dovecot-2.0: auth: If username contains invalid chars, log sanit...

dovecot at dovecot.org dovecot at dovecot.org
Fri Feb 11 23:44:58 EET 2011


details:   http://hg.dovecot.org/dovecot-2.0/rev/049a922c193c
changeset: 12597:049a922c193c
user:      Timo Sirainen <tss at iki.fi>
date:      Fri Feb 11 23:44:39 2011 +0200
description:
auth: If username contains invalid chars, log sanitized username even without auth_debug.

diffstat:

 src/auth/auth-request.c |  8 +++-----
 1 files changed, 3 insertions(+), 5 deletions(-)

diffs (26 lines):

diff -r 775a3a64ea74 -r 049a922c193c src/auth/auth-request.c
--- a/src/auth/auth-request.c	Fri Feb 11 23:35:52 2011 +0200
+++ b/src/auth/auth-request.c	Fri Feb 11 23:44:39 2011 +0200
@@ -894,7 +894,8 @@
 		if (set->username_chars_map[*p & 0xff] == 0) {
 			*error_r = t_strdup_printf(
 				"Username contains disallowed character: "
-				"0x%02x", *p);
+				"0x%02x (username: %s)", *p,
+				str_sanitize(username, 128));
 			return NULL;
 		}
 	}
@@ -963,11 +964,8 @@
 	}
 
         request->user = auth_request_fix_username(request, username, error_r);
-	if (request->user == NULL) {
-		auth_request_log_debug(request, "auth",
-			"Invalid username: %s", str_sanitize(username, 128));
+	if (request->user == NULL)
 		return FALSE;
-	}
 	if (request->translated_username == NULL) {
 		/* similar to original_username, but after translations */
 		request->translated_username = request->user;


More information about the dovecot-cvs mailing list