Mercurial > dovecot > original-hg > dovecot-1.2
diff src/auth/passdb-cache.c @ 5128:365ff0cfd03f HEAD
If last login was valid and the current one wasn't, we returned "not found
from cache" but extra_fields still had been modified, which could have
caused crashes later.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Thu, 15 Feb 2007 12:31:18 +0200 |
parents | 3b49b9ec87dc |
children | b2070dffa074 |
line wrap: on
line diff
--- a/src/auth/passdb-cache.c Wed Feb 14 21:32:06 2007 +0200 +++ b/src/auth/passdb-cache.c Thu Feb 15 12:31:18 2007 +0200 @@ -13,9 +13,6 @@ { const char *name, *value; - if (*list == NULL) - return; - for (; *list != NULL; list++) { t_push(); value = strchr(*list, '='); @@ -57,30 +54,32 @@ } list = t_strsplit(value, "\t"); - list_save(request, list + 1); cached_pw = list[0]; if (*cached_pw == '\0') { /* NULL password */ auth_request_log_info(request, "cache", "NULL password access"); - *result_r = PASSDB_RESULT_OK; - return TRUE; - } - - scheme = password_get_scheme(&cached_pw); - i_assert(scheme != NULL); + ret = 1; + } else { + scheme = password_get_scheme(&cached_pw); + i_assert(scheme != NULL); - ret = auth_request_password_verify(request, password, cached_pw, - scheme, "cache"); + ret = auth_request_password_verify(request, password, cached_pw, + scheme, "cache"); - if (ret == 0 && node->last_success) { - /* the last authentication was successful. assume that the - password was changed and cache is expired. */ - node->last_success = FALSE; - return FALSE; + if (ret == 0 && node->last_success) { + /* the last authentication was successful. assume that + the password was changed and cache is expired. */ + node->last_success = FALSE; + return FALSE; + } } node->last_success = ret > 0; + /* save the extra_fields only after we know we're using the + cached data */ + list_save(request, list + 1); + *result_r = ret > 0 ? PASSDB_RESULT_OK : PASSDB_RESULT_PASSWORD_MISMATCH; return TRUE;