dovecot-2.0-sslstream: *-login: Removed per-connection auth fail...

dovecot at dovecot.org dovecot at dovecot.org
Sat Feb 13 02:56:19 EET 2010 

details:   http://hg.dovecot.org/dovecot-2.0-sslstream/rev/7d9cd9b7da08
changeset: 10303:7d9cd9b7da08
user:      Timo Sirainen <tss at iki.fi>
date:      Tue Nov 10 15:09:10 2009 -0500
description:
*-login: Removed per-connection auth failure penalties. Trust auth server to do it.

diffstat:

5 files changed, 17 insertions(+), 51 deletions(-)
src/imap-login/client-authenticate.c  |    2 -
src/login-common/client-common-auth.c |   57 +++++++--------------------------
src/login-common/client-common.c      |    2 -
src/login-common/client-common.h      |    5 +-
src/pop3-login/client-authenticate.c  |    2 -

diffs (165 lines):

diff -r fbff8ca77d2e -r 7d9cd9b7da08 src/imap-login/client-authenticate.c
--- a/src/imap-login/client-authenticate.c	Tue Nov 10 15:08:24 2009 -0500
+++ b/src/imap-login/client-authenticate.c	Tue Nov 10 15:09:10 2009 -0500
@@ -101,7 +101,7 @@ bool imap_client_auth_handle_reply(struc
 	i_assert(reply->nologin);
 
 	if (!client->destroyed)
-		client_auth_failed(client, reply->nodelay);
+		client_auth_failed(client);
 	return TRUE;
 }
 
diff -r fbff8ca77d2e -r 7d9cd9b7da08 src/login-common/client-common-auth.c
--- a/src/login-common/client-common-auth.c	Tue Nov 10 15:08:24 2009 -0500
+++ b/src/login-common/client-common-auth.c	Tue Nov 10 15:09:10 2009 -0500
@@ -16,50 +16,21 @@
 /* If we've been waiting auth server to respond for over this many milliseconds,
    send a "waiting" message. */
 #define AUTH_WAITING_TIMEOUT_MSECS (30*1000)
-#define AUTH_FAILURE_DELAY_INCREASE_MSECS 5000
-
-#if CLIENT_LOGIN_IDLE_TIMEOUT_MSECS < AUTH_REQUEST_TIMEOUT*1000
-#  error client idle timeout must be larger than authentication timeout
-#endif
 
 #define CLIENT_AUTH_BUF_MAX_SIZE 8192
 
-static void client_authfail_delay_timeout(struct client *client)
-{
-	timeout_remove(&client->to_authfail_delay);
-
-	/* get back to normal client input. */
-	i_assert(client->io == NULL);
+void client_auth_failed(struct client *client)
+{
+	i_free_and_null(client->master_data_prefix);
+
+	if (client->auth_initializing)
+		return;
+
+	if (client->io != NULL)
+		io_remove(&client->io);
+
 	client->io = io_add(client->fd, IO_READ, client_input, client);
 	client_input(client);
-}
-
-void client_auth_failed(struct client *client, bool nodelay)
-{
-	unsigned int delay_msecs;
-
-	i_free_and_null(client->master_data_prefix);
-
-	if (client->auth_initializing)
-		return;
-
-	if (client->io != NULL)
-		io_remove(&client->io);
-	if (nodelay) {
-		client->io = io_add(client->fd, IO_READ, client_input, client);
-		client_input(client);
-		return;
-	}
-
-	/* increase the timeout after each unsuccessful attempt, but don't
-	   increase it so high that the idle timeout would be triggered */
-	delay_msecs = client->auth_attempts * AUTH_FAILURE_DELAY_INCREASE_MSECS;
-	if (delay_msecs > CLIENT_LOGIN_IDLE_TIMEOUT_MSECS)
-		delay_msecs = CLIENT_LOGIN_IDLE_TIMEOUT_MSECS - 1000;
-
-	i_assert(client->to_authfail_delay == NULL);
-	client->to_authfail_delay =
-		timeout_add(delay_msecs, client_authfail_delay_timeout, client);
 }
 
 static void client_auth_waiting_timeout(struct client *client)
@@ -98,8 +69,6 @@ static void client_auth_parse_args(struc
 		}
 		if (strcmp(key, "nologin") == 0)
 			reply_r->nologin = TRUE;
-		else if (strcmp(key, "nodelay") == 0)
-			reply_r->nodelay = TRUE;
 		else if (strcmp(key, "proxy") == 0)
 			reply_r->proxy = TRUE;
 		else if (strcmp(key, "temp") == 0)
@@ -201,7 +170,7 @@ void client_proxy_failed(struct client *
 	i_free_and_null(client->proxy_master_user);
 
 	/* call this last - it may destroy the client */
-	client_auth_failed(client, TRUE);
+	client_auth_failed(client);
 }
 
 static void proxy_input(struct client *client)
@@ -320,7 +289,7 @@ client_auth_handle_reply(struct client *
 		if (!success)
 			return FALSE;
 		if (proxy_start(client, reply) < 0)
-			client_auth_failed(client, TRUE);
+			client_auth_failed(client);
 		return TRUE;
 	}
 	return client->v.auth_handle_reply(client, reply);
@@ -446,7 +415,7 @@ sasl_callback(struct client *client, enu
 		}
 
 		if (!client->destroyed)
-			client_auth_failed(client, reply.nodelay);
+			client_auth_failed(client);
 		break;
 	case SASL_SERVER_REPLY_MASTER_FAILED:
 		if (data == NULL)
diff -r fbff8ca77d2e -r 7d9cd9b7da08 src/login-common/client-common.c
--- a/src/login-common/client-common.c	Tue Nov 10 15:08:24 2009 -0500
+++ b/src/login-common/client-common.c	Tue Nov 10 15:09:10 2009 -0500
@@ -129,8 +129,6 @@ void client_destroy(struct client *clien
 		timeout_remove(&client->to_idle_disconnect);
 	if (client->to_auth_waiting != NULL)
 		timeout_remove(&client->to_auth_waiting);
-	if (client->to_authfail_delay != NULL)
-		timeout_remove(&client->to_authfail_delay);
 	if (client->auth_response != NULL)
 		str_free(&client->auth_response);
 
diff -r fbff8ca77d2e -r 7d9cd9b7da08 src/login-common/client-common.h
--- a/src/login-common/client-common.h	Tue Nov 10 15:08:24 2009 -0500
+++ b/src/login-common/client-common.h	Tue Nov 10 15:09:10 2009 -0500
@@ -47,7 +47,6 @@ struct client_auth_reply {
 	unsigned int proxy:1;
 	unsigned int temp:1;
 	unsigned int nologin:1;
-	unsigned int nodelay:1;
 	unsigned int authz_failure:1;
 };
 
@@ -86,7 +85,7 @@ struct client {
 	struct istream *input;
 	struct ostream *output;
 	struct io *io;
-	struct timeout *to_authfail_delay, *to_auth_waiting;
+	struct timeout *to_auth_waiting;
 	struct timeout *to_idle_disconnect;
 
 	unsigned char *master_data_prefix;
@@ -146,7 +145,7 @@ void client_log_err(struct client *clien
 void client_log_err(struct client *client, const char *msg);
 const char *client_get_extra_disconnect_reason(struct client *client);
 bool client_is_trusted(struct client *client);
-void client_auth_failed(struct client *client, bool nodelay);
+void client_auth_failed(struct client *client);
 
 bool client_read(struct client *client);
 void client_input(struct client *client);
diff -r fbff8ca77d2e -r 7d9cd9b7da08 src/pop3-login/client-authenticate.c
--- a/src/pop3-login/client-authenticate.c	Tue Nov 10 15:08:24 2009 -0500
+++ b/src/pop3-login/client-authenticate.c	Tue Nov 10 15:09:10 2009 -0500
@@ -67,7 +67,7 @@ bool pop3_client_auth_handle_reply(struc
 	}
 
 	if (!client->destroyed)
-		client_auth_failed(client, reply->nodelay);
+		client_auth_failed(client);
 	return TRUE;
 }

More information about the dovecot-cvs mailing list