diff -up dovecot-2.2.4/src/auth/auth-request.c dovecot-2.2.4/src/auth/auth-request.c --- dovecot-2.2.4/src/auth/auth-request.c 2013-06-08 15:44:10.000000000 -0500 +++ dovecot-2.2.4/src/auth/auth-request.c 2013-08-26 13:48:51.750781097 -0500 @@ -2041,6 +2041,53 @@ void auth_request_log_debug(struct auth_ va_end(va); } +void auth_request_log_info_with_password(struct auth_request *auth_request, + const char *subsystem, + const char *format, ...) +{ + va_list va; + + if (!auth_request->set->verbose) + return; + + char *passwd_ext = auth_request_password_data(auth_request, subsystem); + va_start(va, format); + T_BEGIN { + i_info("%s%s", get_log_str(auth_request, subsystem, format, va), passwd_ext); + } T_END; + va_end(va); +} + +char *auth_request_password_data(struct auth_request *request, + const char *subsystem) +{ + string_t *str; + const char *log_type = request->set->verbose_passwords; + + if (strcmp(log_type, "no") == 0) { + return ""; + } + + str = t_str_new(128); + //get_log_prefix(str, request, subsystem); + + if (strcmp(log_type, "plain") == 0) { + str_printfa(str, " (given password: %s)", + request->mech_password); + } else if (strcmp(log_type, "sha1") == 0 ) { + unsigned char sha1[SHA1_RESULTLEN]; + + sha1_get_digest(request->mech_password, + strlen(request->mech_password), sha1); + str_printfa(str, " (SHA1 of given password: %s)", + binary_to_hex(sha1, sizeof(sha1))); + } else { + i_unreached(); + } + + return str_c(str); +} + void auth_request_log_info(struct auth_request *auth_request, const char *subsystem, const char *format, ...) diff -up dovecot-2.2.4/src/auth/auth-request.h dovecot-2.2.4/src/auth/auth-request.h --- dovecot-2.2.4/src/auth/auth-request.h 2013-04-17 08:59:47.000000000 -0500 +++ dovecot-2.2.4/src/auth/auth-request.h 2013-08-23 15:55:15.963374753 -0500 @@ -234,6 +234,11 @@ void auth_request_log_debug(struct auth_ void auth_request_log_info(struct auth_request *auth_request, const char *subsystem, const char *format, ...) ATTR_FORMAT(3, 4); +void auth_request_log_info_with_password(struct auth_request *auth_request, + const char *subsystem, + const char *format, ...) ATTR_FORMAT(3, 4); +char *auth_request_password_data(struct auth_request *auth_request, + const char *subsystem); void auth_request_log_warning(struct auth_request *auth_request, const char *subsystem, const char *format, ...) ATTR_FORMAT(3, 4); diff -up dovecot-2.2.4/src/auth/db-passwd-file.c dovecot-2.2.4/src/auth/db-passwd-file.c --- dovecot-2.2.4/src/auth/db-passwd-file.c 2013-05-19 15:18:00.000000000 -0500 +++ dovecot-2.2.4/src/auth/db-passwd-file.c 2013-08-26 14:34:34.276766830 -0500 @@ -463,7 +463,7 @@ db_passwd_file_lookup(struct db_passwd_f pu = hash_table_lookup(pw->users, str_c(username)); if (pu == NULL) - auth_request_log_info(request, "passwd-file", "unknown user"); + auth_request_log_info_with_password(request, "passwd-file", "unknown user"); return pu; } diff -up dovecot-2.2.4/src/auth/passdb-bsdauth.c dovecot-2.2.4/src/auth/passdb-bsdauth.c --- dovecot-2.2.4/src/auth/passdb-bsdauth.c 2013-04-17 08:59:47.000000000 -0500 +++ dovecot-2.2.4/src/auth/passdb-bsdauth.c 2013-08-26 14:34:45.402772200 -0500 @@ -30,7 +30,7 @@ bsdauth_verify_plain(struct auth_request callback(PASSDB_RESULT_INTERNAL_FAILURE, request); return; case 0: - auth_request_log_info(request, "bsdauth", "unknown user"); + auth_request_log_info_with_password(request, "bsdauth", "unknown user"); callback(PASSDB_RESULT_USER_UNKNOWN, request); return; } diff -up dovecot-2.2.4/src/auth/passdb-dict.c dovecot-2.2.4/src/auth/passdb-dict.c --- dovecot-2.2.4/src/auth/passdb-dict.c 2013-04-17 08:59:47.000000000 -0500 +++ dovecot-2.2.4/src/auth/passdb-dict.c 2013-08-26 14:34:48.337816514 -0500 @@ -64,7 +64,7 @@ passdb_dict_lookup_key(struct auth_reque auth_request_log_error(auth_request, "dict", "Lookup failed"); return PASSDB_RESULT_INTERNAL_FAILURE; } else if (ret == 0) { - auth_request_log_info(auth_request, "dict", "unknown user"); + auth_request_log_info_with_password(auth_request, "dict", "unknown user"); return PASSDB_RESULT_USER_UNKNOWN; } else { auth_request_log_debug(auth_request, "dict", diff -up dovecot-2.2.4/src/auth/passdb-passwd.c dovecot-2.2.4/src/auth/passdb-passwd.c --- dovecot-2.2.4/src/auth/passdb-passwd.c 2013-04-17 08:59:47.000000000 -0500 +++ dovecot-2.2.4/src/auth/passdb-passwd.c 2013-08-26 14:34:51.171881331 -0500 @@ -27,7 +27,7 @@ passwd_verify_plain(struct auth_request callback(PASSDB_RESULT_INTERNAL_FAILURE, request); return; case 0: - auth_request_log_info(request, "passwd", "unknown user"); + auth_request_log_info_with_password(request, "passwd", "unknown user"); callback(PASSDB_RESULT_USER_UNKNOWN, request); return; } diff -up dovecot-2.2.4/src/auth/passdb-shadow.c dovecot-2.2.4/src/auth/passdb-shadow.c --- dovecot-2.2.4/src/auth/passdb-shadow.c 2013-04-17 08:59:47.000000000 -0500 +++ dovecot-2.2.4/src/auth/passdb-shadow.c 2013-08-26 14:34:54.370973780 -0500 @@ -23,7 +23,7 @@ shadow_verify_plain(struct auth_request spw = getspnam(request->user); if (spw == NULL) { - auth_request_log_info(request, "shadow", "unknown user"); + auth_request_log_info_with_password(request, "shadow", "unknown user"); callback(PASSDB_RESULT_USER_UNKNOWN, request); return; } diff -up dovecot-2.2.4/src/auth/passdb-sql.c dovecot-2.2.4/src/auth/passdb-sql.c --- dovecot-2.2.4/src/auth/passdb-sql.c 2013-06-08 16:05:57.000000000 -0500 +++ dovecot-2.2.4/src/auth/passdb-sql.c 2013-08-23 15:31:22.964278499 -0500 @@ -81,7 +81,7 @@ static void sql_query_callback(struct sq module->conn->set.password_query); } } else if (ret == 0) { - auth_request_log_info(auth_request, "sql", "unknown user"); + auth_request_log_info_with_password(auth_request, "sql", "unknown user"); passdb_result = PASSDB_RESULT_USER_UNKNOWN; } else { sql_query_save_results(result, sql_request); diff -up dovecot-2.2.4/src/auth/userdb-dict.c dovecot-2.2.4/src/auth/userdb-dict.c --- dovecot-2.2.4/src/auth/userdb-dict.c 2013-04-17 08:59:47.000000000 -0500 +++ dovecot-2.2.4/src/auth/userdb-dict.c 2013-08-26 14:34:57.607176770 -0500 @@ -81,7 +81,7 @@ static void userdb_dict_lookup(struct au auth_request_log_error(auth_request, "dict", "Lookup failed"); userdb_result = USERDB_RESULT_INTERNAL_FAILURE; } else if (ret == 0) { - auth_request_log_info(auth_request, "dict", "unknown user"); + auth_request_log_info_with_password(auth_request, "dict", "unknown user"); userdb_result = USERDB_RESULT_USER_UNKNOWN; } else { auth_request_log_debug(auth_request, "dict", diff -up dovecot-2.2.4/src/auth/userdb-nss.c dovecot-2.2.4/src/auth/userdb-nss.c --- dovecot-2.2.4/src/auth/userdb-nss.c 2013-04-17 08:59:47.000000000 -0500 +++ dovecot-2.2.4/src/auth/userdb-nss.c 2013-08-26 14:35:01.006207727 -0500 @@ -52,7 +52,7 @@ userdb_nss_lookup(struct auth_request *a "unavailable (err=%d)", err); break; case NSS_STATUS_NOTFOUND: - auth_request_log_info(auth_request, "nss", "unknown user"); + auth_request_log_info_with_password(auth_request, "nss", "unknown user"); result = USERDB_RESULT_USER_UNKNOWN; break; case NSS_STATUS_SUCCESS: diff -up dovecot-2.2.4/src/auth/userdb-passwd.c dovecot-2.2.4/src/auth/userdb-passwd.c --- dovecot-2.2.4/src/auth/userdb-passwd.c 2013-04-17 08:59:47.000000000 -0500 +++ dovecot-2.2.4/src/auth/userdb-passwd.c 2013-08-26 14:35:04.690480397 -0500 @@ -101,7 +101,7 @@ static void passwd_lookup(struct auth_re callback(USERDB_RESULT_INTERNAL_FAILURE, auth_request); return; case 0: - auth_request_log_info(auth_request, "passwd", "unknown user"); + auth_request_log_info_with_password(auth_request, "passwd", "unknown user"); callback(USERDB_RESULT_USER_UNKNOWN, auth_request); return; } diff -up dovecot-2.2.4/src/auth/userdb-vpopmail.c dovecot-2.2.4/src/auth/userdb-vpopmail.c --- dovecot-2.2.4/src/auth/userdb-vpopmail.c 2013-04-17 08:59:47.000000000 -0500 +++ dovecot-2.2.4/src/auth/userdb-vpopmail.c 2013-08-26 14:35:07.568781897 -0500 @@ -42,7 +42,7 @@ struct vqpasswd *vpopmail_lookup_vqp(str vpw = vauth_getpw(vpop_user, vpop_domain); if (vpw == NULL) { - auth_request_log_info(request, "vpopmail", "unknown user"); + auth_request_log_info_with_password(request, "vpopmail", "unknown user"); return NULL; }