Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 15 Sep 2005 12:39:33 +0200
From: Fredrik Björk <Fredrik.Bjork.List@...bergenergi.se>
To: popa3d-users@...ts.openwall.com
Subject: Patch to include the username in all syslog messages

Hi!

This may well be in some other contrib patch, but since I couldn't find a 
link to the contrib directory, here it is. It is a patch that adds the 
username (or mailbox, which should be the same most of the time) to all 
syslog messages that popa3d writes. It is very useful for detecting users 
that misspell usernames, or use incorrect case when typing the username.

Example:

Sep 15 12:22:14 mail01 popa3d[22645]: Authentication failed for UNKNOWN 
USER Vjen
Sep 15 12:22:14 mail01 popa3d[22659]: Authentication passed for sea0593a
Sep 15 12:22:14 mail01 popa3d[22659]: 25 messages (1585238 bytes) loaded 
for se0593a
Sep 15 12:22:14 mail01 popa3d[22659]: 0 (0) deleted, 25 (1585238) left for 
se0593a
Sep 15 12:25:17 mail01 popa3d[24468]: Authentication passed for se1161d
Sep 15 12:25:17 mail01 popa3d[24468]: 1 message (12918 bytes) loaded for 
se1161d
Sep 15 12:25:18 mail01 popa3d[24468]: 1 (12918) deleted, 0 (0) left for se1161d

popa3d unpatched would have given the following:

Sep 15 12:22:14 mail01 popa3d[22645]: Authentication failed for UNKNOWN USER
Sep 15 12:22:14 mail01 popa3d[22659]: Authentication passed for sea0593a
Sep 15 12:22:14 mail01 popa3d[22659]: 25 messages (1585238 bytes) loaded
Sep 15 12:22:14 mail01 popa3d[22659]: 0 (0) deleted, 25 (1585238) left
Sep 15 12:25:17 mail01 popa3d[24468]: Authentication passed
Sep 15 12:25:17 mail01 popa3d[24468]: 1 message (12918 bytes) loaded
Sep 15 12:25:18 mail01 popa3d[24468]: 1 (12918) deleted, 0 (0) left

It is quite obvious that the patch helps our support staff quite a bit!

I've not tested it in POP_VIRTUAL environments, but I have included support 
it. I'm not really a programmer, so please audit the code and get back to 
me or just fix it if anything needs to be fixed!

/Fredrik

diff -urpN popa3d-1.0-orig/pop_auth.c popa3d-1.0/pop_auth.c
--- popa3d-1.0-orig/pop_auth.c  2002-09-09 13:07:48.000000000 +0200
+++ popa3d-1.0/pop_auth.c       2005-09-15 12:32:13.000000000 +0200
@@ -65,7 +65,7 @@ int do_pop_auth(int channel)
         return 0;
  }

-void log_pop_auth(int result, char *user)
+void log_pop_auth(int result, char *user, int known)
  {
         if (result == AUTH_NONE) {
                 syslog(SYSLOG_PRI_LO, "Didn't attempt authentication");
@@ -75,15 +75,17 @@ void log_pop_auth(int result, char *user
  #if POP_VIRTUAL
         if (virtual_domain) {
                 syslog(result == AUTH_OK ? SYSLOG_PRI_LO : SYSLOG_PRI_HI,
-                       "Authentication %s for %s@...,
+                       "Authentication %s for %s%s@...,
                         result == AUTH_OK ? "passed" : "failed",
-                       user ? user : "UNKNOWN USER",
+                       known == 0 ? "UNKNOWN USER " : "",
+                       user,
                         virtual_domain);
                 return;
         }
  #endif
         syslog(result == AUTH_OK ? SYSLOG_PRI_LO : SYSLOG_PRI_HI,
-               "Authentication %s for %s",
+               "Authentication %s for %s%s",
                 result == AUTH_OK ? "passed" : "failed",
-               user ? user : "UNKNOWN USER");
+               known == 0 ? "UNKNOWN USER " : "",
+               user);
  }
diff -urpN popa3d-1.0-orig/pop_auth.h popa3d-1.0/pop_auth.h
--- popa3d-1.0-orig/pop_auth.h  2001-09-06 02:11:28.000000000 +0200
+++ popa3d-1.0/pop_auth.h       2005-09-15 09:53:16.000000000 +0200
@@ -21,6 +21,6 @@ extern int do_pop_auth(int channel);
  /*
   * Logs an authentication attempt for user, use NULL for non-existent.
   */
-extern void log_pop_auth(int result, char *user);
+extern void log_pop_auth(int result, char *user, int known);

  #endif
diff -urpN popa3d-1.0-orig/pop_root.c popa3d-1.0/pop_root.c
--- popa3d-1.0-orig/pop_root.c  2002-03-21 21:15:19.000000000 +0100
+++ popa3d-1.0/pop_root.c       2005-09-15 09:50:34.000000000 +0200
@@ -247,12 +247,12 @@ int do_pop_session(void)

         if (result == AUTH_OK) {
                 if (close(channel[0])) return log_error("close");
-               log_pop_auth(result, user);
+               log_pop_auth(result, user, known);
                 return do_pop_trans(spool, mailbox);
         }

         if (drop_root()) return 1;
-       log_pop_auth(result, known ? user : NULL);
+       log_pop_auth(result, user, known);

  #ifdef AUTH_FAILED_MESSAGE
         if (result == AUTH_FAILED) pop_reply("-ERR %s", AUTH_FAILED_MESSAGE);
diff -urpN popa3d-1.0-orig/pop_trans.c popa3d-1.0/pop_trans.c
--- popa3d-1.0-orig/pop_trans.c 2003-03-02 03:43:10.000000000 +0100
+++ popa3d-1.0/pop_trans.c      2005-09-15 10:04:22.000000000 +0200
@@ -216,9 +216,10 @@ int do_pop_trans(char *spool, char *mail
                 return 0;
         }

-       syslog(SYSLOG_PRI_LO, "%u message%s (%lu byte%s) loaded",
+       syslog(SYSLOG_PRI_LO, "%u message%s (%lu byte%s) loaded for %s",
                 db.total_count, db.total_count == 1 ? "" : "s",
-               db.total_size, db.total_size == 1 ? "" : "s");
+               db.total_size, db.total_size == 1 ? "" : "s",
+               mailbox);

         if (pop_reply_ok())
                 event = POP_CRASH_NETFAIL;
@@ -234,24 +235,25 @@ int do_pop_trans(char *spool, char *mail
                         break;
                 }

-               syslog(SYSLOG_PRI_LO, "%u (%lu) deleted, %u (%lu) left",
+               syslog(SYSLOG_PRI_LO, "%u (%lu) deleted, %u (%lu) left for %s",
                         db.total_count - db.visible_count,
                         db.total_size - db.visible_size,
                         db.visible_count,
-                       db.visible_size);
+                       db.visible_size,
+                       mailbox);
                 pop_reply_ok();
                 break;

         case POP_CRASH_NETFAIL:
-               syslog(SYSLOG_PRI_LO, "Premature disconnect");
+               syslog(SYSLOG_PRI_LO, "Premature disconnect form %s",mailbox);
                 break;

         case POP_CRASH_NETTIME:
-               syslog(SYSLOG_PRI_LO, "Connection timed out");
+               syslog(SYSLOG_PRI_LO, "Connection timed out with %s",mailbox);
         }

         if (db.flags & DB_STALE)
-               syslog(SYSLOG_PRI_LO, "Another MUA active, giving up");
+               syslog(SYSLOG_PRI_LO, "Another MUA active, giving up on 
%s",mailbox);
         else
         if (event == POP_CRASH_SERVER)
                 syslog(SYSLOG_PRI_ERROR,
Download attachment "popa3d-1.0-show-username-in-logs.diff.gz" of type "application/octet-stream" (1236 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ