Index: channels/chan_sip.c =================================================================== --- channels/chan_sip.c (revision 280980) +++ channels/chan_sip.c (working copy) @@ -13697,7 +13697,7 @@ } ao2_unlock(peer); } - if (!peer && sip_cfg.autocreatepeer) { + if (!peer && sip_cfg.autocreatepeer != AUTOPEERS_DISABLED) { /* Create peer if we have autocreate mode enabled */ peer = temp_peer(name); if (peer) { @@ -15196,7 +15196,19 @@ return map_s_x(strefreshers, s, -1); } +/* Autocreatepeer modes */ +static struct _map_x_s autopeermodes[] = { + { AUTOPEERS_DISABLED, "Off"}, + { AUTOPEERS_VOLATILE, "Volatile"}, + { AUTOPEERS_PERSIST, "Persisted"}, + { -1, NULL}, +}; +static const char *autocreatepeer2str(enum autocreatepeer_mode r) +{ + return map_x_s(autopeermodes, r, "Unknown"); +} + static int peer_status(struct sip_peer *peer, char *status, int statuslen) { int res = 0; @@ -16754,7 +16766,7 @@ ast_cli(a->fd, " Videosupport: %s\n", AST_CLI_YESNO(ast_test_flag(&global_flags[1], SIP_PAGE2_VIDEOSUPPORT))); ast_cli(a->fd, " Textsupport: %s\n", AST_CLI_YESNO(ast_test_flag(&global_flags[1], SIP_PAGE2_TEXTSUPPORT))); ast_cli(a->fd, " Ignore SDP sess. ver.: %s\n", AST_CLI_YESNO(ast_test_flag(&global_flags[1], SIP_PAGE2_IGNORESDPVERSION))); - ast_cli(a->fd, " AutoCreate Peer: %s\n", AST_CLI_YESNO(sip_cfg.autocreatepeer)); + ast_cli(a->fd, " AutoCreate Peer: %s\n", autocreatepeer2str(sip_cfg.autocreatepeer)); ast_cli(a->fd, " Match Auth Username: %s\n", AST_CLI_YESNO(global_match_auth_username)); ast_cli(a->fd, " Allow unknown access: %s\n", AST_CLI_YESNO(sip_cfg.allowguest)); ast_cli(a->fd, " Allow subscriptions: %s\n", AST_CLI_YESNO(ast_test_flag(&global_flags[1], SIP_PAGE2_ALLOWSUBSCRIBE))); @@ -26110,7 +26122,9 @@ static int peer_markall_func(void *device, void *arg, int flags) { struct sip_peer *peer = device; - peer->the_mark = 1; + if (!peer->selfdestruct || sip_cfg.autocreatepeer != AUTOPEERS_PERSIST) { + peer->the_mark = 1; + } return 0; } @@ -26581,7 +26595,11 @@ proxy_update(&sip_cfg.outboundproxy); } else if (!strcasecmp(v->name, "autocreatepeer")) { - sip_cfg.autocreatepeer = ast_true(v->value); + if (!strcasecmp(v->value, "persist")) { + sip_cfg.autocreatepeer = AUTOPEERS_PERSIST; + } else { + sip_cfg.autocreatepeer = ast_true(v->value) ? AUTOPEERS_VOLATILE : AUTOPEERS_DISABLED; + } } else if (!strcasecmp(v->name, "match_auth_username")) { global_match_auth_username = ast_true(v->value); } else if (!strcasecmp(v->name, "srvlookup")) { Index: channels/sip/include/sip.h =================================================================== --- channels/sip/include/sip.h (revision 280980) +++ channels/sip/include/sip.h (working copy) @@ -210,7 +210,7 @@ #define DEFAULT_NOTIFYRINGING TRUE /*!< Notify devicestate system on ringing state */ #define DEFAULT_NOTIFYCID DISABLED /*!< Include CID with ringing notifications */ #define DEFAULT_PEDANTIC FALSE /*!< Avoid following SIP standards for dialog matching */ -#define DEFAULT_AUTOCREATEPEER FALSE /*!< Don't create peers automagically */ +#define DEFAULT_AUTOCREATEPEER AUTOPEERS_DISABLED /*!< Don't create peers automagically */ #define DEFAULT_MATCHEXTERNADDRLOCALLY FALSE /*!< Match extern IP locally default setting */ #define DEFAULT_QUALIFY FALSE /*!< Don't monitor devices */ #define DEFAULT_CALLEVENTS FALSE /*!< Extra manager SIP call events */ @@ -533,6 +533,14 @@ SIP_TRANSPORT_TLS = 1 << 2, /*!< TCP/TLS - reliable and secure transport for signalling */ }; +/*! \brief Automatic peer registration behavior +*/ +enum autocreatepeer_mode { + AUTOPEERS_DISABLED = 0, /*!< Automatic peer creation disabled */ + AUTOPEERS_VOLATILE, /*!< Automatic peers dropped on sip reload (pre-1.8 behavior) */ + AUTOPEERS_PERSIST /*!< Automatic peers survive sip configuration reload */ +}; + /*! \brief States whether a SIP message can create a dialog in Asterisk. */ enum can_create_dialog { CAN_NOT_CREATE_DIALOG, @@ -678,7 +686,7 @@ int rtautoclear; /*!< Realtime ?? */ int directrtpsetup; /*!< Enable support for Direct RTP setup (no re-invites) */ int pedanticsipchecking; /*!< Extra checking ? Default off */ - int autocreatepeer; /*!< Auto creation of peers at registration? Default off. */ + enum autocreatepeer_mode autocreatepeer; /*!< Auto creation of peers at registration? Default off. */ int srvlookup; /*!< SRV Lookup on or off. Default is on */ int allowguest; /*!< allow unauthenticated peers to connect? */ int alwaysauthreject; /*!< Send 401 Unauthorized for all failing requests */ Index: configs/sip.conf.sample =================================================================== --- configs/sip.conf.sample (revision 280980) +++ configs/sip.conf.sample (working copy) @@ -411,6 +411,16 @@ ;use_q850_reason = no ; Default "no" ; Set to yes add Reason header and use Reason header if it is available. + +;autocreatepeers=no ; Allow any not exsplicitly defined here UAC to register + ; WITHOUT AUTHENTICATION. Enabling this options poses a high + ; potential security risk and should be avoided unless the + ; server is behind a trusted firewall. + ; When enabled by setting to "yes", the autocreated peers are + ; pruned immediately when the "sip reload" command is issued + ; through CLI. When enabled by setting to "persist", the auto- + ; created peers survive the "sip reload" command. + ; ;------------------------ TLS settings ------------------------------------------------------------ ;tlscertfile= ; Certificate file (*.pem format only) to use for TLS connections