2020-10-15 Fred Gleason <fredg@paravelsystems.com>

* Added a 'RDApplication::logAuthenticationFailure()' method.
	* Added a sample Fail2Ban jail filter for the WebAPI in
	'conf/rivendell-webapi.conf'.

Signed-off-by: Fred Gleason <fredg@paravelsystems.com>

web/rdxport/rdxport.cpp

@@ -416,13 +416,16 @@ bool Xport::Authenticate()
   // Next, check the whitelist
   //
   if(!xport_post->getValue("LOGIN_NAME",&name)) {
+    rda->logAuthenticationFailure(xport_post->clientAddress());
     return false;
   }
   if(!xport_post->getValue("PASSWORD",&passwd)) {
+    rda->logAuthenticationFailure(xport_post->clientAddress(),name);
     return false;
   }
   rda->user()->setName(name);
   if(!rda->user()->exists()) {
+    rda->logAuthenticationFailure(xport_post->clientAddress(),name);
     return false;
   }
   if((xport_post->clientAddress().toIPv4Address()>>24)==127) {  // Localhost
@@ -443,6 +446,7 @@ bool Xport::Authenticate()
   // Finally, try password
   //
   if(!rda->user()->checkPassword(passwd,false)) {
+    rda->logAuthenticationFailure(xport_post->clientAddress(),name);
     return false;
   }
   TryCreateTicket(name);

web/webget/webget.cpp

@@ -365,15 +365,18 @@ bool MainObject::Authenticate()
   QString passwd;
 
   if(!webget_post->getValue("LOGIN_NAME",&name)) {
+    rda->logAuthenticationFailure(webget_post->clientAddress());
     return false;
   }
   if(!webget_post->getValue("PASSWORD",&passwd)) {
+    rda->logAuthenticationFailure(webget_post->clientAddress(),name);
     return false;
   }
   RDUser *user=new RDUser(name);
   if((!user->exists())||
      (!user->checkPassword(passwd,false))||
      (!user->webgetLogin())) {
+    rda->logAuthenticationFailure(webget_post->clientAddress(),name);
     return false;
   }