From: Aki Tuomi Date: Fri, 18 Nov 2022 11:46:14 +0000 (+0200) Subject: login-common: Add ssl_ja3 log element X-Git-Tag: 2.4.0~3258 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e5bc3e3deab7e9df6ce971af49cdc5aeba89f54e;p=thirdparty%2Fdovecot%2Fcore.git login-common: Add ssl_ja3 log element --- diff --git a/src/auth/auth-request-var-expand.c b/src/auth/auth-request-var-expand.c index eeca56a365..b0b2025c42 100644 --- a/src/auth/auth-request-var-expand.c +++ b/src/auth/auth-request-var-expand.c @@ -207,6 +207,8 @@ auth_request_get_var_expand_table_full(const struct auth_request *auth_request, tab[33].value = escape_func(fields->local_name, auth_request); if (fields->client_id != NULL) tab[34].value = escape_func(fields->client_id, auth_request); + if (fields->ssl_ja3_hash != NULL) + tab[35].value = escape_func(fields->ssl_ja3_hash, auth_request); return ret_tab; } diff --git a/src/login-common/client-common.c b/src/login-common/client-common.c index a6aaaaeb97..381701652f 100644 --- a/src/login-common/client-common.c +++ b/src/login-common/client-common.c @@ -1,10 +1,12 @@ /* Copyright (c) 2002-2018 Dovecot authors, see the included COPYING file */ #include "login-common.h" +#include "hex-binary.h" #include "array.h" #include "hostpid.h" #include "llist.h" #include "istream.h" +#include "md5.h" #include "ostream.h" #include "iostream.h" #include "iostream-ssl.h" @@ -822,7 +824,7 @@ const char *client_get_session_id(struct client *client) /* increment index if new proper login variables are added * make sure the aliases stay in the current order */ -#define VAR_EXPAND_ALIAS_INDEX_START 27 +#define VAR_EXPAND_ALIAS_INDEX_START 28 static struct var_expand_table login_var_expand_empty_tab[] = { { 'u', NULL, "user" }, @@ -853,6 +855,7 @@ static struct var_expand_table login_var_expand_empty_tab[] = { { '\0', NULL, "auth_domain" }, { '\0', NULL, "listener" }, { '\0', NULL, "local_name" }, + { '\0', NULL, "ssl_ja3" }, /* aliases: */ { '\0', NULL, "local_ip" }, @@ -926,6 +929,8 @@ get_var_expand_table(struct client *client) t_strdup_printf("%s: %s", ssl_state, ssl_error); tab[12].value = ssl_iostream_get_security_string(client->ssl_iostream); + tab[27].value = + ssl_iostream_get_ja3(client->ssl_iostream); } else { tab[11].value = "TLS"; tab[12].value = ""; @@ -1002,11 +1007,35 @@ client_var_expand_func_passdb(const char *data, void *context, return 1; } +static int client_var_expand_func_ssl_ja3_hash(const char *data ATTR_UNUSED, + void *context, + const char **value_r, + const char **error_r ATTR_UNUSED) +{ + struct client *client = context; + + if (client->ssl_iostream == NULL) { + *value_r = NULL; + return 1; + } + + unsigned char hash[MD5_RESULTLEN]; + const char *ja3 = ssl_iostream_get_ja3(client->ssl_iostream); + if (ja3 == NULL) { + *value_r = NULL; + } else { + md5_get_digest(ja3, strlen(ja3), hash); + *value_r = binary_to_hex(hash, sizeof(hash)); + } + return 1; +} + static const char * client_get_log_str(struct client *client, const char *msg) { static const struct var_expand_func_table func_table[] = { { "passdb", client_var_expand_func_passdb }, + { "ssl_ja3_hash", client_var_expand_func_ssl_ja3_hash }, { NULL, NULL } }; static bool expand_error_logged = FALSE;