dovecot-1.2: auth: Disable auth caching entirely for master users.

dovecot at dovecot.org dovecot at dovecot.org
Tue Nov 2 19:32:16 EET 2010


details:   http://hg.dovecot.org/dovecot-1.2/rev/ec7ce2647131
changeset: 9626:ec7ce2647131
user:      Timo Sirainen <tss at iki.fi>
date:      Tue Nov 02 17:31:14 2010 +0000
description:
auth: Disable auth caching entirely for master users.
The cache key contains only the master username, without the logged-in username,
so wrong data could be looked up from cache.

diffstat:

 src/auth/auth-request.c |  12 +++++++-----
 src/auth/passdb-cache.c |   4 ++--
 2 files changed, 9 insertions(+), 7 deletions(-)

diffs (57 lines):

diff -r b30af25c622d -r ec7ce2647131 src/auth/auth-request.c
--- a/src/auth/auth-request.c	Tue Nov 02 17:14:24 2010 +0000
+++ b/src/auth/auth-request.c	Tue Nov 02 17:31:14 2010 +0000
@@ -244,10 +244,8 @@
 	extra_fields = request->extra_fields == NULL ? NULL :
 		auth_stream_reply_export(request->extra_fields);
 
-	if (passdb_cache == NULL)
-		return;
-
-	if (passdb->cache_key == NULL)
+	if (passdb_cache == NULL || passdb->cache_key == NULL ||
+	    request->master_user != NULL)
 		return;
 
 	if (result < 0) {
@@ -643,7 +641,8 @@
 	struct userdb_module *userdb = request->userdb->userdb;
 	const char *str;
 
-	if (passdb_cache == NULL || userdb->cache_key == NULL)
+	if (passdb_cache == NULL || userdb->cache_key == NULL ||
+	    request->master_user != NULL)
 		return;
 
 	str = result == USERDB_RESULT_USER_UNKNOWN ? "" :
@@ -662,6 +661,9 @@
 	struct auth_cache_node *node;
 	bool expired, neg_expired;
 
+	if (request->master_user != NULL)
+		return FALSE;
+
 	value = auth_cache_lookup(passdb_cache, request, key, &node,
 				  &expired, &neg_expired);
 	if (value == NULL || (expired && !use_expired))
diff -r b30af25c622d -r ec7ce2647131 src/auth/passdb-cache.c
--- a/src/auth/passdb-cache.c	Tue Nov 02 17:14:24 2010 +0000
+++ b/src/auth/passdb-cache.c	Tue Nov 02 17:31:14 2010 +0000
@@ -32,7 +32,7 @@
 	int ret;
 	bool expired, neg_expired;
 
-	if (passdb_cache == NULL || key == NULL)
+	if (passdb_cache == NULL || key == NULL || request->master_user != NULL)
 		return FALSE;
 
 	/* value = password \t ... */
@@ -96,7 +96,7 @@
 	struct auth_cache_node *node;
 	bool expired, neg_expired;
 
-	if (passdb_cache == NULL)
+	if (passdb_cache == NULL || request->master_user != NULL)
 		return FALSE;
 
 	value = auth_cache_lookup(passdb_cache, request, key, &node,


More information about the dovecot-cvs mailing list