[asterisk-commits] bbryant: branch 1.4 r287758 - /branches/1.4/apps/app_meetme.c

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Mon Sep 20 18:57:13 CDT 2010 

Author: bbryant
Date: Mon Sep 20 18:57:08 2010
New Revision: 287758

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=287758
Log:
Fix misvalidation of meetme pins in conjunction with the 'a' MeetMe flag.

When using the 'a' MeetMe flag and having a user and admin pin setup for your
conference, using the user pin would gain you admin priviledges. Also, when no
user pin was set, an admin pin was, the 'a' MeetMe flag wasn't used, and the
user tried to enter a conference then they were still prompted for a pin and
forced to hit #.

(closes issue #17908)
Reported by: kuj
Patches:
      pins_2.patch uploaded by kuj (license 1111)
      Tested by: kuj

      Review: [full review board URL with trailing slash]

Modified:
    branches/1.4/apps/app_meetme.c

Modified: branches/1.4/apps/app_meetme.c
URL: http://svnview.digium.com/svn/asterisk/branches/1.4/apps/app_meetme.c?view=diff&rev=287758&r1=287757&r2=287758
==============================================================================
--- branches/1.4/apps/app_meetme.c (original)
+++ branches/1.4/apps/app_meetme.c Mon Sep 20 18:57:08 2010
@@ -2941,9 +2941,13 @@
 				if (allowretry)
 					confno[0] = '\0';
 			} else {
-				if (((!ast_strlen_zero(cnf->pin) &&
-				    !ast_test_flag(&confflags, CONFFLAG_ADMIN)) ||
-				    !ast_strlen_zero(cnf->pinadmin)) &&
+				if (((!ast_strlen_zero(cnf->pin)       &&
+					!ast_test_flag(&confflags, CONFFLAG_ADMIN)) ||
+				     (!ast_strlen_zero(cnf->pinadmin)  &&
+				     	 ast_test_flag(&confflags, CONFFLAG_ADMIN)) ||
+			    	     (!ast_strlen_zero(cnf->pin) &&
+			    	     	 ast_strlen_zero(cnf->pinadmin) &&
+			    	     	 ast_test_flag(&confflags, CONFFLAG_ADMIN))) &&
 				    (!(cnf->users == 0 && cnf->isdynamic))) {
 					char pin[MAX_PIN] = "";
 					int j;
@@ -2958,9 +2962,11 @@
 							res = ast_app_getdata(chan, "conf-getpin", pin + strlen(pin), sizeof(pin) - 1 - strlen(pin), 0);
 						}
 						if (res >= 0) {
-							if (!strcasecmp(pin, cnf->pin) ||
-							    (!ast_strlen_zero(cnf->pinadmin) &&
-							     !strcasecmp(pin, cnf->pinadmin))) {
+							if ((!strcasecmp(pin, cnf->pin) &&
+							     (ast_strlen_zero(cnf->pinadmin) ||
+							      !ast_test_flag(&confflags, CONFFLAG_ADMIN))) ||
+							     (!ast_strlen_zero(cnf->pinadmin) &&
+							      !strcasecmp(pin, cnf->pinadmin))) {
 								/* Pin correct */
 								allowretry = 0;
 								if (!ast_strlen_zero(cnf->pinadmin) && !strcasecmp(pin, cnf->pinadmin))

More information about the asterisk-commits mailing list