A failed auth_query lookup leads to connection as auth_user!

[turnstep]

Per mailing list report (http://comments.gmane.org/gmane.comp.db.postgresql.pgbouncer.general/1251), use of auth_user and auth_query works fine, until an invalid user is entered, in which case the login falls back to the auth_user.

I traced this back to a problem in client.c, inside handle_auth_response. When we find a match from the query and parse it by seeing a 'D' packet, we set client->auth_user to the new entry. However, if not 'D' is seen, and we skip straight to 'C' and 'Z', the code sees the lack of a client->auth_user as an indication that the above failed. This is not true, however, as auth_user is already set (to the config auth_user value). Thus, getting no rows back from the auth_query lets one log in as the powerful auth_user user. Patch coming soon.

[turnstep]

Quick diff:

diff --git a/include/bouncer.h b/include/bouncer.h
index e2dedaa..7151802 100644
--- a/include/bouncer.h
+++ b/include/bouncer.h
@@ -318,2 +318,3 @@ struct PgSocket {
bool resetting:1; /* server: executing reset query from auth login; don't release on flush */

• bool auth_user_changed:1; /* The value of auth_user has changed via successful server lookup */

diff --git a/lib b/lib
index 7dd946a..f24cd58 160000
--- a/lib
+++ b/lib
@@ -1 +1 @@
-Subproject commit 7dd946a
+Subproject commit f24cd58-dirty
diff --git a/src/client.c b/src/client.c
index ec85374..e2e2287 100644
--- a/src/client.c
+++ b/src/client.c
@@ -291,2 +291,3 @@ bool handle_auth_response(PgSocket *client, PktHdr *pkt) {
}

• client->auth_user_changed = 1;
  break;
  

  @@ -300,3 +301,3 @@ bool handle_auth_response(PgSocket *client, PktHdr *pkt) {
  sbuf_prepare_skip(&client->link->sbuf, pkt->len);

•   if (!client->auth_user) {
  

• if (!client->auth_user_changed) {
      if (cf_log_connections)