From ee0b0144f2b2818d67752323ff1d2f52ea4e3cd3 Mon Sep 17 00:00:00 2001 From: Galen Charlton Date: Thu, 6 Oct 2011 13:55:43 -0400 Subject: [PATCH] fix authentication failure Ensure that the auth_limit values are read when open-ils.auth initializes, not during oilsAuthInit(). This solves a problem observed on brick-based setups where authentication could incorrectly fail because the drone that processes open-ils.auth.authenticate.complete didn't have the the block count value initialized yet. Also fixed type nit when compare the fail count to the block limit. Signed-off-by: Galen Charlton Signed-off-by: Bill Erickson --- Open-ILS/src/c-apps/oils_auth.c | 70 ++++++++++++++++----------------- 1 file changed, 35 insertions(+), 35 deletions(-) diff --git a/Open-ILS/src/c-apps/oils_auth.c b/Open-ILS/src/c-apps/oils_auth.c index 372368164f..8e1c0280e8 100644 --- a/Open-ILS/src/c-apps/oils_auth.c +++ b/Open-ILS/src/c-apps/oils_auth.c @@ -87,39 +87,6 @@ int osrfAppInitialize() { "if found, otherwise returns the NO_SESSION event" "PARAMS( authToken )", 1, 0 ); - return 0; -} - -/** - @brief Dummy placeholder for initializing a server drone. - - There is nothing to do, so do nothing. -*/ -int osrfAppChildInit() { - return 0; -} - -/** - @brief Implement the "init" method. - @param ctx The method context. - @return Zero if successful, or -1 if not. - - Method parameters: - - username - - Return to client: Intermediate authentication seed. - - Combine the username with a timestamp and process ID, and take an md5 hash of the result. - Store the hash in memcache, with a key based on the username. Then return the hash to - the client. - - However: if the username includes one or more embedded blank spaces, return a dummy - hash without storing anything in memcache. The dummy will never match a stored hash, so - any attempt to authenticate with it will fail. -*/ -int oilsAuthInit( osrfMethodContext* ctx ) { - OSRF_METHOD_VERIFY_CONTEXT(ctx); - if(!_oilsAuthSeedTimeout) { /* Load the default timeouts */ jsonObject* value_obj; @@ -156,6 +123,39 @@ int oilsAuthInit( osrfMethodContext* ctx ) { _oilsAuthSeedTimeout, _oilsAuthBlockTimeout, _oilsAuthBlockCount ); } + return 0; +} + +/** + @brief Dummy placeholder for initializing a server drone. + + There is nothing to do, so do nothing. +*/ +int osrfAppChildInit() { + return 0; +} + +/** + @brief Implement the "init" method. + @param ctx The method context. + @return Zero if successful, or -1 if not. + + Method parameters: + - username + + Return to client: Intermediate authentication seed. + + Combine the username with a timestamp and process ID, and take an md5 hash of the result. + Store the hash in memcache, with a key based on the username. Then return the hash to + the client. + + However: if the username includes one or more embedded blank spaces, return a dummy + hash without storing anything in memcache. The dummy will never match a stored hash, so + any attempt to authenticate with it will fail. +*/ +int oilsAuthInit( osrfMethodContext* ctx ) { + OSRF_METHOD_VERIFY_CONTEXT(ctx); + char* username = jsonObjectToSimpleString( jsonObjectGetIndex(ctx->params, 0) ); if( username ) { @@ -311,10 +311,10 @@ static int oilsAuthVerifyPassword( const osrfMethodContext* ctx, char* countkey = va_list_to_string( "%s%s%s", OILS_AUTH_CACHE_PRFX, uname, OILS_AUTH_COUNT_SFFX ); jsonObject* countobject = osrfCacheGetObject( countkey ); if(countobject) { - double failcount = jsonObjectGetNumber( countobject ); + long failcount = (long) jsonObjectGetNumber( countobject ); if(failcount >= _oilsAuthBlockCount) { ret = 0; - osrfLogInternal(OSRF_LOG_MARK, "oilsAuth found too many recent failures: %d, forcing failure state.", failcount); + osrfLogInternal(OSRF_LOG_MARK, "oilsAuth found too many recent failures: %i, forcing failure state.", failcount); } if(ret == 0) { failcount += 1; -- 2.43.2