Add "insecure=very" where we don't authenticate peers who are registered

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@2873 65c4cc65-6c06-0410-ace0-fbb531ad65f3
21 years ago · bbaf536f6a
parent b50ecc25b2
commit bbaf536f6a
2 changed files with 13 additions and 1 deletions
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@ -4502,6 +4502,11 @@ static int check_user(struct sip_pvt *p, struct sip_request *req, char *cmd, cha
 					strncpy(p->context, peer->context, sizeof(p->context) - 1);
 				strncpy(p->peersecret, peer->secret, sizeof(p->peersecret) - 1);
 				strncpy(p->peermd5secret, peer->md5secret, sizeof(p->peermd5secret) - 1);
+				if (peer->insecure > 1) {
+					/* Pretend there is no required authentication if insecure is "very" */
+					strcpy(p->peersecret, "");
+					strcpy(p->peermd5secret, "");
+				}
 				p->callgroup = peer->callgroup;
 				p->pickupgroup = peer->pickupgroup;
 				p->capability = peer->capability;
@ -6704,7 +6709,12 @@ static struct sip_peer *build_peer(char *name, struct ast_variable *v)
 				else
 					peer->capability &= ~format;
 			} else if (!strcasecmp(v->name, "insecure")) {
-				peer->insecure = ast_true(v->value);
+				if (!strcasecmp(v->value, "very")) {
+					peer->insecure = 2;
+				} else if (ast_true(v->value))
+					peer->insecure = 1;
+				else
+					peer->insecure = 0;
 			} else if (!strcasecmp(v->name, "qualify")) {
 				if (!strcasecmp(v->value, "no")) {
 					peer->maxms = 0;
--- a/configs/sip.conf.sample
+++ b/configs/sip.conf.sample
@ -81,6 +81,8 @@ context = default		; Default context for incoming calls
 ;defaultip=192.168.0.59
 ;mailbox=1234,2345		; Mailbox for message waiting indicator
 ;restrictcid=yes		; To have the callerid restriced -> sent as ANI
+;insecure=yes			; To match a peer based by IP address only and not peer
+;insecure=very			; To allow registered hosts to call without re-authenticating

 ;[pingtel]
 ;type=friend