Lorenzo,
Also, does your patch pass the requested login name to
saslauthd? I didn't see that it did. That would also be a great
inclusion, so we could exclude dictionary attacks from potentially
legitimate users. Certainly not as crucial as the remote IP, though.
I've updated my RHEL bug to include a link to your patch - hopefully
we can get it included upstream (especially if one of them applies
cleanly to 2.1.22).
Thanks!
--- Amir
At 4:00 PM +0200 05/22/2011, Lorenzo Catucci wrote:
Since I've seen some other people requesting the functionality [*], I think
someone could like getting a courtesy copy of a bugzilla entry I've just
filed on bugzilla.cyrusimap.org:
http://bugzilla.cyrusimap.org/bugzilla3/show_bug.cgi?id=3468
I'm attaching both a 2.1.23 and a 2.1.24 version of the patch, since
there is a merge conflict between the former and 2.1.24 sources.
I'd be grateful about any comment - review - test which could help
with upstreaming my patch.
Please keep in mind that I'm unable to test on a solaris box; therefore,
the ipc_doors changes should be treated as VERY SUSPECT; still, I
think they make sense, and would be twice as grateful to any solaris
tester...
Thank you very much, yours
lorenzo
[*] In particular, a google search lead to the following pages:
http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/2011-March/002218.html
"saslauthd/PAM IP logging on failure" - 2011-03-26
https://bugzilla.redhat.com/show_bug.cgi?id=683797
"saslauthd using pam does not log rhost (remote host) IP/hostname
or requested login in /var/log/secure" - 2011-03-10
http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/2010-July/002108.html
"PAM authentication - Remote host" - 2010-07-13
http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/2010-May/002085.html
"remote client ip" - 2010-05-24
Attachment converted: Macintosh HD:saslauthd_pam_rhost#51C173.diff
(TEXT/ttxt) (0051C173)
Attachment converted: Macintosh HD:saslauthd_pam_rhost_2.1.23.diff
(TEXT/ttxt) (0051C174)
