From 902bd6e1bc01168761287c38e913cf25a25b0f2c Mon Sep 17 00:00:00 2001 From: Martin Mares Date: Sat, 5 Nov 2016 13:09:48 +0100 Subject: [PATCH] Multiple failures need different parsing --- bouncer.c | 115 +++++++++++++++++++++++++++++------------------------- 1 file changed, 62 insertions(+), 53 deletions(-) diff --git a/bouncer.c b/bouncer.c index e5edf9e..6fffcea 100644 --- a/bouncer.c +++ b/bouncer.c @@ -363,6 +363,48 @@ static bool check_next(char **pp, char *want) return 1; } +static void parse_failure(char *p, int cnt) +{ + DBG("Parse 4: <%s> cnt=%d", p, cnt); + + // Decode attributes + bool done = 0; + char *rhost = NULL; + while (!done) + { + while (*p == ' ') + p++; + if (!*p) + break; + + char *key = p; + while (*p && *p != ' ' && *p != '=') + p++; + if (*p != '=') + continue; + *p++ = 0; + + char *val = p; + while (*p && *p != ' ') + p++; + if (*p) + *p++ = 0; + else + done = 1; + + DBG("Parse KV: %s=<%s>", key, val); + if (!strcmp(key, "rhost")) + rhost = val; + } + + // Act on the message + struct addr addr; + if (addr_parse(&addr, rhost)) + handle_failed_login(addr, cnt); + else + msg(L_WARN, "Unable to parse address %s", rhost); +} + static void process_msg(char *line) { DBG("Parse: <%s>", line); @@ -391,72 +433,39 @@ static void process_msg(char *line) DBG("Parse 2: <%s>", p); // pam_unix(something), colon, space - if (!check_next(&p, "pam_unix(")) - return; - do + if (check_next(&p, "pam_unix(")) { - c = *p++; - if (!c || c == ' ') + do + { + c = *p++; + if (!c || c == ' ') + return; + } + while (c != ')'); + if (!check_next(&p, ": ")) + return; + DBG("Parse 3: <%s>", p); + + if (!check_next(&p, "authentication failure; ")) return; + + parse_failure(p, 1); } - while (c != ')'); - if (!check_next(&p, ": ")) - return; - DBG("Parse 3: <%s>", p); - // "authentication failure;" - int cnt = 1; - if (!check_next(&p, "authentication failure; ")) + // "PAM more authentication failures;" + if (check_next(&p, "PAM ")) { - // "PAM more authentication failures;" - if (!check_next(&p, "PAM ")) - return; if (!(*p >= '0' && *p <= '9')) return; - cnt = atoi(p); + int cnt = atoi(p); while (*p >= '0' && *p <= '9') p++; + if (!check_next(&p, " more authentication failures; ")) return; - } - DBG("Parse 4: <%s> cnt=%d", p, cnt); - // Decode attributes - bool done = 0; - char *rhost = NULL; - while (!done) - { - while (*p == ' ') - p++; - if (!*p) - break; - - char *key = p; - while (*p && *p != ' ' && *p != '=') - p++; - if (*p != '=') - continue; - *p++ = 0; - - char *val = p; - while (*p && *p != ' ') - p++; - if (*p) - *p++ = 0; - else - done = 1; - - DBG("Parse KV: %s=<%s>", key, val); - if (!strcmp(key, "rhost")) - rhost = val; + parse_failure(p, cnt); } - - // Act on the message - struct addr addr; - if (addr_parse(&addr, rhost)) - handle_failed_login(addr, cnt); - else - msg(L_WARN, "Unable to parse address %s", rhost); } /*** Socket for receiving messages from rsyslog ***/ -- 2.39.5