Merged revisions 63886 via svnmerge from
authorRussell Bryant <russell@russellbryant.com>
Fri, 11 May 2007 16:21:45 +0000 (16:21 +0000)
committerRussell Bryant <russell@russellbryant.com>
Fri, 11 May 2007 16:21:45 +0000 (16:21 +0000)
https://origsvn.digium.com/svn/asterisk/branches/1.4

........
r63886 | russell | 2007-05-11 11:05:43 -0500 (Fri, 11 May 2007) | 6 lines

When MD5 authentication is not possible because there is no challenge present,
either because the Challenge action was never issued, or some other reason,
give a proper error message and return an error instead of claiming that the
user wasn't found.
(reported by jsmith on IRC)

........

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@63902 65c4cc65-6c06-0410-ace0-fbb531ad65f3

main/manager.c

index bf0ba38..e1377d4 100644 (file)
@@ -1002,6 +1002,10 @@ static int authenticate(struct mansession *s, const struct message *m)
                                len += sprintf(md5key + len, "%2.2x", digest[x]);
                        if (!strcmp(md5key, key))
                                error = 0;
+               } else {
+                       ast_log(LOG_DEBUG, "MD5 authentication is not possible.  challenge: '%s'\n", 
+                               S_OR(s->challenge, ""));
+                       return -1;
                }
        } else if (password) {
                const char *pass = astman_get_header(m, "Secret");