Summary:ASTERISK-04642: [patch] app_authenticate: hide real passwords from CDR (account code)
Reporter:Sergey Basmanov (sb)Labels:
Date Opened:2005-07-21 05:16:28Date Closed:2008-01-15 15:42:27.000-0600
Versions:Frequency of
Environment:Attachments:( 0) auth_md5_v2.diff
( 1) auth_md5_v3.diff
( 2) auth_md5.diff
Description:I'm not sure this is very useful, but sometimes it's better to have real passwords hidden from CDR records. Added option 'm'. With this option file interpreted as list of pairs account_code:password_md5hash (one per line).
Comments:By: Olle Johansson (oej) 2005-07-21 05:37:55

Do you have a disclaimer on file? (Please read bug guidelines)

By: Olle Johansson (oej) 2005-07-21 05:42:36

Seems like the source code could be made smaller, without the need to duplicate so many lines. Open the file in one place and do the processing differently if there's an m option. Then close the file in one place only.

By: Sergey Basmanov (sb) 2005-07-21 08:16:22

I've read bug guidelines. Unfortunately I can't fax signed disclaimer, because all calls from my country are going through VoIP without fax support. Can I sign it by e-mail?

Agree, code can be smaller. But I'm not sure, where to put processing of 'm' option? Inside 'while' loop or make two different loops depending on option?

By: Sergey Basmanov (sb) 2005-07-21 09:09:11

I've put option checking inside a 'while' loop. Please, check if this code better than previous.

By: Olle Johansson (oej) 2005-07-21 09:47:29

A quick review of the patch tells me it's much better. We do need your disclaimer to move this forward.

By: Sergey Basmanov (sb) 2005-07-21 10:09:26

Can I simply change option 'Disclaimer on File' to 'yes' ?
I can't find, where I can do it.

By: Olle Johansson (oej) 2005-07-21 10:40:36

Please read the bug guidelines. Go to http://bugs.digium.com/ - you'll find a link there with instructions. It's not as simple as changing to "yes".


By: Sergey Basmanov (sb) 2005-07-22 10:45:44

That's correct code.

By: Kevin P. Fleming (kpfleming) 2005-07-25 14:53:20

Committed to CVS HEAD with quite a few mods... there were formatting failures, the code was somewhat repetitive and there is no file named 'auth-goodbye' in the source tree. Thanks for the contribution, just keep this issues in mind for your future patches :-)

By: Digium Subversion (svnbot) 2008-01-15 15:42:27.000-0600

Repository: asterisk
Revision: 6198

U   trunk/apps/app_authenticate.c

r6198 | kpfleming | 2008-01-15 15:42:27 -0600 (Tue, 15 Jan 2008) | 2 lines

add MD5-hash matching (bug ASTERISK-4642, with mods)