[dovecot-cvs] dovecot/src/auth Makefile.am, 1.44, 1.45 auth-master-connection.c, 1.28, 1.29 auth-master-connection.h, 1.9, 1.10 auth-request-balancer-child.c, 1.2, NONE auth-request-balancer-worker.c, 1.1, NONE auth-request-balancer.h, 1.1, NONE auth-request-handler-balancer.c, 1.1, NONE auth-request-handler-default.c, 1.5, NONE auth-request-handler.c, 1.2, 1.3 auth-request-handler.h, 1.2, 1.3 auth-request.c, 1.10, 1.11 auth-request.h, 1.9, 1.10 auth.c, 1.13, 1.14 auth.h, 1.11, 1.12 common.h, 1.11, 1.12 main.c, 1.40, 1.41 passdb-bsdauth.c, 1.7, 1.8 passdb-checkpassword.c, 1.7, 1.8 passdb-ldap.c, 1.24, 1.25 passdb-pam.c, 1.21, 1.22 passdb-passwd-file.c, 1.15, 1.16 passdb-passwd.c, 1.10, 1.11 passdb-shadow.c, 1.11, 1.12 passdb-sql.c, 1.14, 1.15 passdb-vpopmail.c, 1.15, 1.16 passdb.c, 1.32, 1.33 passdb.h, 1.22, 1.23 userdb-ldap.c, 1.28, 1.29 userdb-passdb.c, 1.4, 1.5 userdb-passwd-file.c, 1.12, 1.13 userdb-passwd.c, 1.13, 1.14 userdb-sql.c, 1.7, 1.8 userdb-static.c, 1.11, 1.12 userdb-vpopmail.c, 1.14, 1.15 userdb.h, 1.20, 1.21

cras at dovecot.org cras at dovecot.org
Tue Mar 1 00:19:25 EET 2005


Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv21285/src/auth

Modified Files:
	Makefile.am auth-master-connection.c auth-master-connection.h 
	auth-request-handler.c auth-request-handler.h auth-request.c 
	auth-request.h auth.c auth.h common.h main.c passdb-bsdauth.c 
	passdb-checkpassword.c passdb-ldap.c passdb-pam.c 
	passdb-passwd-file.c passdb-passwd.c passdb-shadow.c 
	passdb-sql.c passdb-vpopmail.c passdb.c passdb.h userdb-ldap.c 
	userdb-passdb.c userdb-passwd-file.c userdb-passwd.c 
	userdb-sql.c userdb-static.c userdb-vpopmail.c userdb.h 
Removed Files:
	auth-request-balancer-child.c auth-request-balancer-worker.c 
	auth-request-balancer.h auth-request-handler-balancer.c 
	auth-request-handler-default.c 
Log Message:
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
the balancer itself took as much CPU as the actual workers because it acted
as a proxy.

Now auth worker means different thing: they're used to execute blocking
passdb and userdb queries. Currently just MySQL (PAM and checkpassword in
TODO).



Index: Makefile.am
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/Makefile.am,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -d -r1.44 -r1.45
--- Makefile.am	9 Jan 2005 16:54:48 -0000	1.44
+++ Makefile.am	28 Feb 2005 22:19:21 -0000	1.45
@@ -38,11 +38,9 @@
 	auth-master-connection.c \
 	auth-module.c \
 	auth-request.c \
-	auth-request-balancer-child.c \
-	auth-request-balancer-worker.c \
 	auth-request-handler.c \
-	auth-request-handler-balancer.c \
-	auth-request-handler-default.c \
+	auth-worker-client.c \
+	auth-worker-server.c \
 	db-ldap.c \
 	db-sql.c \
 	db-passwd-file.c \
@@ -57,6 +55,7 @@
 	mech-rpa.c \
 	mech-apop.c \
 	passdb.c \
+	passdb-blocking.c \
 	passdb-bsdauth.c \
 	passdb-cache.c \
 	passdb-ldap.c \
@@ -68,6 +67,7 @@
 	passdb-vpopmail.c \
 	passdb-sql.c \
 	userdb.c \
+	userdb-blocking.c \
 	userdb-ldap.c \
 	userdb-passdb.c \
 	userdb-passwd.c \
@@ -85,8 +85,9 @@
 	auth-master-connection.h \
 	auth-module.h \
 	auth-request.h \
-	auth-request-balancer.h \
 	auth-request-handler.h \
+	auth-worker-client.h \
+	auth-worker-server.h \
 	db-ldap.h \
 	db-sql.h \
 	db-passwd-file.h \
@@ -94,9 +95,11 @@
 	mech.h \
 	mycrypt.h \
 	passdb.h \
+	passdb-blocking.h \
 	passdb-cache.h \
 	password-scheme.h \
 	userdb.h \
+	userdb-blocking.h \
 	userdb-vpopmail.h
 
 checkpassword_reply_LDADD = \

Index: auth-master-connection.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-master-connection.c,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -d -r1.28 -r1.29
--- auth-master-connection.c	12 Feb 2005 13:47:20 -0000	1.28
+++ auth-master-connection.c	28 Feb 2005 22:19:21 -0000	1.29
@@ -10,7 +10,6 @@
 #include "network.h"
 #include "userdb.h"
 #include "auth-request-handler.h"
-#include "auth-request-balancer.h"
 #include "auth-master-interface.h"
 #include "auth-client-connection.h"
 #include "auth-master-connection.h"
@@ -292,10 +291,6 @@
 			auth_master_connection_set_fd(l->master, fd);
 			auth_master_connection_send_handshake(l->master);
 			break;
-		case LISTENER_BALANCER:
-			/* worker process connected to us */
-			auth_request_balancer_add_child(fd);
-			break;
 		}
 	}
 }

Index: auth-master-connection.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-master-connection.h,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- auth-master-connection.h	9 Jan 2005 16:54:48 -0000	1.9
+++ auth-master-connection.h	28 Feb 2005 22:19:21 -0000	1.10
@@ -3,8 +3,7 @@
 
 enum listener_type {
 	LISTENER_MASTER,
-	LISTENER_CLIENT,
-	LISTENER_BALANCER
+	LISTENER_CLIENT
 };
 
 struct auth_master_connection {

--- auth-request-balancer-child.c DELETED ---

--- auth-request-balancer-worker.c DELETED ---

--- auth-request-balancer.h DELETED ---

--- auth-request-handler-balancer.c DELETED ---

--- auth-request-handler-default.c DELETED ---

Index: auth-request-handler.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-request-handler.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- auth-request-handler.c	9 Jan 2005 16:54:48 -0000	1.2
+++ auth-request-handler.c	28 Feb 2005 22:19:21 -0000	1.3
@@ -1,10 +1,36 @@
 /* Copyright (C) 2005 Timo Sirainen */
 
 #include "common.h"
+#include "ioloop.h"
+#include "buffer.h"
+#include "base64.h"
+#include "hash.h"
+#include "str.h"
+#include "str-sanitize.h"
+#include "auth-request.h"
 #include "auth-request-handler.h"
-#include "auth-request-balancer.h"
 
-struct auth_request_handler_api *auth_request_handler_api;
+#include <stdlib.h>
+
+struct auth_request_handler {
+	int refcount;
+	pool_t pool;
+	struct hash_table *requests;
+
+        struct auth *auth;
+        unsigned int connect_uid, client_pid;
+
+	auth_request_callback_t *callback;
+	void *context;
+
+	auth_request_callback_t *master_callback;
+	void *master_context;
+
+	unsigned int prepend_connect_uid:1;
+};
+
+static buffer_t *auth_failures_buf;
+static struct timeout *to_auth_failures;
 
 struct auth_request_handler *
 auth_request_handler_create(struct auth *auth, int prepend_connect_uid,
@@ -12,62 +38,437 @@
 			    auth_request_callback_t *master_callback,
 			    void *master_context)
 {
-	return auth_request_handler_api->
-		create(auth, prepend_connect_uid, callback, context,
-		       master_callback, master_context);
+	struct auth_request_handler *handler;
+	pool_t pool;
+
+	pool = pool_alloconly_create("auth request handler", 4096);
+
+	handler = p_new(pool, struct auth_request_handler, 1);
+	handler->refcount = 1;
+	handler->pool = pool;
+	handler->requests = hash_create(default_pool, pool, 0, NULL, NULL);
+	handler->auth = auth;
+	handler->callback = callback;
+	handler->context = context;
+	handler->master_callback = master_callback;
+	handler->master_context = master_context;
+	handler->prepend_connect_uid = prepend_connect_uid;
+	return handler;
+}
+
+void auth_request_handler_unref(struct auth_request_handler *handler)
+{
+	struct hash_iterate_context *iter;
+	void *key, *value;
+
+	i_assert(handler->refcount > 0);
+	if (--handler->refcount > 0)
+		return;
+
+	iter = hash_iterate_init(handler->requests);
+	while (hash_iterate(iter, &key, &value))
+		auth_request_unref(value);
+	hash_iterate_deinit(iter);
+
+	/* notify parent that we're done with all requests */
+	handler->callback(NULL, handler->context);
+
+	hash_destroy(handler->requests);
+	pool_unref(handler->pool);
 }
 
 void auth_request_handler_set(struct auth_request_handler *handler,
 			      unsigned int connect_uid,
 			      unsigned int client_pid)
 {
-	auth_request_handler_api->set(handler, connect_uid, client_pid);
+	handler->connect_uid = connect_uid;
+	handler->client_pid = client_pid;
 }
 
-void auth_request_handler_unref(struct auth_request_handler *handler)
+static void auth_request_handler_remove(struct auth_request_handler *handler,
+					struct auth_request *request)
 {
-	auth_request_handler_api->unref(handler);
+	hash_remove(handler->requests, POINTER_CAST(request->id));
+	auth_request_unref(request);
 }
 
 void auth_request_handler_check_timeouts(struct auth_request_handler *handler)
 {
-        auth_request_handler_api->check_timeouts(handler);
+	struct hash_iterate_context *iter;
+	void *key, *value;
+
+	iter = hash_iterate_init(handler->requests);
+	while (hash_iterate(iter, &key, &value)) {
+		struct auth_request *request = value;
+
+		if (request->created + AUTH_REQUEST_TIMEOUT < ioloop_time)
+			auth_request_handler_remove(handler, request);
+	}
+	hash_iterate_deinit(iter);
+}
+
+static const char *get_client_extra_fields(struct auth_request *request)
+{
+	const char **fields;
+	unsigned int src, dest;
+
+	if (request->extra_fields == NULL)
+		return NULL;
+
+	/* we only wish to remove all fields prefixed with "userdb_" */
+	if (strstr(str_c(request->extra_fields), "userdb_") == NULL)
+		return str_c(request->extra_fields);
+
+	fields = t_strsplit(str_c(request->extra_fields), "\t");
+	for (src = dest = 0; fields[src] != NULL; src++) {
+		if (strncmp(fields[src], "userdb_", 7) != 0)
+			fields[dest++] = fields[src];
+	}
+	fields[dest] = NULL;
+	return t_strarray_join(fields, "\t");
+}
+
+static void auth_callback(struct auth_request *request,
+			  enum auth_client_result result,
+			  const void *reply, size_t reply_size)
+{
+        struct auth_request_handler *handler = request->context;
+	string_t *str;
+	const char *fields;
+
+	t_push();
+
+	str = t_str_new(128 + MAX_BASE64_ENCODED_SIZE(reply_size));
+	if (handler->prepend_connect_uid)
+		str_printfa(str, "%u\t", request->connect_uid);
+
+	switch (result) {
+	case AUTH_CLIENT_RESULT_CONTINUE:
+		str_printfa(str, "CONT\t%u\t", request->id);
+		base64_encode(reply, reply_size, str);
+                request->accept_input = TRUE;
+		handler->callback(str_c(str), handler->context);
+		break;
+	case AUTH_CLIENT_RESULT_SUCCESS:
+		str_printfa(str, "OK\t%u\tuser=%s", request->id, request->user);
+		if (reply_size > 0) {
+			str_append(str, "\tresp=");
+			base64_encode(reply, reply_size, str);
+		}
+		fields = get_client_extra_fields(request);
+		if (fields != NULL) {
+			str_append_c(str, '\t');
+			str_append(str, fields);
+		}
+
+		if (request->no_login || handler->master_callback == NULL) {
+			/* this request doesn't have to wait for master
+			   process to pick it up. delete it */
+			auth_request_handler_remove(handler, request);
+		}
+		handler->callback(str_c(str), handler->context);
+		break;
+	case AUTH_CLIENT_RESULT_FAILURE:
+		str_printfa(str, "FAIL\t%u", request->id);
+		if (request->user != NULL)
+			str_printfa(str, "\tuser=%s", request->user);
+		if (request->internal_failure)
+			str_append(str, "\ttemp");
+		fields = get_client_extra_fields(request);
+		if (fields != NULL) {
+			str_append_c(str, '\t');
+			str_append(str, fields);
+		}
+
+		if (request->delayed_failure) {
+			/* we came here from flush_failures() */
+			handler->callback(str_c(str), handler->context);
+			break;
+		}
+
+		/* remove the request from requests-list */
+		auth_request_ref(request);
+		auth_request_handler_remove(handler, request);
+
+		if (request->no_failure_delay) {
+			/* passdb specifically requested not to delay the
+			   reply. */
+			handler->callback(str_c(str), handler->context);
+			auth_request_unref(request);
+		} else {
+			/* failure. don't announce it immediately to avoid
+			   a) timing attacks, b) flooding */
+			request->delayed_failure = TRUE;
+			handler->refcount++;
+			buffer_append(auth_failures_buf,
+				      &request, sizeof(request));
+		}
+		break;
+	}
+	/* NOTE: request may be destroyed now */
+
+        auth_request_handler_unref(handler);
+
+	t_pop();
+}
+
+static void auth_request_handler_auth_fail(struct auth_request_handler *handler,
+					   struct auth_request *request,
+					   const char *reason)
+{
+	string_t *reply = t_str_new(64);
+
+	auth_request_log_info(request, request->mech->mech_name, "%s", reason);
+
+	if (handler->prepend_connect_uid)
+		str_printfa(reply, "%u\t", request->connect_uid);
+	str_printfa(reply, "FAIL\t%u\treason=%s", request->id, reason);
+	handler->callback(str_c(reply), handler->context);
+
+	auth_request_handler_remove(handler, request);
 }
 
 int auth_request_handler_auth_begin(struct auth_request_handler *handler,
 				    const char *args)
 {
-        return auth_request_handler_api->auth_begin(handler, args);
+	struct mech_module *mech;
+	struct auth_request *request;
+	const char *const *list, *name, *arg, *initial_resp;
+	const void *initial_resp_data;
+	size_t initial_resp_len;
+	unsigned int id;
+	buffer_t *buf;
+	int valid_client_cert;
+
+	/* <id> <mechanism> [...] */
+	list = t_strsplit(args, "\t");
+	if (list[0] == NULL || list[1] == NULL) {
+		i_error("BUG: Authentication client %u "
+			"sent broken AUTH request", handler->client_pid);
+		return FALSE;
+	}
+
+	id = (unsigned int)strtoul(list[0], NULL, 10);
+
+	mech = mech_module_find(list[1]);
+	if (mech == NULL) {
+		/* unsupported mechanism */
+		i_error("BUG: Authentication client %u requested unsupported "
+			"authentication mechanism %s", handler->client_pid,
+			str_sanitize(list[1], MAX_MECH_NAME_LEN));
+		return FALSE;
+	}
+
+	request = auth_request_new(handler->auth, mech, auth_callback, handler);
+	request->connect_uid = handler->connect_uid;
+	request->client_pid = handler->client_pid;
+	request->id = id;
+
+	/* parse optional parameters */
+	initial_resp = NULL;
+	valid_client_cert = FALSE;
+	for (list += 2; *list != NULL; list++) {
+		arg = strchr(*list, '=');
+		if (arg == NULL) {
+			name = *list;
+			arg = "";
+		} else {
+			name = t_strdup_until(*list, arg);
+			arg++;
+		}
+
+		if (strcmp(name, "lip") == 0)
+			(void)net_addr2ip(arg, &request->local_ip);
+		else if (strcmp(name, "rip") == 0)
+			(void)net_addr2ip(arg, &request->remote_ip);
+		else if (strcmp(name, "service") == 0)
+			request->service = p_strdup(request->pool, arg);
+		else if (strcmp(name, "resp") == 0)
+			initial_resp = arg;
+		else if (strcmp(name, "valid-client-cert") == 0)
+			valid_client_cert = TRUE;
+	}
+
+	if (request->service == NULL) {
+		i_error("BUG: Authentication client %u "
+			"didn't specify service in request",
+			handler->client_pid);
+		auth_request_unref(request);
+		return FALSE;
+	}
+
+	hash_insert(handler->requests, POINTER_CAST(id), request);
+
+	if (request->auth->ssl_require_client_cert && !valid_client_cert) {
+		/* we fail without valid certificate */
+                auth_request_handler_auth_fail(handler, request,
+			"Client didn't present valid SSL certificate");
+		return TRUE;
+	}
+
+	if (initial_resp == NULL) {
+		initial_resp_data = NULL;
+		initial_resp_len = 0;
+	} else {
+		size_t len = strlen(initial_resp);
+		buf = buffer_create_dynamic(pool_datastack_create(),
+					    MAX_BASE64_DECODED_SIZE(len));
+		if (base64_decode(initial_resp, len, NULL, buf) < 0) {
+                        auth_request_handler_auth_fail(handler, request,
+				"Invalid base64 data in initial response");
+			return TRUE;
+		}
+		initial_resp_data = buf->data;
+		initial_resp_len = buf->used;
+	}
+
+	/* handler is referenced until auth_callback is called. */
+	handler->refcount++;
+	auth_request_initial(request, initial_resp_data, initial_resp_len);
+	return TRUE;
 }
 
 int auth_request_handler_auth_continue(struct auth_request_handler *handler,
 				       const char *args)
 {
-	return auth_request_handler_api->auth_continue(handler, args);
+	struct auth_request *request;
+	const char *data;
+	size_t data_len;
+	buffer_t *buf;
+	unsigned int id;
+
+	data = strchr(args, '\t');
+	if (data++ == NULL) {
+		i_error("BUG: Authentication client sent broken CONT request");
+		return FALSE;
+	}
+
+	id = (unsigned int)strtoul(args, NULL, 10);
+
+	request = hash_lookup(handler->requests, POINTER_CAST(id));
+	if (request == NULL) {
+		string_t *reply = t_str_new(64);
+
+		if (handler->prepend_connect_uid)
+			str_printfa(reply, "%u\t", handler->connect_uid);
+		str_printfa(reply, "FAIL\t%u\treason=Timeouted", id);
+		handler->callback(str_c(reply), handler->context);
+		return TRUE;
+	}
+
+	/* accept input only once after mechanism has sent a CONT reply */
+	if (!request->accept_input) {
+		auth_request_handler_auth_fail(handler, request,
+					       "Unexpected continuation");
+		return TRUE;
+	}
+	request->accept_input = FALSE;
+
+	data_len = strlen(data);
+	buf = buffer_create_dynamic(pool_datastack_create(),
+				    MAX_BASE64_DECODED_SIZE(data_len));
+	if (base64_decode(data, data_len, NULL, buf) < 0) {
+		auth_request_handler_auth_fail(handler, request,
+			"Invalid base64 data in continued response");
+		return TRUE;
+	}
+
+	/* handler is referenced until auth_callback is called. */
+	handler->refcount++;
+	auth_request_continue(request, buf->data, buf->used);
+	return TRUE;
+}
+
+static void userdb_callback(const char *result, struct auth_request *request)
+{
+        struct auth_request_handler *handler = request->context;
+	string_t *reply;
+
+	reply = t_str_new(256);
+	if (handler->prepend_connect_uid)
+		str_printfa(reply, "%u\t", request->connect_uid);
+	if (result == NULL)
+		str_printfa(reply, "NOTFOUND\t%u", request->id);
+	else {
+		str_printfa(reply, "USER\t%u\t", request->id);
+		str_append(reply, result);
+	}
+	handler->master_callback(str_c(reply), handler->master_context);
+
+	auth_request_unref(request);
+        auth_request_handler_unref(handler);
 }
 
 void auth_request_handler_master_request(struct auth_request_handler *handler,
 					 unsigned int id,
 					 unsigned int client_id)
 {
-        auth_request_handler_api->master_request(handler, id, client_id);
+	struct auth_request *request;
+	string_t *reply;
+
+	reply = t_str_new(64);
+	if (handler->prepend_connect_uid)
+		str_printfa(reply, "%u\t", handler->connect_uid);
+
+	request = hash_lookup(handler->requests, POINTER_CAST(client_id));
+	if (request == NULL) {
+		i_error("Master request %u.%u not found",
+			handler->client_pid, client_id);
+		str_printfa(reply, "NOTFOUND\t%u", id);
+		handler->master_callback(str_c(reply), handler->master_context);
+		return;
+	}
+
+	auth_request_ref(request);
+	auth_request_handler_remove(handler, request);
+
+	if (!request->successful) {
+		i_error("Master requested unfinished authentication request "
+			"%u.%u", handler->client_pid, client_id);
+		str_printfa(reply, "NOTFOUND\t%u", id);
+		handler->master_callback(str_c(reply), handler->master_context);
+	} else {
+		/* the request isn't being referenced anywhere anymore,
+		   so we can do a bit of kludging.. replace the request's
+		   old client_id with master's id. */
+		request->id = id;
+		request->context = handler;
+
+		/* handler is referenced until userdb_callback is called. */
+		handler->refcount++;
+		auth_request_lookup_user(request, userdb_callback);
+	}
 }
 
-void auth_request_handlers_flush_failures(void)
+void auth_request_handler_flush_failures(void)
 {
-        auth_request_handler_api->flush_failures();
+	struct auth_request **auth_request;
+	size_t i, size;
+
+	auth_request = buffer_get_modifyable_data(auth_failures_buf, &size);
+	size /= sizeof(*auth_request);
+
+	for (i = 0; i < size; i++) {
+		auth_request[i]->callback(auth_request[i],
+					  AUTH_CLIENT_RESULT_FAILURE, NULL, 0);
+		auth_request_unref(auth_request[i]);
+	}
+	buffer_set_used_size(auth_failures_buf, 0);
 }
 
-void auth_request_handlers_init(int balancer)
+static void auth_failure_timeout(void *context __attr_unused__)
 {
-	/* use balancer if we have it */
-	auth_request_handler_api = balancer ?
-		&auth_request_handler_balancer : &auth_request_handler_default;
+	auth_request_handler_flush_failures();
+}
 
-        auth_request_handler_api->init();
+void auth_request_handler_init(void)
+{
+	auth_failures_buf = buffer_create_dynamic(default_pool, 1024);
+        to_auth_failures = timeout_add(2000, auth_failure_timeout, NULL);
 }
 
-void auth_request_handlers_deinit(void)
+void auth_request_handler_deinit(void)
 {
-        auth_request_handler_api->deinit();
+	buffer_free(auth_failures_buf);
+	timeout_remove(to_auth_failures);
 }

Index: auth-request-handler.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-request-handler.h,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- auth-request-handler.h	9 Jan 2005 16:54:48 -0000	1.2
+++ auth-request-handler.h	28 Feb 2005 22:19:21 -0000	1.3
@@ -5,35 +5,6 @@
 
 typedef void auth_request_callback_t(const char *reply, void *context);
 
-struct auth_request_handler_api {
-	struct auth_request_handler *
-		(*create)(struct auth *auth, int prepend_connect_uid,
-			  auth_request_callback_t *callback, void *context,
-			  auth_request_callback_t *master_callback,
-			  void *master_context);
-	void (*unref)(struct auth_request_handler *handler);
-
-	void (*set)(struct auth_request_handler *handler,
-		    unsigned int connect_uid, unsigned int client_pid);
-
-	void (*check_timeouts)(struct auth_request_handler *handler);
-	int (*auth_begin)(struct auth_request_handler *handler,
-			  const char *args);
-	int (*auth_continue)(struct auth_request_handler *handler,
-			     const char *args);
-	void (*master_request)(struct auth_request_handler *handler,
-			       unsigned int id, unsigned int client_id);
-
-	void (*flush_failures)(void);
-
-	void (*init)(void);
-	void (*deinit)(void);
-};
-
-extern struct auth_request_handler_api auth_request_handler_default;
-extern struct auth_request_handler_api auth_request_handler_balancer;
-extern struct auth_request_handler_api *auth_request_handler_api;
-
 struct auth_request_handler *
 auth_request_handler_create(struct auth *auth, int prepend_connect_uid,
 			    auth_request_callback_t *callback, void *context,
@@ -55,9 +26,9 @@
 					 unsigned int id,
 					 unsigned int client_id);
 
-void auth_request_handlers_flush_failures(void);
+void auth_request_handler_flush_failures(void);
 
-void auth_request_handlers_init(int balancer);
-void auth_request_handlers_deinit(void);
+void auth_request_handler_init(void);
+void auth_request_handler_deinit(void);
 
 #endif

Index: auth-request.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-request.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- auth-request.c	26 Feb 2005 23:21:43 -0000	1.10
+++ auth-request.c	28 Feb 2005 22:19:21 -0000	1.11
@@ -12,6 +12,8 @@
 #include "auth-client-connection.h"
 #include "auth-master-connection.h"
 #include "passdb.h"
+#include "passdb-blocking.h"
+#include "userdb-blocking.h"
 #include "passdb-cache.h"
 
 struct auth_request *
@@ -72,6 +74,18 @@
 	return FALSE;
 }
 
+void auth_request_export(struct auth_request *request, string_t *str)
+{
+	str_append(str, "user=");
+	str_append(str, request->user);
+	str_append(str, "\tservice=");
+	str_append(str, request->service);
+	str_append(str, "\tlip=");
+	str_append(str, net_ip2addr(&request->local_ip));
+	str_append(str, "\trip=");
+	str_append(str, net_ip2addr(&request->remote_ip));
+}
+
 void auth_request_initial(struct auth_request *request,
 			  const unsigned char *data, size_t data_size)
 {
@@ -105,17 +119,21 @@
 		return;
 	}
 
+	if (request->passdb_password == NULL) {
+		/* no password given by passdb, cannot cache this */
+		return;
+	}
+
 	/* save all except the currently given password in cache */
 	str = t_str_new(32 + str_len(request->extra_fields));
-	if (request->passdb_password != NULL) {
-		if (*request->passdb_password != '{') {
-			/* cached passwords must have a known scheme */
-			str_append_c(str, '{');
-			str_append(str, passdb->default_pass_scheme);
-			str_append_c(str, '}');
-		}
-		str_append(str, request->passdb_password);
+	if (*request->passdb_password != '{') {
+		/* cached passwords must have a known scheme */
+		str_append_c(str, '{');
+		str_append(str, passdb->default_pass_scheme);
+		str_append_c(str, '}');
 	}
+	str_append(str, request->passdb_password);
+
 	if (request->extra_fields != NULL) {
 		str_append_c(str, '\t');
 		str_append_str(str, request->extra_fields);
@@ -127,8 +145,8 @@
 	auth_cache_insert(passdb_cache, request, passdb->cache_key, str_c(str));
 }
 
-static void auth_request_verify_plain_callback(enum passdb_result result,
-					       struct auth_request *request)
+void auth_request_verify_plain_callback(enum passdb_result result,
+					struct auth_request *request)
 {
         auth_request_save_cache(request, result);
 
@@ -157,6 +175,7 @@
 	const char *cache_key;
 
 	request->mech_password = p_strdup(request->pool, password);
+	request->private_callback.verify_plain = callback;
 
 	cache_key = passdb_cache == NULL ? NULL : passdb->cache_key;
 	if (cache_key != NULL) {
@@ -167,15 +186,17 @@
 		}
 	}
 
-	request->private_callback.verify_plain = callback;
-	passdb->verify_plain(request, password,
-			     auth_request_verify_plain_callback);
+	if (passdb->blocking)
+		passdb_blocking_verify_plain(request);
+	else {
+		passdb->verify_plain(request, password,
+				     auth_request_verify_plain_callback);
+	}
 }
 
-static void
-auth_request_lookup_credentials_callback(enum passdb_result result,
-					 const char *credentials,
-					 struct auth_request *request)
+void auth_request_lookup_credentials_callback(enum passdb_result result,
+					      const char *credentials,
+					      struct auth_request *request)
 {
         auth_request_save_cache(request, result);
 
@@ -208,15 +229,26 @@
 		}
 	}
 
+	request->credentials = credentials;
 	request->private_callback.lookup_credentials = callback;
-	passdb->lookup_credentials(request, credentials,
-				   auth_request_lookup_credentials_callback);
+
+	if (passdb->blocking)
+		passdb_blocking_lookup_credentials(request);
+	else {
+		passdb->lookup_credentials(request, credentials,
+			auth_request_lookup_credentials_callback);
+	}
 }
 
 void auth_request_lookup_user(struct auth_request *request,
-			      userdb_callback_t *callback, void *context)
+			      userdb_callback_t *callback)
 {
-	request->auth->userdb->lookup(request, callback, context);
+	struct userdb_module *userdb = request->auth->userdb;
+
+	if (userdb->blocking)
+		userdb_blocking_lookup(request, callback);
+	else
+		userdb->lookup(request, callback);
 }
 
 int auth_request_set_username(struct auth_request *request,

Index: auth-request.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-request.h,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- auth-request.h	26 Feb 2005 22:55:03 -0000	1.9
+++ auth-request.h	28 Feb 2005 22:19:21 -0000	1.10
@@ -30,8 +30,10 @@
 
 	union {
 		verify_plain_callback_t *verify_plain;
-                lookup_credentials_callback_t *lookup_credentials;
+		lookup_credentials_callback_t *lookup_credentials;
+                userdb_callback_t *userdb;
 	} private_callback;
+        enum passdb_credentials credentials;
 
 	mech_callback_t *callback;
 	void *context;
@@ -58,6 +60,8 @@
 void auth_request_fail(struct auth_request *request);
 void auth_request_internal_failure(struct auth_request *request);
 
+void auth_request_export(struct auth_request *request, string_t *str);
+
 void auth_request_initial(struct auth_request *request,
 			  const unsigned char *data, size_t data_size);
 void auth_request_continue(struct auth_request *request,
@@ -70,7 +74,7 @@
 				     enum passdb_credentials credentials,
 				     lookup_credentials_callback_t *callback);
 void auth_request_lookup_user(struct auth_request *request,
-			      userdb_callback_t *callback, void *context);
+			      userdb_callback_t *callback);
 
 int auth_request_set_username(struct auth_request *request,
 			      const char *username, const char **error_r);
@@ -92,4 +96,10 @@
 			    const char *subsystem,
 			    const char *format, ...) __attr_format__(3, 4);
 
+void auth_request_verify_plain_callback(enum passdb_result result,
+					struct auth_request *request);
+void auth_request_lookup_credentials_callback(enum passdb_result result,
+					      const char *credentials,
+					      struct auth_request *request);
+
 #endif

Index: auth.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth.c,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- auth.c	9 Jan 2005 16:54:48 -0000	1.13
+++ auth.c	28 Feb 2005 22:19:21 -0000	1.14
@@ -9,7 +9,6 @@
 #include "passdb.h"
 #include "auth.h"
 #include "auth-request-handler.h"
-#include "auth-request-balancer.h"
 
 #include <stdlib.h>
 #include <unistd.h>
@@ -174,8 +173,5 @@
 	userdb_deinit(auth);
 	passdb_deinit(auth);
 
-	if (auth->balancer_worker != NULL)
-		auth_request_balancer_worker_destroy(auth->balancer_worker);
-
 	str_free(auth->mech_handshake);
 }

Index: auth.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth.h,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -d -r1.11 -r1.12
--- auth.h	9 Jan 2005 16:54:48 -0000	1.11
+++ auth.h	28 Feb 2005 22:19:21 -0000	1.12
@@ -1,11 +1,7 @@
 #ifndef __AUTH_H
 #define __AUTH_H
 
-struct auth_balancer_worker;
-
 struct auth {
-	struct auth_balancer_worker *balancer_worker;
-
 	struct mech_module_list *mech_modules;
 	buffer_t *mech_handshake;
 

Index: common.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/common.h,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -d -r1.11 -r1.12
--- common.h	9 Jan 2005 16:54:48 -0000	1.11
+++ common.h	28 Feb 2005 22:19:21 -0000	1.12
@@ -6,10 +6,10 @@
 
 #define MASTER_SOCKET_FD 0
 #define CLIENT_LISTEN_FD 3
-#define BALANCER_LISTEN_FD 4
+#define WORKER_SERVER_FD 4
 
 extern struct ioloop *ioloop;
-extern int standalone;
+extern int standalone, worker;
 extern time_t process_start_time;
 
 #endif

Index: main.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/main.c,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -d -r1.40 -r1.41
--- main.c	9 Jan 2005 18:52:36 -0000	1.40
+++ main.c	28 Feb 2005 22:19:21 -0000	1.41
@@ -12,7 +12,8 @@
 #include "mech.h"
 #include "auth.h"
 #include "auth-request-handler.h"
-#include "auth-request-balancer.h"
+#include "auth-worker-server.h"
+#include "auth-worker-client.h"
 #include "auth-master-interface.h"
 #include "auth-master-connection.h"
 #include "auth-client-connection.h"
@@ -26,12 +27,12 @@
 #include <sys/stat.h>
 
 struct ioloop *ioloop;
-int standalone = FALSE;
+int standalone = FALSE, worker = FALSE;
 time_t process_start_time;
 
 static buffer_t *masters_buf;
 static struct auth *auth;
-static int balancer = FALSE, balancer_worker = FALSE;
+static struct auth_worker_client *worker_client;
 
 static void sig_quit(int signo __attr_unused__)
 {
@@ -186,7 +187,7 @@
         password_schemes_init();
 
 	masters_buf = buffer_create_dynamic(default_pool, 64);
-	if (!balancer_worker)
+	if (!worker)
 		add_extra_listeners();
 
 	/* Password lookups etc. may require roots, allow it. */
@@ -199,12 +200,17 @@
 	size_t i, size;
 
         process_start_time = ioloop_time;
+	lib_init_signals(sig_quit);
 
 	mech_init();
 	auth_init(auth);
-	auth_request_handlers_init(balancer);
+	auth_request_handler_init();
 
-	lib_init_signals(sig_quit);
+	if (worker) {
+		worker_client =
+			auth_worker_client_create(auth, WORKER_SERVER_FD);
+		return;
+	}
 
 	standalone = getenv("DOVECOT_MASTER") == NULL;
 	if (standalone) {
@@ -232,23 +238,12 @@
 			if (chdir("/") < 0)
 				i_fatal("chdir(/) failed: %m");
 		}
-	} else if (!balancer_worker) {
+	} else {
 		master = auth_master_connection_create(auth, MASTER_SOCKET_FD);
 		auth_master_connection_add_listener(master, CLIENT_LISTEN_FD,
 						    NULL, LISTENER_CLIENT);
-		if (balancer) {
-			auth_master_connection_add_listener(master,
-							    BALANCER_LISTEN_FD,
-							    NULL,
-							    LISTENER_BALANCER);
-		}
 		auth_client_connections_init(master);
 		buffer_append(masters_buf, &master, sizeof(master));
-	} else {
-		master = auth_master_connection_create(auth, MASTER_SOCKET_FD);
-		buffer_append(masters_buf, &master, sizeof(master));
-
-		auth_request_balancer_worker_init(auth);
 	}
 
 	/* everything initialized, notify masters that all is well */
@@ -266,21 +261,23 @@
         if (lib_signal_kill != 0)
 		i_warning("Killed with signal %d", lib_signal_kill);
 
-	auth_request_handlers_flush_failures();
-
-	if (balancer_worker)
-		auth_request_balancer_worker_deinit();
+	if (worker_client != NULL)
+		auth_worker_client_destroy(worker_client);
+	else {
+		auth_request_handler_flush_failures();
 
-	master = buffer_get_modifyable_data(masters_buf, &size);
-	size /= sizeof(*master);
-	for (i = 0; i < size; i++)
-		auth_master_connection_destroy(master[i]);
+		master = buffer_get_modifyable_data(masters_buf, &size);
+		size /= sizeof(*master);
+		for (i = 0; i < size; i++)
+			auth_master_connection_destroy(master[i]);
+	}
 
-        password_schemes_deinit();
-	auth_request_handlers_deinit();
+	auth_request_handler_deinit();
 	auth_deinit(auth);
 	mech_deinit();
 
+        auth_worker_server_deinit();
+        password_schemes_deinit();
 	random_deinit();
 
 	closelog();
@@ -292,7 +289,7 @@
 
 #ifdef DEBUG
 	if (getenv("GDB") == NULL)
-		fd_debug_verify_leaks(BALANCER_LISTEN_FD + 1, 1024);
+		fd_debug_verify_leaks(WORKER_SERVER_FD + 1, 1024);
 #endif
 	/* NOTE: we start rooted, so keep the code minimal until
 	   restrict_access_by_env() is called */
@@ -302,10 +299,8 @@
 	while (argv[1] != NULL) {
 		if (strcmp(argv[1], "-F") == 0)
 			foreground = TRUE;
-		else if (strcmp(argv[1], "-b") == 0)
-			balancer = TRUE;
-		else if (strcmp(argv[1], "-bw") == 0)
-			balancer_worker = TRUE;
+		else if (strcmp(argv[1], "-w") == 0)
+			worker = TRUE;
 		argv++;
 	}
 

Index: passdb-bsdauth.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-bsdauth.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- passdb-bsdauth.c	26 Feb 2005 22:55:03 -0000	1.7
+++ passdb-bsdauth.c	28 Feb 2005 22:19:21 -0000	1.8
@@ -58,7 +58,7 @@
 
 struct passdb_module passdb_bsdauth = {
 	"bsdauth",
-	"%u", "CRYPT",
+	"%u", "CRYPT", FALSE,
 
 	NULL, NULL,
 	bsdauth_deinit,

Index: passdb-checkpassword.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-checkpassword.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- passdb-checkpassword.c	26 Feb 2005 22:55:03 -0000	1.7
+++ passdb-checkpassword.c	28 Feb 2005 22:19:21 -0000	1.8
@@ -343,7 +343,7 @@
 
 struct passdb_module passdb_checkpassword = {
 	"checkpassword",
-	NULL, NULL,
+	NULL, NULL, FALSE,
 
 	NULL,
 	checkpassword_init,

Index: passdb-ldap.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-ldap.c,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -d -r1.24 -r1.25
--- passdb-ldap.c	26 Feb 2005 22:55:03 -0000	1.24
+++ passdb-ldap.c	28 Feb 2005 22:19:21 -0000	1.25
@@ -239,7 +239,7 @@
 
 struct passdb_module passdb_ldap = {
 	"ldap",
-	NULL, NULL,
+	NULL, NULL, FALSE,
 
 	passdb_ldap_preinit,
 	passdb_ldap_init,

Index: passdb-pam.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-pam.c,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -d -r1.21 -r1.22
--- passdb-pam.c	26 Feb 2005 22:55:03 -0000	1.21
+++ passdb-pam.c	28 Feb 2005 22:19:21 -0000	1.22
@@ -401,7 +401,7 @@
 
 struct passdb_module passdb_pam = {
 	"pam",
-	NULL, NULL,
+	NULL, NULL, FALSE,
 
 	NULL,
 	pam_init,

Index: passdb-passwd-file.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-passwd-file.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -d -r1.15 -r1.16
--- passdb-passwd-file.c	26 Feb 2005 22:55:03 -0000	1.15
+++ passdb-passwd-file.c	28 Feb 2005 22:19:21 -0000	1.16
@@ -84,7 +84,7 @@
 
 struct passdb_module passdb_passwd_file = {
 	"passwd-file",
-	NULL, NULL,
+	NULL, NULL, FALSE,
 
 	NULL,
 	passwd_file_init,

Index: passdb-passwd.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-passwd.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- passdb-passwd.c	26 Feb 2005 22:55:03 -0000	1.10
+++ passdb-passwd.c	28 Feb 2005 22:19:21 -0000	1.11
@@ -55,7 +55,7 @@
 
 struct passdb_module passdb_passwd = {
 	"passwd",
-	"%u", "CRYPT",
+	"%u", "CRYPT", FALSE,
 
 	NULL, NULL,
 	passwd_deinit,

Index: passdb-shadow.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-shadow.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -d -r1.11 -r1.12
--- passdb-shadow.c	26 Feb 2005 22:55:03 -0000	1.11
+++ passdb-shadow.c	28 Feb 2005 22:19:21 -0000	1.12
@@ -55,7 +55,7 @@
 
 struct passdb_module passdb_shadow = {
 	"shadow",
-	"%u", "CRYPT",
+	"%u", "CRYPT", FALSE,
 
 	NULL, NULL,
 	shadow_deinit,

Index: passdb-sql.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-sql.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -d -r1.14 -r1.15
--- passdb-sql.c	26 Feb 2005 22:55:03 -0000	1.14
+++ passdb-sql.c	28 Feb 2005 22:19:21 -0000	1.15
@@ -174,7 +174,12 @@
 
 static void passdb_sql_init(const char *args __attr_unused__)
 {
+	enum sql_db_flags flags;
+
 	db_sql_connect(passdb_sql_conn);
+
+	flags = sql_get_flags(passdb_sql_conn->db);
+	passdb_sql.blocking = (flags & SQL_DB_FLAG_BLOCKING) != 0;
 }
 
 static void passdb_sql_deinit(void)
@@ -185,7 +190,7 @@
 
 struct passdb_module passdb_sql = {
 	"sql",
-	NULL, NULL,
+	NULL, NULL, FALSE,
 
 	passdb_sql_preinit,
 	passdb_sql_init,

Index: passdb-vpopmail.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-vpopmail.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -d -r1.15 -r1.16
--- passdb-vpopmail.c	26 Feb 2005 22:55:03 -0000	1.15
+++ passdb-vpopmail.c	28 Feb 2005 22:19:21 -0000	1.16
@@ -98,7 +98,7 @@
 
 struct passdb_module passdb_vpopmail = {
 	"vpopmail",
-	"%u", "CRYPT",
+	"%u", "CRYPT", FALSE,
 
 	NULL, NULL,
 	vpopmail_deinit,

Index: passdb.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb.c,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -d -r1.32 -r1.33
--- passdb.c	26 Feb 2005 22:55:03 -0000	1.32
+++ passdb.c	28 Feb 2005 22:19:21 -0000	1.33
@@ -3,6 +3,7 @@
 #include "common.h"
 #include "auth-module.h"
 #include "password-scheme.h"
+#include "auth-worker-server.h"
 #include "passdb.h"
 #include "passdb-cache.h"
 
@@ -162,6 +163,11 @@
 
 	i_assert(auth->passdb->default_pass_scheme != NULL ||
 		 auth->passdb->cache_key == NULL);
+
+	if (auth->passdb->blocking && !worker) {
+		/* blocking passdb - we need an auth server */
+		auth_worker_server_init();
+	}
 }
 
 void passdb_deinit(struct auth *auth)

Index: passdb.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb.h,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -d -r1.22 -r1.23
--- passdb.h	26 Feb 2005 22:55:03 -0000	1.22
+++ passdb.h	28 Feb 2005 22:19:21 -0000	1.23
@@ -42,6 +42,9 @@
 	/* Default password scheme for this module.
 	   If cache_key is set, must not be NULL. */
 	const char *default_pass_scheme;
+	/* If blocking is set to TRUE, use child processes to access
+	   this passdb. */
+	int blocking;
 
 	void (*preinit)(const char *args);
 	void (*init)(const char *args);

Index: userdb-ldap.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/userdb-ldap.c,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -d -r1.28 -r1.29
--- userdb-ldap.c	26 Feb 2005 22:55:03 -0000	1.28
+++ userdb-ldap.c	28 Feb 2005 22:19:21 -0000	1.29
@@ -138,7 +138,7 @@
 	if (ret != LDAP_SUCCESS) {
 		auth_request_log_error(auth_request, "ldap",
 			"ldap_search() failed: %s", ldap_err2string(ret));
-		urequest->userdb_callback(NULL, request->context);
+		urequest->userdb_callback(NULL, auth_request);
 		return;
 	}
 
@@ -158,11 +158,11 @@
 		}
 	}
 
-	urequest->userdb_callback(result, request->context);
+	urequest->userdb_callback(result, auth_request);
 }
 
 static void userdb_ldap_lookup(struct auth_request *auth_request,
-			       userdb_callback_t *callback, void *context)
+			       userdb_callback_t *callback)
 {
 	struct ldap_connection *conn = userdb_ldap_conn;
         const struct var_expand_table *vars;
@@ -183,7 +183,6 @@
 
 	request = p_new(auth_request->pool, struct userdb_ldap_request, 1);
 	request->request.callback = handle_request;
-	request->request.context = context;
 	request->auth_request = auth_request;
 	request->userdb_callback = callback;
 
@@ -217,6 +216,7 @@
 
 struct userdb_module userdb_ldap = {
 	"ldap",
+	FALSE,
 
 	userdb_ldap_preinit,
 	userdb_ldap_init,

Index: userdb-passdb.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/userdb-passdb.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- userdb-passdb.c	26 Feb 2005 22:55:03 -0000	1.4
+++ userdb-passdb.c	28 Feb 2005 22:19:21 -0000	1.5
@@ -13,7 +13,7 @@
 #include <stdlib.h>
 
 static void passdb_lookup(struct auth_request *auth_request,
-			  userdb_callback_t *callback, void *context)
+			  userdb_callback_t *callback)
 {
 	const char *const *args;
 	string_t *str;
@@ -24,7 +24,7 @@
 	if (auth_request->extra_fields == NULL) {
 		auth_request_log_error(auth_request, "passdb",
 				       "passdb didn't return userdb entries");
-		callback(NULL, context);
+		callback(NULL, auth_request);
 		return;
 	}
 
@@ -76,14 +76,15 @@
 	}
 
 	if (uid == (uid_t)-1 || gid == (gid_t)-1)
-		callback(NULL, context);
+		callback(NULL, auth_request);
 	else
-		callback(str_c(str), context);
+		callback(str_c(str), auth_request);
 	t_pop();
 }
 
 struct userdb_module userdb_passdb = {
 	"passdb",
+	FALSE,
 
 	NULL,
 	NULL,

Index: userdb-passwd-file.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/userdb-passwd-file.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- userdb-passwd-file.c	12 Feb 2005 13:47:20 -0000	1.12
+++ userdb-passwd-file.c	28 Feb 2005 22:19:21 -0000	1.13
@@ -13,14 +13,14 @@
 struct passwd_file *userdb_pwf = NULL;
 
 static void passwd_file_lookup(struct auth_request *auth_request,
-			       userdb_callback_t *callback, void *context)
+			       userdb_callback_t *callback)
 {
 	struct passwd_user *pu;
 	string_t *str;
 
 	pu = db_passwd_file_lookup(userdb_pwf, auth_request);
 	if (pu == NULL) {
-		callback(NULL, context);
+		callback(NULL, auth_request);
 		return;
 	}
 
@@ -33,7 +33,7 @@
 	if (pu->mail != NULL)
 		str_printfa(str, "\tmail=%s", pu->mail);
 
-	callback(str_c(str), context);
+	callback(str_c(str), auth_request);
 }
 
 static void passwd_file_init(const char *args)
@@ -57,6 +57,7 @@
 
 struct userdb_module userdb_passwd_file = {
 	"passwd-file",
+	FALSE,
 
 	NULL,
 	passwd_file_init,

Index: userdb-passwd.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/userdb-passwd.c,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- userdb-passwd.c	12 Feb 2005 13:47:20 -0000	1.13
+++ userdb-passwd.c	28 Feb 2005 22:19:21 -0000	1.14
@@ -11,7 +11,7 @@
 #include <pwd.h>
 
 static void passwd_lookup(struct auth_request *auth_request,
-			  userdb_callback_t *callback, void *context)
+			  userdb_callback_t *callback)
 {
 	struct passwd *pw;
 	const char *result;
@@ -19,7 +19,7 @@
 	pw = getpwnam(auth_request->user);
 	if (pw == NULL) {
 		auth_request_log_info(auth_request, "passwd", "unknown user");
-		callback(NULL, context);
+		callback(NULL, auth_request);
 		return;
 	}
 
@@ -27,11 +27,12 @@
 				 "home=%s", pw->pw_name, pw->pw_name,
 				 dec2str(pw->pw_uid), dec2str(pw->pw_gid),
 				 pw->pw_dir);
-	callback(result, context);
+	callback(result, auth_request);
 }
 
 struct userdb_module userdb_passwd = {
 	"passwd",
+	FALSE,
 
 	NULL, NULL, NULL,
 	passwd_lookup

Index: userdb-sql.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/userdb-sql.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- userdb-sql.c	12 Feb 2005 13:47:20 -0000	1.7
+++ userdb-sql.c	28 Feb 2005 22:19:21 -0000	1.8
@@ -18,9 +18,10 @@
 struct userdb_sql_request {
 	struct auth_request *auth_request;
 	userdb_callback_t *callback;
-	void *context;
 };
 
+extern struct userdb_module userdb_sql;
+
 static struct sql_connection *userdb_sql_conn;
 
 static const char *sql_query_get_result(struct sql_result *result,
@@ -94,12 +95,12 @@
                 user_result = sql_query_get_result(result, auth_request);
 	}
 
-	sql_request->callback(user_result, sql_request->context);
+	sql_request->callback(user_result, auth_request);
 	i_free(sql_request);
 }
 
 static void userdb_sql_lookup(struct auth_request *auth_request,
-			      userdb_callback_t *callback, void *context)
+			      userdb_callback_t *callback)
 {
 	struct userdb_sql_request *sql_request;
 	string_t *query;
@@ -111,7 +112,6 @@
 
 	sql_request = i_new(struct userdb_sql_request, 1);
 	sql_request->callback = callback;
-	sql_request->context = context;
 	sql_request->auth_request = auth_request;
 
 	auth_request_log_debug(auth_request, "sql", "%s", str_c(query));
@@ -127,7 +127,12 @@
 
 static void userdb_sql_init(const char *args __attr_unused__)
 {
+	enum sql_db_flags flags;
+
 	db_sql_connect(userdb_sql_conn);
+
+	flags = sql_get_flags(userdb_sql_conn->db);
+	userdb_sql.blocking = (flags & SQL_DB_FLAG_BLOCKING) != 0;
 }
 
 static void userdb_sql_deinit(void)
@@ -137,6 +142,7 @@
 
 struct userdb_module userdb_sql = {
 	"sql",
+	FALSE,
 
 	userdb_sql_preinit,
 	userdb_sql_init,

Index: userdb-static.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/userdb-static.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -d -r1.11 -r1.12
--- userdb-static.c	12 Feb 2005 13:47:20 -0000	1.11
+++ userdb-static.c	28 Feb 2005 22:19:21 -0000	1.12
@@ -15,7 +15,7 @@
 static char *static_template;
 
 static void static_lookup(struct auth_request *auth_request,
-			  userdb_callback_t *callback, void *context)
+			  userdb_callback_t *callback)
 {
 	string_t *str;
 
@@ -23,7 +23,7 @@
 	str_append(str, auth_request->user);
 	var_expand(str, static_template,
 		   auth_request_get_var_expand_table(auth_request, NULL));
-	callback(str_c(str), context);
+	callback(str_c(str), auth_request);
 }
 
 static void static_init(const char *args)
@@ -78,6 +78,7 @@
 
 struct userdb_module userdb_static = {
 	"static",
+	FALSE,
 
 	NULL,
 	static_init,

Index: userdb-vpopmail.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/userdb-vpopmail.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -d -r1.14 -r1.15
--- userdb-vpopmail.c	12 Feb 2005 13:47:20 -0000	1.14
+++ userdb-vpopmail.c	28 Feb 2005 22:19:21 -0000	1.15
@@ -42,7 +42,7 @@
 #ifdef USERDB_VPOPMAIL
 
 static void vpopmail_lookup(struct auth_request *auth_request,
-			    userdb_callback_t *callback, void *context)
+			    userdb_callback_t *callback)
 {
 	char vpop_user[VPOPMAIL_LIMIT], vpop_domain[VPOPMAIL_LIMIT];
 	struct vqpasswd *vpw;
@@ -52,7 +52,7 @@
 
 	vpw = vpopmail_lookup_vqp(auth_request, vpop_user, vpop_domain);
 	if (vpw == NULL) {
-		callback(NULL, context);
+		callback(NULL, auth_request);
 		return;
 	}
 
@@ -61,7 +61,7 @@
 	if (vget_assign(vpop_domain, NULL, 0, &uid, &gid) == NULL) {
 		auth_request_log_info(auth_request, "vpopmail",
 				      "vget_assign(%s) failed", vpop_domain);
-		callback(NULL, context);
+		callback(NULL, auth_request);
 		return;
 	}
 
@@ -74,14 +74,14 @@
 			auth_request_log_error(auth_request, "vpopmail",
 					       "make_user_dir(%s, %s) failed",
 					       vpop_user, vpop_domain);
-			callback(NULL, context);
+			callback(NULL, auth_request);
 			return;
 		}
 
 		/* get the user again so pw_dir is visible */
 		vpw = vauth_getpw(vpop_user, vpop_domain);
 		if (vpw == NULL) {
-			callback(NULL, context);
+			callback(NULL, auth_request);
 			return;
 		}
 	}
@@ -90,11 +90,12 @@
 				 vpw->pw_name, dec2str(uid), dec2str(gid),
 				 vpw->pw_dir);
 
-	callback(result, context);
+	callback(result, auth_request);
 }
 
 struct userdb_module userdb_vpopmail = {
 	"vpopmail",
+	FALSE,
 
 	NULL, NULL, NULL,
 	vpopmail_lookup

Index: userdb.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/userdb.h,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -d -r1.20 -r1.21
--- userdb.h	12 Feb 2005 13:47:20 -0000	1.20
+++ userdb.h	28 Feb 2005 22:19:21 -0000	1.21
@@ -3,17 +3,22 @@
 
 struct auth_request;
 
-typedef void userdb_callback_t(const char *result, void *context);
+typedef void userdb_callback_t(const char *result,
+			       struct auth_request *request);
 
 struct userdb_module {
 	const char *name;
 
+	/* If blocking is set to TRUE, use child processes to access
+	   this passdb. */
+	int blocking;
+
 	void (*preinit)(const char *args);
 	void (*init)(const char *args);
 	void (*deinit)(void);
 
 	void (*lookup)(struct auth_request *auth_request,
-		       userdb_callback_t *callback, void *context);
+		       userdb_callback_t *callback);
 };
 
 uid_t userdb_parse_uid(struct auth_request *request, const char *str);



More information about the dovecot-cvs mailing list