From d8702d15ee7721ed1fcfc8f00a589970bd6b3598 Mon Sep 17 00:00:00 2001 From: Timo Sirainen Date: Fri, 4 Mar 2011 18:51:46 +0200 Subject: [PATCH] auth: Allow clients to specify that they want to skip auth penalty check. This is "safe", because the clients specify the IP for the penalty check anyway. --- src/auth/auth-penalty.c | 4 ++-- src/auth/auth-request.c | 4 ++++ src/auth/auth-request.h | 1 + src/lib-auth/auth-client-request.c | 2 ++ src/lib-auth/auth-client.h | 4 +++- 5 files changed, 12 insertions(+), 3 deletions(-) diff --git a/src/auth/auth-penalty.c b/src/auth/auth-penalty.c index 51b104559b..0b135fb1bc 100644 --- a/src/auth/auth-penalty.c +++ b/src/auth/auth-penalty.c @@ -123,7 +123,7 @@ void auth_penalty_lookup(struct auth_penalty *penalty, const char *ident; ident = auth_penalty_get_ident(auth_request); - if (penalty->disabled || ident == NULL) { + if (penalty->disabled || ident == NULL || auth_request->no_penalty) { callback(0, auth_request); return; } @@ -155,7 +155,7 @@ void auth_penalty_update(struct auth_penalty *penalty, const char *ident; ident = auth_penalty_get_ident(auth_request); - if (penalty->disabled || ident == NULL) + if (penalty->disabled || ident == NULL || auth_request->no_penalty) return; if (value > AUTH_PENALTY_MAX_PENALTY) { diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c index aa8bc580f7..0d9866bead 100644 --- a/src/auth/auth-request.c +++ b/src/auth/auth-request.c @@ -197,6 +197,8 @@ void auth_request_export(struct auth_request *request, auth_stream_reply_add(reply, "skip_password_check", "1"); if (request->valid_client_cert) auth_stream_reply_add(reply, "valid-client-cert", "1"); + if (request->no_penalty) + auth_stream_reply_add(reply, "no-penalty", "1"); if (request->mech_name != NULL) auth_stream_reply_add(reply, "mech", request->mech_name); } @@ -235,6 +237,8 @@ bool auth_request_import(struct auth_request *request, request->no_login = TRUE; else if (strcmp(key, "valid-client-cert") == 0) request->valid_client_cert = TRUE; + else if (strcmp(key, "no-penalty") == 0) + request->no_penalty = TRUE; else if (strcmp(key, "skip_password_check") == 0) { i_assert(request->master_user != NULL); request->skip_password_check = TRUE; diff --git a/src/auth/auth-request.h b/src/auth/auth-request.h index 081112ec41..048c60a4ef 100644 --- a/src/auth/auth-request.h +++ b/src/auth/auth-request.h @@ -106,6 +106,7 @@ struct auth_request { unsigned int proxy:1; unsigned int proxy_maybe:1; unsigned int valid_client_cert:1; + unsigned int no_penalty:1; unsigned int cert_username:1; unsigned int userdb_lookup:1; unsigned int userdb_lookup_failed:1; diff --git a/src/lib-auth/auth-client-request.c b/src/lib-auth/auth-client-request.c index ab2f765066..565189fc20 100644 --- a/src/lib-auth/auth-client-request.c +++ b/src/lib-auth/auth-client-request.c @@ -36,6 +36,8 @@ static void auth_server_send_new_request(struct auth_server_connection *conn, if ((info->flags & AUTH_REQUEST_FLAG_SECURED) != 0) str_append(str, "\tsecured"); + if ((info->flags & AUTH_REQUEST_FLAG_NO_PENALTY) != 0) + str_append(str, "\tno-penalty"); if ((info->flags & AUTH_REQUEST_FLAG_VALID_CLIENT_CERT) != 0) str_append(str, "\tvalid-client-cert"); diff --git a/src/lib-auth/auth-client.h b/src/lib-auth/auth-client.h index 3ece6f1070..e6f79525e6 100644 --- a/src/lib-auth/auth-client.h +++ b/src/lib-auth/auth-client.h @@ -9,7 +9,9 @@ struct auth_client_request; enum auth_request_flags { AUTH_REQUEST_FLAG_SECURED = 0x01, - AUTH_REQUEST_FLAG_VALID_CLIENT_CERT = 0x02 + AUTH_REQUEST_FLAG_VALID_CLIENT_CERT = 0x02, + /* Skip penalty checks for this request */ + AUTH_REQUEST_FLAG_NO_PENALTY = 0x04 }; enum auth_request_status { -- 2.47.3