| Summary: | ASTERISK-29076: Suggestion - Add the domain supported registration | ||
| Reporter: | sungtae kim (pchero) | Labels: | |
| Date Opened: | 2020-09-11 18:11:08 | Date Closed: | 2020-09-14 16:30:28 |
| Priority: | Minor | Regression? | |
| Status: | Closed/Complete | Components: | Resources/res_pjsip_registrar |
| Versions: | 18.0.0 | Frequency of Occurrence | |
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | Currently, the Asterisk doesn't support the domain supported registration.
Simply, if the Asterisk received below registration request it treats as the same registration for 100. {noformat} 100@test1.test.com 100@test2.test.com {noformat} This is fine for small/single hosted PBX services. But these blocks providing the enterprise level of registration service which included various domain names with the same username. To make this, I'd like to add this item into the [auth]section. {noformat} ;==========================AUTH SECTION OPTIONS========================= ;[auth] ... ;domain= ; Domain name for registration {noformat} This fix will add the new identify method to the find_registrar_aor(). | ||
| Comments: | By: Asterisk Team (asteriskteam) 2020-09-11 18:11:09.760-0500 Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. Please note that log messages and other files should not be sent to the Sangoma Asterisk Team unless explicitly asked for. All files should be placed on this issue in a sanitized fashion as needed. A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report. Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process]. Please note that once your issue enters an open state it has been accepted. As Asterisk is an open source project there is no guarantee or timeframe on when your issue will be looked into. If you need expedient resolution you will need to find and pay a suitable developer. Asking for an update on your issue will not yield any progress on it and will not result in a response. All updates are posted to the issue when they occur. Please note that by submitting data, code, or documentation to Sangoma through JIRA, you accept the Terms of Use present at [https://www.asterisk.org/terms-of-use/|https://www.asterisk.org/terms-of-use/]. By: Joshua C. Colp (jcolp) 2020-09-14 05:02:06.851-0500 The auth section is for authentication, I don't think domain belongs there as it feels out of place. I think instead that find_registrar_aor should first try to search including the domain name, falling back to user only. If multidomain support is disabled then it would not try the domain name search at all. This matches how the rest of the functionality works and requires no configuration changes. In the case of auth username matching the realm would be used as the domain name. By: Joshua C. Colp (jcolp) 2020-09-14 05:03:46.834-0500 Looking deeper into things, code already exists in the registrar for domains and it appears to try to behave as I mentioned in my previous comment. What scenario (including configuration and SIP traffic) doesn't work? By: sungtae kim (pchero) 2020-09-14 15:31:25.105-0500 Indeed. But the problem is, the AoR doesn't check the Password using the DIGEST method. So, I'd like to add the domain check to the "auth". And the realm is coming from the Asterisk with 401 response. So, it is not secure. Simply, want to add the feature to use the auth_username with domain name search. By: Joshua C. Colp (jcolp) 2020-09-14 15:35:22.467-0500 You're going to need to provide the information I asked for and elaborate more on how the existing domain support doesn't work and what you are trying to accomplish. AOR and the authentication process are unrelated, except for in the case of auth username using the realm to search for the AOR. Domain support itself already exists by configuring things using the "object@domain" naming scheme, and configuring the domain in the client. If this doesn't work or isn't acceptable then real world examples will be needed. As it is I don't understand what you mean, or how it isn't secure. By: Joshua C. Colp (jcolp) 2020-09-14 15:38:48.823-0500 An example and how you would expect it to work would be great alongside this. Example: I configure the client with these details, I expect to configure Asterisk like so, and have it behave this way. By: sungtae kim (pchero) 2020-09-14 16:28:11.974-0500 Wrong configuration. After changing the pjsip.conf like the below, the Asterisk distinguished the 100@sip.voipbin.net and 100@test.sip.voipbin.net. Closing the issue. {noformat} [100@sip.voipbin.net] type=endpoint auth=100@sip.voipbin.net aors=100@sip.voipbin.net context=testing [100@sip.voipbin.net] type=auth auth_type=userpass username=100 password=100 [100@sip.voipbin.net] type=aor max_contacts=1 [100@test.sip.voipbin.net] type=endpoint auth=100@test.sip.voipbin.net aors=100@test.sip.voipbin.net context=testing [100@test.sip.voipbin.net] type=auth auth_type=userpass username=100 password=101 [100@test.sip.voipbin.net] type=aor max_contacts=1 {noformat} | ||