Mercurial > dovecot > core-2.2

changeset 12977:9490d57d2f7b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
auth: Give password scheme suggestions also when passdb data is invalid for scheme.
author Timo Sirainen <tss@iki.fi>
date Mon, 23 May 2011 15:37:43 +0300
parents 1e1674cedf2d
children 62945c9d6b47
files src/auth/auth-request.c
diffstat 1 files changed, 15 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/src/auth/auth-request.c	Mon May 16 17:06:11 2011 +0300
+++ b/src/auth/auth-request.c	Mon May 23 15:37:43 2011 +0300
@@ -1468,6 +1468,7 @@
 {
 	const unsigned char *raw_password;
 	size_t raw_password_size;
+	const char *error;
 	int ret;
 
 	if (request->skip_password_check) {
@@ -1505,17 +1506,22 @@
 	   password schemes (eg. digest-md5). Otherwise the username is used
 	   only for logging purposes. */
 	ret = password_verify(plain_password, request->original_username,
-			      scheme, raw_password, raw_password_size);
-	i_assert(ret >= 0);
-	if (ret == 0) {
+			      scheme, raw_password, raw_password_size, &error);
+	if (ret < 0) {
+		const char *password_str = request->set->debug_passwords ?
+			t_strdup_printf(" '%s'", crypted_password) : "";
+		auth_request_log_error(request, subsystem,
+				       "Invalid password%s in passdb: %s",
+				       password_str, error);
+	} else if (ret == 0) {
 		auth_request_log_password_mismatch(request, subsystem);
-		if (request->set->debug_passwords) T_BEGIN {
-			log_password_failure(request, plain_password,
-					     crypted_password, scheme,
-					     request->original_username,
-					     subsystem);
-		} T_END;
 	}
+	if (ret <= 0 && request->set->debug_passwords) T_BEGIN {
+		log_password_failure(request, plain_password,
+				     crypted_password, scheme,
+				     request->original_username,
+				     subsystem);
+	} T_END;
 	return ret;
 }