From 18cc8345e4b7c50e3c8766d85807d4d78a925a66 Mon Sep 17 00:00:00 2001
From: John Dennis <jdennis@fedoraproject.org>
Date: Wed, 27 Jul 2005 21:46:51 +0000
Subject: [PATCH] fix bug #150888, log authenication failures with ip address

---
 dovecot-auth-log.patch | 86 ++++++++++++++++++++++++++++++++++++++++++
 dovecot.spec           |  7 +++-
 2 files changed, 92 insertions(+), 1 deletion(-)
 create mode 100644 dovecot-auth-log.patch

diff --git a/dovecot-auth-log.patch b/dovecot-auth-log.patch
new file mode 100644
index 0000000..22516a7
--- /dev/null
+++ b/dovecot-auth-log.patch
@@ -0,0 +1,86 @@
+diff -u dovecot-0.99.14/src/pop3-login/client-authenticate.c.orig dovecot-0.99.14/src/pop3-login/client-authenticate.c
+--- dovecot-0.99.14/src/pop3-login/client-authenticate.c.orig	2005-07-27 16:52:12.936927405 -0400
++++ dovecot-0.99.14/src/pop3-login/client-authenticate.c	2005-07-27 16:52:31.806073234 -0400
+@@ -139,6 +139,8 @@
+ 			      master_callback, &error)) {
+ 	case -1:
+ 		/* login failed */
++		client_syslog(client,t_strdup_printf("AUTHENTICATE FAILED %s",
++						      error ? error : ""));
+ 		client_auth_abort(client, error);
+ 		break;
+ 
+@@ -214,6 +216,8 @@
+ 			      master_callback, &error)) {
+ 	case -1:
+ 		/* login failed */
++		client_syslog(client,t_strdup_printf("AUTHENTICATE FAILED %s",
++						      error ? error : ""));
+ 		client_auth_abort(client, error);
+ 		break;
+ 
+diff -u dovecot-0.99.14/src/login-common/auth-common.c.orig dovecot-0.99.14/src/login-common/auth-common.c
+diff -u dovecot-0.99.14/src/auth/mech.c.orig dovecot-0.99.14/src/auth/mech.c
+--- dovecot-0.99.14/src/auth/mech.c.orig	2005-07-27 16:39:33.637767234 -0400
++++ dovecot-0.99.14/src/auth/mech.c	2005-07-27 16:41:10.206163232 -0400
+@@ -162,6 +162,29 @@
+ 	return buffer_get_modifyable_data(buf, NULL);
+ }
+ 
++void *mech_auth_failure(struct auth_login_reply *reply,
++			struct auth_request *auth_request,
++			const void *data, size_t data_size)
++{
++	buffer_t *buf;
++
++	buf = buffer_create_dynamic(data_stack_pool, 256, (size_t)-1);
++
++	reply->username_idx = 0;
++	buffer_append(buf, auth_request->user, strlen(auth_request->user)+1);
++
++	if (data_size == 0)
++		reply->reply_idx = (size_t)-1;
++	else {
++		reply->reply_idx = buffer_get_used_size(buf);
++		buffer_append(buf, data, data_size);
++	}
++
++	reply->result = AUTH_LOGIN_RESULT_FAILURE;
++	reply->data_size = buffer_get_used_size(buf);
++	return buffer_get_modifyable_data(buf, NULL);
++}
++
+ void mech_auth_finish(struct auth_request *auth_request,
+ 		      const void *data, size_t data_size, int success)
+ {
+@@ -176,7 +199,8 @@
+ 					       data, data_size);
+ 		reply.result = AUTH_LOGIN_RESULT_SUCCESS;
+ 	} else {
+-		reply_data = NULL;
++		reply_data = mech_auth_failure(&reply, auth_request,
++					       data, data_size);
+ 		reply.result = AUTH_LOGIN_RESULT_FAILURE;
+ 	}
+ 
+diff -u dovecot-0.99.14/src/imap-login/client-authenticate.c.orig dovecot-0.99.14/src/imap-login/client-authenticate.c
+--- dovecot-0.99.14/src/imap-login/client-authenticate.c.orig	2005-07-27 16:46:43.986682432 -0400
++++ dovecot-0.99.14/src/imap-login/client-authenticate.c	2005-07-27 16:52:32.390984759 -0400
+@@ -135,6 +135,8 @@
+ 			      master_callback, &error)) {
+ 	case -1:
+ 		/* login failed */
++		client_syslog(client,t_strdup_printf("AUTHENTICATE FAILED %s",
++						      error ? error : ""));
+ 		client_auth_abort(client, error);
+ 		break;
+ 
+@@ -215,6 +217,8 @@
+ 			      master_callback, &error)) {
+ 	case -1:
+ 		/* login failed */
++		client_syslog(client,t_strdup_printf("AUTHENTICATE FAILED %s",
++						      error ? error : ""));
+ 		client_auth_abort(client, error);
+ 		break;
+ 
diff --git a/dovecot.spec b/dovecot.spec
index 9df9b1b..45ab1bb 100644
--- a/dovecot.spec
+++ b/dovecot.spec
@@ -1,7 +1,7 @@
 Summary: Dovecot Secure imap server
 Name: dovecot
 Version: 0.99.14
-Release: 6.fc5
+Release: 7.fc5
 License: LGPL
 Group: System Environment/Daemons
 
@@ -20,6 +20,7 @@ Patch100: dovecot-conf.patch
 Patch101: dovecot-configfile.patch
 Patch102: dovecot-0.99-no-literal-plus-capability.patch
 Patch103: dovecot-pam-setcred.patch
+Patch104: dovecot-auth-log.patch
 
 # Patches 500+ from upstream fixes
 URL: http://dovecot.procontrol.fi/
@@ -62,6 +63,7 @@ cp $RPM_BUILD_DIR/${RPM_PACKAGE_NAME}-${RPM_PACKAGE_VERSION}/dovecot-example.con
 %patch101 -p1 -b .configfile
 %patch102 -p1 -b .no-literal-plus-capability
 %patch103 -p1 -b .pam-setcred
+%patch104 -p1 -b .auth-log
 
 %build
 rm -f ./configure
@@ -172,6 +174,9 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Wed Jul 27 2005 John Dennis <jdennis@redhat.com> - 0.99.14-7.fc5
+- fix bug #150888, log authenication failures with ip address
+
 * Fri Jul 22 2005 John Dennis <jdennis@redhat.com> - 0.99.14-6.fc5
 - fix bug #149673, add dummy PAM_TTY