From: Galen Charlton <gmc@esilibrary.com>
Date: Thu, 6 Oct 2011 17:55:43 +0000 (-0400)
Subject: fix authentication failure
X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=ee0b0144f2b2818d67752323ff1d2f52ea4e3cd3;p=evergreen%2Fmasslnc.git
fix authentication failure
Ensure that the auth_limit values are read when open-ils.auth
initializes, not during oilsAuthInit(). This solves a problem
observed on brick-based setups where authentication could
incorrectly fail because the drone that processes
open-ils.auth.authenticate.complete didn't have the the block
count value initialized yet.
Also fixed type nit when compare the fail count to the block
limit.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Bill Erickson <berick@esilibrary.com>
---
diff --git a/Open-ILS/src/c-apps/oils_auth.c b/Open-ILS/src/c-apps/oils_auth.c
index 372368164f..8e1c0280e8 100644
--- a/Open-ILS/src/c-apps/oils_auth.c
+++ b/Open-ILS/src/c-apps/oils_auth.c
@@ -87,39 +87,6 @@ int osrfAppInitialize() {
"if found, otherwise returns the NO_SESSION event"
"PARAMS( authToken )", 1, 0 );
- return 0;
-}
-
-/**
- @brief Dummy placeholder for initializing a server drone.
-
- There is nothing to do, so do nothing.
-*/
-int osrfAppChildInit() {
- return 0;
-}
-
-/**
- @brief Implement the "init" method.
- @param ctx The method context.
- @return Zero if successful, or -1 if not.
-
- Method parameters:
- - username
-
- Return to client: Intermediate authentication seed.
-
- Combine the username with a timestamp and process ID, and take an md5 hash of the result.
- Store the hash in memcache, with a key based on the username. Then return the hash to
- the client.
-
- However: if the username includes one or more embedded blank spaces, return a dummy
- hash without storing anything in memcache. The dummy will never match a stored hash, so
- any attempt to authenticate with it will fail.
-*/
-int oilsAuthInit( osrfMethodContext* ctx ) {
- OSRF_METHOD_VERIFY_CONTEXT(ctx);
-
if(!_oilsAuthSeedTimeout) { /* Load the default timeouts */
jsonObject* value_obj;
@@ -156,6 +123,39 @@ int oilsAuthInit( osrfMethodContext* ctx ) {
_oilsAuthSeedTimeout, _oilsAuthBlockTimeout, _oilsAuthBlockCount );
}
+ return 0;
+}
+
+/**
+ @brief Dummy placeholder for initializing a server drone.
+
+ There is nothing to do, so do nothing.
+*/
+int osrfAppChildInit() {
+ return 0;
+}
+
+/**
+ @brief Implement the "init" method.
+ @param ctx The method context.
+ @return Zero if successful, or -1 if not.
+
+ Method parameters:
+ - username
+
+ Return to client: Intermediate authentication seed.
+
+ Combine the username with a timestamp and process ID, and take an md5 hash of the result.
+ Store the hash in memcache, with a key based on the username. Then return the hash to
+ the client.
+
+ However: if the username includes one or more embedded blank spaces, return a dummy
+ hash without storing anything in memcache. The dummy will never match a stored hash, so
+ any attempt to authenticate with it will fail.
+*/
+int oilsAuthInit( osrfMethodContext* ctx ) {
+ OSRF_METHOD_VERIFY_CONTEXT(ctx);
+
char* username = jsonObjectToSimpleString( jsonObjectGetIndex(ctx->params, 0) );
if( username ) {
@@ -311,10 +311,10 @@ static int oilsAuthVerifyPassword( const osrfMethodContext* ctx,
char* countkey = va_list_to_string( "%s%s%s", OILS_AUTH_CACHE_PRFX, uname, OILS_AUTH_COUNT_SFFX );
jsonObject* countobject = osrfCacheGetObject( countkey );
if(countobject) {
- double failcount = jsonObjectGetNumber( countobject );
+ long failcount = (long) jsonObjectGetNumber( countobject );
if(failcount >= _oilsAuthBlockCount) {
ret = 0;
- osrfLogInternal(OSRF_LOG_MARK, "oilsAuth found too many recent failures: %d, forcing failure state.", failcount);
+ osrfLogInternal(OSRF_LOG_MARK, "oilsAuth found too many recent failures: %i, forcing failure state.", failcount);
}
if(ret == 0) {
failcount += 1;