From bbaf536f6a88ab8a4999b965b49843687c503f7c Mon Sep 17 00:00:00 2001
From: Mark Spencer <markster@digium.com>
Date: Mon, 3 May 2004 05:14:52 +0000
Subject: [PATCH] Add "insecure=very" where we don't authenticate peers who are
 registered

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@2873 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 channels/chan_sip.c     | 12 +++++++++++-
 configs/sip.conf.sample |  2 ++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index e39ceae95e..30a40a0dfb 100755
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -4502,6 +4502,11 @@ static int check_user(struct sip_pvt *p, struct sip_request *req, char *cmd, cha
 					strncpy(p->context, peer->context, sizeof(p->context) - 1);
 				strncpy(p->peersecret, peer->secret, sizeof(p->peersecret) - 1);
 				strncpy(p->peermd5secret, peer->md5secret, sizeof(p->peermd5secret) - 1);
+				if (peer->insecure > 1) {
+					/* Pretend there is no required authentication if insecure is "very" */
+					strcpy(p->peersecret, "");
+					strcpy(p->peermd5secret, "");
+				}
 				p->callgroup = peer->callgroup;
 				p->pickupgroup = peer->pickupgroup;
 				p->capability = peer->capability;
@@ -6704,7 +6709,12 @@ static struct sip_peer *build_peer(char *name, struct ast_variable *v)
 				else
 					peer->capability &= ~format;
 			} else if (!strcasecmp(v->name, "insecure")) {
-				peer->insecure = ast_true(v->value);
+				if (!strcasecmp(v->value, "very")) {
+					peer->insecure = 2;
+				} else if (ast_true(v->value))
+					peer->insecure = 1;
+				else
+					peer->insecure = 0;
 			} else if (!strcasecmp(v->name, "qualify")) {
 				if (!strcasecmp(v->value, "no")) {
 					peer->maxms = 0;
diff --git a/configs/sip.conf.sample b/configs/sip.conf.sample
index 0c9dd0ebff..773f3719f1 100755
--- a/configs/sip.conf.sample
+++ b/configs/sip.conf.sample
@@ -81,6 +81,8 @@ context = default		; Default context for incoming calls
 ;defaultip=192.168.0.59
 ;mailbox=1234,2345		; Mailbox for message waiting indicator
 ;restrictcid=yes		; To have the callerid restriced -> sent as ANI
+;insecure=yes			; To match a peer based by IP address only and not peer
+;insecure=very			; To allow registered hosts to call without re-authenticating
 
 ;[pingtel]
 ;type=friend
-- 
GitLab