sip-router

SIP Router Project

Tasklist

FS#71 - DB_DELETED flag is not checked in www_authenticate function of auth module

Attached to Project: sip-router
Opened by Karel Kozlik (karel) - Thursday, 06 May 2010, 14:28 GMT
Last edited by Daniel-Constantin Mierla (miconda) - Thursday, 18 July 2013, 18:44 GMT
Task Type Bug Report
Category Modules ser
Status Closed
Assigned To Jan Janak (janakj)
Operating System All
Severity Low
Priority Normal
Reported Version Development
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

www_authenticate function does not check that DB_DELETED (0×80) flag is not set during authentification. DB_DELETED flag was originaly introduced to allow undelete user accounts from serweb.

Bellow are records from credentials table for one user of the iptel.org service. SER probably matches the first records althought it is marked as “deleted” in the flags column. The third record should be the correct one.

mysql> select * from credentials where auth_username="alfredo" and realm="pironti.eu";
+---------------+------------+----------+-------+----------------------------------+----------------------------------+--------------------------------------+--------------------------------------+
| auth_username | realm | password | flags | ha1 | ha1b | uid | did |
+---------------+------------+----------+-------+----------------------------------+----------------------------------+--------------------------------------+--------------------------------------+
| alfredo | pironti.eu | xxxxxxx | 161 | a930bf80e205557d7c4e5befd0a653b4 | e61384ab574c33726de666d5812c327e | 1f6b1cee-b33d-ae69-12b4-00005980d2c3 | 60dfb669-6f42-66a9-db3a-00000cd77eb8 |
| alfredo | pironti.eu | xxxxxxx | 161 | bdd93ccc42635bd249c77d21d558f8d8 | 31d0fafb66bdb6d2fdd7768db4a56871 | 097c64dc-b14b-bca9-9b42-0000640d5c1e | 6a74351b-ae9f-aac9-a283-00007c6ea1ef |
| alfredo | pironti.eu | xxxxxxx | 33 | bdd93ccc42635bd249c77d21d558f8d8 | 31d0fafb66bdb6d2fdd7768db4a56871 | 6944740b-143e-ea48-da9e-0000523ba8a5 | 72076238-4c73-ae28-9ac2-000018c9e3a8 |
+---------------+------------+----------+-------+----------------------------------+----------------------------------+--------------------------------------+--------------------------------------+
3 rows in set (0.00 sec)

bug is also reported in iptel.org sip-service bugtracker: https://bugtracker.iptel.org/view.php?id=38

This task depends upon

Closed by  Daniel-Constantin Mierla (miconda)
Thursday, 18 July 2013, 18:44 GMT
Reason for closing:  Won't implement
Additional comments about closing:  Function from former ser flavor.

Loading...