dovecot-1.2: *-login: Log more precise reasons for some auth fai...
dovecot at dovecot.org
dovecot at dovecot.org
Mon Oct 5 21:13:32 EEST 2009
details: http://hg.dovecot.org/dovecot-1.2/rev/0c7bbdd7b81f
changeset: 9408:0c7bbdd7b81f
user: Timo Sirainen <tss at iki.fi>
date: Mon Oct 05 14:13:17 2009 -0400
description:
*-login: Log more precise reasons for some auth failures.
diffstat:
3 files changed, 11 insertions(+)
src/login-common/client-common.c | 6 ++++++
src/login-common/client-common.h | 2 ++
src/login-common/sasl-server.c | 3 +++
diffs (54 lines):
diff -r a3e16df805e3 -r 0c7bbdd7b81f src/login-common/client-common.c
--- a/src/login-common/client-common.c Mon Oct 05 11:59:43 2009 -0400
+++ b/src/login-common/client-common.c Mon Oct 05 14:13:17 2009 -0400
@@ -205,6 +205,12 @@ const char *client_get_extra_disconnect_
return "(tried to use disabled plaintext auth)";
if (ssl_require_client_cert)
return "(cert required, client didn't start TLS)";
+ if (client->auth_tried_unsupported_mech)
+ return "(tried to use unsupported auth mechanism)";
+ if (client->auth_request != NULL && client->auth_attempts == 1)
+ return "(disconnected while authenticating)";
+ if (client->auth_try_aborted && client->auth_attempts == 1)
+ return "(aborted authentication)";
return t_strdup_printf("(auth failed, %u attempts)",
client->auth_attempts);
diff -r a3e16df805e3 -r 0c7bbdd7b81f src/login-common/client-common.h
--- a/src/login-common/client-common.h Mon Oct 05 11:59:43 2009 -0400
+++ b/src/login-common/client-common.h Mon Oct 05 14:13:17 2009 -0400
@@ -41,6 +41,8 @@ struct client {
unsigned int trusted:1;
unsigned int authenticating:1;
unsigned int auth_tried_disabled_plaintext:1;
+ unsigned int auth_tried_unsupported_mech:1;
+ unsigned int auth_try_aborted:1;
/* ... */
};
diff -r a3e16df805e3 -r 0c7bbdd7b81f src/login-common/sasl-server.c
--- a/src/login-common/sasl-server.c Mon Oct 05 11:59:43 2009 -0400
+++ b/src/login-common/sasl-server.c Mon Oct 05 14:13:17 2009 -0400
@@ -144,6 +144,7 @@ void sasl_server_auth_begin(struct clien
mech = auth_client_find_mech(auth_client, mech_name);
if (mech == NULL) {
+ client->auth_tried_unsupported_mech = TRUE;
sasl_server_auth_failed(client,
"Unsupported authentication mechanism.");
return;
@@ -151,6 +152,7 @@ void sasl_server_auth_begin(struct clien
if (!client->secured && disable_plaintext_auth &&
(mech->flags & MECH_SEC_PLAINTEXT) != 0) {
+ client->auth_tried_disabled_plaintext = TRUE;
sasl_server_auth_failed(client,
"Plaintext authentication disabled.");
return;
@@ -206,5 +208,6 @@ void sasl_server_auth_failed(struct clie
void sasl_server_auth_abort(struct client *client)
{
+ client->auth_try_aborted = TRUE;
sasl_server_auth_cancel(client, NULL, SASL_SERVER_REPLY_AUTH_ABORTED);
}
More information about the dovecot-cvs
mailing list