Welcome to SIP, this is how SIP works, thats why ppl use IAX.Welcome to SIP for dummies: You have to distinguish between SIP callerid and authentication. First a callerid is used to call another party or to identify yourself to another party. Such a callerid is sent via a 'From:'-line in the SIP header. Second authentication is done by username & password which can differ from your callerid (which is not supported by asterisk). Whenever you register with your SIP proxy or you invite (call) a remote party so called 'Proxy-Authorization' is used to verify your user account. This means you are never anonymous to the SIP proxy - even if you send an anonymous callerid to the remote party.
Now here we go on exploiting asterisk's inability to verify an incoming SIP message from an UA: Once you are registered with asterisk you're credentials have been authenticated and your IP address is kept in a list of registered clients. Now you can invite other parties (this makes you a user in sip.conf terminology) and you can get called (this in turn makes you a peer in sip.conf terminlogy).
The problem is now: If you call with an invalid callerid and valid authentication credentials you cannot be verified as an user so asterisk continues to search for a matching peer (see function check_user_full in chan_sip.c). A suitable peer can be found as soon as your IP address is known to asterisk. What now happens is that asterisk allows you to invite (call) another party as authenticated user even if you are just verified as a peer (which should only receive calls).
My conclusion: check_user_full sould be fixed to make sure a valid user can be found if SIP methods like invite are processed.
Clues, comments, ideas?
Deti _______________________________________________ Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
