1 files changed, 18 insertions, 14 deletions

diff --git a/src/backend/taler-merchant-httpd.c b/src/backend/taler-merchant-httpd.c
index 721221a0..bc82ee95 100644
--- a/src/backend/taler-merchant-httpd.c
+++ b/src/backend/taler-merchant-httpd.c
@@ -158,7 +158,8 @@ static const struct GNUNET_CONFIGURATION_Handle *cfg;
 /**
  * Initial authorization token.
  */
-static char *default_auth;
+char *TMH_default_auth;
+
 
 /**
  * Holds data needed to determine when to resume a connection for
@@ -1574,14 +1575,14 @@ url_handler (void *cls,
       /* use 'default' */
       use_default = true;
       hc->instance = TMH_lookup_instance (NULL);
-      if ( (NULL != default_auth) &&
+      if ( (NULL != TMH_default_auth) &&
            (NULL != hc->instance) )
       {
         /* Override default instance access control */
-        TMH_compute_auth (default_auth,
+        TMH_compute_auth (TMH_default_auth,
                           &hc->instance->auth.auth_salt,
                           &hc->instance->auth.auth_hash);
-        GNUNET_free (default_auth);
+        GNUNET_free (TMH_default_auth);
       }
     }
     if (NULL != hc->instance)
@@ -1748,18 +1749,21 @@ url_handler (void *cls,
     /* If we have not even a default instance AND no override
        credentials, THEN we accept anything (no access control) */
     auth_ok = ( (NULL == TMH_lookup_instance (NULL)) &&
-                (NULL == default_auth) );
-    /* Are the credentials provided OK for CLI override? */
-    auth_ok |= ( (NULL != default_auth) &&
-                 (NULL != auth) &&
-                 (0 == strcmp (auth,
-                               default_auth)) );
+                (NULL == TMH_default_auth) );
     /* Check against selected instance, if we have one */
     if (NULL != hc->instance)
-      auth_ok |= (GNUNET_OK ==
+      auth_ok |= (! auth_malformed) &&
+                 (GNUNET_OK ==
                   TMH_check_auth (auth,
                                   &hc->instance->auth.auth_salt,
                                   &hc->instance->auth.auth_hash));
+    else /* Are the credentials provided OK for CLI override? */
+      auth_ok |= ( (use_default) &&
+                   (NULL != TMH_default_auth) &&
+                   (NULL != auth) &&
+                   (! auth_malformed) &&
+                   (0 == strcmp (auth,
+                                 TMH_default_auth)) );
     if (! auth_ok)
     {
       if (auth_malformed)
@@ -1908,8 +1912,8 @@ run (void *cls,
   (void) cfgfile;
   tok = getenv ("TALER_MERCHANT_TOKEN");
   if ( (NULL != tok) &&
-       (NULL == default_auth) )
-    default_auth = GNUNET_strdup (tok);
+       (NULL == TMH_default_auth) )
+    TMH_default_auth = GNUNET_strdup (tok);
   cfg = config;
   GNUNET_log (GNUNET_ERROR_TYPE_INFO,
               "Starting taler-merchant-httpd\n");
@@ -2064,7 +2068,7 @@ main (int argc,
                                  "auth",
                                  "TOKEN",
                                  "use TOKEN to initially authenticate access to the default instance (you can also set the TALER_MERCHANT_TOKEN environment variable instead)",
-                                 &default_auth),
+                                 &TMH_default_auth),
     GNUNET_GETOPT_OPTION_END
   };