diff options
| -rw-r--r-- | CHANGES | 2 | ||||
| -rw-r--r-- | channels/chan_iax2.c | 16 |
2 files changed, 13 insertions, 5 deletions
@@ -181,6 +181,8 @@ chan_iax2 seconds. Setting this to a higher value may help in lagged networks or those experiencing high packet loss. + * Plaintext auth mode is deprecated and removed from possible default modes. + chan_rtp (was chan_multicast_rtp) ------------------ * Added unicast RTP support and renamed chan_multicast_rtp to chan_rtp. diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c index 456ba8f1e..04cdad1e4 100644 --- a/channels/chan_iax2.c +++ b/channels/chan_iax2.c @@ -7997,7 +7997,7 @@ static int check_access(int callno, struct ast_sockaddr *addr, struct iax_ies *i * Set authmethods to the last known authmethod used by the system * Set a fake secret, it's not looked at, just required to attempt authentication. * Set authrej so the AUTHREP is rejected without even looking at its contents */ - iaxs[callno]->authmethods = last_authmethod ? last_authmethod : (IAX_AUTH_MD5 | IAX_AUTH_PLAINTEXT); + iaxs[callno]->authmethods = last_authmethod ? last_authmethod : IAX_AUTH_MD5; ast_string_field_set(iaxs[callno], secret, "badsecret"); iaxs[callno]->authrej = 1; if (!ast_strlen_zero(iaxs[callno]->username)) { @@ -9192,7 +9192,7 @@ static int registry_authrequest(int callno) * peer does not exist, and vice-versa. * Therefore, we use whatever the last peer used (which may vary over the * course of a server, which should leak minimal information). */ - sentauthmethod = p ? p->authmethods : last_authmethod ? last_authmethod : (IAX_AUTH_MD5 | IAX_AUTH_PLAINTEXT); + sentauthmethod = p ? p->authmethods : last_authmethod ? last_authmethod : IAX_AUTH_MD5; if (!p) { iaxs[callno]->authmethods = sentauthmethod; } @@ -12870,6 +12870,9 @@ static struct iax2_peer *build_peer(const char *name, struct ast_variable *v, st } } else if (!strcasecmp(v->name, "auth")) { peer->authmethods = get_auth_methods(v->value); + if (peer->authmethods & IAX_AUTH_PLAINTEXT) { + ast_log(LOG_WARNING, "Auth method for peer '%s' is set to deprecated 'plaintext' at line %d of iax.conf\n", peer->name, v->lineno); + } } else if (!strcasecmp(v->name, "encryption")) { peer->encmethods |= get_encrypt_methods(v->value); if (!peer->encmethods) { @@ -13040,7 +13043,7 @@ static struct iax2_peer *build_peer(const char *name, struct ast_variable *v, st } } if (!peer->authmethods) - peer->authmethods = IAX_AUTH_MD5 | IAX_AUTH_PLAINTEXT; + peer->authmethods = IAX_AUTH_MD5; ast_clear_flag64(peer, IAX_DELME); } @@ -13189,6 +13192,9 @@ static struct iax2_user *build_user(const char *name, struct ast_variable *v, st } } else if (!strcasecmp(v->name, "auth")) { user->authmethods = get_auth_methods(v->value); + if (user->authmethods & IAX_AUTH_PLAINTEXT) { + ast_log(LOG_WARNING, "Auth method for user '%s' is set to deprecated 'plaintext' at line %d of iax.conf\n", user->name, v->lineno); + } } else if (!strcasecmp(v->name, "encryption")) { user->encmethods |= get_encrypt_methods(v->value); if (!user->encmethods) { @@ -13321,13 +13327,13 @@ static struct iax2_user *build_user(const char *name, struct ast_variable *v, st } if (!user->authmethods) { if (!ast_strlen_zero(user->secret)) { - user->authmethods = IAX_AUTH_MD5 | IAX_AUTH_PLAINTEXT; + user->authmethods = IAX_AUTH_MD5; if (!ast_strlen_zero(user->inkeys)) user->authmethods |= IAX_AUTH_RSA; } else if (!ast_strlen_zero(user->inkeys)) { user->authmethods = IAX_AUTH_RSA; } else { - user->authmethods = IAX_AUTH_MD5 | IAX_AUTH_PLAINTEXT; + user->authmethods = IAX_AUTH_MD5; } } ast_clear_flag64(user, IAX_DELME); |