LP#1468422 Report inactive card on password OK
authorBill Erickson <berickxx@gmail.com>
Mon, 11 Jan 2016 16:02:23 +0000 (11:02 -0500)
committerBill Erickson <berickxx@gmail.com>
Fri, 26 Feb 2016 15:07:42 +0000 (10:07 -0500)
commitbe3e4e339a8de50edc112a267bff2f11d35de2ba
treee94dbc41eb212f2b73d3d479eedd178fc7df007c
parentbd14977ee5087c59ba720dba809d2c3bbb71b049
LP#1468422 Report inactive card on password OK

Prevent leaking information from authentication by only reporting that a
card is inactive if the caller provided the correct credentials.  This
is consistent with how the code handles inactive patrons.

To avoid a lot of code duplication and to reduce the potential for
leaking memory (C code, amiright?), this commit includes a number of
changes to avoid exiting the API function early and saving the memory
cleanup routines until the end of the API call.

Signed-off-by: Bill Erickson <berickxx@gmail.com>
Signed-off-by: Dan Wells <dbw2@calvin.edu>
Open-ILS/src/c-apps/oils_auth.c