Summary:ASTERISK-01170: [patch-sortof] SIP users blocked in ACL can still place calls
Reporter:Rob Gagnon (rgagnon)Labels:
Date Opened:2004-03-08 01:48:38.000-0600Date Closed:2011-06-07 14:04:52
Versions:Frequency of
Description:If I block a user using deny= in sip.conf, that user cannot REGISTER with the system.  They cannot receive calls from anyone, BUT:  They can still place calls to other users.


Problem appears to lie in logic within check_user() function in chan_sip.c

The list of users is checked first, but only those to which they would be allowed on ACL.

If user is denied by ACL, the "user" pointer becomes NULL, which then causes the peers to be searched.  A peer can be found if the enty is of type=friend in sip.conf.

The ACL is not checked at all for a peer.  The call proceeds.

If denied by ACL as a user, shouldn't the friend also be denied by ACL as a peer?

I believe this is a problem, and while doing some work in bug ASTERISK-1041086 I solved it, but left the solution commented out in the patch for it.

If others agree this is a bug, I can proceed to build the patch for just this fix under this bug ID.

If this is intended behavior, I will just kill the code fix in ASTERISK-1041086 and get this report closed out.
Comments:By: Rob Gagnon (rgagnon) 2004-03-08 13:02:34.000-0600

I'm a dork.  I forgot to change the context=blah in the [general] section of sip.conf

Someone please close this bug as it was a false alarm.

By: Malcolm Davenport (mdavenport) 2004-03-08 14:19:42.000-0600

Closed per Reporter's request.