From: Timo Sirainen Date: Tue, 10 Nov 2009 20:09:10 +0000 (-0500) Subject: *-login: Removed per-connection auth failure penalties. Trust auth server to do it. X-Git-Tag: 2.0.beta1~177 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=660b99a7059824676b2b8d6f79b8e15d47df25a2;p=thirdparty%2Fdovecot%2Fcore.git *-login: Removed per-connection auth failure penalties. Trust auth server to do it. --HG-- branch : HEAD --- diff --git a/src/imap-login/client-authenticate.c b/src/imap-login/client-authenticate.c index e2492d0727..95a97fb395 100644 --- a/src/imap-login/client-authenticate.c +++ b/src/imap-login/client-authenticate.c @@ -101,7 +101,7 @@ bool imap_client_auth_handle_reply(struct client *client, i_assert(reply->nologin); if (!client->destroyed) - client_auth_failed(client, reply->nodelay); + client_auth_failed(client); return TRUE; } diff --git a/src/login-common/client-common-auth.c b/src/login-common/client-common-auth.c index 39d7ebc44d..90197f712b 100644 --- a/src/login-common/client-common-auth.c +++ b/src/login-common/client-common-auth.c @@ -16,28 +16,11 @@ /* If we've been waiting auth server to respond for over this many milliseconds, send a "waiting" message. */ #define AUTH_WAITING_TIMEOUT_MSECS (30*1000) -#define AUTH_FAILURE_DELAY_INCREASE_MSECS 5000 - -#if CLIENT_LOGIN_IDLE_TIMEOUT_MSECS < AUTH_REQUEST_TIMEOUT*1000 -# error client idle timeout must be larger than authentication timeout -#endif #define CLIENT_AUTH_BUF_MAX_SIZE 8192 -static void client_authfail_delay_timeout(struct client *client) -{ - timeout_remove(&client->to_authfail_delay); - - /* get back to normal client input. */ - i_assert(client->io == NULL); - client->io = io_add(client->fd, IO_READ, client_input, client); - client_input(client); -} - -void client_auth_failed(struct client *client, bool nodelay) +void client_auth_failed(struct client *client) { - unsigned int delay_msecs; - i_free_and_null(client->master_data_prefix); if (client->auth_initializing) @@ -45,21 +28,9 @@ void client_auth_failed(struct client *client, bool nodelay) if (client->io != NULL) io_remove(&client->io); - if (nodelay) { - client->io = io_add(client->fd, IO_READ, client_input, client); - client_input(client); - return; - } - /* increase the timeout after each unsuccessful attempt, but don't - increase it so high that the idle timeout would be triggered */ - delay_msecs = client->auth_attempts * AUTH_FAILURE_DELAY_INCREASE_MSECS; - if (delay_msecs > CLIENT_LOGIN_IDLE_TIMEOUT_MSECS) - delay_msecs = CLIENT_LOGIN_IDLE_TIMEOUT_MSECS - 1000; - - i_assert(client->to_authfail_delay == NULL); - client->to_authfail_delay = - timeout_add(delay_msecs, client_authfail_delay_timeout, client); + client->io = io_add(client->fd, IO_READ, client_input, client); + client_input(client); } static void client_auth_waiting_timeout(struct client *client) @@ -98,8 +69,6 @@ static void client_auth_parse_args(struct client *client, } if (strcmp(key, "nologin") == 0) reply_r->nologin = TRUE; - else if (strcmp(key, "nodelay") == 0) - reply_r->nodelay = TRUE; else if (strcmp(key, "proxy") == 0) reply_r->proxy = TRUE; else if (strcmp(key, "temp") == 0) @@ -201,7 +170,7 @@ void client_proxy_failed(struct client *client, bool send_line) i_free_and_null(client->proxy_master_user); /* call this last - it may destroy the client */ - client_auth_failed(client, TRUE); + client_auth_failed(client); } static void proxy_input(struct client *client) @@ -320,7 +289,7 @@ client_auth_handle_reply(struct client *client, if (!success) return FALSE; if (proxy_start(client, reply) < 0) - client_auth_failed(client, TRUE); + client_auth_failed(client); return TRUE; } return client->v.auth_handle_reply(client, reply); @@ -446,7 +415,7 @@ sasl_callback(struct client *client, enum sasl_server_reply sasl_reply, } if (!client->destroyed) - client_auth_failed(client, reply.nodelay); + client_auth_failed(client); break; case SASL_SERVER_REPLY_MASTER_FAILED: if (data == NULL) diff --git a/src/login-common/client-common.c b/src/login-common/client-common.c index 18da8d81a6..a081553760 100644 --- a/src/login-common/client-common.c +++ b/src/login-common/client-common.c @@ -129,8 +129,6 @@ void client_destroy(struct client *client, const char *reason) timeout_remove(&client->to_idle_disconnect); if (client->to_auth_waiting != NULL) timeout_remove(&client->to_auth_waiting); - if (client->to_authfail_delay != NULL) - timeout_remove(&client->to_authfail_delay); if (client->auth_response != NULL) str_free(&client->auth_response); diff --git a/src/login-common/client-common.h b/src/login-common/client-common.h index de75c3841d..85521dfd13 100644 --- a/src/login-common/client-common.h +++ b/src/login-common/client-common.h @@ -47,7 +47,6 @@ struct client_auth_reply { unsigned int proxy:1; unsigned int temp:1; unsigned int nologin:1; - unsigned int nodelay:1; unsigned int authz_failure:1; }; @@ -86,7 +85,7 @@ struct client { struct istream *input; struct ostream *output; struct io *io; - struct timeout *to_authfail_delay, *to_auth_waiting; + struct timeout *to_auth_waiting; struct timeout *to_idle_disconnect; unsigned char *master_data_prefix; @@ -146,7 +145,7 @@ void client_log(struct client *client, const char *msg); void client_log_err(struct client *client, const char *msg); const char *client_get_extra_disconnect_reason(struct client *client); bool client_is_trusted(struct client *client); -void client_auth_failed(struct client *client, bool nodelay); +void client_auth_failed(struct client *client); bool client_read(struct client *client); void client_input(struct client *client); diff --git a/src/pop3-login/client-authenticate.c b/src/pop3-login/client-authenticate.c index 96065b1d63..199a0b328a 100644 --- a/src/pop3-login/client-authenticate.c +++ b/src/pop3-login/client-authenticate.c @@ -67,7 +67,7 @@ bool pop3_client_auth_handle_reply(struct client *client, } if (!client->destroyed) - client_auth_failed(client, reply->nodelay); + client_auth_failed(client); return TRUE; }