dovecot-2.0: auth: Allow clients to specify that they want to sk...
dovecot at dovecot.org
dovecot at dovecot.org
Fri Mar 4 18:52:19 EET 2011
details: http://hg.dovecot.org/dovecot-2.0/rev/bf6749d4db08
changeset: 12643:bf6749d4db08
user: Timo Sirainen <tss at iki.fi>
date: Fri Mar 04 18:51:46 2011 +0200
description:
auth: Allow clients to specify that they want to skip auth penalty check.
This is "safe", because the clients specify the IP for the penalty check
anyway.
diffstat:
src/auth/auth-penalty.c | 4 ++--
src/auth/auth-request.c | 4 ++++
src/auth/auth-request.h | 1 +
src/lib-auth/auth-client-request.c | 2 ++
src/lib-auth/auth-client.h | 4 +++-
5 files changed, 12 insertions(+), 3 deletions(-)
diffs (79 lines):
diff -r d32a23fa160d -r bf6749d4db08 src/auth/auth-penalty.c
--- a/src/auth/auth-penalty.c Fri Mar 04 18:32:09 2011 +0200
+++ b/src/auth/auth-penalty.c Fri Mar 04 18:51:46 2011 +0200
@@ -123,7 +123,7 @@
const char *ident;
ident = auth_penalty_get_ident(auth_request);
- if (penalty->disabled || ident == NULL) {
+ if (penalty->disabled || ident == NULL || auth_request->no_penalty) {
callback(0, auth_request);
return;
}
@@ -155,7 +155,7 @@
const char *ident;
ident = auth_penalty_get_ident(auth_request);
- if (penalty->disabled || ident == NULL)
+ if (penalty->disabled || ident == NULL || auth_request->no_penalty)
return;
if (value > AUTH_PENALTY_MAX_PENALTY) {
diff -r d32a23fa160d -r bf6749d4db08 src/auth/auth-request.c
--- a/src/auth/auth-request.c Fri Mar 04 18:32:09 2011 +0200
+++ b/src/auth/auth-request.c Fri Mar 04 18:51:46 2011 +0200
@@ -197,6 +197,8 @@
auth_stream_reply_add(reply, "skip_password_check", "1");
if (request->valid_client_cert)
auth_stream_reply_add(reply, "valid-client-cert", "1");
+ if (request->no_penalty)
+ auth_stream_reply_add(reply, "no-penalty", "1");
if (request->mech_name != NULL)
auth_stream_reply_add(reply, "mech", request->mech_name);
}
@@ -235,6 +237,8 @@
request->no_login = TRUE;
else if (strcmp(key, "valid-client-cert") == 0)
request->valid_client_cert = TRUE;
+ else if (strcmp(key, "no-penalty") == 0)
+ request->no_penalty = TRUE;
else if (strcmp(key, "skip_password_check") == 0) {
i_assert(request->master_user != NULL);
request->skip_password_check = TRUE;
diff -r d32a23fa160d -r bf6749d4db08 src/auth/auth-request.h
--- a/src/auth/auth-request.h Fri Mar 04 18:32:09 2011 +0200
+++ b/src/auth/auth-request.h Fri Mar 04 18:51:46 2011 +0200
@@ -106,6 +106,7 @@
unsigned int proxy:1;
unsigned int proxy_maybe:1;
unsigned int valid_client_cert:1;
+ unsigned int no_penalty:1;
unsigned int cert_username:1;
unsigned int userdb_lookup:1;
unsigned int userdb_lookup_failed:1;
diff -r d32a23fa160d -r bf6749d4db08 src/lib-auth/auth-client-request.c
--- a/src/lib-auth/auth-client-request.c Fri Mar 04 18:32:09 2011 +0200
+++ b/src/lib-auth/auth-client-request.c Fri Mar 04 18:51:46 2011 +0200
@@ -36,6 +36,8 @@
if ((info->flags & AUTH_REQUEST_FLAG_SECURED) != 0)
str_append(str, "\tsecured");
+ if ((info->flags & AUTH_REQUEST_FLAG_NO_PENALTY) != 0)
+ str_append(str, "\tno-penalty");
if ((info->flags & AUTH_REQUEST_FLAG_VALID_CLIENT_CERT) != 0)
str_append(str, "\tvalid-client-cert");
diff -r d32a23fa160d -r bf6749d4db08 src/lib-auth/auth-client.h
--- a/src/lib-auth/auth-client.h Fri Mar 04 18:32:09 2011 +0200
+++ b/src/lib-auth/auth-client.h Fri Mar 04 18:51:46 2011 +0200
@@ -9,7 +9,9 @@
enum auth_request_flags {
AUTH_REQUEST_FLAG_SECURED = 0x01,
- AUTH_REQUEST_FLAG_VALID_CLIENT_CERT = 0x02
+ AUTH_REQUEST_FLAG_VALID_CLIENT_CERT = 0x02,
+ /* Skip penalty checks for this request */
+ AUTH_REQUEST_FLAG_NO_PENALTY = 0x04
};
enum auth_request_status {
More information about the dovecot-cvs
mailing list