dovecot-2.0: auth: When caching user-given passwords, cache thei...

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-2.0/rev/46ae2e53d688
changeset: 10689:46ae2e53d688
user:      Timo Sirainen <tss at iki.fi>
date:      Fri Feb 12 21:31:49 2010 +0200
description:
auth: When caching user-given passwords, cache their SHA1, not the plaintext.

diffstat:

1 file changed, 10 insertions(+), 3 deletions(-)
src/auth/auth-request.c |   13 ++++++++++---

diffs (38 lines):

diff -r 134d59aece1a -r 46ae2e53d688 src/auth/auth-request.c
--- a/src/auth/auth-request.c	Wed Feb 10 17:12:31 2010 +0200
+++ b/src/auth/auth-request.c	Fri Feb 12 21:31:49 2010 +0200
@@ -23,6 +23,8 @@
 
 #include <stdlib.h>
 #include <sys/stat.h>
+
+#define CACHED_PASSWORD_SCHEME "SHA1"
 
 static void get_log_prefix(string_t *str, struct auth_request *auth_request,
 			   const char *subsystem);
@@ -227,7 +229,7 @@ static void auth_request_save_cache(stru
 				    enum passdb_result result)
 {
 	struct passdb_module *passdb = request->passdb->passdb;
-	const char *extra_fields;
+	const char *extra_fields, *encoded_password;
 	string_t *str;
 
 	switch (result) {
@@ -273,9 +275,14 @@ static void auth_request_save_cache(stru
 		/* we can still cache valid password lookups though.
 		   strdup() it so that mech_password doesn't get
 		   cleared too early. */
+		if (!password_generate_encoded(request->mech_password,
+					       request->user,
+					       CACHED_PASSWORD_SCHEME,
+					       &encoded_password))
+			i_unreached();
 		request->passdb_password =
-			p_strconcat(request->pool, "{plain}",
-				    request->mech_password, NULL);
+			p_strconcat(request->pool, "{"CACHED_PASSWORD_SCHEME"}",
+				    encoded_password, NULL);
 	}
 
 	/* save all except the currently given password in cache */