Summary:ASTERISK-01443: On incoming call IAX authenticates again last peer of list only
Reporter:khb (khb)Labels:
Date Opened:2004-04-20 18:31:39Date Closed:2011-06-07 14:05:20
Versions:Frequency of
Environment:Attachments:( 0) iax-bug
Description:Complete description and debug traces are in attached file

Situation:  Asterisk is registered with FWD Asterisk, (see registry listing below)
A call comes in from FWD (258891) to FWD IAX Account #258878.
FWD Asterisk connects to my Asterisk without username/password (see fist Rx Frame)
to deliver call.
In second frame asterisk is using wrong peer/user to authenticate against.
It will always use the last peer in the list, and search it's context for the
destination extension.
Comments:By: Mark Spencer (markster) 2004-04-20 19:21:16

FWD should specify a user when sending you a call (e.g. fwd) so this is a configuration issue at their end.  I can talk to Ed about this.  Without a username, Asterisk is free to choose any username entry which has appropriate host allow permissions.  This has already been covered in the bug tracker before.  In the mean time, just add an entry that looks like this:

deny= ; Disallow everyone else
allow= ; Allow FWD

to the end of your iax.conf and that will make it work.

By: khb (khb) 2004-04-20 19:53:40

Yes, Mark, we do know that.
I have referred to the previous reports in my report.
I have alerted Ed to that as well.

But it still is a bug, since the missing authentication can be circumvented
easily. The call should ALWAYS fail, and there should be no confusion about it.

By: Mark Spencer (markster) 2004-04-20 19:59:13

No, the authentication can't be circumvented unless the entry that it selects has no authentication requirements (e.g. "guest"). Asterisk will still ask the entry to authenticate as whomever it wants them to authenticate as.

By: Mark Spencer (markster) 2004-04-20 20:27:23

Okay, Just to make things easier, I'm modifying IAX2 so that when no username is specified it will choose the best according to the following preference where lower is better:

1) User has host access but no secret
2) User has no host access and no secret
3) User has a secret and host access
4) User has a secret and no host access

The reason for preferring host access is that at this point it's already been tested so it seems more logical that this might be the "right one".

By: Digium Subversion (svnbot) 2008-01-15 14:51:15.000-0600

Repository: asterisk
Revision: 2723

U   trunk/channels/chan_iax2.c

r2723 | markster | 2008-01-15 14:51:15 -0600 (Tue, 15 Jan 2008) | 2 lines

Select user by more logical grounds when no user is specified (bug ASTERISK-1443, sorta)