dovecot: Instead of logging only "Aborted login", log also if cl...

dovecot at dovecot.org dovecot at dovecot.org
Tue Dec 11 19:13:48 EET 2007


details:   http://hg.dovecot.org/dovecot/rev/249e6c711e8d
changeset: 6992:249e6c711e8d
user:      Timo Sirainen <tss at iki.fi>
date:      Tue Dec 11 19:13:38 2007 +0200
description:
Instead of logging only "Aborted login", log also if client tried to use
plaintext auth, or if not log the number of authentication attempts.

diffstat:

6 files changed, 22 insertions(+), 2 deletions(-)
src/imap-login/client-authenticate.c |    1 +
src/imap-login/client.c              |    9 ++++++++-
src/login-common/client-common.h     |    3 +++
src/login-common/sasl-server.c       |    1 +
src/pop3-login/client-authenticate.c |    1 +
src/pop3-login/client.c              |    9 ++++++++-

diffs (88 lines):

diff -r d7a48bf83a0e -r 249e6c711e8d src/imap-login/client-authenticate.c
--- a/src/imap-login/client-authenticate.c	Mon Dec 10 15:58:27 2007 +0200
+++ b/src/imap-login/client-authenticate.c	Tue Dec 11 19:13:38 2007 +0200
@@ -303,6 +303,7 @@ int cmd_login(struct imap_client *client
 			client_syslog(&client->common, "Login failed: "
 				      "Plaintext authentication disabled");
 		}
+		client->common.auth_tried_disabled_plaintext = TRUE;
 		client_send_line(client,
 			"* BAD [ALERT] Plaintext authentication is disabled, "
 			"but your client sent password in plaintext anyway. "
diff -r d7a48bf83a0e -r 249e6c711e8d src/imap-login/client.c
--- a/src/imap-login/client.c	Mon Dec 10 15:58:27 2007 +0200
+++ b/src/imap-login/client.c	Tue Dec 11 19:13:38 2007 +0200
@@ -210,7 +210,14 @@ static int cmd_logout(struct imap_client
 {
 	client_send_line(client, "* BYE Logging out");
 	client_send_tagline(client, "OK Logout completed.");
-	client_destroy(client, "Aborted login");
+	if (client->common.auth_tried_disabled_plaintext) {
+		client_destroy(client, "Aborted login "
+			"(tried to use disabled plaintext authentication)");
+	} else {
+		client_destroy(client, t_strdup_printf(
+			"Aborted login (%u authentication attempts)",
+			client->common.auth_attempts));
+	}
 	return 1;
 }
 
diff -r d7a48bf83a0e -r 249e6c711e8d src/login-common/client-common.h
--- a/src/login-common/client-common.h	Mon Dec 10 15:58:27 2007 +0200
+++ b/src/login-common/client-common.h	Tue Dec 11 19:13:38 2007 +0200
@@ -20,10 +20,13 @@ struct client {
 	master_callback_t *master_callback;
 	sasl_server_callback_t *sasl_callback;
 
+	unsigned int auth_attempts;
+
 	char *virtual_user;
 	unsigned int tls:1;
 	unsigned int secured:1;
 	unsigned int authenticating:1;
+	unsigned int auth_tried_disabled_plaintext:1;
 	/* ... */
 };
 
diff -r d7a48bf83a0e -r 249e6c711e8d src/login-common/sasl-server.c
--- a/src/login-common/sasl-server.c	Mon Dec 10 15:58:27 2007 +0200
+++ b/src/login-common/sasl-server.c	Tue Dec 11 19:13:38 2007 +0200
@@ -134,6 +134,7 @@ void sasl_server_auth_begin(struct clien
 	const struct auth_mech_desc *mech;
 	const char *error;
 
+	client->auth_attempts++;
 	client->authenticating = TRUE;
 	i_free(client->auth_mech_name);
 	client->auth_mech_name = str_ucase(i_strdup(mech_name));
diff -r d7a48bf83a0e -r 249e6c711e8d src/pop3-login/client-authenticate.c
--- a/src/pop3-login/client-authenticate.c	Mon Dec 10 15:58:27 2007 +0200
+++ b/src/pop3-login/client-authenticate.c	Tue Dec 11 19:13:38 2007 +0200
@@ -276,6 +276,7 @@ static bool check_plaintext_auth(struct 
 			      "Plaintext authentication disabled");
 	}
 	client_send_line(client, "-ERR "AUTH_PLAINTEXT_DISABLED_MSG);
+	client->common.auth_tried_disabled_plaintext = TRUE;
 	return FALSE;
 }
 
diff -r d7a48bf83a0e -r 249e6c711e8d src/pop3-login/client.c
--- a/src/pop3-login/client.c	Mon Dec 10 15:58:27 2007 +0200
+++ b/src/pop3-login/client.c	Tue Dec 11 19:13:38 2007 +0200
@@ -152,7 +152,14 @@ static bool cmd_quit(struct pop3_client 
 static bool cmd_quit(struct pop3_client *client)
 {
 	client_send_line(client, "+OK Logging out");
-	client_destroy(client, "Aborted login");
+	if (client->common.auth_tried_disabled_plaintext) {
+		client_destroy(client, "Aborted login "
+			"(tried to use disabled plaintext authentication)");
+	} else {
+		client_destroy(client, t_strdup_printf(
+			"Aborted login (%u authentication attempts)",
+			client->common.auth_attempts));
+	}
 	return TRUE;
 }
 


More information about the dovecot-cvs mailing list