From 1990c4347e3f6f0afdc273e1f60f7c7a69f99423 Mon Sep 17 00:00:00 2001
From: Russell Bryant <russell@russellbryant.com>
Date: Tue, 10 Aug 2010 21:50:24 +0000
Subject: [PATCH] Merged revisions 281650 via svnmerge from
 https://origsvn.digium.com/svn/asterisk/branches/1.8

........
  r281650 | russell | 2010-08-10 16:47:31 -0500 (Tue, 10 Aug 2010) | 5 lines

  Change the default value for alwaysauthreject in sip.conf to "yes".

  (closes issue #17756)
  Reported by: oej
........


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@281651 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 UPGRADE-1.8.txt            | 3 +++
 channels/sip/include/sip.h | 2 +-
 configs/sip.conf.sample    | 1 +
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/UPGRADE-1.8.txt b/UPGRADE-1.8.txt
index 677fdb7c21..905681fe25 100644
--- a/UPGRADE-1.8.txt
+++ b/UPGRADE-1.8.txt
@@ -20,6 +20,9 @@
 
 From 1.6.2 to 1.8:
 
+* The default value for the alwaysauthreject option in sip.conf has been changed
+  from "no" to "yes".
+
 * The behavior of the 'parkedcallstimeout' has changed slightly.  The formulation
   of the extension name that a timed out parked call is delivered to when this
   option is set to 'no' was modified such that instead of converting '/' to '0',
diff --git a/channels/sip/include/sip.h b/channels/sip/include/sip.h
index 0e207ca23d..cf3c0da696 100644
--- a/channels/sip/include/sip.h
+++ b/channels/sip/include/sip.h
@@ -214,7 +214,7 @@
 #define	DEFAULT_MATCHEXTERNADDRLOCALLY FALSE /*!< Match extern IP locally default setting */
 #define DEFAULT_QUALIFY        FALSE    /*!< Don't monitor devices */
 #define DEFAULT_CALLEVENTS     FALSE    /*!< Extra manager SIP call events */
-#define DEFAULT_ALWAYSAUTHREJECT  FALSE /*!< Don't reject authentication requests always */
+#define DEFAULT_ALWAYSAUTHREJECT  TRUE  /*!< Don't reject authentication requests always */
 #define DEFAULT_REGEXTENONQUALIFY FALSE
 #define DEFAULT_T1MIN             100   /*!< 100 MS for minimal roundtrip time */
 #define DEFAULT_MAX_CALL_BITRATE (384)  /*!< Max bitrate for video */
diff --git a/configs/sip.conf.sample b/configs/sip.conf.sample
index 35f4f682ee..c61e8787c2 100644
--- a/configs/sip.conf.sample
+++ b/configs/sip.conf.sample
@@ -356,6 +356,7 @@ srvlookup=yes                   ; Enable DNS SRV lookups on outbound calls
                                 ; instead of letting the requester know whether there was
                                 ; a matching user or peer for their request.  This reduces
                                 ; the ability of an attacker to scan for valid SIP usernames.
+                                ; This option is set to "yes" by default.
 
 ;g726nonstandard = yes          ; If the peer negotiates G726-32 audio, use AAL2 packing
                                 ; order instead of RFC3551 packing order (this is required
-- 
GitLab