dovecot-1.2: *-login: Log more precise reasons for some auth fai...

dovecot at dovecot.org dovecot at dovecot.org
Mon Oct 5 21:13:32 EEST 2009 

details:   http://hg.dovecot.org/dovecot-1.2/rev/0c7bbdd7b81f
changeset: 9408:0c7bbdd7b81f
user:      Timo Sirainen <tss at iki.fi>
date:      Mon Oct 05 14:13:17 2009 -0400
description:
*-login: Log more precise reasons for some auth failures.

diffstat:

3 files changed, 11 insertions(+)
src/login-common/client-common.c |    6 ++++++
src/login-common/client-common.h |    2 ++
src/login-common/sasl-server.c   |    3 +++

diffs (54 lines):

diff -r a3e16df805e3 -r 0c7bbdd7b81f src/login-common/client-common.c
--- a/src/login-common/client-common.c	Mon Oct 05 11:59:43 2009 -0400
+++ b/src/login-common/client-common.c	Mon Oct 05 14:13:17 2009 -0400
@@ -205,6 +205,12 @@ const char *client_get_extra_disconnect_
 		return "(tried to use disabled plaintext auth)";
 	if (ssl_require_client_cert)
 		return "(cert required, client didn't start TLS)";
+	if (client->auth_tried_unsupported_mech)
+		return "(tried to use unsupported auth mechanism)";
+	if (client->auth_request != NULL && client->auth_attempts == 1)
+		return "(disconnected while authenticating)";
+	if (client->auth_try_aborted && client->auth_attempts == 1)
+		return "(aborted authentication)";
 
 	return t_strdup_printf("(auth failed, %u attempts)",
 			       client->auth_attempts);
diff -r a3e16df805e3 -r 0c7bbdd7b81f src/login-common/client-common.h
--- a/src/login-common/client-common.h	Mon Oct 05 11:59:43 2009 -0400
+++ b/src/login-common/client-common.h	Mon Oct 05 14:13:17 2009 -0400
@@ -41,6 +41,8 @@ struct client {
 	unsigned int trusted:1;
 	unsigned int authenticating:1;
 	unsigned int auth_tried_disabled_plaintext:1;
+	unsigned int auth_tried_unsupported_mech:1;
+	unsigned int auth_try_aborted:1;
 	/* ... */
 };
 
diff -r a3e16df805e3 -r 0c7bbdd7b81f src/login-common/sasl-server.c
--- a/src/login-common/sasl-server.c	Mon Oct 05 11:59:43 2009 -0400
+++ b/src/login-common/sasl-server.c	Mon Oct 05 14:13:17 2009 -0400
@@ -144,6 +144,7 @@ void sasl_server_auth_begin(struct clien
 
 	mech = auth_client_find_mech(auth_client, mech_name);
 	if (mech == NULL) {
+		client->auth_tried_unsupported_mech = TRUE;
 		sasl_server_auth_failed(client,
 			"Unsupported authentication mechanism.");
 		return;
@@ -151,6 +152,7 @@ void sasl_server_auth_begin(struct clien
 
 	if (!client->secured && disable_plaintext_auth &&
 	    (mech->flags & MECH_SEC_PLAINTEXT) != 0) {
+		client->auth_tried_disabled_plaintext = TRUE;
 		sasl_server_auth_failed(client,
 			"Plaintext authentication disabled.");
 		return;
@@ -206,5 +208,6 @@ void sasl_server_auth_failed(struct clie
 
 void sasl_server_auth_abort(struct client *client)
 {
+	client->auth_try_aborted = TRUE;
 	sasl_server_auth_cancel(client, NULL, SASL_SERVER_REPLY_AUTH_ABORTED);
 }

More information about the dovecot-cvs mailing list