Merged revisions 199139 via svnmerge from

https://origsvn.digium.com/svn/asterisk/trunk

................
  r199139 | dvossel | 2009-06-04 14:10:16 -0500 (Thu, 04 Jun 2009) | 9 lines

  Merged revisions 199138 via svnmerge from
  https://origsvn.digium.com/svn/asterisk/branches/1.4

  ........
    r199138 | dvossel | 2009-06-04 14:00:15 -0500 (Thu, 04 Jun 2009) | 3 lines

    Additional updates to AST-2009-001
  ........
................

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.6.1@199141 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c
index 200404cf3f180ebc01a9be00d99eb3e972b33d03..39cbdb0e996706561f2480e6ef0a86aa338bafb7 100644 (file)
--- a/channels/chan_iax2.c
+++ b/channels/chan_iax2.c
@@ -609,7 +609,8 @@ struct chan_iax2_pvt {
                /*! Default parkinglot */
                AST_STRING_FIELD(parkinglot);
        );
-       
+       /*! AUTHREJ all AUTHREP frames */
+       int authrej;
        /*! permitted authentication methods */
        int authmethods;
        /*! permitted encryption methods */
@@ -6252,6 +6253,18 @@ static int check_access(int callno, struct sockaddr_in *sin, struct iax_ies *ies
                        ast_string_field_set(iaxs[callno], secret, user->secret);
                res = 0;
                user = user_unref(user);
+       } else {
+                /* user was not found, but we should still fake an AUTHREQ.
+                 * Set authmethods to the last known authmethod used by the system
+                 * Set a fake secret, it's not looked at, just required to attempt authentication.
+                 * Set authrej so the AUTHREP is rejected without even looking at its contents */
+               iaxs[callno]->authmethods = last_authmethod ? last_authmethod : (IAX_AUTH_MD5 | IAX_AUTH_PLAINTEXT);
+               ast_string_field_set(iaxs[callno], secret, "badsecret");
+               iaxs[callno]->authrej = 1;
+               if (!ast_strlen_zero(iaxs[callno]->username)) {
+                       /* only send the AUTHREQ if a username was specified. */
+                       res = 0;
+               }
        }
        ast_set2_flag(iaxs[callno], iax2_getpeertrunk(*sin), IAX_TRUNK);        
        return res;
@@ -6362,6 +6375,9 @@ static int authenticate_verify(struct chan_iax2_pvt *p, struct iax_ies *ies)
                .name = p->username,    
        };
 
+       if (p->authrej) {
+               return res;
+       }
        user = ao2_find(users, &tmp_user, OBJ_POINTER);
        if (user) {
                if (ast_test_flag(p, IAX_MAXAUTHREQ)) {