Branch 'kolab-syncroton-2.2' - 2 commits - lib/kolab_sync.php

Aleksander Machniak machniak at kolabsys.com
Thu Feb 27 15:03:20 CET 2014 

 lib/kolab_sync.php |   15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

New commits:
commit fab29e619e1ab33a81225f9c32dbf2274c987a0a
Author: Aleksander Machniak <machniak at kolabsys.com>
Date:   Thu Feb 27 15:02:16 2014 +0100

    Add host name to the cache key

diff --git a/lib/kolab_sync.php b/lib/kolab_sync.php
index da93bf9..f2ad644 100644
--- a/lib/kolab_sync.php
+++ b/lib/kolab_sync.php
@@ -173,12 +173,13 @@ class kolab_sync extends rcube
     public function authenticate($username, $password)
     {
         // use shared cache for kolab_auth plugin result (username canonification)
-        $cache = $this->get_cache_shared('activesync_auth');
-        $cache_key = sha1($username);
+        $cache     = $this->get_cache_shared('activesync_auth');
+        $host      = $this->select_host($username);
+        $cache_key = sha1($username . '::' . $host);
 
         if (!$cache || !($auth = $cache->get($cache_key))) {
             $auth = $this->plugins->exec_hook('authenticate', array(
-                'host'  => $this->select_host($username),
+                'host'  => $host,
                 'user'  => $username,
                 'pass'  => $password,
             ));


commit 45bdeb1bc76be76ac446e9ee21c358634b7e40ae
Author: Aleksander Machniak <machniak at kolabsys.com>
Date:   Thu Feb 27 13:56:20 2014 +0100

    Do not use user password to build authentication cache key. Use sha1() instead of md5().
    
    This way it's more secure. Also password change does not invalidate the cached
    username/host, so there was not really need for including password there.

diff --git a/lib/kolab_sync.php b/lib/kolab_sync.php
index 56fb55f..da93bf9 100644
--- a/lib/kolab_sync.php
+++ b/lib/kolab_sync.php
@@ -174,21 +174,19 @@ class kolab_sync extends rcube
     {
         // use shared cache for kolab_auth plugin result (username canonification)
         $cache = $this->get_cache_shared('activesync_auth');
-        $cache_key = md5($username . '::' . $password);
+        $cache_key = sha1($username);
 
         if (!$cache || !($auth = $cache->get($cache_key))) {
             $auth = $this->plugins->exec_hook('authenticate', array(
                 'host'  => $this->select_host($username),
                 'user'  => $username,
                 'pass'  => $password,
-                'valid' => true,
             ));
 
-            if ($auth['valid'] && $cache) {
+            if (!$auth['abort'] && $cache) {
                 $cache->set($cache_key, array(
                     'user'  => $auth['user'],
                     'host'  => $auth['host'],
-                    'valid' => $auth['valid'],
                 ));
             }
 
@@ -202,9 +200,7 @@ class kolab_sync extends rcube
         }
 
         // Authenticate - get Roundcube user ID
-        if ($auth['valid'] && !$auth['abort']
-            && ($userid = $this->login($auth['user'], $auth['pass'], $auth['host'], $err))
-        ) {
+        if (!$auth['abort'] && ($userid = $this->login($auth['user'], $auth['pass'], $auth['host'], $err))) {
             // set real username
             $this->username = $auth['user'];
             return $userid;

More information about the commits mailing list