Mercurial > dovecot > original-hg > dovecot-1.2
changeset 998:d0845dca7eca HEAD
auth_verbose = yes logs now all authentication failures and some other
stuff.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 21 Jan 2003 09:40:54 +0200 |
parents | 6abffe419582 |
children | 070aee0e5b9f |
files | src/auth/auth-digest-md5.c src/auth/common.h src/auth/login-connection.c src/auth/main.c src/auth/userinfo-pam.c src/auth/userinfo-passwd-file.c src/auth/userinfo-passwd.c src/auth/userinfo-shadow.c src/auth/userinfo-vpopmail.c src/master/auth-process.c src/master/settings.c src/master/settings.h |
diffstat | 12 files changed, 166 insertions(+), 38 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/auth-digest-md5.c Tue Jan 21 08:50:00 2003 +0200 +++ b/src/auth/auth-digest-md5.c Tue Jan 21 09:40:54 2003 +0200 @@ -195,8 +195,14 @@ if (i == 0) { /* verify response */ - if (memcmp(response_hex, auth->response, 32) != 0) + if (memcmp(response_hex, auth->response, 32) != 0) { + if (verbose) { + i_info("digest-md5(%s): " + "password mismatch", + auth->username); + } return FALSE; + } } else { auth->rspauth = p_strconcat(auth->pool, "rspauth=", response_hex, NULL); @@ -506,7 +512,7 @@ auth->qop_value = p_strdup(auth->pool, "auth"); if (!failed && !verify_auth(auth)) { - *error = "Authentication failed"; + *error = NULL; failed = TRUE; } @@ -557,6 +563,11 @@ return; } + if (error == NULL) + error = "Authentication failed"; + else if (verbose) + i_info("digest-md5: %s", error); + /* failed */ reply.result = AUTH_RESULT_FAILURE; callback(&reply, error, context);
--- a/src/auth/common.h Tue Jan 21 08:50:00 2003 +0200 +++ b/src/auth/common.h Tue Jan 21 09:40:54 2003 +0200 @@ -8,5 +8,6 @@ #define LOGIN_LISTEN_FD 3 extern struct ioloop *ioloop; +extern int verbose; #endif
--- a/src/auth/login-connection.c Tue Jan 21 08:50:00 2003 +0200 +++ b/src/auth/login-connection.c Tue Jan 21 09:40:54 2003 +0200 @@ -84,6 +84,10 @@ login_connection_destroy(conn); } else { conn->pid = rec.pid; + if (verbose) { + i_info("Login process %d sent handshake: PID %s", + conn->fd, dec2str(conn->pid)); + } } } @@ -173,6 +177,9 @@ { struct login_connection *conn; + if (verbose) + i_info("Login process %d connected", fd); + conn = i_new(struct login_connection, 1); conn->fd = fd; @@ -199,6 +206,9 @@ { struct login_connection **pos; + if (verbose) + i_info("Login process %d disconnected", conn->fd); + for (pos = &connections; *pos != NULL; pos = &(*pos)->next) { if (*pos == conn) { *pos = conn->next;
--- a/src/auth/main.c Tue Jan 21 08:50:00 2003 +0200 +++ b/src/auth/main.c Tue Jan 21 09:40:54 2003 +0200 @@ -17,6 +17,8 @@ #include <syslog.h> struct ioloop *ioloop; +int verbose = FALSE; + static struct io *io_listen; static void sig_quit(int signo __attr_unused__) @@ -69,6 +71,8 @@ { lib_init_signals(sig_quit); + verbose = getenv("VERBOSE") != NULL; + auth_init(); cookies_init(); login_connections_init();
--- a/src/auth/userinfo-pam.c Tue Jan 21 08:50:00 2003 +0200 +++ b/src/auth/userinfo-pam.c Tue Jan 21 09:40:54 2003 +0200 @@ -148,25 +148,45 @@ return PAM_SUCCESS; } -static int pam_auth(pam_handle_t *pamh) +static int pam_auth(pam_handle_t *pamh, const char *user) { char *item; int status; - if ((status = pam_authenticate(pamh, 0)) != PAM_SUCCESS) + if ((status = pam_authenticate(pamh, 0)) != PAM_SUCCESS) { + if (verbose) { + i_info("PAM: pam_authenticate(%s) failed: %s", + user, pam_strerror(pamh, status)); + } return status; + } #ifdef HAVE_PAM_SETCRED - if ((status = pam_setcred(pamh, PAM_ESTABLISH_CRED)) != PAM_SUCCESS) + if ((status = pam_setcred(pamh, PAM_ESTABLISH_CRED)) != PAM_SUCCESS) { + if (verbose) { + i_info("PAM: pam_setcred(%s) failed: %s", + user, pam_strerror(pamh, status)); + } return status; + } #endif - if ((status = pam_acct_mgmt(pamh, 0)) != PAM_SUCCESS) + if ((status = pam_acct_mgmt(pamh, 0)) != PAM_SUCCESS) { + if (verbose) { + i_info("PAM: pam_acct_mgmt(%s) failed: %s", + user, pam_strerror(pamh, status)); + } return status; + } status = pam_get_item(pamh, PAM_USER, (linux_const void **)&item); - if (status != PAM_SUCCESS) + if (status != PAM_SUCCESS) { + if (verbose) { + i_info("PAM: pam_get_item(%s) failed: %s", + user, pam_strerror(pamh, status)); + } return status; + } return PAM_SUCCESS; } @@ -187,12 +207,18 @@ userpass.pass = password; status = pam_start(service_name, user, &conv, &pamh); - if (status != PAM_SUCCESS) + if (status != PAM_SUCCESS) { + if (verbose) { + i_info("PAM: pam_start(%s) failed: %s", + user, pam_strerror(pamh, status)); + } return FALSE; + } - status = pam_auth(pamh); + status = pam_auth(pamh, user); if ((status2 = pam_end(pamh, status)) != PAM_SUCCESS) { - i_error("pam_end() failed: %s", pam_strerror(pamh, status2)); + i_error("pam_end(%s) failed: %s", + user, pam_strerror(pamh, status2)); return FALSE; } @@ -201,8 +227,10 @@ /* password ok, save the user info */ pw = getpwnam(user); - if (pw == NULL) + if (pw == NULL) { + i_error("PAM: getpwnam(%s) failed: %m", user); return FALSE; + } safe_memset(pw->pw_passwd, 0, strlen(pw->pw_passwd)); passwd_fill_cookie_reply(pw, reply);
--- a/src/auth/userinfo-passwd-file.c Tue Jan 21 08:50:00 2003 +0200 +++ b/src/auth/userinfo-passwd-file.c Tue Jan 21 09:40:54 2003 +0200 @@ -67,8 +67,11 @@ strlen(pu->realm) - 1); pw = getpwnam(user); - if (pw == NULL) + if (pw == NULL) { + i_error("passwd-file(%s): missing info and " + "not found with getpwnam()", user); return FALSE; + } passwd_fill_cookie_reply(pw, reply); } @@ -115,21 +118,35 @@ /* find it from all realms */ pu = hash_lookup(passwd_file->users, user); - if (pu == NULL) + if (pu == NULL) { + if (verbose) + i_info("passwd-file(%s): unknown user", user); return FALSE; + } /* verify that password matches */ switch (pu->password_type) { case PASSWORD_DES: - if (strcmp(mycrypt(password, pu->password), pu->password) != 0) + if (strcmp(mycrypt(password, pu->password), + pu->password) != 0) { + if (verbose) { + i_info("passwd-file(%s): DES password mismatch", + user); + } return FALSE; + } break; case PASSWORD_MD5: md5_get_digest(password, strlen(password), digest); str = binary_to_hex(digest, sizeof(digest)); - if (strcmp(str, pu->password) != 0) + if (strcmp(str, pu->password) != 0) { + if (verbose) { + i_info("passwd-file(%s): MD5 password mismatch", + user); + } return FALSE; + } break; case PASSWORD_DIGEST_MD5: /* user:realm:passwd */ @@ -140,8 +157,13 @@ md5_get_digest(str, strlen(str), digest); str = binary_to_hex(digest, sizeof(digest)); - if (strcmp(str, pu->password) != 0) + if (strcmp(str, pu->password) != 0) { + if (verbose) { + i_info("passwd-file(%s): " + "DIGEST-MD5 password mismatch", user); + } return FALSE; + } break; default: i_unreached(); @@ -167,16 +189,22 @@ t_strconcat(user, ":", realm, NULL); pu = hash_lookup(passwd_file->users, id); - if (pu == NULL) + if (pu == NULL) { + if (verbose) + i_info("passwd-file(%s): unknown user", user); return FALSE; + } /* found */ i_assert(strlen(pu->password) == 32); buf = buffer_create_data(data_stack_pool, digest, 16); - if (!hex_to_binary(pu->password, buf)) + if (!hex_to_binary(pu->password, buf)) { + if (verbose) + i_info("passwd-file(%s): invalid password field", user); return FALSE; - + } + return get_reply_data(pu, reply); }
--- a/src/auth/userinfo-passwd.c Tue Jan 21 08:50:00 2003 +0200 +++ b/src/auth/userinfo-passwd.c Tue Jan 21 09:40:54 2003 +0200 @@ -37,8 +37,21 @@ int result; pw = getpwnam(user); - if (pw == NULL || !IS_VALID_PASSWD(pw->pw_passwd)) + if (pw == NULL) { + if (errno != 0) + i_error("getpwnam(%s) failed: %m", user); + else if (verbose) + i_info("passwd(%s): unknown user", user); return FALSE; + } + + if (!IS_VALID_PASSWD(pw->pw_passwd)) { + if (verbose) { + i_info("passwd(%s): invalid password field '%s'", + user, pw->pw_passwd); + } + return FALSE; + } /* check if the password is valid */ result = strcmp(mycrypt(password, pw->pw_passwd), pw->pw_passwd) == 0; @@ -46,8 +59,11 @@ /* clear the passwords from memory */ safe_memset(pw->pw_passwd, 0, strlen(pw->pw_passwd)); - if (!result) + if (!result) { + if (verbose) + i_info("passwd(%s): password mismatch", user); return FALSE; + } /* password ok, save the user info */ passwd_fill_cookie_reply(pw, reply);
--- a/src/auth/userinfo-shadow.c Tue Jan 21 08:50:00 2003 +0200 +++ b/src/auth/userinfo-shadow.c Tue Jan 21 09:40:54 2003 +0200 @@ -23,8 +23,21 @@ int result; spw = getspnam(user); - if (spw == NULL || !IS_VALID_PASSWD(spw->sp_pwdp)) + if (spw == NULL) { + if (errno != 0) + i_error("getspnam(%s) failed: %m", user); + else if (verbose) + i_info("shadow(%s): unknown user", user); return FALSE; + } + + if (!IS_VALID_PASSWD(spw->sp_pwdp)) { + if (verbose) { + i_info("shadow(%s): invalid password field '%s'", + user, spw->sp_pwdp); + } + return FALSE; + } /* check if the password is valid */ result = strcmp(mycrypt(password, spw->sp_pwdp), spw->sp_pwdp) == 0; @@ -32,13 +45,18 @@ /* clear the passwords from memory */ safe_memset(spw->sp_pwdp, 0, strlen(spw->sp_pwdp)); - if (!result) + if (!result) { + if (verbose) + i_info("shadow(%s): password mismatch", user); return FALSE; + } /* password ok, save the user info */ pw = getpwnam(user); - if (pw == NULL) + if (pw == NULL) { + i_error("shadow(%s): getpwnam() failed: %m", user); return FALSE; + } passwd_fill_cookie_reply(pw, reply); return TRUE;
--- a/src/auth/userinfo-vpopmail.c Tue Jan 21 08:50:00 2003 +0200 +++ b/src/auth/userinfo-vpopmail.c Tue Jan 21 09:40:54 2003 +0200 @@ -14,8 +14,6 @@ #include <vpopmail.h> #include <vauth.h> -#define I_DEBUG(x) /* i_warning x */ - /* Limit user and domain to 80 chars each (+1 for \0). I wouldn't recommend raising this limit at least much, vpopmail is full of potential buffer overflows. */ @@ -36,7 +34,8 @@ if (parse_email(t_strdup_noconst(user), vpop_user, vpop_domain, sizeof(vpop_user)-1) < 0) { - I_DEBUG(("vpopmail: parse_email(%s) failed", user)); + if (verbose) + i_info("vpopmail(%s): parse_email() failed", user); return FALSE; } @@ -44,19 +43,25 @@ struct vqpasswd isn't really gid at all but just some flags... */ if (vget_assign(vpop_domain, NULL, 0, &reply->uid, &reply->gid) == NULL) { - I_DEBUG(("vpopmail: vget_assign(%s) failed", vpop_domain)); + if (verbose) { + i_info("vpopmail(%s): vget_assign(%s) failed", + user, vpop_domain); + } return FALSE; } vpw = vauth_getpw(vpop_user, vpop_domain); if (vpw != NULL && (vpw->pw_dir == NULL || vpw->pw_dir[0] == '\0')) { /* user's homedir doesn't exist yet, create it */ - I_DEBUG(("vpopmail: pw_dir isn't set, creating")); + if (verbose) { + i_info("vpopmail(%s): pw_dir isn't set, creating", + user); + } if (make_user_dir(vpop_user, vpop_domain, reply->uid, reply->gid) == NULL) { - i_error("vpopmail: make_user_dir(%s, %s) failed", - vpop_user, vpop_domain); + i_error("vpopmail(%s): make_user_dir(%s, %s) failed", + user, vpop_user, vpop_domain); return FALSE; } @@ -64,14 +69,16 @@ } if (vpw == NULL) { - I_DEBUG(("vpopmail: vauth_getpw(%s, %s) failed", - vpop_user, vpop_domain)); + if (verbose) { + i_info("vpopmail(%s): vauth_getpw(%s, %s) failed", + user, vpop_user, vpop_domain); + } return FALSE; } if (vpw->pw_gid & NO_IMAP) { - I_DEBUG(("vpopmail: IMAP disabled for %s@%s", - vpop_user, vpop_domain)); + if (verbose) + i_info("vpopmail(%s): IMAP disabled", user); return FALSE; } @@ -80,8 +87,8 @@ safe_memset(vpw->pw_passwd, 0, strlen(vpw->pw_passwd)); if (!result) { - I_DEBUG(("vpopmail: password mismatch for user %s@%s", - vpop_user, vpop_domain)); + if (verbose) + i_info("vpopmail(%s): password mismatch", user); return FALSE; }
--- a/src/master/auth-process.c Tue Jan 21 08:50:00 2003 +0200 +++ b/src/master/auth-process.c Tue Jan 21 09:40:54 2003 +0200 @@ -278,6 +278,8 @@ if (config->use_cyrus_sasl) env_put("USE_CYRUS_SASL=1"); + if (config->verbose) + env_put("VERBOSE=1"); restrict_process_size(config->process_size);
--- a/src/master/settings.c Tue Jan 21 08:50:00 2003 +0200 +++ b/src/master/settings.c Tue Jan 21 09:40:54 2003 +0200 @@ -417,6 +417,9 @@ if (strcmp(key, "auth_cyrus_sasl") == 0) return get_bool(value, &auth->use_cyrus_sasl); + if (strcmp(key, "auth_verbose") == 0) + return get_bool(value, &auth->verbose); + if (strcmp(key, "auth_count") == 0) { int num;