1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
=== modified file 'src/auth/digest/UserRequest.cc'
--- src/auth/digest/UserRequest.cc 2015-01-18 11:02:13 +0000
+++ src/auth/digest/UserRequest.cc 2015-01-19 16:42:41 +0000
@@ -152,10 +152,14 @@
}
/* check for stale nonce */
- if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) {
- debugs(29, 3, "user '" << auth_user->username() << "' validated OK but nonce stale");
- auth_user->credentials(Auth::Handshake);
- digest_request->setDenyMessage("Stale nonce");
+ /* check Auth::Pending to avoid loop */
+
+ if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc) && user()->credentials() != Auth::Pending) {
+ debugs(29, 3, auth_user->username() << "' validated OK but nonce stale: " << digest_request->nonceb64);
+ /* Pending prevent banner and makes a ldap control */
+ auth_user->credentials(Auth::Pending);
+ nonce->flags.valid = false;
+ authDigestNoncePurge(nonce);
return;
}
=== modified file 'src/auth/digest/auth_digest.cc'
--- src/auth/digest/auth_digest.cc 2014-03-05 02:48:25 +0000
+++ src/auth/digest/auth_digest.cc 2015-01-19 16:42:41 +0000
@@ -1038,12 +1038,7 @@
debugs(29, 2, "Username for the nonce does not equal the username for the request");
nonce = NULL;
}
- /* check for stale nonce */
- if (authDigestNonceIsStale(nonce)) {
- debugs(29, 3, "The received nonce is stale from " << username);
- digest_request->setDenyMessage("Stale nonce");
- nonce = NULL;
- }
+
if (!nonce) {
/* we couldn't find a matching nonce! */
debugs(29, 2, "Unexpected or invalid nonce received from " << username);
|
GitWeb
