Asterisk upgrade breaks functionality

system · September 6, 2011, 8:43pm

Running RHEL 6.1, was running EPEL package 18.4.4-3.el6.i686 then upgraded the package to 1.8.5.0-1.el6.i686 and the system will dial out but as soon as the far end picks up Asterisk terminates the call. What gives? We’re using Asterisk to dial out our SIP gateway as part of an authentication system in which the recipient of the call must then put in a PIN code but now the system hangs up as soon as they pick up!

david55 · September 7, 2011, 12:18pm

Can’t say without versbose CLI and probably also sip set debug traces.

system · September 8, 2011, 10:29pm

Under verbose command line mode I’m seeing issues with executing .agi files with a Permission denied response even though Asterisk owns the directory and the files themselves with permissions on all files of 755. I just have the base RPM installed since it’s only purpose to to dial out through a sip trunk. Is there an additional package that needs to be installed?

abw1oim · September 8, 2011, 10:38pm

Correct permissions for the agi-file itself doesn’t always imply correct functioning of them as the may refer to system commands without a path. When asterisk is running under a non-privileged account (non-root) You should check the commands within the agi for the ability of the user asterisk is running under to execute these commands.

system · September 8, 2011, 11:09pm

Thanks for the tip. However, as a little experiment on a test system I added the asterisk user to the root group so technically it should be able to run anything it needs. No luck. Same permissions error. If you want to see the agi script I’ll post it so you can see what it’s trying to do.

SGM · September 8, 2011, 11:12pm

Please post the asterisk verbose output of the AGI execution and if possible the scripts.

system · September 8, 2011, 11:22pm

– Attempting call on SIP/trunk_1/9********** for VPNOutcallWithPIN@internal:1 (Retry 1)
== Using SIP RTP TOS bits 184
== Using SIP RTP CoS mark 5
> Channel SIP/trunk_1-00000000 was answered.
– Executing [VPNOutcallWithPIN@internal:1] Verbose(“SIP/trunk_1-00000000”, “1,Call Remote User”) in new stack
Call Remote User
– Executing [VPNOutcallWithPIN@internal:2] AGI(“SIP/trunk_1-00000000”, “call-remote-user-with-pin.agi,jkrautter.desk,gdyb21LQTcIANtvYMT7QVQ”) in new stack
– Launched AGI Script /var/lib/asterisk/agi-bin/call-remote-user-with-pin.agi
call-remote-user-with-pin.agi,jkrautter.desk,gdyb21LQTcIANtvYMT7QVQ: Failed to execute ‘/var/lib/asterisk/agi-bin/call-remote-user-with-pin.agi’: Permission denied
– Executing [VPNOutcallWithPIN@internal:3] Hangup(“SIP/trunk_1-00000000”, “”) in new stack
== Spawn extension (internal, VPNOutcallWithPIN, 3) exited non-zero on ‘SIP/trunk_1-00000000’
[Sep 8 16:08:57] NOTICE[4175]: pbx_spool.c:362 attempt_thread: Call completed to SIP/trunk_1/9**********

“Script”
#!/usr/bin/perl
use strict;
use Digest::MD5 qw(md5_base64);

Set up some directories for the RADIUS interface

    use constant    STATUS_FILE_DIR=>       "/etc/raddb/scripts/";

    use constant    CHKPIN_OK=>             0;
    use constant    CHKPIN_NODIGITS=>       -1;
    use constant    CHKPIN_BADPIN=>         -2;
    use constant    CHKPIN_BADRESPONSE=>    -3;

$|=1;

Setup some variables

my %AGI;
my $attempt = 1;
my $username=$ARGV[0];
my $pin=$ARGV[1];
my $retVal = -1;
my $digest = “”;
my $result ="";

Read environment variables passed in from Asterisk

while() {
chomp;
last unless length($);
if (/^agi(\w+):\s+(.*)$/) {
$AGI{$1} = $2;
}
}

print STDERR “AGI Environment Dump:\n”;
foreach my $i (sort keys %AGI) {
print STDERR " – $i = $AGI{$i}\n";
}

print STDERR “Username= $username\n”;
print STDERR “Hashed PIN= $pin\n”;

Compare PIN entered by user with hased value passed in from FreeRADIUS/Asterisk

String from Asterisk is in the form of “200 result=1234” if 1234 were the digits entered.

The 200 is a success indication from the Asterisk call

sub checkPIN {
my ($response) = @_;
chomp $response;
if ($response =~ /^200/) {
$response =~ /result=(-?\d+)/;
if (!length($1)) {
print STDERR “No digits\n”;
return CHKPIN_NODIGITS;
}
else {
if ($pin eq md5_base64($1)) {
print STDERR “Correct PIN entered\n”;
return CHKPIN_OK;
}
else {
print STDERR “Incorrect PIN entered\n”;
return CHKPIN_BADPIN;
}
}
} else {
print STDERR “FAIL (unexpected result ‘$response’)\n”;
return CHKPIN_BADRESPONSE;
}
}

While the return value is not used in most cases it is important to wait for something

on STDIN so that Asterisk has time to play the message.

sub sayEnterPIN() {
print “GET DATA enter-pin 10000 4\n”;
return ;
}

sub sayIncorrectPINRetry() {
print “GET DATA cos-wrong-pin 10000 4\n”;
return ;
}

sub sayMaxAttempts() {
print “STREAM FILE max-attempts “”\n”;
return ;
}

sub sayThankYou() {
print “STREAM FILE thankyou “”\n”;
return ;
}

sub sayAdminNotified() {
print “STREAM FILE sysadmin “”\n”;
return ;
}

sub notifyAdministrator() {
open(MAIL, “|/usr/sbin/sendmail -t”);
print MAIL “To: *********@*.com\n";
print MAIL "From: **********@.com\n”;
print MAIL “Subject: Failed VPN Outdial\n”;
print MAIL “$username experienced a failure connecting to the network.\n”;
close(MAIL);
}

sub exitWithSuccess() {
rename STATUS_FILE_DIR . $username . “.pending”,
STATUS_FILE_DIR . $username . “.success”;
sayThankYou();
print STDERR “username from inside exitWithSuccess: $username\n”;
exit;
}
sub exitWithFailure() {
rename STATUS_FILE_DIR . $username . “.pending”,
STATUS_FILE_DIR . $username . “.failure”;
notifyAdministrator();
sayAdminNotified();
sayThankYou();
print STDERR “username from inside exitWithFailure: $username\n”;
exit;
}

while ($attempt <= 3) {
if ($attempt == 1) {
$result = sayEnterPIN();
}
else {
$result = sayIncorrectPINRetry();
}
print STDERR “Response from request for digits: $result\n”;
$retVal = checkPIN($result);
print STDERR “retVal from checkPIN: $retVal\n”;

    if ($retVal == CHKPIN_OK) {
            exitWithSuccess();
    }
    elsif ($retVal == CHKPIN_NODIGITS) {
            exitWithFailure();
    }
    ++$attempt;

}

sayMaxAttempts();
print STDERR “All three attempts were invalid\n”;
exitWithFailure();

SGM · September 8, 2011, 11:37pm

Please use the code tags (code button right above the message area) for this kind of stuff, as it’s hard to read this way. Also, please check the directory permissions, including upper level directories. Last but not least - check if selinux is running, as it may stop something from being executed.

system · September 9, 2011, 4:31pm

Just took a look at all level permissions, then uninstalled, wiped out all configs, reinstalled and created the .agi and .ulaw files and directories as user asterisk. Still getting permission denied error on executing the .agi file. Should I install the asterisk-dahdi and sounds-core-en-ulaw packages? selinux is disabled at this time.