ASTERISK-09164: Missing warning about unknown parameters in sip.conf => No warning about misspelled "

[Home]

Summary: ASTERISK-09164: Missing warning about unknown parameters in sip.conf => No warning about misspelled "

Reporter: Bjoern (nightcrawler) Labels:

Date Opened: 2007-04-01 10:17:36 Date Closed: 2007-07-09 21:20:43

Priority: Major Regression? No

Status: Closed/Complete Components: Core/Configuration

Versions: Frequency of
Occurrence

Related
Issues:

Environment: Attachments:

Description: I'm running Asterisk trunk on Fedora Core 6. I found out, that Asterisk does not warn about unknown parameters in sip.conf. This is even though I ran it with very high debug output and verbosity and I also turned on debug logging in logger.conf and sipdebug in sip.conf. Normally it wouldn't matter to me if I could insert anything into sip.conf and Asterisk will just read over it.
The reason, I think a warning about unknown parameters would be necessary is: When I accidently mistype the parametername "secret", users are able to login without a password, which I regard as a security-risk.
Ideas to resolve the problem:
1. A warning about unknown parameters in sip.conf (and other .conf-files, if not already implemented)
2. A parameter in the [general]-section of sip.conf (or in asterisk.conf for all "protocol".conf), which would not permit the creation of users without a secret (or even better, specifying a minimum password strength) would be a very useful feature.

****** ADDITIONAL INFORMATION ******

I also filed this as a question ([HELP] Unknown parameters in sip.conf) in the "Asterisk Support" Forum and was encouraged to file it as a bug.

Comments: By: Clod Patry (junky) 2007-04-01 12:42:40

Just use a template with a default password set?
If you misspell something, your default password will be used, which solve that "security risk".
By: Russell Bryant (russell) 2007-04-03 13:58:05

This issue has been resolved in 1.2, 1.4, and trunk in revisions 59916, 59936, and 59937. Thanks!
By: Olle Johansson (oej) 2007-04-03 14:05:03

This can't be done for type=user since a type=friend has a lot of options that can't be handled by the user. Implementing error messages will cause a *lot* of warnings.
By: Olle Johansson (oej) 2007-04-03 14:05:55

The feature request about "disable-without-secrets" sounds like a good thing to implement in future releases. It's added to my todo list. Thanks.