dovecot: Added auth_failure_delay setting.

dovecot at dovecot.org dovecot at dovecot.org
Wed Jan 2 00:03:46 EET 2008 

details:   http://hg.dovecot.org/dovecot/rev/10d49a20b04e
changeset: 7089:10d49a20b04e
user:      Timo Sirainen <tss at iki.fi>
date:      Wed Jan 02 00:03:41 2008 +0200
description:
Added auth_failure_delay setting.

diffstat:

6 files changed, 20 insertions(+), 5 deletions(-)
dovecot-example.conf            |    3 +++
src/auth/auth-request-handler.c |   16 ++++++++++++----
src/auth/auth.h                 |    2 +-
src/master/auth-process.c       |    1 +
src/master/master-settings.c    |    2 ++
src/master/master-settings.h    |    1 +

diffs (120 lines):

diff -r 958500009336 -r 10d49a20b04e dovecot-example.conf
--- a/dovecot-example.conf	Tue Jan 01 23:53:29 2008 +0200
+++ b/dovecot-example.conf	Wed Jan 02 00:03:41 2008 +0200
@@ -776,6 +776,9 @@ protocol lda {
 
 # Path for Samba's ntlm_auth helper binary.
 #auth_winbind_helper_path = /usr/bin/ntlm_auth
+
+# Number of seconds to delay before replying to failed authentications.
+#auth_failure_delay = 2
 
 auth default {
   # Space separated list of wanted authentication mechanisms:
diff -r 958500009336 -r 10d49a20b04e src/auth/auth-request-handler.c
--- a/src/auth/auth-request-handler.c	Tue Jan 01 23:53:29 2008 +0200
+++ b/src/auth/auth-request-handler.c	Wed Jan 02 00:03:41 2008 +0200
@@ -14,8 +14,8 @@
 
 #include <stdlib.h>
 
-#define AUTH_FAILURE_DELAY_SECS 2
-#define AUTH_FAILURE_DELAY_CHECK_MSECS (1000*AUTH_FAILURE_DELAY_SECS/2)
+#define DEFAULT_AUTH_FAILURE_DELAY 2
+#define AUTH_FAILURE_DELAY_CHECK_MSECS 500
 
 struct auth_request_handler {
 	int refcount;
@@ -34,6 +34,7 @@ static ARRAY_DEFINE(auth_failures_arr, s
 static ARRAY_DEFINE(auth_failures_arr, struct auth_request *);
 static struct aqueue *auth_failures;
 static struct timeout *to_auth_failures;
+static unsigned int auth_failure_delay;
 
 static void auth_failure_timeout(void *context);
 
@@ -508,7 +509,8 @@ void auth_request_handler_flush_failures
 
 	count = aqueue_count(auth_failures);
 	if (count == 0) {
-		timeout_remove(&to_auth_failures);
+		if (to_auth_failures != NULL)
+			timeout_remove(&to_auth_failures);
 		return;
 	}
 
@@ -517,7 +519,7 @@ void auth_request_handler_flush_failures
 		auth_request = auth_requests[aqueue_idx(auth_failures, 0)];
 
 		diff = ioloop_time - auth_request->last_access;
-		if (diff < AUTH_FAILURE_DELAY_SECS && !flush_all)
+		if (diff < auth_failure_delay && !flush_all)
 			break;
 
 		aqueue_delete_tail(auth_failures);
@@ -536,6 +538,12 @@ static void auth_failure_timeout(void *c
 
 void auth_request_handler_init(void)
 {
+	const char *env;
+
+	env = getenv("FAILURE_DELAY");
+	auth_failure_delay = env != NULL ? atoi(env) :
+		DEFAULT_AUTH_FAILURE_DELAY;
+
 	i_array_init(&auth_failures_arr, 128);
 	auth_failures = aqueue_init(&auth_failures_arr.arr);
 }
diff -r 958500009336 -r 10d49a20b04e src/auth/auth.h
--- a/src/auth/auth.h	Tue Jan 01 23:53:29 2008 +0200
+++ b/src/auth/auth.h	Wed Jan 02 00:03:41 2008 +0200
@@ -46,7 +46,7 @@ struct auth {
 	char username_translation[256];
 	char master_user_separator;
 	bool ssl_require_client_cert;
-        bool ssl_username_from_cert;
+	bool ssl_username_from_cert;
 
 	bool verbose, verbose_debug, verbose_debug_passwords;
 };
diff -r 958500009336 -r 10d49a20b04e src/master/auth-process.c
--- a/src/master/auth-process.c	Tue Jan 01 23:53:29 2008 +0200
+++ b/src/master/auth-process.c	Wed Jan 02 00:03:41 2008 +0200
@@ -495,6 +495,7 @@ static void auth_set_environment(struct 
 	}
 	env_put(t_strconcat("WINBIND_HELPER_PATH=",
 			    set->winbind_helper_path, NULL));
+	env_put(t_strdup_printf("FAILURE_DELAY=%u", set->failure_delay));
 
 	restrict_process_size(set->process_size, (unsigned int)-1);
 }
diff -r 958500009336 -r 10d49a20b04e src/master/master-settings.c
--- a/src/master/master-settings.c	Tue Jan 01 23:53:29 2008 +0200
+++ b/src/master/master-settings.c	Wed Jan 02 00:03:41 2008 +0200
@@ -83,6 +83,7 @@ static struct setting_def auth_setting_d
 	DEF_STR(krb5_keytab),
 	DEF_STR(gssapi_hostname),
 	DEF_STR(winbind_helper_path),
+	DEF_INT(failure_delay),
 
 	DEF_BOOL(verbose),
 	DEF_BOOL(debug),
@@ -312,6 +313,7 @@ struct auth_settings default_auth_settin
 	MEMBER(krb5_keytab) "",
 	MEMBER(gssapi_hostname) "",
 	MEMBER(winbind_helper_path) "/usr/bin/ntlm_auth",
+	MEMBER(failure_delay) 2,
 
 	MEMBER(verbose) FALSE,
 	MEMBER(debug) FALSE,
diff -r 958500009336 -r 10d49a20b04e src/master/master-settings.h
--- a/src/master/master-settings.h	Tue Jan 01 23:53:29 2008 +0200
+++ b/src/master/master-settings.h	Wed Jan 02 00:03:41 2008 +0200
@@ -205,6 +205,7 @@ struct auth_settings {
 	const char *krb5_keytab;
 	const char *gssapi_hostname;
 	const char *winbind_helper_path;
+	unsigned int failure_delay;
 
 	bool verbose, debug, debug_passwords;
 	bool ssl_require_client_cert;

More information about the dovecot-cvs mailing list