From: Timo Sirainen Date: Thu, 24 Oct 2013 11:59:03 +0000 (+0300) Subject: auth: Cache master user logins also. X-Git-Tag: 2.2.7~50 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d31c77e63713a6cf3687a4b38ff8daf6d6c7a3dd;p=thirdparty%2Fdovecot%2Fcore.git auth: Cache master user logins also. --- diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c index 5d9aea1481..56e49a3f05 100644 --- a/src/auth/auth-cache.c +++ b/src/auth/auth-cache.c @@ -273,19 +273,24 @@ static bool auth_cache_node_is_user(struct auth_cache_node *node, const char *data = node->data; unsigned int username_len; - /* The cache nodes begin with "P"/"U", passdb/userdb ID, "/" and - then usually followed by the username. It's too much trouble to - keep track of all the cache keys, so we'll just match it as if it - was the username. If e.g. '%n' is used in the cache key instead of - '%u', it means that cache entries can be removed only when @domain - isn't in the username parameter. */ + /* The cache nodes begin with "P"/"U", passdb/userdb ID, optional + "+" master user, "\t" and then usually followed by the username. + It's too much trouble to keep track of all the cache keys, so we'll + just match it as if it was the username. If e.g. '%n' is used in the + cache key instead of '%u', it means that cache entries can be + removed only when @domain isn't in the username parameter. */ if (*data != 'P' && *data != 'U') return FALSE; data++; while (*data >= '0' && *data <= '9') data++; - if (*data != '/') + if (*data == '+') { + /* skip over +master_user */ + while (*data != '\t' && *data != '\0') + data++; + } + if (*data != '\t') return FALSE; data++; @@ -339,7 +344,9 @@ auth_request_expand_cache_key(const struct auth_request *request, /* Uniquely identify the request's passdb/userdb with the P/U prefix and by "%!", which expands to the passdb/userdb ID number. */ - key = t_strconcat(request->userdb_lookup ? "U" : "P", "%!/", key, NULL); + key = t_strconcat(request->userdb_lookup ? "U" : "P", "%!", + request->master_user == NULL ? "" : "+%{master_user}", + "\t", key, NULL); str = t_str_new(256); var_expand(str, key, @@ -407,7 +414,8 @@ void auth_cache_insert(struct auth_cache *cache, struct auth_request *request, a master user login */ current_username = request->user; if (request->translated_username != NULL && - request->requested_login_user == NULL) + request->requested_login_user == NULL && + request->master_user == NULL) request->user = t_strdup_noconst(request->translated_username); key = auth_request_expand_cache_key(request, key); diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c index 06b20b6a89..c47f798338 100644 --- a/src/auth/auth-request.c +++ b/src/auth/auth-request.c @@ -409,8 +409,7 @@ static void auth_request_save_cache(struct auth_request *request, i_unreached(); } - if (passdb_cache == NULL || passdb->cache_key == NULL || - request->master_user != NULL) + if (passdb_cache == NULL || passdb->cache_key == NULL) return; if (result < 0) { @@ -923,8 +922,7 @@ static void auth_request_userdb_save_cache(struct auth_request *request, string_t *str; const char *cache_value; - if (passdb_cache == NULL || userdb->cache_key == NULL || - request->master_user != NULL) + if (passdb_cache == NULL || userdb->cache_key == NULL) return; if (result == USERDB_RESULT_USER_UNKNOWN) @@ -956,9 +954,6 @@ static bool auth_request_lookup_user_cache(struct auth_request *request, struct auth_cache_node *node; bool expired, neg_expired; - if (request->master_user != NULL) - return FALSE; - value = auth_cache_lookup(passdb_cache, request, key, &node, &expired, &neg_expired); if (value == NULL || (expired && !use_expired)) { @@ -1951,6 +1946,7 @@ auth_request_var_expand_static_tab[AUTH_REQUEST_VAR_TAB_COUNT+1] = { { '\0', NULL, "real_rport" }, { '\0', NULL, "domain_first" }, { '\0', NULL, "domain_last" }, + { '\0', NULL, "master_user" }, /* be sure to update AUTH_REQUEST_VAR_TAB_COUNT */ { '\0', NULL, NULL } }; @@ -2036,6 +2032,8 @@ auth_request_get_var_expand_table_full(const struct auth_request *auth_request, tab[24].value = strrchr(auth_request->user, '@'); if (tab[24].value != NULL) tab[24].value = escape_func(tab[24].value+1, auth_request); + tab[25].value = auth_request->master_user == NULL ? NULL : + escape_func(auth_request->master_user, auth_request); return ret_tab; } diff --git a/src/auth/auth-request.h b/src/auth/auth-request.h index e0fae78ed5..6db0532f11 100644 --- a/src/auth/auth-request.h +++ b/src/auth/auth-request.h @@ -143,7 +143,7 @@ extern unsigned int auth_request_state_count[AUTH_REQUEST_STATE_MAX]; #define AUTH_REQUEST_VAR_TAB_USER_IDX 0 #define AUTH_REQUEST_VAR_TAB_USERNAME_IDX 1 #define AUTH_REQUEST_VAR_TAB_DOMAIN_IDX 2 -#define AUTH_REQUEST_VAR_TAB_COUNT 25 +#define AUTH_REQUEST_VAR_TAB_COUNT 26 extern const struct var_expand_table auth_request_var_expand_static_tab[AUTH_REQUEST_VAR_TAB_COUNT+1]; diff --git a/src/auth/passdb-cache.c b/src/auth/passdb-cache.c index a18f45aad1..2e0da5f97d 100644 --- a/src/auth/passdb-cache.c +++ b/src/auth/passdb-cache.c @@ -33,7 +33,7 @@ bool passdb_cache_verify_plain(struct auth_request *request, const char *key, int ret; bool expired, neg_expired; - if (passdb_cache == NULL || key == NULL || request->master_user != NULL) + if (passdb_cache == NULL || key == NULL) return FALSE; /* value = password \t ... */ @@ -97,7 +97,7 @@ bool passdb_cache_lookup_credentials(struct auth_request *request, struct auth_cache_node *node; bool expired, neg_expired; - if (passdb_cache == NULL || request->master_user != NULL) + if (passdb_cache == NULL) return FALSE; value = auth_cache_lookup(passdb_cache, request, key, &node,