auth: Connect to anvil-auth-penalty before dropping root privileges.

--HG--
branch : HEAD

diff --git a/src/auth/auth-request-handler.c b/src/auth/auth-request-handler.c
index 8917e918747a1d7851e74632a2d87ffbaaa7c52e..2ef705f9721ff8f09b388ae0a92175392d26e22a 100644 (file)
--- a/src/auth/auth-request-handler.c
+++ b/src/auth/auth-request-handler.c
@@ -16,13 +16,11 @@
 #include <stdlib.h>
 
 #define AUTH_FAILURE_DELAY_CHECK_MSECS 500
-#define AUTH_PENALTY_ANVIL_PATH "anvil-auth-penalty"
 
 struct auth_request_handler {
        int refcount;
        pool_t pool;
        struct hash_table *requests;
-       struct auth_penalty *penalty;
 
         struct auth *auth;
         unsigned int connect_uid, client_pid;
@@ -58,7 +56,6 @@ auth_request_handler_create(struct auth *auth,
        handler->callback = callback;
        handler->context = context;
        handler->master_callback = master_callback;
-       handler->penalty = auth_penalty_init(AUTH_PENALTY_ANVIL_PATH);
        return handler;
 }
 
@@ -84,7 +81,6 @@ void auth_request_handler_unref(struct auth_request_handler **_handler)
        /* notify parent that we're done with all requests */
        handler->callback(NULL, handler->context);
 
-       auth_penalty_deinit(&handler->penalty);
        hash_table_destroy(&handler->requests);
        pool_unref(&handler->pool);
 }
@@ -193,7 +189,7 @@ auth_request_handle_failure(struct auth_request *request,
        request->delayed_failure = TRUE;
        handler->refcount++;
 
-       auth_penalty_update(handler->penalty, request,
+       auth_penalty_update(request->auth->penalty, request,
                            request->last_penalty + 1);
 
        request->last_access = ioloop_time;
@@ -231,7 +227,7 @@ static void auth_callback(struct auth_request *request,
 
                if (request->last_penalty != 0) {
                        /* reset penalty */
-                       auth_penalty_update(handler->penalty, request, 0);
+                       auth_penalty_update(request->auth->penalty, request, 0);
                }
 
                auth_stream_reply_add(reply, "OK", NULL);
@@ -421,7 +417,8 @@ bool auth_request_handler_auth_begin(struct auth_request_handler *handler,
        handler->refcount++;
 
        /* before we start authenticating, see if we need to wait first */
-       auth_penalty_lookup(handler->penalty, request, auth_penalty_callback);
+       auth_penalty_lookup(request->auth->penalty, request,
+                           auth_penalty_callback);
        return TRUE;
 }
 

diff --git a/src/auth/auth.c b/src/auth/auth.c
index d60f02012ccb310e7672370cc30751cdb0c09e42..0710836efec2498872eaf15702984590aee8ef48 100644 (file)
--- a/src/auth/auth.c
+++ b/src/auth/auth.c
@@ -10,11 +10,14 @@
 #include "passdb.h"
 #include "passdb-cache.h"
 #include "auth.h"
+#include "auth-penalty.h"
 #include "auth-request-handler.h"
 
 #include <stdlib.h>
 #include <unistd.h>
 
+#define AUTH_PENALTY_ANVIL_PATH "anvil-auth-penalty"
+
 struct auth_userdb_settings userdb_dummy_set = {
        MEMBER(driver) "static",
        MEMBER(args) ""
@@ -255,6 +258,8 @@ void auth_init(struct auth *auth)
                for (; *p != '\0' && p[1] != '\0'; p += 2)
                        auth->username_translation[(int)(uint8_t)*p] = p[1];
        }
+
+       auth->penalty = auth_penalty_init(AUTH_PENALTY_ANVIL_PATH);
 }
 
 void auth_deinit(struct auth **_auth)
@@ -275,5 +280,6 @@ void auth_deinit(struct auth **_auth)
        auth_request_handler_deinit();
        passdb_cache_deinit();
 
+       auth_penalty_deinit(&auth->penalty);
        pool_unref(&auth->pool);
 }

diff --git a/src/auth/auth.h b/src/auth/auth.h
index da331064ac947c986e2ee1647d17df02166945c8..a91d8be04a7dac26eb30c675e72ce0f79f8983d3 100644 (file)
--- a/src/auth/auth.h
+++ b/src/auth/auth.h
@@ -39,6 +39,7 @@ struct auth {
        struct auth_passdb *masterdbs;
        struct auth_passdb *passdbs;
        struct auth_userdb *userdbs;
+       struct auth_penalty *penalty;
 
        const char *const *auth_realms;
        char username_chars[256];