From: Timo Sirainen Date: Mon, 3 Aug 2020 13:26:11 +0000 (+0300) Subject: auth: auth_cache_insert() - Don't temporarily modify auth_request_fields.user X-Git-Tag: 2.3.13~331 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e743e0b02bdf92c59cd75cc21097bb55d943ec37;p=thirdparty%2Fdovecot%2Fcore.git auth: auth_cache_insert() - Don't temporarily modify auth_request_fields.user Use the new username parameter in auth_request_get_var_expand_table_full() instead. --- diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c index 68842b23a1..2bebd33d7a 100644 --- a/src/auth/auth-cache.c +++ b/src/auth/auth-cache.c @@ -338,10 +338,10 @@ auth_cache_escape(const char *string, static const char * auth_request_expand_cache_key(const struct auth_request *request, - const char *key) + const char *key, const char *username) { static bool error_logged = FALSE; - const char *value, *error; + const char *error; /* Uniquely identify the request's passdb/userdb with the P/U prefix and by "%!", which expands to the passdb/userdb ID number. */ @@ -356,12 +356,18 @@ auth_request_expand_cache_key(const struct auth_request *request, filtered out early in the cache_key, but that gets more problematic when it needs to support also filtering out e.g. %{sha256:ldap:fields}. */ - if (t_auth_request_var_expand(key, request, auth_cache_escape, - &value, &error) < 0 && !error_logged) { + string_t *value = t_str_new(128); + unsigned int count = 0; + const struct var_expand_table *table = + auth_request_get_var_expand_table_full(request, + username, auth_cache_escape, &count); + if (auth_request_var_expand_with_table(value, key, request, table, + auth_cache_escape, &error) < 0 && + !error_logged) { error_logged = TRUE; i_error("Failed to expand auth cache key %s: %s", key, error); } - return value; + return str_c(value); } const char * @@ -377,7 +383,7 @@ auth_cache_lookup(struct auth_cache *cache, const struct auth_request *request, *expired_r = FALSE; *neg_expired_r = FALSE; - key = auth_request_expand_cache_key(request, key); + key = auth_request_expand_cache_key(request, key, request->fields.user); node = hash_table_lookup(cache->hash, key); if (node == NULL) { cache->miss_count++; @@ -414,7 +420,8 @@ void auth_cache_insert(struct auth_cache *cache, struct auth_request *request, { struct auth_cache_node *node; size_t data_size, alloc_size, key_len, value_len = strlen(value); - char *hash_key, *current_username; + const char *cache_username; + char *hash_key; if (*value == '\0' && cache->neg_ttl_secs == 0) { /* we're not caching negative entries */ @@ -423,17 +430,15 @@ void auth_cache_insert(struct auth_cache *cache, struct auth_request *request, /* store into cache using the translated username, except if we're doing a master user login */ - current_username = request->fields.user; + cache_username = request->fields.user; if (request->fields.translated_username != NULL && request->fields.requested_login_user == NULL && request->fields.master_user == NULL) - request->fields.user = t_strdup_noconst(request->fields.translated_username); + cache_username = request->fields.translated_username; - key = auth_request_expand_cache_key(request, key); + key = auth_request_expand_cache_key(request, key, cache_username); key_len = strlen(key); - request->fields.user = current_username; - data_size = key_len + 1 + value_len + 1; alloc_size = sizeof(struct auth_cache_node) - sizeof(node->data) + data_size; @@ -476,7 +481,7 @@ void auth_cache_remove(struct auth_cache *cache, { struct auth_cache_node *node; - key = auth_request_expand_cache_key(request, key); + key = auth_request_expand_cache_key(request, key, request->fields.user); node = hash_table_lookup(cache->hash, key); if (node == NULL) return; diff --git a/src/auth/test-auth-cache.c b/src/auth/test-auth-cache.c index b59d9a6434..7e10d83973 100644 --- a/src/auth/test-auth-cache.c +++ b/src/auth/test-auth-cache.c @@ -18,15 +18,22 @@ const struct var_expand_table auth_request_var_expand_static_tab[] = { { '\0', NULL, NULL } }; -int t_auth_request_var_expand(const char *str, - const struct auth_request *auth_request ATTR_UNUSED, - auth_request_escape_func_t *escape_func ATTR_UNUSED, - const char **value_r, const char **error_r) +struct var_expand_table * +auth_request_get_var_expand_table_full(const struct auth_request *auth_request ATTR_UNUSED, + const char *username ATTR_UNUSED, + auth_request_escape_func_t *escape_func ATTR_UNUSED, + unsigned int *count ATTR_UNUSED) { - string_t *dest = t_str_new(128); - int ret = var_expand(dest, str, auth_request_var_expand_static_tab, error_r); - *value_r = str_c(dest); - return ret; + i_unreached(); +} + +int auth_request_var_expand_with_table(string_t *dest, const char *str, + const struct auth_request *auth_request ATTR_UNUSED, + const struct var_expand_table *table ATTR_UNUSED, + auth_request_escape_func_t *escape_func ATTR_UNUSED, + const char **error_r ATTR_UNUSED) +{ + return var_expand(dest, str, auth_request_var_expand_static_tab, error_r); } static void test_auth_cache_parse_key(void)