diff options
author | zuul <zuul@gerrit.asterisk.org> | 2017-02-21 22:39:09 -0600 |
---|---|---|
committer | Gerrit Code Review <gerrit2@gerrit.digium.api> | 2017-02-21 22:39:09 -0600 |
commit | ac6e0fdcdb32d4532bb9f65f0c051cddf8646895 (patch) | |
tree | 48d64707e93c0e5abe2cdb379948bb139d4112a1 | |
parent | 28ee2642e1dcecca6dcf7177aa68321796abc57a (diff) | |
parent | 0b660c99897228bf7c786ce9d52ac43e302c3745 (diff) |
Merge "res_pjsip: Update authentication realm documentation."
-rw-r--r-- | configs/samples/pjsip.conf.sample | 20 | ||||
-rw-r--r-- | res/res_pjsip.c | 51 | ||||
-rw-r--r-- | res/res_pjsip_outbound_publish.c | 13 | ||||
-rw-r--r-- | res/res_pjsip_outbound_registration.c | 13 |
4 files changed, 86 insertions, 11 deletions
diff --git a/configs/samples/pjsip.conf.sample b/configs/samples/pjsip.conf.sample index 6595423c9..323100b00 100644 --- a/configs/samples/pjsip.conf.sample +++ b/configs/samples/pjsip.conf.sample @@ -12,6 +12,12 @@ ; If you want to see more detail please check the documentation sources ; mentioned at the top of this file. +; ============================================================================ +; NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE +; +; This file does not maintain the complete option documentation. +; ============================================================================ + ; Documentation ; ; The official documentation is at http://wiki.asterisk.org @@ -765,6 +771,14 @@ ;==========================AUTH SECTION OPTIONS========================= ;[auth] ; SYNOPSIS: Authentication type +; +; Note: Using the same auth section for inbound and outbound +; authentication is not recommended. There is a difference in +; meaning for an empty realm setting between inbound and outbound +; authentication uses. Look to the CLI config help +; "config show help res_pjsip auth realm" or on the wiki for the +; difference. +; ;auth_type=userpass ; Authentication type (default: "userpass") ;nonce_lifetime=32 ; Lifetime of a nonce associated with this ; authentication config (default: "32") @@ -959,9 +973,9 @@ ; From header username will be set to this value if ; there is no better option (such as CallerID or ; endpoint/from_user) to be used -;default_realm=asterisk ; When Asterisk generates a challenge, the realm will be - ; set to this value if there is no better option (such as - ; auth/realm) to be used +;default_realm=asterisk ; When Asterisk generates a challenge, the digest realm + ; will be set to this value if there is no better option + ; (such as auth/realm) to be used. ; Asterisk Task Processor Queue Size ; On heavy loaded system with DB storage you may need to increase diff --git a/res/res_pjsip.c b/res/res_pjsip.c index 90eb37263..4dead21f5 100644 --- a/res/res_pjsip.c +++ b/res/res_pjsip.c @@ -112,9 +112,15 @@ This is a comma-delimited list of <replaceable>auth</replaceable> sections defined in <filename>pjsip.conf</filename> to be used to verify inbound connection attempts. </para><para> - Endpoints without an <literal>authentication</literal> object - configured will allow connections without vertification. - </para></description> + Endpoints without an authentication object + configured will allow connections without verification.</para> + <note><para> + Using the same auth section for inbound and outbound + authentication is not recommended. There is a difference in + meaning for an empty realm setting between inbound and outbound + authentication uses. See the auth realm description for details. + </para></note> + </description> </configOption> <configOption name="callerid"> <synopsis>CallerID information for the endpoint</synopsis> @@ -329,7 +335,18 @@ <synopsis>Default Music On Hold class</synopsis> </configOption> <configOption name="outbound_auth"> - <synopsis>Authentication object used for outbound requests</synopsis> + <synopsis>Authentication object(s) used for outbound requests</synopsis> + <description><para> + This is a comma-delimited list of <replaceable>auth</replaceable> + sections defined in <filename>pjsip.conf</filename> used to respond + to outbound connection authentication challenges.</para> + <note><para> + Using the same auth section for inbound and outbound + authentication is not recommended. There is a difference in + meaning for an empty realm setting between inbound and outbound + authentication uses. See the auth realm description for details. + </para></note> + </description> </configOption> <configOption name="outbound_proxy"> <synopsis>Proxy through which to send requests, a full SIP URI must be provided</synopsis> @@ -967,8 +984,30 @@ <synopsis>PlainText password used for authentication.</synopsis> <description><para>Only used when auth_type is <literal>userpass</literal>.</para></description> </configOption> - <configOption name="realm" default="asterisk"> + <configOption name="realm"> <synopsis>SIP realm for endpoint</synopsis> + <description><para> + The treatment of this value depends upon how the authentication + object is used. + </para><para> + When used as an inbound authentication object, the realm is sent + as part of the challenge so the peer can know which key to use + when responding. An empty value will use the + <replaceable>global</replaceable> section's + <literal>default_realm</literal> value when issuing a challenge. + </para><para> + When used as an outbound authentication object, the realm is + matched with the received challenge realm to determine which + authentication object to use when responding to the challenge. An + empty value matches any challenging realm when determining + which authentication object matches a received challenge. + </para> + <note><para> + Using the same auth section for inbound and outbound + authentication is not recommended. There is a difference in + meaning for an empty realm setting between inbound and outbound + authentication uses.</para></note> + </description> </configOption> <configOption name="type"> <synopsis>Must be 'auth'</synopsis> @@ -1512,7 +1551,7 @@ used.</synopsis> </configOption> <configOption name="default_realm" default="asterisk"> - <synopsis>When Asterisk generates an challenge, the digest will be + <synopsis>When Asterisk generates a challenge, the digest realm will be set to this value if there is no better option (such as auth/realm) to be used.</synopsis> </configOption> diff --git a/res/res_pjsip_outbound_publish.c b/res/res_pjsip_outbound_publish.c index 87680480c..53eb6aca7 100644 --- a/res/res_pjsip_outbound_publish.c +++ b/res/res_pjsip_outbound_publish.c @@ -55,7 +55,18 @@ <synopsis>Expiration time for publications in seconds</synopsis> </configOption> <configOption name="outbound_auth" default=""> - <synopsis>Authentication object to be used for outbound publishes.</synopsis> + <synopsis>Authentication object(s) to be used for outbound publishes.</synopsis> + <description><para> + This is a comma-delimited list of <replaceable>auth</replaceable> + sections defined in <filename>pjsip.conf</filename> used to respond + to outbound authentication challenges.</para> + <note><para> + Using the same auth section for inbound and outbound + authentication is not recommended. There is a difference in + meaning for an empty realm setting between inbound and outbound + authentication uses. See the auth realm description for details. + </para></note> + </description> </configOption> <configOption name="outbound_proxy" default=""> <synopsis>SIP URI of the outbound proxy used to send publishes</synopsis> diff --git a/res/res_pjsip_outbound_registration.c b/res/res_pjsip_outbound_registration.c index d486ccd63..137f3a832 100644 --- a/res/res_pjsip_outbound_registration.c +++ b/res/res_pjsip_outbound_registration.c @@ -82,7 +82,18 @@ <synopsis>Maximum number of registration attempts.</synopsis> </configOption> <configOption name="outbound_auth" default=""> - <synopsis>Authentication object to be used for outbound registrations.</synopsis> + <synopsis>Authentication object(s) to be used for outbound registrations.</synopsis> + <description><para> + This is a comma-delimited list of <replaceable>auth</replaceable> + sections defined in <filename>pjsip.conf</filename> used to respond + to outbound authentication challenges.</para> + <note><para> + Using the same auth section for inbound and outbound + authentication is not recommended. There is a difference in + meaning for an empty realm setting between inbound and outbound + authentication uses. See the auth realm description for details. + </para></note> + </description> </configOption> <configOption name="outbound_proxy" default=""> <synopsis>Outbound Proxy used to send registrations</synopsis> |