From: Timo Sirainen <tss@iki.fi>
Date: Wed, 11 Nov 2009 18:55:49 +0000 (-0500)
Subject: auth: Connect to anvil-auth-penalty before dropping root privileges.
X-Git-Tag: 2.0.beta1~169
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f42581dd841281a4434e5c52488e0eda9716c891;p=thirdparty%2Fdovecot%2Fcore.git

auth: Connect to anvil-auth-penalty before dropping root privileges.

--HG--
branch : HEAD
---

diff --git a/src/auth/auth-request-handler.c b/src/auth/auth-request-handler.c
index 8917e91874..2ef705f972 100644
--- a/src/auth/auth-request-handler.c
+++ b/src/auth/auth-request-handler.c
@@ -16,13 +16,11 @@
 #include <stdlib.h>
 
 #define AUTH_FAILURE_DELAY_CHECK_MSECS 500
-#define AUTH_PENALTY_ANVIL_PATH "anvil-auth-penalty"
 
 struct auth_request_handler {
 	int refcount;
 	pool_t pool;
 	struct hash_table *requests;
-	struct auth_penalty *penalty;
 
         struct auth *auth;
         unsigned int connect_uid, client_pid;
@@ -58,7 +56,6 @@ auth_request_handler_create(struct auth *auth,
 	handler->callback = callback;
 	handler->context = context;
 	handler->master_callback = master_callback;
-	handler->penalty = auth_penalty_init(AUTH_PENALTY_ANVIL_PATH);
 	return handler;
 }
 
@@ -84,7 +81,6 @@ void auth_request_handler_unref(struct auth_request_handler **_handler)
 	/* notify parent that we're done with all requests */
 	handler->callback(NULL, handler->context);
 
-	auth_penalty_deinit(&handler->penalty);
 	hash_table_destroy(&handler->requests);
 	pool_unref(&handler->pool);
 }
@@ -193,7 +189,7 @@ auth_request_handle_failure(struct auth_request *request,
 	request->delayed_failure = TRUE;
 	handler->refcount++;
 
-	auth_penalty_update(handler->penalty, request,
+	auth_penalty_update(request->auth->penalty, request,
 			    request->last_penalty + 1);
 
 	request->last_access = ioloop_time;
@@ -231,7 +227,7 @@ static void auth_callback(struct auth_request *request,
 
 		if (request->last_penalty != 0) {
 			/* reset penalty */
-			auth_penalty_update(handler->penalty, request, 0);
+			auth_penalty_update(request->auth->penalty, request, 0);
 		}
 
 		auth_stream_reply_add(reply, "OK", NULL);
@@ -421,7 +417,8 @@ bool auth_request_handler_auth_begin(struct auth_request_handler *handler,
 	handler->refcount++;
 
 	/* before we start authenticating, see if we need to wait first */
-	auth_penalty_lookup(handler->penalty, request, auth_penalty_callback);
+	auth_penalty_lookup(request->auth->penalty, request,
+			    auth_penalty_callback);
 	return TRUE;
 }
 
diff --git a/src/auth/auth.c b/src/auth/auth.c
index d60f02012c..0710836efe 100644
--- a/src/auth/auth.c
+++ b/src/auth/auth.c
@@ -10,11 +10,14 @@
 #include "passdb.h"
 #include "passdb-cache.h"
 #include "auth.h"
+#include "auth-penalty.h"
 #include "auth-request-handler.h"
 
 #include <stdlib.h>
 #include <unistd.h>
 
+#define AUTH_PENALTY_ANVIL_PATH "anvil-auth-penalty"
+
 struct auth_userdb_settings userdb_dummy_set = {
 	MEMBER(driver) "static",
 	MEMBER(args) ""
@@ -255,6 +258,8 @@ void auth_init(struct auth *auth)
 		for (; *p != '\0' && p[1] != '\0'; p += 2)
 			auth->username_translation[(int)(uint8_t)*p] = p[1];
 	}
+
+	auth->penalty = auth_penalty_init(AUTH_PENALTY_ANVIL_PATH);
 }
 
 void auth_deinit(struct auth **_auth)
@@ -275,5 +280,6 @@ void auth_deinit(struct auth **_auth)
 	auth_request_handler_deinit();
 	passdb_cache_deinit();
 
+	auth_penalty_deinit(&auth->penalty);
 	pool_unref(&auth->pool);
 }
diff --git a/src/auth/auth.h b/src/auth/auth.h
index da331064ac..a91d8be04a 100644
--- a/src/auth/auth.h
+++ b/src/auth/auth.h
@@ -39,6 +39,7 @@ struct auth {
 	struct auth_passdb *masterdbs;
 	struct auth_passdb *passdbs;
 	struct auth_userdb *userdbs;
+	struct auth_penalty *penalty;
 
 	const char *const *auth_realms;
 	char username_chars[256];