From: Timo Sirainen Date: Mon, 5 Oct 2009 18:17:32 +0000 (-0400) Subject: *-login: Log more precise reasons for some auth failures. X-Git-Tag: 2.0.alpha1~87 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3ffb7fd86484c474b42f3f1e981ab0f7168b5df9;p=thirdparty%2Fdovecot%2Fcore.git *-login: Log more precise reasons for some auth failures. --HG-- branch : HEAD --- diff --git a/src/login-common/client-common.c b/src/login-common/client-common.c index bfc04386e6..80ed789201 100644 --- a/src/login-common/client-common.c +++ b/src/login-common/client-common.c @@ -521,6 +521,12 @@ const char *client_get_extra_disconnect_reason(struct client *client) return "(tried to use disabled plaintext auth)"; if (client->set->ssl_require_client_cert) return "(cert required, client didn't start TLS)"; + if (client->auth_tried_unsupported_mech) + return "(tried to use unsupported auth mechanism)"; + if (client->auth_request != NULL && client->auth_attempts == 1) + return "(disconnected while authenticating)"; + if (client->auth_try_aborted && client->auth_attempts == 1) + return "(aborted authentication)"; return t_strdup_printf("(auth failed, %u attempts)", client->auth_attempts); diff --git a/src/login-common/client-common.h b/src/login-common/client-common.h index 0eedca2ffd..22fe9fbfc7 100644 --- a/src/login-common/client-common.h +++ b/src/login-common/client-common.h @@ -117,6 +117,8 @@ struct client { unsigned int trusted:1; unsigned int authenticating:1; unsigned int auth_tried_disabled_plaintext:1; + unsigned int auth_tried_unsupported_mech:1; + unsigned int auth_try_aborted:1; unsigned int auth_initializing:1; /* ... */ }; diff --git a/src/login-common/sasl-server.c b/src/login-common/sasl-server.c index 460ee6913c..92b3c0e3d5 100644 --- a/src/login-common/sasl-server.c +++ b/src/login-common/sasl-server.c @@ -247,6 +247,7 @@ void sasl_server_auth_begin(struct client *client, mech = auth_client_find_mech(auth_client, mech_name); if (mech == NULL) { + client->auth_tried_unsupported_mech = TRUE; sasl_server_auth_failed(client, "Unsupported authentication mechanism."); return; @@ -254,6 +255,7 @@ void sasl_server_auth_begin(struct client *client, if (!client->secured && client->set->disable_plaintext_auth && (mech->flags & MECH_SEC_PLAINTEXT) != 0) { + client->auth_tried_disabled_plaintext = TRUE; sasl_server_auth_failed(client, "Plaintext authentication disabled."); return; @@ -308,5 +310,6 @@ void sasl_server_auth_failed(struct client *client, const char *reason) void sasl_server_auth_abort(struct client *client) { + client->auth_try_aborted = TRUE; sasl_server_auth_cancel(client, NULL, SASL_SERVER_REPLY_AUTH_ABORTED); }