From a4682ceae6774956461edd03b2485bbacea445f4 Mon Sep 17 00:00:00 2001
From: mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>
Date: Tue, 4 Oct 2011 01:17:41 +0000
Subject: Bugzilla Bug #688225 - (dogtagIPAv2.1) TRACKER: of  the Dogtag fixes
 for freeIPA 2.1

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/tags/IPA_v2_RHEL_6_2_20111003@2252 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
---
 pki/patches/pki-core-9.0.3-r2104.patch | 42 ++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 pki/patches/pki-core-9.0.3-r2104.patch

(limited to 'pki/patches/pki-core-9.0.3-r2104.patch')

diff --git a/pki/patches/pki-core-9.0.3-r2104.patch b/pki/patches/pki-core-9.0.3-r2104.patch
new file mode 100644
index 000000000..94646f100
--- /dev/null
+++ b/pki/patches/pki-core-9.0.3-r2104.patch
@@ -0,0 +1,42 @@
+Index: base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java
+===================================================================
+--- base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java	(revision 2103)
++++ base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java	(revision 2104)
+@@ -64,23 +64,31 @@
+         String givenHost = httpReq.getParameter("hostname");
+         CMS.debug("TokenAuthentication: givenHost=" + givenHost);
+ 
++        boolean checkIP = false;
++        try {
++            checkIP = config.getBoolean("securitydomain.checkIP", false);
++        } catch (Exception e) {
++        }
++
+         ISecurityDomainSessionTable table = CMS.getSecurityDomainSessionTable();
+         String uid = "";
+         String gid = "";
+         CMS.debug("TokenAuthentication: checking session in the session table");
+         if (table.isSessionIdExist(sessionId)) {
+             CMS.debug("TokenAuthentication: found session");
++            if (checkIP) {
+             String hostname = table.getIP(sessionId);
+-            if (hostname.equals(givenHost)) {
+-                CMS.debug("TokenAuthentication: hostname and givenHost matched");
+-                uid = table.getUID(sessionId);
+-                gid = table.getGroup(sessionId);
+-            } else {
+-                CMS.debug("TokenAuthentication: hostname=" + hostname + " and givenHost=" + givenHost + " is different");
++                if (! hostname.equals(givenHost)) {
++                    CMS.debug("TokenAuthentication: hostname=" + hostname + " and givenHost=" 
++                        + givenHost + " are different");
+                 CMS.debug("TokenAuthenticate authenticate failed, wrong hostname.");
+                 outputError(httpResp, "Error: Failed Authentication");
+                 return;
+             }
++            }
++
++            uid = table.getUID(sessionId);
++            gid = table.getGroup(sessionId);
+         } else {
+             CMS.debug("TokenAuthentication: session not found");
+             CMS.debug("TokenAuthentication authenticate failed, session id does not exist.");
-- 
cgit