Merge commit for 2.21.0

ChangeLog

@@ -1,3 +1,28 @@
+Thu, 07 Jul 2022 12:47:57 +0200  IvozProvider Team <[email protected]>
+
+    * IvozProvider 2.21.0 released
+
+    * Proxies
+        - Fixed rtpengine sessions deletion on branch timeout
+        - Fixed a bug with failover handling on bounced calls
+        - OPTION messages are now skipped from anti-flood mechanism
+        - Residential Devices authentication is now optional when Direct Connectivity is enabled
+        - Retail Accounts authentication is now optional when Direct Connectivity is enabled
+        - Improve log messages on no reply event
+
+    * Invoicing
+        - Added dynamic quantity support to Invoice schedulers fixed costs
+        - Added Client max calls as Fixed cost dynamic quantity
+        - Added Client DDI count as Fixed cost dynamic quantity
+
+    * Portals
+        - Fixed a bug that prevented creating vPBX clients depending on emulated company ACLs
+        - Removed Retail Account column from DDI Provider's DDI List section
+
+    * Other
+        - Added support for custom entries in local DNS server
+        - Fixed swagger JSON generation commands in package post install scripts
+
 Wed, 23 Mar 2022 16:40:26 +0100  IvozProvider Team <[email protected]>
 
     * IvozProvider 2.20.1 released

README.md

@@ -1,4 +1,4 @@
-![IvozProvider Logo](web/admin/public/images/logoprovider.png) ![stable](web/admin/public/images/stable-2.20-blue.png) ![release](web/admin/public/images/release-artemis-14b9bc.png)
+![IvozProvider Logo](web/admin/public/images/logoprovider.png) ![stable](https://raster.shields.io/badge/sable-2.21-blue.png) ![release](web/admin/public/images/release-artemis-14b9bc.png)
 
 Ivoz Provider is a multitenant solution for VoIP telephony providers designed for horizontal scaling and load balancing.
 
@@ -51,7 +51,7 @@ If you want to test an [standalone](https://irontec.github.io/ivozprovider/en/ar
 | Version  | 64 bits  | 32 bits |
 |----------|:--------:|:-------:|
 |oldstable (oasis 1.7) | [![iso http](web/admin/public/images/iso-http-green.png)](https://packages.irontec.com/isos/ivozprovider-1.7.1-oasis-amd64.iso)| [![iso http](web/admin/public/images/iso-http-green.png)](https://packages.irontec.com/isos/ivozprovider-1.7.1-oasis-i386.iso)|
-|stable (artemis 2.20.0) | [![iso http](web/admin/public/images/iso-http-green.png)](https://packages.irontec.com/isos/ivozprovider-2.20~2.20.0-artemis-amd64.iso)| |
+|stable (artemis 2.21.0) | [![iso http](web/admin/public/images/iso-http-green.png)](https://packages.irontec.com/isos/ivozprovider-2.21~2.21.0-artemis-amd64.iso)| |
 |testing (halliday 3.x) | |
 
 

asterisk/config/pjsip.conf

@@ -3,7 +3,7 @@
 ;;
 [global]
 type=global
-user_agent=Irontec IvozProvider v2.20
+user_agent=Irontec IvozProvider v2.21
 endpoint_identifier_order=ip,contact,username,anonymous
 
 ;;

debian/changelog

@@ -1,4 +1,10 @@
-ivozprovider (2.20~2.20.1) UNRELEASED; urgency=medium
+ivozprovider (2.21~2.21.0) UNRELEASED; urgency=medium
+
+  * Version bump to 2.21.0
+
+ -- Irontec IvozProvider Team <[email protected]>  Wed, 23 Mar 2022 17:43:31 +0100
+
+ivozprovider (2.20~2.20.1) stable; urgency=medium
 
   * Version bump to 2.20.1
 

debian/ivozprovider-web-rest.postinst

@@ -14,7 +14,7 @@ setfacl  -R -m u:www-data:rwX -m u:root:rwX var
 # Create project cache
 bin/console cache:clear --no-warmup -q -n
 # generate swagger spec
-bin/console api:swagger:export > web/swagger.json
+bin/console api:swagger:export > public/swagger.json
 
 # Create jwt certificates
 [ ! -e /opt/irontec/ivozprovider/storage/jwt/private.pem ] && bin/generate-keys --initial
@@ -28,7 +28,7 @@ if [ -d /opt/irontec/ivozprovider/web/rest/brand/ ]; then
         # Create project cache
         bin/console cache:clear --no-warmup -q -n
         # generate swagger spec
-        bin/console api:swagger:export > web/swagger.json
+        bin/console api:swagger:export > public/swagger.json
     popd
 fi
 
@@ -41,7 +41,7 @@ if [ -d /opt/irontec/ivozprovider/web/rest/client/ ]; then
         # Create project cache
         bin/console cache:clear --no-warmup -q -n
         # generate swagger spec
-        bin/console api:swagger:export > web/swagger.json
+        bin/console api:swagger:export > public/swagger.json
     popd
 fi
 

debian/systemd/kamailio@.service

@@ -13,6 +13,7 @@ PIDFile=/var/run/kamailio-%i.pid
 EnvironmentFile=/etc/default/kam%i
 ExecStart=/usr/sbin/kamailio -A IP=%i -f /etc/kamailio/proxy%i/kamailio.cfg -m ${SH_MEM} -M ${PRIV_MEM} -P /var/run/kamailio-%i.pid
 ExecStopPost=/bin/rm -f /var/run/kamailio-%i.pid
+TimeoutStopSec=30s
 Restart=on-abort
 
 [Install]

doc/sphinx/administration_portal/brand/invoicing/invoice_schedulers.rst

@@ -30,14 +30,30 @@ When adding a new definition, these fields are shown:
         Taxes to add to the final cost (e.g. VAT)
 
 
-.. tip:: Fixed concepts can be added in the same way as in manual invoice definitions
-
-Invoices generated due to an schedule can be seen in two ways:
+Invoices generated due to a schedule can be seen in two ways:
 
 - In each row of *Invoice schedulers* section, **List of Invoices** option.
 
 - In *Invoices* section, indistinguishable to manually generated invoices.
 
+Fixed costs
+===========
+
+When defining a scheduled invoice, you can add fixed costs in a static or dynamic way:
+
+- Type **'static'** is used for fixed quantities.
+
+- Type **'Max calls'** sets the quantity in the moment of the creation of the invoice to
+  "Max calls" value of the client in that specific moment.
+
+- Type **'DDIs'** sets the quantity in the moment of the creation of the invoice to
+  the number of DDIS matching criteria (all, national, international or belonging to specific country)
+  in the client in that specific moment.
+
+.. tip:: Non-static values are retrieved from client configuration in the date specified in "Next execution".
+         Regenerating the invoice later will not modify assigned value, but you can adapt it manually to
+         the desired value editing the fixed cost in Invoice section and regenerating the invoice.
+
 Frequency definition
 ====================
 

doc/sphinx/administration_portal/client/residential/residential_devices.rst

@@ -51,7 +51,8 @@ These are the configurable settings of *Residential devices*:
 
     Password
         When the *residential device* send requests, IvozProvider will authenticate it using
-        this password. Like remaining SIP entities in IvozProvider (except Wholesale) **using password IS MANDATORY**.
+        this password. **Using password IS A MUST in "Register" mode**. In "Direct" mode,
+        leaving it blank disables SIP authentication and enables IP source check.
 
     Direct connectivity
         If you choose 'Yes' here, you'll have to fill the protocol, address and

doc/sphinx/administration_portal/client/retail/retail_accounts.rst

@@ -51,7 +51,8 @@ These are the configurable settings of *Retail accounts*:
 
     Password
         When the *retail account* send requests, IvozProvider will authenticate it using
-        this password. Like remaining SIP entities in IvozProvider (except Wholesale) **using password IS MANDATORY**.
+        this password. **Using password IS A MUST in "Register" mode**. In "Direct" mode,
+        leaving it blank disables SIP authentication and enables IP source check.
 
     Direct connectivity
         If you choose 'Yes' here, you'll have to fill the protocol, address and

doc/sphinx/conf.py

@@ -73,7 +73,7 @@
 # built documents.
 #
 # The short X.Y version.
-version = "2.20"
+version = "2.21"
 # The full version, including alpha/beta/rc tags.
 release = 'Artemis'
 
@@ -276,7 +276,7 @@
 # (source start file, target name, title,
 #  author, documentclass [howto, manual, or own class]).
 latex_documents = [
-    (master_doc, 'IvozProvider.tex', 'IvozProvider 2.20 Documentation',
+    (master_doc, 'IvozProvider.tex', 'IvozProvider 2.21 Documentation',
      'Irontec', 'manual'),
 ]
 

doc/sphinx/security_and_maintenance/security/antiflooding.rst

@@ -36,8 +36,6 @@ Client side requests usually traverse 2 different phases:
 
 Antiflood will take into account:
 
-- SIP OPTIONS
-
 - Requests failing during step 0:
 
   - Requests not using SIP domain in KamUsers (except wholesale).

kamailio/trunks/config/kamailio.cfg

@@ -137,8 +137,8 @@ log_facility=LOG_LOCAL0
 onsend_route_reply=yes
 
 # Add custom Server header
-server_header="Server: Irontec IvozProvider v2.20"
-user_agent_header="User-Agent: Irontec IvozProvider v2.20"
+server_header="Server: Irontec IvozProvider v2.21"
+user_agent_header="User-Agent: Irontec IvozProvider v2.21"
 
 ####### Modules Section ########
 
@@ -1638,9 +1638,11 @@ route[RELAY] {
     }
 
     if ($(du{uri.host}) != $null) {
-        xnotice("[$dlg_var(cidhash)] RELAY: Relaying to $ru via $du (du, $dP)\n");
+        $avp(relay_dst) = $dP + ":" + $(du{uri.host}) + ":" + $(du{uri.port});
+        xnotice("[$dlg_var(cidhash)] RELAY: Relaying to $avp(relay_dst) ($ru via $du)\n");
     } else {
-        xnotice("[$dlg_var(cidhash)] RELAY: Relaying to $ru (ru)\n");
+        $avp(relay_dst) = $rP + ":" + $(ru{uri.host}) + ":" + $(ru{uri.port});
+        xnotice("[$dlg_var(cidhash)] RELAY: Relaying to $avp(relay_dst) ($ru)\n");
     }
 
     # Common for every reply
@@ -1926,7 +1928,7 @@ route[INACTIVATE_GW] {
 
     sql_query("cb", "SELECT O.id FROM OutgoingRouting O LEFT JOIN OutgoingRoutingRelCarriers ORRC ON O.id=ORRC.outgoingRoutingId WHERE O.stopper=1 AND ( O.carrierId=$dlg_var(carrierId) OR ORRC.carrierId=$dlg_var(carrierId) )", "isStopper");
     if ($dbr(isStopper=>rows) == 0) {
-        xwarn("[$dlg_var(cidhash)] INACTIVATE-GW: $T_reply_code: Inactivate carrier server $dlg_var(carrierServerId) (carrier: $dlg_var(carrierId)) (no reply received)\n");
+        xwarn("[$dlg_var(cidhash)] INACTIVATE-GW: $T_reply_code: Inactivate carrier server $dlg_var(carrierServerId) (carrier: $dlg_var(carrierId)) (no reply received from $var(failingHost))\n");
         inactivate_gw(); # Inactivate GW temporally (until it answers OPTIONS)
     }
     sql_result_free("isStopper");
@@ -1973,8 +1975,16 @@ onreply_route[MANAGE_REPLY] {
 
 # Failure route for initial transactions to GW
 failure_route[MANAGE_FAILURE_GW] {
+    if ($dlg_var(bounced) == '1') exit; # Avoid carrier failover in bounced call
+
     if(!t_check_status("(401)|(407)")) {
-        xwarn("[$dlg_var(cidhash)] MANAGE-FAILURE-GW: $rm FAILED: '$T_reply_code $T_reply_reason' to '$cs $rm' from '$fu' ($si:$sp) [$proto]\n");
+        if (t_branch_timeout() && !t_branch_replied()) {
+            $var(failingHost) = $avp(relay_dst);
+        } else {
+            $var(failingHost) = $T_rpl($proto) + ":" + $T_rpl($si) + ":" + $T_rpl($sp);
+        }
+
+        xwarn("[$dlg_var(cidhash)] MANAGE-FAILURE-GW: $rm FAILED: '$T_reply_code $T_reply_reason' to '$cs $rm' from '$fu' ($var(failingHost))\n");
     }
 
     if (t_is_canceled()) {
@@ -2020,6 +2030,7 @@ failure_route[MANAGE_FAILURE_GW] {
         exit;
     } else if (t_branch_timeout() && !t_branch_replied()) {
         route(INACTIVATE_GW);
+        route(RTPENGINE);
     } else if (t_check_status("3[0-9]{2}")) {
         xwarn("[$dlg_var(cidhash)] MANAGE-FAILURE-GW: $T_reply_code: Not allowed from GW\n");
     }
@@ -2045,9 +2056,6 @@ failure_route[MANAGE_FAILURE_AS] {
 
     route(IS_FROM_INSIDE);
 
-    # Avoid failover for static distribute method
-    if ($dlg_var(distributeMethod) == 'static') exit;
-
     # next DST - only for 404 or local timeout
     if (t_check_status("404") or (t_branch_timeout() and !t_branch_replied())) {
         # Invalidate AS only if no response received
@@ -2056,14 +2064,17 @@ failure_route[MANAGE_FAILURE_AS] {
             ds_mark_dst("ip");
         }
 
-        if(ds_next_dst()) {
-            t_on_failure("MANAGE_FAILURE_AS");
+        if($dlg_var(distributeMethod) != 'static' && ds_next_dst()) {
             xinfo("[$dlg_var(cidhash)] MANAGE-FAILURE-AS: going to <$ru> via <$du>\n");
+            t_on_failure("MANAGE_FAILURE_AS");
             route(RELAY);
-        } else {
-            xerr("[$dlg_var(cidhash)] MANAGE-FAILURE-AS: No more AS-s available\n");
             exit;
         }
+
+        if (t_branch_timeout() and !t_branch_replied()) {
+            xinfo("[$dlg_var(cidhash)] MANAGE-FAILURE-AS: Free rtpengine session\n");
+            route(RTPENGINE);
+        }
     }
 
     xinfo("[$dlg_var(cidhash)] MANAGE-FAILURE-AS: No failover for '$T_reply_code $T_reply_reason', forward reply\n");

kamailio/users/config/kamailio.cfg

@@ -150,8 +150,8 @@ log_facility=LOG_LOCAL0
 onsend_route_reply=yes
 
 # Add custom Server header
-server_header="Server: Irontec IvozProvider v2.20"
-user_agent_header="User-Agent: Irontec IvozProvider v2.20"
+server_header="Server: Irontec IvozProvider v2.21"
+user_agent_header="User-Agent: Irontec IvozProvider v2.21"
 
 ####### Modules Section ########
 
@@ -458,6 +458,12 @@ modparam("timer", "declare_timer", "EXIT_WHEN_NO_CALLS=EXIT_WHEN_NO_CALLS,3000,s
 request_route {
     route(REQINIT);
 
+    if (is_method("OPTIONS")) {
+        force_rport();
+        send_reply("200", "I'm here!");
+        exit;
+    }
+
     route(IS_FROM_INSIDE);
 
     route(CIDHASH);
@@ -467,13 +473,6 @@ request_route {
         exit;
     }
 
-    if (is_method("OPTIONS")) {
-        force_rport();
-        route(ANTIFLOOD);
-        send_reply("200", "I'm here!");
-        exit;
-    }
-
     xnotice("[$dlg_var(cidhash)] Request: $rm $ru from $fu ($cs $rm - $proto:$si:$sp) [$ci]\n");
 
     route(NATDETECT);
@@ -1660,15 +1659,15 @@ route[AUTH] {
     if (src_ip == myself || $var(is_from_inside)) return;
     if ($avp(wholesaleId) != $null) return; # No AUTH for wholesale clients
 
-    # Handle passwordless friends
-    if ($avp(endpointType) == "Friends" && $avp(password) == $null) {
-        $xavp(friend) = $null;
-        sql_xquery("cb", "SELECT ip FROM Friends WHERE id='$avp(endpointId)'", "friend");
-        if ($xavp(friend=>ip) == $si) {
-            xinfo("[$dlg_var(cidhash)] AUTH: $avp(endpointType)#$avp(endpointId) talking from $xavp(friend=>ip), skip auth");
+    # Handle passwordless friends / retail accounts / residential devices
+    if (($avp(endpointType) == "Friends" || $avp(endpointType) == "RetailAccounts" || $avp(endpointType) == "ResidentialDevices") && $avp(password) == $null) {
+        $xavp(endpoint) = $null;
+        sql_xquery("cb", "SELECT ip FROM $avp(endpointType) WHERE id='$avp(endpointId)'", "endpoint");
+        if ($xavp(endpoint=>ip) == $si) {
+            xinfo("[$dlg_var(cidhash)] AUTH: $avp(endpointType)#$avp(endpointId) talking from $xavp(endpoint=>ip), skip auth");
             return;
         } else {
-            xwarn("[$dlg_var(cidhash)] AUTH: $avp(endpointType)#$avp(endpointId) talking from $si instead of $xavp(friend=>ip), forbidden");
+            xwarn("[$dlg_var(cidhash)] AUTH: $avp(endpointType)#$avp(endpointId) talking from $si instead of $xavp(endpoint=>ip), forbidden");
             route(ANTIFLOOD);
             send_reply("403", "Forbidden [FS]");
             exit;
@@ -2021,9 +2020,11 @@ route[RURIALIAS] {
 route[RELAY] {
     if ($branch(count) == $null) {
         if ($(du{uri.host}) != $null) {
-            xnotice("[$dlg_var(cidhash)] RELAY: Relaying to $ru via $du (du, $dP)\n");
+            $avp(relay_dst) = $dP + ":" + $(du{uri.host}) + ":" + $(du{uri.port});
+            xnotice("[$dlg_var(cidhash)] RELAY: Relaying to $avp(relay_dst) ($ru via $du)\n");
         } else {
-            xnotice("[$dlg_var(cidhash)] RELAY: Relaying to $ru (ru)\n");
+            $avp(relay_dst) = $rP + ":" + $(ru{uri.host}) + ":" + $(ru{uri.port});
+            xnotice("[$dlg_var(cidhash)] RELAY: Relaying to $avp(relay_dst) ($ru)\n");
         }
     }
 
@@ -2588,7 +2589,13 @@ onreply_route[MANAGE_REPLY] {
 }
 
 failure_route[MANAGE_FAILURE] {
-    xwarn("[$dlg_var(cidhash)] MANAGE-FAILURE: $rm FAILED: '$T_reply_code $T_reply_reason' to '$cs $rm' from '$fu' ($si:$sp) [$proto]\n");
+    if (t_branch_timeout() && !t_branch_replied()) {
+        $var(failingHost) = $avp(relay_dst);
+    } else {
+        $var(failingHost) = $T_rpl($proto) + ":" + $T_rpl($si) + ":" + $T_rpl($sp);
+    }
+
+    xwarn("[$dlg_var(cidhash)] MANAGE-FAILURE: $rm FAILED: '$T_reply_code $T_reply_reason' to '$cs $rm' from '$fu' ($var(failingHost))\n");
 
     if (t_is_canceled()) {
         xwarn("[$dlg_var(cidhash)] MANAGE-FAILURE: t_is_canceled, exit here\n");
@@ -2600,7 +2607,13 @@ failure_route[MANAGE_FAILURE] {
 }
 
 failure_route[MANAGE_FAILURE_RETAIL] {
-    xwarn("[$dlg_var(cidhash)] MANAGE-FAILURE-RETAIL: $rm FAILED: '$T_reply_code $T_reply_reason' to '$cs $rm' from '$fu' ($si:$sp) [$proto]\n");
+    if (t_branch_timeout() && !t_branch_replied()) {
+        $var(failingHost) = $avp(relay_dst);
+    } else {
+        $var(failingHost) = $T_rpl($proto) + ":" + $T_rpl($si) + ":" + $T_rpl($sp);
+    }
+
+    xwarn("[$dlg_var(cidhash)] MANAGE-FAILURE-RETAIL: $rm FAILED: '$T_reply_code $T_reply_reason' to '$cs $rm' from '$fu' ($var(failingHost))\n");
 
     if (t_is_canceled()) {
         xwarn("[$dlg_var(cidhash)] MANAGE-FAILURE-RETAIL: t_is_canceled, exit here\n");
@@ -2623,7 +2636,13 @@ failure_route[MANAGE_FAILURE_RETAIL] {
 }
 
 failure_route[MANAGE_FAILURE_AS] {
-    xwarn("[$dlg_var(cidhash)] MANAGE-FAILURE-AS: $rm FAILED: '$T_reply_code $T_reply_reason' to '$cs $rm' from '$fu' ($si:$sp) [$proto]\n");
+    if (t_branch_timeout() && !t_branch_replied()) {
+        $var(failingHost) = $avp(relay_dst);
+    } else {
+        $var(failingHost) = $T_rpl($proto) + ":" + $T_rpl($si) + ":" + $T_rpl($sp);
+    }
+
+    xwarn("[$dlg_var(cidhash)] MANAGE-FAILURE-AS: $rm FAILED: '$T_reply_code $T_reply_reason' to '$cs $rm' from '$fu' ($var(failingHost))\n");
 
     if (t_is_canceled()) {
         xwarn("[$dlg_var(cidhash)] MANAGE-FAILURE-AS: t_is_canceled, exit here\n");