| Summary: | ASTERISK-11097: AST-2007-027 caused a bug with outbound dialing using the SIPPEERS table | ||
| Reporter: | Tony Plack (plack) | Labels: | |
| Date Opened: | 2007-12-21 17:15:27.000-0600 | Date Closed: | 2011-06-07 14:02:43 |
| Priority: | Major | Regression? | No |
| Status: | Closed/Complete | Components: | Channels/chan_sip/DatabaseSupport |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ( 0) chan_sip.fix | |
| Description: | System cannot find the correct peer when the host IP address has been set and using the name for app_dial. The system is checking only for sippeers with the host value of dynamic. ****** ADDITIONAL INFORMATION ****** There are vendors out there whose security is that the callerid and IP address must match from the source. They do not use a user or password. If you have defined an outbound "peer" in sippeer such as... name=outbound context=default callerid=Me canreinvite=no dtmfmode=rfc2833 fromuser={num} host=1.2.3.4 nat=no port=5060 And then attempt a DIAL(SIP/+19205551212@outbound||TW|) The system will do a query SELECT * FROM asterisk_sipfriends WHERE name = 'outbound' AND host = dynamic Then exit telling you chan_sip.c:2898 create_addr: No such host: outbound It is a great fix for inbound security, but for outbound use of the sippeers table, it is not ideal. | ||
| Comments: | By: Tony Plack (plack) 2007-12-21 17:52:00.000-0600 If I place the following code after line 2502, it works if (!var) { var = ast_load_realtime("sippeers", "name", newpeername, "host !=", "null", NULL); } not the most elegant solution, but I could not figure out how to get "(host = dynamic OR host != null) on line 2502. By: Tony Plack (plack) 2007-12-21 18:03:49.000-0600 Posted the changes in a diff file. Not sure if this is the solution or not but it works in testing and have it on one production machine. By: Tilghman Lesher (tilghman) 2007-12-23 09:47:13.000-0600 Please upgrade to SVN 1.4 as of revision 94660 or higher and see if that works for you. By: Tilghman Lesher (tilghman) 2007-12-23 10:02:50.000-0600 plack: besides, that fix does not work the way that you intend. What it's doing is forming the query "AND host != 'null'", which will match ALL entries, unless you have a host on your local network called 'null.localdomain'. Essentially, your patch has just undone the security fix. If you wanted to take this tack through realtime, then you would have had to do: var = ast_load_realtime("sippeers", "name", newpeername, "host IS NOT NULL AND '1' =", "1", NULL); By: Tilghman Lesher (tilghman) 2007-12-24 09:43:54.000-0600 Let's make that revision 94763 or higher. By: Sergey Tamkovich (sergee) 2007-12-27 05:18:55.000-0600 Corydon76, > If you wanted to take this tack through realtime, then you would have had to do: > var = ast_load_realtime("sippeers", "name", newpeername, "host IS NOT NULL AND '1' =", "1", NULL); I think this is a dirty hack, don't forget that RT engine is not an SQL database, it's a general interface. I'm not sure that res_ldap (or any other future non-sql backend) would like to receive that kind of queries... By: Tilghman Lesher (tilghman) 2007-12-27 10:30:26.000-0600 Regardless, the fix was already committed. Since I've gotten no feedback, I have to assume that this is no longer an issue, so I'm closing. | ||