diff options
Diffstat (limited to 'base/tps/src/processor')
-rw-r--r-- | base/tps/src/processor/RA_Enroll_Processor.cpp | 16 | ||||
-rw-r--r-- | base/tps/src/processor/RA_Processor.cpp | 20 |
2 files changed, 24 insertions, 12 deletions
diff --git a/base/tps/src/processor/RA_Enroll_Processor.cpp b/base/tps/src/processor/RA_Enroll_Processor.cpp index d88d84087..ba751646e 100644 --- a/base/tps/src/processor/RA_Enroll_Processor.cpp +++ b/base/tps/src/processor/RA_Enroll_Processor.cpp @@ -1989,11 +1989,19 @@ TPS_PUBLIC RA_Status RA_Enroll_Processor::Process(RA_Session *session, NameValue } if (RA::ra_is_token_present(cuid)) { - RA::Debug(FN, "Found token %s", cuid); - if (RA::ra_is_tus_db_entry_disabled(cuid)) { - RA::Error(FN, "CUID %s Disabled", cuid); + + int token_status = RA::ra_get_token_status(cuid); + + // As far as the ui states, state "enrolled" maps to the state of "FOUND" or 4; + + RA::Debug(FN, "Found token %s status %d", cuid, token_status); + + int STATUS_FOUND = 4; + if (token_status == -1 || !RA::transition_allowed(token_status, STATUS_FOUND)) { + RA::Error(FN, "Operation for CUID %s Disabled illegal transition attempted %d:%d", cuid,token_status, STATUS_FOUND); status = STATUS_ERROR_DISABLED_TOKEN; - PR_snprintf(audit_msg, 512, "token disabled"); + + PR_snprintf(audit_msg, 512, "Operation for CUID %s Disabled, illegal transition attempted %d:%d.", cuid,token_status, STATUS_FOUND); goto loser; } diff --git a/base/tps/src/processor/RA_Processor.cpp b/base/tps/src/processor/RA_Processor.cpp index a9947555b..5395d82b9 100644 --- a/base/tps/src/processor/RA_Processor.cpp +++ b/base/tps/src/processor/RA_Processor.cpp @@ -2753,16 +2753,20 @@ RA_Status RA_Processor::Format(RA_Session *session, NameValueSet *extensions, bo } if (RA::ra_is_token_present(cuid)) { + int token_status = RA::ra_get_token_status(cuid); + RA::Debug("RA_Processor::Format", - "Found token %s", cuid); + "Found token %s status %d", cuid, token_status); - if (RA::ra_is_tus_db_entry_disabled(cuid)) { - RA::Error("RA_Format_Processor::Process", - "CUID %s Disabled", cuid); - status = STATUS_ERROR_DISABLED_TOKEN; - PR_snprintf(audit_msg, 512, "CUID %s Disabled, status=STATUS_ERROR_DISABLED_TOKEN", cuid); - goto loser; - } + // Check for transition to 0/UNINITIALIZED status. + + if (token_status == -1 || !RA::transition_allowed(token_status, 0)) { + RA::Error("RA_Format_Processor::Process", + "Operation for CUID %s Disabled", cuid); + status = STATUS_ERROR_DISABLED_TOKEN; + PR_snprintf(audit_msg, 512, "Operation for CUID %s Disabled, illegal transition attempted %d:%d.", cuid, token_status, 0); + goto loser; + } } else { RA::Debug("RA_Processor::Format", "Not Found token %s", cuid); |