passdb-cache.c revision 31a12066e4cd9310d64091c81b59fb8eb1986023
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen/* Copyright (c) 2004-2012 Dovecot authors, see the included COPYING file */
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainenpassdb_cache_log_hit(struct auth_request *request, const char *value)
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen const char *p;
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen /* hide the password */
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen value = t_strconcat(PASSWORD_HIDDEN_STR, p, NULL);
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen auth_request_log_debug(request, "cache", "hit: %s", value);
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainenbool passdb_cache_verify_plain(struct auth_request *request, const char *key,
4d4d6d4745682790c20d759ba93dbea46b812c5dTimo Sirainen enum passdb_result *result_r, int use_expired)
d176f84ce5ca2073f4dfbafb457b9c74f6bf0d76Timo Sirainen const char *value, *cached_pw, *scheme, *const *list;
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen if (passdb_cache == NULL || key == NULL || request->master_user != NULL)
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen /* value = password \t ... */
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen value = auth_cache_lookup(passdb_cache, request, key, &node,
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen if (value == NULL || (expired && !use_expired)) {
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen /* negative cache entry */
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen auth_request_log_info(request, "cache", "User unknown");
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen /* NULL password */
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen auth_request_log_info(request, "cache", "NULL password access");
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen ret = auth_request_password_verify(request, password, cached_pw,
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen if (ret == 0 && (node->last_success || neg_expired)) {
78fa3c578c14ee8a612f86cf73b6181c7f16463fTimo Sirainen /* a) the last authentication was successful. assume
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen that the password was changed and cache is expired.
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen b) negative TTL reached, use it for password
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen mismatches too. */
78fa3c578c14ee8a612f86cf73b6181c7f16463fTimo Sirainen /* save the extra_fields only after we know we're using the
78fa3c578c14ee8a612f86cf73b6181c7f16463fTimo Sirainen cached data */
78fa3c578c14ee8a612f86cf73b6181c7f16463fTimo Sirainen auth_request_set_fields(request, list + 1, NULL);
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainenbool passdb_cache_lookup_credentials(struct auth_request *request,
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen if (passdb_cache == NULL || request->master_user != NULL)
01230de017cd273de41143d88e9c18df1243ae8aTimo Sirainen value = auth_cache_lookup(passdb_cache, request, key, &node,
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen if (value == NULL || (expired && !use_expired)) {
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen /* negative cache entry */
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen auth_request_set_fields(request, list + 1, NULL);
d176f84ce5ca2073f4dfbafb457b9c74f6bf0d76Timo Sirainen *password_r = *list[0] == '\0' ? NULL : list[0];
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen i_assert(*scheme_r != NULL || *password_r == NULL);
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainenvoid passdb_cache_init(const struct auth_settings *set)
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen if (set->cache_size == 0 || set->cache_ttl == 0)
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen i_warning("auth_cache_size (%luM) is higher than "
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen "process VSZ limit (%luM)",