dovecot-2.0: auth: Allow clients to specify that they want to sk...

dovecot at dovecot.org dovecot at dovecot.org
Fri Mar 4 18:52:19 EET 2011


details:   http://hg.dovecot.org/dovecot-2.0/rev/bf6749d4db08
changeset: 12643:bf6749d4db08
user:      Timo Sirainen <tss at iki.fi>
date:      Fri Mar 04 18:51:46 2011 +0200
description:
auth: Allow clients to specify that they want to skip auth penalty check.
This is "safe", because the clients specify the IP for the penalty check
anyway.

diffstat:

 src/auth/auth-penalty.c            |  4 ++--
 src/auth/auth-request.c            |  4 ++++
 src/auth/auth-request.h            |  1 +
 src/lib-auth/auth-client-request.c |  2 ++
 src/lib-auth/auth-client.h         |  4 +++-
 5 files changed, 12 insertions(+), 3 deletions(-)

diffs (79 lines):

diff -r d32a23fa160d -r bf6749d4db08 src/auth/auth-penalty.c
--- a/src/auth/auth-penalty.c	Fri Mar 04 18:32:09 2011 +0200
+++ b/src/auth/auth-penalty.c	Fri Mar 04 18:51:46 2011 +0200
@@ -123,7 +123,7 @@
 	const char *ident;
 
 	ident = auth_penalty_get_ident(auth_request);
-	if (penalty->disabled || ident == NULL) {
+	if (penalty->disabled || ident == NULL || auth_request->no_penalty) {
 		callback(0, auth_request);
 		return;
 	}
@@ -155,7 +155,7 @@
 	const char *ident;
 
 	ident = auth_penalty_get_ident(auth_request);
-	if (penalty->disabled || ident == NULL)
+	if (penalty->disabled || ident == NULL || auth_request->no_penalty)
 		return;
 
 	if (value > AUTH_PENALTY_MAX_PENALTY) {
diff -r d32a23fa160d -r bf6749d4db08 src/auth/auth-request.c
--- a/src/auth/auth-request.c	Fri Mar 04 18:32:09 2011 +0200
+++ b/src/auth/auth-request.c	Fri Mar 04 18:51:46 2011 +0200
@@ -197,6 +197,8 @@
 		auth_stream_reply_add(reply, "skip_password_check", "1");
 	if (request->valid_client_cert)
 		auth_stream_reply_add(reply, "valid-client-cert", "1");
+	if (request->no_penalty)
+		auth_stream_reply_add(reply, "no-penalty", "1");
 	if (request->mech_name != NULL)
 		auth_stream_reply_add(reply, "mech", request->mech_name);
 }
@@ -235,6 +237,8 @@
 		request->no_login = TRUE;
 	else if (strcmp(key, "valid-client-cert") == 0)
 		request->valid_client_cert = TRUE;
+	else if (strcmp(key, "no-penalty") == 0)
+		request->no_penalty = TRUE;
 	else if (strcmp(key, "skip_password_check") == 0) {
 		i_assert(request->master_user !=  NULL);
 		request->skip_password_check = TRUE;
diff -r d32a23fa160d -r bf6749d4db08 src/auth/auth-request.h
--- a/src/auth/auth-request.h	Fri Mar 04 18:32:09 2011 +0200
+++ b/src/auth/auth-request.h	Fri Mar 04 18:51:46 2011 +0200
@@ -106,6 +106,7 @@
 	unsigned int proxy:1;
 	unsigned int proxy_maybe:1;
 	unsigned int valid_client_cert:1;
+	unsigned int no_penalty:1;
 	unsigned int cert_username:1;
 	unsigned int userdb_lookup:1;
 	unsigned int userdb_lookup_failed:1;
diff -r d32a23fa160d -r bf6749d4db08 src/lib-auth/auth-client-request.c
--- a/src/lib-auth/auth-client-request.c	Fri Mar 04 18:32:09 2011 +0200
+++ b/src/lib-auth/auth-client-request.c	Fri Mar 04 18:51:46 2011 +0200
@@ -36,6 +36,8 @@
 
 	if ((info->flags & AUTH_REQUEST_FLAG_SECURED) != 0)
 		str_append(str, "\tsecured");
+	if ((info->flags & AUTH_REQUEST_FLAG_NO_PENALTY) != 0)
+		str_append(str, "\tno-penalty");
 	if ((info->flags & AUTH_REQUEST_FLAG_VALID_CLIENT_CERT) != 0)
 		str_append(str, "\tvalid-client-cert");
 
diff -r d32a23fa160d -r bf6749d4db08 src/lib-auth/auth-client.h
--- a/src/lib-auth/auth-client.h	Fri Mar 04 18:32:09 2011 +0200
+++ b/src/lib-auth/auth-client.h	Fri Mar 04 18:51:46 2011 +0200
@@ -9,7 +9,9 @@
 
 enum auth_request_flags {
 	AUTH_REQUEST_FLAG_SECURED		= 0x01,
-	AUTH_REQUEST_FLAG_VALID_CLIENT_CERT	= 0x02
+	AUTH_REQUEST_FLAG_VALID_CLIENT_CERT	= 0x02,
+	/* Skip penalty checks for this request */
+	AUTH_REQUEST_FLAG_NO_PENALTY		= 0x04
 };
 
 enum auth_request_status {


More information about the dovecot-cvs mailing list