From cc36e3858c06576ab2deff93449c1c1bafd6697b Mon Sep 17 00:00:00 2001 From: "Ruben S. Montero" Date: Fri, 19 Aug 2011 18:17:06 +0200 Subject: [PATCH] feature #754: Include also the username in the security token --- src/authm_mad/remotes/x509/authenticate | 2 +- src/authm_mad/remotes/x509/x509_auth.rb | 12 +++++++----- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/src/authm_mad/remotes/x509/authenticate b/src/authm_mad/remotes/x509/authenticate index c3ae16bffb..f7bc822af5 100755 --- a/src/authm_mad/remotes/x509/authenticate +++ b/src/authm_mad/remotes/x509/authenticate @@ -44,7 +44,7 @@ proxy, cert = dsecret.split(':') x509_auth = X509Auth.new(:cert=>cert) -rc = x509_auth.authenticate(pass,proxy) +rc = x509_auth.authenticate(user, pass,proxy) if rc == true exit 0 diff --git a/src/authm_mad/remotes/x509/x509_auth.rb b/src/authm_mad/remotes/x509/x509_auth.rb index 386f0f8efa..7ac30b71d3 100644 --- a/src/authm_mad/remotes/x509/x509_auth.rb +++ b/src/authm_mad/remotes/x509/x509_auth.rb @@ -64,7 +64,7 @@ class X509Auth #Create the x509 proxy time = Time.now.to_i+expire - text_to_sign = "#{@dn}:#{time}" + text_to_sign = "#{user}:#{@dn}:#{time}" signed_text = encrypt(text_to_sign) token = "#{signed_text}:#{@cert.to_pem}" @@ -88,13 +88,15 @@ class X509Auth # Server side ########################################################################### # auth method for auth_mad - def authenticate(pass, token) + def authenticate(user, pass, token) begin plain = decrypt(token) - subject, time_expire = plain.split(':') - - if ((subject != @dn) || (subject != pass)) + _user, subject, time_expire = plain.split(':') + + if (user != _user) + return "User name missmatch" + elsif ((subject != @dn) || (subject != pass)) return "Certificate subject missmatch" elsif Time.now.to_i >= time_expire.to_i return "x509 proxy expired, login again to renew it"