[dovecot-cvs] dovecot/src/auth auth-cache.c, 1.8, 1.9 auth-cache.h, 1.1, 1.2 auth-request.c, 1.11, 1.12 passdb-cache.c, 1.6, 1.7 passdb-cache.h, 1.2, 1.3

Tue Mar 1 00:41:35 EET 2005

Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv21818

Modified Files:
	auth-cache.c auth-cache.h auth-request.c passdb-cache.c 
	passdb-cache.h 
Log Message:
Fallback to using expired records from auth cache if database lookups fail.



Index: auth-cache.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-cache.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9

--- auth-cache.c	7 Jan 2005 18:51:10 -0000	1.8
+++ auth-cache.c	28 Feb 2005 22:41:33 -0000	1.9
@@ -126,11 +126,13 @@
 
 const char *auth_cache_lookup(struct auth_cache *cache,
 			      const struct auth_request *request,
-			      const char *key)
+			      const char *key, int *expired_r)
 {
 	string_t *str;
 	struct cache_node *node;
 
+	*expired_r = FALSE;
+
 	if (cache->hup_count != lib_signal_hup_count) {
 		/* SIGHUP received - clear cache */
 		i_info("SIGHUP received, clearing cache");
@@ -147,15 +149,14 @@
 		return NULL;
 
 	if (node->created < time(NULL) - (time_t)cache->ttl_secs) {
-		/* TTL expired, destroy */
-		auth_cache_node_destroy(cache, node);
-		return NULL;
-	}
-
-	/* move to head */
-	if (node != cache->head) {
-		auth_cache_node_unlink(cache, node);
-		auth_cache_node_link_head(cache, node);
+		/* TTL expired */
+		*expired_r = TRUE;
+	} else {
+		/* move to head */
+		if (node != cache->head) {
+			auth_cache_node_unlink(cache, node);
+			auth_cache_node_link_head(cache, node);
+		}
 	}
 
 	return node->data + strlen(node->data) + 1;

Index: auth-cache.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-cache.h,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- auth-cache.h	21 Oct 2004 02:23:12 -0000	1.1
+++ auth-cache.h	28 Feb 2005 22:41:33 -0000	1.2
@@ -21,7 +21,7 @@
    auth_cache_parse_key(). */
 const char *auth_cache_lookup(struct auth_cache *cache,
 			      const struct auth_request *request,
-			      const char *key);
+			      const char *key, int *expired_r);
 /* Insert key => value into cache. */
 void auth_cache_insert(struct auth_cache *cache,
 		       const struct auth_request *request,

Index: auth-request.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-request.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -d -r1.11 -r1.12
--- auth-request.c	28 Feb 2005 22:19:21 -0000	1.11
+++ auth-request.c	28 Feb 2005 22:41:33 -0000	1.12
@@ -148,8 +148,27 @@
 void auth_request_verify_plain_callback(enum passdb_result result,
 					struct auth_request *request)
 {
+	const char *cache_key;
+	int expired;
+
         auth_request_save_cache(request, result);
 
+	cache_key = passdb_cache == NULL ? NULL :
+		request->auth->passdb->cache_key;
+	if (result == PASSDB_RESULT_INTERNAL_FAILURE && cache_key != NULL) {
+		/* lookup failed. if we're looking here only because the
+		   request was expired in cache, fallback to using cached
+		   expired record. */
+		if (passdb_cache_verify_plain(request, cache_key,
+					      request->mech_password,
+					      &result, &expired)) {
+			request->private_callback.verify_plain(result, request);
+			safe_memset(request->mech_password, 0,
+				    strlen(request->mech_password));
+			return;
+		}
+	}
+
 	if (request->proxy) {
 		/* we're proxying - send back the password that was
 		   sent by user (not the password in passdb). */
@@ -159,10 +178,11 @@
 
 	if (request->passdb_password != NULL) {
 		safe_memset(request->passdb_password, 0,
-			    strlen(request->mech_password));
+			    strlen(request->passdb_password));
 	}
 
         safe_memset(request->mech_password, 0, strlen(request->mech_password));
+
 	request->private_callback.verify_plain(result, request);
 }
 
@@ -173,6 +193,7 @@
 	struct passdb_module *passdb = request->auth->passdb;
 	enum passdb_result result;
 	const char *cache_key;
+	int expired;
 
 	request->mech_password = p_strdup(request->pool, password);
 	request->private_callback.verify_plain = callback;
@@ -180,7 +201,7 @@
 	cache_key = passdb_cache == NULL ? NULL : passdb->cache_key;
 	if (cache_key != NULL) {
 		if (passdb_cache_verify_plain(request, cache_key, password,
-					      &result)) {
+					      &result, &expired) && !expired) {
 			callback(result, request);
 			return;
 		}
@@ -198,11 +219,32 @@
 					      const char *credentials,
 					      struct auth_request *request)
 {
+	const char *cache_key, *scheme;
+	int expired;
+
         auth_request_save_cache(request, result);
 
 	if (request->passdb_password != NULL) {
 		safe_memset(request->passdb_password, 0,
-			    strlen(request->mech_password));
+			    strlen(request->passdb_password));
+	}
+
+	cache_key = passdb_cache == NULL ? NULL :
+		request->auth->passdb->cache_key;
+	if (result == PASSDB_RESULT_INTERNAL_FAILURE && cache_key != NULL) {
+		/* lookup failed. if we're looking here only because the
+		   request was expired in cache, fallback to using cached
+		   expired record. */
+		if (passdb_cache_lookup_credentials(request, cache_key,
+						    &credentials, &scheme,
+						    &expired)) {
+			passdb_handle_credentials(credentials != NULL ?
+				PASSDB_RESULT_OK : PASSDB_RESULT_USER_UNKNOWN,
+				request->credentials, credentials, scheme,
+				request->private_callback.lookup_credentials,
+				request);
+			return;
+		}
 	}
 
 	request->private_callback.lookup_credentials(result, credentials,
@@ -215,11 +257,13 @@
 {
 	struct passdb_module *passdb = request->auth->passdb;
 	const char *cache_key, *result, *scheme;
+	int expired;
 
 	cache_key = passdb_cache == NULL ? NULL : passdb->cache_key;
 	if (cache_key != NULL) {
 		if (passdb_cache_lookup_credentials(request, cache_key,
-						    &result, &scheme)) {
+						    &result, &scheme,
+						    &expired) && !expired) {
 			passdb_handle_credentials(result != NULL ?
 						  PASSDB_RESULT_OK :
 						  PASSDB_RESULT_USER_UNKNOWN,

Index: passdb-cache.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-cache.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- passdb-cache.c	26 Feb 2005 22:55:03 -0000	1.6
+++ passdb-cache.c	28 Feb 2005 22:41:33 -0000	1.7
@@ -34,7 +34,7 @@
 
 int passdb_cache_verify_plain(struct auth_request *request, const char *key,
 			      const char *password,
-			      enum passdb_result *result_r)
+			      enum passdb_result *result_r, int *expired_r)
 {
 	const char *value, *cached_pw, *scheme, *const *list;
 	int ret;
@@ -43,7 +43,7 @@
 		return FALSE;
 
 	/* value = password \t ... */
-	value = auth_cache_lookup(passdb_cache, request, key);
+	value = auth_cache_lookup(passdb_cache, request, key, expired_r);
 	if (value == NULL)
 		return FALSE;
 
@@ -76,14 +76,14 @@
 
 int passdb_cache_lookup_credentials(struct auth_request *request,
 				    const char *key, const char **result_r,
-				    const char **scheme_r)
+				    const char **scheme_r, int *expired_r)
 {
 	const char *value, *const *list;
 
 	if (passdb_cache == NULL)
 		return FALSE;
 
-	value = auth_cache_lookup(passdb_cache, request, key);
+	value = auth_cache_lookup(passdb_cache, request, key, expired_r);
 	if (value == NULL)
 		return FALSE;
 

Index: passdb-cache.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-cache.h,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- passdb-cache.h	26 Feb 2005 22:55:03 -0000	1.2
+++ passdb-cache.h	28 Feb 2005 22:41:33 -0000	1.3
@@ -8,10 +8,10 @@
 
 int passdb_cache_verify_plain(struct auth_request *request, const char *key,
 			      const char *password,
-			      enum passdb_result *result_r);
+			      enum passdb_result *result_r, int *expired_r);
 int passdb_cache_lookup_credentials(struct auth_request *request,
 				    const char *key, const char **result_r,
-				    const char **scheme_r);
+				    const char **scheme_r, int *expired_r);
 
 void passdb_cache_init(void);
 void passdb_cache_deinit(void);

