[dovecot-cvs] dovecot/src/auth auth-client-connection.c, 1.40,
1.41 auth-request.c, 1.44, 1.45 auth-request.h, 1.22,
1.23 auth.c, 1.24, 1.25 auth.h, 1.17, 1.18 passdb-cache.c,
1.16, 1.17 passdb-ldap.c, 1.41, 1.42 passdb-passwd-file.c,
1.25, 1.26 passdb-sql.c, 1.25, 1.26 passdb-vpopmail.c, 1.23, 1.24
cras at dovecot.org
cras at dovecot.org
Sun Jan 22 13:33:29 EET 2006
- Previous message: [dovecot-cvs]
dovecot/src/master main.c, 1.73, 1.74 ssl-init.c, 1.20,
1.21 ssl-init.h, 1.3, 1.4
- Next message: [dovecot-cvs] dovecot/src/master auth-process.c, 1.87,
1.88 master-settings.c, 1.106, 1.107 master-settings.h, 1.71, 1.72
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv22926/src/auth
Modified Files:
auth-client-connection.c auth-request.c auth-request.h auth.c
auth.h passdb-cache.c passdb-ldap.c passdb-passwd-file.c
passdb-sql.c passdb-vpopmail.c
Log Message:
Added auth_debug_passwords setting. If it's not enabled, hide all password
strings from logs.
Index: auth-client-connection.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-client-connection.c,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -d -r1.40 -r1.41
--- auth-client-connection.c 14 Jan 2006 18:47:20 -0000 1.40
+++ auth-client-connection.c 22 Jan 2006 11:33:27 -0000 1.41
@@ -21,26 +21,38 @@
static void auth_client_connection_unref(struct auth_client_connection **_conn);
static void auth_client_input(void *context);
-static void auth_client_send(struct auth_client_connection *conn,
- const char *fmt, ...) __attr_format__(2, 3);
+
+static const char *reply_line_hide_pass(const char *line)
+{
+ const char *p, *p2;
+
+ /* hide proxy reply password */
+ p = strstr(line, "\tpass=");
+ if (p == NULL)
+ return line;
+ p += 6;
+
+ p2 = strchr(p, '\t');
+ return t_strconcat(t_strdup_until(line, p), "<hidden>", p2, NULL);
+}
static void auth_client_send(struct auth_client_connection *conn,
- const char *fmt, ...)
+ const char *cmd)
{
- va_list args;
string_t *str;
i_assert(conn->refcount > 1);
t_push();
- va_start(args, fmt);
str = t_str_new(256);
- str_vprintfa(str, fmt, args);
+ str_append(str, cmd);
+ str_append_c(str, '\n');
- if (conn->auth->verbose_debug)
- i_info("client out: %s", str_c(str));
+ if (conn->auth->verbose_debug) {
+ i_info("client out: %s", conn->auth->verbose_debug_passwords ?
+ cmd : reply_line_hide_pass(cmd));
+ }
- str_append_c(str, '\n');
(void)o_stream_send(conn->output, str_data(str), str_len(str));
if (o_stream_get_buffer_used_size(conn->output) >=
@@ -50,7 +62,6 @@
if (conn->io != NULL)
io_remove(&conn->io);
}
- va_end(args);
t_pop();
}
@@ -64,7 +75,7 @@
return;
}
- auth_client_send(conn, "%s", reply);
+ auth_client_send(conn, reply);
}
static bool
@@ -128,22 +139,55 @@
return 1;
}
+static const char *auth_line_hide_pass(const char *line)
+{
+ const char *p, *p2;
+
+ p = strstr(line, "\tresp=");
+ if (p == NULL)
+ return line;
+ p += 6;
+
+ p2 = strchr(p, '\t');
+ return t_strconcat(t_strdup_until(line, p), "<hidden>", p2, NULL);
+}
+
+static const char *cont_line_hide_pass(const char *line)
+{
+ const char *p;
+
+ p = strchr(line, '\t');
+ if (p == NULL)
+ return line;
+
+ return t_strconcat(t_strdup_until(line, p), "<hidden>", NULL);
+}
+
static bool
auth_client_handle_line(struct auth_client_connection *conn, const char *line)
{
- if (conn->auth->verbose_debug)
- i_info("client in: %s", line);
-
if (strncmp(line, "AUTH\t", 5) == 0) {
+ if (conn->auth->verbose_debug) {
+ i_info("client in: %s",
+ conn->auth->verbose_debug_passwords ? line :
+ auth_line_hide_pass(line));
+ }
return auth_request_handler_auth_begin(conn->request_handler,
line + 5);
}
if (strncmp(line, "CONT\t", 5) == 0) {
+ if (conn->auth->verbose_debug) {
+ i_info("client in: %s",
+ conn->auth->verbose_debug_passwords ? line :
+ cont_line_hide_pass(line));
+ }
return auth_request_handler_auth_continue(conn->request_handler,
line + 5);
}
/* ignore unknown command */
+ if (conn->auth->verbose_debug)
+ i_info("client in (unknown command): %s", line);
return TRUE;
}
Index: auth-request.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-request.c,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -d -r1.44 -r1.45
--- auth-request.c 14 Jan 2006 18:47:20 -0000 1.44
+++ auth-request.c 22 Jan 2006 11:33:27 -0000 1.45
@@ -15,6 +15,7 @@
#include "passdb-blocking.h"
#include "userdb-blocking.h"
#include "passdb-cache.h"
+#include "password-scheme.h"
struct auth_request *
auth_request_new(struct auth *auth, struct mech_module *mech,
@@ -576,6 +577,31 @@
auth_stream_reply_add(request->extra_fields, name, value);
}
+int auth_request_password_verify(struct auth_request *request,
+ const char *plain_password,
+ const char *crypted_password,
+ const char *scheme, const char *subsystem)
+{
+ int ret;
+
+ ret = password_verify(plain_password, crypted_password, scheme,
+ request->user);
+ if (ret < 0) {
+ auth_request_log_error(request, subsystem,
+ "Unknown password scheme %s", scheme);
+ } else if (ret == 0) {
+ auth_request_log_info(request, subsystem,
+ "Password mismatch");
+ if (request->auth->verbose_debug_passwords) {
+ auth_request_log_debug(request, subsystem,
+ "%s(%s) != '%s'", scheme,
+ plain_password,
+ crypted_password);
+ }
+ }
+ return ret;
+}
+
static const char *escape_none(const char *str)
{
return str;
Index: auth-request.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-request.h,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -d -r1.22 -r1.23
--- auth-request.h 14 Jan 2006 18:47:20 -0000 1.22
+++ auth-request.h 22 Jan 2006 11:33:27 -0000 1.23
@@ -101,6 +101,11 @@
const char *name, const char *value,
const char *default_scheme);
+int auth_request_password_verify(struct auth_request *request,
+ const char *plain_password,
+ const char *crypted_password,
+ const char *scheme, const char *subsystem);
+
const struct var_expand_table *
auth_request_get_var_expand_table(const struct auth_request *auth_request,
const char *(*escape_func)(const char *));
Index: auth.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth.c,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -d -r1.24 -r1.25
--- auth.c 14 Jan 2006 18:47:20 -0000 1.24
+++ auth.c 22 Jan 2006 11:33:27 -0000 1.25
@@ -28,6 +28,8 @@
auth->verbose = getenv("VERBOSE") != NULL;
auth->verbose_debug = getenv("VERBOSE_DEBUG") != NULL;
+ auth->verbose_debug_passwords =
+ getenv("VERBOSE_DEBUG_PASSWORDS") != NULL;
t_push();
for (i = 1; ; i++) {
Index: auth.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth.h,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -d -r1.17 -r1.18
--- auth.h 14 Jan 2006 18:47:20 -0000 1.17
+++ auth.h 22 Jan 2006 11:33:27 -0000 1.18
@@ -44,7 +44,7 @@
bool ssl_require_client_cert;
bool ssl_username_from_cert;
- bool verbose, verbose_debug;
+ bool verbose, verbose_debug, verbose_debug_passwords;
};
const string_t *auth_mechanisms_get_list(struct auth *auth);
Index: passdb-cache.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-cache.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -d -r1.16 -r1.17
--- passdb-cache.c 14 Jan 2006 18:47:20 -0000 1.16
+++ passdb-cache.c 22 Jan 2006 11:33:27 -0000 1.17
@@ -69,13 +69,8 @@
scheme = password_get_scheme(&cached_pw);
i_assert(scheme != NULL);
- ret = password_verify(password, cached_pw, scheme, request->user);
- if (ret < 0) {
- auth_request_log_error(request, "cache",
- "Unknown password scheme %s", scheme);
- } else if (ret == 0) {
- auth_request_log_info(request, "cache", "Password mismatch");
- }
+ ret = auth_request_password_verify(request, password, cached_pw,
+ scheme, "cache");
*result_r = ret > 0 ? PASSDB_RESULT_OK :
PASSDB_RESULT_PASSWORD_MISMATCH;
Index: passdb-ldap.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-ldap.c,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -d -r1.41 -r1.42
--- passdb-ldap.c 14 Jan 2006 18:47:20 -0000 1.41
+++ passdb-ldap.c 22 Jan 2006 11:33:27 -0000 1.42
@@ -175,15 +175,9 @@
return;
}
- ret = password_verify(auth_request->mech_password, password, scheme,
- auth_request->user);
- if (ret < 0) {
- auth_request_log_error(auth_request, "ldap",
- "Unknown password scheme %s", scheme);
- } else if (ret == 0) {
- auth_request_log_info(auth_request, "ldap",
- "password mismatch");
- }
+ ret = auth_request_password_verify(auth_request,
+ auth_request->mech_password,
+ password, scheme, "ldap");
ldap_request->callback.verify_plain(ret > 0 ? PASSDB_RESULT_OK :
PASSDB_RESULT_PASSWORD_MISMATCH,
Index: passdb-passwd-file.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-passwd-file.c,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -d -r1.25 -r1.26
--- passdb-passwd-file.c 15 Jan 2006 13:38:32 -0000 1.25
+++ passdb-passwd-file.c 22 Jan 2006 11:33:27 -0000 1.26
@@ -45,20 +45,11 @@
crypted_pass, scheme);
}
- ret = password_verify(password, crypted_pass, scheme,
- request->user);
- if (ret > 0)
- callback(PASSDB_RESULT_OK, request);
- else {
- if (ret < 0) {
- auth_request_log_error(request, "passwd-file",
- "unknown password scheme %s", scheme);
- } else {
- auth_request_log_info(request, "passwd-file",
- "password mismatch");
- }
- callback(PASSDB_RESULT_PASSWORD_MISMATCH, request);
- }
+ ret = auth_request_password_verify(request, password, crypted_pass,
+ scheme, "passwd-file");
+
+ callback(ret > 0 ? PASSDB_RESULT_OK : PASSDB_RESULT_PASSWORD_MISMATCH,
+ request);
}
static void
Index: passdb-sql.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-sql.c,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -d -r1.25 -r1.26
--- passdb-sql.c 14 Jan 2006 18:47:20 -0000 1.25
+++ passdb-sql.c 22 Jan 2006 11:33:27 -0000 1.26
@@ -111,14 +111,9 @@
return;
}
- ret = password_verify(auth_request->mech_password, password,
- scheme, user);
- if (ret < 0) {
- auth_request_log_error(auth_request, "sql",
- "Unknown password scheme %s", scheme);
- } else if (ret == 0) {
- auth_request_log_info(auth_request, "sql", "Password mismatch");
- }
+ ret = auth_request_password_verify(auth_request,
+ auth_request->mech_password,
+ password, scheme, "sql");
sql_request->callback.verify_plain(ret > 0 ? PASSDB_RESULT_OK :
PASSDB_RESULT_PASSWORD_MISMATCH,
Index: passdb-vpopmail.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-vpopmail.c,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -d -r1.23 -r1.24
--- passdb-vpopmail.c 16 Oct 2005 14:06:59 -0000 1.23
+++ passdb-vpopmail.c 22 Jan 2006 11:33:27 -0000 1.24
@@ -50,7 +50,8 @@
if (scheme == NULL)
scheme = request->passdb->passdb->default_pass_scheme;
- ret = password_verify(password, crypted_pass, scheme, request->user);
+ ret = auth_request_password_verify(request, password, crypted_pass,
+ scheme, "vpopmail");
safe_memset(vpw->pw_passwd, 0, strlen(vpw->pw_passwd));
if (vpw->pw_clear_passwd != NULL) {
@@ -59,13 +60,6 @@
}
if (ret <= 0) {
- if (ret < 0) {
- auth_request_log_error(request, "vpopmail",
- "Unknown password scheme %s", scheme);
- } else {
- auth_request_log_info(request, "vpopmail",
- "password mismatch");
- }
callback(PASSDB_RESULT_PASSWORD_MISMATCH, request);
return;
}
- Previous message: [dovecot-cvs]
dovecot/src/master main.c, 1.73, 1.74 ssl-init.c, 1.20,
1.21 ssl-init.h, 1.3, 1.4
- Next message: [dovecot-cvs] dovecot/src/master auth-process.c, 1.87,
1.88 master-settings.c, 1.106, 1.107 master-settings.h, 1.71, 1.72
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the dovecot-cvs
mailing list