dovecot-2.0: auth: When caching user-given passwords, cache thei...
dovecot at dovecot.org
dovecot at dovecot.org
Fri Feb 12 21:31:55 EET 2010
details: http://hg.dovecot.org/dovecot-2.0/rev/46ae2e53d688
changeset: 10689:46ae2e53d688
user: Timo Sirainen <tss at iki.fi>
date: Fri Feb 12 21:31:49 2010 +0200
description:
auth: When caching user-given passwords, cache their SHA1, not the plaintext.
diffstat:
1 file changed, 10 insertions(+), 3 deletions(-)
src/auth/auth-request.c | 13 ++++++++++---
diffs (38 lines):
diff -r 134d59aece1a -r 46ae2e53d688 src/auth/auth-request.c
--- a/src/auth/auth-request.c Wed Feb 10 17:12:31 2010 +0200
+++ b/src/auth/auth-request.c Fri Feb 12 21:31:49 2010 +0200
@@ -23,6 +23,8 @@
#include <stdlib.h>
#include <sys/stat.h>
+
+#define CACHED_PASSWORD_SCHEME "SHA1"
static void get_log_prefix(string_t *str, struct auth_request *auth_request,
const char *subsystem);
@@ -227,7 +229,7 @@ static void auth_request_save_cache(stru
enum passdb_result result)
{
struct passdb_module *passdb = request->passdb->passdb;
- const char *extra_fields;
+ const char *extra_fields, *encoded_password;
string_t *str;
switch (result) {
@@ -273,9 +275,14 @@ static void auth_request_save_cache(stru
/* we can still cache valid password lookups though.
strdup() it so that mech_password doesn't get
cleared too early. */
+ if (!password_generate_encoded(request->mech_password,
+ request->user,
+ CACHED_PASSWORD_SCHEME,
+ &encoded_password))
+ i_unreached();
request->passdb_password =
- p_strconcat(request->pool, "{plain}",
- request->mech_password, NULL);
+ p_strconcat(request->pool, "{"CACHED_PASSWORD_SCHEME"}",
+ encoded_password, NULL);
}
/* save all except the currently given password in cache */
More information about the dovecot-cvs
mailing list