[Dovecot] Bug within Authentication Caching

[Matthias Waffenschmidt]

Hello,

there seems to be a bug in the authentication caching code when using
it in combination with username_translation (using the current version
1.0.7 on FreeBSD 6).

I've set username_translation to +@:@ to allow usernames of the form
test+dom.ain or test:dom.ain (historical reasons force us....).

If someone has a successful login using the username test at dom.ain, the
subsequent authentication information is read from the cache, no
matter which of the 3 possible usernames the client uses the next
time.

But if someone has a successful login using the username test+dom.ain,
the following data has or has not been found in the cache:

test+dom.ain: miss
test at dom.ain: miss
test:dom.ain: hit

If the first username is test:dom.ain the behaviour is the following:

test:dom.ain: miss
test at dom.ain: miss
test+dom.ain: hit

I've added the information if the username changes for better
debugging possibilities. In practice the username is of course always
the same.

The complete authentication part of the tested config:

auth default:
  cache_size: 10000
  username_chars: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@:+
  username_translation: +@:@
  verbose: yes
  debug: yes
  debug_passwords: yes
  passdb:
    driver: passwd-file
    args: /var/pop/%d/Accounts.passwd
  userdb:
    driver: static
    args: uid=70 gid=70 home=/var/emtpy

It looks as if Dovecot does some wrong username translations before
inserting/lookup up the data in the cache.

BTW: a SIGUSR2 signal to the dovecot-auth process does not give any
information as suggested in http://wiki.dovecot.org/Authentication/Caching.

Please do not only answer to the list as I am not subscribed. Thanks.

-- 
Gruss / Best regards   |  LF.net GmbH        |  fon +49 711 90074-411
Matthias Waffenschmidt |  Ruppmannstr. 27    |  fax +49 711 90074-33
mw at LF.net              |  D-70565 Stuttgart  |  http://www.lf.net