[mod_sofia] Deprecate the auth-messages profile param by setting it to be enabled by default and introducing the new disable-auth-messages param with a higher priority when set.

src/mod/endpoints/mod_sofia/conf/sofia.conf.xml

@@ -317,12 +317,18 @@
              register for nat handling -->
         <!-- <param name="NDLB-received-in-nat-reg-contact" value="true"/> -->
         <param name="auth-calls" value="$${internal_auth_calls}"/>
-        <!-- <param name="auth-messages" value="false"/> -->
         <!-- <param name="auth-subscriptions" value="false"/> -->
         <!-- Force the user and auth-user to match. -->
         <param name="inbound-reg-force-matching-username" value="true"/>
         <!-- on authed calls, authenticate *all* the packets not just invite -->
         <param name="auth-all-packets" value="false"/>
+        <!-- NOTICE: auth-messages was deprecated and authentication is enabled by default now.
+             See disable-auth-messages param for more details. -->
+        <!-- <param name="auth-messages" value="false"/> -->
+        <!-- Uncomment to stop authentication on message packets.
+             By default authentication is enabled.
+             disable-auth-messages param has higher priority than the deprecated auth-messages param. -->
+        <!-- <param name="disable-auth-messages" value="true"/> -->
 
         <!-- external_sip_ip
              Used as the public IP address for SDP.

src/mod/endpoints/mod_sofia/sofia.c

@@ -4568,6 +4568,8 @@ switch_status_t config_sofia(sofia_config_t reload, char *profile_name)
 				sofia_profile_start_failure(NULL, xprofilename);
 			} else {
 				switch_memory_pool_t *pool = NULL;
+				char *auth_messages_value = NULL;
+				uint8_t disable_auth_flag = 0;
 
 				if (!xprofilename) {
 					xprofilename = "unnamed";
@@ -5561,11 +5563,15 @@ switch_status_t config_sofia(sofia_config_t reload, char *profile_name)
 							sofia_clear_pflag(profile, PFLAG_AUTH_CALLS);
 						}
 					} else if (!strcasecmp(var, "auth-messages")) {
+						auth_messages_value = switch_core_strdup(profile->pool, val);
+					} else if (!strcasecmp(var, "disable-auth-messages")) {
 						if (switch_true(val)) {
-							sofia_set_pflag(profile, PFLAG_AUTH_MESSAGES);
-						} else {
 							sofia_clear_pflag(profile, PFLAG_AUTH_MESSAGES);
+						} else {
+							sofia_set_pflag(profile, PFLAG_AUTH_MESSAGES);
 						}
+
+						disable_auth_flag = 1;
 					} else if (!strcasecmp(var, "auth-subscriptions")) {
 						if (switch_true(val)) {
 							sofia_set_pflag(profile, PFLAG_AUTH_SUBSCRIPTIONS);
@@ -6076,6 +6082,14 @@ switch_status_t config_sofia(sofia_config_t reload, char *profile_name)
 					}
 				}
 
+				if (!disable_auth_flag) {
+					if (!auth_messages_value || switch_true(auth_messages_value)) {
+						sofia_set_pflag(profile, PFLAG_AUTH_MESSAGES);
+					} else {
+						sofia_clear_pflag(profile, PFLAG_AUTH_MESSAGES);
+					}
+				}
+
 				if (sofia_test_flag(profile, TFLAG_ZRTP_PASSTHRU) && !sofia_test_flag(profile, TFLAG_LATE_NEGOTIATION)) {
 					switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "ZRTP passthrough implictly enables inbound-late-negotiation\n");
 					sofia_set_flag(profile, TFLAG_LATE_NEGOTIATION);