dovecot-2.0: *-login: Log more precise reasons for some auth fai...
dovecot at dovecot.org
dovecot at dovecot.org
Mon Oct 5 21:17:40 EEST 2009
details: http://hg.dovecot.org/dovecot-2.0/rev/c492325acdcf
changeset: 9965:c492325acdcf
user: Timo Sirainen <tss at iki.fi>
date: Mon Oct 05 14:17:32 2009 -0400
description:
*-login: Log more precise reasons for some auth failures.
diffstat:
3 files changed, 11 insertions(+)
src/login-common/client-common.c | 6 ++++++
src/login-common/client-common.h | 2 ++
src/login-common/sasl-server.c | 3 +++
diffs (54 lines):
diff -r 8a1eef211ad6 -r c492325acdcf src/login-common/client-common.c
--- a/src/login-common/client-common.c Mon Oct 05 10:46:47 2009 -0400
+++ b/src/login-common/client-common.c Mon Oct 05 14:17:32 2009 -0400
@@ -521,6 +521,12 @@ const char *client_get_extra_disconnect_
return "(tried to use disabled plaintext auth)";
if (client->set->ssl_require_client_cert)
return "(cert required, client didn't start TLS)";
+ if (client->auth_tried_unsupported_mech)
+ return "(tried to use unsupported auth mechanism)";
+ if (client->auth_request != NULL && client->auth_attempts == 1)
+ return "(disconnected while authenticating)";
+ if (client->auth_try_aborted && client->auth_attempts == 1)
+ return "(aborted authentication)";
return t_strdup_printf("(auth failed, %u attempts)",
client->auth_attempts);
diff -r 8a1eef211ad6 -r c492325acdcf src/login-common/client-common.h
--- a/src/login-common/client-common.h Mon Oct 05 10:46:47 2009 -0400
+++ b/src/login-common/client-common.h Mon Oct 05 14:17:32 2009 -0400
@@ -117,6 +117,8 @@ struct client {
unsigned int trusted:1;
unsigned int authenticating:1;
unsigned int auth_tried_disabled_plaintext:1;
+ unsigned int auth_tried_unsupported_mech:1;
+ unsigned int auth_try_aborted:1;
unsigned int auth_initializing:1;
/* ... */
};
diff -r 8a1eef211ad6 -r c492325acdcf src/login-common/sasl-server.c
--- a/src/login-common/sasl-server.c Mon Oct 05 10:46:47 2009 -0400
+++ b/src/login-common/sasl-server.c Mon Oct 05 14:17:32 2009 -0400
@@ -247,6 +247,7 @@ void sasl_server_auth_begin(struct clien
mech = auth_client_find_mech(auth_client, mech_name);
if (mech == NULL) {
+ client->auth_tried_unsupported_mech = TRUE;
sasl_server_auth_failed(client,
"Unsupported authentication mechanism.");
return;
@@ -254,6 +255,7 @@ void sasl_server_auth_begin(struct clien
if (!client->secured && client->set->disable_plaintext_auth &&
(mech->flags & MECH_SEC_PLAINTEXT) != 0) {
+ client->auth_tried_disabled_plaintext = TRUE;
sasl_server_auth_failed(client,
"Plaintext authentication disabled.");
return;
@@ -308,5 +310,6 @@ void sasl_server_auth_failed(struct clie
void sasl_server_auth_abort(struct client *client)
{
+ client->auth_try_aborted = TRUE;
sasl_server_auth_cancel(client, NULL, SASL_SERVER_REPLY_AUTH_ABORTED);
}
More information about the dovecot-cvs
mailing list