Why FreeSwitch api command does not work in CLI? - freeswitch

From this guide, I know that FreeSwitch (FS) will load modules, each module would provides some commands and all these commands can be accessed from FS_CLI or ESL.
Here is my test:
1/ Show available commands from FS_CLI:
freeswitch#my-pc> show api
name,description,syntax,ikey
...,Shutdown,,mod_commands
acl,Compare an ip to an acl list,<ip> <list_name>,mod_commands
alias,Alias,[add|stickyadd] <alias> <command> | del [<alias>|*],mod_commands
banner,Return the system banner,,mod_commands
bg_system,Execute a system command in the background,<command>,mod_commands
bgapi,Execute an api command in a thread,<command>[ <arg>],mod_commands
.... other commands....
And I don't see api command from above list.
2/ Try to run api command from Inbound socket connection:
➜ ~ telnet localhost 8021
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Content-Type: auth/request
auth ClueCon
Content-Type: command/reply
Reply-Text: +OK accepted
api msleep 2000
Content-Type: api/response
Content-Length: 3
+OK
3/ Try to run api command from FS_CLI:
freeswitch#my-pc> api msleep 2000
-ERR api msleep 2000 Command not found!
Pls, help me to explain why #2 worked but not #3 (afaik FS_CLI utilizes socket under the hood)

Try to remove api in the command it should work.
freeswitch#ip-172-31-33-109> msleep 2000
+OK
You need to add api when try to call a command outside of CLI in CLI no need to add api without it's work.

Related

How to tunnel pcf service from spring boot application

I have a spring boot application deployed on pivotal cloud foundry.
I'm trying to tunnel (cf ssh) to that application in pcf from my spring boot application, but not able to find any api or client libraries to achieve it.
Actual cli command to tunnel pcf:
cf ssh -N -T -L 10001:localhost:10001 ms name
Any suggestions are welcome.
If you're trying to write Java code that would do the same thing as the cf ssh command, that should be possible. It's standard SSH, but with short-lived credentials so the trick will be generating credentials that you can use from your app.
Here's an example of using a standard SSH/SCP/SFTP client, note that ssh.bosh-lite.com will be your SSH domain, which you can see from cf curl /v2/info:
$ ssh -p 2222 cf:$(cf app app-name --guid)/0#ssh.bosh-lite.com
$ scp -P 2222 -oUser=cf:$(cf app app-name --guid)/0 my-local-file.json ssh.bosh-lite.com:my-remote-file.json
$ sftp -P 2222 cf:$(cf app app-name --guid)/0#ssh.bosh-lite.com
https://github.com/cloudfoundry/diego-ssh#cloud-foundry-via-cloud-controller-and-uaa
That said, you should be able to do something similar with any standard SSH Java library.
As mentioned above, the trick is in getting credentials. The username will be the format cf:application-guid/app-instance-number, which is easy, but the password needs to be generated with cf ssh-code, or the comparable call to the UAA API.
Ex: curl -vv -H 'Accept: application/json' -H "Authorization: $(cf oauth-token)" "https://uaa.run.pivotal.io/oauth/authorize?client_id=ssh-proxy&response_type=code"
This example uses curl to send the request and cf oauth-token to get a valid Oauth2 bearer token for the logged in user. You could get a valid bearer token in a number of ways, including making direct API calls or using the cf-java-client. It just needs to be a valid token for the user that should perform the SSH action (i.e. it would be the user that's running cf ssh).
Hope that helps!

How to use `dns-sd` to discover all domains with specific TLD?

I'm trying to discover all domains with the TLD .ffhh. This is the TLD of the Freifunk Meshnetwork in Hamburg. I tried the following command in Mac Terminal:
dns-sd -B _http._tcp ffhh.
I get this output, but nothing happens after that:
Browsing for _http._tcp.ffhh.
DATE: ---Thu 23 Jul 2015---
10:40:20.934 ...STARTING...
I guess I'm using dns-sd wrong!? What would be the right command to discover all domains with this TLD?
I do not think you can use dns-sd to browse top level domains. (And if you really can -- I'm not sure about this! -- then your command would be correct. It just does not find any result for that TLD. See my further answer...)
Also, browsing for _http._tcp in a certain domain will only display results, if there actually is a HTTP service that is announced via DNS-SD in that domain.
1. dns-sd is for local. domain in the first place
To test it, you can run dns-sd -R in one terminal to announce a fake HTTP service:
dns-sd \
-R "A Fake Announcement to Register a Dummy HTTP Server" \
_http._tcp,_universal \
. \
8081
and then check if the announcement appears in the local browse list:
dns-sd -B _http._tcp
2. dns-sd works also for remote domains ... under certain conditions
To check for announced services in a remote domain, try:
dns-sd -B _ftp._tcp dns-sd.org.
You should see something like
Browsing for _ftp._tcp.dns-sd.org.
DATE: ---Thu 19 May 2016---
17:40:02.111 ...STARTING...
Timestamp A/R Flags if Domain Service Type Instance Name
17:40:02.112 Add 3 0 dns-sd.org. _ftp._tcp. Apple QuickTime Files
17:40:02.112 Add 3 0 dns-sd.org. _ftp._tcp. Microsoft Developer Files
17:40:02.112 Add 2 0 dns-sd.org. _ftp._tcp. Restricted, Registered Users Only
^C
Then you can resolve a specific instance by running another command:
dns-sd -L "Microsoft Developer Files" _ftp._tcp dns-sd.org.
Lookup Microsoft Developer Files._ftp._tcp.dns-sd.org.
DATE: ---Thu 19 May 2016---
17:40:43.972 ...STARTING...
17:40:44.365 Microsoft\032Developer\032Files._ftp._tcp.dns-sd.org. can be reached at ftp.microsoft.com.:21 (interface 0)
txtvers=1
path=/developer
^C
3. So why did browsing the remote dns-sd.org. domain work at all?
This is because Stuart Cheshire, the guy who "invented" DNS-SD and who runs the dns-sd.org domain, did register the FTP services in his own domain within his standard DNS server setup in with the appropriate means.
4. So why does dns-sd.org return records about a Microsoft-controlled FTP service?
This is because Stuart Chesire registered that FTP service as a "proxy advertisement"....
5. Why did your query for the fffh. top level domain not work?
Mainly, because that domain most likely didn't register within a standard DNS server all the HTTP services which are hosted within its realm.
Maybe it doesn't even run a DNS server at all within its domain.
You would only discover those HTTP servers via dns-sd -B _http._tcp local., if each webmaster of such a server would...
...run the appropriate dns-sd -R ... command in the background (if he has a Mac), or
...run the analog avahi-publish -s ... command (if he has Linux)
6. Additional Info
BTW, you could browse and discover remote services without specifying the remote domain name, if you added the remote domain in your general DNS configuration as a "browse domain". See this screenshot where I added dns-sd.org on a MacBook:
In this case you can simply run
dns-sd -B _http._tcp
to also get the remote HTTP services listed (as well as the local ones) instead of running
dns-sd -B _http._tcp dns-sd.org.

Linux install Client's SSL "ca-cert" in local?

I have 2 Linux Servers (with LAMP):
Web Server with SSL (https://www.example.com)
Admin Server (needs to connect to Web Server, via https)
When i connect from Admin Server (to Web Server) via curl command. It is refusing. Then when i use curl with --caeert option, its going through. Like this:
# curl --cacert CAchain.crt -I https://www.example.com
HTTP/1.1 200 OK
..
I'm getting 200 OK only because of --cacert CAchain.crt.
Then obviously i need the pure/basic curl command without defining the --cacert, to be working. Like:
# curl -I https://www.example.com
HTTP/1.1 200 OK
..
So that my Admin Application will for sure be able to connect to it (via https).
But now, when i connect to https://www.example.com from Admin Server (via its Application), it is bouncing back. Not able to reach, with SSL.
How do i make my Linux (RHEL) to install the client's CA-CERT inside, in order automatically AVOID defining the cert file. So that any communications to "https://www.example.com" via CURL or Web Browser (from Admin), can just then successfully go through. (Is it something like, we make "SSH without Keys" logic? But how, please?)
You need to add the CA cert to somewhere that curl can use it - it looks like you're just keeping it in your local directory (which isn't where curl looks for it - typically in some /etc/pki/ssl/ca-bundle.crt-type location). There's a handful of ways to do this. I don't have much experience doing it in RHEL (or CentOS), but have done it for Debian.
This ServerFault Post might help.
Likewise, This Post might help you install/import the CA cert properly.

Get windows proxy username/password

I have an access to a preconfigured Windows XP 32-bit workstation.
It's under firewall and to get outside it uses http proxy server.
To get proxy settings I need host, port, username and password.
http: // username : password # server : port
I'm able to find the proxy url and port (from PAC - automatic config file),
but I don't know how to get username/password. Is there a way to read it somehow? At least username? I might get the admin rights.
Do you know any tool that can help?
I only found these MS docs about some methods to get proxy config connection, but I don't know how to determinate what's the provided credentials:
WinHttpGetIEProxyConfigForCurrentUser function
WINHTTP_CURRENT_USER_IE_PROXY_CONFIG structure
WinHttpGetProxyForUrl function
I've also found this lib, but it's rather for parsing PAC:
http://code.google.com/p/pacparser/
In windows you cannot get password.
To get connect throw a proxy you have to use SSPI, check libcurl, you can get a connected socket throw proxy, build it with enable-sspi and openssl.
Iterating on Fernando Sanchez's answer and Robert's comment, you need to authenticate via SSPI. In my case I've connected using NTLM using this link
With curl using ntlm :
curl.exe --proxy <proxy_name>:<proxy_port> --proxy-ntlm -U : https://www.google.com
Also to partially answer your question the -U : means from curl man page :
If you use a Windows SSPI-enabled curl binary and do either Negotiate
or NTLM authentication then you can tell curl to select the user name
and password from your environment by specifying a single colon with
this option: "-U :".
You can get the proxy name and port from the windows registry (regedit). Quote from Robert's comment:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings]
It can be present either in a manual way using REG_SZ ProxyServer or using an autoconfiguration script using REG_SZ AutoConfigURL = https://<configuration_url>
If the curl command above fails with Failure when receiving data from the peer maybe you have a curl release without NTLM, SSPI or OpenSSL. Try with the latest curl release

Why smtp.gmail.com returns Unrecognized command?

I've written a winsock client
that connects with smtp.gmail, but after the first
EHLO command, every other command would return Unrecognized
command. I tryed AUTH, AUTH LOGIN, MAIL...but all
return the same thing. Where do I find the commands
that works with this server, I think they use SMTP commands differently
They appear to be using an RFC 3207 SMTP/TLS server. Check here for more information: RFC 3207.

Resources