From: Timo Sirainen <tss@iki.fi>
Date: Wed, 26 Mar 2008 19:30:15 +0000 (+0200)
Subject: Log clearly with "auth failed, # attempts" if user gets disconnected before
X-Git-Tag: 1.1.rc4~11
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=afd0a4b74b14ba4d01175ab13fc5eeedff1e8b06;p=thirdparty%2Fdovecot%2Fcore.git

Log clearly with "auth failed, # attempts" if user gets disconnected before
logging in.

--HG--
branch : HEAD
---

diff --git a/src/imap-login/client-authenticate.c b/src/imap-login/client-authenticate.c
index f1a458b01e..461c2b59bd 100644
--- a/src/imap-login/client-authenticate.c
+++ b/src/imap-login/client-authenticate.c
@@ -156,7 +156,7 @@ static bool client_handle_args(struct imap_client *client,
 		}
 		client_send_tagline(client, str_c(reply));
 		if (!nologin) {
-			client_destroy(client, "Login with referral");
+			client_destroy_success(client, "Login with referral");
 			return TRUE;
 		}
 	} else if (nologin || proxy_self) {
@@ -209,7 +209,7 @@ static void sasl_callback(struct client *_client, enum sasl_server_reply reply,
 		}
 
 		client_send_tagline(client, "OK Logged in.");
-		client_destroy(client, "Login");
+		client_destroy_success(client, "Login");
 		break;
 	case SASL_SERVER_REPLY_AUTH_FAILED:
 	case SASL_SERVER_REPLY_CLIENT_ERROR:
@@ -234,7 +234,9 @@ static void sasl_callback(struct client *_client, enum sasl_server_reply reply,
 		else {
 			client_send_tagline(client,
 					    t_strconcat("NO ", data, NULL));
-			client_destroy(client, data);
+			/* authentication itself succeeded, we just hit some
+			   internal failure. */
+			client_destroy_success(client, data);
 		}
 		break;
 	case SASL_SERVER_REPLY_CONTINUE:
diff --git a/src/imap-login/client.c b/src/imap-login/client.c
index e0dd63894d..3bf830c585 100644
--- a/src/imap-login/client.c
+++ b/src/imap-login/client.c
@@ -211,9 +211,7 @@ static int cmd_logout(struct imap_client *client)
 		client_destroy(client, "Aborted login "
 			"(tried to use disabled plaintext authentication)");
 	} else {
-		client_destroy(client, t_strdup_printf(
-			"Aborted login (%u authentication attempts)",
-			client->common.auth_attempts));
+		client_destroy(client, "Aborted login");
 	}
 	return 1;
 }
@@ -284,8 +282,8 @@ static bool client_handle_input(struct imap_client *client)
 		if (fatal) {
 			client_send_line(client, t_strconcat("* BYE ",
 							     msg, NULL));
-			client_destroy(client, t_strconcat("Disconnected: ",
-							   msg, NULL));
+			client_destroy(client,
+				t_strconcat("Disconnected: ", msg, NULL));
 			return FALSE;
 		}
 
@@ -311,8 +309,8 @@ static bool client_handle_input(struct imap_client *client)
 		if (++client->bad_counter >= CLIENT_MAX_BAD_COMMANDS) {
 			client_send_line(client,
 				"* BYE Too many invalid IMAP commands.");
-			client_destroy(client, "Disconnected: "
-				       "Too many invalid commands");
+			client_destroy(client,
+				"Disconnected: Too many invalid commands");
 			return FALSE;
 		}  
 		client_send_tagline(client,
@@ -486,6 +484,10 @@ void client_destroy(struct imap_client *client, const char *reason)
 		return;
 	client->destroyed = TRUE;
 
+	if (!client->login_success && reason != NULL) {
+		reason = t_strdup_printf("%s (auth failed, %u attempts)",
+					 reason, client->common.auth_attempts);
+	}
 	if (reason != NULL)
 		client_syslog(&client->common, reason);
 
@@ -543,6 +545,12 @@ void client_destroy(struct imap_client *client, const char *reason)
 	main_unref();
 }
 
+void client_destroy_success(struct imap_client *client, const char *reason)
+{
+	client->login_success = TRUE;
+	client_destroy(client, reason);
+}
+
 void client_destroy_internal_failure(struct imap_client *client)
 {
 	client_send_line(client, "* BYE Internal login failure. "
diff --git a/src/imap-login/client.h b/src/imap-login/client.h
index 73e6d0f856..26e3c33ed8 100644
--- a/src/imap-login/client.h
+++ b/src/imap-login/client.h
@@ -24,6 +24,7 @@ struct imap_client {
 
 	const char *cmd_tag, *cmd_name;
 
+	unsigned int login_success:1;
 	unsigned int cmd_finished:1;
 	unsigned int proxy_login_sent:1;
 	unsigned int skip_line:1;
@@ -33,6 +34,7 @@ struct imap_client {
 };
 
 void client_destroy(struct imap_client *client, const char *reason);
+void client_destroy_success(struct imap_client *client, const char *reason);
 void client_destroy_internal_failure(struct imap_client *client);
 
 void client_send_line(struct imap_client *client, const char *line);
diff --git a/src/imap-login/imap-proxy.c b/src/imap-login/imap-proxy.c
index 79bd3d3be0..e6b0b63fa7 100644
--- a/src/imap-login/imap-proxy.c
+++ b/src/imap-login/imap-proxy.c
@@ -63,7 +63,7 @@ static int proxy_input_line(struct imap_client *client,
 		client->input = NULL;
 		client->output = NULL;
 		client->common.fd = -1;
-		client_destroy(client, msg);
+		client_destroy_success(client, msg);
 		return -1;
 	} else if (strncmp(line, "P ", 2) == 0) {
 		/* If the backend server isn't Dovecot, the error message may
@@ -117,7 +117,7 @@ static void proxy_input(struct istream *input, struct ostream *output,
 
 		/* failed for some reason, probably server disconnected */
 		client_send_line(client, "* BYE Temporary login failure.");
-		client_destroy(client, NULL);
+		client_destroy_success(client, NULL);
 		return;
 	}
 
@@ -132,7 +132,7 @@ static void proxy_input(struct istream *input, struct ostream *output,
 		return;
 	case -1:
 		/* disconnected */
-		client_destroy(client, "Proxy: Remote disconnected");
+		client_destroy_success(client, "Proxy: Remote disconnected");
 		return;
 	}
 
diff --git a/src/pop3-login/client-authenticate.c b/src/pop3-login/client-authenticate.c
index f3f3cd653a..3fc2bd93c8 100644
--- a/src/pop3-login/client-authenticate.c
+++ b/src/pop3-login/client-authenticate.c
@@ -170,7 +170,7 @@ static void sasl_callback(struct client *_client, enum sasl_server_reply reply,
 		}
 
 		client_send_line(client, "+OK Logged in.");
-		client_destroy(client, "Login");
+		client_destroy_success(client, "Login");
 		break;
 	case SASL_SERVER_REPLY_AUTH_FAILED:
 	case SASL_SERVER_REPLY_CLIENT_ERROR:
@@ -197,7 +197,7 @@ static void sasl_callback(struct client *_client, enum sasl_server_reply reply,
 		else {
 			client_send_line(client,
 				t_strconcat("-ERR [IN-USE] ", data, NULL));
-			client_destroy(client, data);
+			client_destroy_success(client, data);
 		}
 		break;
 	case SASL_SERVER_REPLY_CONTINUE:
diff --git a/src/pop3-login/client.c b/src/pop3-login/client.c
index 0fc529e342..a2ad08e218 100644
--- a/src/pop3-login/client.c
+++ b/src/pop3-login/client.c
@@ -150,9 +150,7 @@ static bool cmd_quit(struct pop3_client *client)
 		client_destroy(client, "Aborted login "
 			"(tried to use disabled plaintext authentication)");
 	} else {
-		client_destroy(client, t_strdup_printf(
-			"Aborted login (%u authentication attempts)",
-			client->common.auth_attempts));
+		client_destroy(client, "Aborted login");
 	}
 	return TRUE;
 }
@@ -341,12 +339,22 @@ struct client *client_create(int fd, bool ssl, const struct ip_addr *local_ip,
 	return &client->common;
 }
 
+void client_destroy_success(struct pop3_client *client, const char *reason)
+{
+	client->login_success = TRUE;
+	client_destroy(client, reason);
+}
+
 void client_destroy(struct pop3_client *client, const char *reason)
 {
 	if (client->destroyed)
 		return;
 	client->destroyed = TRUE;
 
+	if (!client->login_success && reason != NULL) {
+		reason = t_strdup_printf("%s (auth failed, %u attempts)",
+					 reason, client->common.auth_attempts);
+	}
 	if (reason != NULL)
 		client_syslog(&client->common, reason);
 
diff --git a/src/pop3-login/client.h b/src/pop3-login/client.h
index d688af62e9..34815fab46 100644
--- a/src/pop3-login/client.h
+++ b/src/pop3-login/client.h
@@ -28,12 +28,14 @@ struct pop3_client {
 	char *apop_challenge;
 	struct auth_connect_id auth_id;
 
+	unsigned int login_success:1;
 	unsigned int authenticating:1;
 	unsigned int auth_connected:1;
 	unsigned int destroyed:1;
 };
 
 void client_destroy(struct pop3_client *client, const char *reason);
+void client_destroy_success(struct pop3_client *client, const char *reason);
 void client_destroy_internal_failure(struct pop3_client *client);
 
 void client_send_line(struct pop3_client *client, const char *line);
diff --git a/src/pop3-login/pop3-proxy.c b/src/pop3-login/pop3-proxy.c
index 80cffcbe94..8ca9dcba06 100644
--- a/src/pop3-login/pop3-proxy.c
+++ b/src/pop3-login/pop3-proxy.c
@@ -32,7 +32,7 @@ static void proxy_input(struct istream *input, struct ostream *output,
 		/* failed for some reason, probably server disconnected */
 		client_send_line(client,
 				 "-ERR [IN-USE] Temporary login failure.");
-		client_destroy(client, NULL);
+		client_destroy_success(client, NULL);
 		return;
 	}
 
@@ -47,7 +47,7 @@ static void proxy_input(struct istream *input, struct ostream *output,
 		return;
 	case -1:
 		/* disconnected */
-		client_destroy(client, "Proxy: Remote disconnected");
+		client_destroy_success(client, "Proxy: Remote disconnected");
 		return;
 	}
 
@@ -114,7 +114,7 @@ static void proxy_input(struct istream *input, struct ostream *output,
 		client->input = NULL;
 		client->output = NULL;
 		client->common.fd = -1;
-		client_destroy(client, msg);
+		client_destroy_success(client, msg);
 		return;
 	}