This weekend I enlisted the help of a programmer friend of mine to help me make FreePBX / Asterisk 1.4 capable of taking md5secrets for the password, instead of just the unencrypted secret field. I’m not sure why FreePBX doesn’t include this functionality already, I suppose the developers don’t see a need in password security for their peers, but we do!

It wasn’t very hard to get this done, and we’ve submitted a patch to FreePBX. Hopefully they will incorporate this into their next release and also add it for IAX Devices as well.

What This Hack Does:

  1. Allow you to specify secret or md5secret for peer
  2. Allow you to type plaintext secret in md5secret field, and it will run md5sum

What This Hack Doesn’t Do:

  1. Add MD5Secret Ability to IAX Devices
  2. Work if your asterisk realm is set to something other than “asterisk”.
  3. Allow device passwords longer than 32 characters.
  4. Display Popup warnings if no passwords are entered

How to enable this on your FreePBX / Asterisk 1.4 Installation:

  1. Edit the Functions.inc.php in the core modules directory of freepbx

       # cd /var/www/admin/modules/core/functions.inc.php  
       # cp functions.inc.php functions.inc.php.original  
       # nano functions.inc.php
    
  2. Look for the function named “core_Devices_addsip” and replace it with the following:

       //add to sip table  
       function core_devices_addsip($account) {  
       global $db;  
       global $currentFile;
    
       foreach ($_REQUEST as $req=>$data) {  
       if ( substr($req, 0, 8) == 'devinfo_' ) {  
       $keyword = substr($req, 8);  
       if ( $keyword == 'dial' && $data == " ) {  
       $sipfields[] = array($account, $keyword, 'SIP/'.$account);  
       } elseif ($keyword == 'mailbox' && $data == ") {  
       $sipfields[] = array($account,'mailbox',$account.'@device');  
       } elseif ($keyword == 'md5secret' && $data != ") {  
       $sipfields[] = array($account, 'md5secret', md5($account.':asterisk:'.$data));  
       } else {  
       $sipfields[] = array($account, $keyword, $data);  
       }  
       }  
       }
    
  3. Directly following the “core_devices_addsip” function, is the sipfields array. Replace it with the following piece of code:

if ( !is_array($sipfields) ) { // left for compatibilty...lord knows why !  
$sipfields = array(  
//array($account,'account',$account),  
array($account,'accountcode',(isset($_REQUEST['accountcode']))?$_REQUEST['accountcode']:"),  
array($account,'secret',(isset($_REQUEST['secret']))?$_REQUEST['secret']:"),  
array($account,'md5secret', (isset($_REQUEST['md5secret']))? $_REQUEST['md5secret']:"),  
array($account,'canreinvite',(isset($_REQUEST['canreinvite']))?$_REQUEST['canreinvite']:'no'),  
array($account,'context',(isset($_REQUEST['context']))?$_REQUEST['context']:'from-internal'),  
array($account,'dtmfmode',(isset($_REQUEST['dtmfmode']))?$_REQUEST['dtmfmode']:"),  
array($account,'host',(isset($_REQUEST['host']))?$_REQUEST['host']:'dynamic'),  
array($account,'type',(isset($_REQUEST['type']))?$_REQUEST['type']:'friend'),  
array($account,'mailbox',(isset($_REQUEST['mailbox']) && !empty($_REQUEST['mailbox']))?$_REQUEST['mailbox']:$account.'@device'),  
array($account,'username',(isset($_REQUEST['username']))?$_REQUEST['username']:$account),  
array($account,'nat',(isset($_REQUEST['nat']))?$_REQUEST['nat']:'yes'),  
array($account,'port',(isset($_REQUEST['port']))?$_REQUEST['port']:'5060′),  
array($account,'qualify',(isset($_REQUEST['qualify']))?$_REQUEST['qualify']:'yes'),  
array($account,'callgroup',(isset($_REQUEST['callgroup']))?$_REQUEST['callgroup']:"),  
array($account,'pickupgroup',(isset($_REQUEST['pickupgroup']))?$_REQUEST['pickupgroup']:"),  
array($account,'disallow',(isset($_REQUEST['disallow']))?$_REQUEST['disallow']:"),  
array($account,'allow',(isset($_REQUEST['allow']))?$_REQUEST['allow']:")  
//array($account,'record_in',(isset($_REQUEST['record_in']))?$_REQUEST['record_in']:'On-Demand'),  
//array($account,'record_out',(isset($_REQUEST['record_out']))?$_REQUEST['record_out']:'On-Demand'),  
//array($account,'callerid',(isset($_REQUEST['description']))?$_REQUEST['description']." <".$account.'>':'device'." <".$account.'>')  
);  
}
  1. Look for the SIP Temporary Arrays, around line 2973 and add this value. We’re not sure if it’s required, but it works with it here so we left it.

       $tmparr['md5secret'] = array('value' => ", 'level' => 0);
    
  2. Exit and save the file

  3. Refresh FreePBX Extension and you should now see md5secret available as an option. This field also appears on the add new sip extension page as well.

You can download the modified functions.inc.php by using this link