authd: wait until the ssl connection is "open" before reading

It's useful to allow authd to run in parallel with ssl negotiation,
but if the ssld connection has plaintext data ready for reading
there's a race condition between authd calling read_packet() and
ssl_process_certfp() storing the certificate fingerprint. This
scenario would be bad for a server connecting because fingerprint
verification will fail.

Allow either operation to complete first, but wait until
ssl_process_open_fd() calls the ssl open callback before calling
read_packet().

include/authproc.h

@@ -70,7 +70,8 @@ void restart_authd(void);
 void rehash_authd(void);
 void check_authd(void);
 
-void authd_initiate_client(struct Client *);
+void authd_initiate_client(struct Client *, bool defer);
+void authd_deferred_client(struct Client *);
 void authd_accept_client(struct Client *client_p, const char *ident, const char *host);
 void authd_reject_client(struct Client *client_p, const char *ident, const char *host, char cause, const char *data, const char *reason);
 void authd_abort_client(struct Client *);

include/client.h

@@ -294,6 +294,9 @@ struct LocalUser
 	time_t sasl_next_retry;
 };
 
+#define AUTHC_F_DEFERRED 0x01
+#define AUTHC_F_COMPLETE 0x02
+
 struct AuthClient
 {
 	uint32_t cid;	/* authd id */
@@ -302,6 +305,7 @@ struct AuthClient
 	char cause;	/* rejection cause */
 	char *data;	/* reason data */
 	char *reason;	/* reason we were rejected */
+	int flags;
 };
 
 struct PreClient