[asterisk-bugs] [JIRA] (ASTERISK-23806) Classical ACL not working with sippeers in realtime

Walter Doekes (JIRA) noreply at issues.asterisk.org
Wed Jun 4 04:10:56 CDT 2014 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-23806?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=218985#comment-218985 ] 

Walter Doekes commented on ASTERISK-23806:
------------------------------------------

Ok, this is easy if you know where the problem lies.

{quote}
So, if I have "0.0.0.0/0.0.0.0" in "deny" and an IP like "1.2.3.4" in "permit" for my sip account, but my sip peer can't register.
{quote}

and

{quote}
...
`permit` varchar(40) DEFAULT NULL,
`deny` varchar(40) DEFAULT NULL,
...
{quote}

The realtime columns are loaded in the DB-specified order.

That means that you first get a permit line of 1.2.3.4 and then a deny line of 0.0.0.0/0. Asterisk uses that order, and that results in the denial of all.

The fix is to
- invert the column order in the CREATE TABLE statement

See also:
https://issues.asterisk.org/jira/browse/ASTERISK-4180 <-- for codecs this is implemented in asterisk 11 and higher, but not for acls
(note that it is badly documented)




> Classical ACL not working with sippeers in realtime
> ---------------------------------------------------
>
>                 Key: ASTERISK-23806
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-23806
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/Registration
>    Affects Versions: 11.8.1, 11.9.0
>         Environment: sippeers is in realtime in a mysql 5.5.x on ubuntu 12.04
>            Reporter: Benoit Duverger
>            Severity: Minor
>              Labels: realtime
>         Attachments: myDebugLog
>
>
> Asterisk does not apply permit data fields in realtime.
> So, if I have "0.0.0.0/0.0.0.0" in "deny" and an IP like "1.2.3.4" in "permit" for my sip account, but my sip peer can't register.
> If I have the same settings in sip.conf, it works.
> This is working in realtime on my others asterisk servers in "1.8.25"
> CREATE TABLE IF NOT EXISTS `sipusers` (
>   `id` int(11) NOT NULL AUTO_INCREMENT,
>   `name` varchar(80) NOT NULL,
>   `ipaddr` varchar(45) DEFAULT NULL,
> .
> .
> .
> .
>   `permit` varchar(40) DEFAULT NULL,
>   `deny` varchar(40) DEFAULT NULL,
>   `secret` varchar(40) DEFAULT NULL,
>   `md5secret` varchar(40) DEFAULT NULL,
>   PRIMARY KEY (`id`),
>   UNIQUE KEY `name` (`name`),
>   KEY `ipaddr` (`ipaddr`,`port`),
>   KEY `host` (`host`,`port`)
> ) ENGINE=MyISAM  DEFAULT CHARSET=latin1;



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list