Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong password column used for authentication #6

Closed
korsteve opened this issue Jun 13, 2013 · 4 comments
Closed

Wrong password column used for authentication #6

korsteve opened this issue Jun 13, 2013 · 4 comments
Assignees
@bogdan-iancu
Labels
bug
Milestone
Master

Comments

@korsteve
Copy link

OpenSIPS branch 1.8

I am running into the same issue as described in bug #477. Are there any updates on this issue? I am having trouble finding the problem in the code as I am unfamiliar with the db/auth modules. It could be a while before I find a solution. Thanks for any support you can give me.

Description: When I authenticate two clients (one client with the digest username: "user1", and the other with the username: "user2@sip.domain.com"), the second client authentication fails. From debug messages, it seems that once a password column is used once (ha1 or ha1b), it will be used in all following queries even if the other password column should be used.

Relevant debug:
First authentication (Success, generates new query) :
DBG:auth_db:get_ha1: username: user2
DBG:auth_db:get_ha1: domain portion: sip.domain.com
DBG:auth_db:get_ha1: calc_ha1: 0
DBG:auth_db:get_ha1: using pass column 2 ha1b
DBG:db_mysql:db_mysql_do_prepared_query: conn=0x7f674f42ec98 (tail=140081688144552) MC=0x7f674f430ee8
DBG:db_mysql:db_mysql_do_prepared_query: new query=|select ha1b from subscriber where username=? AND domain=?|
DBG:db_mysql:re_init_statement: query is , ptr=(nil) DBG:db_mysql:db_mysql_do_prepared_query: new statement(0x7f674f441238) on connection: (0x7f674f42ec98) 0x7f674f42eaa8 DBG:db_mysql:db_mysql_do_prepared_query: set values for the statement run DBG:db_mysql:db_mysql_val2bind: added val (0): len=8; type=254; is_null=0 DBG:db_mysql:db_mysql_val2bind: added val (1): len=14; type=254; is_null=0 DBG:db_mysql:db_mysql_do_prepared_query: doing BIND_PARAM in... DBG:db_mysql:db_mysql_do_prepared_query: prepared statement has 1 columns in result DBG:db_mysql:db_mysql_do_prepared_query: doing to BIND_PARAM out ... DBG:core:db_new_result: allocate 48 bytes for result set at 0x7f674f440ef8 DBG:db_mysql:db_mysql_get_columns: 1 columns returned from the query DBG:core:db_allocate_columns: allocate 28 bytes for result columns at 0x7f674f440f40 DBG:db_mysql:db_mysql_get_columns: RES_NAMES(0x7f674f440f48)[0]=[ha1b] DBG:db_mysql:db_mysql_get_columns: use DB_STRING result type DBG:core:db_allocate_rows: allocate 48 bytes for result rows and values at 0x7f674f440f78 DBG:db_mysql:db_mysql_str2val: converting STRING [a05a32187aab07c37c874b311bf5cc36] DBG:auth:check_response: our result = '416f60b359e7e74f6c427044addd80c1' DBG:auth:check_response: authorization is OK Second authentication (Failure, note that no new query is prepared and the result column name is ha1b) : DBG:auth_db:get_ha1: username: user1 DBG:auth_db:get_ha1: domain portion: DBG:auth_db:get_ha1: calc_ha1: 0 DBG:auth_db:get_ha1: using pass column 1 ha1 DBG:db_mysql:has_stmt_ctx: ctx found for subscriber DBG:db_mysql:db_mysql_do_prepared_query: conn=0x7f674f42ec98 (tail=140081688144552) MC=0x7f674f430ee8 DBG:db_mysql:db_mysql_do_prepared_query: set values for the statement run DBG:db_mysql:db_mysql_val2bind: added val (0): len=8; type=254; is_null=0 DBG:db_mysql:db_mysql_val2bind: added val (1): len=14; type=254; is_null=0 DBG:db_mysql:db_mysql_do_prepared_query: doing BIND_PARAM in... DBG:db_mysql:db_mysql_do_prepared_query: prepared statement has 1 columns in result DBG:core:db_new_result: allocate 48 bytes for result set at 0x7f674f440cf8 DBG:db_mysql:db_mysql_get_columns: 1 columns returned from the query DBG:core:db_allocate_columns: allocate 28 bytes for result columns at 0x7f674f440f40 DBG:db_mysql:db_mysql_get_columns: RES_NAMES(0x7f674f440f48)[0]=[ha1b] DBG:db_mysql:db_mysql_get_columns: use DB_STRING result type DBG:core:db_allocate_rows: allocate 48 bytes for result rows and values at 0x7f674f441940 DBG:db_mysql:db_mysql_str2val: converting STRING [a05a32187aab07c37c874b311bf5cc36] DBG:auth:check_response: our result = 'bc17e12c512d25b469d6d131221b2ee9' DBG:auth:check_response: authorization failed
@korsteve
Copy link
Author

I've found the problem in modules/auth_db/authorize.c:get_ha1.

There should be two prepared statement variables in the function. One for the ha1 statement and a second for the ha1b statement.

Right now there is only one prepared statement variable (static db_ps_t auth_ps) so after the function is called once it sets which result column will be returned no matter which one is passed in on future calls.

@ghost ghost assigned bogdan-iancu Jun 17, 2013
bogdan-iancu added a commit that referenced this issue Jun 17, 2013
@bogdan-iancu
- fixed usage of prepared statements durin auth - we may use 2 differ…
8d74b95 
…ent queries in the same time.

  Credits for reporting the bug and the problem go to Steve Brisson
  Closes issue #6 on GH.
@bogdan-iancu
Copy link
Member

Hi, thanks a lot for your report and troubleshooting - indeed, there was a case which was never considered, leading to using 2 different types of queries in the same time.

I made a fix on the trunk version (see 8d74b95 or 8d74b95).

Could you please validate my fix before doing the backport to 1.9 and 1.8 ?

Thanks and regards,
Bogdan

@korsteve
Copy link
Author

I have verified that the fix works correctly. Thanks!

bogdan-iancu added a commit that referenced this issue Jun 17, 2013
@bogdan-iancu
- fixed usage of prepared statements durin auth - we may use 2 differ…
6f25a0a 
…ent queries in the same time.

  Credits for reporting the bug and the problem go to Steve Brisson
  Closes issue #6 on GH.
bogdan-iancu added a commit that referenced this issue Jun 17, 2013
@bogdan-iancu
- fixed usage of prepared statements durin auth - we may use 2 differ…
88d4708 
…ent queries in the same time.

  Credits for reporting the bug and the problem go to Steve Brisson
  Closes issue #6 on GH.
(cherry picked from commit 8d74b95)
@bogdan-iancu
Copy link
Member

Thanks, all backports done !

@littlehi littlehi mentioned this issue Aug 5, 2013
Closed
@denodaeus denodaeus mentioned this issue Sep 24, 2013
Closed
This was referenced Sep 25, 2013
Closed
Closed
@mnunzi mnunzi mentioned this issue Nov 7, 2013
Closed
@peppolon peppolon mentioned this issue Nov 8, 2013
Closed
@jpyle490 jpyle490 mentioned this issue Nov 13, 2013
Closed
@kaduww kaduww mentioned this issue Feb 10, 2014
Closed
@flaviogoncalves flaviogoncalves mentioned this issue Feb 13, 2014
Closed
@lbarth lbarth mentioned this issue Mar 17, 2014
Closed
@apsaras apsaras mentioned this issue Mar 26, 2014
Closed
This was referenced Apr 7, 2014
Closed
Closed
@dsandras dsandras mentioned this issue Apr 16, 2014
Closed
@syco syco mentioned this issue Jul 16, 2014
Closed
@JamuelStarkey JamuelStarkey mentioned this issue Jul 25, 2014
Closed
@gergelypeli gergelypeli mentioned this issue Aug 19, 2014
Closed
@liviuchircu liviuchircu mentioned this issue Aug 26, 2014
Closed
This was referenced Nov 3, 2014
Closed
Closed
@gergelypeli gergelypeli mentioned this issue Nov 26, 2014
Closed
@TruptiSh TruptiSh mentioned this issue May 23, 2019
Closed
@bogdan-iancu bogdan-iancu mentioned this issue Jul 9, 2019
Closed
Closed
@Lt-Flash Lt-Flash mentioned this issue Aug 14, 2019
Closed
@suharik71 suharik71 mentioned this issue Nov 11, 2019
Closed
@olegans1972 olegans1972 mentioned this issue Mar 16, 2020
Closed
@MarcoHierl MarcoHierl mentioned this issue Mar 19, 2020
Closed
@attermann attermann mentioned this issue Apr 30, 2020
Closed
@stevenchiu7311 stevenchiu7311 mentioned this issue May 5, 2020
Closed
@fedkis fedkis mentioned this issue May 19, 2020
Closed
@adigeo adigeo mentioned this issue May 21, 2020
Closed
@AnjanIpc AnjanIpc mentioned this issue Jun 11, 2020
Closed
@caloveri caloveri mentioned this issue Jul 24, 2020
Closed
@imdrpn imdrpn mentioned this issue Aug 4, 2020
Closed
@Anthony-76 Anthony-76 mentioned this issue Aug 18, 2020
Closed
@savionfernandes savionfernandes mentioned this issue Aug 18, 2020
Closed
@AnjanIpc AnjanIpc mentioned this issue Sep 30, 2020
Closed
@adigeo adigeo mentioned this issue Oct 20, 2020
Closed
sobomax added a commit to sippy/opensips that referenced this issue Nov 4, 2020
@sobomax
Update case (1) now that SHA-512-256 is fully supported, add
b083474 
Case OpenSIPS#6 and Case OpenSIPS#7 to fail instead.

Improve test_parse_authenticate_body() logic: don't run checks if
test fail.

GC stray debug output.
sobomax added a commit to sippy/opensips that referenced this issue Nov 4, 2020
@sobomax
Update case (1) now that SHA-512-256 is fully supported, add
7922c3a 
Case OpenSIPS#6 and Case OpenSIPS#7 to fail instead.

Improve test_parse_authenticate_body() logic: don't run checks if
test fail.

GC stray debug output.
@cc3283 cc3283 mentioned this issue Nov 11, 2020
Closed
@adigeo adigeo mentioned this issue Apr 6, 2021
Closed
@korithi korithi mentioned this issue Aug 16, 2021
Closed
@abisaim abisaim mentioned this issue Sep 15, 2021
Closed
@woowadragonchan woowadragonchan mentioned this issue Oct 7, 2021
Closed
@telematico telematico mentioned this issue Jan 22, 2022
Closed
@Badareenadh Badareenadh mentioned this issue Apr 6, 2022
Closed
@zbyslb zbyslb mentioned this issue Jul 24, 2022
Closed
@flaviogoncalves flaviogoncalves mentioned this issue Dec 25, 2022
Closed
@garry6543121 garry6543121 mentioned this issue Dec 12, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bogdan-iancu bogdan-iancu

Labels
bug
Projects
None yet
Milestone
Master
Development

No branches or pull requests
2 participants
@korsteve @bogdan-iancu