dovecot-2.0: auth/login related timeouts are now in one place an...

dovecot at dovecot.org dovecot at dovecot.org
Tue May 4 01:33:39 EEST 2010


details:   http://hg.dovecot.org/dovecot-2.0/rev/e08dd68309a9
changeset: 11256:e08dd68309a9
user:      Timo Sirainen <tss at iki.fi>
date:      Tue May 04 01:33:20 2010 +0300
description:
auth/login related timeouts are now in one place and they make more sense.
Most importantly now auth client doesn't abort lookup before server does.

diffstat:

 src/auth/auth-request-handler.c      |  3 ++-
 src/lib-auth/Makefile.am             |  3 ++-
 src/lib-auth/auth-client-interface.h |  2 --
 src/lib-auth/auth-master.c           |  4 ++--
 src/lib-master/master-interface.h    |  8 ++++++++
 src/lib-master/master-login-auth.c   |  5 +++--
 src/login-common/client-common.h     |  2 +-
 7 files changed, 18 insertions(+), 9 deletions(-)

diffs (129 lines):

diff -r 90410a8f3786 -r e08dd68309a9 src/auth/auth-request-handler.c
--- a/src/auth/auth-request-handler.c	Tue May 04 01:31:54 2010 +0300
+++ b/src/auth/auth-request-handler.c	Tue May 04 01:33:20 2010 +0300
@@ -8,6 +8,7 @@
 #include "hash.h"
 #include "str.h"
 #include "str-sanitize.h"
+#include "master-interface.h"
 #include "auth-penalty.h"
 #include "auth-request.h"
 #include "auth-master-connection.h"
@@ -393,7 +394,7 @@
 	}
 	auth_request_init(request);
 
-	request->to_abort = timeout_add(AUTH_REQUEST_TIMEOUT * 1000,
+	request->to_abort = timeout_add(MASTER_AUTH_SERVER_TIMEOUT_SECS * 1000,
 					auth_request_timeout, request);
 	hash_table_insert(handler->requests, POINTER_CAST(id), request);
 
diff -r 90410a8f3786 -r e08dd68309a9 src/lib-auth/Makefile.am
--- a/src/lib-auth/Makefile.am	Tue May 04 01:31:54 2010 +0300
+++ b/src/lib-auth/Makefile.am	Tue May 04 01:33:20 2010 +0300
@@ -1,7 +1,8 @@
 noinst_LTLIBRARIES = libauth.la
 
 AM_CPPFLAGS = \
-	-I$(top_srcdir)/src/lib
+	-I$(top_srcdir)/src/lib \
+	-I$(top_srcdir)/src/lib-master
 
 libauth_la_SOURCES = \
 	auth-client.c \
diff -r 90410a8f3786 -r e08dd68309a9 src/lib-auth/auth-client-interface.h
--- a/src/lib-auth/auth-client-interface.h	Tue May 04 01:31:54 2010 +0300
+++ b/src/lib-auth/auth-client-interface.h	Tue May 04 01:33:20 2010 +0300
@@ -8,8 +8,6 @@
 
 /* GSSAPI can use quite large packets */
 #define AUTH_CLIENT_MAX_LINE_LENGTH 16384
-/* Use a bit smaller than login process timeout */
-#define AUTH_REQUEST_TIMEOUT (3*60 - 30)
 
 enum mech_security_flags {
 	/* Don't advertise this as available SASL mechanism (eg. APOP) */
diff -r 90410a8f3786 -r e08dd68309a9 src/lib-auth/auth-master.c
--- a/src/lib-auth/auth-master.c	Tue May 04 01:31:54 2010 +0300
+++ b/src/lib-auth/auth-master.c	Tue May 04 01:33:20 2010 +0300
@@ -9,6 +9,7 @@
 #include "istream.h"
 #include "ostream.h"
 #include "str.h"
+#include "master-interface.h"
 #include "auth-master.h"
 
 #include <stdlib.h>
@@ -17,7 +18,6 @@
 #define AUTH_PROTOCOL_MAJOR 1
 #define AUTH_PROTOCOL_MINOR 0
 
-#define AUTH_REQUEST_TIMEOUT_SECS 30
 #define AUTH_MASTER_IDLE_SECS 60
 
 #define MAX_INBUF_SIZE 8192
@@ -301,7 +301,7 @@
 	conn->input = i_stream_create_fd(conn->fd, MAX_INBUF_SIZE, FALSE);
 	conn->output = o_stream_create_fd(conn->fd, MAX_OUTBUF_SIZE, FALSE);
 	conn->io = io_add(conn->fd, IO_READ, auth_input, conn);
-	conn->to = timeout_add(1000*AUTH_REQUEST_TIMEOUT_SECS,
+	conn->to = timeout_add(1000*MASTER_AUTH_LOOKUP_TIMEOUT_SECS,
 			       auth_request_timeout, conn);
 	lib_signals_reset_ioloop();
 }
diff -r 90410a8f3786 -r e08dd68309a9 src/lib-master/master-interface.h
--- a/src/lib-master/master-interface.h	Tue May 04 01:31:54 2010 +0300
+++ b/src/lib-master/master-interface.h	Tue May 04 01:33:20 2010 +0300
@@ -71,4 +71,12 @@
    new child processes when needed. */
 #define MASTER_LISTEN_FD_FIRST 6
 
+/* Timeouts: base everything on how long we can wait for login clients. */
+#define MASTER_LOGIN_TIMEOUT_SECS (3*60)
+/* auth server should abort auth requests before that happens */
+#define MASTER_AUTH_SERVER_TIMEOUT_SECS (MASTER_LOGIN_TIMEOUT_SECS - 30)
+/* auth clients should abort auth lookups after server was supposed to have
+   done that */
+#define MASTER_AUTH_LOOKUP_TIMEOUT_SECS (MASTER_AUTH_SERVER_TIMEOUT_SECS + 5)
+
 #endif
diff -r 90410a8f3786 -r e08dd68309a9 src/lib-master/master-login-auth.c
--- a/src/lib-master/master-login-auth.c	Tue May 04 01:31:54 2010 +0300
+++ b/src/lib-master/master-login-auth.c	Tue May 04 01:33:20 2010 +0300
@@ -9,13 +9,13 @@
 #include "hex-binary.h"
 #include "hash.h"
 #include "str.h"
+#include "master-interface.h"
 #include "master-auth.h"
 #include "master-login-auth.h"
 
 #include <stdlib.h>
 
 #define AUTH_MAX_INBUF_SIZE 8192
-#define AUTH_REQUEST_TIMEOUT_SECS (2*60)
 
 struct master_login_auth_request {
 	struct master_login_auth_request *prev, *next;
@@ -120,7 +120,8 @@
 {
 	time_t expires;
 
-	expires = auth->request_head->create_stamp + AUTH_REQUEST_TIMEOUT_SECS;
+	expires = auth->request_head->create_stamp +
+		MASTER_AUTH_LOOKUP_TIMEOUT_SECS;
 	return expires <= ioloop_time ? 0 : expires - ioloop_time;
 }
 
diff -r 90410a8f3786 -r e08dd68309a9 src/login-common/client-common.h
--- a/src/login-common/client-common.h	Tue May 04 01:31:54 2010 +0300
+++ b/src/login-common/client-common.h	Tue May 04 01:33:20 2010 +0300
@@ -17,7 +17,7 @@
 
 /* Disconnect client after this many milliseconds if it hasn't managed
    to log in yet. */
-#define CLIENT_LOGIN_TIMEOUT_MSECS (3*60*1000)
+#define CLIENT_LOGIN_TIMEOUT_MSECS (MASTER_LOGIN_TIMEOUT_SECS*1000)
 
 #define AUTH_SERVER_WAITING_MSG \
 	"Waiting for authentication process to respond.."


More information about the dovecot-cvs mailing list