auth_debug_passwords=yes: If auth bind fails, log the attempted password.

--HG--
branch : HEAD

diff --git a/src/auth/passdb-ldap.c b/src/auth/passdb-ldap.c
index 08a6c9d4286ab8ad0f7875fbaa1ce2abe54b8649..64c83dccebe104b59f875bea86b06bdafe2d85cc 100644 (file)
--- a/src/auth/passdb-ldap.c
+++ b/src/auth/passdb-ldap.c
@@ -155,6 +155,7 @@ ldap_auth_bind_callback(struct ldap_connection *conn,
                (struct passdb_ldap_request *)ldap_request;
        struct auth_request *auth_request = ldap_request->auth_request;
        enum passdb_result passdb_result;
+       const char *str;
        int ret;
 
        passdb_result = PASSDB_RESULT_INTERNAL_FAILURE;
@@ -164,8 +165,13 @@ ldap_auth_bind_callback(struct ldap_connection *conn,
                if (ret == LDAP_SUCCESS)
                        passdb_result = PASSDB_RESULT_OK;
                else if (ret == LDAP_INVALID_CREDENTIALS) {
-                       auth_request_log_info(auth_request, "ldap",
-                                             "invalid credentials");
+                       str = "invalid credentials";
+                       if (auth_request->auth->verbose_debug_passwords) {
+                               str = t_strconcat(str, " (given password: ",
+                                                 auth_request->mech_password,
+                                                 ")", NULL);
+                       }
+                       auth_request_log_info(auth_request, "ldap", "%s", str);
                        passdb_result = PASSDB_RESULT_PASSWORD_MISMATCH;
                } else {
                        auth_request_log_error(auth_request, "ldap",