Mercurial > dovecot > original-hg > dovecot-1.2
changeset 6174:6c48466c23fa HEAD
Added auth_cache_negative_ttl setting.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Mon, 06 Aug 2007 18:02:48 +0300 |
parents | 370691a10003 |
children | 6c3788e03f7e |
files | dovecot-example.conf src/auth/auth-cache.c src/auth/auth-cache.h src/auth/passdb-cache.c src/master/auth-process.c src/master/master-settings.c src/master/master-settings.h |
diffstat | 7 files changed, 33 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/dovecot-example.conf Mon Aug 06 17:45:25 2007 +0300 +++ b/dovecot-example.conf Mon Aug 06 18:02:48 2007 +0300 @@ -720,6 +720,8 @@ # user's previous authentication was successful, but this one wasn't, the # cache isn't used. For now this works only with plaintext authentication. #auth_cache_ttl = 3600 +# TTL for negative hits (user not found). 0 disables caching them completely. +#auth_cache_negative_ttl = 3600 # Space separated list of realms for SASL authentication mechanisms that need # them. You can leave it empty if you don't want to support multiple realms.
--- a/src/auth/auth-cache.c Mon Aug 06 17:45:25 2007 +0300 +++ b/src/auth/auth-cache.c Mon Aug 06 18:02:48 2007 +0300 @@ -16,7 +16,7 @@ struct auth_cache_node *head, *tail; size_t size_left; - unsigned int ttl_secs; + unsigned int ttl_secs, neg_ttl_secs; unsigned int hit_count, miss_count; }; @@ -112,7 +112,9 @@ cache->hit_count = cache->miss_count = 0; } -struct auth_cache *auth_cache_new(size_t max_size, unsigned int ttl_secs) +struct auth_cache *auth_cache_new(size_t max_size, unsigned int ttl_secs, + unsigned int neg_ttl_secs +) { struct auth_cache *cache; @@ -121,6 +123,7 @@ (hash_cmp_callback_t *)strcmp); cache->size_left = max_size; cache->ttl_secs = ttl_secs; + cache->neg_ttl_secs = neg_ttl_secs; lib_signals_set_handler(SIGHUP, TRUE, sig_auth_cache_clear, cache); lib_signals_set_handler(SIGUSR2, TRUE, sig_auth_cache_stats, cache); @@ -154,6 +157,8 @@ { string_t *str; struct auth_cache_node *node; + const char *value; + unsigned int ttl_secs; *expired_r = FALSE; @@ -171,7 +176,10 @@ } cache->hit_count++; - if (node->created < time(NULL) - (time_t)cache->ttl_secs) { + value = node->data + strlen(node->data) + 1; + ttl_secs = *value == '\0' ? cache->neg_ttl_secs : cache->ttl_secs; + + if (node->created < time(NULL) - (time_t)ttl_secs) { /* TTL expired */ *expired_r = TRUE; } else { @@ -185,7 +193,7 @@ if (node_r != NULL) *node_r = node; - return node->data + strlen(node->data) + 1; + return value; } void auth_cache_insert(struct auth_cache *cache, struct auth_request *request, @@ -196,6 +204,11 @@ size_t data_size, alloc_size, value_len = strlen(value); char *current_username; + if (*value == '\0' && cache->neg_ttl_secs == 0) { + /* we're not caching negative entries */ + return; + } + /* store into cache using the original username, except if we're doing a master user login */ current_username = request->user;
--- a/src/auth/auth-cache.h Mon Aug 06 17:45:25 2007 +0300 +++ b/src/auth/auth-cache.h Mon Aug 06 18:02:48 2007 +0300 @@ -22,8 +22,10 @@ /* Create a new cache. max_size specifies the maximum amount of memory in bytes to use for cache (it's not fully exact). ttl_secs specifies time to - live for cache record, requests older than that are not used. */ -struct auth_cache *auth_cache_new(size_t max_size, unsigned int ttl_secs); + live for cache record, requests older than that are not used. + neg_ttl_secs specifies the TTL for negative entries. */ +struct auth_cache *auth_cache_new(size_t max_size, unsigned int ttl_secs, + unsigned int neg_ttl_secs); void auth_cache_free(struct auth_cache **cache); /* Clear the cache. */ @@ -36,7 +38,7 @@ auth_cache_lookup(struct auth_cache *cache, const struct auth_request *request, const char *key, struct auth_cache_node **node_r, bool *expired_r); -/* Insert key => value into cache. */ +/* Insert key => value into cache. "" value means negative cache entry. */ void auth_cache_insert(struct auth_cache *cache, struct auth_request *request, const char *key, const char *value, bool last_success);
--- a/src/auth/passdb-cache.c Mon Aug 06 17:45:25 2007 +0300 +++ b/src/auth/passdb-cache.c Mon Aug 06 18:02:48 2007 +0300 @@ -117,7 +117,7 @@ { const char *env; size_t max_size; - unsigned int cache_ttl; + unsigned int cache_ttl, neg_cache_ttl; env = getenv("CACHE_SIZE"); if (env == NULL) @@ -135,7 +135,9 @@ if (cache_ttl == 0) return; - passdb_cache = auth_cache_new(max_size, cache_ttl); + env = getenv("CACHE_NEGATIVE_TTL"); + neg_cache_ttl = env == NULL ? 0 : (unsigned int)strtoul(env, NULL, 10); + passdb_cache = auth_cache_new(max_size, cache_ttl, neg_cache_ttl); } void passdb_cache_deinit(void)
--- a/src/master/auth-process.c Mon Aug 06 17:45:25 2007 +0300 +++ b/src/master/auth-process.c Mon Aug 06 18:02:48 2007 +0300 @@ -436,6 +436,8 @@ set->master_user_separator, NULL)); env_put(t_strdup_printf("CACHE_SIZE=%u", set->cache_size)); env_put(t_strdup_printf("CACHE_TTL=%u", set->cache_ttl)); + env_put(t_strdup_printf("CACHE_NEGATIVE_TTL=%u", + set->cache_negative_ttl)); for (ap = set->passdbs, i = 1; ap != NULL; ap = ap->next, i++) { env_put(t_strdup_printf("PASSDB_%u_DRIVER=%s", i, ap->driver));
--- a/src/master/master-settings.c Mon Aug 06 17:45:25 2007 +0300 +++ b/src/master/master-settings.c Mon Aug 06 18:02:48 2007 +0300 @@ -67,6 +67,7 @@ DEF_STR(default_realm), DEF_INT(cache_size), DEF_INT(cache_ttl), + DEF_INT(cache_negative_ttl), DEF_STR(executable), DEF_STR(user), DEF_STR(chroot), @@ -291,6 +292,7 @@ MEMBER(default_realm) "", MEMBER(cache_size) 0, MEMBER(cache_ttl) 3600, + MEMBER(cache_negative_ttl) 3600, MEMBER(executable) PKG_LIBEXECDIR"/dovecot-auth", MEMBER(user) "root", MEMBER(chroot) "",
--- a/src/master/master-settings.h Mon Aug 06 17:45:25 2007 +0300 +++ b/src/master/master-settings.h Mon Aug 06 18:02:48 2007 +0300 @@ -193,6 +193,7 @@ const char *default_realm; unsigned int cache_size; unsigned int cache_ttl; + unsigned int cache_negative_ttl; const char *executable; const char *user; const char *chroot;