From: Timo Sirainen Date: Tue, 2 Nov 2010 17:31:14 +0000 (+0000) Subject: auth: Disable auth caching entirely for master users. X-Git-Tag: 2.0.7~37 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9766c242ba9c5db1e3f375860263c5f14c564d95;p=thirdparty%2Fdovecot%2Fcore.git auth: Disable auth caching entirely for master users. The cache key contains only the master username, without the logged-in username, so wrong data could be looked up from cache. --- diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c index ad63415d0d..63ce67deb3 100644 --- a/src/auth/auth-request.c +++ b/src/auth/auth-request.c @@ -290,10 +290,8 @@ static void auth_request_save_cache(struct auth_request *request, extra_fields = request->extra_fields == NULL ? NULL : auth_stream_reply_export(request->extra_fields); - if (passdb_cache == NULL) - return; - - if (passdb->cache_key == NULL) + if (passdb_cache == NULL || passdb->cache_key == NULL || + request->master_user != NULL) return; if (result < 0) { @@ -712,7 +710,8 @@ static void auth_request_userdb_save_cache(struct auth_request *request, struct userdb_module *userdb = request->userdb->userdb; const char *str; - if (passdb_cache == NULL || userdb->cache_key == NULL) + if (passdb_cache == NULL || userdb->cache_key == NULL || + request->master_user != NULL) return; str = result == USERDB_RESULT_USER_UNKNOWN ? "" : @@ -731,6 +730,9 @@ static bool auth_request_lookup_user_cache(struct auth_request *request, struct auth_cache_node *node; bool expired, neg_expired; + if (request->master_user != NULL) + return FALSE; + value = auth_cache_lookup(passdb_cache, request, key, &node, &expired, &neg_expired); if (value == NULL || (expired && !use_expired)) { diff --git a/src/auth/passdb-cache.c b/src/auth/passdb-cache.c index b4cb1ceae1..3aa2f428d9 100644 --- a/src/auth/passdb-cache.c +++ b/src/auth/passdb-cache.c @@ -32,7 +32,7 @@ bool passdb_cache_verify_plain(struct auth_request *request, const char *key, int ret; bool expired, neg_expired; - if (passdb_cache == NULL || key == NULL) + if (passdb_cache == NULL || key == NULL || request->master_user != NULL) return FALSE; /* value = password \t ... */ @@ -96,7 +96,7 @@ bool passdb_cache_lookup_credentials(struct auth_request *request, struct auth_cache_node *node; bool expired, neg_expired; - if (passdb_cache == NULL) + if (passdb_cache == NULL || request->master_user != NULL) return FALSE; value = auth_cache_lookup(passdb_cache, request, key, &node,