hi timo, I checked out the commit causing this. its this one: http://hg.dovecot.org/dovecot-2.2/diff/5e445c659f89/src/auth/auth-request.c#... if I move this block back as it was. everything is fine diff -r a46620d6e0ff -r 5e445c659f89 src/auth/auth-request.c --- a/src/auth/auth-request.c Tue May 05 13:35:52 2015 +0300 +++ b/src/auth/auth-request.c Tue May 05 14:16:31 2015 +0300 @@ -618,30 +627,28 @@ auth_request_want_skip_passdb(request, next_passdb)) next_passdb = next_passdb->next; + if (*result == PASSDB_RESULT_OK) { + /* this passdb lookup succeeded, preserve its extra fields */ + auth_fields_snapshot(request->extra_fields); + request->snapshot_have_userdb_prefetch_set = + request->userdb_prefetch_set; + if (request->userdb_reply != NULL) + auth_fields_snapshot(request->userdb_reply); + } else { + /* this passdb lookup failed, remove any extra fields it set */ + auth_fields_rollback(request->extra_fields); + if (request->userdb_reply != NULL) { + auth_fields_rollback(request->userdb_reply); + request->userdb_prefetch_set = + request->snapshot_have_userdb_prefetch_set; + } + } + if (passdb_continue && next_passdb != NULL) { /* try next passdb. */ request->passdb = next_passdb; request->passdb_password = NULL; - if (*result == PASSDB_RESULT_OK) { - /* this passdb lookup succeeded, preserve its extra - fields */ - auth_fields_snapshot(request->extra_fields); - request->snapshot_have_userdb_prefetch_set = - request->userdb_prefetch_set; - if (request->userdb_reply != NULL) - auth_fields_snapshot(request->userdb_reply); - } else { - /* this passdb lookup failed, remove any extra fields - it set */ - auth_fields_rollback(request->extra_fields); - if (request->userdb_reply != NULL) { - auth_fields_rollback(request->userdb_reply); - request->userdb_prefetch_set = - request->snapshot_have_userdb_prefetch_set; - } - } - if (*result == PASSDB_RESULT_USER_UNKNOWN) { /* remember that we did at least one successful passdb lookup */ On 08/05/2015 05:33 PM, matthias lay wrote:
just tested against dovecot 2.2.15
everythings works fine. so might be a bug introduced between 2.2.16 and 2.2.18
On 08/05/2015 04:30 PM, matthias lay wrote:
Hi list,
I have a question on auth caching in 2.2.18.
I am using acl_groups for a master user, appended in a static userdb file
# snip ############################### master@uma:{SHA}XXXX=::::::userdb_acl_groups=umareadmaster allow_nets=127.0.0.1 # snap ###############################
and use this group in a global ACL file. I discovered this only works on first NOT-cached login
environment in imap-postlogin script on first login:
AUTH_TOKEN=e96b5a32ceb2cafc4460c210ad2e92e3d7ab388c MASTER_USER=master@uma SPUSER=private/pdf LOCAL_IP=127.0.0.1 USER=pdf AUTH_USER=master@uma PWD=/var/run/dovecot USERDB_KEYS=ACL_GROUPS HOME SPUSER MASTER_USER AUTH_TOKEN AUTH_USER SHLVL=1 HOME=/var/data/vmail/private/pdf ACL_GROUPS=umareadmaster IP=127.0.0.1 _=/usr/bin/env
on the second cached login it looks like this
AUTH_TOKEN=12703b11932f233520f6d4b33559c33aeb1cfc7f MASTER_USER=master@uma SPUSER=private/pdf LOCAL_IP=127.0.0.1 USER=pdf AUTH_USER=master@uma PWD=/var/run/dovecot USERDB_KEYS=HOME SPUSER MASTER_USER AUTH_TOKEN AUTH_USER SHLVL=1 HOME=/var/data/vmail/private/pdf IP=127.0.0.1 _=/usr/bin/env
so the ACL_GROUPS is gone.
is this intended to be like that. so groups not included in cache and I have to find another approach?
anybody else encountered similar problems with some auth Variables and caching?
Greetz Matze