[asterisk-dev] IAX calls without authentication and RealTime

Joshua Colp jcolp at digium.com
Mon Dec 10 13:41:51 CST 2007


----- Original Message -----
From: Richard Braun
[mailto:rbraun at proformatique.com]
To: asterisk-dev at lists.digium.com
Sent:
Mon, 10 Dec 2007 11:57:44 -0400
Subject: [asterisk-dev] IAX calls without
authentication and RealTime


> Hello,
> 
> chan_iax2 can perform IAX calls without providing the peer with a username
> or password. This is usucally set on the server side with something like
> 
> [guest]
> type = user
> context = incoming
> 
> but when using RealTime to store such an entry, the chan_iax2 module
> doesn't respect that behaviour and is unable to allow unauthenticated
> calls.
> 
> I'm not sure how chan_iax2 handles its cache and what it does before
> check_access() is called. It looks like, when looking up the entry
> with RealTime, the module provides the ipaddr and port members.
> However, a guest user has obviously no such attributes and as a result
> there is simply no answer, then the call fails.
> 
> Is this a known issue ?

To an extent it is... it's the way it is designed. Let me explain!

When a call without a username comes in it doesn't actually look for guest. It goes through each entry in iax.conf and seeing if it matches using a few different methods. It just so happens that in the case of most configurations the guest user entry is the last entry in the iax.conf, and is matched as a last resort. This is documented in iax.txt in the doc directory of 1.4 if you want to take a gander.

Joshua Colp
Software Developer
Digium, Inc.



More information about the asterisk-dev mailing list