auth: auth_cache_insert() - Don't temporarily modify auth_request_fields.user

Use the new username parameter in auth_request_get_var_expand_table_full()
instead.

diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c
index 68842b23a152930479ee34c7860995d25e8abd1a..2bebd33d7a98cf50240a714bbc43692c53b88d70 100644 (file)
--- a/src/auth/auth-cache.c
+++ b/src/auth/auth-cache.c
@@ -338,10 +338,10 @@ auth_cache_escape(const char *string,
 
 static const char *
 auth_request_expand_cache_key(const struct auth_request *request,
-                             const char *key)
+                             const char *key, const char *username)
 {
        static bool error_logged = FALSE;
-       const char *value, *error;
+       const char *error;
 
        /* Uniquely identify the request's passdb/userdb with the P/U prefix
           and by "%!", which expands to the passdb/userdb ID number. */
@@ -356,12 +356,18 @@ auth_request_expand_cache_key(const struct auth_request *request,
           filtered out early in the cache_key, but that gets more
           problematic when it needs to support also filtering out
           e.g. %{sha256:ldap:fields}. */
-       if (t_auth_request_var_expand(key, request, auth_cache_escape,
-                                     &value, &error) < 0 && !error_logged) {
+       string_t *value = t_str_new(128);
+       unsigned int count = 0;
+       const struct var_expand_table *table =
+               auth_request_get_var_expand_table_full(request,
+                       username, auth_cache_escape, &count);
+       if (auth_request_var_expand_with_table(value, key, request, table,
+                                              auth_cache_escape, &error) < 0 &&
+           !error_logged) {
                error_logged = TRUE;
                i_error("Failed to expand auth cache key %s: %s", key, error);
        }
-       return value;
+       return str_c(value);
 }
 
 const char *
@@ -377,7 +383,7 @@ auth_cache_lookup(struct auth_cache *cache, const struct auth_request *request,
        *expired_r = FALSE;
        *neg_expired_r = FALSE;
 
-       key = auth_request_expand_cache_key(request, key);
+       key = auth_request_expand_cache_key(request, key, request->fields.user);
        node = hash_table_lookup(cache->hash, key);
        if (node == NULL) {
                cache->miss_count++;
@@ -414,7 +420,8 @@ void auth_cache_insert(struct auth_cache *cache, struct auth_request *request,
 {
         struct auth_cache_node *node;
        size_t data_size, alloc_size, key_len, value_len = strlen(value);
-       char *hash_key, *current_username;
+       const char *cache_username;
+       char *hash_key;
 
        if (*value == '\0' && cache->neg_ttl_secs == 0) {
                /* we're not caching negative entries */
@@ -423,17 +430,15 @@ void auth_cache_insert(struct auth_cache *cache, struct auth_request *request,
 
        /* store into cache using the translated username, except if we're doing
           a master user login */
-       current_username = request->fields.user;
+       cache_username = request->fields.user;
        if (request->fields.translated_username != NULL &&
            request->fields.requested_login_user == NULL &&
            request->fields.master_user == NULL)
-               request->fields.user = t_strdup_noconst(request->fields.translated_username);
+               cache_username = request->fields.translated_username;
 
-       key = auth_request_expand_cache_key(request, key);
+       key = auth_request_expand_cache_key(request, key, cache_username);
        key_len = strlen(key);
 
-       request->fields.user = current_username;
-
        data_size = key_len + 1 + value_len + 1;
        alloc_size = sizeof(struct auth_cache_node) -
                sizeof(node->data) + data_size;
@@ -476,7 +481,7 @@ void auth_cache_remove(struct auth_cache *cache,
 {
        struct auth_cache_node *node;
 
-       key = auth_request_expand_cache_key(request, key);
+       key = auth_request_expand_cache_key(request, key, request->fields.user);
        node = hash_table_lookup(cache->hash, key);
        if (node == NULL)
                return;

diff --git a/src/auth/test-auth-cache.c b/src/auth/test-auth-cache.c
index b59d9a6434a2f1aa8416b0f14599dce783de431b..7e10d8397336d2863977e837befb7c10a90769ee 100644 (file)
--- a/src/auth/test-auth-cache.c
+++ b/src/auth/test-auth-cache.c
@@ -18,15 +18,22 @@ const struct var_expand_table auth_request_var_expand_static_tab[] = {
        { '\0', NULL, NULL }
 };
 
-int t_auth_request_var_expand(const char *str,
-                             const struct auth_request *auth_request ATTR_UNUSED,
-                             auth_request_escape_func_t *escape_func ATTR_UNUSED,
-                             const char **value_r, const char **error_r)
+struct var_expand_table *
+auth_request_get_var_expand_table_full(const struct auth_request *auth_request ATTR_UNUSED,
+                                      const char *username ATTR_UNUSED,
+                                      auth_request_escape_func_t *escape_func ATTR_UNUSED,
+                                      unsigned int *count ATTR_UNUSED)
 {
-       string_t *dest = t_str_new(128);
-       int ret = var_expand(dest, str, auth_request_var_expand_static_tab, error_r);
-       *value_r = str_c(dest);
-       return ret;
+       i_unreached();
+}
+
+int auth_request_var_expand_with_table(string_t *dest, const char *str,
+                                      const struct auth_request *auth_request ATTR_UNUSED,
+                                      const struct var_expand_table *table ATTR_UNUSED,
+                                      auth_request_escape_func_t *escape_func ATTR_UNUSED,
+                                      const char **error_r ATTR_UNUSED)
+{
+       return var_expand(dest, str, auth_request_var_expand_static_tab, error_r);
 }
 
 static void test_auth_cache_parse_key(void)