From e5761551e4c9a4d2d997cbe8fcebc740f363765c Mon Sep 17 00:00:00 2001
From: Michael Jumper <mjumper@apache.org>
Date: Mon, 3 Oct 2022 15:57:11 -0700
Subject: [PATCH] GUACAMOLE-1224: Log identifiers of extensions reporting
 authentication failures.

---
 .../guacamole/event/EventLoggingListener.java | 32 ++++++++++++++-----
 1 file changed, 24 insertions(+), 8 deletions(-)

diff --git a/guacamole/src/main/java/org/apache/guacamole/event/EventLoggingListener.java b/guacamole/src/main/java/org/apache/guacamole/event/EventLoggingListener.java
index 2cf3a70d6..90a929765 100644
--- a/guacamole/src/main/java/org/apache/guacamole/event/EventLoggingListener.java
+++ b/guacamole/src/main/java/org/apache/guacamole/event/EventLoggingListener.java
@@ -22,6 +22,7 @@ package org.apache.guacamole.event;
 import javax.annotation.Nonnull;
 import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.GuacamoleResourceNotFoundException;
+import org.apache.guacamole.net.auth.AuthenticationProvider;
 import org.apache.guacamole.net.auth.Credentials;
 import org.apache.guacamole.net.auth.credentials.GuacamoleInsufficientCredentialsException;
 import org.apache.guacamole.net.event.ApplicationShutdownEvent;
@@ -144,6 +145,8 @@ public class EventLoggingListener implements Listener {
      */
     private void logFailure(AuthenticationFailureEvent event) {
 
+        AuthenticationProvider authProvider = event.getAuthenticationProvider();
+
         Credentials creds = event.getCredentials();
         String username = creds.getUsername();
 
@@ -154,14 +157,27 @@ public class EventLoggingListener implements Listener {
         else if (username == null || username.isEmpty())
             logger.debug("Anonymous authentication attempt from {} failed: {}",
                     new RemoteAddress(creds), new Failure(event));
-        else if (event.getFailure() instanceof GuacamoleInsufficientCredentialsException)
-            logger.debug("Authentication attempt from {} for user \"{}\" "
-                    + "requires additional credentials to continue: {}",
-                    new RemoteAddress(creds), username, new Failure(event));
-        else
-            logger.warn("Authentication attempt from {} for user \"{}\" "
-                    + "failed: {}", new RemoteAddress(creds), username,
-                    new Failure(event));
+        else if (event.getFailure() instanceof GuacamoleInsufficientCredentialsException) {
+            if (authProvider != null)
+                logger.debug("Authentication attempt from {} for user \"{}\" "
+                        + "requires additional credentials to continue: {} "
+                        + "(requested by \"{}\")", new RemoteAddress(creds),
+                        username, new Failure(event), authProvider.getIdentifier());
+            else
+                logger.debug("Authentication attempt from {} for user \"{}\" "
+                        + "requires additional credentials to continue: {}",
+                        new RemoteAddress(creds), username, new Failure(event));
+        }
+        else {
+            if (authProvider != null)
+                logger.warn("Authentication attempt from {} for user \"{}\" "
+                        + "failed: {} (rejected by \"{}\")", new RemoteAddress(creds),
+                        username, new Failure(event), authProvider.getIdentifier());
+            else
+                logger.warn("Authentication attempt from {} for user \"{}\" "
+                        + "failed: {}", new RemoteAddress(creds), username,
+                        new Failure(event));
+        }
 
     }