question on autch cache parameters

Thu Aug 6 10:07:29 UTC 2015

hi timo,

I checked out the commit causing this.

its this one:

http://hg.dovecot.org/dovecot-2.2/diff/5e445c659f89/src/auth/auth-request.c#l1.32


if I move this block back as it was. everything is fine


diff -r a46620d6e0ff -r 5e445c659f89 src/auth/auth-request.c

--- a/src/auth/auth-request.c	Tue May 05 13:35:52 2015 +0300
+++ b/src/auth/auth-request.c	Tue May 05 14:16:31 2015 +0300
@@ -618,30 +627,28 @@
 	       auth_request_want_skip_passdb(request, next_passdb))
 		next_passdb = next_passdb->next;

+	if (*result == PASSDB_RESULT_OK) {
+		/* this passdb lookup succeeded, preserve its extra fields */
+		auth_fields_snapshot(request->extra_fields);
+		request->snapshot_have_userdb_prefetch_set =
+			request->userdb_prefetch_set;
+		if (request->userdb_reply != NULL)
+			auth_fields_snapshot(request->userdb_reply);
+	} else {
+		/* this passdb lookup failed, remove any extra fields it set */
+		auth_fields_rollback(request->extra_fields);
+		if (request->userdb_reply != NULL) {
+			auth_fields_rollback(request->userdb_reply);
+			request->userdb_prefetch_set =
+				request->snapshot_have_userdb_prefetch_set;
+		}
+	}
+
 	if (passdb_continue && next_passdb != NULL) {
 		/* try next passdb. */
                 request->passdb = next_passdb;
 		request->passdb_password = NULL;

-		if (*result == PASSDB_RESULT_OK) {
-			/* this passdb lookup succeeded, preserve its extra
-			   fields */
-			auth_fields_snapshot(request->extra_fields);
-			request->snapshot_have_userdb_prefetch_set =
-				request->userdb_prefetch_set;
-			if (request->userdb_reply != NULL)
-				auth_fields_snapshot(request->userdb_reply);
-		} else {
-			/* this passdb lookup failed, remove any extra fields
-			   it set */
-			auth_fields_rollback(request->extra_fields);
-			if (request->userdb_reply != NULL) {
-				auth_fields_rollback(request->userdb_reply);
-				request->userdb_prefetch_set =
-					request->snapshot_have_userdb_prefetch_set;
-			}
-		}
-
 		if (*result == PASSDB_RESULT_USER_UNKNOWN) {
 			/* remember that we did at least one successful
 			   passdb lookup */














On 08/05/2015 05:33 PM, matthias lay wrote:
> just tested against dovecot 2.2.15
> 
> everythings works fine. so might be a bug introduced between 2.2.16 and
> 2.2.18
> 
> 
> 
> 
> 
> On 08/05/2015 04:30 PM, matthias lay wrote:
>> Hi list,
>>
>> I have a question on auth caching in 2.2.18.
>>
>> I am using acl_groups for a master user, appended in a static userdb file
>>
>> # snip ###############################
>> master at uma:{SHA}XXXX=::::::userdb_acl_groups=umareadmaster
>> allow_nets=127.0.0.1
>> # snap ###############################
>>
>> and use this group in a global ACL file.
>> I discovered this only works on first NOT-cached login
>>
>>
>>
>> environment in imap-postlogin script on first login:
>>
>>
>> AUTH_TOKEN=e96b5a32ceb2cafc4460c210ad2e92e3d7ab388c
>> MASTER_USER=master at uma
>> SPUSER=private/pdf
>> LOCAL_IP=127.0.0.1
>> USER=pdf
>> AUTH_USER=master at uma
>> PWD=/var/run/dovecot
>> USERDB_KEYS=ACL_GROUPS HOME SPUSER MASTER_USER AUTH_TOKEN AUTH_USER
>> SHLVL=1
>> HOME=/var/data/vmail/private/pdf
>> ACL_GROUPS=umareadmaster
>> IP=127.0.0.1
>> _=/usr/bin/env
>>
>>
>> on the second cached login it looks like this
>>
>>
>> AUTH_TOKEN=12703b11932f233520f6d4b33559c33aeb1cfc7f
>> MASTER_USER=master at uma
>> SPUSER=private/pdf
>> LOCAL_IP=127.0.0.1
>> USER=pdf
>> AUTH_USER=master at uma
>> PWD=/var/run/dovecot
>> USERDB_KEYS=HOME SPUSER MASTER_USER AUTH_TOKEN AUTH_USER
>> SHLVL=1
>> HOME=/var/data/vmail/private/pdf
>> IP=127.0.0.1
>> _=/usr/bin/env
>>
>> so the ACL_GROUPS is gone.
>>
>> is this intended to be like that.
>> so groups not included in cache and I have to find another approach?
>>
>> anybody else encountered similar problems with some auth Variables and
>> caching?
>>
>>
>> Greetz Matze
>>
> 

