[asterisk-bugs] [Asterisk 0013296]: "From" shouldn't be matched against "users" if INVITE arrives from a "peer" IP
Asterisk Bug Tracker
noreply at bugs.digium.com
Fri Dec 5 10:57:30 CST 2008
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=13296
======================================================================
Reported By: ibc
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 13296
Category: Channels/chan_sip/General
Reproducibility: have not tried
Severity: minor
Priority: normal
Status: new
Asterisk Version: SVN
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Disclaimer on File?: N/A
Request Review:
======================================================================
Date Submitted: 2008-08-13 04:30 CDT
Last Modified: 2008-12-05 10:57 CST
======================================================================
Summary: "From" shouldn't be matched against "users" if
INVITE arrives from a "peer" IP
Description:
Hi, I've realized that Asterisk matches "From" header even if the call
arrives via a defined "peer" IP, so Asterisk asks it for authentication
(that is not possible coming from a provider).
Example:
sip.conf:
----------
[200]
type=friend
host=dynamic
secret=*****
[provider]
type=peer
host=1.2.3.4
----------
If the following INVITE arrives from IP 1.2.3.4 then Asterisk will reject
it with "403 Forbidden" since it matches the "From:
sip:200 at sip_provider.com" against user 200:
---------------
INVITE sip:999888777 at asterisk_ip.org SIP/2.0
From: <sip:200 at sip_provider.com>
---------------
IMHO Asterisk must not try to match a user ("From") if the INVITE arrives
from a peer IP.
The only way to solve it is by ensuring that any INVITE arriving from the
peer has a "From" different than any Asterisk user, that is impossible
(imagine the case in which Asterisk receives a call from an external SIP
provider with peering relation with "sip_provider.com", something like:
---------------
INVITE sip:999888777 at asterisk_ip.org SIP/2.0
From: <sip:200 at sip_provider.com>
P-Asserted-Identity: <sip:999888777 at sip_provider.com>
---------------
PD: I know Asterisk doesn't handle PAI header, imagine then it's RPID.
======================================================================
----------------------------------------------------------------------
(0095870) blitzrage (administrator) - 2008-12-05 10:57
http://bugs.digium.com/view.php?id=13296#c95870
----------------------------------------------------------------------
I'm closing this issue as it is quite clear the way this currently works is
a bug, and the request to change the way this is handled is a feature
request. Thanks!
Issue History
Date Modified Username Field Change
======================================================================
2008-12-05 10:57 blitzrage Note Added: 0095870
======================================================================
More information about the asterisk-bugs
mailing list