Warn and refuse authentication if the designated password return column is missing from the user.auth result set.
git-svn-id: http://voip.null.ro/svn/yate@3008 acf43c95-373e-0410-b603-e72c3f656dc1
This commit is contained in:
parent
231f3d9684
commit
92fb386733
|
@ -75,6 +75,9 @@
|
|||
[user.auth]
|
||||
; Query and result name for the user.auth message
|
||||
; The result must not be empty for password authentication to work
|
||||
; The designated result field is mandatory in the columns to prevent a
|
||||
; configuration error from authorizing everybody. Use something
|
||||
; like "SELECT NULL AS password" if you really don't need it ever
|
||||
|
||||
;query=SELECT password FROM users WHERE username='${username}' AND password IS NOT NULL AND password<>''
|
||||
;result=password
|
||||
|
|
|
@ -268,24 +268,30 @@ static void copyParams2(Message &msg, Array* a, int row = 0)
|
|||
}
|
||||
}
|
||||
|
||||
static void copyParams(Message &msg,Array *a,const char* resultName=0) {
|
||||
// copy parameters from multiple SQL result rows to a Message
|
||||
// returns true if resultName was found in columns
|
||||
|
||||
static bool copyParams(Message &msg, Array *a, const String& resultName)
|
||||
{
|
||||
if (!a)
|
||||
return;
|
||||
return false;
|
||||
bool ok = false;
|
||||
FallBackRoute* fallback = 0;
|
||||
for (int j=1; j <a->getRows();j++) {
|
||||
Message* m = (j <= 1) ? &msg : new Message(msg);
|
||||
for (int i=0; i<a->getColumns();i++) {
|
||||
String* s = YOBJECT(String,a->get(i,0));
|
||||
if (!(s && *s))
|
||||
const String* name = YOBJECT(String,a->get(i,0));
|
||||
if (!(name && *name))
|
||||
continue;
|
||||
String name = *s;
|
||||
s = YOBJECT(String,a->get(i,j));
|
||||
bool res = (*name == resultName);
|
||||
ok = ok || res;
|
||||
const String* s = YOBJECT(String,a->get(i,j));
|
||||
if (!s)
|
||||
continue;
|
||||
if (name == resultName)
|
||||
if (res)
|
||||
m->retValue() = *s;
|
||||
else
|
||||
m->setParam(name,*s);
|
||||
m->setParam(*name,*s);
|
||||
}
|
||||
if (j>1) {
|
||||
if (m->retValue().null()) {
|
||||
|
@ -310,6 +316,7 @@ static void copyParams(Message &msg,Array *a,const char* resultName=0) {
|
|||
else
|
||||
fallback->destruct();
|
||||
}
|
||||
return ok;
|
||||
}
|
||||
|
||||
|
||||
|
@ -435,7 +442,11 @@ bool AAAHandler::received(Message& msg)
|
|||
if (m.getIntValue("rows") >=1)
|
||||
{
|
||||
Array* a = static_cast<Array*>(m.userObject("Array"));
|
||||
copyParams(msg,a,m_result);
|
||||
if (!copyParams(msg,a,m_result)) {
|
||||
Debug(&module,DebugWarn,"Misconfigured result column for '%s'",name().c_str());
|
||||
msg.setParam("error","failure");
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
|
|
Loading…
Reference in New Issue