[asterisk-bugs] [Asterisk 0016223]: "requirecalltoken" config directive not respected globally
Asterisk Bug Tracker
noreply at bugs.digium.com
Wed Nov 18 13:03:27 CST 2009
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=16223
======================================================================
Reported By: bklang
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 16223
Category: Channels/chan_iax2
Reproducibility: always
Severity: feature
Priority: normal
Status: acknowledged
Asterisk Version: SVN
JIRA:
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): 1.6.1
SVN Revision (number only!): 229491
Request Review:
======================================================================
Date Submitted: 2009-11-11 13:57 CST
Last Modified: 2009-11-18 13:03 CST
======================================================================
Summary: "requirecalltoken" config directive not respected
globally
Description:
While migrating to Asterisk 1.6 I found that the "requirecalltoken=auto"
does not appear to be respected when set globally. Digging into the
chan_iax2.c sources, it appears that the configuration directive is only
checked in the context of users and peers. I tested and can confirm that
requirecalltoken is respected when set on individual iax2 peers and users.
The iax.conf that is distributed with Asterisk 1.6 makes it sound like
requirecalltoken is only settable in the context of a peer/user/friend, but
the example is provided globally (see iax.conf line 335).
If the intent is NOT to allow requirecalltoken globally, then the example
config file should be updated. However, I believe it would be useful to
allow administrators to set requirecalltoken globally as a matter of
policy. If the Asterisk developers agree with my opinion, I am willing to
create a patch to that effect.
======================================================================
----------------------------------------------------------------------
(0113951) bklang (reporter) - 2009-11-18 13:03
https://issues.asterisk.org/view.php?id=16223#c113951
----------------------------------------------------------------------
I have done some additional reading of the document IAX2-Security.pdf and
researched the causes for the calltoken feature's original implementation.
Given the focus on security, I have changed my opinion and believe that
requiring administrators to explicitly disable call tokens per-peer is a
good idea. All this needs now is some clarification in the sample iax.conf
that is distributed with Asterisk.
Issue History
Date Modified Username Field Change
======================================================================
2009-11-18 13:03 bklang Note Added: 0113951
======================================================================
More information about the asterisk-bugs
mailing list