<p>Joshua Colp has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.asterisk.org/6907">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">res_pjsip: Add 'ip' as a valid option to 'identify_by' on endpoint.<br><br>When the identify_by option on an endpoint is set to ip it will<br>only be identified using the res_pjsip_endpoint_identifier_ip module.<br>This ensures that it is not mistakenly matched using the username of<br>the From header. To ensure behavior has not changed the default has<br>been changed to "username,ip" for the identify_by option.<br><br>ASTERISK-27206<br><br>Change-Id: I2170b86a7f7e221b4f00bf14aa1ef1ac5b050bbd<br>---<br>M CHANGES<br>A contrib/ast-db-manage/config/versions/20abce6d1e3c_add_pjsip_identify_by_ip.py<br>M include/asterisk/res_pjsip.h<br>M res/res_pjsip.c<br>M res/res_pjsip/pjsip_configuration.c<br>M res/res_pjsip_endpoint_identifier_ip.c<br>6 files changed, 73 insertions(+), 3 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/07/6907/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">diff --git a/CHANGES b/CHANGES<br>index 68617a4..683a164 100644<br>--- a/CHANGES<br>+++ b/CHANGES<br>@@ -27,6 +27,16 @@<br> dialplan in the hash TRANSFER_DATA.<br> <br> ------------------------------------------------------------------------------<br>+--- Functionality changes from Asterisk 15.1.0 to Asterisk 15.2.0 ------------<br>+------------------------------------------------------------------------------<br>+<br>+res_pjsip<br>+------------------<br>+ * The "identify_by" on endpoints can now be set to "ip" to restrict an endpoint<br>+ being matched based only on IP address. To ensure no behavior change the<br>+ default has been changed to "username,ip".<br>+<br>+------------------------------------------------------------------------------<br> --- Functionality changes from Asterisk 15.0.0 to Asterisk 15.1.0 ------------<br> ------------------------------------------------------------------------------<br> <br>diff --git a/contrib/ast-db-manage/config/versions/20abce6d1e3c_add_pjsip_identify_by_ip.py b/contrib/ast-db-manage/config/versions/20abce6d1e3c_add_pjsip_identify_by_ip.py<br>new file mode 100644<br>index 0000000..d457c92<br>--- /dev/null<br>+++ b/contrib/ast-db-manage/config/versions/20abce6d1e3c_add_pjsip_identify_by_ip.py<br>@@ -0,0 +1,46 @@<br>+"""add pjsip identify by ip<br>+<br>+Revision ID: 20abce6d1e3c<br>+Revises: a1698e8bb9c5<br>+Create Date: 2017-10-24 15:44:06.404774<br>+<br>+"""<br>+<br>+# revision identifiers, used by Alembic.<br>+revision = '20abce6d1e3c'<br>+down_revision = 'a1698e8bb9c5'<br>+<br>+from alembic import op<br>+import sqlalchemy as sa<br>+<br>+<br>+def enum_update(table_name, column_name, enum_name, enum_values):<br>+ if op.get_context().bind.dialect.name != 'postgresql':<br>+ if op.get_context().bind.dialect.name == 'mssql':<br>+ op.drop_constraint('ck_ps_endpoints_identify_by_pjsip_identify_by_values', 'ps_endpoints')<br>+ op.alter_column(table_name, column_name,<br>+ type_=sa.Enum(*enum_values, name=enum_name))<br>+ return<br>+<br>+ # Postgres requires a few more steps<br>+ tmp = enum_name + '_tmp'<br>+<br>+ op.execute('ALTER TYPE ' + enum_name + ' RENAME TO ' + tmp)<br>+<br>+ updated = sa.Enum(*enum_values, name=enum_name)<br>+ updated.create(op.get_bind(), checkfirst=False)<br>+<br>+ op.execute('ALTER TABLE ' + table_name + ' ALTER COLUMN ' + column_name +<br>+ ' TYPE ' + enum_name + ' USING identify_by::text::' + enum_name)<br>+<br>+ op.execute('DROP TYPE ' + tmp)<br>+<br>+<br>+def upgrade():<br>+ enum_update('ps_endpoints', 'identify_by', 'pjsip_identify_by_values',<br>+ ['username', 'auth_username', 'ip'])<br>+<br>+<br>+def downgrade():<br>+ enum_update('ps_endpoints', 'identify_by', 'pjsip_identify_by_values',<br>+ ['username', 'auth_username'])<br>diff --git a/include/asterisk/res_pjsip.h b/include/asterisk/res_pjsip.h<br>index e6ccf0a..e71eb98 100644<br>--- a/include/asterisk/res_pjsip.h<br>+++ b/include/asterisk/res_pjsip.h<br>@@ -437,6 +437,8 @@<br> AST_SIP_ENDPOINT_IDENTIFY_BY_USERNAME = (1 << 0),<br> /*! Identify based on user name in Auth header first, then From header */<br> AST_SIP_ENDPOINT_IDENTIFY_BY_AUTH_USERNAME = (1 << 1),<br>+ /*! Identify based on source IP address */<br>+ AST_SIP_ENDPOINT_IDENTIFY_BY_IP = (1 << 2),<br> };<br> AST_VECTOR(ast_sip_identify_by_vector, enum ast_sip_endpoint_identifier_type);<br> <br>diff --git a/res/res_pjsip.c b/res/res_pjsip.c<br>index f81d34c..7936b9c 100644<br>--- a/res/res_pjsip.c<br>+++ b/res/res_pjsip.c<br>@@ -268,7 +268,7 @@<br> <configOption name="ice_support" default="no"><br> <synopsis>Enable the ICE mechanism to help traverse NAT</synopsis><br> </configOption><br>- <configOption name="identify_by" default="username,location"><br>+ <configOption name="identify_by" default="username,ip"><br> <synopsis>Way(s) for Endpoint to be identified</synopsis><br> <description><para><br> Endpoints and aors can be identified in multiple ways. Currently, the supported<br>diff --git a/res/res_pjsip/pjsip_configuration.c b/res/res_pjsip/pjsip_configuration.c<br>index 653cb98..6db5b38 100644<br>--- a/res/res_pjsip/pjsip_configuration.c<br>+++ b/res/res_pjsip/pjsip_configuration.c<br>@@ -582,8 +582,10 @@<br> <br> if (!strcasecmp(val, "username")) {<br> method = AST_SIP_ENDPOINT_IDENTIFY_BY_USERNAME;<br>- } else if (!strcasecmp(val, "auth_username")) {<br>+ } else if (!strcasecmp(val, "auth_username")) {<br> method = AST_SIP_ENDPOINT_IDENTIFY_BY_AUTH_USERNAME;<br>+ } else if (!strcasecmp(val, "ip")) {<br>+ method = AST_SIP_ENDPOINT_IDENTIFY_BY_IP;<br> } else {<br> ast_log(LOG_ERROR, "Unrecognized identification method %s specified for endpoint %s\n",<br> val, ast_sorcery_object_get_id(endpoint));<br>@@ -627,6 +629,9 @@<br> break;<br> case AST_SIP_ENDPOINT_IDENTIFY_BY_AUTH_USERNAME :<br> method = "auth_username";<br>+ break;<br>+ case AST_SIP_ENDPOINT_IDENTIFY_BY_IP :<br>+ method = "ip";<br> break;<br> default:<br> continue;<br>@@ -1901,7 +1906,7 @@<br> ast_sorcery_object_field_register(sip_sorcery, "endpoint", "aors", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_endpoint, aors));<br> ast_sorcery_object_field_register(sip_sorcery, "endpoint", "media_address", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_endpoint, media.address));<br> ast_sorcery_object_field_register(sip_sorcery, "endpoint", "bind_rtp_to_media_address", "no", OPT_BOOL_T, 1, STRFLDSET(struct ast_sip_endpoint, media.bind_rtp_to_media_address));<br>- ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "identify_by", "username", ident_handler, ident_to_str, NULL, 0, 0);<br>+ ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "identify_by", "username,ip", ident_handler, ident_to_str, NULL, 0, 0);<br> ast_sorcery_object_field_register(sip_sorcery, "endpoint", "direct_media", "yes", OPT_BOOL_T, 1, FLDSET(struct ast_sip_endpoint, media.direct_media.enabled));<br> ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "direct_media_method", "invite", direct_media_method_handler, direct_media_method_to_str, NULL, 0, 0);<br> ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "connected_line_method", "invite", connected_line_method_handler, connected_line_method_to_str, NULL, 0, 0);<br>diff --git a/res/res_pjsip_endpoint_identifier_ip.c b/res/res_pjsip_endpoint_identifier_ip.c<br>index 30bfc26..8b92cef 100644<br>--- a/res/res_pjsip_endpoint_identifier_ip.c<br>+++ b/res/res_pjsip_endpoint_identifier_ip.c<br>@@ -227,7 +227,14 @@<br> }<br> <br> endpoint = ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(), "endpoint", match->endpoint_name);<br>+<br> if (endpoint) {<br>+ if (!(endpoint->ident_method & AST_SIP_ENDPOINT_IDENTIFY_BY_IP)) {<br>+ ast_debug(3, "Endpoint '%s' found for '%s' but 'ip' method not supported'\n", match->endpoint_name,<br>+ ast_sockaddr_stringify(&addr));<br>+ ao2_cleanup(endpoint);<br>+ return NULL;<br>+ }<br> ast_debug(3, "Retrieved endpoint %s\n", ast_sorcery_object_get_id(endpoint));<br> } else {<br> ast_log(LOG_WARNING, "Identify section '%s' points to endpoint '%s' but endpoint could not be looked up\n",<br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/6907">change 6907</a>. To unsubscribe, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/6907"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>
<div style="display:none"> Gerrit-Change-Id: I2170b86a7f7e221b4f00bf14aa1ef1ac5b050bbd </div>
<div style="display:none"> Gerrit-Change-Number: 6907 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Joshua Colp <jcolp@digium.com> </div>