[sr-dev] Bug in www_authorize/challenge functions
Alex Balashov
abalashov at evaristesys.com
Thu Oct 7 08:56:04 CEST 2010
All right, will do. Compiling with debug symbols now for extra
information.
I don't think it is Postgres-related; I briefly looked at the
backtrace and there was no evidence at all of database activity. Nor
did a TCP packet capture show any database activity. Instead, it
seemed to me like the fact that the initial REGISTER request arrived
without digest/auth headers (like it's supposed to) was taken as
evidence that user does not exist without further developments.
I will post the backtrace as soon as I have it.
--
Alex Balashov - Principal
Evariste Systems LLC
1170 Peachtree Street
12th Floor, Suite 1200
Atlanta, GA 30309
Tel: +1-678-954-0670
Fax: +1-404-961-1892
Web: http://www.evaristesys.com/
On Oct 7, 2010, at 2:45 AM, Daniel-Constantin Mierla
<miconda at gmail.com> wrote:
>
>
> On 10/7/10 7:03 AM, Alex Balashov wrote:
>> I have tinkered with various combinations of modparam values for
>> 'qop', 'nonce_count', and 'one_time_nonce' to see if it makes a
>> difference. It does not.
> Please send the backtrace. It is strange since authentication was
> deployed on many tests, but with mysql. Might be related to some of
> latest changes in postgres module.
>
> Cheers,
> Daniel
>
>>
>> On 10/07/2010 01:00 AM, Alex Balashov wrote:
>>
>>> Actually, on further investigation, I think auth <-> auth_db is very
>>> broken in 3.1.0, at least when auth_db is used with Postgres. I
>>> imagine this is because the new 'auth' is from the SER side and
>>> 'auth_db' is from the Kamailio extraction.
>>>
>>> In the below script, www_authorize() returns -1 even though the user
>>> is valid and is in the database table. However, when I look at my
>>> Postgres server's query logs, Kamailio does not actually check the
>>> 'subscriber' table to see if the user exists, nor is the table
>>> demand-loaded at startup. The user and the domain are both quite
>>> valid.
>>>
>>> I have my script set to send_reply("403", "Forbidden") and 'exit'
>>> when
>>> www_authorize() returns -1, because if it's an invalid user, there
>>> is
>>> no point in challenging them. If I remove this reply and 'exit'
>>> however, to test what happens if I www_challenge() anyway, then
>>> Kamailio crashes.
>>>
>>> On 10/06/2010 11:58 PM, Alex Balashov wrote:
>>>
>>>> I seem to be able to crash Kamailio v3.1 by doing this when
>>>> handling a
>>>> REGISTER:
>>>>
>>>> if(!www_authorize("$td", "subscriber")) {
>>>> # $rc is -1 - "invalid user"
>>>>
>>>> www_challenge("$td", "1");
>>>> exit;
>>>> }
>>>>
>>>> In other words, it cannot find the user, but I call www_challenge()
>>>> anyway, and get a segfault. Can anyone reproduce, before I
>>>> attempt to
>>>> obtain a backtrace?
>>>>
>>>
>>>
>>
>>
>
> --
> Daniel-Constantin Mierla
> http://www.asipto.com
>
More information about the sr-dev
mailing list