Don't accept client connections before we're connected to all auth processes.

--HG--
branch : HEAD

diff --git a/src/login-common/auth-connection.c b/src/login-common/auth-connection.c
index dd0801868a8b496b9c20861ce63913bf663d5537..ffe6f41ace9f1fb550fe1a19f25ee6b96c3d70ea 100644 (file)
--- a/src/login-common/auth-connection.c
+++ b/src/login-common/auth-connection.c
@@ -25,6 +25,7 @@ static int auth_reconnect;
 static unsigned int request_id_counter;
 static struct auth_connection *auth_connections;
 static struct timeout *to;
+static unsigned int auth_waiting_handshake_count;
 
 static void auth_connection_destroy(struct auth_connection *conn);
 static void auth_connection_unref(struct auth_connection *conn);
@@ -76,6 +77,7 @@ static struct auth_connection *auth_connection_new(const char *path)
        auth_connections = conn;
 
        /* send our handshake */
+        auth_waiting_handshake_count++;
        memset(&handshake, 0, sizeof(handshake));
        handshake.pid = login_process_uid;
        if (o_stream_send(conn->output, &handshake, sizeof(handshake)) < 0) {
@@ -117,6 +119,8 @@ static void auth_connection_destroy(struct auth_connection *conn)
                }
        }
 
+        auth_waiting_handshake_count--;
+
        if (close(conn->fd) < 0)
                i_error("close(auth) failed: %m");
        io_remove(conn->io);
@@ -195,6 +199,7 @@ static void auth_handle_handshake(struct auth_connection *conn,
        conn->available_auth_mechs = handshake->auth_mechanisms;
        conn->handshake_received = TRUE;
 
+       auth_waiting_handshake_count--;
        update_available_auth_mechs();
 }
 
@@ -359,6 +364,11 @@ void auth_request_unref(struct auth_request *request)
        auth_connection_unref(request->conn);
 }
 
+int auth_is_connected(void)
+{
+       return !auth_reconnect && auth_waiting_handshake_count == 0;
+}
+
 static void auth_connect_missing(void)
 {
        DIR *dirp;
@@ -404,7 +414,8 @@ void auth_connection_init(void)
 {
        auth_connections = NULL;
        request_id_counter = 0;
-        auth_reconnect = FALSE;
+       auth_reconnect = FALSE;
+        auth_waiting_handshake_count = 0;
 
        auth_connect_missing();
        to = timeout_add(1000, auth_connect_missing_timeout, NULL);

diff --git a/src/login-common/auth-connection.h b/src/login-common/auth-connection.h
index 15e423cc0c55601ad3a1f35ee556663f38057620..5e5cf7d1210965b300117c3c06f03b47324d5e65 100644 (file)
--- a/src/login-common/auth-connection.h
+++ b/src/login-common/auth-connection.h
@@ -55,6 +55,8 @@ void auth_abort_request(struct auth_request *request);
 void auth_request_ref(struct auth_request *request);
 void auth_request_unref(struct auth_request *request);
 
+int auth_is_connected(void);
+
 void auth_connection_init(void);
 void auth_connection_deinit(void);
 

diff --git a/src/login-common/main.c b/src/login-common/main.c
index 99ba52e8bd7de89e0e0df0cd66e9c2953d3d6286..5c7af2b0151d165ef7988a510bf0a40ea7a0f113 100644 (file)
--- a/src/login-common/main.c
+++ b/src/login-common/main.c
@@ -76,6 +76,13 @@ static void login_accept(void *context __attr_unused__)
        struct ip_addr ip;
        int fd;
 
+       if (!auth_is_connected()) {
+               /* we're not yet connected to auth process -
+                  don't accept client connections. FIXME: eats CPU if
+                  none of the other login processes accept it either.. */
+               return;
+       }
+
        fd = net_accept(LOGIN_LISTEN_FD, &ip, NULL);
        if (fd < 0) {
                if (fd < -1)
@@ -95,6 +102,13 @@ static void login_accept_ssl(void *context __attr_unused__)
        struct ip_addr ip;
        int fd, fd_ssl;
 
+       if (!auth_is_connected()) {
+               /* we're not yet connected to auth process -
+                  don't accept client connections. FIXME: eats CPU if
+                  none of the other login processes accept it either.. */
+               return;
+       }
+
        fd = net_accept(LOGIN_SSL_LISTEN_FD, &ip, NULL);
        if (fd < 0) {
                if (fd < -1)