[asterisk-bugs] [JIRA] (ASTERISK-17599) [patch] IAX can select the wrong channel name

Sean Bright (JIRA) noreply at issues.asterisk.org
Fri Feb 1 15:31:58 CST 2013 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-17599?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sean Bright updated ASTERISK-17599:
-----------------------------------

    Description: 
If more than one IAX user connects from the same IP address, then the wrong IAX2/"name" channel name can be allocated.

The code path to determine which IAX user is used for authentication is different from the code path that determines which name is put into the channel-name field.

The following IAX config (slightly edited) causes an issue for me in version 1.6.2.

{code}
[user1]
type=friend
auth=md5
accountcode=user1
notransfer=yes
context=context1
host=10.0.0.250
username=user1
secret=secret1
disallow=all
allow=alaw

[user2]
type=friend
auth=md5
accountcode=user2
notransfer=yes
context=context2
host=dynamic
deny=0.0.0.0/0.0.0.0
permit=10.0.0.0/24
username=user2
secret=
disallow=all
allow=alaw
{code}

If a call comes in from 10.0.0.250, using username "user2" and with no password, then it is correctly authenticated against the {{\[user2\]}} section.
   Accountcode is set to user2
   Context is set to context2
and the call mostly proceeds correctly, BUT the source channel name is set to IAX2/user1-nnnn, which is then seen both in the dialplan debug output, and in the CDR.

This is because the channel name is found by using the first matching IP address in the configuration, rather than using the section that was used for authentication.

  was:
If more than one IAX user connects from the same IP address, then the wrong IAX2/"name" channel name can be allocated.

The code path to determine which IAX user is used for authentication is different from the code path that determines which name is put into the channel-name field.

****** ADDITIONAL INFORMATION ******

The following IAX config (slightly edited) causes an issue for me in
version 1.6.2.

[user1]
type=friend
auth=md5
accountcode=user1
notransfer=yes
context=context1
host=10.0.0.250
username=user1
secret=secret1
disallow=all
allow=alaw

[user2]
type=friend
auth=md5
accountcode=user2
notransfer=yes
context=context2
host=dynamic
deny=0.0.0.0/0.0.0.0
permit=10.0.0.0/24
username=user2
secret=
disallow=all
allow=alaw

If a call comes in from 10.0.0.250, using username "user2" and with no
password, then it is correctly authenticated against the [user2]
section.
   Accountcode is set to user2
   Context is set to context2
and the call mostly proceeds correctly, BUT the source channel name is
set to IAX2/user1-nnnn, which is then seen both in the dialplan debug
output, and in the CDR.

This is because the channel name is found by using the first matching IP address in the configuration, rather than using the section that was used for authentication.

    
> [patch] IAX can select the wrong channel name
> ---------------------------------------------
>
>                 Key: ASTERISK-17599
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-17599
>             Project: Asterisk
>          Issue Type: Bug
>          Components: Channels/chan_iax2
>    Affects Versions: 1.6.2.17
>            Reporter: Steve Davies
>            Severity: Minor
>         Attachments: iax_username.1.6.2.17-rc1.patch
>
>
> If more than one IAX user connects from the same IP address, then the wrong IAX2/"name" channel name can be allocated.
> The code path to determine which IAX user is used for authentication is different from the code path that determines which name is put into the channel-name field.
> The following IAX config (slightly edited) causes an issue for me in version 1.6.2.
> {code}
> [user1]
> type=friend
> auth=md5
> accountcode=user1
> notransfer=yes
> context=context1
> host=10.0.0.250
> username=user1
> secret=secret1
> disallow=all
> allow=alaw
> [user2]
> type=friend
> auth=md5
> accountcode=user2
> notransfer=yes
> context=context2
> host=dynamic
> deny=0.0.0.0/0.0.0.0
> permit=10.0.0.0/24
> username=user2
> secret=
> disallow=all
> allow=alaw
> {code}
> If a call comes in from 10.0.0.250, using username "user2" and with no password, then it is correctly authenticated against the {{\[user2\]}} section.
>    Accountcode is set to user2
>    Context is set to context2
> and the call mostly proceeds correctly, BUT the source channel name is set to IAX2/user1-nnnn, which is then seen both in the dialplan debug output, and in the CDR.
> This is because the channel name is found by using the first matching IP address in the configuration, rather than using the section that was used for authentication.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the asterisk-bugs mailing list