# HG changeset patch # User Timo Sirainen # Date 1288719074 0 # Node ID ec7ce2647131e4dcb12aa87ab3d639fe24aa6b5d # Parent b30af25c622d486e36931ded92a29b16ad22bc19 auth: Disable auth caching entirely for master users. The cache key contains only the master username, without the logged-in username, so wrong data could be looked up from cache. diff -r b30af25c622d -r ec7ce2647131 src/auth/auth-request.c --- a/src/auth/auth-request.c Tue Nov 02 17:14:24 2010 +0000 +++ b/src/auth/auth-request.c Tue Nov 02 17:31:14 2010 +0000 @@ -244,10 +244,8 @@ extra_fields = request->extra_fields == NULL ? NULL : auth_stream_reply_export(request->extra_fields); - if (passdb_cache == NULL) - return; - - if (passdb->cache_key == NULL) + if (passdb_cache == NULL || passdb->cache_key == NULL || + request->master_user != NULL) return; if (result < 0) { @@ -643,7 +641,8 @@ struct userdb_module *userdb = request->userdb->userdb; const char *str; - if (passdb_cache == NULL || userdb->cache_key == NULL) + if (passdb_cache == NULL || userdb->cache_key == NULL || + request->master_user != NULL) return; str = result == USERDB_RESULT_USER_UNKNOWN ? "" : @@ -662,6 +661,9 @@ struct auth_cache_node *node; bool expired, neg_expired; + if (request->master_user != NULL) + return FALSE; + value = auth_cache_lookup(passdb_cache, request, key, &node, &expired, &neg_expired); if (value == NULL || (expired && !use_expired)) diff -r b30af25c622d -r ec7ce2647131 src/auth/passdb-cache.c --- a/src/auth/passdb-cache.c Tue Nov 02 17:14:24 2010 +0000 +++ b/src/auth/passdb-cache.c Tue Nov 02 17:31:14 2010 +0000 @@ -32,7 +32,7 @@ int ret; bool expired, neg_expired; - if (passdb_cache == NULL || key == NULL) + if (passdb_cache == NULL || key == NULL || request->master_user != NULL) return FALSE; /* value = password \t ... */ @@ -96,7 +96,7 @@ struct auth_cache_node *node; bool expired, neg_expired; - if (passdb_cache == NULL) + if (passdb_cache == NULL || request->master_user != NULL) return FALSE; value = auth_cache_lookup(passdb_cache, request, key, &node,