[asterisk-bugs] [JIRA] (ASTERISK-26645) res_pjsip_endpoint_identifier_ip: Does not check for updates in realtime database

[Ross Beer (JIRA)]

     [ https://issues.asterisk.org/jira/browse/ASTERISK-26645?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ross Beer updated ASTERISK-26645:
---------------------------------

    Description: 
When storing endpoint identifier entries in a realtime backend, entries are not checked for updates.

I would have expected the table to either be queried periodically or when a SIP device tries to send messages to Asterisk.

If changes are made to the database, the only way for these to be pulled into the asterisk config is to manually run a show command to load it.

The sorcery config is as follows:

{noformat}
[res_pjsip_endpoint_identifier_ip]
identify=config,pjsip.conf,criteria=type=identify
identify/cache=memory_cache,expire_on_reload=yes,full_backend_cache=yes
identify=realtime,ps_endpoint_id_ips
{noformat}

The command used to fetch the data from the database is:

{noformat}
pjsip show identify <ENDPOINT>
{noformat}

Once the command has been run, devices are successfully authenticated via IP.

As this table could be hammered by attempted hackers, I would suggest a periodic check be put in place or negative caching.

  was:
When storing endpoint identifier entries in a realtime backend, entries are not checked for updates.

I would have expected the table to either be queried periodically or when a SIP device tries to send messages to Asterisk.

If changes are made to the database, the only way for these to be pulled into the asterisk config is to manually run a show command to load it.

The sorcery config is as follows:

{noformat}
[res_pjsip_endpoint_identifier_ip]
identify=config,pjsip.conf,criteria=type=identify
identify/cache=memory_cache,expire_on_reload=yes,full_backend_cache=yes
identify=realtime,ps_endpoint_id_ips
{noformat}

The command used to fetch the data from the database is:

{noformat}
pjsip show identify ST15689T001
{noformat}

Once the command has been run, devices are successfully authenticated via IP.

As this table could be hammered by attempted hackers, I would suggest a periodic check be put in place or negative caching.


> res_pjsip_endpoint_identifier_ip: Does not check for updates in realtime database
> ---------------------------------------------------------------------------------
>
>                 Key: ASTERISK-26645
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-26645
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip_endpoint_identifier_ip
>    Affects Versions: 13.12.2
>         Environment: Fedora 23
>            Reporter: Ross Beer
>
> When storing endpoint identifier entries in a realtime backend, entries are not checked for updates.
> I would have expected the table to either be queried periodically or when a SIP device tries to send messages to Asterisk.
> If changes are made to the database, the only way for these to be pulled into the asterisk config is to manually run a show command to load it.
> The sorcery config is as follows:
> {noformat}
> [res_pjsip_endpoint_identifier_ip]
> identify=config,pjsip.conf,criteria=type=identify
> identify/cache=memory_cache,expire_on_reload=yes,full_backend_cache=yes
> identify=realtime,ps_endpoint_id_ips
> {noformat}
> The command used to fetch the data from the database is:
> {noformat}
> pjsip show identify <ENDPOINT>
> {noformat}
> Once the command has been run, devices are successfully authenticated via IP.
> As this table could be hammered by attempted hackers, I would suggest a periodic check be put in place or negative caching.



--
This message was sent by Atlassian JIRA
(v6.2#6252)