Blob Blame History Raw

# HG changeset patch
# User Timo Sirainen <tss@iki.fi>
# Date 1399020005 -10800
# Node ID e84555e6eb5927cf128d47bd324c83fdedc2cfeb
# Parent  99f59d6fce05bc6957c1f540de45bbe0eeb47738
auth: Fixed userdb extra fields handling in passdb failure.
userdb prefetch -flag wasn't correctly set, causing the prefetch userdb in
some situations incorrectly either to be called or not be called.

This also fixes a crash when using userdb static and multiple passdbs. The
userdb_reply was set to NULL, which caused a crash later.

diff -r 99f59d6fce05 -r e84555e6eb59 src/auth/auth-request.c
--- a/src/auth/auth-request.c	Fri May 02 11:12:58 2014 +0300
+++ b/src/auth/auth-request.c	Fri May 02 11:40:05 2014 +0300
@@ -625,21 +625,18 @@
 			/* this passdb lookup succeeded, preserve its extra
 			   fields */
 			auth_fields_snapshot(request->extra_fields);
-			request->snapshot_has_userdb_reply =
-				request->userdb_reply != NULL;
+			request->snapshot_have_userdb_prefetch_set =
+				request->userdb_prefetch_set;
 			if (request->userdb_reply != NULL)
 				auth_fields_snapshot(request->userdb_reply);
 		} else {
 			/* this passdb lookup failed, remove any extra fields
 			   it set */
 			auth_fields_rollback(request->extra_fields);
-			if (request->userdb_reply == NULL)
-				;
-			else if (request->snapshot_has_userdb_reply)
+			if (request->userdb_reply != NULL) {
 				auth_fields_rollback(request->userdb_reply);
-			else {
-				request->userdb_reply = NULL;
-				request->userdb_prefetch_set = FALSE;
+				request->userdb_prefetch_set =
+					request->snapshot_have_userdb_prefetch_set;
 			}
 		}
 
diff -r 99f59d6fce05 -r e84555e6eb59 src/auth/auth-request.h
--- a/src/auth/auth-request.h	Fri May 02 11:12:58 2014 +0300
+++ b/src/auth/auth-request.h	Fri May 02 11:40:05 2014 +0300
@@ -124,7 +124,7 @@
 	unsigned int prefer_plain_credentials:1;
 	unsigned int in_delayed_failure_queue:1;
 	unsigned int removed_from_handler:1;
-	unsigned int snapshot_has_userdb_reply:1;
+	unsigned int snapshot_have_userdb_prefetch_set:1;
 	/* each passdb lookup can update the current success-status using the
 	   result_* rules. the authentication succeeds only if this is TRUE
 	   at the end. mechanisms that don't require passdb, but do a passdb