[asterisk-bugs] [JIRA] (ASTERISK-25339) res_pjsip: Empty "auth" sections from non-config backgrounds are interpreted as valid

Asterisk Team (JIRA) noreply at issues.asterisk.org
Wed Jul 27 10:22:02 CDT 2016


     [ https://issues.asterisk.org/jira/browse/ASTERISK-25339?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Asterisk Team updated ASTERISK-25339:
-------------------------------------

    Target Release Version/s: 14.0.0

> res_pjsip: Empty "auth" sections from non-config backgrounds are interpreted as valid
> -------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-25339
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-25339
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip
>            Reporter: Matt Jordan
>            Assignee: Matt Jordan
>      Target Release: 13.6.0, 14.0.0
>
>
> When using a non-static conf file backend, a non-existant {{auth}} parameter will be stored as an empty value. This causes {{res_pjsip}} to assume that an empty {{auth}} value was provided, which causes the endpoint to believe that it should authenticate inbound requests, even though no {{auth}} section exists for its empty {{auth}} value.
> As an example, consider the following:
> {code}
> [res_pjsip]
> endpoint=astdb,ps_endpoints
> {code}
> When an endpoint is created via ARI, it will be stored in the database on something like the following:
> {code}
> /ps_endpoints/endpoint/foo                        : {"send_diversion":"true","device_state_busy_at":"0","direct_media_method":"invite","sdp_owner":"foo","pickup_group":"","timers_sess_expires":"1800","message_context":"","accountcode":"","dtls_fingerprint":"SHA-256","rpid_immediate":"false","force_avp":"false","aors":"foo","trust_id_inbound":"false","ice_support":"false","fax_detect":"false","outbound_proxy":"","t38_udptl_maxdatagram":"0","direct_media_glare_mitigation":"none","dtls_rekey":"0","context":"from-external","media_encryption_optimistic":"false","named_pickup_group":"","from_domain":"","mailboxes":"","sdp_session":"foo","rtp_timeout":"30","identify_by":"username","t38_udptl":"false","send_rpid":"false","rtp_engine":"asterisk","t38_udptl_ec":"none","dtls_verify":"No","aggregate_mwi":"true","moh_suggest":"default","media_encryption":"no","callerid":"<unknown>","named_call_group":"","record_on_feature":"automixmon","dtls_setup":"active","inband_progress":"false","timers_min_se":"90","tos_video":"0","rtp_symmetric":"true","rtp_ipv6":"false","record_off_feature":"automixmon","rtp_keepalive":"30","transport":"","t38_udptl_nat":"false","connected_line_method":"invite","allow_transfer":"true","allow_subscribe":"true","srtp_tag_32":"false","g726_non_standard":"false","100rel":"yes","use_avpf":"false","call_group":"","user_eq_phone":"false","allow":"(ulaw|alaw)","sub_min_expiry":"0","force_rport":"true","direct_media":"true","tos_audio":"0","use_ptime":"false","rtp_timeout_hold":"0","dtmf_mode":"rfc4733","media_use_received_transport":"false","language":"","mwi_from_user":"","one_touch_recording":"false","cos_video":"0","rewrite_contact":"false","cos_audio":"0","t38_udptl_ipv6":"false","trust_id_outbound":"false","tone_zone":"","from_user":"","disable_direct_media_on_nat":"false","media_address":"","timers":"yes","send_pai":"false","callerid_privacy":"allowed_not_screened"}
> {code}
> Note that the {{auth}} value is blank. This will be interpreted by {{res_pjsip}} as being a valid auth object, which doesn't exist. The desired behaviour is that we just don't authenticate inbound requests.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list