Mercurial > dovecot > original-hg > dovecot-1.2
changeset 9626:ec7ce2647131 HEAD
auth: Disable auth caching entirely for master users.
The cache key contains only the master username, without the logged-in username,
so wrong data could be looked up from cache.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 02 Nov 2010 17:31:14 +0000 |
parents | b30af25c622d |
children | 8c8bde0f9120 |
files | src/auth/auth-request.c src/auth/passdb-cache.c |
diffstat | 2 files changed, 9 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/auth-request.c Tue Nov 02 17:14:24 2010 +0000 +++ b/src/auth/auth-request.c Tue Nov 02 17:31:14 2010 +0000 @@ -244,10 +244,8 @@ extra_fields = request->extra_fields == NULL ? NULL : auth_stream_reply_export(request->extra_fields); - if (passdb_cache == NULL) - return; - - if (passdb->cache_key == NULL) + if (passdb_cache == NULL || passdb->cache_key == NULL || + request->master_user != NULL) return; if (result < 0) { @@ -643,7 +641,8 @@ struct userdb_module *userdb = request->userdb->userdb; const char *str; - if (passdb_cache == NULL || userdb->cache_key == NULL) + if (passdb_cache == NULL || userdb->cache_key == NULL || + request->master_user != NULL) return; str = result == USERDB_RESULT_USER_UNKNOWN ? "" : @@ -662,6 +661,9 @@ struct auth_cache_node *node; bool expired, neg_expired; + if (request->master_user != NULL) + return FALSE; + value = auth_cache_lookup(passdb_cache, request, key, &node, &expired, &neg_expired); if (value == NULL || (expired && !use_expired))
--- a/src/auth/passdb-cache.c Tue Nov 02 17:14:24 2010 +0000 +++ b/src/auth/passdb-cache.c Tue Nov 02 17:31:14 2010 +0000 @@ -32,7 +32,7 @@ int ret; bool expired, neg_expired; - if (passdb_cache == NULL || key == NULL) + if (passdb_cache == NULL || key == NULL || request->master_user != NULL) return FALSE; /* value = password \t ... */ @@ -96,7 +96,7 @@ struct auth_cache_node *node; bool expired, neg_expired; - if (passdb_cache == NULL) + if (passdb_cache == NULL || request->master_user != NULL) return FALSE; value = auth_cache_lookup(passdb_cache, request, key, &node,