[Home]

Summary:ASTERISK-15119: [patch] "requirecalltoken" config directive not respected globally
Reporter:Ben Klang (bklang)Labels:
Date Opened:2009-11-11 13:57:18.000-0600Date Closed:2009-12-04 16:04:14.000-0600
Priority:TrivialRegression?No
Status:Closed/CompleteComponents:Documentation
Versions:Frequency of
Occurrence
Related
Issues:
Environment:Attachments:( 0) clarify-iax-requirecalltoken.patch
Description:While migrating to Asterisk 1.6 I found that the "requirecalltoken=auto" does not appear to be respected when set globally.  Digging into the chan_iax2.c sources, it appears that the configuration directive is only checked in the context of users and peers.  I tested and can confirm that requirecalltoken is respected when set on individual iax2 peers and users.

The iax.conf that is distributed with Asterisk 1.6 makes it sound like requirecalltoken is only settable in the context of a peer/user/friend, but the example is provided globally (see iax.conf line 335).

If the intent is NOT to allow requirecalltoken globally, then the example config file should be updated.  However, I believe it would be useful to allow administrators to set requirecalltoken globally as a matter of policy.  If the Asterisk developers agree with my opinion, I am willing to create a patch to that effect.
Comments:By: Leif Madsen (lmadsen) 2009-11-13 08:16:25.000-0600

Would you mind posting a note to the asterisk-dev list to see if it would be something that should be globally set? If you get acknowledgement that it should be and can provide the patch, that would be great!
By: Leif Madsen (lmadsen) 2009-11-13 08:17:34.000-0600

Changing the severity to feature for now, but it looks like the sample files should probably be updated to not show this globally.

However it may be that the developers consider it not being globally available as a bug, so I'm not going to change anything for now. This is another thing that you might want to bring up on the asterisk-dev mailing list. Thanks!
By: Ben Klang (bklang) 2009-11-18 13:03:27.000-0600

I have done some additional reading of the document IAX2-Security.pdf and researched the causes for the calltoken feature's original implementation.  Given the focus on security, I have changed my opinion and believe that requiring administrators to explicitly disable call tokens per-peer is a good idea.  All this needs now is some clarification in the sample iax.conf that is distributed with Asterisk.
By: Leif Madsen (lmadsen) 2009-11-18 13:53:47.000-0600

Would you mind creating some text that you feel would be useful and attaching it here at a patch, or at least upload it as a file and set it as "documentation or code" so I can review? I can put it into the files as appropriate. Thanks!
By: Ben Klang (bklang) 2009-12-04 15:52:54.000-0600

I have attached a re-wording as you requested.  It's a pretty small change, but at least order the information is presented is consistent with the paragraph above it.
By: Digium Subversion (svnbot) 2009-12-04 16:01:47.000-0600

Repository: asterisk
Revision: 233279

U   branches/1.4/configs/iax.conf.sample

------------------------------------------------------------------------
r233279 | dvossel | 2009-12-04 16:01:46 -0600 (Fri, 04 Dec 2009) | 7 lines

clarify requirecalltoken option in iax.sample.conf

(closes issue ASTERISK-15119)
Reported by: bklang
Patches:
     clarify-iax-requirecalltoken.patch uploaded by bklang (license 919)

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=233279
By: Digium Subversion (svnbot) 2009-12-04 16:02:30.000-0600

Repository: asterisk
Revision: 233280

_U  trunk/
U   trunk/configs/iax.conf.sample

------------------------------------------------------------------------
r233280 | dvossel | 2009-12-04 16:02:29 -0600 (Fri, 04 Dec 2009) | 14 lines

Merged revisions 233279 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.4

........
 r233279 | dvossel | 2009-12-04 15:54:01 -0600 (Fri, 04 Dec 2009) | 7 lines
 
 clarify requirecalltoken option in iax.sample.conf
 
 (closes issue ASTERISK-15119)
 Reported by: bklang
 Patches:
       clarify-iax-requirecalltoken.patch uploaded by bklang (license 919)
........

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=233280
By: Digium Subversion (svnbot) 2009-12-04 16:03:17.000-0600

Repository: asterisk
Revision: 233281

_U  branches/1.6.2/
U   branches/1.6.2/configs/iax.conf.sample

------------------------------------------------------------------------
r233281 | dvossel | 2009-12-04 16:03:17 -0600 (Fri, 04 Dec 2009) | 21 lines

Merged revisions 233280 via svnmerge from
https://origsvn.digium.com/svn/asterisk/trunk

................
 r233280 | dvossel | 2009-12-04 15:54:44 -0600 (Fri, 04 Dec 2009) | 14 lines
 
 Merged revisions 233279 via svnmerge from
 https://origsvn.digium.com/svn/asterisk/branches/1.4
 
 ........
   r233279 | dvossel | 2009-12-04 15:54:01 -0600 (Fri, 04 Dec 2009) | 7 lines
   
   clarify requirecalltoken option in iax.sample.conf
   
   (closes issue ASTERISK-15119)
   Reported by: bklang
   Patches:
         clarify-iax-requirecalltoken.patch uploaded by bklang (license 919)
 ........
................

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=233281
By: Digium Subversion (svnbot) 2009-12-04 16:03:39.000-0600

Repository: asterisk
Revision: 233283

_U  branches/1.6.1/
U   branches/1.6.1/configs/iax.conf.sample

------------------------------------------------------------------------
r233283 | dvossel | 2009-12-04 16:03:39 -0600 (Fri, 04 Dec 2009) | 21 lines

Merged revisions 233280 via svnmerge from
https://origsvn.digium.com/svn/asterisk/trunk

................
 r233280 | dvossel | 2009-12-04 15:54:44 -0600 (Fri, 04 Dec 2009) | 14 lines
 
 Merged revisions 233279 via svnmerge from
 https://origsvn.digium.com/svn/asterisk/branches/1.4
 
 ........
   r233279 | dvossel | 2009-12-04 15:54:01 -0600 (Fri, 04 Dec 2009) | 7 lines
   
   clarify requirecalltoken option in iax.sample.conf
   
   (closes issue ASTERISK-15119)
   Reported by: bklang
   Patches:
         clarify-iax-requirecalltoken.patch uploaded by bklang (license 919)
 ........
................

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=233283
By: Digium Subversion (svnbot) 2009-12-04 16:04:14.000-0600

Repository: asterisk
Revision: 233284

_U  branches/1.6.0/
U   branches/1.6.0/configs/iax.conf.sample

------------------------------------------------------------------------
r233284 | dvossel | 2009-12-04 16:04:14 -0600 (Fri, 04 Dec 2009) | 21 lines

Merged revisions 233280 via svnmerge from
https://origsvn.digium.com/svn/asterisk/trunk

................
 r233280 | dvossel | 2009-12-04 15:54:44 -0600 (Fri, 04 Dec 2009) | 14 lines
 
 Merged revisions 233279 via svnmerge from
 https://origsvn.digium.com/svn/asterisk/branches/1.4
 
 ........
   r233279 | dvossel | 2009-12-04 15:54:01 -0600 (Fri, 04 Dec 2009) | 7 lines
   
   clarify requirecalltoken option in iax.sample.conf
   
   (closes issue ASTERISK-15119)
   Reported by: bklang
   Patches:
         clarify-iax-requirecalltoken.patch uploaded by bklang (license 919)
 ........
................

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=233284