From 92fb38673303aeb195b90be8085739389322b7b5 Mon Sep 17 00:00:00 2001
From: paulc <paulc@acf43c95-373e-0410-b603-e72c3f656dc1>
Date: Wed, 6 Jan 2010 12:46:45 +0000
Subject: [PATCH] Warn and refuse authentication if the designated password
 return column is missing from the user.auth result set.

git-svn-id: http://voip.null.ro/svn/yate@3008 acf43c95-373e-0410-b603-e72c3f656dc1
---
 conf.d/register.conf.sample |  3 +++
 modules/server/register.cpp | 29 ++++++++++++++++++++---------
 2 files changed, 23 insertions(+), 9 deletions(-)

diff --git a/conf.d/register.conf.sample b/conf.d/register.conf.sample
index 76ddb89e..d67c82b2 100644
--- a/conf.d/register.conf.sample
+++ b/conf.d/register.conf.sample
@@ -75,6 +75,9 @@
 [user.auth]
 ; Query and result name for the user.auth message
 ; The result must not be empty for password authentication to work
+; The designated result field is mandatory in the columns to prevent a
+;  configuration error from authorizing everybody. Use something
+;  like "SELECT NULL AS password" if you really don't need it ever
 
 ;query=SELECT password FROM users WHERE username='${username}' AND password IS NOT NULL AND password<>''
 ;result=password
diff --git a/modules/server/register.cpp b/modules/server/register.cpp
index 98e7af82..845e5b5a 100644
--- a/modules/server/register.cpp
+++ b/modules/server/register.cpp
@@ -268,24 +268,30 @@ static void copyParams2(Message &msg, Array* a, int row = 0)
     }
 }
 
-static void copyParams(Message &msg,Array *a,const char* resultName=0) {
+// copy parameters from multiple SQL result rows to a Message
+// returns true if resultName was found in columns
+
+static bool copyParams(Message &msg, Array *a, const String& resultName)
+{
     if (!a)
-	return;
+	return false;
+    bool ok = false;
     FallBackRoute* fallback = 0;
     for (int j=1; j <a->getRows();j++) {
 	Message* m = (j <= 1) ? &msg : new Message(msg);
 	for (int i=0; i<a->getColumns();i++) {
-	    String* s = YOBJECT(String,a->get(i,0));
-	    if (!(s && *s))
+	    const String* name = YOBJECT(String,a->get(i,0));
+	    if (!(name && *name))
 		continue;
-	    String name = *s;
-	    s = YOBJECT(String,a->get(i,j));
+	    bool res = (*name == resultName);
+	    ok = ok || res;
+	    const String* s = YOBJECT(String,a->get(i,j));
 	    if (!s)
 		continue;
-	    if (name == resultName)
+	    if (res)
 		m->retValue() = *s;
 	    else
-		m->setParam(name,*s);
+		m->setParam(*name,*s);
 	}	
 	if (j>1) {
 	    if (m->retValue().null()) {
@@ -310,6 +316,7 @@ static void copyParams(Message &msg,Array *a,const char* resultName=0) {
 	else
 	    fallback->destruct();
     }
+    return ok;
 }
 
 
@@ -435,7 +442,11 @@ bool AAAHandler::received(Message& msg)
 		if (m.getIntValue("rows") >=1)
 		{
 		    Array* a = static_cast<Array*>(m.userObject("Array"));
-		    copyParams(msg,a,m_result);
+		    if (!copyParams(msg,a,m_result)) {
+			Debug(&module,DebugWarn,"Misconfigured result column for '%s'",name().c_str());
+			msg.setParam("error","failure");
+			return false;
+		    }
 		    return true;
 		}
 	    return false;