[asterisk-commits] dvossel: trunk r285007 - in /trunk: ./ channels/ channels/sip/include/ configs/

Fri Sep 3 17:23:51 CDT 2010

Author: dvossel
Date: Fri Sep  3 17:23:47 2010
New Revision: 285007

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=285007
Log:
Merged revisions 285006 via svnmerge from 
https://origsvn.digium.com/svn/asterisk/branches/1.8

........
  r285006 | dvossel | 2010-09-03 17:21:50 -0500 (Fri, 03 Sep 2010) | 9 lines
  
  Disables auth_options_request option by default.
  
  The auth_options_request option was created to do authentication
  on OPTIONS request just like INVITES are done.  Since it has been
  noted that some endpoints use OPTIONS requests as a way of qualifying
  a peer and that a 401 authentication response could result in
  interoperability issues, this option has been disabled by default.
........

Modified:
    trunk/   (props changed)
    trunk/channels/chan_sip.c
    trunk/channels/sip/include/sip.h
    trunk/configs/sip.conf.sample

Propchange: trunk/
------------------------------------------------------------------------------
Binary property 'branch-1.8-merged' - no diff available.

Modified: trunk/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/trunk/channels/chan_sip.c?view=diff&rev=285007&r1=285006&r2=285007
==============================================================================

--- trunk/channels/chan_sip.c (original)
+++ trunk/channels/chan_sip.c Fri Sep  3 17:23:47 2010
@@ -26405,7 +26405,7 @@
 	sip_cfg.notifyhold = FALSE;		/*!< Keep track of hold status for a peer */
 	sip_cfg.directrtpsetup = FALSE;		/* Experimental feature, disabled by default */
 	sip_cfg.alwaysauthreject = DEFAULT_ALWAYSAUTHREJECT;
-	sip_cfg.auth_options_requests = 1;
+	sip_cfg.auth_options_requests = DEFAULT_AUTH_OPTIONS;
 	sip_cfg.allowsubscribe = FALSE;
 	sip_cfg.disallowed_methods = SIP_UNKNOWN;
 	sip_cfg.contact_ha = NULL;		/* Reset the contact ACL */
@@ -26647,8 +26647,8 @@
 		} else if (!strcasecmp(v->name, "alwaysauthreject")) {
 			sip_cfg.alwaysauthreject = ast_true(v->value);
 		} else if (!strcasecmp(v->name, "auth_options_requests")) {
-			if (ast_false(v->value)) {
-				sip_cfg.auth_options_requests = 0;
+			if (ast_true(v->value)) {
+				sip_cfg.auth_options_requests = 1;
 			}
 		} else if (!strcasecmp(v->name, "mohinterpret")) {
 			ast_copy_string(default_mohinterpret, v->value, sizeof(default_mohinterpret));

Modified: trunk/channels/sip/include/sip.h
URL: http://svnview.digium.com/svn/asterisk/trunk/channels/sip/include/sip.h?view=diff&rev=285007&r1=285006&r2=285007
==============================================================================
--- trunk/channels/sip/include/sip.h (original)
+++ trunk/channels/sip/include/sip.h Fri Sep  3 17:23:47 2010
@@ -207,6 +207,7 @@
 #define DEFAULT_QUALIFY        FALSE    /*!< Don't monitor devices */
 #define DEFAULT_CALLEVENTS     FALSE    /*!< Extra manager SIP call events */
 #define DEFAULT_ALWAYSAUTHREJECT  TRUE  /*!< Don't reject authentication requests always */
+#define DEFAULT_AUTH_OPTIONS  FALSE
 #define DEFAULT_REGEXTENONQUALIFY FALSE
 #define DEFAULT_T1MIN             100   /*!< 100 MS for minimal roundtrip time */
 #define DEFAULT_MAX_CALL_BITRATE (384)  /*!< Max bitrate for video */

Modified: trunk/configs/sip.conf.sample
URL: http://svnview.digium.com/svn/asterisk/trunk/configs/sip.conf.sample?view=diff&rev=285007&r1=285006&r2=285007
==============================================================================
--- trunk/configs/sip.conf.sample (original)
+++ trunk/configs/sip.conf.sample Fri Sep  3 17:23:47 2010
@@ -370,13 +370,8 @@
                                 ; the ability of an attacker to scan for valid SIP usernames.
                                 ; This option is set to "yes" by default.
 
-;auth_options_requests = no     ; sip OPTIONS requests should be treated the exact same as
-                                ; an INVITE, this includes performing authentication.  By default
-                                ; OPTIONS requests are authenticated, however this option allows
-                                ; OPTION requests to proceed unauthenticated in order to increase
-                                ; performance. This may be desirable if OPTIONS are only used to
-                                ; qualify the availabilty of the endpoint/extension.  Disabling
-                                ; this option is not recommended.
+;auth_options_requests = yes    ; Enabling this option will authenticate OPTIONS requests just like
+                                ; INVITE requests are.  By default this option is disabled.
 
 ;g726nonstandard = yes          ; If the peer negotiates G726-32 audio, use AAL2 packing
                                 ; order instead of RFC3551 packing order (this is required


