auth: Don't log errors when cache_key expansion finds unknown %variables

diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c
index eaad8b1105e3d811e9d67fc339967ff973f23737..c47808ff6da9aa288fd2b10b056536e63ae72707 100644 (file)
--- a/src/auth/auth-cache.c
+++ b/src/auth/auth-cache.c
@@ -349,8 +349,15 @@ auth_request_expand_cache_key(const struct auth_request *request,
                          request->master_user == NULL ? "" : "+%{master_user}",
                          "\t", key, NULL);
 
+       /* It's fine to have unknown %variables in the cache key.
+          For example db-ldap can have pass_attrs containing
+          %{ldap:fields} which are used for output, not as part of
+          the input needed for cache_key. Those could in theory be
+          filtered out early in the cache_key, but that gets more
+          problematic when it needs to support also filtering out
+          e.g. %{sha256:ldap:fields}. */
        if (t_auth_request_var_expand(key, request, auth_cache_escape,
-                                     &value, &error) <= 0 && !error_logged) {
+                                     &value, &error) < 0 && !error_logged) {
                error_logged = TRUE;
                i_error("Failed to expand auth cache key %s: %s", key, error);
        }