diff options
-rw-r--r-- | module/mod_auth_singleid.c | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/module/mod_auth_singleid.c b/module/mod_auth_singleid.c index 41402ed..65f3342 100644 --- a/module/mod_auth_singleid.c +++ b/module/mod_auth_singleid.c @@ -609,27 +609,42 @@ session_load_info (sid_context_t *ctx, request_rec *r) return NULL; sig = get_token (r->pool, &value, " "); - if (!sig || !session_validate_sig (r->pool, sig, value)) + if (!sig || !session_validate_sig (r->pool, sig, value)) { + ap_log_rerror (APLOG_MARK, APLOG_WARNING, 0, r, + "auth-singleid: invalid signature in cookie: %s", sig ? sig : ""); return NULL; + } /* The version of the session info, only 1 supported for now */ token = get_token (r->pool, &value, " "); - if (!token || strcmp (token, "2") != 0) + if (!token || strcmp (token, "2") != 0) { + ap_log_rerror (APLOG_MARK, APLOG_WARNING, 0, r, + "auth-singleid: invalid version number in cookie: %s", token ? token : ""); return NULL; + } token = get_token (r->pool, &value, " "); expiry = strtol (token ? token : "x", &end, 10); - if (*end != '\0') + if (*end != '\0') { + ap_log_rerror (APLOG_MARK, APLOG_WARNING, 0, r, + "auth-singleid: invalid expiry time in cookie: %s", token ? token : ""); return NULL; + } /* Don't let expired sessions be valid */ - if (expiry < time (NULL)) + if (expiry < time (NULL)) { + ap_log_rerror (APLOG_MARK, APLOG_WARNING, 0, r, + "auth-singleid: cookie has expired"); return NULL; + } /* The identifier */ identifier = get_token (r->pool, &value, " "); - if (!identifier || !ap_is_url (identifier)) + if (!identifier || !ap_is_url (identifier)) { + ap_log_rerror (APLOG_MARK, APLOG_WARNING, 0, r, + "auth-singleid: invalid identifier in cookie: %s", token ? token : ""); return NULL; + } sess = apr_pcalloc (r->pool, sizeof (sid_session_t)); sess->expiry = expiry; |