From: Lebbeous Fogle-Weekley <lebbeous@esilibrary.com>
Date: Tue, 12 Jun 2012 21:26:39 +0000 (-0400)
Subject: For auth, give back the same stacktrace for all cases of LOGIN_FAILED
X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=4bae1e1f06e6d459d15d16a375bddc8a496ee1d6;p=evergreen%2Fequinox.git

For auth, give back the same stacktrace for all cases of LOGIN_FAILED

Signed-off-by: Lebbeous Fogle-Weekley <lebbeous@esilibrary.com>
Signed-off-by: Mike Rylander <mrylander@gmail.com>
---

diff --git a/Open-ILS/src/c-apps/oils_auth.c b/Open-ILS/src/c-apps/oils_auth.c
index cf19fdf3aa..93b73db80f 100644
--- a/Open-ILS/src/c-apps/oils_auth.c
+++ b/Open-ILS/src/c-apps/oils_auth.c
@@ -576,6 +576,12 @@ int oilsAuthComplete( osrfMethodContext* ctx ) {
 
 	const char* ws = (workstation) ? workstation : "";
 
+	/* Use __FILE__, harmless_line_number for creating
+	 * OILS_EVENT_AUTH_FAILED events (instead of OSRF_LOG_MARK) to avoid
+	 * giving away information about why an authentication attempt failed.
+	 */
+	int harmless_line_number = __LINE__;
+
 	if( !type )
 		 type = OILS_AUTH_STAFF;
 
@@ -643,7 +649,7 @@ int oilsAuthComplete( osrfMethodContext* ctx ) {
 	}
 
 	if(!userObj || barred || deleted) {
-		response = oilsNewEvent( OSRF_LOG_MARK, OILS_EVENT_AUTH_FAILED );
+		response = oilsNewEvent( __FILE__, harmless_line_number, OILS_EVENT_AUTH_FAILED );
 		osrfLogInfo(OSRF_LOG_MARK,  "failed login: username=%s, barcode=%s, workstation=%s",
 				uname, (barcode ? barcode : "(none)"), ws );
 		osrfAppRespondComplete( ctx, oilsEventToJSON(response) );
@@ -670,7 +676,7 @@ int oilsAuthComplete( osrfMethodContext* ctx ) {
 		if( passOK )
 			response = oilsNewEvent( OSRF_LOG_MARK, "PATRON_INACTIVE" );
 		else
-			response = oilsNewEvent( OSRF_LOG_MARK, OILS_EVENT_AUTH_FAILED );
+			response = oilsNewEvent( __FILE__, harmless_line_number, OILS_EVENT_AUTH_FAILED );
 
 		osrfAppRespondComplete( ctx, oilsEventToJSON(response) );
 		oilsEventFree(response);
@@ -725,7 +731,7 @@ int oilsAuthComplete( osrfMethodContext* ctx ) {
 		response = oilsAuthHandleLoginOK( userObj, uname, type, orgloc, workstation );
 
 	} else {
-		response = oilsNewEvent( OSRF_LOG_MARK, OILS_EVENT_AUTH_FAILED );
+		response = oilsNewEvent( __FILE__, harmless_line_number, OILS_EVENT_AUTH_FAILED );
 		osrfLogInfo(OSRF_LOG_MARK,  "failed login: username=%s, barcode=%s, workstation=%s",
 				uname, (barcode ? barcode : "(none)"), ws );
 	}