dovecot-2.0-sslstream: *-login: Removed per-connection auth fail...
dovecot at dovecot.org
dovecot at dovecot.org
Sat Feb 13 02:56:19 EET 2010
details: http://hg.dovecot.org/dovecot-2.0-sslstream/rev/7d9cd9b7da08
changeset: 10303:7d9cd9b7da08
user: Timo Sirainen <tss at iki.fi>
date: Tue Nov 10 15:09:10 2009 -0500
description:
*-login: Removed per-connection auth failure penalties. Trust auth server to do it.
diffstat:
5 files changed, 17 insertions(+), 51 deletions(-)
src/imap-login/client-authenticate.c | 2 -
src/login-common/client-common-auth.c | 57 +++++++--------------------------
src/login-common/client-common.c | 2 -
src/login-common/client-common.h | 5 +-
src/pop3-login/client-authenticate.c | 2 -
diffs (165 lines):
diff -r fbff8ca77d2e -r 7d9cd9b7da08 src/imap-login/client-authenticate.c
--- a/src/imap-login/client-authenticate.c Tue Nov 10 15:08:24 2009 -0500
+++ b/src/imap-login/client-authenticate.c Tue Nov 10 15:09:10 2009 -0500
@@ -101,7 +101,7 @@ bool imap_client_auth_handle_reply(struc
i_assert(reply->nologin);
if (!client->destroyed)
- client_auth_failed(client, reply->nodelay);
+ client_auth_failed(client);
return TRUE;
}
diff -r fbff8ca77d2e -r 7d9cd9b7da08 src/login-common/client-common-auth.c
--- a/src/login-common/client-common-auth.c Tue Nov 10 15:08:24 2009 -0500
+++ b/src/login-common/client-common-auth.c Tue Nov 10 15:09:10 2009 -0500
@@ -16,50 +16,21 @@
/* If we've been waiting auth server to respond for over this many milliseconds,
send a "waiting" message. */
#define AUTH_WAITING_TIMEOUT_MSECS (30*1000)
-#define AUTH_FAILURE_DELAY_INCREASE_MSECS 5000
-
-#if CLIENT_LOGIN_IDLE_TIMEOUT_MSECS < AUTH_REQUEST_TIMEOUT*1000
-# error client idle timeout must be larger than authentication timeout
-#endif
#define CLIENT_AUTH_BUF_MAX_SIZE 8192
-static void client_authfail_delay_timeout(struct client *client)
-{
- timeout_remove(&client->to_authfail_delay);
-
- /* get back to normal client input. */
- i_assert(client->io == NULL);
+void client_auth_failed(struct client *client)
+{
+ i_free_and_null(client->master_data_prefix);
+
+ if (client->auth_initializing)
+ return;
+
+ if (client->io != NULL)
+ io_remove(&client->io);
+
client->io = io_add(client->fd, IO_READ, client_input, client);
client_input(client);
-}
-
-void client_auth_failed(struct client *client, bool nodelay)
-{
- unsigned int delay_msecs;
-
- i_free_and_null(client->master_data_prefix);
-
- if (client->auth_initializing)
- return;
-
- if (client->io != NULL)
- io_remove(&client->io);
- if (nodelay) {
- client->io = io_add(client->fd, IO_READ, client_input, client);
- client_input(client);
- return;
- }
-
- /* increase the timeout after each unsuccessful attempt, but don't
- increase it so high that the idle timeout would be triggered */
- delay_msecs = client->auth_attempts * AUTH_FAILURE_DELAY_INCREASE_MSECS;
- if (delay_msecs > CLIENT_LOGIN_IDLE_TIMEOUT_MSECS)
- delay_msecs = CLIENT_LOGIN_IDLE_TIMEOUT_MSECS - 1000;
-
- i_assert(client->to_authfail_delay == NULL);
- client->to_authfail_delay =
- timeout_add(delay_msecs, client_authfail_delay_timeout, client);
}
static void client_auth_waiting_timeout(struct client *client)
@@ -98,8 +69,6 @@ static void client_auth_parse_args(struc
}
if (strcmp(key, "nologin") == 0)
reply_r->nologin = TRUE;
- else if (strcmp(key, "nodelay") == 0)
- reply_r->nodelay = TRUE;
else if (strcmp(key, "proxy") == 0)
reply_r->proxy = TRUE;
else if (strcmp(key, "temp") == 0)
@@ -201,7 +170,7 @@ void client_proxy_failed(struct client *
i_free_and_null(client->proxy_master_user);
/* call this last - it may destroy the client */
- client_auth_failed(client, TRUE);
+ client_auth_failed(client);
}
static void proxy_input(struct client *client)
@@ -320,7 +289,7 @@ client_auth_handle_reply(struct client *
if (!success)
return FALSE;
if (proxy_start(client, reply) < 0)
- client_auth_failed(client, TRUE);
+ client_auth_failed(client);
return TRUE;
}
return client->v.auth_handle_reply(client, reply);
@@ -446,7 +415,7 @@ sasl_callback(struct client *client, enu
}
if (!client->destroyed)
- client_auth_failed(client, reply.nodelay);
+ client_auth_failed(client);
break;
case SASL_SERVER_REPLY_MASTER_FAILED:
if (data == NULL)
diff -r fbff8ca77d2e -r 7d9cd9b7da08 src/login-common/client-common.c
--- a/src/login-common/client-common.c Tue Nov 10 15:08:24 2009 -0500
+++ b/src/login-common/client-common.c Tue Nov 10 15:09:10 2009 -0500
@@ -129,8 +129,6 @@ void client_destroy(struct client *clien
timeout_remove(&client->to_idle_disconnect);
if (client->to_auth_waiting != NULL)
timeout_remove(&client->to_auth_waiting);
- if (client->to_authfail_delay != NULL)
- timeout_remove(&client->to_authfail_delay);
if (client->auth_response != NULL)
str_free(&client->auth_response);
diff -r fbff8ca77d2e -r 7d9cd9b7da08 src/login-common/client-common.h
--- a/src/login-common/client-common.h Tue Nov 10 15:08:24 2009 -0500
+++ b/src/login-common/client-common.h Tue Nov 10 15:09:10 2009 -0500
@@ -47,7 +47,6 @@ struct client_auth_reply {
unsigned int proxy:1;
unsigned int temp:1;
unsigned int nologin:1;
- unsigned int nodelay:1;
unsigned int authz_failure:1;
};
@@ -86,7 +85,7 @@ struct client {
struct istream *input;
struct ostream *output;
struct io *io;
- struct timeout *to_authfail_delay, *to_auth_waiting;
+ struct timeout *to_auth_waiting;
struct timeout *to_idle_disconnect;
unsigned char *master_data_prefix;
@@ -146,7 +145,7 @@ void client_log_err(struct client *clien
void client_log_err(struct client *client, const char *msg);
const char *client_get_extra_disconnect_reason(struct client *client);
bool client_is_trusted(struct client *client);
-void client_auth_failed(struct client *client, bool nodelay);
+void client_auth_failed(struct client *client);
bool client_read(struct client *client);
void client_input(struct client *client);
diff -r fbff8ca77d2e -r 7d9cd9b7da08 src/pop3-login/client-authenticate.c
--- a/src/pop3-login/client-authenticate.c Tue Nov 10 15:08:24 2009 -0500
+++ b/src/pop3-login/client-authenticate.c Tue Nov 10 15:09:10 2009 -0500
@@ -67,7 +67,7 @@ bool pop3_client_auth_handle_reply(struc
}
if (!client->destroyed)
- client_auth_failed(client, reply->nodelay);
+ client_auth_failed(client);
return TRUE;
}
More information about the dovecot-cvs
mailing list