# HG changeset patch # User Timo Sirainen # Date 1199225021 -7200 # Node ID 10d49a20b04e09bd3e65cedabc64fe8bbb5d5e50 # Parent 95850000933620523c8ee4c5368955b75e344892 Added auth_failure_delay setting. diff -r 958500009336 -r 10d49a20b04e dovecot-example.conf --- a/dovecot-example.conf Tue Jan 01 23:53:29 2008 +0200 +++ b/dovecot-example.conf Wed Jan 02 00:03:41 2008 +0200 @@ -777,6 +777,9 @@ # Path for Samba's ntlm_auth helper binary. #auth_winbind_helper_path = /usr/bin/ntlm_auth +# Number of seconds to delay before replying to failed authentications. +#auth_failure_delay = 2 + auth default { # Space separated list of wanted authentication mechanisms: # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey diff -r 958500009336 -r 10d49a20b04e src/auth/auth-request-handler.c --- a/src/auth/auth-request-handler.c Tue Jan 01 23:53:29 2008 +0200 +++ b/src/auth/auth-request-handler.c Wed Jan 02 00:03:41 2008 +0200 @@ -14,8 +14,8 @@ #include -#define AUTH_FAILURE_DELAY_SECS 2 -#define AUTH_FAILURE_DELAY_CHECK_MSECS (1000*AUTH_FAILURE_DELAY_SECS/2) +#define DEFAULT_AUTH_FAILURE_DELAY 2 +#define AUTH_FAILURE_DELAY_CHECK_MSECS 500 struct auth_request_handler { int refcount; @@ -34,6 +34,7 @@ static ARRAY_DEFINE(auth_failures_arr, struct auth_request *); static struct aqueue *auth_failures; static struct timeout *to_auth_failures; +static unsigned int auth_failure_delay; static void auth_failure_timeout(void *context); @@ -508,7 +509,8 @@ count = aqueue_count(auth_failures); if (count == 0) { - timeout_remove(&to_auth_failures); + if (to_auth_failures != NULL) + timeout_remove(&to_auth_failures); return; } @@ -517,7 +519,7 @@ auth_request = auth_requests[aqueue_idx(auth_failures, 0)]; diff = ioloop_time - auth_request->last_access; - if (diff < AUTH_FAILURE_DELAY_SECS && !flush_all) + if (diff < auth_failure_delay && !flush_all) break; aqueue_delete_tail(auth_failures); @@ -536,6 +538,12 @@ void auth_request_handler_init(void) { + const char *env; + + env = getenv("FAILURE_DELAY"); + auth_failure_delay = env != NULL ? atoi(env) : + DEFAULT_AUTH_FAILURE_DELAY; + i_array_init(&auth_failures_arr, 128); auth_failures = aqueue_init(&auth_failures_arr.arr); } diff -r 958500009336 -r 10d49a20b04e src/auth/auth.h --- a/src/auth/auth.h Tue Jan 01 23:53:29 2008 +0200 +++ b/src/auth/auth.h Wed Jan 02 00:03:41 2008 +0200 @@ -46,7 +46,7 @@ char username_translation[256]; char master_user_separator; bool ssl_require_client_cert; - bool ssl_username_from_cert; + bool ssl_username_from_cert; bool verbose, verbose_debug, verbose_debug_passwords; }; diff -r 958500009336 -r 10d49a20b04e src/master/auth-process.c --- a/src/master/auth-process.c Tue Jan 01 23:53:29 2008 +0200 +++ b/src/master/auth-process.c Wed Jan 02 00:03:41 2008 +0200 @@ -495,6 +495,7 @@ } env_put(t_strconcat("WINBIND_HELPER_PATH=", set->winbind_helper_path, NULL)); + env_put(t_strdup_printf("FAILURE_DELAY=%u", set->failure_delay)); restrict_process_size(set->process_size, (unsigned int)-1); } diff -r 958500009336 -r 10d49a20b04e src/master/master-settings.c --- a/src/master/master-settings.c Tue Jan 01 23:53:29 2008 +0200 +++ b/src/master/master-settings.c Wed Jan 02 00:03:41 2008 +0200 @@ -83,6 +83,7 @@ DEF_STR(krb5_keytab), DEF_STR(gssapi_hostname), DEF_STR(winbind_helper_path), + DEF_INT(failure_delay), DEF_BOOL(verbose), DEF_BOOL(debug), @@ -312,6 +313,7 @@ MEMBER(krb5_keytab) "", MEMBER(gssapi_hostname) "", MEMBER(winbind_helper_path) "/usr/bin/ntlm_auth", + MEMBER(failure_delay) 2, MEMBER(verbose) FALSE, MEMBER(debug) FALSE, diff -r 958500009336 -r 10d49a20b04e src/master/master-settings.h --- a/src/master/master-settings.h Tue Jan 01 23:53:29 2008 +0200 +++ b/src/master/master-settings.h Wed Jan 02 00:03:41 2008 +0200 @@ -205,6 +205,7 @@ const char *krb5_keytab; const char *gssapi_hostname; const char *winbind_helper_path; + unsigned int failure_delay; bool verbose, debug, debug_passwords; bool ssl_require_client_cert;