auth/login related timeouts are now in one place and they make more sense.

Most importantly now auth client doesn't abort lookup before server does.

--HG--
branch : HEAD

diff --git a/src/auth/auth-request-handler.c b/src/auth/auth-request-handler.c
index 4fff875d6c7ea1111c5a26833552271044612551..73a384e31dd5123416e001e152a4b614cbf93a69 100644 (file)
--- a/src/auth/auth-request-handler.c
+++ b/src/auth/auth-request-handler.c
@@ -8,6 +8,7 @@
 #include "hash.h"
 #include "str.h"
 #include "str-sanitize.h"
+#include "master-interface.h"
 #include "auth-penalty.h"
 #include "auth-request.h"
 #include "auth-master-connection.h"
@@ -393,7 +394,7 @@ bool auth_request_handler_auth_begin(struct auth_request_handler *handler,
        }
        auth_request_init(request);
 
-       request->to_abort = timeout_add(AUTH_REQUEST_TIMEOUT * 1000,
+       request->to_abort = timeout_add(MASTER_AUTH_SERVER_TIMEOUT_SECS * 1000,
                                        auth_request_timeout, request);
        hash_table_insert(handler->requests, POINTER_CAST(id), request);
 

diff --git a/src/lib-auth/Makefile.am b/src/lib-auth/Makefile.am
index e681f95e85a0b6f1cc904b09fc77adbce93f5470..ed9a10d673279418a9177208e6297c2899507826 100644 (file)
--- a/src/lib-auth/Makefile.am
+++ b/src/lib-auth/Makefile.am
@@ -1,7 +1,8 @@
 noinst_LTLIBRARIES = libauth.la
 
 AM_CPPFLAGS = \
-       -I$(top_srcdir)/src/lib
+       -I$(top_srcdir)/src/lib \
+       -I$(top_srcdir)/src/lib-master
 
 libauth_la_SOURCES = \
        auth-client.c \

diff --git a/src/lib-auth/auth-client-interface.h b/src/lib-auth/auth-client-interface.h
index e5f97e3c3230230c5e7667452d60e06fd7b7db89..ee24e286734572087d04f0ced0124a9dc82fe7b0 100644 (file)
--- a/src/lib-auth/auth-client-interface.h
+++ b/src/lib-auth/auth-client-interface.h
@@ -8,8 +8,6 @@
 
 /* GSSAPI can use quite large packets */
 #define AUTH_CLIENT_MAX_LINE_LENGTH 16384
-/* Use a bit smaller than login process timeout */
-#define AUTH_REQUEST_TIMEOUT (3*60 - 30)
 
 enum mech_security_flags {
        /* Don't advertise this as available SASL mechanism (eg. APOP) */

diff --git a/src/lib-auth/auth-master.c b/src/lib-auth/auth-master.c
index db9f0d47275364d66023489ab60acc069fd197cb..871abce89d802c9cdc9f2806a7d5f19bbefa55a7 100644 (file)
--- a/src/lib-auth/auth-master.c
+++ b/src/lib-auth/auth-master.c
@@ -9,6 +9,7 @@
 #include "istream.h"
 #include "ostream.h"
 #include "str.h"
+#include "master-interface.h"
 #include "auth-master.h"
 
 #include <stdlib.h>
@@ -17,7 +18,6 @@
 #define AUTH_PROTOCOL_MAJOR 1
 #define AUTH_PROTOCOL_MINOR 0
 
-#define AUTH_REQUEST_TIMEOUT_SECS 30
 #define AUTH_MASTER_IDLE_SECS 60
 
 #define MAX_INBUF_SIZE 8192
@@ -301,7 +301,7 @@ static void auth_master_set_io(struct auth_master_connection *conn)
        conn->input = i_stream_create_fd(conn->fd, MAX_INBUF_SIZE, FALSE);
        conn->output = o_stream_create_fd(conn->fd, MAX_OUTBUF_SIZE, FALSE);
        conn->io = io_add(conn->fd, IO_READ, auth_input, conn);
-       conn->to = timeout_add(1000*AUTH_REQUEST_TIMEOUT_SECS,
+       conn->to = timeout_add(1000*MASTER_AUTH_LOOKUP_TIMEOUT_SECS,
                               auth_request_timeout, conn);
        lib_signals_reset_ioloop();
 }

diff --git a/src/lib-master/master-interface.h b/src/lib-master/master-interface.h
index 4fe044e4e5ea8d0b30ee5dc8f5d4730ea2987652..f595bd2e12262021f882c2e15456eb1b97ebef61 100644 (file)
--- a/src/lib-master/master-interface.h
+++ b/src/lib-master/master-interface.h
@@ -71,4 +71,12 @@ enum master_login_state {
    new child processes when needed. */
 #define MASTER_LISTEN_FD_FIRST 6
 
+/* Timeouts: base everything on how long we can wait for login clients. */
+#define MASTER_LOGIN_TIMEOUT_SECS (3*60)
+/* auth server should abort auth requests before that happens */
+#define MASTER_AUTH_SERVER_TIMEOUT_SECS (MASTER_LOGIN_TIMEOUT_SECS - 30)
+/* auth clients should abort auth lookups after server was supposed to have
+   done that */
+#define MASTER_AUTH_LOOKUP_TIMEOUT_SECS (MASTER_AUTH_SERVER_TIMEOUT_SECS + 5)
+
 #endif

diff --git a/src/lib-master/master-login-auth.c b/src/lib-master/master-login-auth.c
index 6a1db471d1ab74b09fead1344cfb658ee3360c56..030eee83ad058e8bd397f6cdf334bce112ef62f1 100644 (file)
--- a/src/lib-master/master-login-auth.c
+++ b/src/lib-master/master-login-auth.c
@@ -9,13 +9,13 @@
 #include "hex-binary.h"
 #include "hash.h"
 #include "str.h"
+#include "master-interface.h"
 #include "master-auth.h"
 #include "master-login-auth.h"
 
 #include <stdlib.h>
 
 #define AUTH_MAX_INBUF_SIZE 8192
-#define AUTH_REQUEST_TIMEOUT_SECS (2*60)
 
 struct master_login_auth_request {
        struct master_login_auth_request *prev, *next;
@@ -120,7 +120,8 @@ static unsigned int auth_get_next_timeout_secs(struct master_login_auth *auth)
 {
        time_t expires;
 
-       expires = auth->request_head->create_stamp + AUTH_REQUEST_TIMEOUT_SECS;
+       expires = auth->request_head->create_stamp +
+               MASTER_AUTH_LOOKUP_TIMEOUT_SECS;
        return expires <= ioloop_time ? 0 : expires - ioloop_time;
 }
 

diff --git a/src/login-common/client-common.h b/src/login-common/client-common.h
index 4b47855c1a6b8fa49531906b4a3b1148023e7283..d58b9acd5d553b4ccdab76829d7066f3e252a281 100644 (file)
--- a/src/login-common/client-common.h
+++ b/src/login-common/client-common.h
@@ -17,7 +17,7 @@
 
 /* Disconnect client after this many milliseconds if it hasn't managed
    to log in yet. */
-#define CLIENT_LOGIN_TIMEOUT_MSECS (3*60*1000)
+#define CLIENT_LOGIN_TIMEOUT_MSECS (MASTER_LOGIN_TIMEOUT_SECS*1000)
 
 #define AUTH_SERVER_WAITING_MSG \
        "Waiting for authentication process to respond.."