[asterisk-dev] IAX calls without authentication and RealTime
Joshua Colp
jcolp at digium.com
Mon Dec 10 13:41:51 CST 2007
----- Original Message -----
From: Richard Braun
[mailto:rbraun at proformatique.com]
To: asterisk-dev at lists.digium.com
Sent:
Mon, 10 Dec 2007 11:57:44 -0400
Subject: [asterisk-dev] IAX calls without
authentication and RealTime
> Hello,
>
> chan_iax2 can perform IAX calls without providing the peer with a username
> or password. This is usucally set on the server side with something like
>
> [guest]
> type = user
> context = incoming
>
> but when using RealTime to store such an entry, the chan_iax2 module
> doesn't respect that behaviour and is unable to allow unauthenticated
> calls.
>
> I'm not sure how chan_iax2 handles its cache and what it does before
> check_access() is called. It looks like, when looking up the entry
> with RealTime, the module provides the ipaddr and port members.
> However, a guest user has obviously no such attributes and as a result
> there is simply no answer, then the call fails.
>
> Is this a known issue ?
To an extent it is... it's the way it is designed. Let me explain!
When a call without a username comes in it doesn't actually look for guest. It goes through each entry in iax.conf and seeing if it matches using a few different methods. It just so happens that in the case of most configurations the guest user entry is the last entry in the iax.conf, and is matched as a last resort. This is documented in iax.txt in the doc directory of 1.4 if you want to take a gander.
Joshua Colp
Software Developer
Digium, Inc.
More information about the asterisk-dev
mailing list