Hi,
On Tue, May 04, 2010 at 12:20:15PM +0200, Chris Wilson wrote:
> Hi Mark,
>
> > This is fn_mail_user_get_active_smtp:
> >
> > CREATE FUNCTION fn_mail_user_get_active_smtp(character varying) RETURNS
> > SETOF users
> > LANGUAGE plpgsql
> > AS $_$
> >
> > DECLARE
> >
> > in_email ALIAS for $1;
> > usercheck users%ROWTYPE;
> >
> > BEGIN
> >
> > SELECT INTO usercheck
> > *
> > FROM
> > users
> > WHERE
> > userid || '@' || domain = lower(in_email)
> > AND
> > status IN (1,2)
> > AND
> > b_isadmin IS FALSE
> > ORDER BY
> > userid;
> >
> > RETURN NEXT usercheck;
> > END;$_$;
>
> Do you have a race condition on the usercheck table where two login
> attempts are happening simultaneously? How do rows get deleted from this
> table? Why don't you use a plain simple SELECT() instead to avoid both
> problems?
It's a stored procedure so shouldn't have any race condition issues.
I've tested again and it is accepting BOTH a blank username and password
as successful.
We've added in an exception when the user is not found, which causes
exim to receive an error and not accept blank username/password. This
must be a problem with my Exim configuration though. If 0 row's are
returned why isn't the authentication attempt rejected?
Regards,
Mark
>
> Cheers, Chris.
> --
> _ ___ __ _
> / __/ / ,__(_)_ | Chris Wilson <0000 at qwirx.com> - Cambs UK |
> / (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Perl/SQL/HTML Developer |
> \ _/_/_/_//_/___/ | We are GNU-free your mind-and your software |
>
> --
> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
