[Home]

Summary:ASTERISK-08988: [patch] insecure && ~sipregs == Failed to authenticate
Reporter:Sergey Tamkovich (sergee)Labels:
Date Opened:2007-03-12 12:22:50Date Closed:2007-07-09 21:20:48
Priority:MinorRegression?No
Status:Closed/CompleteComponents:Channels/chan_sip/Registration
Versions:Frequency of
Occurrence
Related
Issues:
Environment:Attachments:( 0) debug-no-patch.txt
( 1) debug-with-patch.txt
( 2) sipregs-insecure-r58833.diff
Description:I'm using ip-based auth:

insecure=port,invite
host=192.168.1.15

update to a current trunk broke my scheme, i can't place calls from that IP anymore. I dig a little bit into source code and findout a reason. I think it is a bug:

chan_sip.c, realtime_peer(), lines 2659-2682

code:


               var = ast_load_realtime("sippeers", "host", ipaddr, NULL);      /* First check for fixed IP hosts */
               if (var && realtimeregs) {
                       tmp = var;
                       while (tmp) {
                               if (!newpeername && !strcasecmp(tmp->name, "name"))
                                       newpeername = tmp->value;
                               tmp = tmp->next;
                       }
                       varregs = ast_load_realtime("sipregs", "name", newpeername, NULL);
               } else {
                       if (realtimeregs)
                               varregs = ast_load_realtime("sipregs", "ipaddr", ipaddr, NULL); /* Then check for registered hosts */
                       else
                               var = ast_load_realtime("sippeers", "ipaddr", ipaddr, NULL); /* Then check for registered hosts */
                       if (varregs) {
                               tmp = varregs;
                               while (tmp) {
                                       if (!newpeername && !strcasecmp(tmp->name, "name"))
                                               newpeername = tmp->value;
                                       tmp = tmp->next;
                               }
                               var = ast_load_realtime("sippeers", "name", newpeername, NULL);
                       }
               }


problem is here:

               if (var && realtimeregs) {

even if i found a record in database (var defined) but don't have 'realtimeregs' - search by host would count as failed. I think this is wrong and should be fixed.

Besides i suppose that if 'realtimeregs' is not defined, then we should use a standard table (sipusers).
Comments:By: Sergey Tamkovich (sergee) 2007-03-12 12:59:20

Patch added,

i'm not sure if it ok to keep varregs == NULL, however it works fine for me.
By: Serge Vecher (serge-v) 2007-03-26 13:12:53

sergee: can you please attach a sip debug with and without the patch?
By: Sergey Tamkovich (sergee) 2007-03-27 07:13:49

serge-v: here are debugs. As you can see, search by "ipaddr" rewrites result of search by "host", so if "ipaddr" is a blank field in DB and host is not, user won't be found in database (it would be found by "host" but then it would be lost because of "ipaddr" search).
By: Sergey Tamkovich (sergee) 2007-04-10 11:54:34

Seems like i'm the only user of realtime :)

The bug is already 2 months in svn-trunk (Revision 54574 - Modified Thu Feb 15 12:10:55 2007 UTC (7 weeks, 5 days ago) by oej) and 1 month in bugtracker :)
By: Joshua C. Colp (jcolp) 2007-04-12 14:32:26

Fixed in trunk as of revision 61618. Thanks!