From: Brett Bryant Date: Mon, 20 Sep 2010 23:57:08 +0000 (+0000) Subject: Fix misvalidation of meetme pins in conjunction with the 'a' MeetMe flag. X-Git-Tag: 1.4.38-rc1~67 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3702c0cc020237f7d97bc42178c23dd0d538e89e;p=thirdparty%2Fasterisk.git Fix misvalidation of meetme pins in conjunction with the 'a' MeetMe flag. When using the 'a' MeetMe flag and having a user and admin pin setup for your conference, using the user pin would gain you admin priviledges. Also, when no user pin was set, an admin pin was, the 'a' MeetMe flag wasn't used, and the user tried to enter a conference then they were still prompted for a pin and forced to hit #. (closes issue #17908) Reported by: kuj Patches: pins_2.patch uploaded by kuj (license 1111) Tested by: kuj Review: [full review board URL with trailing slash] git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@287758 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- diff --git a/apps/app_meetme.c b/apps/app_meetme.c index 111977beb5..28237d9e42 100644 --- a/apps/app_meetme.c +++ b/apps/app_meetme.c @@ -2941,9 +2941,13 @@ static int conf_exec(struct ast_channel *chan, void *data) if (allowretry) confno[0] = '\0'; } else { - if (((!ast_strlen_zero(cnf->pin) && - !ast_test_flag(&confflags, CONFFLAG_ADMIN)) || - !ast_strlen_zero(cnf->pinadmin)) && + if (((!ast_strlen_zero(cnf->pin) && + !ast_test_flag(&confflags, CONFFLAG_ADMIN)) || + (!ast_strlen_zero(cnf->pinadmin) && + ast_test_flag(&confflags, CONFFLAG_ADMIN)) || + (!ast_strlen_zero(cnf->pin) && + ast_strlen_zero(cnf->pinadmin) && + ast_test_flag(&confflags, CONFFLAG_ADMIN))) && (!(cnf->users == 0 && cnf->isdynamic))) { char pin[MAX_PIN] = ""; int j; @@ -2958,9 +2962,11 @@ static int conf_exec(struct ast_channel *chan, void *data) res = ast_app_getdata(chan, "conf-getpin", pin + strlen(pin), sizeof(pin) - 1 - strlen(pin), 0); } if (res >= 0) { - if (!strcasecmp(pin, cnf->pin) || - (!ast_strlen_zero(cnf->pinadmin) && - !strcasecmp(pin, cnf->pinadmin))) { + if ((!strcasecmp(pin, cnf->pin) && + (ast_strlen_zero(cnf->pinadmin) || + !ast_test_flag(&confflags, CONFFLAG_ADMIN))) || + (!ast_strlen_zero(cnf->pinadmin) && + !strcasecmp(pin, cnf->pinadmin))) { /* Pin correct */ allowretry = 0; if (!ast_strlen_zero(cnf->pinadmin) && !strcasecmp(pin, cnf->pinadmin))