[Devel] [ openser-Patches-1693132 ] Added function is_stale_nonce() into auth module.

SourceForge.net noreply at sourceforge.net
Sun Apr 8 10:30:06 CEST 2007


Patches item #1693132, was opened at 2007-04-02 20:57
Message generated for change (Comment added) made by bogdan_iancu
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743022&aid=1693132&group_id=139143

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
>Group: ver devel
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Anatoly Pidruchny (apidruchny)
>Assigned to: Bogdan (bogdan_iancu)
Summary: Added function is_stale_nonce() into auth module.

Initial Comment:
This patch is basically in implementation for Feature Request 1681265: differ between wrong password, stale nonce and invalid user (https://sourceforge.net/tracker/?func=detail&atid=743023&aid=1681265&group_id=139143). As far as I know, module functions can not return values, other then TRUE/SUCCESS (1), FALSE/FAILURE (-1) and ERROR(0). So, the solution is to add a new function is_stale_nonce() into the auth module that can be called after www_authorize or proxy_authorize returned FALSE. is_stale_nonce then will allow to differentiate between the case when the authorization failed because of the invalid user/wrong password and stale nonce. If is_stale_nonce returns TRUE, it means that authorization failed because of stale nonce.

Example of usage:

if (!proxy_authorize("my_domain", "subscriber"))
{
# Log a message only when user name or password is wrong, not when nonce is stale
  if (!is_stale_nonce())
  {
    log(1, "Authorization failed\n");
  }
}

The code changes are:
1. Add a new flag FL_STALE_NONCE in the parser/msg_parser.h.
2. In modules/auth/api.c, the functions pre_auth and post_auth set this flag in the message flags variable in the cases when nonce is stale.
3. In modules/auth/auth_db.c, the new function is_stale_nonce is added.


----------------------------------------------------------------------

>Comment By: Bogdan (bogdan_iancu)
Date: 2007-04-08 11:30

Message:
Logged In: YES 
user_id=1275325
Originator: NO

Hi Anatoly,

i think it is a simpler way to do this, without the need of an extra
function or additional flags - the script functions can return more than
-1,0,1 - correct is negative,0,pozitive; so, for each case, you can return
a different negative case. Like:
  -1 - non existent user;
  -2 - invalid passwd
  -3 - stale nonce
  -4 - no credentials
  -5 - error

you can use in script "switch" and "$retval" to test the return code.

Regards,
bogdan

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743022&aid=1693132&group_id=139143



More information about the Devel mailing list