Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Wrong password column used for authentication #6
OpenSIPS branch 1.8
I am running into the same issue as described in bug #477. Are there any updates on this issue? I am having trouble finding the problem in the code as I am unfamiliar with the db/auth modules. It could be a while before I find a solution. Thanks for any support you can give me.
Description: When I authenticate two clients (one client with the digest username: "user1", and the other with the username: "firstname.lastname@example.org"), the second client authentication fails. From debug messages, it seems that once a password column is used once (ha1 or ha1b), it will be used in all following queries even if the other password column should be used.
I've found the problem in modules/auth_db/authorize.c:get_ha1.
There should be two prepared statement variables in the function. One for the ha1 statement and a second for the ha1b statement.
Right now there is only one prepared statement variable (static db_ps_t auth_ps) so after the function is called once it sets which result column will be returned no matter which one is passed in on future calls.
Hi, thanks a lot for your report and troubleshooting - indeed, there was a case which was never considered, leading to using 2 different types of queries in the same time.
Could you please validate my fix before doing the backport to 1.9 and 1.8 ?
Thanks and regards,