[asterisk-commits] oej: trunk r153904 - in /trunk: ./ channels/ configs/

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Mon Nov 3 09:16:34 CST 2008 

Author: oej
Date: Mon Nov  3 09:16:33 2008
New Revision: 153904

URL: http://svn.digium.com/view/asterisk?view=rev&rev=153904
Log:
Adding a separation of remote authentication and our authentication.
remotesecret => our password for a remote service
secret => our authentication when someone calls us

Secret => still has both functions if remotesecret is not used.

Modified:
    trunk/CHANGES
    trunk/channels/chan_sip.c
    trunk/configs/sip.conf.sample

Modified: trunk/CHANGES
URL: http://svn.digium.com/view/asterisk/trunk/CHANGES?view=diff&rev=153904&r1=153903&r2=153904
==============================================================================
--- trunk/CHANGES (original)
+++ trunk/CHANGES Mon Nov  3 09:16:33 2008
@@ -11,6 +11,10 @@
    making the new/old message count available to local devices.
  * Added support for setting the domain in the URI for caller of an
    outbound call by using the SIPFROMDOMAIN channel variable.
+ * Added a new configuration option "remotesecret" for authentication to
+   remote services. For backwards compatibility, "secret" still has the
+   same function as before, but now you can configure both a remote secret and a
+   local secret for mutual authentication.
 
 Skinny Changes
 --------------

Modified: trunk/channels/chan_sip.c
URL: http://svn.digium.com/view/asterisk/trunk/channels/chan_sip.c?view=diff&rev=153904&r1=153903&r2=153904
==============================================================================
--- trunk/channels/chan_sip.c (original)
+++ trunk/channels/chan_sip.c Mon Nov  3 09:16:33 2008
@@ -1751,14 +1751,17 @@
 	AST_LIST_ENTRY(sip_mailbox) entry;
 };
 
-/*! \brief Structure for SIP peer data, we place calls to peers if registered  or fixed IP address (host) */
+/*! \brief Structure for SIP peer data, we place calls to peers if registered  or fixed IP address (host) 
+	\note This structure needs stringfields! Please!
+*/
 /* XXX field 'name' must be first otherwise sip_addrcmp() will fail */
 struct sip_peer {
 	char name[80];			/*!< peer->name is the unique name of this object */
 	struct sip_socket socket;	/*!< Socket used for this peer */
 	unsigned int transports:3;      /*!< Transports (enum sip_transport) that are acceptable for this peer */
-	char secret[80];		/*!< Password */
+	char secret[80];		/*!< Password for inbound auth */
 	char md5secret[80];		/*!< Password in MD5 */
+	char remotesecret[80];		/*!< Remote secret (trunks, remote devices) */
 	struct sip_auth *auth;		/*!< Realm authentication list */
 	char context[AST_MAX_CONTEXT];	/*!< Default context for incoming calls */
 	char subscribecontext[AST_MAX_CONTEXT];	/*!< Default context for subscriptions */
@@ -10420,8 +10423,9 @@
 		ast_set_flag(&p->flags[0], SIP_OUTGOING);	/* Registration is outgoing call */
 		r->call = dialog_ref(p, "copying dialog into registry r->call");		/* Save pointer to SIP dialog */
 		p->registry = registry_addref(r, "transmit_register: addref to p->registry in transmit_register");	/* Add pointer to registry in packet */
-		if (!ast_strlen_zero(r->secret))	/* Secret (password) */
+		if (!ast_strlen_zero(r->secret)) {	/* Secret (password) */
 			ast_string_field_set(p, peersecret, r->secret);
+		}
 		if (!ast_strlen_zero(r->md5secret))
 			ast_string_field_set(p, peermd5secret, r->md5secret);
 		/* User name in this realm  
@@ -13899,6 +13903,7 @@
 		}
 		ast_cli(fd, "  Secret       : %s\n", ast_strlen_zero(peer->secret)?"<Not set>":"<Set>");
 		ast_cli(fd, "  MD5Secret    : %s\n", ast_strlen_zero(peer->md5secret)?"<Not set>":"<Set>");
+		ast_cli(fd, "  Remote Secret: %s\n", ast_strlen_zero(peer->remotesecret)?"<Not set>":"<Set>");
 		for (auth = peer->auth; auth; auth = auth->next) {
 			ast_cli(fd, "  Realm-auth   : Realm %-15.15s User %-10.20s ", auth->realm, auth->username);
 			ast_cli(fd, "%s\n", !ast_strlen_zero(auth->secret)?"<Secret set>":(!ast_strlen_zero(auth->md5secret)?"<MD5secret set>" : "<Not set>"));
@@ -14011,6 +14016,7 @@
 		astman_append(s, "ObjectName: %s\r\n", peer->name);
 		astman_append(s, "ChanObjectType: peer\r\n");
 		astman_append(s, "SecretExist: %s\r\n", ast_strlen_zero(peer->secret)?"N":"Y");
+		astman_append(s, "RemoteSecretExist: %s\r\n", ast_strlen_zero(peer->remotesecret)?"N":"Y");
 		astman_append(s, "MD5SecretExist: %s\r\n", ast_strlen_zero(peer->md5secret)?"N":"Y");
 		astman_append(s, "Context: %s\r\n", peer->context);
 		astman_append(s, "Language: %s\r\n", peer->language);
@@ -21695,6 +21701,7 @@
 		peer->call_limit=999;
 	strcpy(peer->vmexten, default_vmexten);
 	peer->secret[0] = '\0';
+	peer->remotesecret[0] = '\0';
 	peer->md5secret[0] = '\0';
 	peer->cid_num[0] = '\0';
 	peer->cid_name[0] = '\0';
@@ -21866,9 +21873,11 @@
 		} else if (!strcasecmp(v->name, "type")) {
 			if (!strcasecmp(v->value, "peer")) 
 				peer->onlymatchonip = TRUE;		/* For realtime support, add type=peer in the table */
-		} else if (!strcasecmp(v->name, "secret")) 
+		} else if (!strcasecmp(v->name, "remotesecret")) {
+			ast_copy_string(peer->remotesecret, v->value, sizeof(peer->remotesecret));
+		} else if (!strcasecmp(v->name, "secret")) {
 			ast_copy_string(peer->secret, v->value, sizeof(peer->secret));
-		else if (!strcasecmp(v->name, "md5secret")) 
+		} else if (!strcasecmp(v->name, "md5secret")) 
 			ast_copy_string(peer->md5secret, v->value, sizeof(peer->md5secret));
 		else if (!strcasecmp(v->name, "auth"))
 			peer->auth = add_realm_authentication(peer->auth, v->value, v->lineno);
@@ -22205,7 +22214,7 @@
 	if (!ast_strlen_zero(callback)) { /* build string from peer info */
 		char *reg_string;
 
-		if (asprintf(&reg_string, "%s:%s@%s/%s", peer->username, peer->secret, peer->tohost, callback) < 0) {
+		if (asprintf(&reg_string, "%s:%s@%s/%s", peer->username, peer->remotesecret ? peer->remotesecret : peer->secret, peer->tohost, callback) < 0) {
 			ast_log(LOG_WARNING, "asprintf() failed: %s\n", strerror(errno));
 		} else	if (reg_string) {
 			sip_register(reg_string, 0); /* XXX TODO: count in registry_count */

Modified: trunk/configs/sip.conf.sample
URL: http://svn.digium.com/view/asterisk/trunk/configs/sip.conf.sample?view=diff&rev=153904&r1=153903&r2=153904
==============================================================================
--- trunk/configs/sip.conf.sample (original)
+++ trunk/configs/sip.conf.sample Mon Nov  3 09:16:33 2008
@@ -712,6 +712,7 @@
 ; callingpres                 callingpres
 ; permit                      permit
 ; deny                        deny
+; 			      remotesecret
 ; secret                      secret
 ; md5secret                   md5secret
 ; transport                   transport
@@ -782,7 +783,7 @@
 
 ;[sip_proxy-out]
 ;type=peer                        ; we only want to call out, not be called
-;secret=guessit
+;remotesecret=guessit		  ; Our password to their service
 ;defaultuser=yourusername         ; Authentication user for outbound proxies
 ;fromuser=yourusername            ; Many SIP providers require this!
 ;fromdomain=provider.sip.domain        
@@ -802,7 +803,8 @@
 ;type=peer
 ;host=sip.provider1.com
 ;fromuser=4015552299              ; how your provider knows you
-;secret=youwillneverguessit
+;remotesecret=youwillneverguessit ; The password we use to authenticate to them
+;secret=gissadetdu                ; The password they use to contact us
 ;callbackextension=123            ; Register with this server and require calls coming back to this extension
 ;transport=udp,tcp                ; This sets the transport type to udp for outgoing, and will
 ;                                 ;   accept both tcp and udp. Default is udp. The first transport

More information about the asterisk-commits mailing list