mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-23 23:51:08 +02:00
Code Issues Projects Releases Wiki Activity

address review feedback

Browse Source
This commit is contained in:
vishalnayak 2016-09-14 12:31:19 -04:00
parent fb04d06b9b
commit ddb0639a13
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
builtin/credential/aws-ec2/path_login.go
View File

@ -413,11 +413,6 @@ func (b *backend) pathLoginUpdate(
"role_tag_max_ttl": rTagMaxTTL.String(), "role_tag_max_ttl": rTagMaxTTL.String(),
"role": roleName, "role": roleName,
"ami_id": identityDoc.AmiID, "ami_id": identityDoc.AmiID,
// Echo the client nonce back. If nonce was not
// supplied to the endpoint, callers should
// extract out the nonce from this field for
// reauthentication requests.
"nonce": clientNonce,
}, },
LeaseOptions: logical.LeaseOptions{ LeaseOptions: logical.LeaseOptions{
Renewable: true, Renewable: true,
@ -426,6 +421,15 @@ func (b *backend) pathLoginUpdate(
}, },
} }
// Return the nonce only if reauthentication is allowed
if !disallowReauthentication {
// Echo the client nonce back. If nonce was not
// supplied to the endpoint, callers should
// extract out the nonce from this field for
// reauthentication requests.
resp.Auth.Metadata["nonce"] = clientNonce
}
// Cap the TTL value. // Cap the TTL value.
shortestTTL := b.System().DefaultLeaseTTL() shortestTTL := b.System().DefaultLeaseTTL()
if roleEntry.TTL > time.Duration(0) && roleEntry.TTL < shortestTTL { if roleEntry.TTL > time.Duration(0) && roleEntry.TTL < shortestTTL {