Strict Standards: call_user_func() expects parameter 1 to be a valid callback, non-static method dokuwiki_TextFormatter::render() should not be called statically in /var/www/sip-router.kamailio.org/flyspray/includes/class.tpl.php on line 552 Strict Standards: Declaration of cache_instructions::retrieveCache() should be compatible with cache::retrieveCache($clean = true) in /var/www/sip-router.kamailio.org/flyspray/plugins/dokuwiki/inc/cache.php on line 291 FS#71 : DB_DELETED flag is not checked in www_authenticate function of auth module

sip-router

Strict Standards: call_user_func() expects parameter 1 to be a valid callback, non-static method dokuwiki_TextFormatter::render() should not be called statically in /var/www/sip-router.kamailio.org/flyspray/includes/class.tpl.php on line 552

SIP Router Project

Tasklist

FS#71 - DB_DELETED flag is not checked in www_authenticate function of auth module

Attached to Project: sip-router
Opened by Karel Kozlik (karel) - Thursday, 06 May 2010, 14:28 GMT
Last edited by Daniel-Constantin Mierla (miconda) - Thursday, 18 July 2013, 18:44 GMT
Task Type Bug Report
Category Modules ser
Status Closed
Assigned To Jan Janak (janakj)
Operating System All
Severity Low
Priority Normal
Reported Version Development
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

www_authenticate function does not check that DB_DELETED (0×80) flag is not set during authentification. DB_DELETED flag was originaly introduced to allow undelete user accounts from serweb.

Bellow are records from credentials table for one user of the iptel.org service. SER probably matches the first records althought it is marked as “deleted” in the flags column. The third record should be the correct one.

mysql> select * from credentials where auth_username="alfredo" and realm="pironti.eu";
+---------------+------------+----------+-------+----------------------------------+----------------------------------+--------------------------------------+--------------------------------------+
| auth_username | realm | password | flags | ha1 | ha1b | uid | did |
+---------------+------------+----------+-------+----------------------------------+----------------------------------+--------------------------------------+--------------------------------------+
| alfredo | pironti.eu | xxxxxxx | 161 | a930bf80e205557d7c4e5befd0a653b4 | e61384ab574c33726de666d5812c327e | 1f6b1cee-b33d-ae69-12b4-00005980d2c3 | 60dfb669-6f42-66a9-db3a-00000cd77eb8 |
| alfredo | pironti.eu | xxxxxxx | 161 | bdd93ccc42635bd249c77d21d558f8d8 | 31d0fafb66bdb6d2fdd7768db4a56871 | 097c64dc-b14b-bca9-9b42-0000640d5c1e | 6a74351b-ae9f-aac9-a283-00007c6ea1ef |
| alfredo | pironti.eu | xxxxxxx | 33 | bdd93ccc42635bd249c77d21d558f8d8 | 31d0fafb66bdb6d2fdd7768db4a56871 | 6944740b-143e-ea48-da9e-0000523ba8a5 | 72076238-4c73-ae28-9ac2-000018c9e3a8 |
+---------------+------------+----------+-------+----------------------------------+----------------------------------+--------------------------------------+--------------------------------------+
3 rows in set (0.00 sec)

bug is also reported in iptel.org sip-service bugtracker: https://bugtracker.iptel.org/view.php?id=38

This task depends upon

Closed by  Daniel-Constantin Mierla (miconda)
Thursday, 18 July 2013, 18:44 GMT
Reason for closing:  Won't implement
Additional comments about closing:  Function from former ser flavor.

Loading...