hi timo, I checked out the commit causing this.
its this one: http://hg.dovecot.org/dovecot-2.2/diff/5e445c659f89/src/auth/auth-request.c#l1.32 if I move this block back as it was. everything is fine diff -r a46620d6e0ff -r 5e445c659f89 src/auth/auth-request.c --- a/src/auth/auth-request.c Tue May 05 13:35:52 2015 +0300 +++ b/src/auth/auth-request.c Tue May 05 14:16:31 2015 +0300 @@ -618,30 +627,28 @@ auth_request_want_skip_passdb(request, next_passdb)) next_passdb = next_passdb->next; + if (*result == PASSDB_RESULT_OK) { + /* this passdb lookup succeeded, preserve its extra fields */ + auth_fields_snapshot(request->extra_fields); + request->snapshot_have_userdb_prefetch_set = + request->userdb_prefetch_set; + if (request->userdb_reply != NULL) + auth_fields_snapshot(request->userdb_reply); + } else { + /* this passdb lookup failed, remove any extra fields it set */ + auth_fields_rollback(request->extra_fields); + if (request->userdb_reply != NULL) { + auth_fields_rollback(request->userdb_reply); + request->userdb_prefetch_set = + request->snapshot_have_userdb_prefetch_set; + } + } + if (passdb_continue && next_passdb != NULL) { /* try next passdb. */ request->passdb = next_passdb; request->passdb_password = NULL; - if (*result == PASSDB_RESULT_OK) { - /* this passdb lookup succeeded, preserve its extra - fields */ - auth_fields_snapshot(request->extra_fields); - request->snapshot_have_userdb_prefetch_set = - request->userdb_prefetch_set; - if (request->userdb_reply != NULL) - auth_fields_snapshot(request->userdb_reply); - } else { - /* this passdb lookup failed, remove any extra fields - it set */ - auth_fields_rollback(request->extra_fields); - if (request->userdb_reply != NULL) { - auth_fields_rollback(request->userdb_reply); - request->userdb_prefetch_set = - request->snapshot_have_userdb_prefetch_set; - } - } - if (*result == PASSDB_RESULT_USER_UNKNOWN) { /* remember that we did at least one successful passdb lookup */ On 08/05/2015 05:33 PM, matthias lay wrote: > just tested against dovecot 2.2.15 > > everythings works fine. so might be a bug introduced between 2.2.16 and > 2.2.18 > > > > > > On 08/05/2015 04:30 PM, matthias lay wrote: >> Hi list, >> >> I have a question on auth caching in 2.2.18. >> >> I am using acl_groups for a master user, appended in a static userdb file >> >> # snip ############################### >> master@uma:{SHA}XXXX=::::::userdb_acl_groups=umareadmaster >> allow_nets=127.0.0.1 >> # snap ############################### >> >> and use this group in a global ACL file. >> I discovered this only works on first NOT-cached login >> >> >> >> environment in imap-postlogin script on first login: >> >> >> AUTH_TOKEN=e96b5a32ceb2cafc4460c210ad2e92e3d7ab388c >> MASTER_USER=master@uma >> SPUSER=private/pdf >> LOCAL_IP=127.0.0.1 >> USER=pdf >> AUTH_USER=master@uma >> PWD=/var/run/dovecot >> USERDB_KEYS=ACL_GROUPS HOME SPUSER MASTER_USER AUTH_TOKEN AUTH_USER >> SHLVL=1 >> HOME=/var/data/vmail/private/pdf >> ACL_GROUPS=umareadmaster >> IP=127.0.0.1 >> _=/usr/bin/env >> >> >> on the second cached login it looks like this >> >> >> AUTH_TOKEN=12703b11932f233520f6d4b33559c33aeb1cfc7f >> MASTER_USER=master@uma >> SPUSER=private/pdf >> LOCAL_IP=127.0.0.1 >> USER=pdf >> AUTH_USER=master@uma >> PWD=/var/run/dovecot >> USERDB_KEYS=HOME SPUSER MASTER_USER AUTH_TOKEN AUTH_USER >> SHLVL=1 >> HOME=/var/data/vmail/private/pdf >> IP=127.0.0.1 >> _=/usr/bin/env >> >> so the ACL_GROUPS is gone. >> >> is this intended to be like that. >> so groups not included in cache and I have to find another approach? >> >> anybody else encountered similar problems with some auth Variables and >> caching? >> >> >> Greetz Matze >> >
