T2130: Write to userlogins log only when log_logins=true
Also prevent from duplicate failure entries in that log.
This commit is contained in:
Aleksander Machniak
parent
c4f4f52aa0
commit
41e32e5b5a
1 changed files with 39 additions and 38 deletions
|
|
@ -389,17 +389,10 @@ class kolab_auth extends rcube_plugin
|
|||
|
||||
$ldap = self::ldap();
|
||||
if (!$ldap || !$ldap->ready) {
|
||||
$args['abort'] = true;
|
||||
$args['kolab_ldap_error'] = true;
|
||||
$message = sprintf(
|
||||
'Login failure for user %s from %s in session %s (error %s)',
|
||||
$user,
|
||||
rcube_utils::remote_ip(),
|
||||
session_id(),
|
||||
"LDAP not ready"
|
||||
);
|
||||
self::log_login_error($user, "LDAP not ready");
|
||||
|
||||
rcube::write_log('userlogins', $message);
|
||||
$args['abort'] = true;
|
||||
$args['kolab_ldap_error'] = true;
|
||||
|
||||
return $args;
|
||||
}
|
||||
|
|
@ -408,16 +401,9 @@ class kolab_auth extends rcube_plugin
|
|||
$record = $ldap->get_user_record($user, $host);
|
||||
|
||||
if (empty($record)) {
|
||||
$args['abort'] = true;
|
||||
$message = sprintf(
|
||||
'Login failure for user %s from %s in session %s (error %s)',
|
||||
$user,
|
||||
rcube_utils::remote_ip(),
|
||||
session_id(),
|
||||
"No user record found"
|
||||
);
|
||||
self::log_login_error($user, "No user record found");
|
||||
|
||||
rcube::write_log('userlogins', $message);
|
||||
$args['abort'] = true;
|
||||
|
||||
return $args;
|
||||
}
|
||||
|
|
@ -451,16 +437,9 @@ class kolab_auth extends rcube_plugin
|
|||
$result = $ldap->bind($record['dn'], $pass);
|
||||
|
||||
if (!$result) {
|
||||
$args['abort'] = true;
|
||||
$message = sprintf(
|
||||
'Login failure for user %s from %s in session %s (error %s)',
|
||||
$user,
|
||||
rcube_utils::remote_ip(),
|
||||
session_id(),
|
||||
"Unable to bind with '" . $record['dn'] . "'"
|
||||
);
|
||||
self::log_login_error($user, "Unable to bind with '" . $record['dn'] . "'");
|
||||
|
||||
rcube::write_log('userlogins', $message);
|
||||
$args['abort'] = true;
|
||||
|
||||
return $args;
|
||||
}
|
||||
|
|
@ -548,16 +527,7 @@ class kolab_auth extends rcube_plugin
|
|||
'vars' => array('user' => rcube::Q($loginas)),
|
||||
));
|
||||
|
||||
$message = sprintf(
|
||||
'Login failure for user %s (as user %s) from %s in session %s (error %s)',
|
||||
$user,
|
||||
$loginas,
|
||||
rcube_utils::remote_ip(),
|
||||
session_id(),
|
||||
"No privileges to login as '" . $loginas . "'"
|
||||
);
|
||||
|
||||
rcube::write_log('userlogins', $message);
|
||||
self::log_login_error($user, "No privileges to login as '" . $loginas . "'", $loginas);
|
||||
|
||||
return $args;
|
||||
}
|
||||
|
|
@ -795,4 +765,35 @@ class kolab_auth extends rcube_plugin
|
|||
|
||||
return $str;
|
||||
}
|
||||
|
||||
/**
|
||||
* Log failed logins
|
||||
*
|
||||
* @param string $username Username/Login
|
||||
* @param string $message Error message (failure reason)
|
||||
* @param string $login_as Username/Login of "login as" user
|
||||
*/
|
||||
public static function log_login_error($username, $message = null, $login_as = null)
|
||||
{
|
||||
$config = rcube::get_instance()->config;
|
||||
|
||||
if ($config->get('log_logins')) {
|
||||
if ($login_as) {
|
||||
$username = sprintf('%s (as user %s)', $username, $login_as);
|
||||
}
|
||||
|
||||
$message = sprintf(
|
||||
"Failed login for %s from %s in session %s %s",
|
||||
$username,
|
||||
rcube_utils::remote_ip(),
|
||||
session_id(),
|
||||
$message ? "($message)" : ''
|
||||
);
|
||||
|
||||
rcube::write_log('userlogins', $message);
|
||||
|
||||
// disable log_logins to prevent from duplicate log entries
|
||||
$config->set('log_logins', false);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue