dovecot: Added auth_cache_negative_ttl setting.

dovecot at dovecot.org dovecot at dovecot.org
Mon Aug 6 18:02:52 EEST 2007 

details:   http://hg.dovecot.org/dovecot/rev/6c48466c23fa
changeset: 6174:6c48466c23fa
user:      Timo Sirainen <tss at iki.fi>
date:      Mon Aug 06 18:02:48 2007 +0300
description:
Added auth_cache_negative_ttl setting.

diffstat:

7 files changed, 33 insertions(+), 9 deletions(-)
dovecot-example.conf         |    2 ++
src/auth/auth-cache.c        |   21 +++++++++++++++++----
src/auth/auth-cache.h        |    8 +++++---
src/auth/passdb-cache.c      |    6 ++++--
src/master/auth-process.c    |    2 ++
src/master/master-settings.c |    2 ++
src/master/master-settings.h |    1 +

diffs (175 lines):

diff -r 370691a10003 -r 6c48466c23fa dovecot-example.conf
--- a/dovecot-example.conf	Mon Aug 06 17:45:25 2007 +0300
+++ b/dovecot-example.conf	Mon Aug 06 18:02:48 2007 +0300
@@ -720,6 +720,8 @@ protocol lda {
 # user's previous authentication was successful, but this one wasn't, the
 # cache isn't used. For now this works only with plaintext authentication.
 #auth_cache_ttl = 3600
+# TTL for negative hits (user not found). 0 disables caching them completely.
+#auth_cache_negative_ttl = 3600
 
 # Space separated list of realms for SASL authentication mechanisms that need
 # them. You can leave it empty if you don't want to support multiple realms.
diff -r 370691a10003 -r 6c48466c23fa src/auth/auth-cache.c
--- a/src/auth/auth-cache.c	Mon Aug 06 17:45:25 2007 +0300
+++ b/src/auth/auth-cache.c	Mon Aug 06 18:02:48 2007 +0300
@@ -16,7 +16,7 @@ struct auth_cache {
 	struct auth_cache_node *head, *tail;
 
 	size_t size_left;
-	unsigned int ttl_secs;
+	unsigned int ttl_secs, neg_ttl_secs;
 
 	unsigned int hit_count, miss_count;
 };
@@ -112,7 +112,9 @@ static void sig_auth_cache_stats(int sig
 	cache->hit_count = cache->miss_count = 0;
 }
 
-struct auth_cache *auth_cache_new(size_t max_size, unsigned int ttl_secs)
+struct auth_cache *auth_cache_new(size_t max_size, unsigned int ttl_secs,
+				  unsigned int neg_ttl_secs
+)
 {
 	struct auth_cache *cache;
 
@@ -121,6 +123,7 @@ struct auth_cache *auth_cache_new(size_t
 				  (hash_cmp_callback_t *)strcmp);
 	cache->size_left = max_size;
 	cache->ttl_secs = ttl_secs;
+	cache->neg_ttl_secs = neg_ttl_secs;
 
 	lib_signals_set_handler(SIGHUP, TRUE, sig_auth_cache_clear, cache);
 	lib_signals_set_handler(SIGUSR2, TRUE, sig_auth_cache_stats, cache);
@@ -154,6 +157,8 @@ auth_cache_lookup(struct auth_cache *cac
 {
 	string_t *str;
 	struct auth_cache_node *node;
+	const char *value;
+	unsigned int ttl_secs;
 
 	*expired_r = FALSE;
 
@@ -171,7 +176,10 @@ auth_cache_lookup(struct auth_cache *cac
 	}
 	cache->hit_count++;
 
-	if (node->created < time(NULL) - (time_t)cache->ttl_secs) {
+	value = node->data + strlen(node->data) + 1;
+	ttl_secs = *value == '\0' ? cache->neg_ttl_secs : cache->ttl_secs;
+
+	if (node->created < time(NULL) - (time_t)ttl_secs) {
 		/* TTL expired */
 		*expired_r = TRUE;
 	} else {
@@ -185,7 +193,7 @@ auth_cache_lookup(struct auth_cache *cac
 	if (node_r != NULL)
 		*node_r = node;
 
-	return node->data + strlen(node->data) + 1;
+	return value;
 }
 
 void auth_cache_insert(struct auth_cache *cache, struct auth_request *request,
@@ -195,6 +203,11 @@ void auth_cache_insert(struct auth_cache
         struct auth_cache_node *node;
 	size_t data_size, alloc_size, value_len = strlen(value);
 	char *current_username;
+
+	if (*value == '\0' && cache->neg_ttl_secs == 0) {
+		/* we're not caching negative entries */
+		return;
+	}
 
 	/* store into cache using the original username, except if we're doing
 	   a master user login */
diff -r 370691a10003 -r 6c48466c23fa src/auth/auth-cache.h
--- a/src/auth/auth-cache.h	Mon Aug 06 17:45:25 2007 +0300
+++ b/src/auth/auth-cache.h	Mon Aug 06 18:02:48 2007 +0300
@@ -22,8 +22,10 @@ char *auth_cache_parse_key(pool_t pool, 
 
 /* Create a new cache. max_size specifies the maximum amount of memory in
    bytes to use for cache (it's not fully exact). ttl_secs specifies time to
-   live for cache record, requests older than that are not used. */
-struct auth_cache *auth_cache_new(size_t max_size, unsigned int ttl_secs);
+   live for cache record, requests older than that are not used.
+   neg_ttl_secs specifies the TTL for negative entries. */
+struct auth_cache *auth_cache_new(size_t max_size, unsigned int ttl_secs,
+				  unsigned int neg_ttl_secs);
 void auth_cache_free(struct auth_cache **cache);
 
 /* Clear the cache. */
@@ -36,7 +38,7 @@ auth_cache_lookup(struct auth_cache *cac
 auth_cache_lookup(struct auth_cache *cache, const struct auth_request *request,
 		  const char *key, struct auth_cache_node **node_r,
 		  bool *expired_r);
-/* Insert key => value into cache. */
+/* Insert key => value into cache. "" value means negative cache entry. */
 void auth_cache_insert(struct auth_cache *cache, struct auth_request *request,
 		       const char *key, const char *value, bool last_success);
 
diff -r 370691a10003 -r 6c48466c23fa src/auth/passdb-cache.c
--- a/src/auth/passdb-cache.c	Mon Aug 06 17:45:25 2007 +0300
+++ b/src/auth/passdb-cache.c	Mon Aug 06 18:02:48 2007 +0300
@@ -117,7 +117,7 @@ void passdb_cache_init(void)
 {
 	const char *env;
 	size_t max_size;
-	unsigned int cache_ttl;
+	unsigned int cache_ttl, neg_cache_ttl;
 
 	env = getenv("CACHE_SIZE");
 	if (env == NULL)
@@ -135,7 +135,9 @@ void passdb_cache_init(void)
 	if (cache_ttl == 0)
 		return;
 
-	passdb_cache = auth_cache_new(max_size, cache_ttl);
+	env = getenv("CACHE_NEGATIVE_TTL");
+	neg_cache_ttl = env == NULL ? 0 : (unsigned int)strtoul(env, NULL, 10);
+	passdb_cache = auth_cache_new(max_size, cache_ttl, neg_cache_ttl);
 }
 
 void passdb_cache_deinit(void)
diff -r 370691a10003 -r 6c48466c23fa src/master/auth-process.c
--- a/src/master/auth-process.c	Mon Aug 06 17:45:25 2007 +0300
+++ b/src/master/auth-process.c	Mon Aug 06 18:02:48 2007 +0300
@@ -436,6 +436,8 @@ static void auth_set_environment(struct 
 			    set->master_user_separator, NULL));
 	env_put(t_strdup_printf("CACHE_SIZE=%u", set->cache_size));
 	env_put(t_strdup_printf("CACHE_TTL=%u", set->cache_ttl));
+	env_put(t_strdup_printf("CACHE_NEGATIVE_TTL=%u",
+				set->cache_negative_ttl));
 
 	for (ap = set->passdbs, i = 1; ap != NULL; ap = ap->next, i++) {
 		env_put(t_strdup_printf("PASSDB_%u_DRIVER=%s", i, ap->driver));
diff -r 370691a10003 -r 6c48466c23fa src/master/master-settings.c
--- a/src/master/master-settings.c	Mon Aug 06 17:45:25 2007 +0300
+++ b/src/master/master-settings.c	Mon Aug 06 18:02:48 2007 +0300
@@ -67,6 +67,7 @@ static struct setting_def auth_setting_d
 	DEF_STR(default_realm),
 	DEF_INT(cache_size),
 	DEF_INT(cache_ttl),
+	DEF_INT(cache_negative_ttl),
 	DEF_STR(executable),
 	DEF_STR(user),
 	DEF_STR(chroot),
@@ -291,6 +292,7 @@ struct auth_settings default_auth_settin
 	MEMBER(default_realm) "",
 	MEMBER(cache_size) 0,
 	MEMBER(cache_ttl) 3600,
+	MEMBER(cache_negative_ttl) 3600,
 	MEMBER(executable) PKG_LIBEXECDIR"/dovecot-auth",
 	MEMBER(user) "root",
 	MEMBER(chroot) "",
diff -r 370691a10003 -r 6c48466c23fa src/master/master-settings.h
--- a/src/master/master-settings.h	Mon Aug 06 17:45:25 2007 +0300
+++ b/src/master/master-settings.h	Mon Aug 06 18:02:48 2007 +0300
@@ -193,6 +193,7 @@ struct auth_settings {
 	const char *default_realm;
 	unsigned int cache_size;
 	unsigned int cache_ttl;
+	unsigned int cache_negative_ttl;
 	const char *executable;
 	const char *user;
 	const char *chroot;

More information about the dovecot-cvs mailing list