);
2615         while ((regex_filter = ao2_iterator_next(&filter_iter))) {
2616                 ao2_t_link(s->session->blackfilters, regex_filter, "add black user filter to session");
2617                 ao2_t_ref(regex_filter, -1, "remove iterator ref");
2618         }
2619         ao2_iterator_destroy(&filter_iter);
2620
2621         s->session->sessionstart = time(NULL);
2622         s->session->sessionstart_tv = ast_tvnow();
2623         set_eventmask(s, astman_get_header(m, "Events"));
2624
2625         report_auth_success(s);
2626
2627         AST_RWLIST_UNLOCK(&users);
2628         return 0;
2629 }
2630
2631 static int action_ping(struct mansession *s, const struct message *m)
2632 {
2633         const char *actionid = astman_get_header(m, "ActionID");
2634         struct timeval now = ast_tvnow();
2635
2636         astman_append(s, "Response: Success\r\n");
2637         if (!ast_strlen_zero(actionid)){
2638                 astman_append(s, "ActionID: %s\r\n", actionid);
2639         }
2640         astman_append(
2641                 s,
2642                 "Ping: Pong\r\n"
2643                 "Timestamp: %ld.%06lu\r\n"
2644                 "\r\n",
2645                 (long) now.tv_sec, (unsigned long) now.tv_usec);
2646         return 0;
2647 }
2648
2649 static int action_getconfig(struct mansession *s, const struct message *m)
2650 {
2651         struct ast_config *cfg;
2652         const char *fn = astman_get_header(m, "Filename");
2653         const char *category = astman_get_header(m, "Category");
2654         int catcount = 0;
2655         int lineno = 0;
2656         char *cur_category = NULL;
2657         struct ast_variable *v;
2658         struct ast_flags config_flags = { CONFIG_FLAG_WITHCOMMENTS | CONFIG_FLAG_NOCACHE };
2659
2660         if (ast_strlen_zero(fn)) {
2661                 astman_send_error(s, m, "Filename not specified");
2662                 return 0;
2663         }
2664         cfg = ast_config_load2(fn, "manager", config_flags);
2665         if (cfg == CONFIG_STATUS_FILEMISSING) {
2666                 astman_send_error(s, m, "Config file not found");
2667                 return 0;
2668         } else if (cfg == CONFIG_STATUS_FILEINVALID) {
2669                 astman_send_error(s, m, "Config file has invalid format");
2670                 return 0;
2671         }
2672
2673         astman_start_ack(s, m);
2674         while ((cur_category = ast_category_browse(cfg, cur_category))) {
2675                 if (ast_strlen_zero(category) || (!ast_strlen_zero(category) && !strcmp(category, cur_category))) {
2676                         lineno = 0;
2677                         astman_append(s, "Category-%06d: %s\r\n", catcount, cur_category);
2678                         for (v = ast_variable_browse(cfg, cur_category); v; v = v->next) {
2679                                 astman_append(s, "Line-%06d-%06d: %s=%s\r\n", catcount, lineno++, v->name, v->value);
2680                         }
2681                         catcount++;
2682                 }
2683         }
2684         if (!ast_strlen_zero(category) && catcount == 0) { /* TODO: actually, a config with no categories doesn't even get loaded */
2685                 astman_append(s, "No categories found\r\n");
2686         }
2687         ast_config_destroy(cfg);
2688         astman_append(s, "\r\n");
2689
2690         return 0;
2691 }
2692
2693 static int action_listcategories(struct mansession *s, const struct message *m)
2694 {
2695         struct ast_config *cfg;
2696         const char *fn = astman_get_header(m, "Filename");
2697         char *category = NULL;
2698         struct ast_flags config_flags = { CONFIG_FLAG_WITHCOMMENTS | CONFIG_FLAG_NOCACHE };
2699         int catcount = 0;
2700
2701         if (ast_strlen_zero(fn)) {
2702                 astman_send_error(s, m, "Filename not specified");
2703                 return 0;
2704         }
2705         if (!(cfg = ast_config_load2(fn, "manager", config_flags))) {
2706                 astman_send_error(s, m, "Config file not found");
2707                 return 0;
2708         } else if (cfg == CONFIG_STATUS_FILEINVALID) {
2709                 astman_send_error(s, m, "Config file has invalid format");
2710                 return 0;
2711         }
2712         astman_start_ack(s, m);
2713         while ((category = ast_category_browse(cfg, category))) {
2714                 astman_append(s, "Category-%06d: %s\r\n", catcount, category);
2715                 catcount++;
2716         }
2717         if (catcount == 0) { /* TODO: actually, a config with no categories doesn't even get loaded */
2718                 astman_append(s, "Error: no categories found\r\n");
2719         }
2720         ast_config_destroy(cfg);
2721         astman_append(s, "\r\n");
2722
2723         return 0;
2724 }
2725
2726
2727
2728
2729 /*! The amount of space in out must be at least ( 2 * strlen(in) + 1 ) */
2730 static void json_escape(char *out, const char *in)
2731 {
2732         for (; *in; in++) {
2733                 if (*in == '\\' || *in == '\"') {
2734                         *out++ = '\\';
2735                 }
2736                 *out++ = *in;
2737         }
2738         *out = '\0';
2739 }
2740
2741 /*!
2742  * \internal
2743  * \brief Append a JSON escaped string to the manager stream.
2744  *
2745  * \param s AMI stream to append a string.
2746  * \param str String to append to the stream after JSON escaping it.
2747  *
2748  * \return Nothing
2749  */
2750 static void astman_append_json(struct mansession *s, const char *str)
2751 {
2752         char *buf;
2753
2754         buf = ast_alloca(2 * strlen(str) + 1);
2755         json_escape(buf, str);
2756         astman_append(s, "%s", buf);
2757 }
2758
2759 static int action_getconfigjson(struct mansession *s, const struct message *m)
2760 {
2761         struct ast_config *cfg;
2762         const char *fn = astman_get_header(m, "Filename");
2763         char *category = NULL;
2764         struct ast_variable *v;
2765         int comma1 = 0;
2766         struct ast_flags config_flags = { CONFIG_FLAG_WITHCOMMENTS | CONFIG_FLAG_NOCACHE };
2767
2768         if (ast_strlen_zero(fn)) {
2769                 astman_send_error(s, m, "Filename not specified");
2770                 return 0;
2771         }
2772
2773         if (!(cfg = ast_config_load2(fn, "manager", config_flags))) {
2774                 astman_send_error(s, m, "Config file not found");
2775                 return 0;
2776         } else if (cfg == CONFIG_STATUS_FILEINVALID) {
2777                 astman_send_error(s, m, "Config file has invalid format");
2778                 return 0;
2779         }
2780
2781         astman_start_ack(s, m);
2782         astman_append(s, "JSON: {");
2783         while ((category = ast_category_browse(cfg, category))) {
2784                 int comma2 = 0;
2785
2786                 astman_append(s, "%s\"", comma1 ? "," : "");
2787                 astman_append_json(s, category);
2788                 astman_append(s, "\":[");
2789                 comma1 = 1;
2790                 for (v = ast_variable_browse(cfg, category); v; v = v->next) {
2791                         astman_append(s, "%s\"", comma2 ? "," : "");
2792                         astman_append_json(s, v->name);
2793                         astman_append(s, "\":\"");
2794                         astman_append_json(s, v->value);
2795                         astman_append(s, "\"");
2796                         comma2 = 1;
2797                 }
2798                 astman_append(s, "]");
2799         }
2800         astman_append(s, "}\r\n\r\n");
2801
2802         ast_config_destroy(cfg);
2803
2804         return 0;
2805 }
2806
2807 /*! \brief helper function for action_updateconfig */
2808 static enum error_type handle_updates(struct mansession *s, const struct message *m, struct ast_config *cfg, const char *dfn)
2809 {
2810         int x;
2811         char hdr[40];
2812         const char *action, *cat, *var, *value, *match, *line;
2813         struct ast_category *category;
2814         struct ast_variable *v;
2815         struct ast_str *str1 = ast_str_create(16), *str2 = ast_str_create(16);
2816         enum error_type result = 0;
2817
2818         for (x = 0; x < 100000; x++) {  /* 100000 = the max number of allowed updates + 1 */
2819                 unsigned int object = 0;
2820
2821                 snprintf(hdr, sizeof(hdr), "Action-%06d", x);
2822                 action = astman_get_header(m, hdr);
2823                 if (ast_strlen_zero(action))            /* breaks the for loop if no action header */
2824                         break;                          /* this could cause problems if actions come in misnumbered */
2825
2826                 snprintf(hdr, sizeof(hdr), "Cat-%06d", x);
2827                 cat = astman_get_header(m, hdr);
2828                 if (ast_strlen_zero(cat)) {             /* every action needs a category */
2829                         result =  UNSPECIFIED_CATEGORY;
2830                         break;
2831                 }
2832
2833                 snprintf(hdr, sizeof(hdr), "Var-%06d", x);
2834                 var = astman_get_header(m, hdr);
2835
2836                 snprintf(hdr, sizeof(hdr), "Value-%06d", x);
2837                 value = astman_get_header(m, hdr);
2838
2839                 if (!ast_strlen_zero(value) && *value == '>') {
2840                         object = 1;
2841                         value++;
2842                 }
2843
2844                 snprintf(hdr, sizeof(hdr), "Match-%06d", x);
2845                 match = astman_get_header(m, hdr);
2846
2847                 snprintf(hdr, sizeof(hdr), "Line-%06d", x);
2848                 line = astman_get_header(m, hdr);
2849
2850                 if (!strcasecmp(action, "newcat")) {
2851                         if (ast_category_get(cfg,cat)) {        /* check to make sure the cat doesn't */
2852                                 result = FAILURE_NEWCAT;        /* already exist */
2853                                 break;
2854                         }
2855                         if (!(category = ast_category_new(cat, dfn, -1))) {
2856                                 result = FAILURE_ALLOCATION;
2857                                 break;
2858                         }
2859                         if (ast_strlen_zero(match)) {
2860                                 ast_category_append(cfg, category);
2861                         } else {
2862                                 ast_category_insert(cfg, category, match);
2863                         }
2864                 } else if (!strcasecmp(action, "renamecat")) {
2865                         if (ast_strlen_zero(value)) {
2866                                 result = UNSPECIFIED_ARGUMENT;
2867                                 break;
2868                         }
2869                         if (!(category = ast_category_get(cfg, cat))) {
2870                                 result = UNKNOWN_CATEGORY;
2871                                 break;
2872                         }
2873                         ast_category_rename(category, value);
2874                 } else if (!strcasecmp(action, "delcat")) {
2875                         if (ast_category_delete(cfg, cat)) {
2876                                 result = FAILURE_DELCAT;
2877                                 break;
2878                         }
2879                 } else if (!strcasecmp(action, "emptycat")) {
2880                         if (ast_category_empty(cfg, cat)) {
2881                                 result = FAILURE_EMPTYCAT;
2882                                 break;
2883                         }
2884                 } else if (!strcasecmp(action, "update")) {
2885                         if (ast_strlen_zero(var)) {
2886                                 result = UNSPECIFIED_ARGUMENT;
2887                                 break;
2888                         }
2889                         if (!(category = ast_category_get(cfg,cat))) {
2890                                 result = UNKNOWN_CATEGORY;
2891                                 break;
2892                         }
2893                         if (ast_variable_update(category, var, value, match, object)) {
2894                                 result = FAILURE_UPDATE;
2895                                 break;
2896                         }
2897                 } else if (!strcasecmp(action, "delete")) {
2898                         if ((ast_strlen_zero(var) && ast_strlen_zero(line))) {
2899                                 result = UNSPECIFIED_ARGUMENT;
2900                                 break;
2901                         }
2902                         if (!(category = ast_category_get(cfg, cat))) {
2903                                 result = UNKNOWN_CATEGORY;
2904                                 break;
2905                         }
2906                         if (ast_variable_delete(category, var, match, line)) {
2907                                 result = FAILURE_DELETE;
2908                                 break;
2909                         }
2910                 } else if (!strcasecmp(action, "append")) {
2911                         if (ast_strlen_zero(var)) {
2912                                 result = UNSPECIFIED_ARGUMENT;
2913                                 break;
2914                         }
2915                         if (!(category = ast_category_get(cfg, cat))) {
2916                                 result = UNKNOWN_CATEGORY;
2917                                 break;
2918                         }
2919                         if (!(v = ast_variable_new(var, value, dfn))) {
2920                                 result = FAILURE_ALLOCATION;
2921                                 break;
2922                         }
2923                         if (object || (match && !strcasecmp(match, "object"))) {
2924                                 v->object = 1;
2925                         }
2926                         ast_variable_append(category, v);
2927                 } else if (!strcasecmp(action, "insert")) {
2928                         if (ast_strlen_zero(var) || ast_strlen_zero(line)) {
2929                                 result = UNSPECIFIED_ARGUMENT;
2930                                 break;
2931                         }
2932                         if (!(category = ast_category_get(cfg, cat))) {
2933                                 result = UNKNOWN_CATEGORY;
2934                                 break;
2935                         }
2936                         if (!(v = ast_variable_new(var, value, dfn))) {
2937                                 result = FAILURE_ALLOCATION;
2938                                 break;
2939                         }
2940                         ast_variable_insert(category, v, line);
2941                 }
2942                 else {
2943                         ast_log(LOG_WARNING, "Action-%06d: %s not handled\n", x, action);
2944                         result = UNKNOWN_ACTION;
2945                         break;
2946                 }
2947         }
2948         ast_free(str1);
2949         ast_free(str2);
2950         return result;
2951 }
2952
2953 static int action_updateconfig(struct mansession *s, const struct message *m)
2954 {
2955         struct ast_config *cfg;
2956         const char *sfn = astman_get_header(m, "SrcFilename");
2957         const char *dfn = astman_get_header(m, "DstFilename");
2958         int res;
2959         const char *rld = astman_get_header(m, "Reload");
2960         struct ast_flags config_flags = { CONFIG_FLAG_WITHCOMMENTS | CONFIG_FLAG_NOCACHE };
2961         enum error_type result;
2962
2963         if (ast_strlen_zero(sfn) || ast_strlen_zero(dfn)) {
2964                 astman_send_error(s, m, "Filename not specified");
2965                 return 0;
2966         }
2967         if (!(cfg = ast_config_load2(sfn, "manager", config_flags))) {
2968                 astman_send_error(s, m, "Config file not found");
2969                 return 0;
2970         } else if (cfg == CONFIG_STATUS_FILEINVALID) {
2971                 astman_send_error(s, m, "Config file has invalid format");
2972                 return 0;
2973         }
2974         result = handle_updates(s, m, cfg, dfn);
2975         if (!result) {
2976                 ast_include_rename(cfg, sfn, dfn); /* change the include references from dfn to sfn, so things match up */
2977                 res = ast_config_text_file_save(dfn, cfg, "Manager");
2978                 ast_config_destroy(cfg);
2979                 if (res) {
2980                         astman_send_error(s, m, "Save of config failed");
2981                         return 0;
2982                 }
2983                 astman_send_ack(s, m, NULL);
2984                 if (!ast_strlen_zero(rld)) {
2985                         if (ast_true(rld)) {
2986                                 rld = NULL;
2987                         }
2988                         ast_module_reload(rld);
2989                 }
2990         } else {
2991                 ast_config_destroy(cfg);
2992                 switch(result) {
2993                 case UNKNOWN_ACTION:
2994                         astman_send_error(s, m, "Unknown action command");
2995                         break;
2996                 case UNKNOWN_CATEGORY:
2997                         astman_send_error(s, m, "Given category does not exist");
2998                         break;
2999                 case UNSPECIFIED_CATEGORY:
3000                         astman_send_error(s, m, "Category not specified");
3001                         break;
3002                 case UNSPECIFIED_ARGUMENT:
3003                         astman_send_error(s, m, "Problem with category, value, or line (if required)");
3004                         break;
3005                 case FAILURE_ALLOCATION:
3006                         astman_send_error(s, m, "Memory allocation failure, this should not happen");
3007                         break;
3008                 case FAILURE_NEWCAT:
3009                         astman_send_error(s, m, "Create category did not complete successfully");
3010                         break;
3011                 case FAILURE_DELCAT:
3012                         astman_send_error(s, m, "Delete category did not complete successfully");
3013                         break;
3014                 case FAILURE_EMPTYCAT:
3015                         astman_send_error(s, m, "Empty category did not complete successfully");
3016                         break;
<