7 Oct
2010
7 Oct
'10
2:56 a.m.
All right, will do. Compiling with debug symbols now for extra
information.
I don't think it is Postgres-related; I briefly looked at the
backtrace and there was no evidence at all of database activity. Nor
did a TCP packet capture show any database activity. Instead, it
seemed to me like the fact that the initial REGISTER request arrived
without digest/auth headers (like it's supposed to) was taken as
evidence that user does not exist without further developments.
I will post the backtrace as soon as I have it.
--
Alex Balashov - Principal
Evariste Systems LLC
1170 Peachtree Street
12th Floor, Suite 1200
Atlanta, GA 30309
Tel: +1-678-954-0670
Fax: +1-404-961-1892
Web: http://www.evaristesys.com/
On Oct 7, 2010, at 2:45 AM, Daniel-Constantin Mierla
<miconda(a)gmail.com> wrote:
On 10/7/10 7:03 AM, Alex Balashov wrote:
I have tinkered with various combinations of
modparam values for
'qop', 'nonce_count', and 'one_time_nonce' to see if it makes a
difference. It does not.
Please send the backtrace. It is strange since
authentication was
deployed on many tests, but with mysql. Might be related to some of
latest changes in postgres module.
Cheers,
Daniel
On 10/07/2010 01:00 AM, Alex Balashov wrote:
--
Daniel-Constantin Mierla
http://www.asipto.com
Actually, on further investigation, I think auth
<-> auth_db is very
broken in 3.1.0, at least when auth_db is used with Postgres. I
imagine this is because the new 'auth' is from the SER side and
'auth_db' is from the Kamailio extraction.
In the below script, www_authorize() returns -1 even though the user
is valid and is in the database table. However, when I look at my
Postgres server's query logs, Kamailio does not actually check the
'subscriber' table to see if the user exists, nor is the table
demand-loaded at startup. The user and the domain are both quite
valid.
I have my script set to send_reply("403", "Forbidden") and
'exit'
when
www_authorize() returns -1, because if it's an invalid user, there
is
no point in challenging them. If I remove this reply and 'exit'
however, to test what happens if I www_challenge() anyway, then
Kamailio crashes.
On 10/06/2010 11:58 PM, Alex Balashov wrote:
I seem to be able to crash Kamailio v3.1 by doing
this when
handling a
REGISTER:
if(!www_authorize("$td", "subscriber")) {
# $rc is -1 - "invalid user"
www_challenge("$td", "1");
exit;
}
In other words, it cannot find the user, but I call www_challenge()
anyway, and get a segfault. Can anyone reproduce, before I
attempt to
obtain a backtrace?