Summary: | ASTERISK-01443: On incoming call IAX authenticates again last peer of list only | ||
Reporter: | khb (khb) | Labels: | |
Date Opened: | 2004-04-20 18:31:39 | Date Closed: | 2011-06-07 14:05:20 |
Priority: | Major | Regression? | No |
Status: | Closed/Complete | Components: | Core/General |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) iax-bug | |
Description: | Complete description and debug traces are in attached file Situation: Asterisk is registered with FWD Asterisk, (see registry listing below) A call comes in from FWD (258891) to FWD IAX Account #258878. FWD Asterisk connects to my Asterisk without username/password (see fist Rx Frame) to deliver call. In second frame asterisk is using wrong peer/user to authenticate against. It will always use the last peer in the list, and search it's context for the destination extension. | ||
Comments: | By: Mark Spencer (markster) 2004-04-20 19:21:16 FWD should specify a user when sending you a call (e.g. fwd) so this is a configuration issue at their end. I can talk to Ed about this. Without a username, Asterisk is free to choose any username entry which has appropriate host allow permissions. This has already been covered in the bug tracker before. In the mean time, just add an entry that looks like this: [fwd] type=friend context=default deny=0.0.0.0/0.0.0.0 ; Disallow everyone else allow=65.39.205.121/255.255.255.255 ; Allow FWD to the end of your iax.conf and that will make it work. By: khb (khb) 2004-04-20 19:53:40 Yes, Mark, we do know that. I have referred to the previous reports in my report. I have alerted Ed to that as well. But it still is a bug, since the missing authentication can be circumvented easily. The call should ALWAYS fail, and there should be no confusion about it. By: Mark Spencer (markster) 2004-04-20 19:59:13 No, the authentication can't be circumvented unless the entry that it selects has no authentication requirements (e.g. "guest"). Asterisk will still ask the entry to authenticate as whomever it wants them to authenticate as. By: Mark Spencer (markster) 2004-04-20 20:27:23 Okay, Just to make things easier, I'm modifying IAX2 so that when no username is specified it will choose the best according to the following preference where lower is better: 1) User has host access but no secret 2) User has no host access and no secret 3) User has a secret and host access 4) User has a secret and no host access The reason for preferring host access is that at this point it's already been tested so it seems more logical that this might be the "right one". By: Digium Subversion (svnbot) 2008-01-15 14:51:15.000-0600 Repository: asterisk Revision: 2723 U trunk/channels/chan_iax2.c ------------------------------------------------------------------------ r2723 | markster | 2008-01-15 14:51:15 -0600 (Tue, 15 Jan 2008) | 2 lines Select user by more logical grounds when no user is specified (bug ASTERISK-1443, sorta) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=2723 |