Mercurial > dovecot > original-hg > dovecot-1.2
changeset 3167:97f53e0cce63 HEAD
Fallback to using expired records from auth cache if database lookups fail.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 01 Mar 2005 00:41:33 +0200 |
parents | e6a487d80288 |
children | 62f8366cb89c |
files | src/auth/auth-cache.c src/auth/auth-cache.h src/auth/auth-request.c src/auth/passdb-cache.c src/auth/passdb-cache.h |
diffstat | 5 files changed, 66 insertions(+), 21 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/auth-cache.c Tue Mar 01 00:19:21 2005 +0200 +++ b/src/auth/auth-cache.c Tue Mar 01 00:41:33 2005 +0200 @@ -126,11 +126,13 @@ const char *auth_cache_lookup(struct auth_cache *cache, const struct auth_request *request, - const char *key) + const char *key, int *expired_r) { string_t *str; struct cache_node *node; + *expired_r = FALSE; + if (cache->hup_count != lib_signal_hup_count) { /* SIGHUP received - clear cache */ i_info("SIGHUP received, clearing cache"); @@ -147,15 +149,14 @@ return NULL; if (node->created < time(NULL) - (time_t)cache->ttl_secs) { - /* TTL expired, destroy */ - auth_cache_node_destroy(cache, node); - return NULL; - } - - /* move to head */ - if (node != cache->head) { - auth_cache_node_unlink(cache, node); - auth_cache_node_link_head(cache, node); + /* TTL expired */ + *expired_r = TRUE; + } else { + /* move to head */ + if (node != cache->head) { + auth_cache_node_unlink(cache, node); + auth_cache_node_link_head(cache, node); + } } return node->data + strlen(node->data) + 1;
--- a/src/auth/auth-cache.h Tue Mar 01 00:19:21 2005 +0200 +++ b/src/auth/auth-cache.h Tue Mar 01 00:41:33 2005 +0200 @@ -21,7 +21,7 @@ auth_cache_parse_key(). */ const char *auth_cache_lookup(struct auth_cache *cache, const struct auth_request *request, - const char *key); + const char *key, int *expired_r); /* Insert key => value into cache. */ void auth_cache_insert(struct auth_cache *cache, const struct auth_request *request,
--- a/src/auth/auth-request.c Tue Mar 01 00:19:21 2005 +0200 +++ b/src/auth/auth-request.c Tue Mar 01 00:41:33 2005 +0200 @@ -148,8 +148,27 @@ void auth_request_verify_plain_callback(enum passdb_result result, struct auth_request *request) { + const char *cache_key; + int expired; + auth_request_save_cache(request, result); + cache_key = passdb_cache == NULL ? NULL : + request->auth->passdb->cache_key; + if (result == PASSDB_RESULT_INTERNAL_FAILURE && cache_key != NULL) { + /* lookup failed. if we're looking here only because the + request was expired in cache, fallback to using cached + expired record. */ + if (passdb_cache_verify_plain(request, cache_key, + request->mech_password, + &result, &expired)) { + request->private_callback.verify_plain(result, request); + safe_memset(request->mech_password, 0, + strlen(request->mech_password)); + return; + } + } + if (request->proxy) { /* we're proxying - send back the password that was sent by user (not the password in passdb). */ @@ -159,10 +178,11 @@ if (request->passdb_password != NULL) { safe_memset(request->passdb_password, 0, - strlen(request->mech_password)); + strlen(request->passdb_password)); } safe_memset(request->mech_password, 0, strlen(request->mech_password)); + request->private_callback.verify_plain(result, request); } @@ -173,6 +193,7 @@ struct passdb_module *passdb = request->auth->passdb; enum passdb_result result; const char *cache_key; + int expired; request->mech_password = p_strdup(request->pool, password); request->private_callback.verify_plain = callback; @@ -180,7 +201,7 @@ cache_key = passdb_cache == NULL ? NULL : passdb->cache_key; if (cache_key != NULL) { if (passdb_cache_verify_plain(request, cache_key, password, - &result)) { + &result, &expired) && !expired) { callback(result, request); return; } @@ -198,11 +219,32 @@ const char *credentials, struct auth_request *request) { + const char *cache_key, *scheme; + int expired; + auth_request_save_cache(request, result); if (request->passdb_password != NULL) { safe_memset(request->passdb_password, 0, - strlen(request->mech_password)); + strlen(request->passdb_password)); + } + + cache_key = passdb_cache == NULL ? NULL : + request->auth->passdb->cache_key; + if (result == PASSDB_RESULT_INTERNAL_FAILURE && cache_key != NULL) { + /* lookup failed. if we're looking here only because the + request was expired in cache, fallback to using cached + expired record. */ + if (passdb_cache_lookup_credentials(request, cache_key, + &credentials, &scheme, + &expired)) { + passdb_handle_credentials(credentials != NULL ? + PASSDB_RESULT_OK : PASSDB_RESULT_USER_UNKNOWN, + request->credentials, credentials, scheme, + request->private_callback.lookup_credentials, + request); + return; + } } request->private_callback.lookup_credentials(result, credentials, @@ -215,11 +257,13 @@ { struct passdb_module *passdb = request->auth->passdb; const char *cache_key, *result, *scheme; + int expired; cache_key = passdb_cache == NULL ? NULL : passdb->cache_key; if (cache_key != NULL) { if (passdb_cache_lookup_credentials(request, cache_key, - &result, &scheme)) { + &result, &scheme, + &expired) && !expired) { passdb_handle_credentials(result != NULL ? PASSDB_RESULT_OK : PASSDB_RESULT_USER_UNKNOWN,
--- a/src/auth/passdb-cache.c Tue Mar 01 00:19:21 2005 +0200 +++ b/src/auth/passdb-cache.c Tue Mar 01 00:41:33 2005 +0200 @@ -34,7 +34,7 @@ int passdb_cache_verify_plain(struct auth_request *request, const char *key, const char *password, - enum passdb_result *result_r) + enum passdb_result *result_r, int *expired_r) { const char *value, *cached_pw, *scheme, *const *list; int ret; @@ -43,7 +43,7 @@ return FALSE; /* value = password \t ... */ - value = auth_cache_lookup(passdb_cache, request, key); + value = auth_cache_lookup(passdb_cache, request, key, expired_r); if (value == NULL) return FALSE; @@ -76,14 +76,14 @@ int passdb_cache_lookup_credentials(struct auth_request *request, const char *key, const char **result_r, - const char **scheme_r) + const char **scheme_r, int *expired_r) { const char *value, *const *list; if (passdb_cache == NULL) return FALSE; - value = auth_cache_lookup(passdb_cache, request, key); + value = auth_cache_lookup(passdb_cache, request, key, expired_r); if (value == NULL) return FALSE;
--- a/src/auth/passdb-cache.h Tue Mar 01 00:19:21 2005 +0200 +++ b/src/auth/passdb-cache.h Tue Mar 01 00:41:33 2005 +0200 @@ -8,10 +8,10 @@ int passdb_cache_verify_plain(struct auth_request *request, const char *key, const char *password, - enum passdb_result *result_r); + enum passdb_result *result_r, int *expired_r); int passdb_cache_lookup_credentials(struct auth_request *request, const char *key, const char **result_r, - const char **scheme_r); + const char **scheme_r, int *expired_r); void passdb_cache_init(void); void passdb_cache_deinit(void);