You are viewing a plain text version of this content. The canonical link for it is here.

Posted to rampart-dev@ws.apache.org by ka...@apache.org on 2008/02/25 06:31:21 UTC

svn commit: r630735 - /webservices/rampart/trunk/c/src/util/rampart_username_token.c

Author: kaushalye
Date: Sun Feb 24 21:31:19 2008
New Revision: 630735

URL: http://svn.apache.org/viewvc?rev=630735&view=rev
Log:
If the wrong username is provided with a correct username, there will be a no failure. It's a BUG.
Now validating the username too if the password is directly available in the rampart context.
Not relavent to password callbacks, as we always use the username to get the passowrd. There a wrong username will always return a wrong password.


Modified:
    webservices/rampart/trunk/c/src/util/rampart_username_token.c

Modified: webservices/rampart/trunk/c/src/util/rampart_username_token.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_username_token.c?rev=630735&r1=630734&r2=630735&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_username_token.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_username_token.c Sun Feb 24 21:31:19 2008
@@ -487,6 +487,21 @@
         password_from_svr = rampart_context_get_password(
                                 rampart_context, env);
 
+        /*If the direct passowrd is available, then chk for the username too in the context. We need to compare it with the message's:
+          The reason is here we do not use callbacks. Thus there will be no failure if the username is wrong and the password is correct*/
+        if(password_from_svr){
+            axis2_char_t *context_usr = NULL;
+
+            context_usr = rampart_context_get_user(rampart_context, env);
+            if(0 != axutil_strcmp(context_usr, username)){
+                rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_CHECK,
+                                                  "Username is not valid", RAMPART_FAULT_IN_USERNAMETOKEN, msg_ctx);
+                AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+                                 "[rampart][rampart_usernametoken] Username id not valid");
+                return AXIS2_FAILURE;
+            }
+        }
+
         /*If not then check the call  back function*/
         if(!password_from_svr)
         {