[asterisk-users] Realtime logic in Asterisk 1.4.16.1
Mindaugas Kezys
mkezys at gmail.com
Wed Dec 19 16:49:13 CST 2007
-----Original Message-----
From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Michiel van Baak
Sent: Thursday, December 20, 2007 12:22 AM
To: asterisk-users at lists.digium.com
Subject: Re: [asterisk-users] Realtime logic in Asterisk 1.4.16.1
On 00:12, Thu 20 Dec 07, Mindaugas Kezys wrote:
> Hello,
>
> I have configured one provider in Asterisk Realtime DB without username and password, only host=<providers_IP> and ipaddress=<providers_IP>
>
> Now when I'm trying to send call using this provider I'm using following string: Dial(SIP/NUMBER at Provider)
>
> In Asterisk 1.4.15 debug I see that Realtime engine is using query:
>
> [Dec 20 00:02:15] DEBUG[14634]: res_config_mysql.c:138 realtime_mysql: MySQL RealTime: Retrieve SQL: SELECT * FROM devices WHERE name = 'Provider'
>
> to retrieve info about this device.
>
> And in Asterisk 1.4.16.1 I see:
>
> [Dec 20 00:04:12] DEBUG[25686]: res_config_mysql.c:138 realtime_mysql: MySQL RealTime: Retrieve SQL: SELECT * FROM devices WHERE name = 'Provider' AND host = 'dynamic'
>
> Note: host = 'dynamic'
>
> Where this came from? In mine DB host=<providers_IP>, how Asterisk managed to visualize that it should be "dynamic"?!
>
> Offcourse I get:
>
> [Dec 20 00:05:58] WARNING[25686]: chan_sip.c:2898 create_addr: No such host: Provider
> [Dec 20 00:05:58] WARNING[25686]: app_dial.c:1191 dial_exec_full: Unable to create channel of type 'SIP' (cause 3 - No route to destination)
> == Everyone is busy/congested at this time (1:0/0/1)
>
> Because Realtime Engine is not able to find my Provider which is NOT DYNAMIC!
>
> No other settings changed. Same configuration files. res_config_mysql.so recompiled to 1.4.16.1.
>
> Please help or explain what's wrong!
Have a look at
http://downloads.digium.com/pub/security/AST-2007-027.pdf
That's why it's not working anymore
--
Michiel van Baak
michiel at vanbaak.eu
http://michiel.vanbaak.eu
GnuPG key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x71C946BD
"Why is it drug addicts and computer afficionados are both called users?"
-------------------
Thank you for pointing this, but I red this doc many times. It does not help.
I tried to put username/password for my device - but it still is looking for "dynamic". Does it mean I can't have anything else in host field for device except "dynamic"?
Also this PDF states:
"An attacker may impersonate any user using host-based authentication without a secret, simply by guessing the username of that user."
AFAIK host-based authentication is done by IP address. Username and password are not present. Following this I see no logic in above statements:
"host-based authentication without a secret" - host-based auth. is always WITHOUT secret, and
"simply by guessing the username of that user" - again -> host-based auth. is always WITHOUT username
If device (peer/user) has username/password - that's not HOST-BASED authentication.
Correct me if I'm wrong.
Question follows - how can I have host-based authentication in Realtime in Asterisk 1.4.16.1??
Maybe tommorow we will see Asterisk 1.4.16.2?
Regards,
Mindaugas Kezys
http://www.kolmisoft.com
MOR - Advanced Billing for Asterisk PBX
More information about the asterisk-users
mailing list