From: Timo Sirainen Date: Mon, 13 Mar 2017 11:49:04 +0000 (+0200) Subject: auth: passdb/userdb lookups via auth-worker cached too much of the replies X-Git-Tag: 2.3.0.rc1~1940 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e0a84bcd487b05872da59781452168609b5c1f2c;p=thirdparty%2Fdovecot%2Fcore.git auth: passdb/userdb lookups via auth-worker cached too much of the replies Only the fields returned by the lookup itself were supposed to be cached. This was especially problematic if the lookup via auth-worker didn't uniquely identify the user. For example doing a passdb lookup for an attribute shared by multiple users could have caused the reply to contain the previous cached user's all extra fields. --- diff --git a/src/auth/auth-worker-client.c b/src/auth/auth-worker-client.c index d2ecbe3012..017e221da8 100644 --- a/src/auth/auth-worker-client.c +++ b/src/auth/auth-worker-client.c @@ -98,6 +98,11 @@ worker_auth_request_new(struct auth_worker_client *client, unsigned int id, (void)auth_request_import(auth_request, key, value); } } + /* reset changed-fields, so we'll export only the ones that were + changed by this lookup. */ + auth_fields_snapshot(auth_request->extra_fields); + if (auth_request->userdb_reply != NULL) + auth_fields_snapshot(auth_request->userdb_reply); auth_request_init(auth_request); return auth_request; @@ -129,7 +134,12 @@ reply_append_extra_fields(string_t *str, struct auth_request *request) { if (!auth_fields_is_empty(request->extra_fields)) { str_append_c(str, '\t'); - auth_fields_append(request->extra_fields, str, 0, 0); + /* export only the fields changed by this lookup, so the + changed-flag gets preserved correctly on the master side as + well. */ + auth_fields_append(request->extra_fields, str, + AUTH_FIELD_FLAG_CHANGED, + AUTH_FIELD_FLAG_CHANGED); } if (request->userdb_reply != NULL && auth_fields_is_empty(request->userdb_reply)) { @@ -381,7 +391,10 @@ lookup_user_callback(enum userdb_result result, str_append(str, "OK\t"); str_append_tabescaped(str, auth_request->user); str_append_c(str, '\t'); - auth_fields_append(auth_request->userdb_reply, str, 0, 0); + /* export only the fields changed by this lookup */ + auth_fields_append(auth_request->userdb_reply, str, + AUTH_FIELD_FLAG_CHANGED, + AUTH_FIELD_FLAG_CHANGED); if (auth_request->userdb_lookup_tempfailed) str_append(str, "\ttempfail"); break;