From 1a707f1d06d30b69fd7abd3c0d37c7dbceb4a437 Mon Sep 17 00:00:00 2001
From: Ilia Rostovtsev <ilia@rostovtsev.io>
Date: Mon, 12 Oct 2020 22:04:26 +0300
Subject: [PATCH 1/4] Fix typo

---
 mysql/mysql-lib.pl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mysql/mysql-lib.pl b/mysql/mysql-lib.pl
index 62cc72e00..c07170dad 100755
--- a/mysql/mysql-lib.pl
+++ b/mysql/mysql-lib.pl
@@ -1535,7 +1535,7 @@ sub get_mysql_plugin
 my ($query) = @_;
 my @plugin = &execute_sql($master_db, 
     "show variables LIKE '%default_authentication_plugin%'");
-my $plugin = $plugin[0]->{'data'}[0][1];
+my $plugin = $plugin[0]->{'data'}->[0]->[1];
 if ($plugin && $query) {
 	$plugin = " with $plugin ";
 	}

From 77e6391502eb732ef0b4f6813d3b68d3c9bf490f Mon Sep 17 00:00:00 2001
From: Ilia Rostovtsev <ilia@rostovtsev.io>
Date: Tue, 13 Oct 2020 16:20:07 +0300
Subject: [PATCH 2/4] If File::MimeInfo cannot be loaded don't fail on ACL page
 If fails on Ubuntu 2.040, where File::MimeInfo needs to be loaded from
 ../filemin/lib when used with `acl_security.pl` (which is not needed by this
 page)

---
 filemin/filemin-lib.pl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/filemin/filemin-lib.pl b/filemin/filemin-lib.pl
index 135a0988b..d0316e925 100644
--- a/filemin/filemin-lib.pl
+++ b/filemin/filemin-lib.pl
@@ -8,7 +8,7 @@ use lib './lib';
 use POSIX;
 use Encode qw(decode encode);
 use File::Basename;
-use File::MimeInfo;
+eval "use File::MimeInfo";
 
 sub get_attr_status {
   return has_command('lsattr');

From 511e70aa97cc59e1b64ba5d89a0301954efef134 Mon Sep 17 00:00:00 2001
From: Ilia Rostovtsev <ilia@rostovtsev.io>
Date: Wed, 14 Oct 2020 19:02:37 +0300
Subject: [PATCH 3/4] Add to support to display two factor authentication field
 selectively

https://virtualmin.com/node/70011
---
 miniserv.pl | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/miniserv.pl b/miniserv.pl
index c4141eca7..5e658fe50 100755
--- a/miniserv.pl
+++ b/miniserv.pl
@@ -2057,8 +2057,12 @@ if ($config{'userfile'}) {
 				$method = "GET";
 				$querystring .= "&failed=$failed_user"
 					if ($failed_user);
-				$querystring .= "&twofactor_msg=".&urlize($twofactor_msg)
-					if ($twofactor_msg);
+				if ($twofactor_msg) {
+					$querystring .= "&failed_save=$failed_save";
+					$querystring .= "&failed_pass=$failed_pass";
+					$querystring .= "&failed_twofactor_attempt=$failed_twofactor_attempt";
+					$querystring .= "&twofactor_msg=".&urlize($twofactor_msg);
+					}
 				$querystring .= "&timed_out=$timed_out"
 					if ($timed_out);
 				$queryargs = "";
@@ -4206,6 +4210,10 @@ else {
 				$expired ? 'expiredpass' : 'wrongpass',
 			   $loghost, $localip);
 	$failed_user = $vu;
+	$failed_pass = $pass;
+	$failed_save = $in{'save'};
+	$failed_twofactor_attempt = $in{'failed_twofactor_attempt'} || 0;
+	$failed_twofactor_attempt++;
 	$request_uri = $in{'page'};
 	$already_session_id = undef;
 	$method = "GET";

From b68a47fa0d52977b922f4ac24661de5c1d215261 Mon Sep 17 00:00:00 2001
From: Ilia Rostovtsev <ilia@rostovtsev.io>
Date: Thu, 15 Oct 2020 13:19:07 +0300
Subject: [PATCH 4/4] Fix to prevent logging when empty 2FA token is sent
 https://github.com/webmin/webmin/commit/511e70aa97cc59e1b64ba5d89a0301954efef134

---
 miniserv.pl | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/miniserv.pl b/miniserv.pl
index 5e658fe50..fe50f1dc3 100755
--- a/miniserv.pl
+++ b/miniserv.pl
@@ -1838,6 +1838,7 @@ if ($config{'userfile'}) {
 							$vu, 'twofactor',
 							$loghost, $localip);
 						$twofactor_msg = $err;
+						$nologf = 1 if (!$in{'twofactor'});
 						$vu = undef;
 						}
 					}
@@ -1845,7 +1846,7 @@ if ($config{'userfile'}) {
 			local $hrv = &handle_login(
 					$vu || $in{'user'}, $vu ? 1 : 0,
 				      	$expired, $nonexist, $in{'pass'},
-					$in{'notestingcookie'});
+					$in{'notestingcookie'}, $nologf);
 			return $hrv if (defined($hrv));
 			}
 		}
@@ -4101,11 +4102,11 @@ if (!$sid && !$force_urandom) {
 return $sid;
 }
 
-# handle_login(username, ok, expired, not-exists, password, [no-test-cookie])
+# handle_login(username, ok, expired, not-exists, password, [no-test-cookie], [no-log])
 # Called from handle_session to either mark a user as logged in, or not
 sub handle_login
 {
-local ($vu, $ok, $expired, $nonexist, $pass, $notest) = @_;
+local ($vu, $ok, $expired, $nonexist, $pass, $notest, $nologf) = @_;
 $authuser = $vu if ($ok);
 
 # check if the test cookie is set
@@ -4222,7 +4223,7 @@ else {
 		($nonexist ? "Non-existent" :
 		 $expired ? "Expired" : "Invalid").
 		" login as $vu from $loghost")
-		if ($use_syslog);
+		if ($use_syslog && !$nologf);
 	}
 return undef;
 }