Summary: | ASTERISK-16130: [patch] res_ldap.conf points md5secret to RealmedPassword, but the schema uses AstAccountRealmedPassword | ||
Reporter: | John Covert (jcovert) | Labels: | |
Date Opened: | 2010-05-22 11:17:40 | Date Closed: | 2010-10-21 08:17:25 |
Priority: | Major | Regression? | No |
Status: | Closed/Complete | Components: | Resources/res_config_ldap |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) res_ldap.conf.sample.patch | |
Description: | The LDAP schema supplied with asterisk defines certain attribute names to be used for LDAP realtime authentication. LDAP only allows entries to be added with attributes named in the schema. The schema expects the MD5 password to be AstAccountRealmedPassword; however, the config file contains the line "md5secret = RealmedPassword". This error may have been introduced as a workaround to asterisk crashing if AstAccountRealmedPassword was used (see issue 12163), but that problem has been fixed by a patch made to res_config_ldap.c. With the config file as supplied, AstAccountRealmedPassword is ignored. Since it's not possible (without changing the schema) to enter an attribute named "RealmedPassword", md5secret has no match in LDAP, and the only checking done is for a valid username -- no password check at all. The result of this, for one of my clients, was 2412 calls to Freetown, Sierra Leone, for a total of 34,980 minutes of time charged by their ITSP, at $0.25/minute, (about $9,000) all in the brief period from 4:00 am to 9:46 am yesterday. Patch supplied. /john ****** ADDITIONAL INFORMATION ****** Should be checked in to all versions. | ||
Comments: | By: Gavin Henry (suretec) 2010-05-27 06:19:31 Thanks, will get this added next week. By: Digium Subversion (svnbot) 2010-10-21 08:11:53 Repository: asterisk Revision: 292556 U branches/1.6.2/configs/res_ldap.conf.sample ------------------------------------------------------------------------ r292556 | lmadsen | 2010-10-21 08:11:53 -0500 (Thu, 21 Oct 2010) | 6 lines Change res_ldap.sample.conf to match the schema. (closes issue ASTERISK-16130) Reported by: jcovert Patches: res_ldap.conf.sample.patch uploaded by jcovert (license 551) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=292556 By: Digium Subversion (svnbot) 2010-10-21 08:12:20 Repository: asterisk Revision: 292557 _U branches/1.8/ U branches/1.8/configs/res_ldap.conf.sample ------------------------------------------------------------------------ r292557 | lmadsen | 2010-10-21 08:12:19 -0500 (Thu, 21 Oct 2010) | 14 lines Merged revisions 292556 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.6.2 ........ r292556 | lmadsen | 2010-10-21 08:11:52 -0500 (Thu, 21 Oct 2010) | 6 lines Change res_ldap.sample.conf to match the schema. (closes issue ASTERISK-16130) Reported by: jcovert Patches: res_ldap.conf.sample.patch uploaded by jcovert (license 551) ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=292557 By: Digium Subversion (svnbot) 2010-10-21 08:17:24 Repository: asterisk Revision: 292559 _U trunk/ U trunk/configs/res_ldap.conf.sample ------------------------------------------------------------------------ r292559 | lmadsen | 2010-10-21 08:17:24 -0500 (Thu, 21 Oct 2010) | 21 lines Merged revisions 292557 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.8 ................ r292557 | lmadsen | 2010-10-21 08:12:19 -0500 (Thu, 21 Oct 2010) | 14 lines Merged revisions 292556 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.6.2 ........ r292556 | lmadsen | 2010-10-21 08:11:52 -0500 (Thu, 21 Oct 2010) | 6 lines Change res_ldap.sample.conf to match the schema. (closes issue ASTERISK-16130) Reported by: jcovert Patches: res_ldap.conf.sample.patch uploaded by jcovert (license 551) ........ ................ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=292559 |