passdb-cache.c revision d31c77e63713a6cf3687a4b38ff8daf6d6c7a3dd
5a580c3a38ced62d4bcc95b8ac7c4f2935b5d294Timo Sirainen/* Copyright (c) 2004-2013 Dovecot authors, see the included COPYING file */
7ace5117d5f2395bd66f20b09e77dac05492f7ceTimo Sirainenpassdb_cache_log_hit(struct auth_request *request, const char *value)
7ace5117d5f2395bd66f20b09e77dac05492f7ceTimo Sirainen const char *p;
7ace5117d5f2395bd66f20b09e77dac05492f7ceTimo Sirainen /* hide the password */
6cbe2facd40ea3461620571a1c168ce9884be3b3Timo Sirainen value = t_strconcat(PASSWORD_HIDDEN_STR, p, NULL);
7ace5117d5f2395bd66f20b09e77dac05492f7ceTimo Sirainen auth_request_log_debug(request, "cache", "hit: %s", value);
6ef7e31619edfaa17ed044b45861d106a86191efTimo Sirainenbool passdb_cache_verify_plain(struct auth_request *request, const char *key,
6ef7e31619edfaa17ed044b45861d106a86191efTimo Sirainen enum passdb_result *result_r, int use_expired)
dc9bfb7dc057964238e181d3d8b08751527bb08aTimo Sirainen const char *value, *cached_pw, *scheme, *const *list;
dc9bfb7dc057964238e181d3d8b08751527bb08aTimo Sirainen /* value = password \t ... */
145d2eef238ed8bbff635e3b06951a83f0ee5a03Timo Sirainen value = auth_cache_lookup(passdb_cache, request, key, &node,
00bde9ae9eab9e720462bf6ec9a4dd85e88c3bbfTimo Sirainen if (value == NULL || (expired && !use_expired)) {
dc9bfb7dc057964238e181d3d8b08751527bb08aTimo Sirainen /* negative cache entry */
ed3c4faf5ddf559818e4a3f7efc0f53f97396227Timo Sirainen auth_request_log_unknown_user(request, "cache");
3ab7783791bd46cdd46e9b9de3e98e8efcb6c6bfTimo Sirainen /* NULL password */
bcf5f1acb2e3891f951fd0848c23b86c35efe7e1Timo Sirainen auth_request_log_info(request, "cache", "NULL password access");
24d7c5fc9fa1cb1f49402ec796654113199ba4e6Timo Sirainen ret = auth_request_password_verify(request, password, cached_pw,
145d2eef238ed8bbff635e3b06951a83f0ee5a03Timo Sirainen if (ret == 0 && (node->last_success || neg_expired)) {
145d2eef238ed8bbff635e3b06951a83f0ee5a03Timo Sirainen /* a) the last authentication was successful. assume
145d2eef238ed8bbff635e3b06951a83f0ee5a03Timo Sirainen that the password was changed and cache is expired.
145d2eef238ed8bbff635e3b06951a83f0ee5a03Timo Sirainen b) negative TTL reached, use it for password
145d2eef238ed8bbff635e3b06951a83f0ee5a03Timo Sirainen mismatches too. */
24d7c5fc9fa1cb1f49402ec796654113199ba4e6Timo Sirainen /* save the extra_fields only after we know we're using the
24d7c5fc9fa1cb1f49402ec796654113199ba4e6Timo Sirainen cached data */
553308791c097219e8eb31cbd03a29e9e1333848Timo Sirainen auth_request_set_fields(request, list + 1, NULL);
6ef7e31619edfaa17ed044b45861d106a86191efTimo Sirainenbool passdb_cache_lookup_credentials(struct auth_request *request,
145d2eef238ed8bbff635e3b06951a83f0ee5a03Timo Sirainen value = auth_cache_lookup(passdb_cache, request, key, &node,
00bde9ae9eab9e720462bf6ec9a4dd85e88c3bbfTimo Sirainen if (value == NULL || (expired && !use_expired)) {
dc9bfb7dc057964238e181d3d8b08751527bb08aTimo Sirainen /* negative cache entry */
553308791c097219e8eb31cbd03a29e9e1333848Timo Sirainen auth_request_set_fields(request, list + 1, NULL);
7dcb5545370faa9d4ff83b3ede65a69fc3dd4b65Timo Sirainen *password_r = *list[0] == '\0' ? NULL : list[0];
cc0495b3bbe3c3e41c512274b302d6f0fa028187Timo Sirainen i_assert(*scheme_r != NULL || *password_r == NULL);
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainenvoid passdb_cache_init(const struct auth_settings *set)
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen if (set->cache_size == 0 || set->cache_ttl == 0)
31a12066e4cd9310d64091c81b59fb8eb1986023Timo Sirainen i_warning("auth_cache_size (%luM) is higher than "
31a12066e4cd9310d64091c81b59fb8eb1986023Timo Sirainen "process VSZ limit (%luM)",