fix a potential race condition for pre-login and ext auth

hooks doing something like this: err = provider.updateUser(u) ... return provider.userExists(username) could be racy if another update happen before provider.userExists(username) also pass a pointer to updateUser so if the user is modified inside "validateUser" we can just return the modified user without do a new query
2025-12-06 22:30:56 +03:00 · 2021-01-05 09:50:22 +01:00
parent 72b2c83392
commit daac90c4e1
26 changed files with 167 additions and 163 deletions
--- a/common/tlsutils.go
+++ b/common/tlsutils.go
@@ -171,19 +171,15 @@ func (m *CertManager) LoadRootCAs() error {
 	return nil
 }

-// SetCACertificates sets the root CA authorities file paths
+// SetCACertificates sets the root CA authorities file paths.
+// This should not be changed at runtime
 func (m *CertManager) SetCACertificates(caCertificates []string) {
-	m.Lock()
-	defer m.Unlock()
-
 	m.caCertificates = caCertificates
 }

-// SetCARevocationLists sets the CA revocation lists file paths
+// SetCARevocationLists sets the CA revocation lists file paths.
+// This should not be changed at runtime
 func (m *CertManager) SetCARevocationLists(caRevocationLists []string) {
-	m.Lock()
-	defer m.Unlock()
-
 	m.caRevocationLists = caRevocationLists
 }