Make sure the user's manager secret exists, even if it is blank.

(closes issue #11749) Reported by: srt git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@98830 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2025-10-12 15:45:18 +00:00 · 2008-01-14 20:01:19 +00:00
parent 9c1a8af01d
commit e8dee9f956
1 changed files with 1 additions and 1 deletions
--- a/main/manager.c
+++ b/main/manager.c
@@ -997,7 +997,7 @@ static int authenticate(struct mansession *s, const struct message *m)
 		ast_log(LOG_NOTICE, "%s failed to pass IP ACL as '%s'\n", ast_inet_ntoa(s->sin.sin_addr), username);
 	} else if (!strcasecmp(astman_get_header(m, "AuthType"), "MD5")) {
 		const char *key = astman_get_header(m, "Key");
-		if (!ast_strlen_zero(key) && !ast_strlen_zero(s->challenge)) {
+		if (!ast_strlen_zero(key) && !ast_strlen_zero(s->challenge) && user->secret) {
 			int x;
 			int len = 0;
 			char md5key[256] = "";