dovecot-2.1: login: Improved auth failed log messages.

dovecot at dovecot.org dovecot at dovecot.org
Wed Nov 16 18:16:00 EET 2011


details:   http://hg.dovecot.org/dovecot-2.1/rev/346c022df7af
changeset: 13704:346c022df7af
user:      Timo Sirainen <tss at iki.fi>
date:      Wed Nov 16 18:15:46 2011 +0200
description:
login: Improved auth failed log messages.

diffstat:

 src/login-common/client-common.c |  23 +++++++++++++++++------
 src/login-common/client-common.h |   1 +
 src/login-common/sasl-server.c   |   3 +++
 3 files changed, 21 insertions(+), 6 deletions(-)

diffs (85 lines):

diff -r 5fefb7f1e6c4 -r 346c022df7af src/login-common/client-common.c
--- a/src/login-common/client-common.c	Wed Nov 16 00:28:32 2011 +0200
+++ b/src/login-common/client-common.c	Wed Nov 16 18:15:46 2011 +0200
@@ -504,6 +504,9 @@
 
 const char *client_get_extra_disconnect_reason(struct client *client)
 {
+	unsigned int auth_secs = client->auth_first_started == 0 ? 0 :
+		ioloop_time - client->auth_first_started;
+
 	if (client->set->auth_ssl_require_client_cert &&
 	    client->ssl_proxy != NULL) {
 		if (ssl_proxy_has_broken_client_cert(client->ssl_proxy))
@@ -512,8 +515,10 @@
 			return "(client didn't send a cert)";
 	}
 
-	if (client->auth_attempts == 0)
-		return "(no auth attempts)";
+	if (client->auth_attempts == 0) {
+		return t_strdup_printf("(no auth attempts in %u secs)",
+			(unsigned int)(ioloop_time - client->created));
+	}
 
 	/* some auth attempts without SSL/TLS */
 	if (client->auth_tried_disabled_plaintext)
@@ -523,8 +528,14 @@
 		return "(cert required, client didn't start TLS)";
 	if (client->auth_tried_unsupported_mech)
 		return "(tried to use unsupported auth mechanism)";
-	if (client->auth_request != NULL && client->auth_attempts == 1)
-		return "(disconnected while authenticating)";
+	if (client->auth_request != NULL && client->auth_attempts == 1) {
+		return t_strdup_printf("(disconnected while authenticating, "
+				       "waited %u secs)", auth_secs);
+	}
+	if (client->authenticating && client->auth_attempts == 1) {
+		return t_strdup_printf("(disconnected while finishing login, "
+				       "waited %u secs)", auth_secs);
+	}
 	if (client->auth_try_aborted && client->auth_attempts == 1)
 		return "(aborted authentication)";
 
@@ -532,8 +543,8 @@
 		return t_strdup_printf("(internal failure, %u succesful auths)",
 				       client->auth_successes);
 	}
-	return t_strdup_printf("(auth failed, %u attempts)",
-			       client->auth_attempts);
+	return t_strdup_printf("(auth failed, %u attempts in %u secs)",
+			       client->auth_attempts, auth_secs);
 }
 
 void client_send_line(struct client *client, enum client_cmd_reply reply,
diff -r 5fefb7f1e6c4 -r 346c022df7af src/login-common/client-common.h
--- a/src/login-common/client-common.h	Wed Nov 16 00:28:32 2011 +0200
+++ b/src/login-common/client-common.h	Wed Nov 16 18:15:46 2011 +0200
@@ -100,6 +100,7 @@
 	char *auth_mech_name;
 	struct auth_client_request *auth_request;
 	string_t *auth_response;
+	time_t auth_first_started;
 
 	unsigned int master_auth_id;
 	unsigned int master_tag;
diff -r 5fefb7f1e6c4 -r 346c022df7af src/login-common/sasl-server.c
--- a/src/login-common/sasl-server.c	Wed Nov 16 00:28:32 2011 +0200
+++ b/src/login-common/sasl-server.c	Wed Nov 16 18:15:46 2011 +0200
@@ -4,6 +4,7 @@
 #include "base64.h"
 #include "buffer.h"
 #include "hex-binary.h"
+#include "ioloop.h"
 #include "istream.h"
 #include "write-full.h"
 #include "strescape.h"
@@ -277,6 +278,8 @@
 
 	client->auth_attempts++;
 	client->authenticating = TRUE;
+	if (client->auth_first_started == 0)
+		client->auth_first_started = ioloop_time;
 	i_free(client->auth_mech_name);
 	client->auth_mech_name = str_ucase(i_strdup(mech_name));
 	client->sasl_callback = callback;


More information about the dovecot-cvs mailing list