Improve fail2ban logging (#966)

This commit is contained in:
RainLoop Team 2016-05-17 23:29:42 +03:00
parent 4ee2090e6c
commit d84ca98793
2 changed files with 56 additions and 16 deletions

View file

@ -259,7 +259,7 @@ class ChangePasswordPostfixAdminDriver implements \RainLoop\Providers\ChangePass
{ {
$sResult = ''; $sResult = '';
$sSalt = substr(str_shuffle('./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'), 0, 16); $sSalt = substr(str_shuffle('./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'), 0, 16);
switch ($this->sEncrypt) switch (strtolower($this->sEncrypt))
{ {
default: default:
case 'plain': case 'plain':
@ -280,11 +280,11 @@ class ChangePasswordPostfixAdminDriver implements \RainLoop\Providers\ChangePass
$sResult = crypt($sPassword); $sResult = crypt($sPassword);
break; break;
case 'SHA256-CRYPT': case 'sha256-crypt':
$sResult = '{SHA256-CRYPT}' . crypt($sPassword,'$5$'.$sSalt); $sResult = '{SHA256-CRYPT}' . crypt($sPassword,'$5$'.$sSalt);
break; break;
case 'SHA512-CRYPT': case 'sha512-crypt':
$sResult = '{SHA512-CRYPT}' . crypt($sPassword,'$6$'.$sSalt); $sResult = '{SHA512-CRYPT}' . crypt($sPassword,'$6$'.$sSalt);
break; break;

View file

@ -430,11 +430,14 @@ class Actions
* @param string $sLine * @param string $sLine
* @param \RainLoop\Model\Account $oAccount = null * @param \RainLoop\Model\Account $oAccount = null
* @param bool $bUrlEncode = false * @param bool $bUrlEncode = false
* @param array $aAdditionalParams = array()
* *
* @return string * @return string
*/ */
private function compileLogParams($sLine, $oAccount = null, $bUrlEncode = false) private function compileLogParams($sLine, $oAccount = null, $bUrlEncode = false, $aAdditionalParams = array())
{ {
$aClear = array();
if (false !== \strpos($sLine, '{date:')) if (false !== \strpos($sLine, '{date:'))
{ {
$iTimeOffset = (int) $this->Config()->Get('logs', 'time_offset', 0); $iTimeOffset = (int) $this->Config()->Get('logs', 'time_offset', 0);
@ -442,7 +445,7 @@ class Actions
return \RainLoop\Utils::UrlEncode(\MailSo\Log\Logger::DateHelper($aMatch[1], $iTimeOffset), $bUrlEncode); return \RainLoop\Utils::UrlEncode(\MailSo\Log\Logger::DateHelper($aMatch[1], $iTimeOffset), $bUrlEncode);
}, $sLine); }, $sLine);
$sLine = \preg_replace('/\{date:([^}]*)\}/', 'date', $sLine); $aClear['/\{date:([^}]*)\}/'] = 'date';
} }
if (false !== \strpos($sLine, '{imap:') || false !== \strpos($sLine, '{smtp:')) if (false !== \strpos($sLine, '{imap:') || false !== \strpos($sLine, '{smtp:'))
@ -464,8 +467,8 @@ class Actions
$sLine = \str_replace('{smtp:port}', \RainLoop\Utils::UrlEncode($oAccount->DomainOutPort(), $bUrlEncode), $sLine); $sLine = \str_replace('{smtp:port}', \RainLoop\Utils::UrlEncode($oAccount->DomainOutPort(), $bUrlEncode), $sLine);
} }
$sLine = \preg_replace('/\{imap:([^}]*)\}/i', 'imap', $sLine); $aClear['/\{imap:([^}]*)\}/i'] = 'imap';
$sLine = \preg_replace('/\{smtp:([^}]*)\}/i', 'smtp', $sLine); $aClear['/\{smtp:([^}]*)\}/i'] = 'smtp';
} }
if (false !== \strpos($sLine, '{request:')) if (false !== \strpos($sLine, '{request:'))
@ -489,7 +492,7 @@ class Actions
\MailSo\Base\Utils::GetClearDomainName($this->Http()->GetHost(false, true, true)), $bUrlEncode), $sLine); \MailSo\Base\Utils::GetClearDomainName($this->Http()->GetHost(false, true, true)), $bUrlEncode), $sLine);
} }
$sLine = \preg_replace('/\{request:([^}]*)\}/i', 'request', $sLine); $aClear['/\{request:([^}]*)\}/i'] = 'request';
} }
if (false !== \strpos($sLine, '{user:')) if (false !== \strpos($sLine, '{user:'))
@ -532,7 +535,7 @@ class Actions
} }
} }
$sLine = \preg_replace('/\{user:([^}]*)\}/i', 'unknown', $sLine); $aClear['/\{user:([^}]*)\}/i'] = 'unknown';
} }
if (false !== \strpos($sLine, '{labs:')) if (false !== \strpos($sLine, '{labs:'))
@ -541,7 +544,23 @@ class Actions
return \rand(\pow(10, $aMatch[1] - 1), \pow(10, $aMatch[1]) - 1); return \rand(\pow(10, $aMatch[1] - 1), \pow(10, $aMatch[1]) - 1);
}, $sLine); }, $sLine);
$sLine = \preg_replace('/\{labs:([^}]*)\}/', 'labs', $sLine); $aClear['/\{labs:([^}]*)\}/'] = 'labs';
}
if (\is_array($aAdditionalParams) && 0 < \count($aAdditionalParams))
{
foreach ($aAdditionalParams as $sKey => $sValue)
{
$sLine = \str_replace($sKey, $sValue, $sLine);
}
}
if (0 < \count($aClear))
{
foreach ($aClear as $sKey => $sValue)
{
$sLine = \preg_replace($sKey, $sValue, $sLine);
}
} }
return $sLine; return $sLine;
@ -1155,14 +1174,15 @@ class Actions
} }
/** /**
* @param \RainLoop\Model\Account $oAccount * @param \RainLoop\Model\Account $oAccount = null
* @param array $aAdditionalParams = array()
*/ */
public function LoggerAuthHelper($oAccount = null) public function LoggerAuthHelper($oAccount = null, $aAdditionalParams = array())
{ {
$sLine = $this->Config()->Get('logs', 'auth_logging_format', ''); $sLine = $this->Config()->Get('logs', 'auth_logging_format', '');
if (!empty($sLine)) if (!empty($sLine))
{ {
$this->LoggerAuth()->Write($this->compileLogParams($sLine, $oAccount)); $this->LoggerAuth()->Write($this->compileLogParams($sLine, $oAccount, false, $aAdditionalParams));
} }
} }
@ -2079,6 +2099,25 @@ NewThemeLink IncludeCss LoadingDescriptionEsc TemplatesLink LangLink IncludeBack
} }
} }
/**
* @param string $sLogin
* @param bool $bAdmin = false
* @return array
*/
private function getAdditionalLogParamsByUserLogin($sLogin, $bAdmin = false)
{
$sHost = $bAdmin ? $this->Http()->GetHost(false, true, true) : \MailSo\Base\Utils::GetDomainFromEmail($sLogin);
return array(
'{imap:login}' => $sLogin,
'{imap:host}' => $sHost,
'{smtp:login}' => $sLogin,
'{smtp:host}' => $sHost,
'{user:email}' => $sLogin,
'{user:login}' => \MailSo\Base\Utils::GetAccountNameFromEmail($sLogin),
'{user:domain}' => $sHost,
);
}
/** /**
* @param string $sEmail * @param string $sEmail
* @param string $sPassword * @param string $sPassword
@ -2092,6 +2131,8 @@ NewThemeLink IncludeCss LoadingDescriptionEsc TemplatesLink LangLink IncludeBack
public function LoginProcess(&$sEmail, &$sPassword, $sSignMeToken = '', public function LoginProcess(&$sEmail, &$sPassword, $sSignMeToken = '',
$sAdditionalCode = '', $bAdditionalCodeSignMe = false) $sAdditionalCode = '', $bAdditionalCodeSignMe = false)
{ {
$sInputEmail = $sEmail;
$this->Plugins()->RunHook('filter.login-credentials.step-1', array(&$sEmail, &$sPassword)); $this->Plugins()->RunHook('filter.login-credentials.step-1', array(&$sEmail, &$sPassword));
$sEmail = \MailSo\Base\Utils::StrToLowerIfAscii(\MailSo\Base\Utils::Trim($sEmail)); $sEmail = \MailSo\Base\Utils::StrToLowerIfAscii(\MailSo\Base\Utils::Trim($sEmail));
@ -2207,9 +2248,7 @@ NewThemeLink IncludeCss LoadingDescriptionEsc TemplatesLink LangLink IncludeBack
catch (\Exception $oException) catch (\Exception $oException)
{ {
$this->loginErrorDelay(); $this->loginErrorDelay();
$this->LoggerAuthHelper($oAccount, $this->getAdditionalLogParamsByUserLogin($sInputEmail));
$this->LoggerAuthHelper($oAccount);
throw $oException; throw $oException;
} }
@ -3832,6 +3871,7 @@ NewThemeLink IncludeCss LoadingDescriptionEsc TemplatesLink LangLink IncludeBack
!$this->Config()->ValidatePassword($sPassword)) !$this->Config()->ValidatePassword($sPassword))
{ {
$this->loginErrorDelay(); $this->loginErrorDelay();
$this->LoggerAuthHelper(null, $this->getAdditionalLogParamsByUserLogin($sLogin, true));
throw new \RainLoop\Exceptions\ClientException(\RainLoop\Notifications::AuthError); throw new \RainLoop\Exceptions\ClientException(\RainLoop\Notifications::AuthError);
} }