<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[Freeswitch-trunk][16941] </title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<div id="header">FreeSWITCH Subversion</div>
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://fisheye.freeswitch.org/changelog/FreeSWITCH?cs=16941">16941</a></dd>
<dt>Author</dt> <dd>anthm</dd>
<dt>Date</dt> <dd>2010-03-08 12:25:43 -0600 (Mon, 08 Mar 2010)</dd>
</dl>

<h3>Log Message</h3>
<pre><a href="http://jira.freeswitch.org/browse/XML-23">XML-23</a></pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#freeswitchtrunksrcmodapplicationsmod_voicemailmod_voicemailc">freeswitch/trunk/src/mod/applications/mod_voicemail/mod_voicemail.c</a></li>
<li><a href="#freeswitchtrunksrcmodxml_intmod_xml_rpcmod_xml_rpcc">freeswitch/trunk/src/mod/xml_int/mod_xml_rpc/mod_xml_rpc.c</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="freeswitchtrunksrcmodapplicationsmod_voicemailmod_voicemailc"></a>
<div class="modfile"><h4>Modified: freeswitch/trunk/src/mod/applications/mod_voicemail/mod_voicemail.c (16940 => 16941)</h4>
<pre class="diff"><span>
<span class="info">--- freeswitch/trunk/src/mod/applications/mod_voicemail/mod_voicemail.c        2010-03-08 18:20:06 UTC (rev 16940)
+++ freeswitch/trunk/src/mod/applications/mod_voicemail/mod_voicemail.c        2010-03-08 18:25:43 UTC (rev 16941)
</span><span class="lines">@@ -725,7 +725,7 @@
</span><span class="cx">                 profile = load_profile(profile_name);
</span><span class="cx">         }
</span><span class="cx">         if (profile) {
</span><del>-                switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, &quot;[%s] rwlock\n&quot;, profile-&gt;name);
</del><ins>+                switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG10, &quot;[%s] rwlock\n&quot;, profile-&gt;name);
</ins><span class="cx"> 
</span><span class="cx">                 switch_thread_rwlock_rdlock(profile-&gt;rwlock);
</span><span class="cx">         }
</span></span></pre></div>
<a id="freeswitchtrunksrcmodxml_intmod_xml_rpcmod_xml_rpcc"></a>
<div class="modfile"><h4>Modified: freeswitch/trunk/src/mod/xml_int/mod_xml_rpc/mod_xml_rpc.c (16940 => 16941)</h4>
<pre class="diff"><span>
<span class="info">--- freeswitch/trunk/src/mod/xml_int/mod_xml_rpc/mod_xml_rpc.c        2010-03-08 18:20:06 UTC (rev 16940)
+++ freeswitch/trunk/src/mod/xml_int/mod_xml_rpc/mod_xml_rpc.c        2010-03-08 18:25:43 UTC (rev 16941)
</span><span class="lines">@@ -169,33 +169,34 @@
</span><span class="cx">         const char *alias;
</span><span class="cx">         const char *allowed_commands;
</span><span class="cx">         switch_event_t *params;
</span><del>-        switch_xml_t x_domain, x_domain_root, x_user, x_params, x_param;
</del><ins>+        switch_xml_t x_user, x_params, x_param;
</ins><span class="cx"> 
</span><span class="cx">         passwd = NULL;
</span><span class="cx">         vm_passwd = NULL;
</span><span class="cx">         alias = NULL;
</span><span class="cx">         allowed_commands = NULL;
</span><span class="cx"> 
</span><ins>+        if (ppasswd) *ppasswd = NULL;
+        if (pvm_passwd) *pvm_passwd = NULL;
+        if (palias) *palias = NULL;
+        if (pallowed_commands) *pallowed_commands = NULL;
+
</ins><span class="cx">         params = NULL;
</span><del>-        x_domain_root = NULL;
</del><span class="cx"> 
</span><span class="cx">         switch_event_create(&amp;params, SWITCH_EVENT_REQUEST_PARAMS);
</span><span class="cx">         switch_assert(params);
</span><span class="cx">         switch_event_add_header_string(params, SWITCH_STACK_BOTTOM, &quot;number_alias&quot;, &quot;check&quot;);
</span><span class="cx"> 
</span><del>-        if (switch_xml_locate_user(&quot;id&quot;, user, domain_name, NULL, &amp;x_domain_root, &amp;x_domain, &amp;x_user, NULL, params) != SWITCH_STATUS_SUCCESS) {
</del><ins>+
+        if (switch_xml_locate_user_merged(&quot;id&quot;, user, domain_name, NULL, &amp;x_user, params) != SWITCH_STATUS_SUCCESS) {
</ins><span class="cx">                 switch_event_destroy(&amp;params);
</span><del>-                if (x_domain_root) {
-                        switch_xml_free(x_domain_root);
-                }
</del><span class="cx">                 return FALSE;
</span><span class="cx">         }
</span><del>-
</del><ins>+        
</ins><span class="cx">         switch_event_destroy(&amp;params);
</span><span class="cx">         alias = switch_xml_attr(x_user, &quot;number-alias&quot;);
</span><span class="cx"> 
</span><del>-        if ((x_params = switch_xml_child(x_domain, &quot;params&quot;))) {
-
</del><ins>+        if ((x_params = switch_xml_child(x_user, &quot;params&quot;))) {
</ins><span class="cx">                 for (x_param = switch_xml_child(x_params, &quot;param&quot;); x_param; x_param = x_param-&gt;next) {
</span><span class="cx">                         const char *var = switch_xml_attr_soft(x_param, &quot;name&quot;);
</span><span class="cx">                         const char *val = switch_xml_attr_soft(x_param, &quot;value&quot;);
</span><span class="lines">@@ -210,34 +211,24 @@
</span><span class="cx">                 }
</span><span class="cx">         }
</span><span class="cx"> 
</span><del>-        if ((x_params = switch_xml_child(x_user, &quot;params&quot;))) {
</del><ins>+        if (ppasswd &amp;&amp; passwd) {
+                *ppasswd = strdup(passwd);
+        }
</ins><span class="cx"> 
</span><del>-                for (x_param = switch_xml_child(x_params, &quot;param&quot;); x_param; x_param = x_param-&gt;next) {
-                        const char *var = switch_xml_attr_soft(x_param, &quot;name&quot;);
-                        const char *val = switch_xml_attr_soft(x_param, &quot;value&quot;);
</del><ins>+        if (pvm_passwd &amp;&amp; vm_passwd) {
+                *pvm_passwd = strdup(vm_passwd);
+        }
</ins><span class="cx"> 
</span><del>-                        if (!strcasecmp(var, &quot;password&quot;)) {
-                                passwd = val;
-                        } else if (!strcasecmp(var, &quot;vm-password&quot;)) {
-                                vm_passwd = val;
-                        } else if (!strcasecmp(var, &quot;http-allowed-api&quot;)) {
-                                allowed_commands = val;
-                        }
-                }
</del><ins>+        if (palias &amp;&amp; alias) {
+                *palias = strdup(alias);
</ins><span class="cx">         }
</span><span class="cx"> 
</span><del>-        if (ppasswd)
-                *ppasswd = strdup(passwd);
-        if (pvm_passwd)
-                *pvm_passwd = strdup(vm_passwd);
-        if (palias)
-                *palias = strdup(alias);
-        if (pallowed_commands)
</del><ins>+        if (pallowed_commands &amp;&amp; allowed_commands) {
</ins><span class="cx">                 *pallowed_commands = strdup(allowed_commands);
</span><ins>+        }
</ins><span class="cx"> 
</span><del>-
-        if (x_domain_root) {
-                switch_xml_free(x_domain_root);
</del><ins>+        if (x_user) {
+                switch_xml_free(x_user);
</ins><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         return TRUE;
</span><span class="lines">@@ -246,12 +237,13 @@
</span><span class="cx"> static abyss_bool is_authorized(const TSession * r, const char *command)
</span><span class="cx"> {
</span><span class="cx">         char *user = NULL, *domain_name = NULL;
</span><del>-        char *allowed_commands;
</del><ins>+        char *allowed_commands = NULL;
</ins><span class="cx">         char *dp;
</span><del>-        char *dup;
</del><ins>+        char *dup = NULL;
</ins><span class="cx">         char *argv[256] = { 0 };
</span><del>-        int argc;
-        int i;
</del><ins>+        char *status = NULL;
+        int argc = 0, i = 0, ok = 0;
+        int err = 403;
</ins><span class="cx"> 
</span><span class="cx">         if (!r) {
</span><span class="cx">                 return FALSE;
</span><span class="lines">@@ -273,39 +265,54 @@
</span><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         if (!zstr(globals.realm) &amp;&amp; !zstr(globals.user) &amp;&amp; !strcmp(user, globals.user)) {
</span><del>-                switch_safe_free(user);
-                return TRUE;
</del><ins>+                goto end;
</ins><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         if (zstr(user) || zstr(domain_name)) {
</span><del>-                switch_safe_free(user);
-                return FALSE;
</del><ins>+                goto end;
</ins><span class="cx">         }
</span><span class="cx"> 
</span><ins>+        
+        err = 686;
+        status = &quot;EXECUTION OF SPECIFIED API COMMAND NOT PERMITTED IN USER ACCOUNT&quot;;
</ins><span class="cx"> 
</span><span class="cx">         if (!user_attributes(user, domain_name, NULL, NULL, NULL, &amp;allowed_commands)) {
</span><del>-                switch_safe_free(user);
-                return FALSE;
</del><ins>+                goto end;
</ins><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         switch_safe_free(user);
</span><span class="cx"> 
</span><del>-        if (!allowed_commands)
-                return FALSE;
</del><ins>+        if (!allowed_commands) {
+                goto end;
+        }
</ins><span class="cx"> 
</span><del>-        dup = allowed_commands;
-        argc = switch_separate_string(dup, ',', argv, (sizeof(argv) / sizeof(argv[0])));
-
-        for (i = 0; i &lt; argc; i++) {
-                if (!strcasecmp(argv[i], command)
-                        || !strcasecmp(argv[i], &quot;any&quot;)) {
-                        break;
</del><ins>+        if ((dup = allowed_commands)) {
+                argc = switch_separate_string(dup, ',', argv, (sizeof(argv) / sizeof(argv[0])));
+                
+                for (i = 0; i &lt; argc; i++) {
+                        if (!strcasecmp(argv[i], command) || !strcasecmp(argv[i], &quot;any&quot;)) {
+                                ok = 1;
+                                break;
+                        }
</ins><span class="cx">                 }
</span><span class="cx">         }
</span><span class="cx"> 
</span><ins>+ end:
+
+        switch_safe_free(user);
</ins><span class="cx">         switch_safe_free(dup);
</span><span class="cx"> 
</span><del>-        return i &lt; argc ? TRUE : FALSE;
</del><ins>+        if (!ok) {
+                ResponseStatus(r, err);
+                if (status) {
+                        ResponseError2(r, status);
+                } else {
+                        ResponseError(r);
+                }
+        }
+
+
+        return ok ? TRUE : FALSE;
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> static abyss_bool http_directory_auth(TSession * r, char *domain_name)
</span><span class="lines">@@ -373,14 +380,14 @@
</span><span class="cx">                                                 goto authed;
</span><span class="cx">                                         }
</span><span class="cx">                                 }
</span><del>-
</del><ins>+                                
</ins><span class="cx">                                 if (!user_attributes(user, domain_name, &amp;mypass1, &amp;mypass2, &amp;box, NULL)) {
</span><span class="cx">                                         goto fail;
</span><span class="cx">                                 }
</span><span class="cx"> 
</span><span class="cx"> 
</span><span class="cx">                                 if (!zstr(mypass2) &amp;&amp; !strcasecmp(mypass2, &quot;user-choose&quot;)) {
</span><del>-                                        mypass2 = NULL;
</del><ins>+                                        switch_safe_free(mypass2);
</ins><span class="cx">                                 }
</span><span class="cx"> 
</span><span class="cx">                                 if (!mypass1) {
</span><span class="lines">@@ -613,9 +620,6 @@
</span><span class="cx">         if (is_authorized(r, command)) {
</span><span class="cx">                 goto auth;
</span><span class="cx">         }
</span><del>-        //unauth:
-        ResponseStatus(r, 403);
-        ResponseError(r);
</del><span class="cx"> 
</span><span class="cx">         ret = TRUE;
</span><span class="cx">         goto end;
</span></span></pre>
</div>
</div>
<div id="footer">See you at ClueCon</div>

</body>
</html>