diff options
| author | Joshua Colp <jcolp@digium.com> | 2017-10-24 15:33:57 +0000 |
|---|---|---|
| committer | Joshua Colp <jcolp@digium.com> | 2017-10-25 18:14:03 +0000 |
| commit | 9e1fbab382aec4b8e131cd9276c80f66ac52ba7b (patch) | |
| tree | b31a3e850c40b37174e76e3bad46ca6bab11281f /res/res_pjsip.c | |
| parent | 3333e787ab8661285e0bb69ac248ff5f23f23c43 (diff) | |
res_pjsip: Add 'ip' as a valid option to 'identify_by' on endpoint.
When the identify_by option on an endpoint is set to ip it will
only be identified using the res_pjsip_endpoint_identifier_ip module.
This ensures that it is not mistakenly matched using the username of
the From header. To ensure behavior has not changed the default has
been changed to "username,ip" for the identify_by option.
ASTERISK-27206
Change-Id: I2170b86a7f7e221b4f00bf14aa1ef1ac5b050bbd
Diffstat (limited to 'res/res_pjsip.c')
| -rw-r--r-- | res/res_pjsip.c | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/res/res_pjsip.c b/res/res_pjsip.c index f81d34ca4..7499ded3e 100644 --- a/res/res_pjsip.c +++ b/res/res_pjsip.c @@ -268,15 +268,17 @@ <configOption name="ice_support" default="no"> <synopsis>Enable the ICE mechanism to help traverse NAT</synopsis> </configOption> - <configOption name="identify_by" default="username,location"> + <configOption name="identify_by" default="username,ip"> <synopsis>Way(s) for Endpoint to be identified</synopsis> <description><para> Endpoints and aors can be identified in multiple ways. Currently, the supported options are <literal>username</literal>, which matches the endpoint or aor id based on - the username and domain in the From header (or To header for aors), and + the username and domain in the From header (or To header for aors), <literal>auth_username</literal>, which matches the endpoint or aor id based on the - username and realm in the Authentication header. In all cases, if an exact match - on both username and domain/realm fails, the match will be retried with just the username. + username and realm in the Authentication header, and <literal>ip</literal> which matches + an endpoint based on the source IP address. In the <literal>username</literal> and + <literal>auth_username</literal> cases, if an exact match on both username and + domain/realm fails, the match will be retried with just the username. </para> <note><para> Identification by auth_username has some security considerations because an @@ -292,14 +294,19 @@ configuration object. </para></note> <note><para>Endpoints can also be identified by IP address; however, that method - of identification is not handled by this configuration option. See the documentation - for the <literal>identify</literal> configuration section for more details on that - method of endpoint identification. If this option is set and an <literal>identify</literal> - configuration section exists for the endpoint, then the endpoint can be identified in - multiple ways.</para></note> + of identification is not configured but simply allowed by this configuration option. + See the documentation for the <literal>identify</literal> configuration section for + more details on that method of endpoint identification.</para></note> + <note><para> + This option controls both how an endpoint is matched for incoming traffic and also how + an AoR is determined if a registration occurs. If <literal>ip</literal> is set alone + then incoming registration will not find an AoR and the registration attempt will fail. + If you want to allow incoming registrations to succeed you must set a second identify + method such as <literal>username</literal> in this case.</para></note> <enumlist> <enum name="username" /> <enum name="auth_username" /> + <enum name="ip" /> </enumlist> </description> </configOption> |