dovecot-2.0: auth: Disable auth caching entirely for master users.

dovecot at dovecot.org dovecot at dovecot.org
Tue Nov 2 19:31:17 EET 2010 

details:   http://hg.dovecot.org/dovecot-2.0/rev/075963b71b94
changeset: 12363:075963b71b94
user:      Timo Sirainen <tss at iki.fi>
date:      Tue Nov 02 17:31:14 2010 +0000
description:
auth: Disable auth caching entirely for master users.
The cache key contains only the master username, without the logged-in username,
so wrong data could be looked up from cache.

diffstat:

 src/auth/auth-request.c |  12 +++++++-----
 src/auth/passdb-cache.c |   4 ++--
 2 files changed, 9 insertions(+), 7 deletions(-)

diffs (57 lines):

diff -r 1d381325a973 -r 075963b71b94 src/auth/auth-request.c
--- a/src/auth/auth-request.c	Tue Nov 02 17:14:25 2010 +0000
+++ b/src/auth/auth-request.c	Tue Nov 02 17:31:14 2010 +0000
@@ -290,10 +290,8 @@
 	extra_fields = request->extra_fields == NULL ? NULL :
 		auth_stream_reply_export(request->extra_fields);
 
-	if (passdb_cache == NULL)
-		return;
-
-	if (passdb->cache_key == NULL)
+	if (passdb_cache == NULL || passdb->cache_key == NULL ||
+	    request->master_user != NULL)
 		return;
 
 	if (result < 0) {
@@ -712,7 +710,8 @@
 	struct userdb_module *userdb = request->userdb->userdb;
 	const char *str;
 
-	if (passdb_cache == NULL || userdb->cache_key == NULL)
+	if (passdb_cache == NULL || userdb->cache_key == NULL ||
+	    request->master_user != NULL)
 		return;
 
 	str = result == USERDB_RESULT_USER_UNKNOWN ? "" :
@@ -731,6 +730,9 @@
 	struct auth_cache_node *node;
 	bool expired, neg_expired;
 
+	if (request->master_user != NULL)
+		return FALSE;
+
 	value = auth_cache_lookup(passdb_cache, request, key, &node,
 				  &expired, &neg_expired);
 	if (value == NULL || (expired && !use_expired)) {
diff -r 1d381325a973 -r 075963b71b94 src/auth/passdb-cache.c
--- a/src/auth/passdb-cache.c	Tue Nov 02 17:14:25 2010 +0000
+++ b/src/auth/passdb-cache.c	Tue Nov 02 17:31:14 2010 +0000
@@ -32,7 +32,7 @@
 	int ret;
 	bool expired, neg_expired;
 
-	if (passdb_cache == NULL || key == NULL)
+	if (passdb_cache == NULL || key == NULL || request->master_user != NULL)
 		return FALSE;
 
 	/* value = password \t ... */
@@ -96,7 +96,7 @@
 	struct auth_cache_node *node;
 	bool expired, neg_expired;
 
-	if (passdb_cache == NULL)
+	if (passdb_cache == NULL || request->master_user != NULL)
 		return FALSE;
 
 	value = auth_cache_lookup(passdb_cache, request, key, &node,

More information about the dovecot-cvs mailing list