SIP Router Project
FS#71 - DB_DELETED flag is not checked in www_authenticate function of auth module
|
Detailswww_authenticate function does not check that DB_DELETED (0x80) flag is not set during authentification. DB_DELETED flag was originaly introduced to allow undelete user accounts from serweb.
Bellow are records from credentials table for one user of the iptel.org service. SER probably matches the first records althought it is marked as "deleted" in the flags column. The third record should be the correct one. <code> mysql> select * from credentials where auth_username="alfredo" and realm="pironti.eu"; +---------------+------------+----------+-------+----------------------------------+----------------------------------+--------------------------------------+--------------------------------------+ | auth_username | realm | password | flags | ha1 | ha1b | uid | did | +---------------+------------+----------+-------+----------------------------------+----------------------------------+--------------------------------------+--------------------------------------+ | alfredo | pironti.eu | xxxxxxx | 161 | a930bf80e205557d7c4e5befd0a653b4 | e61384ab574c33726de666d5812c327e | 1f6b1cee-b33d-ae69-12b4-00005980d2c3 | 60dfb669-6f42-66a9-db3a-00000cd77eb8 | | alfredo | pironti.eu | xxxxxxx | 161 | bdd93ccc42635bd249c77d21d558f8d8 | 31d0fafb66bdb6d2fdd7768db4a56871 | 097c64dc-b14b-bca9-9b42-0000640d5c1e | 6a74351b-ae9f-aac9-a283-00007c6ea1ef | | alfredo | pironti.eu | xxxxxxx | 33 | bdd93ccc42635bd249c77d21d558f8d8 | 31d0fafb66bdb6d2fdd7768db4a56871 | 6944740b-143e-ea48-da9e-0000523ba8a5 | 72076238-4c73-ae28-9ac2-000018c9e3a8 | +---------------+------------+----------+-------+----------------------------------+----------------------------------+--------------------------------------+--------------------------------------+ 3 rows in set (0.00 sec) </code> bug is also reported in iptel.org sip-service bugtracker: https://bugtracker.iptel.org/view.php?id=38 |
This task depends upon