Summary:ASTERISK-01724: Incoming calls from FWD no longer work since CVS HEAD 2004/05/24
Reporter:kuj (kuj)Labels:
Date Opened:2004-05-29 14:38:04Date Closed:2008-01-15 14:56:46.000-0600
Versions:Frequency of
Environment:Attachments:( 0) chan_sip.c.patch
Description:This is a continuation of 1738, which can't be added to anymore as it's resolved.

After reviewing the fix in 1738, I'm not so sure anymore it is complete. While it will allow inbound calls from peers without authentication, it turns out that no inbound calls do require authentication. I assume that negates the earlier changes to chan_sip completely and is not intended.


What threw me were reports on the mailing list that inbound SIP calls from peers now work again, without the need to have "insecure=very" for the peer in sip.conf. My understanding so far was that if I have a peer defined with a secret or md5secret AND not add an insecure=very to the peer definition, then the peer is supposed to authenticate with to me with either of the defined secrets. If insecure=very is set, p->peersecret and p->peermd5secret are temporarily blanked (in check_user) so that the subsequent check_auth succeeds. The fix for 1738 was to really use p->peersecret and p->peermd5secret when calling check_auth.

However, it turns out that p->peersecret and p->peermd5secret were never initialized to the peer's secrets (from sip.conf) in the first place. So now, when calling check_auth we return immediately as we always send in empty secrets.

The attached patch will initialize p->peersecret/peermd5secret to the respective secrets of the peer (peer->secret/md5secret) defined in sip.conf. I have tested that I can receive inbound SIP calls if and only if the peer is defined insecure=very. I also get call rejects (Failed to authenticate user ...) when secrets don't match.

Seeing that this change has caused much confusion with the users as seen on the mailing list, is there a way to broadly announce or document this change to the auth requirements (insecure=very)??

And lastly, if I understood things completely wrong, feel free to close this immediately.
Comments:By: Mark Spencer (markster) 2004-05-29 19:25:00

Fixed in CVS

By: Digium Subversion (svnbot) 2008-01-15 14:56:46.000-0600

Repository: asterisk
Revision: 3108

U   trunk/channels/chan_sip.c

r3108 | markster | 2008-01-15 14:56:46 -0600 (Tue, 15 Jan 2008) | 2 lines

Initialize secrets properly (bug ASTERISK-1724)