Commit 28558b45 authored by Renato Figueiro Maia's avatar Renato Figueiro Maia
Browse files

[OPENBUS-1968] (Lua) Credenciais com hash válido numa sessão porém com login...

[OPENBUS-1968] (Lua) Credenciais com hash válido numa sessão porém com login ID diferente daquele que iniciou a sessão devem ser consideradas inválidas

git-svn-id: https://subversion.tecgraf.puc-rio.br/engdist/openbus/sdk/lua/branches/openbus_v2_proto@132288 ae0415b3-e90b-0410-900d-d0be9363c56b
parent 56fd0342
......@@ -112,8 +112,9 @@ local function validateCredential(self, credential, login, request)
local session = self.incomingSessions:rawget(credential.session)
if session ~= nil then
local ticket = credential.ticket
-- validate credential with current secret
if hash == calculateHash(session.secret, ticket, request)
-- validate credential data with session data
if login.id == session.login
and hash == calculateHash(session.secret, ticket, request)
and session.tickets:check(ticket) then
return true
end
......@@ -417,6 +418,7 @@ function Interceptor:receiverequest(request)
-- invalid credential, try to reset credetial session
local sessions = self.incomingSessions
local newsession = sessions:get(#sessions.map+1)
newsession.login = caller.id
local challenge, errmsg = caller.pubkey:encrypt(newsession.secret)
if challenge ~= nil then
-- marshall credential reset
......
......@@ -41,10 +41,6 @@ do -- connect to the bus
until not ok
end))
-- test core services
local function greaterthanzero(value) assert(value > 0) end
testBusCall(bus, login, otherkey, greaterthanzero, bus.AccessControl, "renew")
-- get offered services
login.busSession:newCred("getServices")
offers = bus.OfferRegistry:getServices()
......
......@@ -422,8 +422,9 @@ function testBusCall(bus, login, otherkey, assertresults, proxy, opname, ...)
assert(ex._repid == "IDL:omg.org/CORBA/NO_PERMISSION:1.0")
assert(ex.completed == "COMPLETED_NO")
assert(ex.minor == loginconst.InvalidCredentialCode)
decodeReset(assert(getrepcxt(CredentialContextId)), login.prvkey)
decodeReset(assert(getrepcxt(CredentialContextId)), otherkey)
credential.login = login.id -- use the correct login now
credential.chain = chain -- use the correct chain now
putreqcxt(CredentialContextId, encodeCredential(credential))
assertresults(proxy[opname](proxy, ...))
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment