[dovecot-cvs] dovecot/src/auth auth-digest-md5.c,1.19,1.20 common.h,1.3,1.4 login-connection.c,1.12,1.13 main.c,1.13,1.14 userinfo-pam.c,1.12,1.13 userinfo-passwd-file.c,1.25,1.26 userinfo-passwd.c,1.12,1.13 userinfo-shadow.c,1.9,1.10 userinfo-vpopmail.c,1.13,1.14
cras at procontrol.fi
cras at procontrol.fi
Tue Jan 21 09:40:57 EET 2003
Update of /home/cvs/dovecot/src/auth
In directory danu:/tmp/cvs-serv26410/auth
Modified Files:
auth-digest-md5.c common.h login-connection.c main.c
userinfo-pam.c userinfo-passwd-file.c userinfo-passwd.c
userinfo-shadow.c userinfo-vpopmail.c
Log Message:
auth_verbose = yes logs now all authentication failures and some other
stuff.
Index: auth-digest-md5.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/auth-digest-md5.c,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -d -r1.19 -r1.20
--- auth-digest-md5.c 11 Jan 2003 19:55:56 -0000 1.19
+++ auth-digest-md5.c 21 Jan 2003 07:40:54 -0000 1.20
@@ -195,8 +195,14 @@
if (i == 0) {
/* verify response */
- if (memcmp(response_hex, auth->response, 32) != 0)
+ if (memcmp(response_hex, auth->response, 32) != 0) {
+ if (verbose) {
+ i_info("digest-md5(%s): "
+ "password mismatch",
+ auth->username);
+ }
return FALSE;
+ }
} else {
auth->rspauth = p_strconcat(auth->pool, "rspauth=",
response_hex, NULL);
@@ -506,7 +512,7 @@
auth->qop_value = p_strdup(auth->pool, "auth");
if (!failed && !verify_auth(auth)) {
- *error = "Authentication failed";
+ *error = NULL;
failed = TRUE;
}
@@ -556,6 +562,11 @@
auth->authenticated = TRUE;
return;
}
+
+ if (error == NULL)
+ error = "Authentication failed";
+ else if (verbose)
+ i_info("digest-md5: %s", error);
/* failed */
reply.result = AUTH_RESULT_FAILURE;
Index: common.h
===================================================================
RCS file: /home/cvs/dovecot/src/auth/common.h,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- common.h 5 Jan 2003 13:09:51 -0000 1.3
+++ common.h 21 Jan 2003 07:40:54 -0000 1.4
@@ -8,5 +8,6 @@
#define LOGIN_LISTEN_FD 3
extern struct ioloop *ioloop;
+extern int verbose;
#endif
Index: login-connection.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/login-connection.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- login-connection.c 5 Jan 2003 15:19:50 -0000 1.12
+++ login-connection.c 21 Jan 2003 07:40:54 -0000 1.13
@@ -84,6 +84,10 @@
login_connection_destroy(conn);
} else {
conn->pid = rec.pid;
+ if (verbose) {
+ i_info("Login process %d sent handshake: PID %s",
+ conn->fd, dec2str(conn->pid));
+ }
}
}
@@ -173,6 +177,9 @@
{
struct login_connection *conn;
+ if (verbose)
+ i_info("Login process %d connected", fd);
+
conn = i_new(struct login_connection, 1);
conn->fd = fd;
@@ -198,6 +205,9 @@
void login_connection_destroy(struct login_connection *conn)
{
struct login_connection **pos;
+
+ if (verbose)
+ i_info("Login process %d disconnected", conn->fd);
for (pos = &connections; *pos != NULL; pos = &(*pos)->next) {
if (*pos == conn) {
Index: main.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/main.c,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- main.c 8 Jan 2003 21:13:05 -0000 1.13
+++ main.c 21 Jan 2003 07:40:54 -0000 1.14
@@ -17,6 +17,8 @@
#include <syslog.h>
struct ioloop *ioloop;
+int verbose = FALSE;
+
static struct io *io_listen;
static void sig_quit(int signo __attr_unused__)
@@ -68,6 +70,8 @@
static void main_init(void)
{
lib_init_signals(sig_quit);
+
+ verbose = getenv("VERBOSE") != NULL;
auth_init();
cookies_init();
Index: userinfo-pam.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userinfo-pam.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- userinfo-pam.c 5 Jan 2003 13:09:51 -0000 1.12
+++ userinfo-pam.c 21 Jan 2003 07:40:54 -0000 1.13
@@ -148,25 +148,45 @@
return PAM_SUCCESS;
}
-static int pam_auth(pam_handle_t *pamh)
+static int pam_auth(pam_handle_t *pamh, const char *user)
{
char *item;
int status;
- if ((status = pam_authenticate(pamh, 0)) != PAM_SUCCESS)
+ if ((status = pam_authenticate(pamh, 0)) != PAM_SUCCESS) {
+ if (verbose) {
+ i_info("PAM: pam_authenticate(%s) failed: %s",
+ user, pam_strerror(pamh, status));
+ }
return status;
+ }
#ifdef HAVE_PAM_SETCRED
- if ((status = pam_setcred(pamh, PAM_ESTABLISH_CRED)) != PAM_SUCCESS)
+ if ((status = pam_setcred(pamh, PAM_ESTABLISH_CRED)) != PAM_SUCCESS) {
+ if (verbose) {
+ i_info("PAM: pam_setcred(%s) failed: %s",
+ user, pam_strerror(pamh, status));
+ }
return status;
+ }
#endif
- if ((status = pam_acct_mgmt(pamh, 0)) != PAM_SUCCESS)
+ if ((status = pam_acct_mgmt(pamh, 0)) != PAM_SUCCESS) {
+ if (verbose) {
+ i_info("PAM: pam_acct_mgmt(%s) failed: %s",
+ user, pam_strerror(pamh, status));
+ }
return status;
+ }
status = pam_get_item(pamh, PAM_USER, (linux_const void **)&item);
- if (status != PAM_SUCCESS)
+ if (status != PAM_SUCCESS) {
+ if (verbose) {
+ i_info("PAM: pam_get_item(%s) failed: %s",
+ user, pam_strerror(pamh, status));
+ }
return status;
+ }
return PAM_SUCCESS;
}
@@ -187,12 +207,18 @@
userpass.pass = password;
status = pam_start(service_name, user, &conv, &pamh);
- if (status != PAM_SUCCESS)
+ if (status != PAM_SUCCESS) {
+ if (verbose) {
+ i_info("PAM: pam_start(%s) failed: %s",
+ user, pam_strerror(pamh, status));
+ }
return FALSE;
+ }
- status = pam_auth(pamh);
+ status = pam_auth(pamh, user);
if ((status2 = pam_end(pamh, status)) != PAM_SUCCESS) {
- i_error("pam_end() failed: %s", pam_strerror(pamh, status2));
+ i_error("pam_end(%s) failed: %s",
+ user, pam_strerror(pamh, status2));
return FALSE;
}
@@ -201,8 +227,10 @@
/* password ok, save the user info */
pw = getpwnam(user);
- if (pw == NULL)
+ if (pw == NULL) {
+ i_error("PAM: getpwnam(%s) failed: %m", user);
return FALSE;
+ }
safe_memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
passwd_fill_cookie_reply(pw, reply);
Index: userinfo-passwd-file.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userinfo-passwd-file.c,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -d -r1.25 -r1.26
--- userinfo-passwd-file.c 11 Jan 2003 19:55:56 -0000 1.25
+++ userinfo-passwd-file.c 21 Jan 2003 07:40:54 -0000 1.26
@@ -67,8 +67,11 @@
strlen(pu->realm) - 1);
pw = getpwnam(user);
- if (pw == NULL)
+ if (pw == NULL) {
+ i_error("passwd-file(%s): missing info and "
+ "not found with getpwnam()", user);
return FALSE;
+ }
passwd_fill_cookie_reply(pw, reply);
}
@@ -115,21 +118,35 @@
/* find it from all realms */
pu = hash_lookup(passwd_file->users, user);
- if (pu == NULL)
+ if (pu == NULL) {
+ if (verbose)
+ i_info("passwd-file(%s): unknown user", user);
return FALSE;
+ }
/* verify that password matches */
switch (pu->password_type) {
case PASSWORD_DES:
- if (strcmp(mycrypt(password, pu->password), pu->password) != 0)
+ if (strcmp(mycrypt(password, pu->password),
+ pu->password) != 0) {
+ if (verbose) {
+ i_info("passwd-file(%s): DES password mismatch",
+ user);
+ }
return FALSE;
+ }
break;
case PASSWORD_MD5:
md5_get_digest(password, strlen(password), digest);
str = binary_to_hex(digest, sizeof(digest));
- if (strcmp(str, pu->password) != 0)
+ if (strcmp(str, pu->password) != 0) {
+ if (verbose) {
+ i_info("passwd-file(%s): MD5 password mismatch",
+ user);
+ }
return FALSE;
+ }
break;
case PASSWORD_DIGEST_MD5:
/* user:realm:passwd */
@@ -140,8 +157,13 @@
md5_get_digest(str, strlen(str), digest);
str = binary_to_hex(digest, sizeof(digest));
- if (strcmp(str, pu->password) != 0)
+ if (strcmp(str, pu->password) != 0) {
+ if (verbose) {
+ i_info("passwd-file(%s): "
+ "DIGEST-MD5 password mismatch", user);
+ }
return FALSE;
+ }
break;
default:
i_unreached();
@@ -167,16 +189,22 @@
t_strconcat(user, ":", realm, NULL);
pu = hash_lookup(passwd_file->users, id);
- if (pu == NULL)
+ if (pu == NULL) {
+ if (verbose)
+ i_info("passwd-file(%s): unknown user", user);
return FALSE;
+ }
/* found */
i_assert(strlen(pu->password) == 32);
buf = buffer_create_data(data_stack_pool, digest, 16);
- if (!hex_to_binary(pu->password, buf))
+ if (!hex_to_binary(pu->password, buf)) {
+ if (verbose)
+ i_info("passwd-file(%s): invalid password field", user);
return FALSE;
-
+ }
+
return get_reply_data(pu, reply);
}
Index: userinfo-passwd.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userinfo-passwd.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- userinfo-passwd.c 5 Jan 2003 13:09:51 -0000 1.12
+++ userinfo-passwd.c 21 Jan 2003 07:40:54 -0000 1.13
@@ -37,8 +37,21 @@
int result;
pw = getpwnam(user);
- if (pw == NULL || !IS_VALID_PASSWD(pw->pw_passwd))
+ if (pw == NULL) {
+ if (errno != 0)
+ i_error("getpwnam(%s) failed: %m", user);
+ else if (verbose)
+ i_info("passwd(%s): unknown user", user);
+ return FALSE;
+ }
+
+ if (!IS_VALID_PASSWD(pw->pw_passwd)) {
+ if (verbose) {
+ i_info("passwd(%s): invalid password field '%s'",
+ user, pw->pw_passwd);
+ }
return FALSE;
+ }
/* check if the password is valid */
result = strcmp(mycrypt(password, pw->pw_passwd), pw->pw_passwd) == 0;
@@ -46,8 +59,11 @@
/* clear the passwords from memory */
safe_memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
- if (!result)
+ if (!result) {
+ if (verbose)
+ i_info("passwd(%s): password mismatch", user);
return FALSE;
+ }
/* password ok, save the user info */
passwd_fill_cookie_reply(pw, reply);
Index: userinfo-shadow.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userinfo-shadow.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- userinfo-shadow.c 5 Jan 2003 13:09:51 -0000 1.9
+++ userinfo-shadow.c 21 Jan 2003 07:40:54 -0000 1.10
@@ -23,8 +23,21 @@
int result;
spw = getspnam(user);
- if (spw == NULL || !IS_VALID_PASSWD(spw->sp_pwdp))
+ if (spw == NULL) {
+ if (errno != 0)
+ i_error("getspnam(%s) failed: %m", user);
+ else if (verbose)
+ i_info("shadow(%s): unknown user", user);
+ return FALSE;
+ }
+
+ if (!IS_VALID_PASSWD(spw->sp_pwdp)) {
+ if (verbose) {
+ i_info("shadow(%s): invalid password field '%s'",
+ user, spw->sp_pwdp);
+ }
return FALSE;
+ }
/* check if the password is valid */
result = strcmp(mycrypt(password, spw->sp_pwdp), spw->sp_pwdp) == 0;
@@ -32,13 +45,18 @@
/* clear the passwords from memory */
safe_memset(spw->sp_pwdp, 0, strlen(spw->sp_pwdp));
- if (!result)
+ if (!result) {
+ if (verbose)
+ i_info("shadow(%s): password mismatch", user);
return FALSE;
+ }
/* password ok, save the user info */
pw = getpwnam(user);
- if (pw == NULL)
+ if (pw == NULL) {
+ i_error("shadow(%s): getpwnam() failed: %m", user);
return FALSE;
+ }
passwd_fill_cookie_reply(pw, reply);
return TRUE;
Index: userinfo-vpopmail.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userinfo-vpopmail.c,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- userinfo-vpopmail.c 15 Jan 2003 15:43:22 -0000 1.13
+++ userinfo-vpopmail.c 21 Jan 2003 07:40:54 -0000 1.14
@@ -14,8 +14,6 @@
#include <vpopmail.h>
#include <vauth.h>
-#define I_DEBUG(x) /* i_warning x */
-
/* Limit user and domain to 80 chars each (+1 for \0). I wouldn't recommend
raising this limit at least much, vpopmail is full of potential buffer
overflows. */
@@ -36,7 +34,8 @@
if (parse_email(t_strdup_noconst(user), vpop_user, vpop_domain,
sizeof(vpop_user)-1) < 0) {
- I_DEBUG(("vpopmail: parse_email(%s) failed", user));
+ if (verbose)
+ i_info("vpopmail(%s): parse_email() failed", user);
return FALSE;
}
@@ -44,19 +43,25 @@
struct vqpasswd isn't really gid at all but just some flags... */
if (vget_assign(vpop_domain, NULL, 0,
&reply->uid, &reply->gid) == NULL) {
- I_DEBUG(("vpopmail: vget_assign(%s) failed", vpop_domain));
+ if (verbose) {
+ i_info("vpopmail(%s): vget_assign(%s) failed",
+ user, vpop_domain);
+ }
return FALSE;
}
vpw = vauth_getpw(vpop_user, vpop_domain);
if (vpw != NULL && (vpw->pw_dir == NULL || vpw->pw_dir[0] == '\0')) {
/* user's homedir doesn't exist yet, create it */
- I_DEBUG(("vpopmail: pw_dir isn't set, creating"));
+ if (verbose) {
+ i_info("vpopmail(%s): pw_dir isn't set, creating",
+ user);
+ }
if (make_user_dir(vpop_user, vpop_domain,
reply->uid, reply->gid) == NULL) {
- i_error("vpopmail: make_user_dir(%s, %s) failed",
- vpop_user, vpop_domain);
+ i_error("vpopmail(%s): make_user_dir(%s, %s) failed",
+ user, vpop_user, vpop_domain);
return FALSE;
}
@@ -64,14 +69,16 @@
}
if (vpw == NULL) {
- I_DEBUG(("vpopmail: vauth_getpw(%s, %s) failed",
- vpop_user, vpop_domain));
+ if (verbose) {
+ i_info("vpopmail(%s): vauth_getpw(%s, %s) failed",
+ user, vpop_user, vpop_domain);
+ }
return FALSE;
}
if (vpw->pw_gid & NO_IMAP) {
- I_DEBUG(("vpopmail: IMAP disabled for %s@%s",
- vpop_user, vpop_domain));
+ if (verbose)
+ i_info("vpopmail(%s): IMAP disabled", user);
return FALSE;
}
@@ -80,8 +87,8 @@
safe_memset(vpw->pw_passwd, 0, strlen(vpw->pw_passwd));
if (!result) {
- I_DEBUG(("vpopmail: password mismatch for user %s@%s",
- vpop_user, vpop_domain));
+ if (verbose)
+ i_info("vpopmail(%s): password mismatch", user);
return FALSE;
}
More information about the dovecot-cvs
mailing list