Re: [courier-users] Enhanced logging - failed POP3 logins

Tue, 29 Oct 2002 08:06:04 -0800 

--Brian Candler wrote on 29.10.2002 15:07 +0000:

> Oct 29 14:30:05 192.168.0.1 pop3d: LOGIN FAILED, ip=[1.2.3.4]
> 
> If I could see that they were logging in with an obviously bad username, or
> an account I had purposely not migrated, it would make me a lot happier.
> 
> If this hasn't been done before I'm happy to work on it - although it will
> involve me getting my head around exactly how the environment is passed
> between pop3login, the authentication modules, pop3d, and back to pop3login
> :-)

due to a couple of callbacks the username is not available
once the login fails, and courier cant log from within the
authdaemon at all.

This patch will log all attempts, you have to remove the
reference to AUTHTYPE_APOP, cause thats from another patch...

--- ../courier-0.39.0.orig/authlib/authmoduser.c        Thu Nov 29 03:57:15 2001
+++ authlib/authmoduser.c       Mon Jun 24 05:27:14 2002
@@ -16,6 +16,9 @@
 #endif
 #include       <signal.h>
 
+// PATCH: debug login
+#include       "authlib/authsasl.h"
+
 static const char rcsid[]="$Id: authmoduser.c,v 1.6 2001/11/29 02:57:15 mrsam
Exp $";
 
 void authmod(int argc, char **argv,
@@ -85,8 +88,27 @@
                p += n;
                l -= n;
        }
-       free(buf);
+       // free(buf);
        close(pipe3fd[0]);
        close(pipe3fd[1]);
+
+       // PATCH: debug login
+       if( !strcmp(authtype,AUTHTYPE_LOGIN) || !strcmp(authtype,AUTHTYPE_APOP) )
+       {
+               strcpy(buf, authdata);
+               if( (p=strchr(buf, '\n')) )     *p = '\0';
+       }
+       else    // cram, decode base64
+       {
+               if( (p=strchr(authdata,'\n')) ) strcpy(buf, p+1);
+               if( (p=strchr(buf, '\n')) )     *p = '\0';
+               l = authsasl_frombase64(buf);
+               if( (p=strchr(buf, ' ')) )      *p = '\0';
+       }
+       fprintf(stderr, "AUTH DEBUG: service=%s, type=%s, user=%s, ip=[%s]\n",
+               service, authtype, buf, getenv("TCPREMOTEIP") );
+
+       free(buf);
+
        authexit(1);
 }



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to