Today, I am publishing the RPMs for SNGrep 1.4.4 All you need to do is to add my OKay's RPM repository, and just install it. SNGrep is a tool for displaying SIP calls message flows from the terminal. It supports live capture to display real-time SIP packets and can also be used as PCAP viewer.

If you wonder what is the big difference from my RPM's, these have all the options enabled as much as possible. This RPM enables the HEP/EEP protocol, very handy if you want to use it to interact with Homer.

RPM's are available for Centos 6 and 7. And you can find it if you type yum search sngrep.

Now that I am managing some cluster with a lot of activity, one of the most common issues is when a user does a change he wants it right away. This is almost true for the most part of the things, but there are some things, such as music on hold or call center. The thing here is that in order to take the new settings, FreeSWITCH requires a module reload; sadly, the module cannot be reloaded if it is being used.

HAProxy is as its name says, a proxy that aims high availability. It can be used not only to proxy the HTTP (Layer 7) but to proxy TCP (Layer 4). Among the many things HAProxy has, it is possible to access its management page to do active monitoring. I will talk about how to set up a simple Nagios monitoring.

FusionPBX, it is a web frontend for the FreeSWITCH (the best VoIP switch in my opinion). By default, FusionPBX hard links a username to its domain. This means user1 in the domain something.inside-out.xyz with password 123 is totally different and isolated to user1 in the domain else.inside-out.xyz with password 123. But this default behavior is not always what we want in our PBX.

FusionPBX allows you to have a unique login. This is not a surprise, almost every web site has moved to this by using email as the login. FusionPBX is not the exception. But it is turned off by default in 4.2. If you turn this on, you will be able to use your unique login (for example the email, as it is supposed that there is only one full address) to get into fusion. This is very handy, you will save money by only purchasing a simple SSL certificate instead of a wildcard one, and you can have somehow an independent server for the FusionPBX page. Just some ideas.

The Bug

DISCLAIMER: I have not personally reproduced this bug, but I have more than one report it has happened. Please note you are only exposed to this bug if you know you have turned on the unique logic.

While working on my day job, I was told that somehow, a user was able to rename a username with its unique login in different tenants. And after doing it, the user was able to log into a domain that was not meant to log in.

Furthermore, if a user knows the unique login of another user and if it updates a user with that username, he was able to log. For example, unique user This email address is being protected from spambots. You need JavaScript enabled to view it. has admin access to its domain dog.inside-out.xyz. Miguel knows the user This email address is being protected from spambots. You need JavaScript enabled to view it. is the admin of the domain bunny.inside-out.xyz. Miguel is aware of this bug. Then, Miguel creates user This email address is being protected from spambots. You need JavaScript enabled to view it. with a known password for him. Miguel edits the username This email address is being protected from spambots. You need JavaScript enabled to view it. and renames it to This email address is being protected from spambots. You need JavaScript enabled to view it. which it already exists (here it is the bug). Miguel tries to log into the system with the new user he just created, and voilá! If he is lucky, he will get access to domain bunny.inside-out.xyz.

The Patch

Today I have sent two pull requests #2484 and #2485 that prevents this. I will put it here anyway (for 4.2).

Edit the file core/users/usersupdate.php, and look around line 115. You will find something like this:

$sql= "select count(*) as num_rows from v_users where domain_uuid = '".$domain_uuid."' and username = '".$username."'";

Replace that line for these:

$sql = "select count(*) as num_rows from v_users where username = '".$username."'";
if ($_SESSION["user"]["unique"]["text"] != "global"){
    $sql .= " and domain_uuid = '".$domain_uuid."'";
}

You are done. Good Luck!

FusionPBX offers a way to remotely reboot your registered endpoints. Of course, those endpoints must honor the SIP signal. However, the problem becomes when you have many extensions. Last week, I had the challenge to reboot more than one thousand endpoints, where eight hundred of them were registered in a single server. As you imagine, the clicking way is too much hassle. There should be another way.