| Summary: | ASTERISK-27472: 401 Unauthorized from INVITE not generating security event | ||
| Reporter: | Michelle Dupuis (generationd) | Labels: | |
| Date Opened: | 2017-12-08 16:02:10.000-0600 | Date Closed: | 2020-01-14 11:13:34.000-0600 |
| Priority: | Minor | Regression? | |
| Status: | Closed/Complete | Components: | Channels/chan_sip/General Channels/chan_sip/Security Framework |
| Versions: | 13.7.2 | Frequency of Occurrence | Constant |
| Related Issues: | |||
| Environment: | CentOS 7 | Attachments: | |
| Description: | Using 'set sip debug on' I can watch the SIP traffic to/from the PBX. I also have another monitor open showing security events from the AMI. I can confirm that failed registration attempts correctly raising security events, but one type of failed SIP transaction is showing 401 Unauthorized in the CLI, but NO security event in the AMI. See Notes below for an example SIP trace that is NOT raising a security event. | ||
| Comments: | By: Asterisk Team (asteriskteam) 2017-12-08 16:02:11.565-0600 Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report. Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process]. By: Joshua C. Colp (jcolp) 2017-12-22 08:20:33.027-0600 The message you are referring to is a challenge for authentication and not a failure itself. The closest security event type would be AST_SECURITY_EVENT_CHAL_SENT which is purely informational, and indeed it is not implemented by chan_sip. If they attempted authentication using the challenge and that failed a security event would get raised. Since this was merely a challenge I don't see this as a critical severity that it is missing. Raising this would be a useful improvement though. Is this something you would be interested in doing? By: Michelle Dupuis (generationd) 2017-12-23 10:10:39.286-0600 I see this in the CLI: chan_sip.c: No matching peer for '‘hi'or‘x’='x';' from '185.107.94.10:37331' Which suggests there was a failure - but no security event is raised. I'm not sure if your last comment was for me, but I'm sure not qualified to program this kind of thing :) By: Joshua C. Colp (jcolp) 2017-12-23 10:14:30.879-0600 There was a failure to find a SIP peer or user, but there wasn't a failure to authenticate. It was still just a challenge (albeit one that will surely fail). If they attempted to actually authenticate then it would raise a security event. I asked as I believe this is a new feature/functionality, which we don't keep open on the issue tracker unless there is a patch attached. The chan_sip module is also extended support so it falls onto the community as well. By: Kevin Harwell (kharwell) 2018-01-09 18:44:54.549-0600 [~generationd], As Josh stated this is a feature request and not a bug. Features requests without patches are not accepted through the issue tracker. Features requests are openly discussed on the mailing lists, forums, and IRC [1]. Please see the Asterisk Issue Guidelines [2] for more information on feature request and patch submission. If you are unable to create and submit a patch yourself, which it sounds like that might be the case, then you'll need to see if someone in the community would be willing to help and/or pay for someone to create the feature patch. [1] http://asterisk.org/community/discuss [2] https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines By: Asterisk Team (asteriskteam) 2018-01-24 12:00:01.514-0600 Suspended due to lack of activity. This issue will be automatically re-opened if the reporter posts a comment. If you are not the reporter and would like this re-opened please create a new issue instead. If the new issue is related to this one a link will be created during the triage process. Further information on issue tracker usage can be found in the Asterisk Issue Guidlines [1]. [1] https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines | ||