Menu
▾
▴
[Sblim-commit] Git: SFCB - Small Footprint CIM Broker branch, master, updated. SFCB_1_4_0-39-gb61b5c4
|
From: Chris B. <buc...@us...> - 2011-03-08 21:21:35
|
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "SFCB - Small Footprint CIM Broker".
The branch, master has been updated
via b61b5c4cf71b8c15b6432f3ae2d9355067bffd10 (commit)
via 15e99848995b48593fca2081769f19ca39b4ad18 (commit)
from db253645551ff731abfef80bcc3d701d2c67e5d0 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b61b5c4cf71b8c15b6432f3ae2d9355067bffd10
Author: buccella <buc...@li...>
Date: Tue Mar 8 16:21:14 2011 -0500
[ 3203290 ] Basic Auth Should Consider Expired Passwords
commit 15e99848995b48593fca2081769f19ca39b4ad18
Author: buccella <buc...@li...>
Date: Tue Mar 8 16:18:08 2011 -0500
[ 3203290 ] Basic Auth Should Consider Expired Passwords
-----------------------------------------------------------------------
Summary of changes:
diff --git a/ChangeLog b/ChangeLog
index 6a5a0cc..10fb807 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2011-03-08 Chris Buccella <buc...@li...>
+
+ * httpAdapter.c, sfcBasicPAMAuthentication.c:
+ [ 3203290 ] Basic Auth Should Consider Expired Passwords
+
2011-03-03 Michael Chase-Salerno <br...@li...>
* Makefile.am, configure.ac, README:
diff --git a/NEWS b/NEWS
index b1f15d6..c980efa 100644
--- a/NEWS
+++ b/NEWS
@@ -64,6 +64,7 @@ Bugs fixed:
- 3172080 deliverIndication does not check for matching FROM classes
- 3185178 Wrong classname for returned instances from execQuery
- 3175770 execQuery returns multiple instances of same object
+- 3203290 Basic Auth Should Consider Expired Passwords
Changes in 1.3.10
=================
diff --git a/httpAdapter.c b/httpAdapter.c
index 7504b1b..072d126 100644
--- a/httpAdapter.c
+++ b/httpAdapter.c
@@ -113,6 +113,11 @@ static int get_cert(int, X509_STORE_CTX *);
static int ccValidate(X509 *, char **, int);
#endif
+/* return codes used by baValidate */
+#define AUTH_PASS 1
+#define AUTH_FAIL 0
+#define AUTH_EXPIRED -1
+
static key_t httpProcSemKey;
static key_t httpWorkSemKey;
static int httpProcSem;
@@ -232,49 +237,47 @@ baValidate(char *cred, char **principal)
{
char *auth,
*pw = NULL;
- int i,
- err = 0;
+ int i;
static void *authLib = NULL;
static Authenticate authenticate = NULL;
char dlName[512];
- int ret = 0;
+ int ret = AUTH_FAIL;
if (strncasecmp(cred, "basic ", 6))
- return 0;
+ return AUTH_FAIL;
auth = decode64(cred + 6);
- for (i = 0; i < strlen(auth); i++)
+ for (i = 0; i < strlen(auth); i++) {
if (auth[i] == ':') {
auth[i] = 0;
pw = &auth[i + 1];
break;
}
+ }
- if (err == 0 && authLib == NULL) {
+ if (authLib == NULL) {
char *ln;
- err = 1;
if (getControlChars("basicAuthlib", &ln) == 0) {
libraryName(NULL, ln, dlName, 512);
if ((authLib = dlopen(dlName, RTLD_LAZY))) {
authenticate = dlsym(authLib, "_sfcBasicAuthenticate");
- if (authenticate)
- err = 0;
}
}
- if (err)
+ if (authenticate == NULL) {
mlogf(M_ERROR, M_SHOW, "--- Authentication exit %s not found\n",
dlName);
+ ret = AUTH_FAIL;
+ }
}
- if (err) {
- ret = 1;
- } else {
+ if (authenticate) {
*principal = strdup(auth);
- if (authenticate(auth, pw))
- ret = 1;
+ ret = authenticate(auth, pw);
+ if (ret == AUTH_PASS) ret = AUTH_PASS;
+ else if (ret == AUTH_EXPIRED) ret = AUTH_EXPIRED;
+ else ret = AUTH_FAIL;
}
free(auth);
-
return ret;
}
diff --git a/sfcBasicPAMAuthentication.c b/sfcBasicPAMAuthentication.c
index 4f9c13e..6ca11eb 100644
--- a/sfcBasicPAMAuthentication.c
+++ b/sfcBasicPAMAuthentication.c
@@ -80,7 +80,11 @@ _sfcBasicAuthenticateRemote(char *user, char *pw, char *rhost)
if (rc == PAM_SUCCESS) {
retval = 1;
- } else {
+ }
+ else if (rc == PAM_NEW_AUTHTOK_REQD || rc == PAM_ACCT_EXPIRED) {
+ retval = -1;
+ }
+ else {
retval = 0;
}
hooks/post-receive
--
SFCB - Small Footprint CIM Broker
|
