login: Improved auth failed log messages.

author Timo Sirainen <tss@iki.fi>

Wed, 16 Nov 2011 16:15:46 +0000 (18:15 +0200)

committer Timo Sirainen <tss@iki.fi>

Wed, 16 Nov 2011 16:15:46 +0000 (18:15 +0200)
author Timo Sirainen <tss@iki.fi>
Wed, 16 Nov 2011 16:15:46 +0000 (18:15 +0200)
committer Timo Sirainen <tss@iki.fi>
Wed, 16 Nov 2011 16:15:46 +0000 (18:15 +0200)
diff --git a/src/login-common/client-common.c b/src/login-common/client-common.c

index 0381fa80a58ea2b86af5e5633e9a6c49e6148b1e..f3df4e8cdcd3e951e79349e7dec4ef81df523c7f 100644 (file)
--- a/src/login-common/client-common.c
+++ b/src/login-common/client-common.c
@@ -504,6 +504,9 @@ bool client_is_trusted(struct client *client)
  
  const char *client_get_extra_disconnect_reason(struct client *client)
  {
+       unsigned int auth_secs = client->auth_first_started == 0 ? 0 :
+               ioloop_time - client->auth_first_started;
+
         if (client->set->auth_ssl_require_client_cert &&
             client->ssl_proxy != NULL) {
                 if (ssl_proxy_has_broken_client_cert(client->ssl_proxy))
@@ -512,8 +515,10 @@ const char *client_get_extra_disconnect_reason(struct client *client)
                         return "(client didn't send a cert)";
         }
  
-       if (client->auth_attempts == 0)
-               return "(no auth attempts)";
+       if (client->auth_attempts == 0) {
+               return t_strdup_printf("(no auth attempts in %u secs)",
+                       (unsigned int)(ioloop_time - client->created));
+       }
  
         /* some auth attempts without SSL/TLS */
         if (client->auth_tried_disabled_plaintext)
@@ -523,8 +528,14 @@ const char *client_get_extra_disconnect_reason(struct client *client)
                 return "(cert required, client didn't start TLS)";
         if (client->auth_tried_unsupported_mech)
                 return "(tried to use unsupported auth mechanism)";
-       if (client->auth_request != NULL && client->auth_attempts == 1)
-               return "(disconnected while authenticating)";
+       if (client->auth_request != NULL && client->auth_attempts == 1) {
+               return t_strdup_printf("(disconnected while authenticating, "
+                                      "waited %u secs)", auth_secs);
+       }
+       if (client->authenticating && client->auth_attempts == 1) {
+               return t_strdup_printf("(disconnected while finishing login, "
+                                      "waited %u secs)", auth_secs);
+       }
         if (client->auth_try_aborted && client->auth_attempts == 1)
                 return "(aborted authentication)";
  
@@ -532,8 +543,8 @@ const char *client_get_extra_disconnect_reason(struct client *client)
                 return t_strdup_printf("(internal failure, %u succesful auths)",
                                        client->auth_successes);
         }
-       return t_strdup_printf("(auth failed, %u attempts)",
-                              client->auth_attempts);
+       return t_strdup_printf("(auth failed, %u attempts in %u secs)",
+                              client->auth_attempts, auth_secs);
  }
  
  void client_send_line(struct client *client, enum client_cmd_reply reply,
diff --git a/src/login-common/client-common.h b/src/login-common/client-common.h

index 4b7727a1f234d3de174a56876ce9f8f4dc00bec2..3d8b2cb0c559418898bf1d69aea06b921d414651 100644 (file)
--- a/src/login-common/client-common.h
+++ b/src/login-common/client-common.h
@@ -100,6 +100,7 @@ struct client {
         char *auth_mech_name;
         struct auth_client_request *auth_request;
         string_t *auth_response;
+       time_t auth_first_started;
  
         unsigned int master_auth_id;
         unsigned int master_tag;
diff --git a/src/login-common/sasl-server.c b/src/login-common/sasl-server.c

index a8d6584be33b1bbb57f885f2f6d489400ff1fe78..ab113a57f67e467ec1765dd9583a9f5bc104bf37 100644 (file)
--- a/src/login-common/sasl-server.c
+++ b/src/login-common/sasl-server.c
@@ -4,6 +4,7 @@
  #include "base64.h"
  #include "buffer.h"
  #include "hex-binary.h"
+#include "ioloop.h"
  #include "istream.h"
  #include "write-full.h"
  #include "strescape.h"
@@ -277,6 +278,8 @@ void sasl_server_auth_begin(struct client *client,
  
         client->auth_attempts++;
         client->authenticating = TRUE;
+       if (client->auth_first_started == 0)
+               client->auth_first_started = ioloop_time;
         i_free(client->auth_mech_name);
         client->auth_mech_name = str_ucase(i_strdup(mech_name));
         client->sasl_callback = callback;
author	Timo Sirainen <tss@iki.fi>
	Wed, 16 Nov 2011 16:15:46 +0000 (18:15 +0200)
committer	Timo Sirainen <tss@iki.fi>
	Wed, 16 Nov 2011 16:15:46 +0000 (18:15 +0200)
src/login-common/client-common.c		patch \| blob \| blame \| history
src/login-common/client-common.h		patch \| blob \| blame \| history
src/login-common/sasl-server.c		patch \| blob \| blame \| history