changeset 9626:ec7ce2647131 HEAD

auth: Disable auth caching entirely for master users. The cache key contains only the master username, without the logged-in username, so wrong data could be looked up from cache.
author Timo Sirainen <tss@iki.fi>
date Tue, 02 Nov 2010 17:31:14 +0000
parents b30af25c622d
children 8c8bde0f9120
files src/auth/auth-request.c src/auth/passdb-cache.c
diffstat 2 files changed, 9 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/src/auth/auth-request.c	Tue Nov 02 17:14:24 2010 +0000
+++ b/src/auth/auth-request.c	Tue Nov 02 17:31:14 2010 +0000
@@ -244,10 +244,8 @@
 	extra_fields = request->extra_fields == NULL ? NULL :
 		auth_stream_reply_export(request->extra_fields);
 
-	if (passdb_cache == NULL)
-		return;
-
-	if (passdb->cache_key == NULL)
+	if (passdb_cache == NULL || passdb->cache_key == NULL ||
+	    request->master_user != NULL)
 		return;
 
 	if (result < 0) {
@@ -643,7 +641,8 @@
 	struct userdb_module *userdb = request->userdb->userdb;
 	const char *str;
 
-	if (passdb_cache == NULL || userdb->cache_key == NULL)
+	if (passdb_cache == NULL || userdb->cache_key == NULL ||
+	    request->master_user != NULL)
 		return;
 
 	str = result == USERDB_RESULT_USER_UNKNOWN ? "" :
@@ -662,6 +661,9 @@
 	struct auth_cache_node *node;
 	bool expired, neg_expired;
 
+	if (request->master_user != NULL)
+		return FALSE;
+
 	value = auth_cache_lookup(passdb_cache, request, key, &node,
 				  &expired, &neg_expired);
 	if (value == NULL || (expired && !use_expired))
--- a/src/auth/passdb-cache.c	Tue Nov 02 17:14:24 2010 +0000
+++ b/src/auth/passdb-cache.c	Tue Nov 02 17:31:14 2010 +0000
@@ -32,7 +32,7 @@
 	int ret;
 	bool expired, neg_expired;
 
-	if (passdb_cache == NULL || key == NULL)
+	if (passdb_cache == NULL || key == NULL || request->master_user != NULL)
 		return FALSE;
 
 	/* value = password \t ... */
@@ -96,7 +96,7 @@
 	struct auth_cache_node *node;
 	bool expired, neg_expired;
 
-	if (passdb_cache == NULL)
+	if (passdb_cache == NULL || request->master_user != NULL)
 		return FALSE;
 
 	value = auth_cache_lookup(passdb_cache, request, key, &node,