bcb4e51a409d94ae670de96afb8483a4f7855294Stephan Bosch/* Copyright (c) 2004-2018 Dovecot authors, see the included COPYING file */
7ace5117d5f2395bd66f20b09e77dac05492f7ceTimo Sirainenpassdb_cache_log_hit(struct auth_request *request, const char *value)
7ace5117d5f2395bd66f20b09e77dac05492f7ceTimo Sirainen const char *p;
7ace5117d5f2395bd66f20b09e77dac05492f7ceTimo Sirainen /* hide the password */
6cbe2facd40ea3461620571a1c168ce9884be3b3Timo Sirainen value = t_strconcat(PASSWORD_HIDDEN_STR, p, NULL);
6135260095e1704ed6edff9d00bdfc043c11429cTimo Sirainen auth_request_log_debug(request, AUTH_SUBSYS_DB, "cache hit: %s", value);
90cf976e328e093da91a8332d96182201f4ef6c1Timo Sirainenpassdb_cache_lookup(struct auth_request *request, const char *key,
90cf976e328e093da91a8332d96182201f4ef6c1Timo Sirainen bool use_expired, struct auth_cache_node **node_r,
44cf91b7a701a9b4d9f59a990552eab4f7f64fbcTimo Sirainen struct auth_stats *stats = auth_request_stats_get(request);
90cf976e328e093da91a8332d96182201f4ef6c1Timo Sirainen /* value = password \t ... */
90cf976e328e093da91a8332d96182201f4ef6c1Timo Sirainen value = auth_cache_lookup(passdb_cache, request, key, node_r,
90cf976e328e093da91a8332d96182201f4ef6c1Timo Sirainen if (value == NULL || (expired && !use_expired)) {
90cf976e328e093da91a8332d96182201f4ef6c1Timo Sirainen auth_request_log_debug(request, AUTH_SUBSYS_DB,
90cf976e328e093da91a8332d96182201f4ef6c1Timo Sirainen "cache expired");
e42b74025f8d02ee7aa476897a3f44e25bb8fc10Aki Tuomistatic bool passdb_cache_verify_plain_callback(const char *reply, void *context)
e42b74025f8d02ee7aa476897a3f44e25bb8fc10Aki Tuomi result = passdb_blocking_auth_worker_reply_parse(request, reply);
e42b74025f8d02ee7aa476897a3f44e25bb8fc10Aki Tuomi auth_request_verify_plain_callback_finish(result, request);
6ef7e31619edfaa17ed044b45861d106a86191efTimo Sirainenbool passdb_cache_verify_plain(struct auth_request *request, const char *key,
5bb7c9863cbb62c41b13e7f42e04f1d57b4634f8Timo Sirainen enum passdb_result *result_r, bool use_expired)
dc9bfb7dc057964238e181d3d8b08751527bb08aTimo Sirainen const char *value, *cached_pw, *scheme, *const *list;
90cf976e328e093da91a8332d96182201f4ef6c1Timo Sirainen if (!passdb_cache_lookup(request, key, use_expired,
dc9bfb7dc057964238e181d3d8b08751527bb08aTimo Sirainen /* negative cache entry */
6135260095e1704ed6edff9d00bdfc043c11429cTimo Sirainen auth_request_log_unknown_user(request, AUTH_SUBSYS_DB);
e42b74025f8d02ee7aa476897a3f44e25bb8fc10Aki Tuomi auth_request_verify_plain_callback_finish(*result_r, request);
3ab7783791bd46cdd46e9b9de3e98e8efcb6c6bfTimo Sirainen /* NULL password */
6135260095e1704ed6edff9d00bdfc043c11429cTimo Sirainen auth_request_log_info(request, AUTH_SUBSYS_DB,
6135260095e1704ed6edff9d00bdfc043c11429cTimo Sirainen "Cached NULL password access");
e42b74025f8d02ee7aa476897a3f44e25bb8fc10Aki Tuomi } else if (request->set->cache_verify_password_with_worker) {
e42b74025f8d02ee7aa476897a3f44e25bb8fc10Aki Tuomi str_printfa(str, "PASSW\t%u\t", request->passdb->passdb->id);
e42b74025f8d02ee7aa476897a3f44e25bb8fc10Aki Tuomi auth_request_log_debug(request, AUTH_SUBSYS_DB, "cache: "
e42b74025f8d02ee7aa476897a3f44e25bb8fc10Aki Tuomi "validating password on worker");
e42b74025f8d02ee7aa476897a3f44e25bb8fc10Aki Tuomi auth_worker_call(request->pool, request->user, str_c(str),
ef4ca21b9195a2aca07a4965ea2d1d97c850b89amanuel ret = auth_request_password_verify_log(request, password, cached_pw,
145d2eef238ed8bbff635e3b06951a83f0ee5a03Timo Sirainen if (ret == 0 && (node->last_success || neg_expired)) {
145d2eef238ed8bbff635e3b06951a83f0ee5a03Timo Sirainen /* a) the last authentication was successful. assume
145d2eef238ed8bbff635e3b06951a83f0ee5a03Timo Sirainen that the password was changed and cache is expired.
145d2eef238ed8bbff635e3b06951a83f0ee5a03Timo Sirainen b) negative TTL reached, use it for password
145d2eef238ed8bbff635e3b06951a83f0ee5a03Timo Sirainen mismatches too. */
24d7c5fc9fa1cb1f49402ec796654113199ba4e6Timo Sirainen /* save the extra_fields only after we know we're using the
24d7c5fc9fa1cb1f49402ec796654113199ba4e6Timo Sirainen cached data */
553308791c097219e8eb31cbd03a29e9e1333848Timo Sirainen auth_request_set_fields(request, list + 1, NULL);
e42b74025f8d02ee7aa476897a3f44e25bb8fc10Aki Tuomi auth_request_verify_plain_callback_finish(*result_r, request);
6ef7e31619edfaa17ed044b45861d106a86191efTimo Sirainenbool passdb_cache_lookup_credentials(struct auth_request *request,
90cf976e328e093da91a8332d96182201f4ef6c1Timo Sirainen if (!passdb_cache_lookup(request, key, use_expired,
dc9bfb7dc057964238e181d3d8b08751527bb08aTimo Sirainen /* negative cache entry */
553308791c097219e8eb31cbd03a29e9e1333848Timo Sirainen auth_request_set_fields(request, list + 1, NULL);
7dcb5545370faa9d4ff83b3ede65a69fc3dd4b65Timo Sirainen *password_r = *list[0] == '\0' ? NULL : list[0];
cc0495b3bbe3c3e41c512274b302d6f0fa028187Timo Sirainen i_assert(*scheme_r != NULL || *password_r == NULL);
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainenvoid passdb_cache_init(const struct auth_settings *set)
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen if (set->cache_size == 0 || set->cache_ttl == 0)
47a5a7e8296f3b8f2fac9a0659d4de3f2723ba4aMartti Rannanjärvi i_warning("auth_cache_size (%"PRIuUOFF_T"M) is higher than "
31a12066e4cd9310d64091c81b59fb8eb1986023Timo Sirainen "process VSZ limit (%luM)",