From: Timo Sirainen Date: Mon, 3 May 2010 22:33:20 +0000 (+0300) Subject: auth/login related timeouts are now in one place and they make more sense. X-Git-Tag: 2.0.beta5~18 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d99107ddf4d9bccb710994482daf65276a9d6321;p=thirdparty%2Fdovecot%2Fcore.git auth/login related timeouts are now in one place and they make more sense. Most importantly now auth client doesn't abort lookup before server does. --HG-- branch : HEAD --- diff --git a/src/auth/auth-request-handler.c b/src/auth/auth-request-handler.c index 4fff875d6c..73a384e31d 100644 --- a/src/auth/auth-request-handler.c +++ b/src/auth/auth-request-handler.c @@ -8,6 +8,7 @@ #include "hash.h" #include "str.h" #include "str-sanitize.h" +#include "master-interface.h" #include "auth-penalty.h" #include "auth-request.h" #include "auth-master-connection.h" @@ -393,7 +394,7 @@ bool auth_request_handler_auth_begin(struct auth_request_handler *handler, } auth_request_init(request); - request->to_abort = timeout_add(AUTH_REQUEST_TIMEOUT * 1000, + request->to_abort = timeout_add(MASTER_AUTH_SERVER_TIMEOUT_SECS * 1000, auth_request_timeout, request); hash_table_insert(handler->requests, POINTER_CAST(id), request); diff --git a/src/lib-auth/Makefile.am b/src/lib-auth/Makefile.am index e681f95e85..ed9a10d673 100644 --- a/src/lib-auth/Makefile.am +++ b/src/lib-auth/Makefile.am @@ -1,7 +1,8 @@ noinst_LTLIBRARIES = libauth.la AM_CPPFLAGS = \ - -I$(top_srcdir)/src/lib + -I$(top_srcdir)/src/lib \ + -I$(top_srcdir)/src/lib-master libauth_la_SOURCES = \ auth-client.c \ diff --git a/src/lib-auth/auth-client-interface.h b/src/lib-auth/auth-client-interface.h index e5f97e3c32..ee24e28673 100644 --- a/src/lib-auth/auth-client-interface.h +++ b/src/lib-auth/auth-client-interface.h @@ -8,8 +8,6 @@ /* GSSAPI can use quite large packets */ #define AUTH_CLIENT_MAX_LINE_LENGTH 16384 -/* Use a bit smaller than login process timeout */ -#define AUTH_REQUEST_TIMEOUT (3*60 - 30) enum mech_security_flags { /* Don't advertise this as available SASL mechanism (eg. APOP) */ diff --git a/src/lib-auth/auth-master.c b/src/lib-auth/auth-master.c index db9f0d4727..871abce89d 100644 --- a/src/lib-auth/auth-master.c +++ b/src/lib-auth/auth-master.c @@ -9,6 +9,7 @@ #include "istream.h" #include "ostream.h" #include "str.h" +#include "master-interface.h" #include "auth-master.h" #include @@ -17,7 +18,6 @@ #define AUTH_PROTOCOL_MAJOR 1 #define AUTH_PROTOCOL_MINOR 0 -#define AUTH_REQUEST_TIMEOUT_SECS 30 #define AUTH_MASTER_IDLE_SECS 60 #define MAX_INBUF_SIZE 8192 @@ -301,7 +301,7 @@ static void auth_master_set_io(struct auth_master_connection *conn) conn->input = i_stream_create_fd(conn->fd, MAX_INBUF_SIZE, FALSE); conn->output = o_stream_create_fd(conn->fd, MAX_OUTBUF_SIZE, FALSE); conn->io = io_add(conn->fd, IO_READ, auth_input, conn); - conn->to = timeout_add(1000*AUTH_REQUEST_TIMEOUT_SECS, + conn->to = timeout_add(1000*MASTER_AUTH_LOOKUP_TIMEOUT_SECS, auth_request_timeout, conn); lib_signals_reset_ioloop(); } diff --git a/src/lib-master/master-interface.h b/src/lib-master/master-interface.h index 4fe044e4e5..f595bd2e12 100644 --- a/src/lib-master/master-interface.h +++ b/src/lib-master/master-interface.h @@ -71,4 +71,12 @@ enum master_login_state { new child processes when needed. */ #define MASTER_LISTEN_FD_FIRST 6 +/* Timeouts: base everything on how long we can wait for login clients. */ +#define MASTER_LOGIN_TIMEOUT_SECS (3*60) +/* auth server should abort auth requests before that happens */ +#define MASTER_AUTH_SERVER_TIMEOUT_SECS (MASTER_LOGIN_TIMEOUT_SECS - 30) +/* auth clients should abort auth lookups after server was supposed to have + done that */ +#define MASTER_AUTH_LOOKUP_TIMEOUT_SECS (MASTER_AUTH_SERVER_TIMEOUT_SECS + 5) + #endif diff --git a/src/lib-master/master-login-auth.c b/src/lib-master/master-login-auth.c index 6a1db471d1..030eee83ad 100644 --- a/src/lib-master/master-login-auth.c +++ b/src/lib-master/master-login-auth.c @@ -9,13 +9,13 @@ #include "hex-binary.h" #include "hash.h" #include "str.h" +#include "master-interface.h" #include "master-auth.h" #include "master-login-auth.h" #include #define AUTH_MAX_INBUF_SIZE 8192 -#define AUTH_REQUEST_TIMEOUT_SECS (2*60) struct master_login_auth_request { struct master_login_auth_request *prev, *next; @@ -120,7 +120,8 @@ static unsigned int auth_get_next_timeout_secs(struct master_login_auth *auth) { time_t expires; - expires = auth->request_head->create_stamp + AUTH_REQUEST_TIMEOUT_SECS; + expires = auth->request_head->create_stamp + + MASTER_AUTH_LOOKUP_TIMEOUT_SECS; return expires <= ioloop_time ? 0 : expires - ioloop_time; } diff --git a/src/login-common/client-common.h b/src/login-common/client-common.h index 4b47855c1a..d58b9acd5d 100644 --- a/src/login-common/client-common.h +++ b/src/login-common/client-common.h @@ -17,7 +17,7 @@ /* Disconnect client after this many milliseconds if it hasn't managed to log in yet. */ -#define CLIENT_LOGIN_TIMEOUT_MSECS (3*60*1000) +#define CLIENT_LOGIN_TIMEOUT_MSECS (MASTER_LOGIN_TIMEOUT_SECS*1000) #define AUTH_SERVER_WAITING_MSG \ "Waiting for authentication process to respond.."