Mercurial > dovecot > original-hg > dovecot-1.2
comparison src/auth/auth-request.c @ 9626:ec7ce2647131 HEAD
auth: Disable auth caching entirely for master users.
The cache key contains only the master username, without the logged-in username,
so wrong data could be looked up from cache.
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Tue, 02 Nov 2010 17:31:14 +0000 |
| parents | a3e4af3df83d |
| children |
comparison
equal
deleted
inserted
replaced
| 9625:b30af25c622d | 9626:ec7ce2647131 |
|---|---|
| 242 } | 242 } |
| 243 | 243 |
| 244 extra_fields = request->extra_fields == NULL ? NULL : | 244 extra_fields = request->extra_fields == NULL ? NULL : |
| 245 auth_stream_reply_export(request->extra_fields); | 245 auth_stream_reply_export(request->extra_fields); |
| 246 | 246 |
| 247 if (passdb_cache == NULL) | 247 if (passdb_cache == NULL || passdb->cache_key == NULL || |
| 248 return; | 248 request->master_user != NULL) |
| 249 | |
| 250 if (passdb->cache_key == NULL) | |
| 251 return; | 249 return; |
| 252 | 250 |
| 253 if (result < 0) { | 251 if (result < 0) { |
| 254 /* lookup failed. */ | 252 /* lookup failed. */ |
| 255 if (result == PASSDB_RESULT_USER_UNKNOWN) { | 253 if (result == PASSDB_RESULT_USER_UNKNOWN) { |
| 641 enum userdb_result result) | 639 enum userdb_result result) |
| 642 { | 640 { |
| 643 struct userdb_module *userdb = request->userdb->userdb; | 641 struct userdb_module *userdb = request->userdb->userdb; |
| 644 const char *str; | 642 const char *str; |
| 645 | 643 |
| 646 if (passdb_cache == NULL || userdb->cache_key == NULL) | 644 if (passdb_cache == NULL || userdb->cache_key == NULL || |
| 645 request->master_user != NULL) | |
| 647 return; | 646 return; |
| 648 | 647 |
| 649 str = result == USERDB_RESULT_USER_UNKNOWN ? "" : | 648 str = result == USERDB_RESULT_USER_UNKNOWN ? "" : |
| 650 auth_stream_reply_export(request->userdb_reply); | 649 auth_stream_reply_export(request->userdb_reply); |
| 651 /* last_success has no meaning with userdb */ | 650 /* last_success has no meaning with userdb */ |
| 659 bool use_expired) | 658 bool use_expired) |
| 660 { | 659 { |
| 661 const char *value; | 660 const char *value; |
| 662 struct auth_cache_node *node; | 661 struct auth_cache_node *node; |
| 663 bool expired, neg_expired; | 662 bool expired, neg_expired; |
| 663 | |
| 664 if (request->master_user != NULL) | |
| 665 return FALSE; | |
| 664 | 666 |
| 665 value = auth_cache_lookup(passdb_cache, request, key, &node, | 667 value = auth_cache_lookup(passdb_cache, request, key, &node, |
| 666 &expired, &neg_expired); | 668 &expired, &neg_expired); |
| 667 if (value == NULL || (expired && !use_expired)) | 669 if (value == NULL || (expired && !use_expired)) |
| 668 return FALSE; | 670 return FALSE; |