[pubcookie-dev] Force Re-authentication handling
Bradley Schwoerer
schwoerb at doit.wisc.edu
Wed Jun 21 09:33:57 PDT 2006
--- flavor_basic.c.orig 2006-06-21 11:30:49.000000000 -0500
+++ flavor_basic.c 2006-06-21 11:32:49.000000000 -0500
@@ -809,15 +809,6 @@
rcode = FLB_BAD_AUTH;
}
- /* Auth request entry. */
- /* If reauth, check time limit */
- } else if (l->session_reauth &&
- ((l->session_reauth == 1) ||
- (c
- && (c->create_ts + (l->session_reauth) < pbc_time
(NULL))))) {
- *errstr = "reauthentication required";
- rcode = FLB_REAUTH;
-
/* If the pinit flag is set, show a pinit login page */
} else if (l->pinit == PBC_TRUE) {
*errstr = "pinit";
@@ -846,6 +837,15 @@
*errstr = "cached credentials wrong flavor";
rcode = FLB_CACHE_CREDS_WRONG;
+ /* Auth request entry. */
+ /* If reauth, check time limit */
+ } else if (l->session_reauth &&
+ ((l->session_reauth == 1) ||
+ (c
+ && (c->create_ts + (l->session_reauth) < pbc_time
(NULL))))) {
+ *errstr = "reauthentication required";
+ rcode = FLB_REAUTH;
+
} else { /* valid login cookie */
pbc_log_activity (p, PBC_LOG_DEBUG_LOW,
"flavor_basic: L cookie valid user: %s",
On 6/21/06 11:17 AM, "Nathan Dors" <dors at cac.washington.edu> wrote:
> This diff doesn't apply smoothly to flavor_basic.c r1.82 in cvs:
>
> $ patch < brads-reauth-patch.diff
> patching file flavor_basic.c
> Hunk #1 FAILED at 25.
> Hunk #2 FAILED at 831.
> Hunk #3 succeeded at 837 (offset -22 lines).
> 2 out of 3 hunks FAILED -- saving rejects to file flavor_basic.c.rej
>
> I'd like to include this. Can you make and attach another diff,
> this time against our cvs version?
>
> -Nathan
>
>
>
> On Tue, 20 Jun 2006, Bradley Schwoerer wrote:
>
>> Below is proposed change to the handling of force re-authentication. At the
>> present if an application requests force re-authentication and a user has
>> not authenticated the reason code is reauth instead of just auth. This
>> change would give the auth reason code instead of the reauth.
>>
>> -Bradley
>>
>>
>>
>>
>> Index: ds/c/pubcookie/src/flavor_basic.c
>> diff -u ds/c/pubcookie/src/flavor_basic.c:1.7
>> ds/c/pubcookie/src/flavor_basic.c:1.7.10.1
>> --- ds/c/pubcookie/src/flavor_basic.c:1.7 Fri Feb 10 14:04:05 2006
>> +++ ds/c/pubcookie/src/flavor_basic.c Tue Jun 20 14:00:03 2006
>> @@ -25,7 +25,7 @@
>> * will pass l->realm to the verifier and append it to the username when
>> * 'append_realm' is set
>> *
>> - * $Id: flavor_basic.c,v 1.7 2006/02/10 20:04:05 miner Exp $
>> + * $Id: flavor_basic.c,v 1.7.10.1 2006/06/20 19:00:03 schwoerb Exp $
>> */
>>
>>
>> @@ -831,15 +831,6 @@
>> rcode = FLB_BAD_AUTH;
>> }
>>
>> - /* Auth request entry. */
>> - /* If reauth, check time limit */
>> - } else if (l->session_reauth &&
>> - ((l->session_reauth == 1) ||
>> - (c
>> - && (c->create_ts + (l->session_reauth) < pbc_time
>> (NULL))))) {
>> - *errstr = "reauthentication required";
>> - rcode = FLB_REAUTH;
>> -
>> /* If the pinit flag is set, show a pinit login page */
>> } else if (l->pinit == PBC_TRUE) {
>> *errstr = "pinit";
>> @@ -868,6 +859,15 @@
>> *errstr = "cached credentials wrong flavor";
>> rcode = FLB_CACHE_CREDS_WRONG;
>>
>> + /* Auth request entry. */
>> + /* If reauth, check time limit */
>> + } else if (l->session_reauth &&
>> + ((l->session_reauth == 1) ||
>> + (c
>> + && (c->create_ts + (l->session_reauth) < pbc_time
>> (NULL))))) {
>> + *errstr = "reauthentication required";
>> + rcode = FLB_REAUTH;
>> +
>> } else { /* valid login cookie */
>> pbc_log_activity (p, PBC_LOG_DEBUG_LOW,
>> "flavor_basic: L cookie valid user: %s",
>>
>>
>> ---
>> You are currently subscribed to mst-cvs-ds-pubcookie as: bschwoerer at wisc.edu
>> To unsubscribe send a blank email to leave-2879125-2267482D at lists.wisc.edu
>>
>> ------ End of Forwarded Message
>>
>>
>> _______________________________________________
>> pubcookie-dev mailing list
>> pubcookie-dev at u.washington.edu
>> http://mailman1.u.washington.edu/mailman/listinfo/pubcookie-dev
>>
> _______________________________________________
> pubcookie-dev mailing list
> pubcookie-dev at u.washington.edu
> http://mailman1.u.washington.edu/mailman/listinfo/pubcookie-dev
More information about the pubcookie-dev
mailing list