From d28c476f5f068e3a1a509be8189b06cf91877d63 Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Sat, 3 Dec 2011 23:44:05 -0700 Subject: [PATCH] Fix assertion failed: external_acl.cc:908: ch->auth_user_request != NULL External ACL sometimes cannot find the credentials in ACL Checklist even if they are attached to the HTTPRequest object. This seems to happen when the checklist is created and the line match started before the credentials are known. The credentials validation updates the HTTP request state but is not aware of ACL checklists needing to be updated so it never happens. This patch: * locate the %LOGIN value from either place where credentials can be found, * updates the checklist if it was unset, * passes '-' to the helper if no credentials at all were given. Although the earlier logics forcing a lookup means this '-' case should not happen it might if the external ACL were processed in 'fast' check. --- src/external_acl.cc | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/external_acl.cc b/src/external_acl.cc index 5da8e9930e..ab32b818fd 100644 --- a/src/external_acl.cc +++ b/src/external_acl.cc @@ -929,8 +929,13 @@ makeExternalAclKey(ACLFilledChecklist * ch, external_acl_data * acl_data) switch (format->type) { #if USE_AUTH case _external_acl_format::EXT_ACL_LOGIN: - assert (ch->auth_user_request != NULL); - str = ch->auth_user_request->username(); + // if this ACL line was the cause of credentials fetch + // they may not already be in the checklist + if (ch->auth_user_request == NULL && ch->request) + ch->auth_user_request = ch->request->auth_user_request; + + if (ch->auth_user_request != NULL) + str = ch->auth_user_request->username(); break; #endif #if USE_IDENT -- 2.47.2