Hello Thank you for your report. We really appreciate it, especially when you can pinpoint a commit.
However, I am unable to reproduce this. Could you post your doveconf -n please? Im especially interested in your passdb and userdb configurations and auth-cache settings. br, Teemu Huovila On 08/06/2015 01:07 PM, matthias lay wrote: > hi timo, > > I checked out the commit causing this. > > its this one: > > http://hg.dovecot.org/dovecot-2.2/diff/5e445c659f89/src/auth/auth-request.c#l1.32 > > > if I move this block back as it was. everything is fine > > > diff -r a46620d6e0ff -r 5e445c659f89 src/auth/auth-request.c > --- a/src/auth/auth-request.c Tue May 05 13:35:52 2015 +0300 > +++ b/src/auth/auth-request.c Tue May 05 14:16:31 2015 +0300 > @@ -618,30 +627,28 @@ > auth_request_want_skip_passdb(request, next_passdb)) > next_passdb = next_passdb->next; > > + if (*result == PASSDB_RESULT_OK) { > + /* this passdb lookup succeeded, preserve its extra fields */ > + auth_fields_snapshot(request->extra_fields); > + request->snapshot_have_userdb_prefetch_set = > + request->userdb_prefetch_set; > + if (request->userdb_reply != NULL) > + auth_fields_snapshot(request->userdb_reply); > + } else { > + /* this passdb lookup failed, remove any extra fields it set */ > + auth_fields_rollback(request->extra_fields); > + if (request->userdb_reply != NULL) { > + auth_fields_rollback(request->userdb_reply); > + request->userdb_prefetch_set = > + request->snapshot_have_userdb_prefetch_set; > + } > + } > + > if (passdb_continue && next_passdb != NULL) { > /* try next passdb. */ > request->passdb = next_passdb; > request->passdb_password = NULL; > > - if (*result == PASSDB_RESULT_OK) { > - /* this passdb lookup succeeded, preserve its extra > - fields */ > - auth_fields_snapshot(request->extra_fields); > - request->snapshot_have_userdb_prefetch_set = > - request->userdb_prefetch_set; > - if (request->userdb_reply != NULL) > - auth_fields_snapshot(request->userdb_reply); > - } else { > - /* this passdb lookup failed, remove any extra fields > - it set */ > - auth_fields_rollback(request->extra_fields); > - if (request->userdb_reply != NULL) { > - auth_fields_rollback(request->userdb_reply); > - request->userdb_prefetch_set = > - > request->snapshot_have_userdb_prefetch_set; > - } > - } > - > if (*result == PASSDB_RESULT_USER_UNKNOWN) { > /* remember that we did at least one successful > passdb lookup */ > > > > > > > > > > > > > > > On 08/05/2015 05:33 PM, matthias lay wrote: >> just tested against dovecot 2.2.15 >> >> everythings works fine. so might be a bug introduced between 2.2.16 and >> 2.2.18 >> >> >> >> >> >> On 08/05/2015 04:30 PM, matthias lay wrote: >>> Hi list, >>> >>> I have a question on auth caching in 2.2.18. >>> >>> I am using acl_groups for a master user, appended in a static userdb file >>> >>> # snip ############################### >>> master@uma:{SHA}XXXX=::::::userdb_acl_groups=umareadmaster >>> allow_nets=127.0.0.1 >>> # snap ############################### >>> >>> and use this group in a global ACL file. >>> I discovered this only works on first NOT-cached login >>> >>> >>> >>> environment in imap-postlogin script on first login: >>> >>> >>> AUTH_TOKEN=e96b5a32ceb2cafc4460c210ad2e92e3d7ab388c >>> MASTER_USER=master@uma >>> SPUSER=private/pdf >>> LOCAL_IP=127.0.0.1 >>> USER=pdf >>> AUTH_USER=master@uma >>> PWD=/var/run/dovecot >>> USERDB_KEYS=ACL_GROUPS HOME SPUSER MASTER_USER AUTH_TOKEN AUTH_USER >>> SHLVL=1 >>> HOME=/var/data/vmail/private/pdf >>> ACL_GROUPS=umareadmaster >>> IP=127.0.0.1 >>> _=/usr/bin/env >>> >>> >>> on the second cached login it looks like this >>> >>> >>> AUTH_TOKEN=12703b11932f233520f6d4b33559c33aeb1cfc7f >>> MASTER_USER=master@uma >>> SPUSER=private/pdf >>> LOCAL_IP=127.0.0.1 >>> USER=pdf >>> AUTH_USER=master@uma >>> PWD=/var/run/dovecot >>> USERDB_KEYS=HOME SPUSER MASTER_USER AUTH_TOKEN AUTH_USER >>> SHLVL=1 >>> HOME=/var/data/vmail/private/pdf >>> IP=127.0.0.1 >>> _=/usr/bin/env >>> >>> so the ACL_GROUPS is gone. >>> >>> is this intended to be like that. >>> so groups not included in cache and I have to find another approach? >>> >>> anybody else encountered similar problems with some auth Variables and >>> caching? >>> >>> >>> Greetz Matze >>> >>
