From: Aki Tuomi Date: Mon, 27 Jul 2020 06:11:47 +0000 (+0300) Subject: lib-auth: Add more fields to auth client event X-Git-Tag: 2.3.13~291 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d1aaeab138f60c5fc55c81b155c4ae2f6bbc45b9;p=thirdparty%2Fdovecot%2Fcore.git lib-auth: Add more fields to auth client event This way it becomes more useful --- diff --git a/src/lib-auth/auth-client-request.c b/src/lib-auth/auth-client-request.c index 00dfcdff99..cf0307b05c 100644 --- a/src/lib-auth/auth-client-request.c +++ b/src/lib-auth/auth-client-request.c @@ -19,14 +19,22 @@ static void auth_server_send_new_request(struct auth_client_connection *conn, str_append(str, "\tservice="); str_append_tabescaped(str, info->service); + event_add_str(request->event, "mechanism", info->mech); + event_add_str(request->event, "service", info->service); + if ((info->flags & AUTH_REQUEST_FLAG_SUPPORT_FINAL_RESP) != 0) str_append(str, "\tfinal-resp-ok"); if ((info->flags & AUTH_REQUEST_FLAG_SECURED) != 0) { str_append(str, "\tsecured"); - if ((info->flags & AUTH_REQUEST_FLAG_TRANSPORT_SECURITY_TLS) != 0) + if ((info->flags & AUTH_REQUEST_FLAG_TRANSPORT_SECURITY_TLS) != 0) { str_append(str, "=tls"); + event_add_str(request->event, "transport", "TLS"); + } else { + event_add_str(request->event, "transport", "trusted"); + } } else { i_assert((info->flags & AUTH_REQUEST_FLAG_TRANSPORT_SECURITY_TLS) == 0); + event_add_str(request->event, "transport", "insecure"); } if ((info->flags & AUTH_REQUEST_FLAG_NO_PENALTY) != 0) str_append(str, "\tno-penalty"); @@ -38,20 +46,46 @@ static void auth_server_send_new_request(struct auth_client_connection *conn, if (info->session_id != NULL) { str_append(str, "\tsession="); str_append_tabescaped(str, info->session_id); + event_add_str(request->event, "session", info->session_id); } if (info->cert_username != NULL) { str_append(str, "\tcert_username="); str_append_tabescaped(str, info->cert_username); + event_add_str(request->event, "certificate_user", + info->cert_username); } - if (info->local_ip.family != 0) + if (info->local_ip.family != 0) { str_printfa(str, "\tlip=%s", net_ip2addr(&info->local_ip)); - if (info->remote_ip.family != 0) + event_add_str(request->event, "local_ip", net_ip2addr(&info->local_ip)); + } + if (info->remote_ip.family != 0) { str_printfa(str, "\trip=%s", net_ip2addr(&info->remote_ip)); - if (info->local_port != 0) + event_add_str(request->event, "remote_ip", net_ip2addr(&info->remote_ip)); + } + if (info->local_port != 0) { str_printfa(str, "\tlport=%u", info->local_port); - if (info->remote_port != 0) + event_add_int(request->event, "local_port", info->local_port); + } + if (info->remote_port != 0) { str_printfa(str, "\trport=%u", info->remote_port); - + event_add_int(request->event, "remote_port", info->remote_port); + } + if (info->real_local_ip.family != 0) { + event_add_str(request->event, "real_local_ip", + net_ip2addr(&info->real_local_ip)); + } + if (info->real_remote_ip.family != 0) { + event_add_str(request->event, "real_remote_ip", + net_ip2addr(&info->real_remote_ip)); + } + if (info->real_local_port != 0) { + event_add_int(request->event, "real_local_port", + info->real_local_port); + } + if (info->real_remote_port != 0) { + event_add_int(request->event, "real_remote_port", + info->real_remote_port); + } /* send the real_* variants only when they differ from the unreal ones */ if (info->real_local_ip.family != 0 && @@ -74,24 +108,30 @@ static void auth_server_send_new_request(struct auth_client_connection *conn, *info->local_name != '\0') { str_append(str, "\tlocal_name="); str_append_tabescaped(str, info->local_name); + event_add_str(request->event, "local_name", info->local_name); } if (info->ssl_cipher_bits != 0 && info->ssl_cipher != NULL) { str_append(str, "\tssl_cipher="); str_append_tabescaped(str, info->ssl_cipher); str_printfa(str, "\tssl_cipher_bits=%u", info->ssl_cipher_bits); + event_add_str(request->event, "tls_cipher", info->ssl_cipher); + event_add_int(request->event, "tls_cipher_bits", info->ssl_cipher_bits); if (info->ssl_pfs != NULL) { str_append(str, "\tssl_pfs="); str_append_tabescaped(str, info->ssl_pfs); + event_add_str(request->event, "tls_pfs", info->ssl_pfs); } } if (info->ssl_protocol != NULL) { str_append(str, "\tssl_protocol="); str_append_tabescaped(str, info->ssl_protocol); + event_add_str(request->event, "tls_protocol", info->ssl_protocol); } if (info->client_id != NULL && *info->client_id != '\0') { str_append(str, "\tclient_id="); str_append_tabescaped(str, info->client_id); + event_add_str(request->event, "client_id", info->client_id); } if (info->forward_fields != NULL && *info->forward_fields != '\0') { @@ -249,6 +289,16 @@ time_t auth_client_request_get_create_time(struct auth_client_request *request) return request->created; } +static void args_parse_user(struct auth_client_request *request, const char *arg) +{ + if (str_begins(arg, "user=")) + event_add_str(request->event, "user", arg + 5); + else if (str_begins(arg, "original_user=")) + event_add_str(request->event, "original_user", arg + 14); + else if (str_begins(arg, "auth_user=")) + event_add_str(request->event, "auth_user", arg + 10); +} + void auth_client_request_server_input(struct auth_client_request *request, enum auth_request_status status, const char *const *args) @@ -275,8 +325,8 @@ void auth_client_request_server_input(struct auth_client_request *request, for (tmp = args; *tmp != NULL; tmp++) { if (str_begins(*tmp, "resp=")) { base64_data = *tmp + 5; - break; } + args_parse_user(request, *tmp); } switch (status) {