From 1b2039e7db668b2747fd1f8f604407144c8105d6 Mon Sep 17 00:00:00 2001
From: David Vossel <dvossel@digium.com>
Date: Fri, 3 Sep 2010 22:23:47 +0000
Subject: [PATCH] Merged revisions 285006 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.8
........
r285006 | dvossel | 2010-09-03 17:21:50 -0500 (Fri, 03 Sep 2010) | 9 lines
Disables auth_options_request option by default.
The auth_options_request option was created to do authentication
on OPTIONS request just like INVITES are done. Since it has been
noted that some endpoints use OPTIONS requests as a way of qualifying
a peer and that a 401 authentication response could result in
interoperability issues, this option has been disabled by default.
........
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@285007 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
channels/chan_sip.c | 6 +++---
channels/sip/include/sip.h | 1 +
configs/sip.conf.sample | 9 ++-------
3 files changed, 6 insertions(+), 10 deletions(-)
diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index f4e2312458..33cebb804a 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -26405,7 +26405,7 @@ static int reload_config(enum channelreloadreason reason)
sip_cfg.notifyhold = FALSE; /*!< Keep track of hold status for a peer */
sip_cfg.directrtpsetup = FALSE; /* Experimental feature, disabled by default */
sip_cfg.alwaysauthreject = DEFAULT_ALWAYSAUTHREJECT;
- sip_cfg.auth_options_requests = 1;
+ sip_cfg.auth_options_requests = DEFAULT_AUTH_OPTIONS;
sip_cfg.allowsubscribe = FALSE;
sip_cfg.disallowed_methods = SIP_UNKNOWN;
sip_cfg.contact_ha = NULL; /* Reset the contact ACL */
@@ -26647,8 +26647,8 @@ static int reload_config(enum channelreloadreason reason)
} else if (!strcasecmp(v->name, "alwaysauthreject")) {
sip_cfg.alwaysauthreject = ast_true(v->value);
} else if (!strcasecmp(v->name, "auth_options_requests")) {
- if (ast_false(v->value)) {
- sip_cfg.auth_options_requests = 0;
+ if (ast_true(v->value)) {
+ sip_cfg.auth_options_requests = 1;
}
} else if (!strcasecmp(v->name, "mohinterpret")) {
ast_copy_string(default_mohinterpret, v->value, sizeof(default_mohinterpret));
diff --git a/channels/sip/include/sip.h b/channels/sip/include/sip.h
index 2f44115503..2bd1bc75f6 100644
--- a/channels/sip/include/sip.h
+++ b/channels/sip/include/sip.h
@@ -207,6 +207,7 @@
#define DEFAULT_QUALIFY FALSE /*!< Don't monitor devices */
#define DEFAULT_CALLEVENTS FALSE /*!< Extra manager SIP call events */
#define DEFAULT_ALWAYSAUTHREJECT TRUE /*!< Don't reject authentication requests always */
+#define DEFAULT_AUTH_OPTIONS FALSE
#define DEFAULT_REGEXTENONQUALIFY FALSE
#define DEFAULT_T1MIN 100 /*!< 100 MS for minimal roundtrip time */
#define DEFAULT_MAX_CALL_BITRATE (384) /*!< Max bitrate for video */
diff --git a/configs/sip.conf.sample b/configs/sip.conf.sample
index 08ce0ba778..3208956696 100644
--- a/configs/sip.conf.sample
+++ b/configs/sip.conf.sample
@@ -370,13 +370,8 @@ srvlookup=yes ; Enable DNS SRV lookups on outbound calls
; the ability of an attacker to scan for valid SIP usernames.
; This option is set to "yes" by default.
-;auth_options_requests = no ; sip OPTIONS requests should be treated the exact same as
- ; an INVITE, this includes performing authentication. By default
- ; OPTIONS requests are authenticated, however this option allows
- ; OPTION requests to proceed unauthenticated in order to increase
- ; performance. This may be desirable if OPTIONS are only used to
- ; qualify the availabilty of the endpoint/extension. Disabling
- ; this option is not recommended.
+;auth_options_requests = yes ; Enabling this option will authenticate OPTIONS requests just like
+ ; INVITE requests are. By default this option is disabled.
;g726nonstandard = yes ; If the peer negotiates G726-32 audio, use AAL2 packing
; order instead of RFC3551 packing order (this is required
--
GitLab