From ba91887f8ba21969b3116c2f3b7eea15d52165b9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carlos=20Mart=C3=ADn?= <cmartins@fdi.ucm.es>
Date: Mon, 19 Dec 2011 09:06:18 -0800
Subject: [PATCH] Bug #963: RequestManagerUser checks the parameter types
 before the User object is locked

---
 src/rm/RequestManagerUser.cc | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/rm/RequestManagerUser.cc b/src/rm/RequestManagerUser.cc
index 01376a1d4b..e39bb66be5 100644
--- a/src/rm/RequestManagerUser.cc
+++ b/src/rm/RequestManagerUser.cc
@@ -31,7 +31,7 @@ void RequestManagerUser::
         return;
     }
 
-    user = static_cast<User *>(pool->get(id,true));
+    user = static_cast<User *>(pool->get(id,false));
 
     if ( user == 0 )
     {
@@ -61,6 +61,8 @@ int UserChangePassword::user_action(User * user,
 
     string new_pass = xmlrpc_c::value_string(paramList.getString(2));
 
+    user->lock();
+
     if (user->get_auth_driver() == UserPool::CORE_AUTH)
     {
         new_pass = SSLTools::sha1_digest(new_pass);
@@ -90,6 +92,8 @@ int UserChangeAuth::user_action(User * user,
 
     int rc = 0;
 
+    user->lock();
+
     if ( !new_pass.empty() )
     {
         if ( new_auth == UserPool::CORE_AUTH)