Summary: | ASTERISK-15119: [patch] "requirecalltoken" config directive not respected globally | ||
Reporter: | Ben Klang (bklang) | Labels: | |
Date Opened: | 2009-11-11 13:57:18.000-0600 | Date Closed: | 2009-12-04 16:04:14.000-0600 |
Priority: | Trivial | Regression? | No |
Status: | Closed/Complete | Components: | Documentation |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) clarify-iax-requirecalltoken.patch | |
Description: | While migrating to Asterisk 1.6 I found that the "requirecalltoken=auto" does not appear to be respected when set globally. Digging into the chan_iax2.c sources, it appears that the configuration directive is only checked in the context of users and peers. I tested and can confirm that requirecalltoken is respected when set on individual iax2 peers and users. The iax.conf that is distributed with Asterisk 1.6 makes it sound like requirecalltoken is only settable in the context of a peer/user/friend, but the example is provided globally (see iax.conf line 335). If the intent is NOT to allow requirecalltoken globally, then the example config file should be updated. However, I believe it would be useful to allow administrators to set requirecalltoken globally as a matter of policy. If the Asterisk developers agree with my opinion, I am willing to create a patch to that effect. | ||
Comments: | By: Leif Madsen (lmadsen) 2009-11-13 08:16:25.000-0600 Would you mind posting a note to the asterisk-dev list to see if it would be something that should be globally set? If you get acknowledgement that it should be and can provide the patch, that would be great! By: Leif Madsen (lmadsen) 2009-11-13 08:17:34.000-0600 Changing the severity to feature for now, but it looks like the sample files should probably be updated to not show this globally. However it may be that the developers consider it not being globally available as a bug, so I'm not going to change anything for now. This is another thing that you might want to bring up on the asterisk-dev mailing list. Thanks! By: Ben Klang (bklang) 2009-11-18 13:03:27.000-0600 I have done some additional reading of the document IAX2-Security.pdf and researched the causes for the calltoken feature's original implementation. Given the focus on security, I have changed my opinion and believe that requiring administrators to explicitly disable call tokens per-peer is a good idea. All this needs now is some clarification in the sample iax.conf that is distributed with Asterisk. By: Leif Madsen (lmadsen) 2009-11-18 13:53:47.000-0600 Would you mind creating some text that you feel would be useful and attaching it here at a patch, or at least upload it as a file and set it as "documentation or code" so I can review? I can put it into the files as appropriate. Thanks! By: Ben Klang (bklang) 2009-12-04 15:52:54.000-0600 I have attached a re-wording as you requested. It's a pretty small change, but at least order the information is presented is consistent with the paragraph above it. By: Digium Subversion (svnbot) 2009-12-04 16:01:47.000-0600 Repository: asterisk Revision: 233279 U branches/1.4/configs/iax.conf.sample ------------------------------------------------------------------------ r233279 | dvossel | 2009-12-04 16:01:46 -0600 (Fri, 04 Dec 2009) | 7 lines clarify requirecalltoken option in iax.sample.conf (closes issue ASTERISK-15119) Reported by: bklang Patches: clarify-iax-requirecalltoken.patch uploaded by bklang (license 919) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=233279 By: Digium Subversion (svnbot) 2009-12-04 16:02:30.000-0600 Repository: asterisk Revision: 233280 _U trunk/ U trunk/configs/iax.conf.sample ------------------------------------------------------------------------ r233280 | dvossel | 2009-12-04 16:02:29 -0600 (Fri, 04 Dec 2009) | 14 lines Merged revisions 233279 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r233279 | dvossel | 2009-12-04 15:54:01 -0600 (Fri, 04 Dec 2009) | 7 lines clarify requirecalltoken option in iax.sample.conf (closes issue ASTERISK-15119) Reported by: bklang Patches: clarify-iax-requirecalltoken.patch uploaded by bklang (license 919) ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=233280 By: Digium Subversion (svnbot) 2009-12-04 16:03:17.000-0600 Repository: asterisk Revision: 233281 _U branches/1.6.2/ U branches/1.6.2/configs/iax.conf.sample ------------------------------------------------------------------------ r233281 | dvossel | 2009-12-04 16:03:17 -0600 (Fri, 04 Dec 2009) | 21 lines Merged revisions 233280 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ................ r233280 | dvossel | 2009-12-04 15:54:44 -0600 (Fri, 04 Dec 2009) | 14 lines Merged revisions 233279 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r233279 | dvossel | 2009-12-04 15:54:01 -0600 (Fri, 04 Dec 2009) | 7 lines clarify requirecalltoken option in iax.sample.conf (closes issue ASTERISK-15119) Reported by: bklang Patches: clarify-iax-requirecalltoken.patch uploaded by bklang (license 919) ........ ................ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=233281 By: Digium Subversion (svnbot) 2009-12-04 16:03:39.000-0600 Repository: asterisk Revision: 233283 _U branches/1.6.1/ U branches/1.6.1/configs/iax.conf.sample ------------------------------------------------------------------------ r233283 | dvossel | 2009-12-04 16:03:39 -0600 (Fri, 04 Dec 2009) | 21 lines Merged revisions 233280 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ................ r233280 | dvossel | 2009-12-04 15:54:44 -0600 (Fri, 04 Dec 2009) | 14 lines Merged revisions 233279 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r233279 | dvossel | 2009-12-04 15:54:01 -0600 (Fri, 04 Dec 2009) | 7 lines clarify requirecalltoken option in iax.sample.conf (closes issue ASTERISK-15119) Reported by: bklang Patches: clarify-iax-requirecalltoken.patch uploaded by bklang (license 919) ........ ................ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=233283 By: Digium Subversion (svnbot) 2009-12-04 16:04:14.000-0600 Repository: asterisk Revision: 233284 _U branches/1.6.0/ U branches/1.6.0/configs/iax.conf.sample ------------------------------------------------------------------------ r233284 | dvossel | 2009-12-04 16:04:14 -0600 (Fri, 04 Dec 2009) | 21 lines Merged revisions 233280 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ................ r233280 | dvossel | 2009-12-04 15:54:44 -0600 (Fri, 04 Dec 2009) | 14 lines Merged revisions 233279 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r233279 | dvossel | 2009-12-04 15:54:01 -0600 (Fri, 04 Dec 2009) | 7 lines clarify requirecalltoken option in iax.sample.conf (closes issue ASTERISK-15119) Reported by: bklang Patches: clarify-iax-requirecalltoken.patch uploaded by bklang (license 919) ........ ................ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=233284 |