Summary: | ASTERISK-05126: IAX realtime fails if auth is required | ||
Reporter: | Daniel Swarbrick (pressureman) | Labels: | |
Date Opened: | 2005-09-22 00:09:43 | Date Closed: | 2011-06-07 14:03:02 |
Priority: | Major | Regression? | No |
Status: | Closed/Complete | Components: | Core/Configuration |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) iax_realtime.patch | |
Description: | iaxs[fr.callno]->secret does not appear to get populated in socket_read() in chan_iax2.c when using IAX realtime. Peer auth subsequently fails. | ||
Comments: | By: Russell Bryant (russell) 2005-09-22 23:26:49 I just updated IAXtel to the latest CVS Head and it is running realtime. All of the incoming registrations are correctly being authenticated. If you believe that there is a problem, you're going to have to be much more specific. Please include the entry from the database, the 'iax debug', and any other output from the Asterisk CLI. By: Daniel Swarbrick (pressureman) 2005-09-23 00:33:13 Console shows (IP addr obscured) Sep 23 17:28:24 WARNING[11300]: chan_iax2.c:7078 socket_read: I don't know how to authenticate qwerty to 203.x.x.x Database row is (IP addr obscured): iax_id | name | username | type | secret | auth | context | host | qualify --------+-------------+----------+--------+----------+------+-----------------+-----------------------------+--------- 1 | site02 | qwerty | friend | passw0rd | md5 | local-extns | 203.x.x.x | 1000 The same settings work fine if the IAX friend is defined in a conf file. By: Daniel Swarbrick (pressureman) 2005-09-23 00:49:28 IAX debug shows: Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 000 Type: IAX Subclass: POKE Timestamp: 00011ms SCall: 00002 DCall: 00000 [203.x.x.x:4569] Tx-Frame Retry[000] -- OSeqno: 000 ISeqno: 001 Type: IAX Subclass: PONG Timestamp: 00011ms SCall: 00001 DCall: 00002 [203.x.x.x:4569] Rx-Frame Retry[ No] -- OSeqno: 001 ISeqno: 001 Type: IAX Subclass: ACK Timestamp: 00011ms SCall: 00002 DCall: 00001 [203.x.x.x:4569] Sep 23 17:47:20 NOTICE[11631]: res_config_pgsql.c:383 update_pgsql: PgSQL RealTime: Updated 1 rows on table: sip Tx-Frame Retry[000] -- OSeqno: 000 ISeqno: 000 Type: IAX Subclass: NEW Timestamp: 00006ms SCall: 00002 DCall: 00000 [203.x.x.x:4569] VERSION : 2 CALLED NUMBER : TBD CALLED CONTEXT : local-extns FORMAT : 65535 CAPABILITY : 65535 Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 001 Type: IAX Subclass: AUTHREQ Timestamp: 00017ms SCall: 00003 DCall: 00002 [203.x.x.x:4569] AUTHMETHODS : 2 CHALLENGE : 735952221 USERNAME : qwerty Sep 23 17:47:22 WARNING[11631]: chan_iax2.c:7078 socket_read: I don't know how to authenticate qwerty to 203.x.x.x Tx-Frame Retry[-01] -- OSeqno: 001 ISeqno: 001 Type: IAX Subclass: ACK Timestamp: 00017ms SCall: 00002 DCall: 00003 [203.x.x.x:4569] Sep 23 17:47:27 WARNING[11631]: chan_iax2.c:8922 find_cache: Timeout waiting for site02/local-extns exten 600 Sep 23 17:47:27 NOTICE[11631]: res_config_pgsql.c:383 update_pgsql: PgSQL RealTime: Updated 1 rows on table: sip Sep 23 17:47:28 NOTICE[11631]: res_config_pgsql.c:383 update_pgsql: PgSQL RealTime: Updated 1 rows on table: sip Tx-Frame Retry[000] -- OSeqno: 001 ISeqno: 001 Type: IAX Subclass: LAGRQ Timestamp: 10006ms SCall: 00002 DCall: 00003 [203.x.x.x:4569] Rx-Frame Retry[ No] -- OSeqno: 001 ISeqno: 001 Type: IAX Subclass: LAGRQ Timestamp: 10017ms SCall: 00003 DCall: 00002 [203.x.x.x:4569] Tx-Frame Retry[000] -- OSeqno: 002 ISeqno: 002 Type: IAX Subclass: LAGRP Timestamp: 10017ms SCall: 00002 DCall: 00003 [203.x.x.x:4569] Rx-Frame Retry[ No] -- OSeqno: 002 ISeqno: 002 Type: IAX Subclass: LAGRP Timestamp: 10006ms SCall: 00003 DCall: 00002 [203.x.x.x:4569] Tx-Frame Retry[-01] -- OSeqno: 002 ISeqno: 003 Type: IAX Subclass: ACK Timestamp: 10006ms SCall: 00002 DCall: 00003 [203.x.x.x:4569] Rx-Frame Retry[ No] -- OSeqno: 002 ISeqno: 003 Type: IAX Subclass: ACK Timestamp: 10017ms SCall: 00003 DCall: 00002 [203.x.x.x:4569] Tx-Frame Retry[000] -- OSeqno: 003 ISeqno: 003 Type: IAX Subclass: PING Timestamp: 20006ms SCall: 00002 DCall: 00003 [203.x.x.x:4569] Tx-Frame Retry[000] -- OSeqno: 004 ISeqno: 003 Type: IAX Subclass: LAGRQ Timestamp: 20009ms SCall: 00002 DCall: 00003 [203.x.x.x:4569] Rx-Frame Retry[ No] -- OSeqno: 003 ISeqno: 003 Type: IAX Subclass: PING Timestamp: 20017ms SCall: 00003 DCall: 00002 [203.x.x.x:4569] Tx-Frame Retry[000] -- OSeqno: 005 ISeqno: 004 Type: IAX Subclass: PONG Timestamp: 20017ms SCall: 00002 DCall: 00003 [203.x.x.x:4569] RR_JITTER : 0 RR_LOSS : 0 RR_PKTS : 1 By: Russell Bryant (russell) 2005-09-23 06:11:34 It looks like the problem is in authenticate_reply(), since it checks the internal peer list, but does not check realtime if it doesn't find one. It should be using find_peer() to handle all of this. By: Russell Bryant (russell) 2005-09-23 12:30:11 Try this (totally untested) patch and see if it helps you. My big concern with this patch is that find_peer() only uses the peer name for matching, while this function originally included more complex logic for matching the peer. I'm going to have to look into this further to figure out if this matters. If it does, we'll just have to leave the open coded peer list traversal and add a call to realtime_peer() if it isn't found in the list. On a sidenote, I am willing to bet that if you turn on realtime caching with host=dynamic, this problem will go away, since the peer will be present in the internal peer list after registration. By: Daniel Swarbrick (pressureman) 2005-09-24 20:52:48 I haven't tried the patch, but your suggestion of enabling rtcachefriends=yes in iax.conf worked fine. I hope this sheds a bit more light on the original cause of the problem. By: Mark Spencer (markster) 2005-09-25 15:16:46 I don't think any of us conceived of authenticating *to* a realtime peer, that's why I think this has been overlooked for such a long time. I've fixed it in CVS head, although presumably there are some essoterric features of the way the authentication would work for normal peers (i.e. going by username, matching by IP address), which are not used in this case. By: Digium Subversion (svnbot) 2008-01-15 15:49:03.000-0600 Repository: asterisk Revision: 6648 U trunk/channels/chan_iax2.c ------------------------------------------------------------------------ r6648 | markster | 2008-01-15 15:49:03 -0600 (Tue, 15 Jan 2008) | 2 lines Handle authenticating *to* realtime peers (bug ASTERISK-5126) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=6648 |