Resolves #708075 - Clone installation does not work over NAT

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2105 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
author: vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2011-08-04 18:36:26 +0000
committer: vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2011-08-04 18:36:26 +0000
commit: c449610f779afb2242180d68180cfa4a9a9a641d (patch)
tree: 15536876f2b7ae72b801640cb485cee6bb804043 /pki/base/common/src/com/netscape
parent: dc6295bfd6153f23bc2ad96b1ca07e695f9faade (diff)
download: pki-c449610f779afb2242180d68180cfa4a9a9a641d.tar.gz
pki-c449610f779afb2242180d68180cfa4a9a9a641d.tar.xz
pki-c449610f779afb2242180d68180cfa4a9a9a641d.zip
1 files changed, 18 insertions, 10 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java
index 16376405..ebcafe86 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java
@@ -64,23 +64,31 @@ public class TokenAuthenticate extends CMSServlet {
         String givenHost = httpReq.getParameter("hostname");
         CMS.debug("TokenAuthentication: givenHost=" + givenHost);
 
+        boolean checkIP = false;
+        try {
+            checkIP = config.getBoolean("securitydomain.checkIP", false);
+        } catch (Exception e) {
+        }
+
         ISecurityDomainSessionTable table = CMS.getSecurityDomainSessionTable();
         String uid = "";
         String gid = "";
         CMS.debug("TokenAuthentication: checking session in the session table");
         if (table.isSessionIdExist(sessionId)) {
             CMS.debug("TokenAuthentication: found session");
-            String hostname = table.getIP(sessionId);
-            if (hostname.equals(givenHost)) {
-                CMS.debug("TokenAuthentication: hostname and givenHost matched");
-                uid = table.getUID(sessionId);
-                gid = table.getGroup(sessionId);
-            } else {
-                CMS.debug("TokenAuthentication: hostname=" + hostname + " and givenHost=" + givenHost + " is different");
-                CMS.debug("TokenAuthenticate authenticate failed, wrong hostname.");
-                outputError(httpResp, "Error: Failed Authentication");
-                return;
+            if (checkIP) {
+                String hostname = table.getIP(sessionId);
+                if (! hostname.equals(givenHost)) {
+                    CMS.debug("TokenAuthentication: hostname=" + hostname + " and givenHost=" 
+                        + givenHost + " are different");
+                    CMS.debug("TokenAuthenticate authenticate failed, wrong hostname.");
+                    outputError(httpResp, "Error: Failed Authentication");
+                    return;
+                }
             }
+
+            uid = table.getUID(sessionId);
+            gid = table.getGroup(sessionId);
         } else {
             CMS.debug("TokenAuthentication: session not found");
             CMS.debug("TokenAuthentication authenticate failed, session id does not exist.");
author	vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2011-08-04 18:36:26 +0000
committer	vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2011-08-04 18:36:26 +0000
commit	c449610f779afb2242180d68180cfa4a9a9a641d (patch)
tree	15536876f2b7ae72b801640cb485cee6bb804043 /pki/base/common/src/com/netscape
parent	dc6295bfd6153f23bc2ad96b1ca07e695f9faade (diff)
download	pki-c449610f779afb2242180d68180cfa4a9a9a641d.tar.gz pki-c449610f779afb2242180d68180cfa4a9a9a641d.tar.xz pki-c449610f779afb2242180d68180cfa4a9a9a641d.zip