From: Timo Sirainen <timo.sirainen@dovecot.fi>
Date: Sat, 23 Jan 2016 12:05:19 +0000 (+0200)
Subject: ldap auth: %variables in pass/user_attrs are now included in auth cache key.
X-Git-Tag: 2.2.22.rc1~309
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9fa4ac629eb23f1ef80cca8dbb98059819f49656;p=thirdparty%2Fdovecot%2Fcore.git

ldap auth: %variables in pass/user_attrs are now included in auth cache key.

This makes sure that the result won't be cached too aggressively, for example
if %{lport} or %{rip} was used as a field's value. Although each of these
fields just makes the cache less effective, so it's a good idea to avoid
variables entirely in the pass/user_attrs. An alternative is to use
passdb/userdb { override_fields }
---

diff --git a/src/auth/passdb-ldap.c b/src/auth/passdb-ldap.c
index 0fcd16cb19..5e7b9de50f 100644
--- a/src/auth/passdb-ldap.c
+++ b/src/auth/passdb-ldap.c
@@ -439,6 +439,7 @@ passdb_ldap_preinit(pool_t pool, const char *args)
 	module->module.cache_key =
 		auth_cache_parse_key(pool,
 				     t_strconcat(conn->set.base,
+						 conn->set.pass_attrs,
 						 conn->set.pass_filter, NULL));
 	module->module.default_pass_scheme = conn->set.default_pass_scheme;
 	return &module->module;
diff --git a/src/auth/userdb-ldap.c b/src/auth/userdb-ldap.c
index 3eb9ef83bd..146eae5191 100644
--- a/src/auth/userdb-ldap.c
+++ b/src/auth/userdb-ldap.c
@@ -269,6 +269,7 @@ userdb_ldap_preinit(pool_t pool, const char *args)
 	module->module.cache_key =
 		auth_cache_parse_key(pool,
 				     t_strconcat(conn->set.base,
+						 conn->set.user_attrs,
 						 conn->set.user_filter, NULL));
 	return &module->module;
 }