Mercurial > dovecot > core-2.2
changeset 12812:bf6749d4db08
auth: Allow clients to specify that they want to skip auth penalty check.
This is "safe", because the clients specify the IP for the penalty check
anyway.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Fri, 04 Mar 2011 18:51:46 +0200 |
parents | d32a23fa160d |
children | 73cad87e2045 |
files | src/auth/auth-penalty.c src/auth/auth-request.c src/auth/auth-request.h src/lib-auth/auth-client-request.c src/lib-auth/auth-client.h |
diffstat | 5 files changed, 12 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/auth-penalty.c Fri Mar 04 18:32:09 2011 +0200 +++ b/src/auth/auth-penalty.c Fri Mar 04 18:51:46 2011 +0200 @@ -123,7 +123,7 @@ const char *ident; ident = auth_penalty_get_ident(auth_request); - if (penalty->disabled || ident == NULL) { + if (penalty->disabled || ident == NULL || auth_request->no_penalty) { callback(0, auth_request); return; } @@ -155,7 +155,7 @@ const char *ident; ident = auth_penalty_get_ident(auth_request); - if (penalty->disabled || ident == NULL) + if (penalty->disabled || ident == NULL || auth_request->no_penalty) return; if (value > AUTH_PENALTY_MAX_PENALTY) {
--- a/src/auth/auth-request.c Fri Mar 04 18:32:09 2011 +0200 +++ b/src/auth/auth-request.c Fri Mar 04 18:51:46 2011 +0200 @@ -197,6 +197,8 @@ auth_stream_reply_add(reply, "skip_password_check", "1"); if (request->valid_client_cert) auth_stream_reply_add(reply, "valid-client-cert", "1"); + if (request->no_penalty) + auth_stream_reply_add(reply, "no-penalty", "1"); if (request->mech_name != NULL) auth_stream_reply_add(reply, "mech", request->mech_name); } @@ -235,6 +237,8 @@ request->no_login = TRUE; else if (strcmp(key, "valid-client-cert") == 0) request->valid_client_cert = TRUE; + else if (strcmp(key, "no-penalty") == 0) + request->no_penalty = TRUE; else if (strcmp(key, "skip_password_check") == 0) { i_assert(request->master_user != NULL); request->skip_password_check = TRUE;
--- a/src/auth/auth-request.h Fri Mar 04 18:32:09 2011 +0200 +++ b/src/auth/auth-request.h Fri Mar 04 18:51:46 2011 +0200 @@ -106,6 +106,7 @@ unsigned int proxy:1; unsigned int proxy_maybe:1; unsigned int valid_client_cert:1; + unsigned int no_penalty:1; unsigned int cert_username:1; unsigned int userdb_lookup:1; unsigned int userdb_lookup_failed:1;
--- a/src/lib-auth/auth-client-request.c Fri Mar 04 18:32:09 2011 +0200 +++ b/src/lib-auth/auth-client-request.c Fri Mar 04 18:51:46 2011 +0200 @@ -36,6 +36,8 @@ if ((info->flags & AUTH_REQUEST_FLAG_SECURED) != 0) str_append(str, "\tsecured"); + if ((info->flags & AUTH_REQUEST_FLAG_NO_PENALTY) != 0) + str_append(str, "\tno-penalty"); if ((info->flags & AUTH_REQUEST_FLAG_VALID_CLIENT_CERT) != 0) str_append(str, "\tvalid-client-cert");
--- a/src/lib-auth/auth-client.h Fri Mar 04 18:32:09 2011 +0200 +++ b/src/lib-auth/auth-client.h Fri Mar 04 18:51:46 2011 +0200 @@ -9,7 +9,9 @@ enum auth_request_flags { AUTH_REQUEST_FLAG_SECURED = 0x01, - AUTH_REQUEST_FLAG_VALID_CLIENT_CERT = 0x02 + AUTH_REQUEST_FLAG_VALID_CLIENT_CERT = 0x02, + /* Skip penalty checks for this request */ + AUTH_REQUEST_FLAG_NO_PENALTY = 0x04 }; enum auth_request_status {