[mod_sofia] Deprecate the auth-messages profile param by setting it to be enabled by default and introducing the new disable-auth-messages param with a higher priority when set.

2021-07-20 16:02:52 +03:00 · 2021-07-20 16:02:52 +03:00 · 432bfc0c45
parent 5c6fd51c11
commit 432bfc0c45
2 changed files with 23 additions and 3 deletions
--- a/src/mod/endpoints/mod_sofia/conf/sofia.conf.xml
+++ b/src/mod/endpoints/mod_sofia/conf/sofia.conf.xml
@ -317,12 +317,18 @@
             register for nat handling -->
        <!-- <param name="NDLB-received-in-nat-reg-contact" value="true"/> -->
        <param name="auth-calls" value="$${internal_auth_calls}"/>
-        <!-- <param name="auth-messages" value="false"/> -->
        <!-- <param name="auth-subscriptions" value="false"/> -->
        <!-- Force the user and auth-user to match. -->
        <param name="inbound-reg-force-matching-username" value="true"/>
        <!-- on authed calls, authenticate *all* the packets not just invite -->
        <param name="auth-all-packets" value="false"/>
+        <!-- NOTICE: auth-messages was deprecated and authentication is enabled by default now.
+             See disable-auth-messages param for more details. -->
+        <!-- <param name="auth-messages" value="false"/> -->
+        <!-- Uncomment to stop authentication on message packets.
+             By default authentication is enabled.
+             disable-auth-messages param has higher priority than the deprecated auth-messages param. -->
+        <!-- <param name="disable-auth-messages" value="true"/> -->

        <!-- external_sip_ip
             Used as the public IP address for SDP.
--- a/src/mod/endpoints/mod_sofia/sofia.c
+++ b/src/mod/endpoints/mod_sofia/sofia.c
@ -4568,6 +4568,8 @@ switch_status_t config_sofia(sofia_config_t reload, char *profile_name)
 				sofia_profile_start_failure(NULL, xprofilename);
 			} else {
 				switch_memory_pool_t *pool = NULL;
+				char *auth_messages_value = NULL;
+				uint8_t disable_auth_flag = 0;

 				if (!xprofilename) {
 					xprofilename = "unnamed";
@ -5561,11 +5563,15 @@ switch_status_t config_sofia(sofia_config_t reload, char *profile_name)
 							sofia_clear_pflag(profile, PFLAG_AUTH_CALLS);
 						}
 					} else if (!strcasecmp(var, "auth-messages")) {
+						auth_messages_value = switch_core_strdup(profile->pool, val);
+					} else if (!strcasecmp(var, "disable-auth-messages")) {
 						if (switch_true(val)) {
-							sofia_set_pflag(profile, PFLAG_AUTH_MESSAGES);
-						} else {
 							sofia_clear_pflag(profile, PFLAG_AUTH_MESSAGES);
+						} else {
+							sofia_set_pflag(profile, PFLAG_AUTH_MESSAGES);
 						}
+
+						disable_auth_flag = 1;
 					} else if (!strcasecmp(var, "auth-subscriptions")) {
 						if (switch_true(val)) {
 							sofia_set_pflag(profile, PFLAG_AUTH_SUBSCRIPTIONS);
@ -6076,6 +6082,14 @@ switch_status_t config_sofia(sofia_config_t reload, char *profile_name)
 					}
 				}

+				if (!disable_auth_flag) {
+					if (!auth_messages_value || switch_true(auth_messages_value)) {
+						sofia_set_pflag(profile, PFLAG_AUTH_MESSAGES);
+					} else {
+						sofia_clear_pflag(profile, PFLAG_AUTH_MESSAGES);
+					}
+				}
+
 				if (sofia_test_flag(profile, TFLAG_ZRTP_PASSTHRU) && !sofia_test_flag(profile, TFLAG_LATE_NEGOTIATION)) {
 					switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "ZRTP passthrough implictly enables inbound-late-negotiation\n");
 					sofia_set_flag(profile, TFLAG_LATE_NEGOTIATION);