From: Timo Sirainen <timo.sirainen@dovecot.fi>
Date: Tue, 11 Oct 2016 10:18:53 +0000 (+0300)
Subject: auth: Don't re-insert userdb results from auth cache data back to cache.
X-Git-Tag: 2.2.26~147
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f7eed93e33209f45436301a6c93e0b0660f0265b;p=thirdparty%2Fdovecot%2Fcore.git

auth: Don't re-insert userdb results from auth cache data back to cache.

This was also breaking TTLs for the cached userdb results, because each
re-insert reset the TTL.
---

diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c
index b2e051beae..f5a2e26dda 100644
--- a/src/auth/auth-request.c
+++ b/src/auth/auth-request.c
@@ -1327,9 +1327,10 @@ void auth_request_userdb_callback(enum userdb_result result,
 
 	if (request->userdb_lookup_tempfailed) {
 		/* no caching */
-	} else if (result != USERDB_RESULT_INTERNAL_FAILURE)
-		auth_request_userdb_save_cache(request, result);
-	else if (passdb_cache != NULL && userdb->cache_key != NULL) {
+	} else if (result != USERDB_RESULT_INTERNAL_FAILURE) {
+		if (!request->userdb_result_from_cache)
+			auth_request_userdb_save_cache(request, result);
+	} else if (passdb_cache != NULL && userdb->cache_key != NULL) {
 		/* lookup failed. if we're looking here only because the
 		   request was expired in cache, fallback to using cached
 		   expired record. */
@@ -1353,6 +1354,7 @@ void auth_request_lookup_user(struct auth_request *request,
 
 	request->private_callback.userdb = callback;
 	request->userdb_lookup = TRUE;
+	request->userdb_result_from_cache = FALSE;
 	if (request->userdb_reply == NULL)
 		auth_request_init_userdb_reply(request);
 	else {
@@ -1369,6 +1371,7 @@ void auth_request_lookup_user(struct auth_request *request,
 
 		if (auth_request_lookup_user_cache(request, cache_key,
 						   &result, FALSE)) {
+			request->userdb_result_from_cache = TRUE;
 			auth_request_userdb_callback(result, request);
 			return;
 		}
diff --git a/src/auth/auth-request.h b/src/auth/auth-request.h
index de525776d0..51f34c245b 100644
--- a/src/auth/auth-request.h
+++ b/src/auth/auth-request.h
@@ -144,6 +144,8 @@ struct auth_request {
 	/* userdb_* fields have been set by the passdb lookup, userdb prefetch
 	   will work. */
 	unsigned int userdb_prefetch_set:1;
+	/* userdb lookup's results are from cache */
+	unsigned int userdb_result_from_cache:1;
 	unsigned int stats_sent:1;
 	unsigned int policy_refusal:1;
 	unsigned int policy_processed:1;