Make sure the user's manager secret exists, even if it is blank.
authorJoshua Colp <jcolp@digium.com>
Mon, 14 Jan 2008 20:01:19 +0000 (20:01 +0000)
committerJoshua Colp <jcolp@digium.com>
Mon, 14 Jan 2008 20:01:19 +0000 (20:01 +0000)
(closes issue #11749)
Reported by: srt

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@98830 65c4cc65-6c06-0410-ace0-fbb531ad65f3

main/manager.c

index 0016cd9..8e87af7 100644 (file)
@@ -997,7 +997,7 @@ static int authenticate(struct mansession *s, const struct message *m)
                ast_log(LOG_NOTICE, "%s failed to pass IP ACL as '%s'\n", ast_inet_ntoa(s->sin.sin_addr), username);
        } else if (!strcasecmp(astman_get_header(m, "AuthType"), "MD5")) {
                const char *key = astman_get_header(m, "Key");
-               if (!ast_strlen_zero(key) && !ast_strlen_zero(s->challenge)) {
+               if (!ast_strlen_zero(key) && !ast_strlen_zero(s->challenge) && user->secret) {
                        int x;
                        int len = 0;
                        char md5key[256] = "";