Added log calls in authentication machinery per patches sent by Jeff Rush.

lib/python/AccessControl/User.py

@@ -84,7 +84,7 @@
 ##############################################################################
 """Access control package"""
 
-__version__='$Revision: 1.107 $'[11:-2]
+__version__='$Revision: 1.108 $'[11:-2]
 
 import Globals, socket, regex, SpecialUsers
 from Globals import HTMLFile, MessageDialog, Persistent, PersistentMapping
@@ -98,6 +98,7 @@ from Role import RoleManager
 from string import split, join, upper
 from PermissionRole import _what_not_even_god_should_do, rolesForPermissionOn
 from AuthEncoding import pw_validate
+from zLOG import LOG, INFO, WARNING
 
 ListType=type([])
 NotImplemented='NotImplemented'
@@ -177,10 +178,17 @@ class BasicUser(Implicit):
         passwrd=self._getPassword()
 
         result = pw_validate(passwrd, password)
-        
+        if not result:
+            LOG('Zope', WARNING,
+                'invalid password for user %s' % self.getUserName())
+
         domains=self.getDomains()
-        if domains:
-            return result and domainSpecMatch(domains, request)
+        if domains and result:
+            result = domainSpecMatch(domains, request)
+            if not result:
+                LOG('Zope', WARNING,
+                    'invalid domain for user %s' % self.getUserName())
+            return result
         return result
     
     def _shared_roles(self, parent):
@@ -438,6 +446,7 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
 
         # Only do basic authentication
         if lower(auth[:6])!='basic ':
+            LOG('Zope', WARNING, 'non-basic authentication attempted')
             return None
         name,password=tuple(split(decodestring(split(auth)[-1]), ':', 1))
 
@@ -450,6 +459,8 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
         # Try to get user
         user=self.getUser(name)
         if user is None:
+            LOG('Zope', WARNING, 'no such user as %s in %s' \
+                % (name, self.absolute_url()))
             return None
 
         # Try to authenticate user
@@ -462,6 +473,11 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
         # Try to authorize user
         if user.allowed(parent, roles):
             return user
+
+        LOG('Zope', WARNING,
+            'user %s is not authorized to access %s' \
+            % (name, parent.absolute_url()))
+
         return None
 
 
@@ -494,6 +510,8 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
             # Try to get user
             user=self.getUser(name)
             if user is None:
+                LOG('Zope', WARNING, 'no such user as %s in %s' \
+                    % (name, self.absolute_url()))
                 return None
 
             # We need the user to be able to acquire!
@@ -502,6 +520,9 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
             # Try to authorize user
             if user.allowed(parent, roles):
                 return user
+            LOG('Zope', WARNING,
+                'user %s is not authorized to access %s' \
+                % (name, parent.absolute_url()))
             return None