}
ao2_unlock(peer);
}
- if (!peer && sip_cfg.autocreatepeer) {
+ if (!peer && sip_cfg.autocreatepeer != AUTOPEERS_DISABLED) {
/* Create peer if we have autocreate mode enabled */
peer = temp_peer(name);
if (peer) {
return map_s_x(strefreshers, s, -1);
}
+/* Autocreatepeer modes */
+static struct _map_x_s autopeermodes[] = {
+ { AUTOPEERS_DISABLED, "Off"},
+ { AUTOPEERS_VOLATILE, "Volatile"},
+ { AUTOPEERS_PERSIST, "Persisted"},
+ { -1, NULL},
+};
+
+static const char *autocreatepeer2str(enum autocreatepeer_mode r)
+{
+ return map_x_s(autopeermodes, r, "Unknown");
+}
static int peer_status(struct sip_peer *peer, char *status, int statuslen)
{
ast_cli(a->fd, " Videosupport: %s\n", AST_CLI_YESNO(ast_test_flag(&global_flags[1], SIP_PAGE2_VIDEOSUPPORT)));
ast_cli(a->fd, " Textsupport: %s\n", AST_CLI_YESNO(ast_test_flag(&global_flags[1], SIP_PAGE2_TEXTSUPPORT)));
ast_cli(a->fd, " Ignore SDP sess. ver.: %s\n", AST_CLI_YESNO(ast_test_flag(&global_flags[1], SIP_PAGE2_IGNORESDPVERSION)));
- ast_cli(a->fd, " AutoCreate Peer: %s\n", AST_CLI_YESNO(sip_cfg.autocreatepeer));
+ ast_cli(a->fd, " AutoCreate Peer: %s\n", autocreatepeer2str(sip_cfg.autocreatepeer));
ast_cli(a->fd, " Match Auth Username: %s\n", AST_CLI_YESNO(global_match_auth_username));
ast_cli(a->fd, " Allow unknown access: %s\n", AST_CLI_YESNO(sip_cfg.allowguest));
ast_cli(a->fd, " Allow subscriptions: %s\n", AST_CLI_YESNO(ast_test_flag(&global_flags[1], SIP_PAGE2_ALLOWSUBSCRIBE)));
static int peer_markall_func(void *device, void *arg, int flags)
{
struct sip_peer *peer = device;
- peer->the_mark = 1;
+ if (!peer->selfdestruct || sip_cfg.autocreatepeer != AUTOPEERS_PERSIST) {
+ peer->the_mark = 1;
+ }
return 0;
}
}
ASTOBJ_UNLOCK(iterator);
} while(0));
-
- /* Then, actually destroy users and registry */
- ASTOBJ_CONTAINER_DESTROYALL(®l, sip_registry_destroy);
- ast_debug(4, "--------------- Done destroying registry list\n");
- ao2_t_callback(peers, OBJ_NODATA, peer_markall_func, NULL, "callback to mark all peers");
}
/* Reset certificate handling for TLS sessions */
proxy_update(&sip_cfg.outboundproxy);
} else if (!strcasecmp(v->name, "autocreatepeer")) {
- sip_cfg.autocreatepeer = ast_true(v->value);
+ if (!strcasecmp(v->value, "persist")) {
+ sip_cfg.autocreatepeer = AUTOPEERS_PERSIST;
+ } else {
+ sip_cfg.autocreatepeer = ast_true(v->value) ? AUTOPEERS_VOLATILE : AUTOPEERS_DISABLED;
+ }
} else if (!strcasecmp(v->name, "match_auth_username")) {
global_match_auth_username = ast_true(v->value);
} else if (!strcasecmp(v->name, "srvlookup")) {
}
}
+ if (reason != CHANNEL_MODULE_LOAD) {
+ /* Then, actually destroy users and registry */
+ ASTOBJ_CONTAINER_DESTROYALL(®l, sip_registry_destroy);
+ ast_debug(4, "--------------- Done destroying registry list\n");
+ ao2_t_callback(peers, OBJ_NODATA, peer_markall_func, NULL, "callback to mark all peers");
+ }
+
if (subscribe_network_change) {
network_change_event_subscribe();
} else {
#define DEFAULT_NOTIFYRINGING TRUE /*!< Notify devicestate system on ringing state */
#define DEFAULT_NOTIFYCID DISABLED /*!< Include CID with ringing notifications */
#define DEFAULT_PEDANTIC TRUE /*!< Follow SIP standards for dialog matching */
-#define DEFAULT_AUTOCREATEPEER FALSE /*!< Don't create peers automagically */
+#define DEFAULT_AUTOCREATEPEER AUTOPEERS_DISABLED /*!< Don't create peers automagically */
#define DEFAULT_MATCHEXTERNADDRLOCALLY FALSE /*!< Match extern IP locally default setting */
#define DEFAULT_QUALIFY FALSE /*!< Don't monitor devices */
#define DEFAULT_CALLEVENTS FALSE /*!< Extra manager SIP call events */
SIP_TRANSPORT_TLS = 1 << 2, /*!< TCP/TLS - reliable and secure transport for signalling */
};
+/*! \brief Automatic peer registration behavior
+*/
+enum autocreatepeer_mode {
+ AUTOPEERS_DISABLED = 0, /*!< Automatic peer creation disabled */
+ AUTOPEERS_VOLATILE, /*!< Automatic peers dropped on sip reload (pre-1.8 behavior) */
+ AUTOPEERS_PERSIST /*!< Automatic peers survive sip configuration reload */
+};
+
/*! \brief States whether a SIP message can create a dialog in Asterisk. */
enum can_create_dialog {
CAN_NOT_CREATE_DIALOG,
int rtautoclear; /*!< Realtime ?? */
int directrtpsetup; /*!< Enable support for Direct RTP setup (no re-invites) */
int pedanticsipchecking; /*!< Extra checking ? Default off */
- int autocreatepeer; /*!< Auto creation of peers at registration? Default off. */
+ enum autocreatepeer_mode autocreatepeer; /*!< Auto creation of peers at registration? Default off. */
int srvlookup; /*!< SRV Lookup on or off. Default is on */
int allowguest; /*!< allow unauthenticated peers to connect? */
int alwaysauthreject; /*!< Send 401 Unauthorized for all failing requests */
;use_q850_reason = no ; Default "no"
; Set to yes add Reason header and use Reason header if it is available.
+
+;autocreatepeers=no ; Allow any not exsplicitly defined here UAC to register
+ ; WITHOUT AUTHENTICATION. Enabling this options poses a high
+ ; potential security risk and should be avoided unless the
+ ; server is behind a trusted firewall.
+ ; When enabled by setting to "yes", the autocreated peers are
+ ; pruned immediately when the "sip reload" command is issued
+ ; through CLI. When enabled by setting to "persist", the auto-
+ ; created peers survive the "sip reload" command.
+
;
;------------------------ TLS settings ------------------------------------------------------------
;tlscertfile=</path/to/certificate.pem> ; Certificate file (*.pem format only) to use for TLS connections
projects / asterisk/asterisk.git / commitdiff