A NOTE has been added to this issue.
======================================================================
https://bugtracker.iptel.org/view.php?id=38
======================================================================
Reported By: karel
Assigned To:
======================================================================
Project: iptel.org public SIP service
Issue ID: 38
Category: SIP proxy
Reproducibility: have not tried
Severity: minor
Priority: normal
Status: new
======================================================================
Date Submitted: 2010-05-06 15:46 CEST
Last Modified: 2010-05-06 16:31 CEST
======================================================================
Summary: DB_DELETED flag is not checked in www_authenticate
function of auth module
Description:
www_authenticate function does not check that DB_DELETED (0x80) flag is not
set during authentification. DB_DELETED flag was originaly introduced to
allow undelete user accounts from serweb.
Bellow are records from credentials table for one user of the iptel.org
service. SER probably matches the first records althought it is marked as
"deleted" in the flags column. The third record should be the correct one.
mysql> select * from credentials where auth_username="alfredo" and
realm="pironti.eu";
+---------------+------------+----------+-------+----------------------------------+----------------------------------+--------------------------------------+--------------------------------------+
| auth_username | realm | password | flags | ha1
| ha1b | uid
| did |
+---------------+------------+----------+-------+----------------------------------+----------------------------------+--------------------------------------+--------------------------------------+
| alfredo | pironti.eu | xxxxxxx | 161 |
a930bf80e205557d7c4e5befd0a653b4 | e61384ab574c33726de666d5812c327e |
1f6b1cee-b33d-ae69-12b4-00005980d2c3 | 60dfb669-6f42-66a9-db3a-00000cd77eb8
|
| alfredo | pironti.eu | xxxxxxx | 161 |
bdd93ccc42635bd249c77d21d558f8d8 | 31d0fafb66bdb6d2fdd7768db4a56871 |
097c64dc-b14b-bca9-9b42-0000640d5c1e | 6a74351b-ae9f-aac9-a283-00007c6ea1ef
|
| alfredo | pironti.eu | xxxxxxx | 33 |
bdd93ccc42635bd249c77d21d558f8d8 | 31d0fafb66bdb6d2fdd7768db4a56871 |
6944740b-143e-ea48-da9e-0000523ba8a5 | 72076238-4c73-ae28-9ac2-000018c9e3a8
|
+---------------+------------+----------+-------+----------------------------------+----------------------------------+--------------------------------------+--------------------------------------+
3 rows in set (0.00 sec)
======================================================================
----------------------------------------------------------------------
(0000036) karel (manager) - 2010-05-06 16:31
https://bugtracker.iptel.org/view.php?id=38#c36
----------------------------------------------------------------------
reported also to sip-router.org bug tracker:
http://sip-router.org/tracker/index.php?do=details&task_id=71
Issue History
Date Modified Username Field Change
======================================================================
2010-05-06 15:46 karel New Issue
2010-05-06 16:30 karel Description Updated
2010-05-06 16:31 karel Note Added: 0000036
======================================================================
_______________________________________________
Semsdev mailing list
[email protected]
http://lists.iptel.org/mailman/listinfo/semsdev
