From 38d2cdb22468a6da5b6201ca7f34f2acfd9e5384 Mon Sep 17 00:00:00 2001 From: scottmk Date: Sat, 18 Jul 2009 12:07:49 +0000 Subject: [PATCH] In oils_auth.c: changed the treatment of inactive accounts. Previously, if someone tried to log on to an inactive account, the error message reported to the client would identify the account as inactive, without regard to the password. Now the message identifies the account as inactive only if the password matches. Otherwise it reports it simply as a failure. Also: changed the barcode to a pointer to const, pointing to an existing string, rather than allocating a separate copy that we have to free later. Also: tinkered with a couple of info messages to avoid invoking undefined behavior when barcode is NULL. git-svn-id: svn://svn.open-ils.org/ILS/trunk@13623 dcc99617-32d9-48b4-a31d-7c20da2025e4 --- Open-ILS/src/c-apps/oils_auth.c | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/Open-ILS/src/c-apps/oils_auth.c b/Open-ILS/src/c-apps/oils_auth.c index ad352c6297..2621d6bc0e 100644 --- a/Open-ILS/src/c-apps/oils_auth.c +++ b/Open-ILS/src/c-apps/oils_auth.c @@ -370,7 +370,7 @@ int oilsAuthComplete( osrfMethodContext* ctx ) { const char* type = jsonObjectGetString(jsonObjectGetKeyConst(args, "type")); double orgloc = jsonObjectGetNumber(jsonObjectGetKeyConst(args, "org")); const char* workstation = jsonObjectGetString(jsonObjectGetKeyConst(args, "workstation")); - char* barcode = jsonObjectToSimpleString(jsonObjectGetKeyConst(args, "barcode")); + const char* barcode = jsonObjectGetString(jsonObjectGetKeyConst(args, "barcode")); const char* ws = (workstation) ? workstation : ""; @@ -378,7 +378,6 @@ int oilsAuthComplete( osrfMethodContext* ctx ) { if(!type) type = OILS_AUTH_STAFF; if( !( (uname || barcode) && password) ) { - free(barcode); return osrfAppRequestRespondException( ctx->session, ctx->request, "username/barcode and password required for method: %s", ctx->method->name ); } @@ -398,10 +397,10 @@ int oilsAuthComplete( osrfMethodContext* ctx ) { if(!userObj) { response = oilsNewEvent( OSRF_LOG_MARK, OILS_EVENT_AUTH_FAILED ); - osrfLogInfo(OSRF_LOG_MARK, "failed login: username=%s, barcode=%s, workstation=%s", uname, barcode, ws ); + osrfLogInfo(OSRF_LOG_MARK, "failed login: username=%s, barcode=%s, workstation=%s", + uname, (barcode ? barcode : "(none)"), ws ); osrfAppRespondComplete( ctx, oilsEventToJSON(response) ); oilsEventFree(response); - free(barcode); return 0; } @@ -413,18 +412,20 @@ int oilsAuthComplete( osrfMethodContext* ctx ) { if( passOK < 0 ) { jsonObjectFree(userObj); - free(barcode); return passOK; } /* first see if their account is inactive */ char* active = oilsFMGetString(userObj, "active"); if( !oilsUtilsIsDBTrue(active) ) { - response = oilsNewEvent(OSRF_LOG_MARK, "PATRON_INACTIVE"); + if( passOK ) + response = oilsNewEvent( OSRF_LOG_MARK, "PATRON_INACTIVE" ); + else + response = oilsNewEvent( OSRF_LOG_MARK, OILS_EVENT_AUTH_FAILED ); + osrfAppRespondComplete( ctx, oilsEventToJSON(response) ); oilsEventFree(response); jsonObjectFree(userObj); - free(barcode); free(active); return 0; } @@ -435,7 +436,6 @@ int oilsAuthComplete( osrfMethodContext* ctx ) { osrfAppRespondComplete( ctx, oilsEventToJSON(response) ); oilsEventFree(response); jsonObjectFree(userObj); - free(barcode); return 0; } @@ -443,7 +443,6 @@ int oilsAuthComplete( osrfMethodContext* ctx ) { /* check to see if the user is even allowed to login */ if( oilsAuthCheckLoginPerm( ctx, userObj, type ) == -1 ) { jsonObjectFree(userObj); - free(barcode); return 0; } @@ -456,7 +455,6 @@ int oilsAuthComplete( osrfMethodContext* ctx ) { jsonObjectFree(userObj); osrfAppRespondComplete( ctx, oilsEventToJSON(response) ); oilsEventFree(response); - free(barcode); return 0; } @@ -477,13 +475,13 @@ int oilsAuthComplete( osrfMethodContext* ctx ) { } else { response = oilsNewEvent( OSRF_LOG_MARK, OILS_EVENT_AUTH_FAILED ); - osrfLogInfo(OSRF_LOG_MARK, "failed login: username=%s, barcode=%s, workstation=%s", uname, barcode, ws ); + osrfLogInfo(OSRF_LOG_MARK, "failed login: username=%s, barcode=%s, workstation=%s", + uname, (barcode ? barcode : "(none)"), ws ); } jsonObjectFree(userObj); osrfAppRespondComplete( ctx, oilsEventToJSON(response) ); oilsEventFree(response); - free(barcode); if(freeable_uname) free(freeable_uname); -- 2.11.0