[asterisk-commits] dvossel: tag 1.2.33 r199149 - /tags/1.2.33/channels/chan_iax2.c

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Thu Jun 4 14:18:55 CDT 2009


Author: dvossel
Date: Thu Jun  4 14:18:51 2009
New Revision: 199149

URL: http://svn.asterisk.org/svn-view/asterisk?view=rev&rev=199149
Log:
Additional updates to AST-2009-001

Modified:
    tags/1.2.33/channels/chan_iax2.c

Modified: tags/1.2.33/channels/chan_iax2.c
URL: http://svn.asterisk.org/svn-view/asterisk/tags/1.2.33/channels/chan_iax2.c?view=diff&rev=199149&r1=199148&r2=199149
==============================================================================
--- tags/1.2.33/channels/chan_iax2.c (original)
+++ tags/1.2.33/channels/chan_iax2.c Thu Jun  4 14:18:51 2009
@@ -546,6 +546,8 @@
 	char username[80];
 	/*! Expected Secret */
 	char secret[80];
+	/*! AUTHREJ all AUTHREP frames */
+	int authrej;
 	/*! permitted authentication methods */
 	int authmethods;
 	/*! permitted encryption methods */
@@ -1445,7 +1447,7 @@
 		ast_log(LOG_WARNING, "Cannot open '%s': %s\n", s, strerror(errno));
 		return -1;
 	}
-	fd = open(s2, O_RDWR | O_CREAT | O_EXCL);
+	fd = open(s2, O_RDWR | O_CREAT | O_EXCL, 0600);
 	if (fd < 0) {
 		ast_log(LOG_WARNING, "Cannot open '%s' for writing: %s\n", s2, strerror(errno));
 		close(ifd);
@@ -5178,6 +5180,18 @@
 		if (ast_test_flag(user, IAX_TEMPONLY))
 			destroy_user(user);
 		res = 0;
+	} else {
+		 /* user was not found, but we should still fake an AUTHREQ.
+		  * Set authmethods to the last known authmethods used by the system.
+		  * Set a fake secret, it's not looked at, just required to attempt authentication.
+		  * Set authrej so the AUTHREP is rejected without even looking at its contents */
+		iaxs[callno]->authmethods = lastauthmethod ? lastauthmethod : (IAX_AUTH_MD5 | IAX_AUTH_PLAINTEXT);
+		ast_copy_string(iaxs[callno]->secret, "badsecret", sizeof(iaxs[callno]->secret));
+		iaxs[callno]->authrej = 1;
+		if (!ast_strlen_zero(iaxs[callno]->username)) {
+			/* only send the AUTHREQ if a username was specified. */
+			res = 0;
+		}
 	}
 	ast_set2_flag(iaxs[callno], iax2_getpeertrunk(*sin), IAX_TRUNK);	
 	return res;
@@ -5277,6 +5291,9 @@
 	int x;
 	struct iax2_user *user = NULL;
 
+	if (p->authrej) {
+		return res;
+	}
 	ast_mutex_lock(&userl.lock);
 	user = userl.users;
 	while (user) {
@@ -6107,11 +6124,10 @@
 	authmethods = p ? p->authmethods : lastauthmethod ? lastauthmethod : (IAX_AUTH_PLAINTEXT | IAX_AUTH_MD5);
 	if (p && ast_test_flag(p, IAX_TEMPONLY)) {
 		destroy_peer(p);
-	} else if (!p && !delayreject) {
+	} else if (!p) {
 		ast_log(LOG_WARNING, "No such peer '%s'\n", name);
-		return 0;
-	}
-	
+	}
+
 	memset(&ied, 0, sizeof(ied));
 	iax_ie_append_short(&ied, IAX_IE_AUTHMETHODS, authmethods);
 	if (authmethods & (IAX_AUTH_RSA | IAX_AUTH_MD5)) {




More information about the asterisk-commits mailing list