dovecot-1.1: Log clearly with "auth failed, # attempts" if user ...

dovecot at dovecot.org dovecot at dovecot.org
Wed Mar 26 21:30:19 EET 2008 

details:   http://hg.dovecot.org/dovecot-1.1/rev/65fbb6226141
changeset: 7438:65fbb6226141
user:      Timo Sirainen <tss at iki.fi>
date:      Wed Mar 26 21:30:15 2008 +0200
description:
Log clearly with "auth failed, # attempts" if user gets disconnected before
logging in.

diffstat:

8 files changed, 43 insertions(+), 21 deletions(-)
src/imap-login/client-authenticate.c |    8 +++++---
src/imap-login/client.c              |   22 +++++++++++++++-------
src/imap-login/client.h              |    2 ++
src/imap-login/imap-proxy.c          |    6 +++---
src/pop3-login/client-authenticate.c |    4 ++--
src/pop3-login/client.c              |   14 +++++++++++---
src/pop3-login/client.h              |    2 ++
src/pop3-login/pop3-proxy.c          |    6 +++---

diffs (247 lines):

diff -r 498975950370 -r 65fbb6226141 src/imap-login/client-authenticate.c
--- a/src/imap-login/client-authenticate.c	Wed Mar 26 21:27:10 2008 +0200
+++ b/src/imap-login/client-authenticate.c	Wed Mar 26 21:30:15 2008 +0200
@@ -156,7 +156,7 @@ static bool client_handle_args(struct im
 		}
 		client_send_tagline(client, str_c(reply));
 		if (!nologin) {
-			client_destroy(client, "Login with referral");
+			client_destroy_success(client, "Login with referral");
 			return TRUE;
 		}
 	} else if (nologin || proxy_self) {
@@ -209,7 +209,7 @@ static void sasl_callback(struct client 
 		}
 
 		client_send_tagline(client, "OK Logged in.");
-		client_destroy(client, "Login");
+		client_destroy_success(client, "Login");
 		break;
 	case SASL_SERVER_REPLY_AUTH_FAILED:
 	case SASL_SERVER_REPLY_CLIENT_ERROR:
@@ -234,7 +234,9 @@ static void sasl_callback(struct client 
 		else {
 			client_send_tagline(client,
 					    t_strconcat("NO ", data, NULL));
-			client_destroy(client, data);
+			/* authentication itself succeeded, we just hit some
+			   internal failure. */
+			client_destroy_success(client, data);
 		}
 		break;
 	case SASL_SERVER_REPLY_CONTINUE:
diff -r 498975950370 -r 65fbb6226141 src/imap-login/client.c
--- a/src/imap-login/client.c	Wed Mar 26 21:27:10 2008 +0200
+++ b/src/imap-login/client.c	Wed Mar 26 21:30:15 2008 +0200
@@ -211,9 +211,7 @@ static int cmd_logout(struct imap_client
 		client_destroy(client, "Aborted login "
 			"(tried to use disabled plaintext authentication)");
 	} else {
-		client_destroy(client, t_strdup_printf(
-			"Aborted login (%u authentication attempts)",
-			client->common.auth_attempts));
+		client_destroy(client, "Aborted login");
 	}
 	return 1;
 }
@@ -284,8 +282,8 @@ static bool client_handle_input(struct i
 		if (fatal) {
 			client_send_line(client, t_strconcat("* BYE ",
 							     msg, NULL));
-			client_destroy(client, t_strconcat("Disconnected: ",
-							   msg, NULL));
+			client_destroy(client,
+				t_strconcat("Disconnected: ", msg, NULL));
 			return FALSE;
 		}
 
@@ -311,8 +309,8 @@ static bool client_handle_input(struct i
 		if (++client->bad_counter >= CLIENT_MAX_BAD_COMMANDS) {
 			client_send_line(client,
 				"* BYE Too many invalid IMAP commands.");
-			client_destroy(client, "Disconnected: "
-				       "Too many invalid commands");
+			client_destroy(client,
+				"Disconnected: Too many invalid commands");
 			return FALSE;
 		}  
 		client_send_tagline(client,
@@ -486,6 +484,10 @@ void client_destroy(struct imap_client *
 		return;
 	client->destroyed = TRUE;
 
+	if (!client->login_success && reason != NULL) {
+		reason = t_strdup_printf("%s (auth failed, %u attempts)",
+					 reason, client->common.auth_attempts);
+	}
 	if (reason != NULL)
 		client_syslog(&client->common, reason);
 
@@ -541,6 +543,12 @@ void client_destroy(struct imap_client *
 
 	main_listen_start();
 	main_unref();
+}
+
+void client_destroy_success(struct imap_client *client, const char *reason)
+{
+	client->login_success = TRUE;
+	client_destroy(client, reason);
 }
 
 void client_destroy_internal_failure(struct imap_client *client)
diff -r 498975950370 -r 65fbb6226141 src/imap-login/client.h
--- a/src/imap-login/client.h	Wed Mar 26 21:27:10 2008 +0200
+++ b/src/imap-login/client.h	Wed Mar 26 21:30:15 2008 +0200
@@ -24,6 +24,7 @@ struct imap_client {
 
 	const char *cmd_tag, *cmd_name;
 
+	unsigned int login_success:1;
 	unsigned int cmd_finished:1;
 	unsigned int proxy_login_sent:1;
 	unsigned int skip_line:1;
@@ -33,6 +34,7 @@ struct imap_client {
 };
 
 void client_destroy(struct imap_client *client, const char *reason);
+void client_destroy_success(struct imap_client *client, const char *reason);
 void client_destroy_internal_failure(struct imap_client *client);
 
 void client_send_line(struct imap_client *client, const char *line);
diff -r 498975950370 -r 65fbb6226141 src/imap-login/imap-proxy.c
--- a/src/imap-login/imap-proxy.c	Wed Mar 26 21:27:10 2008 +0200
+++ b/src/imap-login/imap-proxy.c	Wed Mar 26 21:30:15 2008 +0200
@@ -63,7 +63,7 @@ static int proxy_input_line(struct imap_
 		client->input = NULL;
 		client->output = NULL;
 		client->common.fd = -1;
-		client_destroy(client, msg);
+		client_destroy_success(client, msg);
 		return -1;
 	} else if (strncmp(line, "P ", 2) == 0) {
 		/* If the backend server isn't Dovecot, the error message may
@@ -117,7 +117,7 @@ static void proxy_input(struct istream *
 
 		/* failed for some reason, probably server disconnected */
 		client_send_line(client, "* BYE Temporary login failure.");
-		client_destroy(client, NULL);
+		client_destroy_success(client, NULL);
 		return;
 	}
 
@@ -132,7 +132,7 @@ static void proxy_input(struct istream *
 		return;
 	case -1:
 		/* disconnected */
-		client_destroy(client, "Proxy: Remote disconnected");
+		client_destroy_success(client, "Proxy: Remote disconnected");
 		return;
 	}
 
diff -r 498975950370 -r 65fbb6226141 src/pop3-login/client-authenticate.c
--- a/src/pop3-login/client-authenticate.c	Wed Mar 26 21:27:10 2008 +0200
+++ b/src/pop3-login/client-authenticate.c	Wed Mar 26 21:30:15 2008 +0200
@@ -170,7 +170,7 @@ static void sasl_callback(struct client 
 		}
 
 		client_send_line(client, "+OK Logged in.");
-		client_destroy(client, "Login");
+		client_destroy_success(client, "Login");
 		break;
 	case SASL_SERVER_REPLY_AUTH_FAILED:
 	case SASL_SERVER_REPLY_CLIENT_ERROR:
@@ -197,7 +197,7 @@ static void sasl_callback(struct client 
 		else {
 			client_send_line(client,
 				t_strconcat("-ERR [IN-USE] ", data, NULL));
-			client_destroy(client, data);
+			client_destroy_success(client, data);
 		}
 		break;
 	case SASL_SERVER_REPLY_CONTINUE:
diff -r 498975950370 -r 65fbb6226141 src/pop3-login/client.c
--- a/src/pop3-login/client.c	Wed Mar 26 21:27:10 2008 +0200
+++ b/src/pop3-login/client.c	Wed Mar 26 21:30:15 2008 +0200
@@ -150,9 +150,7 @@ static bool cmd_quit(struct pop3_client 
 		client_destroy(client, "Aborted login "
 			"(tried to use disabled plaintext authentication)");
 	} else {
-		client_destroy(client, t_strdup_printf(
-			"Aborted login (%u authentication attempts)",
-			client->common.auth_attempts));
+		client_destroy(client, "Aborted login");
 	}
 	return TRUE;
 }
@@ -341,12 +339,22 @@ struct client *client_create(int fd, boo
 	return &client->common;
 }
 
+void client_destroy_success(struct pop3_client *client, const char *reason)
+{
+	client->login_success = TRUE;
+	client_destroy(client, reason);
+}
+
 void client_destroy(struct pop3_client *client, const char *reason)
 {
 	if (client->destroyed)
 		return;
 	client->destroyed = TRUE;
 
+	if (!client->login_success && reason != NULL) {
+		reason = t_strdup_printf("%s (auth failed, %u attempts)",
+					 reason, client->common.auth_attempts);
+	}
 	if (reason != NULL)
 		client_syslog(&client->common, reason);
 
diff -r 498975950370 -r 65fbb6226141 src/pop3-login/client.h
--- a/src/pop3-login/client.h	Wed Mar 26 21:27:10 2008 +0200
+++ b/src/pop3-login/client.h	Wed Mar 26 21:30:15 2008 +0200
@@ -28,12 +28,14 @@ struct pop3_client {
 	char *apop_challenge;
 	struct auth_connect_id auth_id;
 
+	unsigned int login_success:1;
 	unsigned int authenticating:1;
 	unsigned int auth_connected:1;
 	unsigned int destroyed:1;
 };
 
 void client_destroy(struct pop3_client *client, const char *reason);
+void client_destroy_success(struct pop3_client *client, const char *reason);
 void client_destroy_internal_failure(struct pop3_client *client);
 
 void client_send_line(struct pop3_client *client, const char *line);
diff -r 498975950370 -r 65fbb6226141 src/pop3-login/pop3-proxy.c
--- a/src/pop3-login/pop3-proxy.c	Wed Mar 26 21:27:10 2008 +0200
+++ b/src/pop3-login/pop3-proxy.c	Wed Mar 26 21:30:15 2008 +0200
@@ -32,7 +32,7 @@ static void proxy_input(struct istream *
 		/* failed for some reason, probably server disconnected */
 		client_send_line(client,
 				 "-ERR [IN-USE] Temporary login failure.");
-		client_destroy(client, NULL);
+		client_destroy_success(client, NULL);
 		return;
 	}
 
@@ -47,7 +47,7 @@ static void proxy_input(struct istream *
 		return;
 	case -1:
 		/* disconnected */
-		client_destroy(client, "Proxy: Remote disconnected");
+		client_destroy_success(client, "Proxy: Remote disconnected");
 		return;
 	}
 
@@ -114,7 +114,7 @@ static void proxy_input(struct istream *
 		client->input = NULL;
 		client->output = NULL;
 		client->common.fd = -1;
-		client_destroy(client, msg);
+		client_destroy_success(client, msg);
 		return;
 	}

More information about the dovecot-cvs mailing list