Ok, I feel like I am talking to myself but I got this fixed. I figured
I would post the fix here just in case someone else needed it. I
downloaded the source rpm and pulled it apart to look at all of the
pretty pieces inside. In the perdition.c was the subroutine for logging
authentications. I changed that to match closer to what it used to do
in 1.18. Basically I took out the reliance on debug mode and I made it
actually check if it should log the password or just put XXXXX like it
says in the documentation in the config file. I also removed the note
in the options.c about needing to be in debug mode. Others may not
agree but I don't think this should be only for debug mode. Even if it
was only for debug mode it should honor the logging level you want and
not just always log the password. Anyway, after I put in my tweaks I
built a patch and added it to the spec file. I wanted to keep it in the
rpm so I could take advantage of all of the awesome work everyone did
with the init scripts and sysconfig file etc... I then rebuilt the rpm
and dropped it in. Everything is peachy now.
Here is the patch if anyone wants it:
diff -Npru perdition-1.19-rc5.orig/perdition/options.c
perdition-1.19-rc5/perdition/options.c
--- perdition-1.19-rc5.orig/perdition/options.c 2012-02-19
00:28:14.000000000 -0800
+++ perdition-1.19-rc5/perdition/options.c 2013-04-08
17:55:11.303514687 -0700
@@ -1597,7 +1597,6 @@ void usage(int exit_status){
" Do not allow users to log in.\n"
" --log_passwd STATE:\n"
" Log the users password.\n"
- " Note: debug must be in effect for this option to take effect.\n"
" (default \"%s\")\n"
" --lower_case STATE[,STATE...]:\n"
" Convert usernames to lower case according the the locale in
given\n"
diff -Npru perdition-1.19-rc5.orig/perdition/perdition.c
perdition-1.19-rc5/perdition/perdition.c
--- perdition-1.19-rc5.orig/perdition/perdition.c 2012-03-20
02:06:47.000000000 -0700
+++ perdition-1.19-rc5/perdition/perdition.c 2013-04-08
17:54:24.416688136 -0700
@@ -168,15 +168,22 @@ perdition_log_auth(timed_log_t *auth_log
struct quoted_str authorisation_id =
quote_str(auth->authorisation_id);
char *protocol = NULL;
- if (opt.debug &&
- ((!strcmp(reason, "ok") && (opt.log_passwd &
LOG_PASSWD_OK)) ||
- (opt.log_passwd & LOG_PASSWD_FAIL))) {
- pw_body = auth->passwd;
- pw_head = " passwd=\"";
- pw_tail = "\"";
+ pw_head = " passwd=\"";
+
+ if (!strcmp(reason, "ok")) {
+ if (opt.log_passwd & LOG_PASSWD_OK)
+ pw_body = auth->passwd;
+ else
+ pw_body = "XXXXXX";
}
- else
- pw_head = pw_body = pw_tail = "";
+ else {
+ if (opt.log_passwd & LOG_PASSWD_FAIL)
+ pw_body = auth->passwd;
+ else
+ pw_body = "XXXXXX";
+ }
+
+ pw_tail = "\"";
if (ssl_mode & SSL_MODE_SSL_LISTEN)
eu_ssl = "ssl";
On 04/08/2013 05:22 PM, Mark Hamilton wrote:
I put it in debug mode but then it logs all of the
passwords good and
bad. I am not interested in having the good passwords in the log
files. I downloaded the sources for 1.18 and compiled them. That seemed
to work like the version I am running. While it did seem to work fine
it was logging errors like this:
Apr 8 17:05:23 mailproxy1 perdition[9330]: Connect:
192.168.0.50->192.168.0.100
Apr 8 17:05:23 mailproxy1 perdition[9330]: Fatal error establishing SSL
connection to client
Even with this error it was working even with ssl. I would really
rather run the newer version since it give a little more detail in the
ps and the logs. I would also rather install from rpm instead of
compiling so any updates would be much easier. The rpm also comes with
a nice startup script and easy config via /etc/sysconfig/perdition.
Does anyone know how to get the log_passwd to work in 1.19-rc5?
On 04/06/2013 12:23 PM, Mark Hamilton wrote:
I have been using an older version of perdition
for a while now with no
issues. I am going to be upgrading the server running the proxy. I
installed a clean Centos 6.4 on a new machine. I put in the repo for
perdition and installed it. After a couple of config file tweaks to add
mysql, ssl etc I launced it and it worked fine right out of the shoots.
My problem is we use the log_passwd fail to help our users when they are
messing up their password. It has worked great on the older version of
perdition. On this version we don't seem to get the bad password logged
even with log_passwd fail in the config file. I am sure I am just
missing something somewhere. Is it logged to a different log level or
something like that?
Current version: Logging failed password fine
Perdition = 1.17
OS = Slackware 9.1.0
New version: Not logging failed passwords
Perdition = 1.19-rc5
OS = Centos 6.4
Thanks for any help.
______________________________________________
Perdition-users mailing list
Perdition-users(a)vergenet.net
http://lists.vergenet.net/listinfo/perdition-users
______________________________________________
Perdition-users mailing list
Perdition-users(a)vergenet.net
http://lists.vergenet.net/listinfo/perdition-users