Re: [Users] How to add subscribers into OPENSER database(can not do it with openserctl)?
On Mon, July 31, 2006 22:14, Bill Zhang said:
Strange, I used to be able to use serctl to add subscribers, but with openserctl, the choice are very limited, why? All those nice command line options seem to be gone:-(.
openserctl was splitted into modules, and the functions to manipulate the DB are only installed if the DB packages are installed (mysql ...). Maybe there is a problem with this modularization.
regards klaus
Best Regards, Bill Zhang
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
On 07/31/06 23:36, Klaus Darilion wrote:
On Mon, July 31, 2006 22:14, Bill Zhang said:
Strange, I used to be able to use serctl to add subscribers, but with openserctl, the choice are very limited, why? All those nice command line options seem to be gone:-(.
openserctl was splitted into modules, and the functions to manipulate the DB are only installed if the DB packages are installed (mysql ...). Maybe there is a problem with this modularization.
If you discover an issue with the new openserctl, we will be glad to fix it. Meanwhile, see:
http://openser.org/dokuwiki/doku.php?id=migrating_openser_v1.0.x_to_v1.1.x#o...
It should help to have it running in a way or other.
Cheers, Daniel
regards klaus
Best Regards, Bill Zhang
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Thanks:) It sounds like we will need to configure openserctlrc to use the features. But the link does not seem to tell user how to do so:(.
Also, I was using the TLS source code(openser-1.1.0-tls.tar.gz) to build openser, not Debian one, can I build it on top of it? In my "Fedora Core release 5"?
Best Regards, Bill Zhang -----Original Message----- From: Daniel-Constantin Mierla [mailto:daniel@voice-system.ro] Sent: Monday, July 31, 2006 1:57 PM To: Klaus Darilion Cc: Bill Zhang; users@openser.org Subject: Re: [Users] How to add subscribers into OPENSER database(can not do it with openserctl)?
On 07/31/06 23:36, Klaus Darilion wrote:
On Mon, July 31, 2006 22:14, Bill Zhang said:
Strange, I used to be able to use serctl to add subscribers, but with openserctl, the choice are very limited, why? All those nice command
line
options seem to be gone:-(.
openserctl was splitted into modules, and the functions to manipulate the DB are only installed if the DB packages are installed (mysql ...). Maybe there is a problem with this modularization.
If you discover an issue with the new openserctl, we will be glad to fix it. Meanwhile, see:
http://openser.org/dokuwiki/doku.php?id=migrating_openser_v1.0.x_to_v1.1.x#o penserctl
It should help to have it running in a way or other.
Cheers, Daniel
regards klaus
Best Regards, Bill Zhang
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Hello,
Today I stumbled upon an issue while using exec_dset.
If the R-URI has a parameter in it like the following:
sip:+12125551212@208.1.1.1;dt=180 SIP/2.0
When exec_dset sends the R-URI as a command line param to the command specified when called like: exec_dset("/usr/local/bin/dostuff.pl"); popen is used to exec a new shell passing "/usr/local/bin/dostuff.pl sip:+12125551212@208.1.1.1;dt=180 SIP/2.0" as the command The ; in the RURI is interpreted by the shell as the end of the parameter. This causes the dt=180 portion of the R-URI to passed directly to the shell causing an error. It seems this problem could be exploited by an enterprising hacker.
A solution would be to check the param string for semi-colons and if found escape them with a backslash ( \ ).
I am working on this code now.
Is this a known issue?
Is there a better solution?
T.R.
T.R. Missner wrote:
Hello,
Today I stumbled upon an issue while using exec_dset.
If the R-URI has a parameter in it like the following:
sip:+12125551212@208.1.1.1;dt=180 SIP/2.0
When exec_dset sends the R-URI as a command line param to the command specified when called like: exec_dset("/usr/local/bin/dostuff.pl"); popen is used to exec a new shell passing "/usr/local/bin/dostuff.pl sip:+12125551212@208.1.1.1;dt=180 SIP/2.0" as the command The ; in the RURI is interpreted by the shell as the end of the parameter. This causes the dt=180 portion of the R-URI to passed directly to the shell causing an error. It seems this problem could be exploited by an enterprising hacker.
A solution would be to check the param string for semi-colons and if found escape them with a backslash ( \ ).
I am working on this code now.
Is this a known issue?
Is there a better solution?
Probably the best solution would be to avoid exec at all. I managed to got rid of all execs by using avp_db_load.
regards klaus
-
Bill Zhang -
Daniel-Constantin Mierla -
Klaus Darilion -
T.R. Missner