freeswitch icon indicating copy to clipboard operation
freeswitch copied to clipboard
verified publisher icon signalwire

Data retrieved by curl_xml is not merged and processed

Open klimenttoshkov opened this issue 4 years ago • 4 comments

Most of the data returned to curl_xml requests is not processed.

Examples are explained below:

Retrieve response to sip_auth request (e4f195a1-2ba3-467d-9843-1eb5e5b6fa59.tmp.xml)

  1. The user retrieved has cidr="..." tag. This cidr tag is not being added to (default) domains ACL and of course calls coming from this cidr are not being authenticated as this user. Calls coming from 194.153.118.28 are rejected because not found in ACL.
  2. The user has gateways definitions in XML response. Those gateways are not added to configuration and are not accessible. Both defined gateways are not visible with sofia status.

Retrieve response to network-list request (7b068a66-db5d-4b02-a2f9-7c5a217eba4d.tmp.xml)

  1. All data returned is not merged to existing ACL. In fact I had to try this just because addresses listed in cidr (1 above) are not being added to ACL.

FreeSWITCH (Version 1.10.6 -release 64bit)

e4f195a1-2ba3-467d-9843-1eb5e5b6fa59.tmp.txt 7b068a66-db5d-4b02-a2f9-7c5a217eba4d.tmp.txt

klimenttoshkov avatar Aug 20 '21 17:08 klimenttoshkov

To wrap it up the most concerning for me is that parameter cidr is ignored when user is authenticated using curl_xml Returned value is NOT being added to ACL domains and calls that are coming from specific IPs are not automatically authenticated as coming from this user.

klimenttoshkov avatar Aug 21 '21 17:08 klimenttoshkov

I have went ahead and inspected switch_core.c. Found out that when using static XML directory the cidr attribute is added to ACL only when the user tag is not child of group tag. According to lines 1640 and 1653 it should work with both child of group and child of domain but it works only with domain.

klimenttoshkov avatar Aug 21 '21 19:08 klimenttoshkov

Definitely found a bug in switch_core.c: Line 1637 assigns to x_domain the value of key <users> in order to iterate over all users. But if we have <users> then x_domain is trimmed down to only the users and then then at line 1652 x_domain is probed for <groups>, which will be overwritten at line 1637.

This works only in the edge case when we have NO <users> and only <groups>. Should IMHO be changed.

Also for some reason switch_xml_locate_domain at line 1628 returns the static XML domain and does not include users that are authenticated via CURL XML snippets. This leads to not processing their "cidr" attributes.

klimenttoshkov avatar Aug 21 '21 20:08 klimenttoshkov

We have the same problem. It still exists in FreeSWITCH Version 1.10.12

adamseeliger avatar Nov 10 '25 14:11 adamseeliger