Fix crash when using auth_relay=none

src/zm_user.cpp

@@ -27,6 +27,18 @@
 #include <string.h>
 #include <time.h>
 
+#if HAVE_GNUTLS_OPENSSL_H
+#include <gnutls/openssl.h>
+#endif
+#if HAVE_GNUTLS_GNUTLS_H
+#include <gnutls/gnutls.h>
+#endif
+
+#if HAVE_GCRYPT_H
+#include <gcrypt.h>
+#elif HAVE_LIBCRYPTO
+#include <openssl/md5.h>
+#endif // HAVE_L || HAVE_LIBCRYPTO
 
 #include "zm_utils.h"
 #include "zm_crypt.h"
@@ -38,7 +50,7 @@ User::User() {
   stream = events = control = monitors = system = PERM_NONE;
 }
 
-User::User( MYSQL_ROW &dbrow ) {
+User::User(const MYSQL_ROW &dbrow) {
   int index = 0;
   id = atoi(dbrow[index++]);
   strncpy(username, dbrow[index++], sizeof(username)-1);
@@ -97,46 +109,44 @@ User *zmLoadUser( const char *username, const char *password ) {
   // According to docs, size of safer_whatever must be 2*length+1 due to unicode conversions + null terminator.
   mysql_real_escape_string(&dbconn, safer_username, username, username_length);
 
-
   snprintf(sql, sizeof(sql),
       "SELECT `Id`, `Username`, `Password`, `Enabled`, `Stream`+0, `Events`+0, `Control`+0, `Monitors`+0, `System`+0, `MonitorIds`"
       " FROM `Users` WHERE `Username` = '%s' AND `Enabled` = 1", safer_username);
 
-
   if ( mysql_query(&dbconn, sql) ) {
     Error("Can't run query: %s", mysql_error(&dbconn));
     exit(mysql_errno(&dbconn)); 
   }
+  delete safer_username;
 
   MYSQL_RES *result = mysql_store_result(&dbconn);
   if ( !result ) {
     Error("Can't use query result: %s", mysql_error(&dbconn));
     exit(mysql_errno(&dbconn));
   }
-  int n_users = mysql_num_rows(result);
 
-  if ( n_users != 1 ) {
+  if ( mysql_num_rows(result) != 1 ) {
     mysql_free_result(result);
     Warning("Unable to authenticate user %s", username);
     return NULL;
   }
 
   MYSQL_ROW dbrow = mysql_fetch_row(result);
-
   User *user = new User(dbrow);
+  mysql_free_result(result);
+
+  if ( !password ) {
+    // relay type must be none
+    return user;
+  }
  
   if ( verifyPassword(username, password, user->getPassword()) ) {
     Info("Authenticated user '%s'", user->getUsername());
-    mysql_free_result(result);
-    delete safer_username;
     return user;
   } 
-  else {
-    Warning("Unable to authenticate user %s", username);
-    mysql_free_result(result);
-    return NULL;
-  }
 
+  Warning("Unable to authenticate user %s", username);
+  return NULL;
 }
 
 User *zmLoadTokenUser (std::string jwt_token_str, bool use_remote_addr ) {

src/zm_user.h

@@ -23,20 +23,9 @@
 #ifndef ZM_USER_H
 #define ZM_USER_H
 
-#if HAVE_GNUTLS_OPENSSL_H
-#include <gnutls/openssl.h>
-#endif
-#if HAVE_GNUTLS_GNUTLS_H
-#include <gnutls/gnutls.h>
-#endif
-
-#if HAVE_GCRYPT_H
-#include <gcrypt.h>
-#elif HAVE_LIBCRYPTO
-#include <openssl/md5.h>
-#endif // HAVE_L || HAVE_LIBCRYPTO
-
+#include <string>
 #include <vector>
+
 class User {
  public:
   typedef enum { PERM_NONE = 1, PERM_VIEW, PERM_EDIT } Permission;
@@ -55,7 +44,7 @@ protected:
 
  public:
   User();
-  explicit User( MYSQL_ROW &dbrow );
+  explicit User(const MYSQL_ROW &dbrow);
   ~User();
   User(User &u) { Copy(u); }
   void Copy(const User &u);
@@ -64,14 +53,14 @@ public:
   }
 
   const int  Id() const { return id; }
-  const char *getUsername() const { return( username ); }
-  const char *getPassword() const { return( password ); }
-  bool isEnabled() const { return( enabled ); }
-  Permission getStream() const { return( stream ); }
-  Permission getEvents() const { return( events ); }
-  Permission getControl() const { return( control ); }
-  Permission getMonitors() const { return( monitors ); }
-  Permission getSystem() const { return( system ); }
+  const char *getUsername() const { return username; }
+  const char *getPassword() const { return password; }
+  bool isEnabled() const { return enabled; }
+  Permission getStream() const { return stream; }
+  Permission getEvents() const { return events; }
+  Permission getControl() const { return control; }
+  Permission getMonitors() const { return monitors; }
+  Permission getSystem() const { return system; }
   bool canAccess(int monitor_id);
 };