Bug 3782: Digest authentication not obeying nonce_max_count

author Frederic Bourgeois <fredbmail@free.fr>

Fri, 29 Nov 2013 04:25:32 +0000 (21:25 -0700)

committer Amos Jeffries <squid3@treenet.co.nz>

Fri, 29 Nov 2013 04:25:32 +0000 (21:25 -0700)
author Frederic Bourgeois <fredbmail@free.fr>
Fri, 29 Nov 2013 04:25:32 +0000 (21:25 -0700)
committer Amos Jeffries <squid3@treenet.co.nz>
Fri, 29 Nov 2013 04:25:32 +0000 (21:25 -0700)
diff --git a/src/auth/digest/UserRequest.cc b/src/auth/digest/UserRequest.cc

index 2d395d690577f17e540a63601673641a098d5538..5e12672c4e028e7c0f97a8da8d1f6d36b2822cb8 100644 (file)
--- a/src/auth/digest/UserRequest.cc
+++ b/src/auth/digest/UserRequest.cc
@@ -149,14 +149,14 @@ Auth::Digest::UserRequest::authenticate(HttpRequest * request, ConnStateData * c
              digest_request->setDenyMessage("Incorrect password");
              return;
          }
+    }
  
-        /* check for stale nonce */
-        if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) {
-            debugs(29, 3, HERE << "user '" << auth_user->username() << "' validated OK but nonce stale");
-            auth_user->credentials(Auth::Failed);
-            digest_request->setDenyMessage("Stale nonce");
-            return;
-        }
+    /* check for stale nonce */
+    if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) {
+        debugs(29, 3, "user '" << auth_user->username() << "' validated OK but nonce stale");
+        auth_user->credentials(Auth::Failed);
+        digest_request->setDenyMessage("Stale nonce");
+        return;
      }
  
      auth_user->credentials(Auth::Ok);
author	Frederic Bourgeois <fredbmail@free.fr>
	Fri, 29 Nov 2013 04:25:32 +0000 (21:25 -0700)
committer	Amos Jeffries <squid3@treenet.co.nz>
	Fri, 29 Nov 2013 04:25:32 +0000 (21:25 -0700)