[Asterisk-cvs] asterisk/channels chan_sip.c,1.510.2.71,1.510.2.72

Mon Jul 11 18:17:41 CDT 2005

Update of /usr/cvsroot/asterisk/channels
In directory mongoose.digium.com:/tmp/cvs-serv11682/channels

Modified Files:
      Tag: v1-0
	chan_sip.c 
Log Message:
change insecure options to support 'port' and/or 'invite' instead of forcing
the 'port' option when using 'invite' (bug #4024)


Index: chan_sip.c
===================================================================
RCS file: /usr/cvsroot/asterisk/channels/chan_sip.c,v
retrieving revision 1.510.2.71
retrieving revision 1.510.2.72
diff -u -d -r1.510.2.71 -r1.510.2.72

--- chan_sip.c	24 Jun 2005 21:53:02 -0000	1.510.2.71
+++ chan_sip.c	11 Jul 2005 22:25:52 -0000	1.510.2.72
@@ -98,6 +98,12 @@
 #define SIP_DTMF_INBAND		(1 << 1)
 #define SIP_DTMF_INFO		(1 << 2)
 
+/* --- SIP Insecure modes */
+#define SIP_SECURE		(0 << 0)
+#define SIP_INSECURE_PORT	(1 << 0)
+#define SIP_INSECURE_INVITE	(1 << 1)
+#define SIP_INSECURE_BOTH	(3 << 0)
+
 static int max_expiry = DEFAULT_MAX_EXPIRY;
 static int default_expiry = DEFAULT_DEFAULT_EXPIRY;
 
@@ -1240,7 +1246,7 @@
 		/* Find by sin */
 		while(p) {
 			if (!inaddrcmp(&p->addr, sin) || 
-					(p->insecure &&
+					((p->insecure & SIP_INSECURE_PORT) &&
 					(p->addr.sin_addr.s_addr == sin->sin_addr.s_addr))) {
 				break;
 			}
@@ -5539,7 +5545,7 @@
 			p->peersecret[sizeof(p->peersecret)-1] = '\0';
 			strncpy(p->peermd5secret, peer->md5secret, sizeof(p->peermd5secret)-1);
 			p->peermd5secret[sizeof(p->peermd5secret)-1] = '\0';
-			if (peer->insecure > 1) {
+			if (peer->insecure & SIP_INSECURE_INVITE) {
 				/* Pretend there is no required authentication if insecure is "very" */
 				p->peersecret[0] = '\0';
 				p->peermd5secret[0] = '\0';
@@ -5688,7 +5694,23 @@
 		return "Unknown";
 	}
 }
-                           
+ 
+static char *insecure2str(int insecure)
+{
+	switch (insecure) {
+	case SIP_SECURE:
+		return "No";
+	case SIP_INSECURE_PORT:
+		return "port";
+	case SIP_INSECURE_INVITE:
+		return "invite";
+	case SIP_INSECURE_BOTH:
+		return "port,invite";
+	default:
+		return "Unknown";	
+	}
+}
+                          
 /*--- sip_show_users: CLI Command 'SIP Show Users' ---*/
 static int sip_show_users(int fd, int argc, char *argv[])
 {
@@ -5832,7 +5854,7 @@
 		ast_cli(fd, "  Dynamic      : %s\n", (peer->dynamic?"Yes":"No"));
 		ast_cli(fd, "  Expire       : %ld seconds\n", ast_sched_when(sched,peer->expire));
 		ast_cli(fd, "  Expiry       : %d\n", peer->expiry);
-		ast_cli(fd, "  Insecure     : %s\n", (peer->insecure?((peer->insecure == 2)?"Very":"Yes"):"No") );
+		ast_cli(fd, "  Insecure     : %s\n", insecure2str(peer->insecure));
 		ast_cli(fd, "  Nat          : %s\n", nat2str(peer->nat));
 		ast_cli(fd, "  ACL          : %s\n", (peer->ha?"Yes":"No"));
 		ast_cli(fd, "  CanReinvite  : %s\n", (peer->canreinvite?"Yes":"No"));
@@ -8262,6 +8284,33 @@
 	return tmpc;
 }
 
+static int parse_insecure(char *varval)
+{
+	int insecure = 0;
+	
+	if (!strcasecmp(varval, "very"))
+		insecure = SIP_INSECURE_BOTH;
+	else if (ast_true(varval))
+		insecure = SIP_INSECURE_PORT;
+	else if (!ast_false(varval)) {
+		char buf[64];
+		char *word, *next;
+
+		strncpy(buf, varval, sizeof(buf)-1);
+		next = buf;
+		while ((word = strsep(&next, ","))) {
+			if (!strcasecmp(word, "port"))
+				insecure |= SIP_INSECURE_PORT;
+			else if (!strcasecmp(word, "invite"))
+				insecure |= SIP_INSECURE_INVITE;
+			else
+				ast_log(LOG_WARNING, "Unknown insecure mode '%s'\n", varval);
+		}
+	}
+	
+	return insecure;
+}
+
 /*--- build_user: Initiate a SIP user structure from sip.conf ---*/
 static struct sip_user *build_user(char *name, struct ast_variable *v)
 {
@@ -8361,7 +8410,7 @@
 			} else if (!strcasecmp(v->name, "disallow")) {
 				ast_parse_allow_disallow(&user->prefs, &user->capability, v->value, 0);
 			} else if (!strcasecmp(v->name, "insecure")) {
-				user->insecure = ast_true(v->value);
+				user->insecure = parse_insecure(v->value);
 			} else if (!strcasecmp(v->name, "restrictcid")) {
 				user->restrictcid = ast_true(v->value);
 			} else if (!strcasecmp(v->name, "trustrpid")) {
@@ -8601,12 +8650,7 @@
 			} else if (!strcasecmp(v->name, "disallow")) {
 				ast_parse_allow_disallow(&peer->prefs, &peer->capability, v->value, 0);
 			} else if (!strcasecmp(v->name, "insecure")) {
-				if (!strcasecmp(v->value, "very")) {
-					peer->insecure = 2;
-				} else if (ast_true(v->value))
-					peer->insecure = 1;
-				else
-					peer->insecure = 0;
+				peer->insecure = parse_insecure(v->value);
 			} else if (!strcasecmp(v->name, "rtptimeout")) {
 				if ((sscanf(v->value, "%d", &peer->rtptimeout) != 1) || (peer->rtptimeout < 0)) {
 					ast_log(LOG_WARNING, "'%s' is not a valid RTP hold time at line %d.  Using default.\n", v->value, v->lineno);


