mirror of
https://gitlab.linphone.org/BC/public/flexisip-account-manager.git
synced 2026-01-17 10:08:05 +00:00
Fixed digest auth for provisioning with another account
This commit is contained in:
Sylvain Berfini
parent
bffcde2193
commit
73308bc9d6
4 changed files with 17 additions and 8 deletions
|
|
@ -8,7 +8,7 @@
|
|||
#%define _datadir %{_datarootdir}
|
||||
#%define _docdir %{_datadir}/doc
|
||||
|
||||
%define build_number 25
|
||||
%define build_number 26
|
||||
%define var_dir /var/opt/belledonne-communications
|
||||
%define opt_dir /opt/belledonne-communications/share/flexisip-account-manager
|
||||
%define env_file "$RPM_BUILD_ROOT/etc/flexisip-account-manager/flexiapi.env"
|
||||
|
|
|
|||
|
|
@ -65,7 +65,7 @@ function authenticate($auth_digest, $realm = "sip.example.org")
|
|||
|
||||
if (!$account->getOne()) {
|
||||
Logger::getInstance()->error("Couldn't find account " . (string)$account);
|
||||
return false;
|
||||
return null;
|
||||
}
|
||||
$pwd = new Password($db);
|
||||
$pwd->account_id = $account->id;
|
||||
|
|
@ -74,7 +74,7 @@ function authenticate($auth_digest, $realm = "sip.example.org")
|
|||
$num = $stmt->rowCount();
|
||||
if ($num <= 0) {
|
||||
Logger::getInstance()->error("Couldn't find password " . (string)$pwd);
|
||||
return false;
|
||||
return null;
|
||||
}
|
||||
|
||||
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
|
||||
|
|
@ -100,10 +100,10 @@ function authenticate($auth_digest, $realm = "sip.example.org")
|
|||
|
||||
// Compare with the client response
|
||||
if ($data['response'] === $valid_response) {
|
||||
return true;
|
||||
return $data['username'];
|
||||
}
|
||||
}
|
||||
|
||||
Logger::getInstance()->error("Failed to authenticate request");
|
||||
return false;
|
||||
return null;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -31,7 +31,8 @@ $logger = Logger::getInstance();
|
|||
|
||||
if (REMOTE_PROVISIONING_USE_DIGEST_AUTH) {
|
||||
$headers = getallheaders();
|
||||
|
||||
$authorization = null;
|
||||
|
||||
// Get authentication header if there is one
|
||||
if (!empty($headers['Auth-Digest'])) {
|
||||
$logger->debug("Auth-Digest = " . $headers['Auth-Digest']);
|
||||
|
|
@ -44,7 +45,7 @@ if (REMOTE_PROVISIONING_USE_DIGEST_AUTH) {
|
|||
if (!empty($authorization)) {
|
||||
$authentication_status = authenticate($authorization, AUTH_REALM);
|
||||
|
||||
if ($authentication_status == true) {
|
||||
if ($authentication_status != null) {
|
||||
Logger::getInstance()->debug("Authentication successful");
|
||||
} else {
|
||||
Logger::getInstance()->debug("Authentication failed");
|
||||
|
|
@ -113,6 +114,14 @@ $domain = isset($_GET['domain']) ? $_GET['domain'] : SIP_DOMAIN;
|
|||
$transport = isset($_GET['transport']) ? $_GET['transport'] : REMOTE_PROVISIONING_DEFAULT_TRANSPORT;
|
||||
|
||||
if (!empty($username)) {
|
||||
if (REMOTE_PROVISIONING_USE_DIGEST_AUTH) {
|
||||
if ($username != $authentication_status) {
|
||||
$logger->error("User " . $authentication_status . " is trying to impersonate another user: " . $username);
|
||||
header('HTTP/1.1 403 Forbidden: Authenticated username and provisioning username mismatch');
|
||||
exit();
|
||||
}
|
||||
}
|
||||
|
||||
$ha1 = isset($_GET['ha1']) ? $_GET['ha1'] : null;
|
||||
$algo = isset($_GET['algorithm']) ? $_GET['algorithm'] : DEFAULT_ALGORITHM;
|
||||
|
||||
|
|
|
|||
|
|
@ -88,7 +88,7 @@ if (USE_DIGEST_AUTH) {
|
|||
if (!empty($authorization)) {
|
||||
$authentication_status = authenticate($authorization, AUTH_REALM);
|
||||
|
||||
if ($authentication_status == true) {
|
||||
if ($authentication_status != null) {
|
||||
Logger::getInstance()->debug("Authentication successful");
|
||||
} else {
|
||||
Logger::getInstance()->debug("Authentication failed");
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue