dovecot-2.0: auth/login related timeouts are now in one place an...
dovecot at dovecot.org
dovecot at dovecot.org
Tue May 4 01:33:39 EEST 2010
details: http://hg.dovecot.org/dovecot-2.0/rev/e08dd68309a9
changeset: 11256:e08dd68309a9
user: Timo Sirainen <tss at iki.fi>
date: Tue May 04 01:33:20 2010 +0300
description:
auth/login related timeouts are now in one place and they make more sense.
Most importantly now auth client doesn't abort lookup before server does.
diffstat:
src/auth/auth-request-handler.c | 3 ++-
src/lib-auth/Makefile.am | 3 ++-
src/lib-auth/auth-client-interface.h | 2 --
src/lib-auth/auth-master.c | 4 ++--
src/lib-master/master-interface.h | 8 ++++++++
src/lib-master/master-login-auth.c | 5 +++--
src/login-common/client-common.h | 2 +-
7 files changed, 18 insertions(+), 9 deletions(-)
diffs (129 lines):
diff -r 90410a8f3786 -r e08dd68309a9 src/auth/auth-request-handler.c
--- a/src/auth/auth-request-handler.c Tue May 04 01:31:54 2010 +0300
+++ b/src/auth/auth-request-handler.c Tue May 04 01:33:20 2010 +0300
@@ -8,6 +8,7 @@
#include "hash.h"
#include "str.h"
#include "str-sanitize.h"
+#include "master-interface.h"
#include "auth-penalty.h"
#include "auth-request.h"
#include "auth-master-connection.h"
@@ -393,7 +394,7 @@
}
auth_request_init(request);
- request->to_abort = timeout_add(AUTH_REQUEST_TIMEOUT * 1000,
+ request->to_abort = timeout_add(MASTER_AUTH_SERVER_TIMEOUT_SECS * 1000,
auth_request_timeout, request);
hash_table_insert(handler->requests, POINTER_CAST(id), request);
diff -r 90410a8f3786 -r e08dd68309a9 src/lib-auth/Makefile.am
--- a/src/lib-auth/Makefile.am Tue May 04 01:31:54 2010 +0300
+++ b/src/lib-auth/Makefile.am Tue May 04 01:33:20 2010 +0300
@@ -1,7 +1,8 @@
noinst_LTLIBRARIES = libauth.la
AM_CPPFLAGS = \
- -I$(top_srcdir)/src/lib
+ -I$(top_srcdir)/src/lib \
+ -I$(top_srcdir)/src/lib-master
libauth_la_SOURCES = \
auth-client.c \
diff -r 90410a8f3786 -r e08dd68309a9 src/lib-auth/auth-client-interface.h
--- a/src/lib-auth/auth-client-interface.h Tue May 04 01:31:54 2010 +0300
+++ b/src/lib-auth/auth-client-interface.h Tue May 04 01:33:20 2010 +0300
@@ -8,8 +8,6 @@
/* GSSAPI can use quite large packets */
#define AUTH_CLIENT_MAX_LINE_LENGTH 16384
-/* Use a bit smaller than login process timeout */
-#define AUTH_REQUEST_TIMEOUT (3*60 - 30)
enum mech_security_flags {
/* Don't advertise this as available SASL mechanism (eg. APOP) */
diff -r 90410a8f3786 -r e08dd68309a9 src/lib-auth/auth-master.c
--- a/src/lib-auth/auth-master.c Tue May 04 01:31:54 2010 +0300
+++ b/src/lib-auth/auth-master.c Tue May 04 01:33:20 2010 +0300
@@ -9,6 +9,7 @@
#include "istream.h"
#include "ostream.h"
#include "str.h"
+#include "master-interface.h"
#include "auth-master.h"
#include <stdlib.h>
@@ -17,7 +18,6 @@
#define AUTH_PROTOCOL_MAJOR 1
#define AUTH_PROTOCOL_MINOR 0
-#define AUTH_REQUEST_TIMEOUT_SECS 30
#define AUTH_MASTER_IDLE_SECS 60
#define MAX_INBUF_SIZE 8192
@@ -301,7 +301,7 @@
conn->input = i_stream_create_fd(conn->fd, MAX_INBUF_SIZE, FALSE);
conn->output = o_stream_create_fd(conn->fd, MAX_OUTBUF_SIZE, FALSE);
conn->io = io_add(conn->fd, IO_READ, auth_input, conn);
- conn->to = timeout_add(1000*AUTH_REQUEST_TIMEOUT_SECS,
+ conn->to = timeout_add(1000*MASTER_AUTH_LOOKUP_TIMEOUT_SECS,
auth_request_timeout, conn);
lib_signals_reset_ioloop();
}
diff -r 90410a8f3786 -r e08dd68309a9 src/lib-master/master-interface.h
--- a/src/lib-master/master-interface.h Tue May 04 01:31:54 2010 +0300
+++ b/src/lib-master/master-interface.h Tue May 04 01:33:20 2010 +0300
@@ -71,4 +71,12 @@
new child processes when needed. */
#define MASTER_LISTEN_FD_FIRST 6
+/* Timeouts: base everything on how long we can wait for login clients. */
+#define MASTER_LOGIN_TIMEOUT_SECS (3*60)
+/* auth server should abort auth requests before that happens */
+#define MASTER_AUTH_SERVER_TIMEOUT_SECS (MASTER_LOGIN_TIMEOUT_SECS - 30)
+/* auth clients should abort auth lookups after server was supposed to have
+ done that */
+#define MASTER_AUTH_LOOKUP_TIMEOUT_SECS (MASTER_AUTH_SERVER_TIMEOUT_SECS + 5)
+
#endif
diff -r 90410a8f3786 -r e08dd68309a9 src/lib-master/master-login-auth.c
--- a/src/lib-master/master-login-auth.c Tue May 04 01:31:54 2010 +0300
+++ b/src/lib-master/master-login-auth.c Tue May 04 01:33:20 2010 +0300
@@ -9,13 +9,13 @@
#include "hex-binary.h"
#include "hash.h"
#include "str.h"
+#include "master-interface.h"
#include "master-auth.h"
#include "master-login-auth.h"
#include <stdlib.h>
#define AUTH_MAX_INBUF_SIZE 8192
-#define AUTH_REQUEST_TIMEOUT_SECS (2*60)
struct master_login_auth_request {
struct master_login_auth_request *prev, *next;
@@ -120,7 +120,8 @@
{
time_t expires;
- expires = auth->request_head->create_stamp + AUTH_REQUEST_TIMEOUT_SECS;
+ expires = auth->request_head->create_stamp +
+ MASTER_AUTH_LOOKUP_TIMEOUT_SECS;
return expires <= ioloop_time ? 0 : expires - ioloop_time;
}
diff -r 90410a8f3786 -r e08dd68309a9 src/login-common/client-common.h
--- a/src/login-common/client-common.h Tue May 04 01:31:54 2010 +0300
+++ b/src/login-common/client-common.h Tue May 04 01:33:20 2010 +0300
@@ -17,7 +17,7 @@
/* Disconnect client after this many milliseconds if it hasn't managed
to log in yet. */
-#define CLIENT_LOGIN_TIMEOUT_MSECS (3*60*1000)
+#define CLIENT_LOGIN_TIMEOUT_MSECS (MASTER_LOGIN_TIMEOUT_SECS*1000)
#define AUTH_SERVER_WAITING_MSG \
"Waiting for authentication process to respond.."
More information about the dovecot-cvs
mailing list