[irods#7274] Fixes for native authentication configs

TTL needs to be converted to seconds before comparing against the min/max password time configurations. clientLogin needs to return a better error message when a failure occurs in rcGetLimitedPassword.
korydraughn · Oct 2, 2023 · c020f1b · c020f1b
1 parent 2997150
commit c020f1b
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 6 deletions.
diff --git a/lib/core/src/clientLogin.cpp b/lib/core/src/clientLogin.cpp
@@ -253,7 +253,8 @@ int clientLoginTTL( rcComm_t *Conn, int ttl ) {
     if ( int status = rcGetLimitedPassword( Conn,
                 &getLimitedPasswordInp,
                 &getLimitedPasswordOut ) ) {
-        allocate_if_necessary_and_add_rError_msg(&Conn->rError, status, "rcGetLimitedPassword");
+        const auto msg = fmt::format("rcGetLimitedPassword failed with error [{}]", status);
+        allocate_if_necessary_and_add_rError_msg(&Conn->rError, status, msg.c_str());
         memset( userPassword, 0, sizeof( userPassword ) );
         return status;
     }

diff --git a/plugins/database/src/db_plugin.cpp b/plugins/database/src/db_plugin.cpp
@@ -7100,15 +7100,17 @@ irods::error db_make_limited_pw_op(
         return err;
     }
 
-    if (_ttl < ac.password_min_time || _ttl > ac.password_max_time) {
-        log_db::error(
-            "Invalid TTL - min time: [{}] max time:[{}] ttl: [{}]", ac.password_min_time, ac.password_max_time, _ttl);
+    // NOLINTNEXTLINE(cppcoreguidelines-avoid-magic-numbers,readability-magic-numbers)
+    int timeToLive = _ttl * 3600; /* convert input hours to seconds */
+    if (timeToLive < ac.password_min_time || timeToLive > ac.password_max_time) {
+        log_db::error("Invalid TTL - min time: [{}] max time:[{}] ttl: [{}]",
+                      ac.password_min_time,
+                      ac.password_max_time,
+                      timeToLive);
         return ERROR( PAM_AUTH_PASSWORD_INVALID_TTL, "invalid ttl" );
     }
 
     /* Insert the limited password */
-    // NOLINTNEXTLINE(cppcoreguidelines-avoid-magic-numbers,readability-magic-numbers)
-    int timeToLive = _ttl * 3600; /* convert input hours to seconds */
     snprintf( expTime, sizeof expTime, "%d", timeToLive );
     cllBindVars[cllBindVarCount++] = _ctx.comm()->clientUser.userName;
     // NOLINTNEXTLINE(cppcoreguidelines-pro-bounds-constant-array-index)