[asterisk-bugs] [JIRA] (ASTERISK-20973) Insecure=very does not work if callerId found in extention

Walter Doekes (JIRA) noreply at issues.asterisk.org
Mon Feb 18 15:02:58 CST 2013 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-20973?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=203114#comment-203114 ] 

Walter Doekes commented on ASTERISK-20973:
------------------------------------------

I don't think you're showing us your entire {{sip.conf}}.

If you did, I think we'd see type=user/friend entries named [100]. And that would present a problem for asterisk:

- is the device calling from 1.2.3.4 (the IP) now [100] or [ext-ats] ?
- let's ask the device to authenticate
- ext-ats will send something, and it probably won't match the CLI (see match_auth_username=yes to fix that)

When the CLI is 1000, asterisk doesn't find a user/friend and will then immediately conclude that the device must be [ext-ats] => now things will work like expected.
                
> Insecure=very does not work if callerId found in extention
> ----------------------------------------------------------
>
>                 Key: ASTERISK-20973
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-20973
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/General
>    Affects Versions: 1.8.20.0
>            Reporter: Badalian Vyacheslav
>            Assignee: Badalian Vyacheslav
>
> Hello all.
> Bug Example:
> I use FreePBX (but i belive that bug in asterisk) and have 1 peer and 10 extentions (assigned numbers is 100-110)
> Host configuration like this:
> [ext-ats]
> type=peer
> host=IP
> insecure=invite,port
> context=from-trunk
> disallow=...
> allow=...
> If i call from [ext-ats] to * and my CallerID is 100 (i have extention 100 in asterisk) i get message like "Auth failed", "username and digest mismatch", but if i call from number Callerid 1000 (i don't have extention 1000 in asterisk) param "insecure" is work as it must. In older version (1.4-1.6) insecure does not check callerid, only host and port.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the asterisk-bugs mailing list