Summary: | ASTERISK-08988: [patch] insecure && ~sipregs == Failed to authenticate | ||
Reporter: | Sergey Tamkovich (sergee) | Labels: | |
Date Opened: | 2007-03-12 12:22:50 | Date Closed: | 2007-07-09 21:20:48 |
Priority: | Minor | Regression? | No |
Status: | Closed/Complete | Components: | Channels/chan_sip/Registration |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) debug-no-patch.txt ( 1) debug-with-patch.txt ( 2) sipregs-insecure-r58833.diff | |
Description: | I'm using ip-based auth: insecure=port,invite host=192.168.1.15 update to a current trunk broke my scheme, i can't place calls from that IP anymore. I dig a little bit into source code and findout a reason. I think it is a bug: chan_sip.c, realtime_peer(), lines 2659-2682 code: var = ast_load_realtime("sippeers", "host", ipaddr, NULL); /* First check for fixed IP hosts */ if (var && realtimeregs) { tmp = var; while (tmp) { if (!newpeername && !strcasecmp(tmp->name, "name")) newpeername = tmp->value; tmp = tmp->next; } varregs = ast_load_realtime("sipregs", "name", newpeername, NULL); } else { if (realtimeregs) varregs = ast_load_realtime("sipregs", "ipaddr", ipaddr, NULL); /* Then check for registered hosts */ else var = ast_load_realtime("sippeers", "ipaddr", ipaddr, NULL); /* Then check for registered hosts */ if (varregs) { tmp = varregs; while (tmp) { if (!newpeername && !strcasecmp(tmp->name, "name")) newpeername = tmp->value; tmp = tmp->next; } var = ast_load_realtime("sippeers", "name", newpeername, NULL); } } problem is here: if (var && realtimeregs) { even if i found a record in database (var defined) but don't have 'realtimeregs' - search by host would count as failed. I think this is wrong and should be fixed. Besides i suppose that if 'realtimeregs' is not defined, then we should use a standard table (sipusers). | ||
Comments: | By: Sergey Tamkovich (sergee) 2007-03-12 12:59:20 Patch added, i'm not sure if it ok to keep varregs == NULL, however it works fine for me. By: Serge Vecher (serge-v) 2007-03-26 13:12:53 sergee: can you please attach a sip debug with and without the patch? By: Sergey Tamkovich (sergee) 2007-03-27 07:13:49 serge-v: here are debugs. As you can see, search by "ipaddr" rewrites result of search by "host", so if "ipaddr" is a blank field in DB and host is not, user won't be found in database (it would be found by "host" but then it would be lost because of "ipaddr" search). By: Sergey Tamkovich (sergee) 2007-04-10 11:54:34 Seems like i'm the only user of realtime :) The bug is already 2 months in svn-trunk (Revision 54574 - Modified Thu Feb 15 12:10:55 2007 UTC (7 weeks, 5 days ago) by oej) and 1 month in bugtracker :) By: Joshua C. Colp (jcolp) 2007-04-12 14:32:26 Fixed in trunk as of revision 61618. Thanks! |