[dovecot-cvs] dovecot/src/imap-login client-authenticate.c, 1.26, 1.27 client.c, 1.28, 1.29 client.h, 1.9, 1.10

[cras at dovecot.org]

Update of /var/lib/cvs/dovecot/src/imap-login
In directory talvi:/tmp/cvs-serv755/imap-login

Modified Files:
	client-authenticate.c client.c client.h 
Log Message:
auth_verbose now affects imap/pop3 login processes too. Every authentication
attempt by client is logged. Also fixed replies in AUTHENTICATE/AUTH
commands when it was aborted by client.



Index: client-authenticate.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/imap-login/client-authenticate.c,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -d -r1.26 -r1.27
--- client-authenticate.c	15 Sep 2004 13:20:16 -0000	1.26
+++ client-authenticate.c	5 Oct 2004 16:00:18 -0000	1.27
@@ -1,4 +1,4 @@
-/* Copyright (C) 2002 Timo Sirainen */
+/* Copyright (C) 2002-2004 Timo Sirainen */
 
 #include "common.h"
 #include "base64.h"
@@ -8,6 +8,7 @@
 #include "ostream.h"
 #include "safe-memset.h"
 #include "str.h"
+#include "str-sanitize.h"
 #include "imap-parser.h"
 #include "auth-client.h"
 #include "ssl-proxy.h"
@@ -16,6 +17,9 @@
 #include "auth-common.h"
 #include "master.h"
 
+/* Used only for string sanitization while verbose_auth is set. */
+#define MAX_MECH_NAME 64
+
 const char *client_authenticate_get_capabilities(int secured)
 {
 	const struct auth_mech_desc *mech;
@@ -50,6 +54,9 @@
 		client->common.auth_request = NULL;
 	}
 
+	if (msg != NULL && verbose_auth)
+		client_syslog(client, "Authentication failed: %s", msg);
+
 	client_send_tagline(client, msg != NULL ?
 			    t_strconcat("NO ", msg, NULL) :
 			    "NO Authentication failed.");
@@ -161,6 +168,10 @@
 	pass = IMAP_ARG_STR(&args[1]);
 
 	if (!client->secured && disable_plaintext_auth) {
+		if (verbose_auth) {
+			client_syslog(client, "Login failed: "
+				      "Plaintext authentication disabled");
+		}
 		client_send_line(client,
 			"* BAD [ALERT] Plaintext authentication is disabled, "
 			"but your client sent password in plaintext anyway. "
@@ -192,6 +203,8 @@
 		auth_client_request_new(auth_client, NULL, &info,
 					login_callback, client, &error);
 	if (client->common.auth_request == NULL) {
+		if (verbose_auth)
+			client_syslog(client, "Login failed: %s", error);
 		client_send_tagline(client, t_strconcat(
 			"NO Login failed: ", error, NULL));
 		client_unref(client);
@@ -215,6 +228,12 @@
 	struct imap_client *client = context;
 	const char *error;
 
+	if (!client->authenticating) {
+		/* client aborted */
+		i_assert(reply == NULL);
+		return;
+	}
+
 	switch (auth_callback(request, reply, data, &client->common,
 			      master_callback, &error)) {
 	case -1:
@@ -301,12 +320,22 @@
 
 	mech = auth_client_find_mech(auth_client, mech_name);
 	if (mech == NULL) {
+		if (verbose_auth) {
+			client_syslog(client, "Authenticate %s failed: "
+				      "Unsupported mechanism",
+				      str_sanitize(mech_name, MAX_MECH_NAME));
+		}
 		client_send_tagline(client,
 				    "NO Unsupported authentication mechanism.");
 		return TRUE;
 	}
 
 	if (!client->secured && mech->plaintext && disable_plaintext_auth) {
+		if (verbose_auth) {
+			client_syslog(client, "Authenticate %s failed: "
+				      "Plaintext authentication disabled",
+				      str_sanitize(mech_name, MAX_MECH_NAME));
+		}
 		client_send_tagline(client,
 				    "NO Plaintext authentication disabled.");
 		return TRUE;
@@ -333,6 +362,11 @@
 					   client_auth_input, client);
                 client->authenticating = TRUE;
 	} else {
+		if (verbose_auth) {
+			client_syslog(client, "Authenticate %s failed: %s",
+				      str_sanitize(mech_name, MAX_MECH_NAME),
+				      error);
+		}
 		client_send_tagline(client, t_strconcat(
 			"NO Authentication failed: ", error, NULL));
 		client_unref(client);

Index: client.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/imap-login/client.c,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -d -r1.28 -r1.29
--- client.c	27 Sep 2004 15:58:57 -0000	1.28
+++ client.c	5 Oct 2004 16:00:18 -0000	1.29
@@ -434,7 +434,7 @@
 	client->destroyed = TRUE;
 
 	if (reason != NULL)
-		client_syslog(client, reason);
+		client_syslog(client, "%s", reason);
 
 	hash_remove(clients, client);
 
@@ -507,15 +507,20 @@
 	client_send_line(client, t_strconcat(client->cmd_tag, " ", line, NULL));
 }
 
-void client_syslog(struct imap_client *client, const char *text)
+void client_syslog(struct imap_client *client, const char *format, ...)
 {
 	const char *addr;
+	va_list args;
 
 	addr = net_ip2addr(&client->common.ip);
 	if (addr == NULL)
 		addr = "??";
 
-	i_info("%s [%s]", text, addr);
+	t_push();
+	va_start(args, format);
+	i_info("%s [%s]", t_strdup_vprintf(format, args), addr);
+	va_end(args);
+	t_pop();
 }
 
 static void client_check_idle(struct imap_client *client)

Index: client.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/imap-login/client.h,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- client.h	31 May 2004 18:04:47 -0000	1.9
+++ client.h	5 Oct 2004 16:00:18 -0000	1.10
@@ -33,7 +33,8 @@
 
 void client_send_line(struct imap_client *client, const char *line);
 void client_send_tagline(struct imap_client *client, const char *line);
-void client_syslog(struct imap_client *client, const char *text);
+void client_syslog(struct imap_client *client, const char *format, ...)
+	__attr_format__(2, 3);
 
 int client_read(struct imap_client *client);
 void client_input(void *context);