Index: /branches/1.8/channels/chan_sip.c =================================================================== --- /branches/1.8/channels/chan_sip.c (revision 358481) +++ /branches/1.8/channels/chan_sip.c (working copy) @@ -10844,7 +10844,6 @@ const char *fromdomain; const char *privacy = NULL; const char *screen = NULL; - const char *anonymous_string = "\"Anonymous\" "; if (!ast_test_flag(&p->flags[0], SIP_SENDRPID)) { return 0; @@ -10869,12 +10868,19 @@ lid_num = ast_uri_encode(lid_num, tmp2, sizeof(tmp2), 0); if (ast_test_flag(&p->flags[0], SIP_SENDRPID_PAI)) { - if ((lid_pres & AST_PRES_RESTRICTION) != AST_PRES_ALLOWED) { - ast_str_set(&tmp, -1, "%s", anonymous_string); - } else { + if (!ast_test_flag(&p->flags[1], SIP_PAGE2_PEER_UNTRUSTED)) { + /* We trust this peer so always send PAI */ + ast_str_set(&tmp, -1, "\"%s\" ", lid_name, lid_num, fromdomain); + add_header(req, "P-Asserted-Identity", ast_str_buffer(tmp)); + if ((lid_pres & AST_PRES_RESTRICTION) != AST_PRES_ALLOWED) { + add_header(req, "Privacy", "id"); + } else { + add_header(req, "Privacy", "none"); + } + } else if ((lid_pres & AST_PRES_RESTRICTION) == AST_PRES_ALLOWED) { ast_str_set(&tmp, -1, "\"%s\" ", lid_name, lid_num, fromdomain); + add_header(req, "P-Asserted-Identity", ast_str_buffer(tmp)); } - add_header(req, "P-Asserted-Identity", ast_str_buffer(tmp)); } else { ast_str_set(&tmp, -1, "\"%s\" ;party=%s", lid_name, lid_num, fromdomain, ast_test_flag(&p->flags[0], SIP_OUTGOING) ? "calling" : "called"); @@ -10914,8 +10920,10 @@ if (!ast_strlen_zero(privacy) && !ast_strlen_zero(screen)) { ast_str_append(&tmp, -1, ";privacy=%s;screen=%s", privacy, screen); } - - add_header(req, "Remote-Party-ID", ast_str_buffer(tmp)); + if ((!ast_test_flag(&p->flags[1], SIP_PAGE2_PEER_UNTRUSTED)) || ((lid_pres & AST_PRES_RESTRICTION) == AST_PRES_ALLOWED)) { + /*We hid RPID if presentation is prohibited and peer is untrusted */ + add_header(req, "Remote-Party-ID", ast_str_buffer(tmp)); + } } return 0; } @@ -11945,7 +11953,12 @@ * their callerid restricted */ l = CALLERID_UNKNOWN; n = l; - d = FROMDOMAIN_INVALID; + if ((!ast_strlen_zero(p->fromuser)) && (ast_test_flag(&p->flags[0], SIP_SENDRPID))) { + /* If RPID is enabled and fromname is set it is used for authentication so set the proper domain also */ + d = p->fromdomain; + } else { + d = FROMDOMAIN_INVALID; + } } } @@ -26694,10 +26707,18 @@ ast_set2_flag(&flags[0], ast_true(v->value), SIP_TRUSTRPID); } else if (!strcasecmp(v->name, "sendrpid")) { ast_set_flag(&mask[0], SIP_SENDRPID); - if (!strcasecmp(v->value, "pai")) { + if ((!strcasecmp(v->value, "pai")) || (!strcasecmp(v->value, "pai,trusted"))) { ast_set_flag(&flags[0], SIP_SENDRPID_PAI); - } else if (!strcasecmp(v->value, "rpid")) { - ast_set_flag(&flags[0], SIP_SENDRPID_RPID); + } else if (!strcasecmp(v->value, "pai,untrusted")) { + ast_set_flag(&flags[0], SIP_SENDRPID_PAI); + ast_set_flag(&mask[1], SIP_PAGE2_PEER_UNTRUSTED); + ast_set_flag(&flags[1], SIP_PAGE2_PEER_UNTRUSTED); + } else if ((!strcasecmp(v->value, "rpid")) || (!strcasecmp(v->value, "rpid,trusted"))) { + ast_set_flag(&flags[0], SIP_SENDRPID_RPID); + } else if (!strcasecmp(v->value, "rpid,untrusted")) { + ast_set_flag(&flags[0], SIP_SENDRPID_RPID); + ast_set_flag(&mask[1], SIP_PAGE2_PEER_UNTRUSTED); + ast_set_flag(&flags[1], SIP_PAGE2_PEER_UNTRUSTED); } else if (ast_true(v->value)) { ast_set_flag(&flags[0], SIP_SENDRPID_RPID); } Index: /branches/1.8/channels/sip/include/sip.h =================================================================== --- /branches/1.8/channels/sip/include/sip.h (revision 358481) +++ /branches/1.8/channels/sip/include/sip.h (working copy) @@ -346,6 +346,7 @@ #define SIP_PAGE2_VIDEOSUPPORT_ALWAYS (1 << 27) /*!< DP: Always set up video, even if endpoints don't support it */ #define SIP_PAGE2_HAVEPEERCONTEXT (1 << 28) /*< Are we associated with a configured peer context? */ #define SIP_PAGE2_USE_SRTP (1 << 29) /*!< DP: Whether we should offer (only) SRTP */ +#define SIP_PAGE2_PEER_UNTRUSTED (1 << 30) /*!< Use anonymous@anonymous.invalid in FROM with rpid */ #define SIP_PAGE2_FLAGS_TO_COPY \ (SIP_PAGE2_ALLOWSUBSCRIBE | SIP_PAGE2_ALLOWOVERLAP | SIP_PAGE2_IGNORESDPVERSION | \ @@ -353,7 +354,7 @@ SIP_PAGE2_BUGGY_MWI | SIP_PAGE2_TEXTSUPPORT | SIP_PAGE2_FAX_DETECT | \ SIP_PAGE2_UDPTL_DESTINATION | SIP_PAGE2_VIDEOSUPPORT_ALWAYS | SIP_PAGE2_PREFERRED_CODEC | \ SIP_PAGE2_RPID_IMMEDIATE | SIP_PAGE2_RPID_UPDATE | SIP_PAGE2_SYMMETRICRTP |\ - SIP_PAGE2_Q850_REASON | SIP_PAGE2_HAVEPEERCONTEXT | SIP_PAGE2_USE_SRTP) + SIP_PAGE2_Q850_REASON | SIP_PAGE2_HAVEPEERCONTEXT | SIP_PAGE2_USE_SRTP | SIP_PAGE2_PEER_UNTRUSTED) #define SIP_PAGE3_SNOM_AOC (1 << 0) /*!< DPG: Allow snom aoc messages */ Index: /branches/1.8/configs/sip.conf.sample =================================================================== --- /branches/1.8/configs/sip.conf.sample (revision 358481) +++ /branches/1.8/configs/sip.conf.sample (working copy) @@ -324,11 +324,19 @@ ;relaxdtmf=yes ; Relax dtmf handling ;trustrpid = no ; If Remote-Party-ID should be trusted ;sendrpid = yes ; If Remote-Party-ID should be sent (defaults to no) -;sendrpid = rpid ; Use the "Remote-Party-ID" header +;sendrpid = rpid,trusted ; Use the "Remote-Party-ID" header ; to send the identity of the remote party ; This is identical to sendrpid=yes -;sendrpid = pai ; Use the "P-Asserted-Identity" header +;sendrpid = rpid,untrusted ; Use the "Remote-Party-ID" header ; to send the identity of the remote party + ; When call presentation is prohibited the FROM header is changed to + ; anonymous@anonymous.invalid and no rpid is sent +;sendrpid = pai,trusted ; Use the "P-Asserted-Identity" header + ; to send the identity of the remote party +;sendrpid = pai,untrusted ; Use the "P-Asserted-Identity" header + ; to send the identity of the remote party + ; When call presentation is prohibited the FROM header is changed to + ; anonymous@anonymous.invalid and no PAI is sent ;rpid_update = no ; In certain cases, the only method by which a connected line ; change may be immediately transmitted is with a SIP UPDATE request. ; If communicating with another Asterisk server, and you wish to be able