Improve fail2ban logging (#966)

This commit is contained in:
RainLoop Team 2016-05-17 23:29:42 +03:00
parent 4ee2090e6c
commit d84ca98793
2 changed files with 56 additions and 16 deletions

View file

@ -259,7 +259,7 @@ class ChangePasswordPostfixAdminDriver implements \RainLoop\Providers\ChangePass
{
$sResult = '';
$sSalt = substr(str_shuffle('./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'), 0, 16);
switch ($this->sEncrypt)
switch (strtolower($this->sEncrypt))
{
default:
case 'plain':
@ -280,11 +280,11 @@ class ChangePasswordPostfixAdminDriver implements \RainLoop\Providers\ChangePass
$sResult = crypt($sPassword);
break;
case 'SHA256-CRYPT':
case 'sha256-crypt':
$sResult = '{SHA256-CRYPT}' . crypt($sPassword,'$5$'.$sSalt);
break;
case 'SHA512-CRYPT':
case 'sha512-crypt':
$sResult = '{SHA512-CRYPT}' . crypt($sPassword,'$6$'.$sSalt);
break;

View file

@ -430,11 +430,14 @@ class Actions
* @param string $sLine
* @param \RainLoop\Model\Account $oAccount = null
* @param bool $bUrlEncode = false
* @param array $aAdditionalParams = array()
*
* @return string
*/
private function compileLogParams($sLine, $oAccount = null, $bUrlEncode = false)
private function compileLogParams($sLine, $oAccount = null, $bUrlEncode = false, $aAdditionalParams = array())
{
$aClear = array();
if (false !== \strpos($sLine, '{date:'))
{
$iTimeOffset = (int) $this->Config()->Get('logs', 'time_offset', 0);
@ -442,7 +445,7 @@ class Actions
return \RainLoop\Utils::UrlEncode(\MailSo\Log\Logger::DateHelper($aMatch[1], $iTimeOffset), $bUrlEncode);
}, $sLine);
$sLine = \preg_replace('/\{date:([^}]*)\}/', 'date', $sLine);
$aClear['/\{date:([^}]*)\}/'] = 'date';
}
if (false !== \strpos($sLine, '{imap:') || false !== \strpos($sLine, '{smtp:'))
@ -464,8 +467,8 @@ class Actions
$sLine = \str_replace('{smtp:port}', \RainLoop\Utils::UrlEncode($oAccount->DomainOutPort(), $bUrlEncode), $sLine);
}
$sLine = \preg_replace('/\{imap:([^}]*)\}/i', 'imap', $sLine);
$sLine = \preg_replace('/\{smtp:([^}]*)\}/i', 'smtp', $sLine);
$aClear['/\{imap:([^}]*)\}/i'] = 'imap';
$aClear['/\{smtp:([^}]*)\}/i'] = 'smtp';
}
if (false !== \strpos($sLine, '{request:'))
@ -489,7 +492,7 @@ class Actions
\MailSo\Base\Utils::GetClearDomainName($this->Http()->GetHost(false, true, true)), $bUrlEncode), $sLine);
}
$sLine = \preg_replace('/\{request:([^}]*)\}/i', 'request', $sLine);
$aClear['/\{request:([^}]*)\}/i'] = 'request';
}
if (false !== \strpos($sLine, '{user:'))
@ -532,7 +535,7 @@ class Actions
}
}
$sLine = \preg_replace('/\{user:([^}]*)\}/i', 'unknown', $sLine);
$aClear['/\{user:([^}]*)\}/i'] = 'unknown';
}
if (false !== \strpos($sLine, '{labs:'))
@ -541,7 +544,23 @@ class Actions
return \rand(\pow(10, $aMatch[1] - 1), \pow(10, $aMatch[1]) - 1);
}, $sLine);
$sLine = \preg_replace('/\{labs:([^}]*)\}/', 'labs', $sLine);
$aClear['/\{labs:([^}]*)\}/'] = 'labs';
}
if (\is_array($aAdditionalParams) && 0 < \count($aAdditionalParams))
{
foreach ($aAdditionalParams as $sKey => $sValue)
{
$sLine = \str_replace($sKey, $sValue, $sLine);
}
}
if (0 < \count($aClear))
{
foreach ($aClear as $sKey => $sValue)
{
$sLine = \preg_replace($sKey, $sValue, $sLine);
}
}
return $sLine;
@ -1155,14 +1174,15 @@ class Actions
}
/**
* @param \RainLoop\Model\Account $oAccount
* @param \RainLoop\Model\Account $oAccount = null
* @param array $aAdditionalParams = array()
*/
public function LoggerAuthHelper($oAccount = null)
public function LoggerAuthHelper($oAccount = null, $aAdditionalParams = array())
{
$sLine = $this->Config()->Get('logs', 'auth_logging_format', '');
if (!empty($sLine))
{
$this->LoggerAuth()->Write($this->compileLogParams($sLine, $oAccount));
$this->LoggerAuth()->Write($this->compileLogParams($sLine, $oAccount, false, $aAdditionalParams));
}
}
@ -2079,6 +2099,25 @@ NewThemeLink IncludeCss LoadingDescriptionEsc TemplatesLink LangLink IncludeBack
}
}
/**
* @param string $sLogin
* @param bool $bAdmin = false
* @return array
*/
private function getAdditionalLogParamsByUserLogin($sLogin, $bAdmin = false)
{
$sHost = $bAdmin ? $this->Http()->GetHost(false, true, true) : \MailSo\Base\Utils::GetDomainFromEmail($sLogin);
return array(
'{imap:login}' => $sLogin,
'{imap:host}' => $sHost,
'{smtp:login}' => $sLogin,
'{smtp:host}' => $sHost,
'{user:email}' => $sLogin,
'{user:login}' => \MailSo\Base\Utils::GetAccountNameFromEmail($sLogin),
'{user:domain}' => $sHost,
);
}
/**
* @param string $sEmail
* @param string $sPassword
@ -2092,6 +2131,8 @@ NewThemeLink IncludeCss LoadingDescriptionEsc TemplatesLink LangLink IncludeBack
public function LoginProcess(&$sEmail, &$sPassword, $sSignMeToken = '',
$sAdditionalCode = '', $bAdditionalCodeSignMe = false)
{
$sInputEmail = $sEmail;
$this->Plugins()->RunHook('filter.login-credentials.step-1', array(&$sEmail, &$sPassword));
$sEmail = \MailSo\Base\Utils::StrToLowerIfAscii(\MailSo\Base\Utils::Trim($sEmail));
@ -2207,9 +2248,7 @@ NewThemeLink IncludeCss LoadingDescriptionEsc TemplatesLink LangLink IncludeBack
catch (\Exception $oException)
{
$this->loginErrorDelay();
$this->LoggerAuthHelper($oAccount);
$this->LoggerAuthHelper($oAccount, $this->getAdditionalLogParamsByUserLogin($sInputEmail));
throw $oException;
}
@ -3832,6 +3871,7 @@ NewThemeLink IncludeCss LoadingDescriptionEsc TemplatesLink LangLink IncludeBack
!$this->Config()->ValidatePassword($sPassword))
{
$this->loginErrorDelay();
$this->LoggerAuthHelper(null, $this->getAdditionalLogParamsByUserLogin($sLogin, true));
throw new \RainLoop\Exceptions\ClientException(\RainLoop\Notifications::AuthError);
}