Mercurial > dovecot > original-hg > dovecot-1.2
changeset 9408:0c7bbdd7b81f HEAD
*-login: Log more precise reasons for some auth failures.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Mon, 05 Oct 2009 14:13:17 -0400 |
parents | a3e16df805e3 |
children | a0fa514d92f0 |
files | src/login-common/client-common.c src/login-common/client-common.h src/login-common/sasl-server.c |
diffstat | 3 files changed, 11 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/login-common/client-common.c Mon Oct 05 11:59:43 2009 -0400 +++ b/src/login-common/client-common.c Mon Oct 05 14:13:17 2009 -0400 @@ -205,6 +205,12 @@ return "(tried to use disabled plaintext auth)"; if (ssl_require_client_cert) return "(cert required, client didn't start TLS)"; + if (client->auth_tried_unsupported_mech) + return "(tried to use unsupported auth mechanism)"; + if (client->auth_request != NULL && client->auth_attempts == 1) + return "(disconnected while authenticating)"; + if (client->auth_try_aborted && client->auth_attempts == 1) + return "(aborted authentication)"; return t_strdup_printf("(auth failed, %u attempts)", client->auth_attempts);
--- a/src/login-common/client-common.h Mon Oct 05 11:59:43 2009 -0400 +++ b/src/login-common/client-common.h Mon Oct 05 14:13:17 2009 -0400 @@ -41,6 +41,8 @@ unsigned int trusted:1; unsigned int authenticating:1; unsigned int auth_tried_disabled_plaintext:1; + unsigned int auth_tried_unsupported_mech:1; + unsigned int auth_try_aborted:1; /* ... */ };
--- a/src/login-common/sasl-server.c Mon Oct 05 11:59:43 2009 -0400 +++ b/src/login-common/sasl-server.c Mon Oct 05 14:13:17 2009 -0400 @@ -144,6 +144,7 @@ mech = auth_client_find_mech(auth_client, mech_name); if (mech == NULL) { + client->auth_tried_unsupported_mech = TRUE; sasl_server_auth_failed(client, "Unsupported authentication mechanism."); return; @@ -151,6 +152,7 @@ if (!client->secured && disable_plaintext_auth && (mech->flags & MECH_SEC_PLAINTEXT) != 0) { + client->auth_tried_disabled_plaintext = TRUE; sasl_server_auth_failed(client, "Plaintext authentication disabled."); return; @@ -206,5 +208,6 @@ void sasl_server_auth_abort(struct client *client) { + client->auth_try_aborted = TRUE; sasl_server_auth_cancel(client, NULL, SASL_SERVER_REPLY_AUTH_ABORTED); }