[asterisk-dev] [Code Review] SIP: authenticate OPTIONS requests just like we would an INVITE

[David Vossel]

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/881/
-----------------------------------------------------------

(Updated 2010-08-27 18:04:05.034717)


Review request for Asterisk Developers.


Changes
-------

This update addresses OEJ's comment on the dev-list which I have included below.  Now there is an option to perform OPTIONS authentication.  This option is on by default.  

"Now, since you add a lot of extra processing, which people who only use OPTIONS as a "ping" don't want, we should propably have a configuration option for this new behaviour to be backwards compatible. I suggest that option is off by default and your new behaviour is the default.

/O"


Summary
-------

OPTIONS requests should be treated the same as an INVITE... which includes authentication.  This patch adds the ability for incoming out of dialog OPTION requests to be authenticated before providing a response indicating whether an extension is available or not.  The authentication routine works the exact same way as it does for incoming INVITEs.  This means that if a peer has 'insecure=invite' in their peer definition, the same will be true for the processing of the OPTIONS request.


Diffs (updated)
-----

  /trunk/channels/chan_sip.c 284033 
  /trunk/channels/sip/include/sip.h 284033 
  /trunk/configs/sip.conf.sample 284033 

Diff: https://reviewboard.asterisk.org/r/881/diff


Testing
-------

I have tested this through a variety of sipp scenarios in attempt to verify that the OPTIONS request is treated the exact same as an INVITE request in regards to authentication.  I also tested this patch with Asterisk back to back verifying that qualify=yes still works as expected.  Asterisk's implementation to qualify peers as reachable using OPTIONS request does not care if it gets a"401" or a "200" response.


Thanks,

David