lib-auth: Add more fields to auth client event

author Aki Tuomi <aki.tuomi@open-xchange.com>

Mon, 27 Jul 2020 06:11:47 +0000 (09:11 +0300)

committer Aki Tuomi <aki.tuomi@open-xchange.com>

Thu, 27 Aug 2020 07:26:09 +0000 (10:26 +0300)
author Aki Tuomi <aki.tuomi@open-xchange.com>
Mon, 27 Jul 2020 06:11:47 +0000 (09:11 +0300)
committer Aki Tuomi <aki.tuomi@open-xchange.com>
Thu, 27 Aug 2020 07:26:09 +0000 (10:26 +0300)
diff --git a/src/lib-auth/auth-client-request.c b/src/lib-auth/auth-client-request.c

index 00dfcdff9944aafe0e23e28c9c3cb1b5d081f456..cf0307b05c11fe6173885a82efb40942abc12edb 100644 (file)
--- a/src/lib-auth/auth-client-request.c
+++ b/src/lib-auth/auth-client-request.c
@@ -19,14 +19,22 @@ static void auth_server_send_new_request(struct auth_client_connection *conn,
         str_append(str, "\tservice=");
         str_append_tabescaped(str, info->service);
  
+       event_add_str(request->event, "mechanism", info->mech);
+       event_add_str(request->event, "service", info->service);
+
         if ((info->flags & AUTH_REQUEST_FLAG_SUPPORT_FINAL_RESP) != 0)
                 str_append(str, "\tfinal-resp-ok");
         if ((info->flags & AUTH_REQUEST_FLAG_SECURED) != 0) {
                 str_append(str, "\tsecured");
-               if ((info->flags & AUTH_REQUEST_FLAG_TRANSPORT_SECURITY_TLS) != 0)
+               if ((info->flags & AUTH_REQUEST_FLAG_TRANSPORT_SECURITY_TLS) != 0) {
                         str_append(str, "=tls");
+                       event_add_str(request->event, "transport", "TLS");
+               } else {
+                       event_add_str(request->event, "transport", "trusted");
+               }
         } else {
                 i_assert((info->flags & AUTH_REQUEST_FLAG_TRANSPORT_SECURITY_TLS) == 0);
+               event_add_str(request->event, "transport", "insecure");
         }
         if ((info->flags & AUTH_REQUEST_FLAG_NO_PENALTY) != 0)
                 str_append(str, "\tno-penalty");
@@ -38,20 +46,46 @@ static void auth_server_send_new_request(struct auth_client_connection *conn,
         if (info->session_id != NULL) {
                 str_append(str, "\tsession=");
                 str_append_tabescaped(str, info->session_id);
+               event_add_str(request->event, "session", info->session_id);
         }
         if (info->cert_username != NULL) {
                 str_append(str, "\tcert_username=");
                 str_append_tabescaped(str, info->cert_username);
+               event_add_str(request->event, "certificate_user",
+                             info->cert_username);
         }
-       if (info->local_ip.family != 0)
+       if (info->local_ip.family != 0) {
                 str_printfa(str, "\tlip=%s", net_ip2addr(&info->local_ip));
-       if (info->remote_ip.family != 0)
+               event_add_str(request->event, "local_ip", net_ip2addr(&info->local_ip));
+       }
+       if (info->remote_ip.family != 0) {
                 str_printfa(str, "\trip=%s", net_ip2addr(&info->remote_ip));
-       if (info->local_port != 0)
+               event_add_str(request->event, "remote_ip", net_ip2addr(&info->remote_ip));
+       }
+       if (info->local_port != 0) {
                 str_printfa(str, "\tlport=%u", info->local_port);
-       if (info->remote_port != 0)
+               event_add_int(request->event, "local_port", info->local_port);
+       }
+       if (info->remote_port != 0) {
                 str_printfa(str, "\trport=%u", info->remote_port);
-
+               event_add_int(request->event, "remote_port", info->remote_port);
+       }
+       if (info->real_local_ip.family != 0) {
+               event_add_str(request->event, "real_local_ip",
+                             net_ip2addr(&info->real_local_ip));
+       }
+       if (info->real_remote_ip.family != 0) {
+               event_add_str(request->event, "real_remote_ip",
+                             net_ip2addr(&info->real_remote_ip));
+       }
+       if (info->real_local_port != 0) {
+               event_add_int(request->event, "real_local_port",
+                             info->real_local_port);
+       }
+       if (info->real_remote_port != 0) {
+               event_add_int(request->event, "real_remote_port",
+                             info->real_remote_port);
+       }
         /* send the real_* variants only when they differ from the unreal
            ones */
         if (info->real_local_ip.family != 0 &&
@@ -74,24 +108,30 @@ static void auth_server_send_new_request(struct auth_client_connection *conn,
             *info->local_name != '\0') {
                 str_append(str, "\tlocal_name=");
                 str_append_tabescaped(str, info->local_name);
+               event_add_str(request->event, "local_name", info->local_name);
         }
         if (info->ssl_cipher_bits != 0 && info->ssl_cipher != NULL) {
                 str_append(str, "\tssl_cipher=");
                 str_append_tabescaped(str, info->ssl_cipher);
                 str_printfa(str, "\tssl_cipher_bits=%u", info->ssl_cipher_bits);
+               event_add_str(request->event, "tls_cipher", info->ssl_cipher);
+               event_add_int(request->event, "tls_cipher_bits", info->ssl_cipher_bits);
                 if (info->ssl_pfs != NULL) {
                         str_append(str, "\tssl_pfs=");
                         str_append_tabescaped(str, info->ssl_pfs);
+                       event_add_str(request->event, "tls_pfs", info->ssl_pfs);
                 }
         }
         if (info->ssl_protocol != NULL) {
                 str_append(str, "\tssl_protocol=");
                 str_append_tabescaped(str, info->ssl_protocol);
+               event_add_str(request->event, "tls_protocol", info->ssl_protocol);
         }
         if (info->client_id != NULL &&
             *info->client_id != '\0') {
                 str_append(str, "\tclient_id=");
                 str_append_tabescaped(str, info->client_id);
+               event_add_str(request->event, "client_id", info->client_id);
         }
         if (info->forward_fields != NULL &&
             *info->forward_fields != '\0') {
@@ -249,6 +289,16 @@ time_t auth_client_request_get_create_time(struct auth_client_request *request)
         return request->created;
  }
  
+static void args_parse_user(struct auth_client_request *request, const char *arg)
+{
+       if (str_begins(arg, "user="))
+               event_add_str(request->event, "user", arg + 5);
+       else if (str_begins(arg, "original_user="))
+               event_add_str(request->event, "original_user", arg + 14);
+       else if (str_begins(arg, "auth_user="))
+               event_add_str(request->event, "auth_user", arg + 10);
+}
+
  void auth_client_request_server_input(struct auth_client_request *request,
                                       enum auth_request_status status,
                                       const char *const *args)
@@ -275,8 +325,8 @@ void auth_client_request_server_input(struct auth_client_request *request,
         for (tmp = args; *tmp != NULL; tmp++) {
                 if (str_begins(*tmp, "resp=")) {
                         base64_data = *tmp + 5;
-                       break;
                 }
+               args_parse_user(request, *tmp);
         }
  
         switch (status) {
author	Aki Tuomi <aki.tuomi@open-xchange.com>
	Mon, 27 Jul 2020 06:11:47 +0000 (09:11 +0300)
committer	Aki Tuomi <aki.tuomi@open-xchange.com>
	Thu, 27 Aug 2020 07:26:09 +0000 (10:26 +0300)