search

davies147 / astmanproxy

Asterisk Manager Proxy
27 stars 10 forks source link

Events are getting through #18

Open pnlarsson opened 2 years ago

pnlarsson commented 2 years ago

Using autofilter = unique and asterisk 18.8.0, there are still events that "leaking through":

# telnet localhost 5039
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Asterisk Call Manager Proxy/1.30.0
action: login
username: xxxxx
secret: xxxxx
events: off

Response: Success
Message: Authentication accepted

Event: FullyBooted
Privilege: system,all
Status: Fully Booted

Response: Success
ActionID: 1663154460.2415
Message: Event Sent
Server: localhost

Response: Success
ActionID: amp6-1663154465.6838
EventList: start
Message: Queue status will follow
Server: localhost

Event: QueueStatusComplete
ActionID: amp6-1663154465.6838
EventList: Complete
ListItems: 0
Server: localhost

Response: Success
ActionID: amp6-1663154465.6853
EventList: start
Message: Queue status will follow
Server: localhost

action: logoff

Response: Goodbye
Message: Thanks for all the fish.

Connection closed by foreign host.

I presume it has to do with the EventList: start thing (added in ast 13 I think).

Poking around in the code (astmanproxy.c), but failing - where could this be fixed?

davies147 commented 2 years ago

In theory, anything with an ActionID should only go to the endpoint that created the ActionID. Is the information above complete - You injected nothing else except the login and logoff?

If so, I would assume that something is bypassing the actionID check - Or just happening before the check and assuming that the packet should pass. If you run in debug/verbose mode, can you gather more information aqbout what's happening?

pnlarsson commented 10 months ago

Hi, long time and here are some debug:

root@nguc:~# astmanproxy -df
Jan 16 09:29:40: config: parsing configuration file: /etc/asterisk/astmanproxy.conf
Jan 16 09:29:40: config: host, localhost,5038,XXXXXXXX,XXXXXXXX,off,off
Jan 16 09:29:40: config: retryinterval, 2
Jan 16 09:29:40: config: maxretries, 10
Jan 16 09:29:40: config: sslclienthellotimeout, 200
Jan 16 09:29:40: config: acceptencryptedconnection, no
Jan 16 09:29:40: config: acceptunencryptedconnection, yes
Jan 16 09:29:40: config: asteriskwritetimeout, 100
Jan 16 09:29:40: config: clientwritetimeout, 200
Jan 16 09:29:40: config: certfile, /var/lib/asterisk/certs/proxy-server.pem
Jan 16 09:29:40: config: listenaddress, *
Jan 16 09:29:40: config: listenport, 5039
Jan 16 09:29:40: config: authrequired, yes
Jan 16 09:29:40: config: proc_user, nobody
Jan 16 09:29:40: config: proc_group, nogroup
Jan 16 09:29:40: config: inputformat, standard
Jan 16 09:29:40: config: outputformat, standard
Jan 16 09:29:40: config: autofilter, unique
Jan 16 09:29:40: config: filterlocal, off
Jan 16 09:29:40: config: logfile, /var/log/asterisk/astmanproxy
Jan 16 09:29:40: SSL critical error: Failed to use the certificate file!
Jan 16 09:29:40: loading handlers
Jan 16 09:29:40: loading: module csv (/usr/lib/astmanproxy/modules/csv.so)
Jan 16 09:29:40: loading: note, csv_read does not exist; ignoring
Jan 16 09:29:40: loading: note, csv_onconnect does not exist; ignoring
Jan 16 09:29:40: loading: module xml (/usr/lib/astmanproxy/modules/xml.so)
Jan 16 09:29:40: loading: note, xml_onconnect does not exist; ignoring
Jan 16 09:29:40: loading: module http (/usr/lib/astmanproxy/modules/http.so)
Jan 16 09:29:40: loading: note, http_write does not exist; ignoring
Jan 16 09:29:40: loading: note, http_onconnect does not exist; ignoring
Jan 16 09:29:40: loading: module standard (/usr/lib/astmanproxy/modules/standard.so)
Jan 16 09:29:40: loaded handlers
Jan 16 09:29:40: config: parsing configuration file: /etc/asterisk/astmanproxy.users
Jan 16 09:29:40: perm: XXXXXXXX, XXXXXXXX, 0
Jan 16 09:29:40: perm: nagios, YYYYYYYYY, 0
Jan 16 09:29:40: perm: ngpbx, ZZZZZZZZZZZ, 0
Jan 16 09:29:40: Client SSL Context Initialized
Jan 16 09:29:40: asterisk@127.0.0.1: Allocated server session
Jan 16 09:29:40: Set 127.0.0.1 input format to standard
Jan 16 09:29:40: Set 127.0.0.1 output format to standard
Jan 16 09:29:40: launched ast localhost thread!
Jan 16 09:29:40: Listening for connections
Jan 16 09:29:40: asterisk@127.0.0.1: Connecting (u=XXXXXXXX, p=XXXXXXXX, ssl=off)
Jan 16 09:29:40: returning ast_connect with 4
Jan 16 09:29:40: asterisk@127.0.0.1: attempting read...
Jan 16 09:29:40: asterisk@127.0.0.1 got: Asterisk Call Manager/7.0.1
Jan 16 09:29:40: asterisk@127.0.0.1 got: Response: Success
Jan 16 09:29:40: asterisk@127.0.0.1 got: Message: Authentication accepted
Jan 16 09:29:40: asterisk@127.0.0.1: connected successfully!
Jan 16 09:29:40: asterisk@127.0.0.1: connected successfully (No Fullybooted)!
Jan 16 09:29:40: asterisk@127.0.0.1: attempting read...
Jan 16 09:29:51: is_encrypted: 0
Jan 16 09:29:51: Connection received from 127.0.0.1
Jan 16 09:29:51: Set 127.0.0.1 input format to standard
Jan 16 09:29:51: Set 127.0.0.1 output format to standard
Jan 16 09:29:53: client@127.0.0.1 got: action: login
Jan 16 09:29:53: client@127.0.0.1 got: username: XXXXXXXX
Jan 16 09:29:53: client@127.0.0.1 got: secret: XXXXXXXX
Jan 16 09:29:53: client@127.0.0.1 got: events: off
Jan 16 09:29:53: Login attempt as: XXXXXXXX/XXXXXXXX
Jan 16 09:29:53: Login as: XXXXXXXX
Jan 16 09:29:57: is_encrypted: 0
Jan 16 09:29:57: Connection received from 127.0.0.1
Jan 16 09:29:57: Set 127.0.0.1 input format to standard
Jan 16 09:29:57: Set 127.0.0.1 output format to standard
Jan 16 09:29:57: client@127.0.0.1 got: action: Login
Jan 16 09:29:57: client@127.0.0.1 got: actionid: 1705393797.279
Jan 16 09:29:57: client@127.0.0.1 got: username: ngpbx
Jan 16 09:29:57: client@127.0.0.1 got: secret: ZZZZZZZZZZZ
Jan 16 09:29:57: client@127.0.0.1 got: events: off
Jan 16 09:29:57: Login attempt as: ngpbx/ZZZZZZZZZZZ
Jan 16 09:29:57: Login as: ngpbx
Jan 16 09:29:57: client@127.0.0.1 got: action: UserEvent
Jan 16 09:29:57: client@127.0.0.1 got: actionid: 1705393797.2787
Jan 16 09:29:57: client@127.0.0.1 got: userevent: CoreWorker
Jan 16 09:29:57: client@127.0.0.1 got: u_event_type: Pong
Jan 16 09:29:57: client@127.0.0.1 got: u_ping_id: 27754623
Jan 16 09:29:57: client@127.0.0.1 got: u_consumer_time: 1705393797.2787
Jan 16 09:29:57: writing block to localhost
Jan 16 09:29:57: asterisk@127.0.0.1 got: Response: Success
Jan 16 09:29:57: asterisk@127.0.0.1 got: ActionID: amp7-1705393797.2787
Jan 16 09:29:57: asterisk@127.0.0.1 got: Message: Event Sent
Jan 16 09:29:57: asterisk@127.0.0.1: attempting read...
Jan 16 09:29:57: Read error -1 getting line
Jan 16 09:29:57: Connection closed: 127.0.0.1
Jan 16 09:29:57: Freed entire stack.
Jan 16 09:29:57: --- exiting session_do thread ---
Jan 16 09:30:07: client@127.0.0.1 got: action: logoff
Jan 16 09:30:07: Connection closed: 127.0.0.1
Jan 16 09:30:07: Freed entire stack.
Jan 16 09:30:07: Client logged off - exiting thread
^CJan 16 09:30:35: Notifying and closing sessions
Jan 16 09:30:35: asterisk@127.0.0.1: closing server session
Jan 16 09:30:35: Freed entire stack.
Jan 16 09:30:35: asterisk@localhost: forgetting
Jan 16 09:30:35: Closing listener socket
Jan 16 09:30:35: unloading: standard
Jan 16 09:30:35: unloading: http
Jan 16 09:30:35: unloading: xml
Jan 16 09:30:35: unloading: csv
Jan 16 09:30:35: Done!
root@uc01.nguc:~# telnet localhost 5039
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Asterisk Call Manager Proxy/1.30.0
action: login
username: XXXXXXXX
secret: XXXXXXXX
events: off

Response: Success
Message: Authentication accepted

Event: FullyBooted
Privilege: system,all
Status: Fully Booted

Response: Success
ActionID: 1705393797.2787
Message: Event Sent
Server: localhost

action: logoff

Response: Goodbye
Message: Thanks for all the fish.

Connection closed by foreign host.