Add extra check for a session for a user that no longer exists

2026-02-03 14:13:29 +00:00 · 2021-05-20 22:33:23 -07:00
parent 6cf46d5c05
commit 9efec5c620
1 changed files with 10 additions and 0 deletions
--- a/miniserv.pl
+++ b/miniserv.pl
@@ -2014,6 +2014,16 @@ if ($config{'userfile'}) {
 					}
 				}
 			}
+		if ($authuser) {
+			# We got a session .. but does the user still exist?
+			my $auser = &get_user_details($authuser);
+			if (!$auser) {
+				print STDERR "Session $session_id is for user ",
+					     "$authuser who does not exist\n";
+				$validated = 0;
+				$already_authuser = $authuser = undef;
+				}
+			}
 		}

 	# Check for local authentication