diff options
author | dvossel <dvossel@f38db490-d61c-443f-a65b-d21fe96a405b> | 2010-09-03 22:23:47 +0000 |
---|---|---|
committer | dvossel <dvossel@f38db490-d61c-443f-a65b-d21fe96a405b> | 2010-09-03 22:23:47 +0000 |
commit | 308a4ad7253b26e042d944343e81ab1f672fa8ac (patch) | |
tree | 7d7f2ce3f1ec502f23569ad9908fef9b5214f7e1 | |
parent | b906aaadd5c3941174b49bb370f910309807f3fd (diff) |
Merged revisions 285006 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.8
........
r285006 | dvossel | 2010-09-03 17:21:50 -0500 (Fri, 03 Sep 2010) | 9 lines
Disables auth_options_request option by default.
The auth_options_request option was created to do authentication
on OPTIONS request just like INVITES are done. Since it has been
noted that some endpoints use OPTIONS requests as a way of qualifying
a peer and that a 401 authentication response could result in
interoperability issues, this option has been disabled by default.
........
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@285007 f38db490-d61c-443f-a65b-d21fe96a405b
-rw-r--r-- | channels/chan_sip.c | 6 | ||||
-rw-r--r-- | channels/sip/include/sip.h | 1 | ||||
-rw-r--r-- | configs/sip.conf.sample | 9 |
3 files changed, 6 insertions, 10 deletions
diff --git a/channels/chan_sip.c b/channels/chan_sip.c index f4e231245..33cebb804 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -26405,7 +26405,7 @@ static int reload_config(enum channelreloadreason reason) sip_cfg.notifyhold = FALSE; /*!< Keep track of hold status for a peer */ sip_cfg.directrtpsetup = FALSE; /* Experimental feature, disabled by default */ sip_cfg.alwaysauthreject = DEFAULT_ALWAYSAUTHREJECT; - sip_cfg.auth_options_requests = 1; + sip_cfg.auth_options_requests = DEFAULT_AUTH_OPTIONS; sip_cfg.allowsubscribe = FALSE; sip_cfg.disallowed_methods = SIP_UNKNOWN; sip_cfg.contact_ha = NULL; /* Reset the contact ACL */ @@ -26647,8 +26647,8 @@ static int reload_config(enum channelreloadreason reason) } else if (!strcasecmp(v->name, "alwaysauthreject")) { sip_cfg.alwaysauthreject = ast_true(v->value); } else if (!strcasecmp(v->name, "auth_options_requests")) { - if (ast_false(v->value)) { - sip_cfg.auth_options_requests = 0; + if (ast_true(v->value)) { + sip_cfg.auth_options_requests = 1; } } else if (!strcasecmp(v->name, "mohinterpret")) { ast_copy_string(default_mohinterpret, v->value, sizeof(default_mohinterpret)); diff --git a/channels/sip/include/sip.h b/channels/sip/include/sip.h index 2f4411550..2bd1bc75f 100644 --- a/channels/sip/include/sip.h +++ b/channels/sip/include/sip.h @@ -207,6 +207,7 @@ #define DEFAULT_QUALIFY FALSE /*!< Don't monitor devices */ #define DEFAULT_CALLEVENTS FALSE /*!< Extra manager SIP call events */ #define DEFAULT_ALWAYSAUTHREJECT TRUE /*!< Don't reject authentication requests always */ +#define DEFAULT_AUTH_OPTIONS FALSE #define DEFAULT_REGEXTENONQUALIFY FALSE #define DEFAULT_T1MIN 100 /*!< 100 MS for minimal roundtrip time */ #define DEFAULT_MAX_CALL_BITRATE (384) /*!< Max bitrate for video */ diff --git a/configs/sip.conf.sample b/configs/sip.conf.sample index 08ce0ba77..320895669 100644 --- a/configs/sip.conf.sample +++ b/configs/sip.conf.sample @@ -370,13 +370,8 @@ srvlookup=yes ; Enable DNS SRV lookups on outbound calls ; the ability of an attacker to scan for valid SIP usernames. ; This option is set to "yes" by default. -;auth_options_requests = no ; sip OPTIONS requests should be treated the exact same as - ; an INVITE, this includes performing authentication. By default - ; OPTIONS requests are authenticated, however this option allows - ; OPTION requests to proceed unauthenticated in order to increase - ; performance. This may be desirable if OPTIONS are only used to - ; qualify the availabilty of the endpoint/extension. Disabling - ; this option is not recommended. +;auth_options_requests = yes ; Enabling this option will authenticate OPTIONS requests just like + ; INVITE requests are. By default this option is disabled. ;g726nonstandard = yes ; If the peer negotiates G726-32 audio, use AAL2 packing ; order instead of RFC3551 packing order (this is required |