[asterisk-bugs] [JIRA] (ASTERISK-20677) Action Challenge not working with allowmultiplelogin=no

Jonathan Rose (JIRA) noreply at issues.asterisk.org
Mon Nov 26 10:26:45 CST 2012 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-20677?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jonathan Rose updated ASTERISK-20677:
-------------------------------------

    Attachment: challenge_action_nomultiplelogin.diff

challenge_action_nomultiplelogin.diff is the patch. It works by bypassing the user already in use check on actions that are allowed before login is authenticated when no username is specified. This wasn't caught by '!user' which was in 1.6.2 because user would be set to an empty string in these cases, so ast_strlen_zero can be used to detect this instead.
                
> Action Challenge not working with allowmultiplelogin=no
> -------------------------------------------------------
>
>                 Key: ASTERISK-20677
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-20677
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Core/ManagerInterface
>    Affects Versions: 11.0.1
>         Environment: CentOS 5.8 i386, AMD Opteron 1214
> CentOS 5.8 x86_86, Intel Xeon E5-2620
>            Reporter: Vladimir
>         Attachments: challenge_action_nomultiplelogin.diff
>
>
> With option {{allowmultiplelogin=no}} in manager.conf action Challenge not working. When I try connect to Manager Interface via telnet I've got these responses:
> {code} 
> [root at asterisk-test ~]# telnet 127.0.0.1 5038
> Trying 127.0.0.1...
> Connected to asterisk-test.company.tld (127.0.0.1).
> Escape character is '^]'.
> Asterisk Call Manager/1.3
> Action: Challenge
> AuthType: MD5
> Response: Error
> Message: Login Already In Use
> Connection closed by foreign host.
> {code} 
> or periodically
> {code} 
> [root at asterisk-test ~]# telnet 127.0.0.1 5038
> Trying 127.0.0.1...
> Connected to asterisk-test.company.tld (127.0.0.1).
> Escape character is '^]'.
> Asterisk Call Manager/1.3
> Action: Challendge
> AuthType: MD5
> Response: Error
> Message: Permission denied
> Connection closed by foreign host.
> {code} 
> No users connected to manager at this time:
> {code} 
> [root at asterisk-test ~]# asterisk -rx 'manager show connected'
>   Username         IP Address                                               Start       Elapsed     FileDes   HttpCnt   Read   Write
> 0 users connected. 
> {code} 
> With {{allowmultiplelogin=yes}} action Challenge working fine. Login without challenge working fine.
> {code:title=manager.conf}
> [general]
> enabled=yes
> webenabled=no
> port=5038
> bindaddr=0.0.0.0
> allowmultiplelogin=no
> displayconnects=yes
> [admin]
> secret=secret
> read=all
> write=all
> {code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the asterisk-bugs mailing list