Mercurial > dovecot > original-hg > dovecot-1.2
comparison src/auth/auth-request.c @ 9626:ec7ce2647131 HEAD
auth: Disable auth caching entirely for master users.
The cache key contains only the master username, without the logged-in username,
so wrong data could be looked up from cache.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 02 Nov 2010 17:31:14 +0000 |
parents | a3e4af3df83d |
children |
comparison
equal
deleted
inserted
replaced
9625:b30af25c622d | 9626:ec7ce2647131 |
---|---|
242 } | 242 } |
243 | 243 |
244 extra_fields = request->extra_fields == NULL ? NULL : | 244 extra_fields = request->extra_fields == NULL ? NULL : |
245 auth_stream_reply_export(request->extra_fields); | 245 auth_stream_reply_export(request->extra_fields); |
246 | 246 |
247 if (passdb_cache == NULL) | 247 if (passdb_cache == NULL || passdb->cache_key == NULL || |
248 return; | 248 request->master_user != NULL) |
249 | |
250 if (passdb->cache_key == NULL) | |
251 return; | 249 return; |
252 | 250 |
253 if (result < 0) { | 251 if (result < 0) { |
254 /* lookup failed. */ | 252 /* lookup failed. */ |
255 if (result == PASSDB_RESULT_USER_UNKNOWN) { | 253 if (result == PASSDB_RESULT_USER_UNKNOWN) { |
641 enum userdb_result result) | 639 enum userdb_result result) |
642 { | 640 { |
643 struct userdb_module *userdb = request->userdb->userdb; | 641 struct userdb_module *userdb = request->userdb->userdb; |
644 const char *str; | 642 const char *str; |
645 | 643 |
646 if (passdb_cache == NULL || userdb->cache_key == NULL) | 644 if (passdb_cache == NULL || userdb->cache_key == NULL || |
645 request->master_user != NULL) | |
647 return; | 646 return; |
648 | 647 |
649 str = result == USERDB_RESULT_USER_UNKNOWN ? "" : | 648 str = result == USERDB_RESULT_USER_UNKNOWN ? "" : |
650 auth_stream_reply_export(request->userdb_reply); | 649 auth_stream_reply_export(request->userdb_reply); |
651 /* last_success has no meaning with userdb */ | 650 /* last_success has no meaning with userdb */ |
659 bool use_expired) | 658 bool use_expired) |
660 { | 659 { |
661 const char *value; | 660 const char *value; |
662 struct auth_cache_node *node; | 661 struct auth_cache_node *node; |
663 bool expired, neg_expired; | 662 bool expired, neg_expired; |
663 | |
664 if (request->master_user != NULL) | |
665 return FALSE; | |
664 | 666 |
665 value = auth_cache_lookup(passdb_cache, request, key, &node, | 667 value = auth_cache_lookup(passdb_cache, request, key, &node, |
666 &expired, &neg_expired); | 668 &expired, &neg_expired); |
667 if (value == NULL || (expired && !use_expired)) | 669 if (value == NULL || (expired && !use_expired)) |
668 return FALSE; | 670 return FALSE; |