[asterisk-dev] [Code Review] manager: allowmultiplelogin = no causes multiple login errors to occur for commands that don't require an authenticated session and a username to be specified.

Mark Michelson reviewboard at asterisk.org
Mon Nov 26 16:47:49 CST 2012 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/2207/#review7438
-----------------------------------------------------------

Ship it!


This will certainly work.

As an alternative, you could instead just remove "Challenge" as a valid action from the if statement that checks allowmultiplelogin as well. Go whichever way you prefer.

- Mark


On Nov. 26, 2012, 10:35 a.m., jrose wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/2207/
> -----------------------------------------------------------
> 
> (Updated Nov. 26, 2012, 10:35 a.m.)
> 
> 
> Review request for Asterisk Developers, Mark Michelson and Matt Jordan.
> 
> 
> Summary
> -------
> 
> The cause of this is fairly simple and the behavior appears to have been introduced with the allowmultiplelogin option (prior to this, the assumption was just always that simultaneous logins agains the same account were allowed). What happens is there is in fact a session going even before any have been authenticated, the session is just against the user with a zero length name and this session is returned as valid from the check_manager_session_inuse function.
> 
> It might be more appropriate in this case to change the check_manager_session_inuse function to automatically return 0 when the name given is an empty string instead. Let me know if you think this is the case. The check_manager_session_inuse function is only used in this one instance though.
> 
> 
> This addresses bug ASTERISK-20677.
>     https://issues.asterisk.org/jira/browse/ASTERISK-20677
> 
> 
> Diffs
> -----
> 
>   /branches/1.8/main/manager.c 376616 
> 
> Diff: https://reviewboard.asterisk.org/r/2207/diff
> 
> 
> Testing
> -------
> 
> Tested challenge, logoff, and login with no username specified before and after the patch. The patch makes the behavior of these commands match up with what would be received with the allowmultiplelogin option set to yes.
> 
> 
> Thanks,
> 
> jrose
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20121126/c71bf4a5/attachment.htm>

More information about the asterisk-dev mailing list