$pwd =~ s/[\r\n]+$//;
if (exists($config->{accounts}->{$uid})
- && ($pwd eq $config->{accounts}->{$uid}->password())) {
+ && _verify_client_password($config->{accounts}->{$uid}, $pwd) == 1) {
$account = $config->{accounts}->{$uid};
last;
} else {
}
}
+
+sub _verify_client_password {
+ # Accept a config hash representing a single login, and a supplied client password
+ # Return 1 on match, otherwise 0
+ # XXX: implement support for salted + hashed "clientpassword" value
+ my ($login_config, $pwd_from_client) = @_;
+
+ # if config has a clientpassword, verify against that
+ if (exists($login_config->{clientpassword})) {
+ syslog("LOG_INFO", "_verify_client_password: checking supplied password against clientpassword from config");
+ return 1 if ($pwd_from_client eq $login_config->{clientpassword});
+ } else { # otherwise, verify against "password" attribute
+ syslog("LOG_INFO", "_verify_client_password: checking supplied password against password from config");
+ return 1 if ($pwd_from_client eq $login_config->{password});
+ }
+ return 0; # password did not match
+}
<login id="lpl-sc" password="1234" institution="LPL" />
<login id="lpl-sc-beacock" password="xyzzy" location_code="WORKSTATION5"
delimiter="|" error-detect="enabled" institution="LPL" />
+ <login id="uwols-sipclient-1"
+ clientpassword="salted-hash-here"
+ password="ils_secret"
+ institution="OWOLS" />
</accounts>
<!-- Institution tags will hold stuff used to interface to -->
if (!exists($server->{config}->{accounts}->{$uid})) {
syslog("LOG_WARNING", "MsgType::handle_login: Unknown login '$uid'");
$status = 0;
- } elsif ($server->{config}->{accounts}->{$uid}->{password} ne $pwd) {
+ } elsif (SIPServer::_verify_client_password($server->{config}->{accounts}->{$uid}, $pwd) != 1) {
syslog("LOG_WARNING", "MsgType::handle_login: Invalid password for login '$uid'");
$status = 0;
} else {
projects / working / SIPServer.git / commitdiff