Mercurial > dovecot > core-2.2
changeset 13704:346c022df7af
login: Improved auth failed log messages.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Wed, 16 Nov 2011 18:15:46 +0200 |
parents | 5fefb7f1e6c4 |
children | ba5d4c918842 |
files | src/login-common/client-common.c src/login-common/client-common.h src/login-common/sasl-server.c |
diffstat | 3 files changed, 21 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/src/login-common/client-common.c Wed Nov 16 00:28:32 2011 +0200 +++ b/src/login-common/client-common.c Wed Nov 16 18:15:46 2011 +0200 @@ -504,6 +504,9 @@ const char *client_get_extra_disconnect_reason(struct client *client) { + unsigned int auth_secs = client->auth_first_started == 0 ? 0 : + ioloop_time - client->auth_first_started; + if (client->set->auth_ssl_require_client_cert && client->ssl_proxy != NULL) { if (ssl_proxy_has_broken_client_cert(client->ssl_proxy)) @@ -512,8 +515,10 @@ return "(client didn't send a cert)"; } - if (client->auth_attempts == 0) - return "(no auth attempts)"; + if (client->auth_attempts == 0) { + return t_strdup_printf("(no auth attempts in %u secs)", + (unsigned int)(ioloop_time - client->created)); + } /* some auth attempts without SSL/TLS */ if (client->auth_tried_disabled_plaintext) @@ -523,8 +528,14 @@ return "(cert required, client didn't start TLS)"; if (client->auth_tried_unsupported_mech) return "(tried to use unsupported auth mechanism)"; - if (client->auth_request != NULL && client->auth_attempts == 1) - return "(disconnected while authenticating)"; + if (client->auth_request != NULL && client->auth_attempts == 1) { + return t_strdup_printf("(disconnected while authenticating, " + "waited %u secs)", auth_secs); + } + if (client->authenticating && client->auth_attempts == 1) { + return t_strdup_printf("(disconnected while finishing login, " + "waited %u secs)", auth_secs); + } if (client->auth_try_aborted && client->auth_attempts == 1) return "(aborted authentication)"; @@ -532,8 +543,8 @@ return t_strdup_printf("(internal failure, %u succesful auths)", client->auth_successes); } - return t_strdup_printf("(auth failed, %u attempts)", - client->auth_attempts); + return t_strdup_printf("(auth failed, %u attempts in %u secs)", + client->auth_attempts, auth_secs); } void client_send_line(struct client *client, enum client_cmd_reply reply,
--- a/src/login-common/client-common.h Wed Nov 16 00:28:32 2011 +0200 +++ b/src/login-common/client-common.h Wed Nov 16 18:15:46 2011 +0200 @@ -100,6 +100,7 @@ char *auth_mech_name; struct auth_client_request *auth_request; string_t *auth_response; + time_t auth_first_started; unsigned int master_auth_id; unsigned int master_tag;
--- a/src/login-common/sasl-server.c Wed Nov 16 00:28:32 2011 +0200 +++ b/src/login-common/sasl-server.c Wed Nov 16 18:15:46 2011 +0200 @@ -4,6 +4,7 @@ #include "base64.h" #include "buffer.h" #include "hex-binary.h" +#include "ioloop.h" #include "istream.h" #include "write-full.h" #include "strescape.h" @@ -277,6 +278,8 @@ client->auth_attempts++; client->authenticating = TRUE; + if (client->auth_first_started == 0) + client->auth_first_started = ioloop_time; i_free(client->auth_mech_name); client->auth_mech_name = str_ucase(i_strdup(mech_name)); client->sasl_callback = callback;