<p>George Joseph <strong>submitted</strong> this change.</p><p><a href="https://gerrit.asterisk.org/c/asterisk/+/16684">View Change</a></p><div style="white-space:pre-wrap">Approvals:
Kevin Harwell: Looks good to me, but someone else must approve
George Joseph: Looks good to me, approved; Approved for Submit
</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">chan_iax2: Allow both secret and outkey at dial time<br><br>Historically, the dial syntax for IAX2 has held that<br>an outkey (used only for RSA authenticated calls)<br>and a secret (used only for plain text and MD5 authenticated<br>calls, historically) were mutually exclusive, and thus<br>the same position in the dial string was used for both<br>values.<br><br>Now that encryption is possible with RSA authentication,<br>this poses a limitation, since encryption requires a<br>secret and RSA authentication requires an outkey. Thus,<br>the dial syntax is extended so that both a secret and<br>an outkey can be specified.<br><br>The new extended syntax is backwards compatible with the<br>old syntax. However, a secret can now be specified after<br>the outkey, or the outkey can be specified after the secret.<br>This makes it possible to spawn an encrypted RSA authenticated<br>call without a corresponding peer being predefined in iax.conf.<br><br>ASTERISK-29707 #close<br><br>Change-Id: I1f8149313ed760169d604afbb07720a8b07dd00e<br>---<br>M channels/chan_iax2.c<br>A doc/CHANGES-staging/chan_iax2_dial.txt<br>2 files changed, 29 insertions(+), 6 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c</span><br><span>index a5996cb..09c0096 100644</span><br><span>--- a/channels/chan_iax2.c</span><br><span>+++ b/channels/chan_iax2.c</span><br><span>@@ -5035,6 +5035,8 @@</span><br><span> */</span><br><span> static void parse_dial_string(char *data, struct parsed_dial_string *pds)</span><br><span> {</span><br><span style="color: hsl(120, 100%, 40%);">+ char *outkey = NULL;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> if (ast_strlen_zero(data))</span><br><span> return;</span><br><span> </span><br><span>@@ -5057,7 +5059,8 @@</span><br><span> if (pds->username) {</span><br><span> data = pds->username;</span><br><span> pds->username = strsep(&data, ":");</span><br><span style="color: hsl(0, 100%, 40%);">- pds->password = data;</span><br><span style="color: hsl(120, 100%, 40%);">+ pds->password = strsep(&data, ":");</span><br><span style="color: hsl(120, 100%, 40%);">+ outkey = data;</span><br><span> }</span><br><span> </span><br><span> data = pds->peer;</span><br><span>@@ -5067,10 +5070,26 @@</span><br><span> /*</span><br><span> * Check for a key name wrapped in [] in the password position.</span><br><span> * If found, move it to the key field instead.</span><br><span style="color: hsl(120, 100%, 40%);">+ * Also allow for both key and secret to be specified, now that</span><br><span style="color: hsl(120, 100%, 40%);">+ * encryption is possible with RSA authentication.</span><br><span> */</span><br><span style="color: hsl(0, 100%, 40%);">- if (pds->password && (pds->password[0] == '[')) {</span><br><span style="color: hsl(120, 100%, 40%);">+ </span><br><span style="color: hsl(120, 100%, 40%);">+ if (pds->password && (pds->password[0] == '[')) { /* key (then maybe secret) */</span><br><span> pds->key = ast_strip_quoted(pds->password, "[", "]");</span><br><span style="color: hsl(0, 100%, 40%);">- pds->password = NULL;</span><br><span style="color: hsl(120, 100%, 40%);">+ if (ast_strlen_zero(outkey)) {</span><br><span style="color: hsl(120, 100%, 40%);">+ pds->password = NULL;</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_debug(1, "Outkey (%s), no secret\n", pds->key);</span><br><span style="color: hsl(120, 100%, 40%);">+ } else {</span><br><span style="color: hsl(120, 100%, 40%);">+ pds->password = outkey;</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_debug(1, "Outkey (%s) and secret (%s)\n", pds->key, pds->password);</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ } else if (outkey && (outkey[0] == '[')) { /* secret, then key */</span><br><span style="color: hsl(120, 100%, 40%);">+ pds->key = ast_strip_quoted(outkey, "[", "]");</span><br><span style="color: hsl(120, 100%, 40%);">+ if (ast_strlen_zero(pds->password)) {</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_debug(1, "Outkey (%s), no secret\n", pds->key);</span><br><span style="color: hsl(120, 100%, 40%);">+ } else {</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_debug(1, "Outkey (%s) and secret (%s)\n", pds->key, pds->password);</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span> }</span><br><span> }</span><br><span> </span><br><span>@@ -6468,7 +6487,7 @@</span><br><span> } else {</span><br><span> struct ast_iax2_mini_enc_hdr *efh = (struct ast_iax2_mini_enc_hdr *)fh;</span><br><span> if (iaxdebug)</span><br><span style="color: hsl(0, 100%, 40%);">- ast_debug(1, "Decoding mini with length %d\n", *datalen);</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_debug(5, "Decoding mini with length %d\n", *datalen);</span><br><span> if (*datalen < 16 + sizeof(struct ast_iax2_mini_hdr))</span><br><span> return -1;</span><br><span> /* Decrypt */</span><br><span>@@ -6506,7 +6525,7 @@</span><br><span> } else {</span><br><span> struct ast_iax2_mini_enc_hdr *efh = (struct ast_iax2_mini_enc_hdr *)fh;</span><br><span> if (iaxdebug)</span><br><span style="color: hsl(0, 100%, 40%);">- ast_debug(1, "Encoding mini frame with length %d\n", *datalen);</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_debug(5, "Encoding mini frame with length %d\n", *datalen);</span><br><span> padding = 16 - ((*datalen - sizeof(struct ast_iax2_mini_enc_hdr)) % 16);</span><br><span> padding = 16 + (padding & 0xf);</span><br><span> memcpy(workspace, poo, padding);</span><br><span>@@ -11993,7 +12012,7 @@</span><br><span> iaxs[fr->callno]->last = fr->ts;</span><br><span> #if 1</span><br><span> if (iaxdebug)</span><br><span style="color: hsl(0, 100%, 40%);">- ast_debug(1, "For call=%d, set last=%u\n", fr->callno, fr->ts);</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_debug(3, "For call=%d, set last=%u\n", fr->callno, fr->ts);</span><br><span> #endif</span><br><span> }</span><br><span> </span><br><span>diff --git a/doc/CHANGES-staging/chan_iax2_dial.txt b/doc/CHANGES-staging/chan_iax2_dial.txt</span><br><span>new file mode 100644</span><br><span>index 0000000..a95832b</span><br><span>--- /dev/null</span><br><span>+++ b/doc/CHANGES-staging/chan_iax2_dial.txt</span><br><span>@@ -0,0 +1,4 @@</span><br><span style="color: hsl(120, 100%, 40%);">+Subject: chan_iax2</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+Both a secret and an outkey may be specified at dial time,</span><br><span style="color: hsl(120, 100%, 40%);">+since encryption is possible with RSA authentication.</span><br><span></span><br></pre><div style="white-space:pre-wrap"></div><p>To view, visit <a href="https://gerrit.asterisk.org/c/asterisk/+/16684">change 16684</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/c/asterisk/+/16684"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: 16 </div>
<div style="display:none"> Gerrit-Change-Id: I1f8149313ed760169d604afbb07720a8b07dd00e </div>
<div style="display:none"> Gerrit-Change-Number: 16684 </div>
<div style="display:none"> Gerrit-PatchSet: 2 </div>
<div style="display:none"> Gerrit-Owner: N A <mail@interlinked.x10host.com> </div>
<div style="display:none"> Gerrit-Reviewer: Friendly Automation </div>
<div style="display:none"> Gerrit-Reviewer: George Joseph <gjoseph@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Kevin Harwell <kharwell@digium.com> </div>
<div style="display:none"> Gerrit-MessageType: merged </div>