From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Tue, 11 Feb 2025 14:19:05 +0000 (+0200)
Subject: auth: Avoid delaying reply when shutting down
X-Git-Tag: 2.4.1~200
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=df346af7fd40043af4d9ff2103734a448c6bd5a4;p=thirdparty%2Fdovecot%2Fcore.git

auth: Avoid delaying reply when shutting down
---

diff --git a/src/auth/auth-request-handler.c b/src/auth/auth-request-handler.c
index 8a595c1045..f71dcef6c9 100644
--- a/src/auth/auth-request-handler.c
+++ b/src/auth/auth-request-handler.c
@@ -235,7 +235,7 @@ auth_request_handle_failure(struct auth_request *request, const char *reply)
 
 	e_debug(request->event, "handling failure, nodelay=%d",
 		(int) request->failure_nodelay);
-	if (request->failure_nodelay) {
+	if (request->failure_nodelay || shutting_down) {
 		/* passdb specifically requested not to delay the reply. */
 		handler->callback(reply, handler->conn);
 		auth_request_unref(&request);
diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c
index 7ac368114e..c20a35cad7 100644
--- a/src/auth/auth-request.c
+++ b/src/auth/auth-request.c
@@ -782,6 +782,9 @@ void auth_request_userdb_lookup_end(struct auth_request *request,
 static unsigned int
 auth_request_get_internal_failure_delay(struct auth_request *request)
 {
+	if (shutting_down)
+		return 0;
+
 	unsigned int delay_msecs = request->set->internal_failure_delay;
 
 	/* add 0..50% random delay to avoid thundering herd problems */
@@ -1223,7 +1226,7 @@ static void auth_request_policy_check_callback(int result, void *context)
 		/* fail it right here and now */
 		auth_request_fail(ctx->request);
 	} else if (ctx->type != AUTH_POLICY_CHECK_TYPE_SUCCESS && result > 0 &&
-		   !ctx->request->fields.no_penalty) {
+		   !ctx->request->fields.no_penalty && !shutting_down) {
 		ctx->request->to_penalty = timeout_add(result * 1000,
 			auth_request_policy_penalty_finish, context);
 	} else {
diff --git a/src/auth/auth.c b/src/auth/auth.c
index 9097982e13..a8fbab3d77 100644
--- a/src/auth/auth.c
+++ b/src/auth/auth.c
@@ -16,6 +16,8 @@
 #define AUTH_DNS_IDLE_TIMEOUT_MSECS (1000*60)
 #define AUTH_DNS_CACHE_TTL_SECS 10
 
+bool shutting_down = FALSE;
+
 struct event *auth_event;
 struct event_category event_category_auth = {
 	.name = "auth",
diff --git a/src/auth/auth.h b/src/auth/auth.h
index d1c1b96c1c..cfde068679 100644
--- a/src/auth/auth.h
+++ b/src/auth/auth.h
@@ -84,6 +84,7 @@ struct auth {
 	struct dns_client *dns_client;
 };
 
+extern bool shutting_down;
 
 struct auth *auth_find_protocol(const char *name);
 struct auth *auth_default_protocol(void);
diff --git a/src/auth/main.c b/src/auth/main.c
index 9810c96cf2..e6f7b805ff 100644
--- a/src/auth/main.c
+++ b/src/auth/main.c
@@ -249,6 +249,7 @@ static void main_deinit(void)
 {
 	struct auth_socket_listener *l;
 
+	shutting_down = TRUE;
 	if (auth_penalty != NULL) {
 		/* cancel all pending anvil penalty lookups */
 		auth_penalty_deinit(&auth_penalty);