Logging: add details to failed password attempts to make it fail2ban more easy to...

diff --git a/citadel/context.h b/citadel/context.h
index 5e9d998acb9d8a9e4798da2e6a4fc9df15ae9636..c2578036035f92bc73062aaf81566b8912a6a43e 100644 (file)
--- a/citadel/context.h
+++ b/citadel/context.h
@@ -129,6 +129,7 @@ struct CitContext {
        struct cit_ical *CIT_ICAL;              /* calendaring data */
        struct ma_info *ma;                     /* multipart/alternative data */
        const char *ServiceName;                /* readable purpose of this session */
+       long tcp_port;
        void *openid_data;                      /* Data stored by the OpenID module */
        char *ldap_dn;                          /* DN of user when using AUTHMODE_LDAP */
 

diff --git a/citadel/sysdep.c b/citadel/sysdep.c
index 2b83270c01c7d1e10fb0f5036c9be522aba084a7..422370772fddd851f50735d7dd10f53147f7ded7 100644 (file)
--- a/citadel/sysdep.c
+++ b/citadel/sysdep.c
@@ -1271,6 +1271,7 @@ do_select:        force_purge = 0;
                                        con = CreateNewContext();
 
                                        /* Assign our new socket number to it. */
+                                       con->tcp_port = serviceptr->tcp_port;
                                        con->client_socket = ssock;
                                        con->h_command_function = serviceptr->h_command_function;
                                        con->h_async_function = serviceptr->h_async_function;

diff --git a/citadel/user_ops.c b/citadel/user_ops.c
index 29b6f621f0abd3403a22ea8e63dc7744fadbb5a7..37cbfcd6464d2c61253f9107865661a94f30021f 100644 (file)
--- a/citadel/user_ops.c
+++ b/citadel/user_ops.c
@@ -934,16 +934,17 @@ void start_chkpwd_daemon(void) {
 int CtdlTryPassword(const char *password, long len)
 {
        int code;
+       CitContext *CCC = CC;
 
-       if ((CC->logged_in)) {
+       if ((CCC->logged_in)) {
                syslog(LOG_WARNING, "CtdlTryPassword: already logged in\n");
                return pass_already_logged_in;
        }
-       if (!strcmp(CC->curr_user, NLI)) {
+       if (!strcmp(CCC->curr_user, NLI)) {
                syslog(LOG_WARNING, "CtdlTryPassword: no user selected\n");
                return pass_no_user;
        }
-       if (CtdlGetUser(&CC->user, CC->curr_user)) {
+       if (CtdlGetUser(&CCC->user, CCC->curr_user)) {
                syslog(LOG_ERR, "CtdlTryPassword: internal error\n");
                return pass_internal_error;
        }
@@ -953,7 +954,7 @@ int CtdlTryPassword(const char *password, long len)
        }
        code = (-1);
 
-       if (CC->is_master) {
+       if (CCC->is_master) {
                code = strcmp(password, config.c_master_pass);
        }
 
@@ -961,7 +962,7 @@ int CtdlTryPassword(const char *password, long len)
 
                /* host auth mode */
 
-               if (validpw(CC->user.uid, password)) {
+               if (validpw(CCC->user.uid, password)) {
                        code = 0;
 
                        /*
@@ -972,9 +973,9 @@ int CtdlTryPassword(const char *password, long len)
                         * this is a security hazard, comment it out.
                         */
 
-                       CtdlGetUserLock(&CC->user, CC->curr_user);
-                       safestrncpy(CC->user.password, password, sizeof CC->user.password);
-                       CtdlPutUserLock(&CC->user);
+                       CtdlGetUserLock(&CCC->user, CCC->curr_user);
+                       safestrncpy(CCC->user.password, password, sizeof CCC->user.password);
+                       CtdlPutUserLock(&CCC->user);
 
                        /*
                         * (sooper-seekrit hack ends here)
@@ -991,7 +992,7 @@ int CtdlTryPassword(const char *password, long len)
 
                /* LDAP auth mode */
 
-               if ((CC->ldap_dn) && (!CtdlTryPasswordLDAP(CC->ldap_dn, password))) {
+               if ((CCC->ldap_dn) && (!CtdlTryPasswordLDAP(CCC->ldap_dn, password))) {
                        code = 0;
                }
                else {
@@ -1008,11 +1009,11 @@ int CtdlTryPassword(const char *password, long len)
                pw = (char*) malloc(len + 1);
                memcpy(pw, password, len + 1);
                strproc(pw);
-               strproc(CC->user.password);
-               code = strcasecmp(CC->user.password, pw);
+               strproc(CCC->user.password);
+               code = strcasecmp(CCC->user.password, pw);
                strproc(pw);
-               strproc(CC->user.password);
-               code = strcasecmp(CC->user.password, pw);
+               strproc(CCC->user.password);
+               code = strcasecmp(CCC->user.password, pw);
                free (pw);
        }
 
@@ -1020,7 +1021,16 @@ int CtdlTryPassword(const char *password, long len)
                do_login();
                return pass_ok;
        } else {
-               syslog(LOG_WARNING, "Bad password specified for <%s>\n", CC->curr_user);
+               syslog(LOG_WARNING, "Bad password specified for <%s> Service <%s> Port <%ld> Remote <%s / %s>\n",
+                      CCC->curr_user,
+                      CCC->ServiceName,
+                      CCC->tcp_port,
+                      CCC->cs_host,
+                      CCC->cs_addr);
+
+
+//citserver[5610]: Bad password specified for <willi> Service <citadel-TCP> Remote <PotzBlitz / >
+
                return pass_wrong_password;
        }
 }