[sr-dev] [tracker] Task opened: DB_DELETED flag is not checked in www_authenticate function of auth module

Thu May 6 16:28:47 CEST 2010

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.

A new Flyspray task has been opened.  Details are below. 

User who did this - Karel Kozlik (karel) 

Attached to Project - sip-router
Summary - DB_DELETED flag is not checked in www_authenticate function of auth module 
Task Type - Bug Report
Category - Modules ser
Status - Assigned
Assigned To - Jan Janak
Operating System - All
Severity - Low
Priority - Normal
Reported Version - Development
Due in Version - Undecided
Due Date - Undecided
Details - www_authenticate function does not check that DB_DELETED (0x80) flag is not set during authentification. DB_DELETED flag was originaly introduced to allow undelete user accounts from serweb.

Bellow are records from credentials table for one user of the iptel.org service. SER probably matches the first records althought it is marked as "deleted" in the flags column. The third record should be the correct one.

<code>
mysql> select * from credentials where auth_username="alfredo" and realm="pironti.eu";
+---------------+------------+----------+-------+----------------------------------+----------------------------------+--------------------------------------+--------------------------------------+
| auth_username | realm | password | flags | ha1 | ha1b | uid | did |
+---------------+------------+----------+-------+----------------------------------+----------------------------------+--------------------------------------+--------------------------------------+
| alfredo | pironti.eu | xxxxxxx | 161 | a930bf80e205557d7c4e5befd0a653b4 | e61384ab574c33726de666d5812c327e | 1f6b1cee-b33d-ae69-12b4-00005980d2c3 | 60dfb669-6f42-66a9-db3a-00000cd77eb8 |
| alfredo | pironti.eu | xxxxxxx | 161 | bdd93ccc42635bd249c77d21d558f8d8 | 31d0fafb66bdb6d2fdd7768db4a56871 | 097c64dc-b14b-bca9-9b42-0000640d5c1e | 6a74351b-ae9f-aac9-a283-00007c6ea1ef |
| alfredo | pironti.eu | xxxxxxx | 33 | bdd93ccc42635bd249c77d21d558f8d8 | 31d0fafb66bdb6d2fdd7768db4a56871 | 6944740b-143e-ea48-da9e-0000523ba8a5 | 72076238-4c73-ae28-9ac2-000018c9e3a8 |
+---------------+------------+----------+-------+----------------------------------+----------------------------------+--------------------------------------+--------------------------------------+
3 rows in set (0.00 sec)
</code>

bug is also reported in iptel.org sip-service bugtracker: https://bugtracker.iptel.org/view.php?id=38

More information can be found at the following URL:
http://sip-router.org/tracker/index.php?do=details&task_id=71

You are receiving this message because you have requested it from the Flyspray bugtracking system.  If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.