From: David Vossel <dvossel@digium.com>
Date: Thu, 4 Jun 2009 19:16:15 +0000 (+0000)
Subject: Merged revisions 199139 via svnmerge from
X-Git-Tag: 1.6.1.3-rc1~175
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0a9c235bc12703b6cc307a0e1076a4685a43fd85;p=thirdparty%2Fasterisk.git

Merged revisions 199139 via svnmerge from
https://origsvn.digium.com/svn/asterisk/trunk

................
  r199139 | dvossel | 2009-06-04 14:10:16 -0500 (Thu, 04 Jun 2009) | 9 lines

  Merged revisions 199138 via svnmerge from
  https://origsvn.digium.com/svn/asterisk/branches/1.4

  ........
    r199138 | dvossel | 2009-06-04 14:00:15 -0500 (Thu, 04 Jun 2009) | 3 lines

    Additional updates to AST-2009-001
  ........
................


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.6.1@199141 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---

diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c
index 200404cf3f..39cbdb0e99 100644
--- a/channels/chan_iax2.c
+++ b/channels/chan_iax2.c
@@ -609,7 +609,8 @@ struct chan_iax2_pvt {
 		/*! Default parkinglot */
 		AST_STRING_FIELD(parkinglot);
 	);
-	
+	/*! AUTHREJ all AUTHREP frames */
+	int authrej;
 	/*! permitted authentication methods */
 	int authmethods;
 	/*! permitted encryption methods */
@@ -6252,6 +6253,18 @@ static int check_access(int callno, struct sockaddr_in *sin, struct iax_ies *ies
 			ast_string_field_set(iaxs[callno], secret, user->secret);
 		res = 0;
 		user = user_unref(user);
+	} else {
+		 /* user was not found, but we should still fake an AUTHREQ.
+		  * Set authmethods to the last known authmethod used by the system
+		  * Set a fake secret, it's not looked at, just required to attempt authentication.
+		  * Set authrej so the AUTHREP is rejected without even looking at its contents */
+		iaxs[callno]->authmethods = last_authmethod ? last_authmethod : (IAX_AUTH_MD5 | IAX_AUTH_PLAINTEXT);
+		ast_string_field_set(iaxs[callno], secret, "badsecret");
+		iaxs[callno]->authrej = 1;
+		if (!ast_strlen_zero(iaxs[callno]->username)) {
+			/* only send the AUTHREQ if a username was specified. */
+			res = 0;
+		}
 	}
 	ast_set2_flag(iaxs[callno], iax2_getpeertrunk(*sin), IAX_TRUNK);	
 	return res;
@@ -6362,6 +6375,9 @@ static int authenticate_verify(struct chan_iax2_pvt *p, struct iax_ies *ies)
 		.name = p->username,	
 	};
 
+	if (p->authrej) {
+		return res;
+	}
 	user = ao2_find(users, &tmp_user, OBJ_POINTER);
 	if (user) {
 		if (ast_test_flag(p, IAX_MAXAUTHREQ)) {