Changeset c9c2952


Ignore:
Timestamp:
Nov 6, 2016 5:20:35 PM (4 years ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
08062aa
Parents:
81bbf55
Message:

Consistently log authentication failures for all interfaces

Files:
7 edited

Legend:

Unmodified
Added
Removed
  • apps/i2ptunnel/java/src/net/i2p/i2ptunnel/I2PTunnelHTTPClientBase.java

    r81bbf55 rc9c2952  
    305305                        }
    306306                    }
    307                     _log.logAlways(Log.WARN, "PROXY AUTH FAILURE: user " + user);
     307                    _log.logAlways(Log.WARN, "HTTP proxy authentication failed, user: " + user);
    308308                } catch (UnsupportedEncodingException uee) {
    309309                    _log.error(getPrefix(requestId) + "No UTF-8 support? B64: " + authorization, uee);
     
    364364                                                                PROP_PROXY_DIGEST_SUFFIX);
    365365        if (ha1 == null) {
    366             _log.logAlways(Log.WARN, "PROXY AUTH FAILURE: user " + user);
     366            _log.logAlways(Log.WARN, "HTTP proxy authentication failed, user: " + user);
    367367            return AuthResult.AUTH_BAD;
    368368        }
     
    374374        String hkd = PasswordManager.md5Hex(kd);
    375375        if (!response.equals(hkd)) {
    376             _log.logAlways(Log.WARN, "PROXY AUTH FAILURE: user " + user);
     376            _log.logAlways(Log.WARN, "HTTP proxy authentication failed, user: " + user);
    377377            if (_log.shouldLog(Log.INFO))
    378378                _log.info("Bad digest auth: " + DataHelper.toString(args));
  • apps/i2ptunnel/java/src/net/i2p/i2ptunnel/socks/SOCKS5Server.java

    r81bbf55 rc9c2952  
    132132    private void verifyPassword(DataInputStream in, DataOutputStream out) throws IOException, SOCKSException {
    133133        int c = in.readUnsignedByte();
    134         if (c != AUTH_VERSION)
     134        if (c != AUTH_VERSION) {
     135            _log.logAlways(Log.WARN, "SOCKS proxy authentication failed");
    135136            throw new SOCKSException("Unsupported authentication version");
     137        }
    136138        c = in.readUnsignedByte();
    137         if (c <= 0)
     139        if (c <= 0) {
     140            _log.logAlways(Log.WARN, "SOCKS proxy authentication failed");
    138141            throw new SOCKSException("Bad authentication");
     142        }
    139143        byte[] user = new byte[c];
     144        String u = new String(user, "UTF-8");
    140145        in.readFully(user);
    141146        c = in.readUnsignedByte();
    142         if (c <= 0)
     147        if (c <= 0) {
     148            _log.logAlways(Log.WARN, "SOCKS proxy authentication failed, user: " + u);
    143149            throw new SOCKSException("Bad authentication");
     150        }
    144151        byte[] pw = new byte[c];
    145152        in.readFully(pw);
    146153        // Hopefully these are in UTF-8, since that's what our config file is in
    147154        // these throw UnsupportedEncodingException which is an IOE
    148         String u = new String(user, "UTF-8");
    149155        String p = new String(pw, "UTF-8");
    150156        String configUser =  props.getProperty(I2PTunnelHTTPClientBase.PROP_USER);
    151157        String configPW = props.getProperty(I2PTunnelHTTPClientBase.PROP_PW);
    152158        if ((!u.equals(configUser)) || (!p.equals(configPW))) {
    153             _log.error("SOCKS authorization failure");
     159            _log.logAlways(Log.WARN, "SOCKS proxy authentication failed, user: " + u);
    154160            sendAuthReply(AUTH_FAILURE, out);
    155161            throw new SOCKSException("SOCKS authorization failure");
  • apps/routerconsole/java/src/net/i2p/router/web/RouterConsoleRunner.java

    r81bbf55 rc9c2952  
    4949import org.eclipse.jetty.server.NCSARequestLog;
    5050import org.eclipse.jetty.server.Server;
     51import org.eclipse.jetty.server.UserIdentity;
    5152import org.eclipse.jetty.server.bio.SocketConnector;
    5253import org.eclipse.jetty.server.handler.ContextHandlerCollection;
     
    849850                ctx.router().saveConfig(PROP_CONSOLE_PW, "false");
    850851            } else {
    851                 HashLoginService realm = new HashLoginService(JETTY_REALM);
     852                HashLoginService realm = new CustomHashLoginService(JETTY_REALM, context.getContextPath(),
     853                                                                    ctx.logManager().getLog(RouterConsoleRunner.class));
    852854                sec.setLoginService(realm);
    853855                sec.setAuthenticator(authenticator);
     
    933935    }
    934936   
     937    /**
     938     * For logging authentication failures
     939     * @since 0.9.28
     940     */
     941    private static class CustomHashLoginService extends HashLoginService {
     942        private final String _webapp;
     943        private final net.i2p.util.Log _log;
     944
     945        public CustomHashLoginService(String realm, String webapp, net.i2p.util.Log log) {
     946            super(realm);
     947            _webapp = webapp;
     948            _log = log;
     949        }
     950
     951        @Override
     952        public UserIdentity login(String username, Object credentials) {
     953            UserIdentity rv = super.login(username, credentials);
     954            if (rv == null)
     955                //_log.logAlways(net.i2p.util.Log.WARN, "Console authentication failed, webapp: " + _webapp + ", user: " + username);
     956                _log.logAlways(net.i2p.util.Log.WARN, "Console authentication failed, user: " + username);
     957            return rv;
     958        }
     959    }
     960   
    935961    /** @since 0.8.8 */
    936962    private class ServerShutdown implements Runnable {
  • apps/sam/java/src/net/i2p/sam/SAMHandlerFactory.java

    r81bbf55 rc9c2952  
    9292            String user = props.getProperty("USER");
    9393            String pw = props.getProperty("PASSWORD");
    94             if (user == null || pw == null)
     94            if (user == null || pw == null) {
     95                if (user == null)
     96                    log.logAlways(Log.WARN, "SAM authentication failed");
     97                else
     98                    log.logAlways(Log.WARN, "SAM authentication failed, user: " + user);
    9599                throw new SAMException("USER and PASSWORD required");
     100            }
    96101            String savedPW = i2cpProps.getProperty(SAMBridge.PROP_PW_PREFIX + user + SAMBridge.PROP_PW_SUFFIX);
    97             if (savedPW == null)
     102            if (savedPW == null) {
     103                log.logAlways(Log.WARN, "SAM authentication failed, user: " + user);
    98104                throw new SAMException("Authorization failed");
     105            }
    99106            PasswordManager pm = new PasswordManager(I2PAppContext.getGlobalContext());
    100             if (!pm.checkHash(savedPW, pw))
     107            if (!pm.checkHash(savedPW, pw)) {
     108                log.logAlways(Log.WARN, "SAM authentication failed, user: " + user);
    101109                throw new SAMException("Authorization failed");
     110            }
    102111        }
    103112
  • history.txt

    r81bbf55 rc9c2952  
     12016-11-06 zzz
     2 * Console: Add Java 9 log warning (ticket #1870)
     3 * Security: Consistently log authentication failures for all interfaces
     4 * Util: Consolidate linux service detection code
     5
     62016-11-05 zzz
     7 * Build: Add support for using libtomcat8-java package
     8 * Console: Add message to ignore InstanceManager warning (ticket #1818)
     9 * SusiDNS: Fix jsp EL syntax error with EL 3.0 (Tomcat 8) (ticket #1870)
     10
     112016-11-04 zzz
     12 * Console: Improve handling and logging of webapps that fail to start
     13 * i2psnark: Add launch-i2psnark.bat (ticket #1871)
     14 * Transports:
     15   - New config i2np.allowLocal, fixes test networks (ticket #1875)
     16   - New configs i2np.udp.minpeers and i2np.udp.minv6peers, for testing (ticket #1876)
     17
    1182016-10-29 zzz
    219 * Console: Java 9 fixes for classloader (ticket #1870)
     
    4865 * Debian: Update package descriptions, allow Java 9
    4966 * i2psnark: Add ids to rows, add to per-torrent show peers link
    50  * SSU: Fix minimum version check for IPv6 peer test (ticket #1861)
     67 * SSU: Fix minimum version check for IPv6 peer test (tickets #1829, #1861)
    5168
    5269* 2016-10-17 0.9.27 released
  • router/java/src/net/i2p/router/RouterVersion.java

    r81bbf55 rc9c2952  
    1919    public final static String ID = "Monotone";
    2020    public final static String VERSION = CoreVersion.VERSION;
    21     public final static long BUILD = 6;
     21    public final static long BUILD = 7;
    2222
    2323    /** for example "-test" */
  • router/java/src/net/i2p/router/client/ClientMessageEventListener.java

    r81bbf55 rc9c2952  
    330330            }
    331331            if (user == null || user.length() == 0 || pw == null || pw.length() == 0) {
    332                 _log.error("I2CP auth failed");
     332                _log.logAlways(Log.WARN, "I2CP authentication failed");
    333333                _runner.disconnectClient("Authorization required, specify i2cp.username and i2cp.password in options");
    334334                _authorized = false;
     
    337337            PasswordManager mgr = new PasswordManager(_context);
    338338            if (!mgr.checkHash(PROP_AUTH, user, pw)) {
    339                 _log.error("I2CP auth failed user: " + user);
     339                _log.logAlways(Log.WARN, "I2CP authentication failed, user: " + user);
    340340                _runner.disconnectClient("Authorization failed, user = " + user);
    341341                _authorized = false;
Note: See TracChangeset for help on using the changeset viewer.