dovecot-1.0: Instead of logging only "Aborted login", log also i...
dovecot at dovecot.org
dovecot at dovecot.org
Tue Dec 11 19:13:44 EET 2007
details: http://hg.dovecot.org/dovecot-1.0/rev/813bd051fc5f
changeset: 5486:813bd051fc5f
user: Timo Sirainen <tss at iki.fi>
date: Tue Dec 11 19:13:40 2007 +0200
description:
Instead of logging only "Aborted login", log also if client tried to use
plaintext auth, or if not log the number of authentication attempts.
diffstat:
6 files changed, 22 insertions(+), 2 deletions(-)
src/imap-login/client-authenticate.c | 1 +
src/imap-login/client.c | 9 ++++++++-
src/login-common/client-common.h | 3 +++
src/login-common/sasl-server.c | 1 +
src/pop3-login/client-authenticate.c | 1 +
src/pop3-login/client.c | 9 ++++++++-
diffs (88 lines):
diff -r 784dcea426f6 -r 813bd051fc5f src/imap-login/client-authenticate.c
--- a/src/imap-login/client-authenticate.c Mon Dec 10 11:39:29 2007 +0200
+++ b/src/imap-login/client-authenticate.c Tue Dec 11 19:13:40 2007 +0200
@@ -296,6 +296,7 @@ int cmd_login(struct imap_client *client
client_syslog(&client->common, "Login failed: "
"Plaintext authentication disabled");
}
+ client->common.auth_tried_disabled_plaintext = TRUE;
client_send_line(client,
"* BAD [ALERT] Plaintext authentication is disabled, "
"but your client sent password in plaintext anyway. "
diff -r 784dcea426f6 -r 813bd051fc5f src/imap-login/client.c
--- a/src/imap-login/client.c Mon Dec 10 11:39:29 2007 +0200
+++ b/src/imap-login/client.c Tue Dec 11 19:13:40 2007 +0200
@@ -211,7 +211,14 @@ static int cmd_logout(struct imap_client
{
client_send_line(client, "* BYE Logging out");
client_send_tagline(client, "OK Logout completed.");
- client_destroy(client, "Aborted login");
+ if (client->common.auth_tried_disabled_plaintext) {
+ client_destroy(client, "Aborted login "
+ "(tried to use disabled plaintext authentication)");
+ } else {
+ client_destroy(client, t_strdup_printf(
+ "Aborted login (%u authentication attempts)",
+ client->common.auth_attempts));
+ }
return 1;
}
diff -r 784dcea426f6 -r 813bd051fc5f src/login-common/client-common.h
--- a/src/login-common/client-common.h Mon Dec 10 11:39:29 2007 +0200
+++ b/src/login-common/client-common.h Tue Dec 11 19:13:40 2007 +0200
@@ -20,10 +20,13 @@ struct client {
master_callback_t *master_callback;
sasl_server_callback_t *sasl_callback;
+ unsigned int auth_attempts;
+
char *virtual_user;
unsigned int tls:1;
unsigned int secured:1;
unsigned int authenticating:1;
+ unsigned int auth_tried_disabled_plaintext:1;
/* ... */
};
diff -r 784dcea426f6 -r 813bd051fc5f src/login-common/sasl-server.c
--- a/src/login-common/sasl-server.c Mon Dec 10 11:39:29 2007 +0200
+++ b/src/login-common/sasl-server.c Tue Dec 11 19:13:40 2007 +0200
@@ -122,6 +122,7 @@ void sasl_server_auth_begin(struct clien
const struct auth_mech_desc *mech;
const char *error;
+ client->auth_attempts++;
client->authenticating = TRUE;
i_free(client->auth_mech_name);
client->auth_mech_name = str_ucase(i_strdup(mech_name));
diff -r 784dcea426f6 -r 813bd051fc5f src/pop3-login/client-authenticate.c
--- a/src/pop3-login/client-authenticate.c Mon Dec 10 11:39:29 2007 +0200
+++ b/src/pop3-login/client-authenticate.c Tue Dec 11 19:13:40 2007 +0200
@@ -269,6 +269,7 @@ static bool check_plaintext_auth(struct
"Plaintext authentication disabled");
}
client_send_line(client, "-ERR "AUTH_PLAINTEXT_DISABLED_MSG);
+ client->common.auth_tried_disabled_plaintext = TRUE;
return FALSE;
}
diff -r 784dcea426f6 -r 813bd051fc5f src/pop3-login/client.c
--- a/src/pop3-login/client.c Mon Dec 10 11:39:29 2007 +0200
+++ b/src/pop3-login/client.c Tue Dec 11 19:13:40 2007 +0200
@@ -153,7 +153,14 @@ static bool cmd_quit(struct pop3_client
static bool cmd_quit(struct pop3_client *client)
{
client_send_line(client, "+OK Logging out");
- client_destroy(client, "Aborted login");
+ if (client->common.auth_tried_disabled_plaintext) {
+ client_destroy(client, "Aborted login "
+ "(tried to use disabled plaintext authentication)");
+ } else {
+ client_destroy(client, t_strdup_printf(
+ "Aborted login (%u authentication attempts)",
+ client->common.auth_attempts));
+ }
return TRUE;
}
More information about the dovecot-cvs
mailing list