]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
auth: Emit event when auth request is finished
authorAki Tuomi <aki.tuomi@dovecot.fi>
Mon, 26 Nov 2018 12:23:11 +0000 (14:23 +0200)
committerAki Tuomi <aki.tuomi@open-xchange.com>
Thu, 21 Feb 2019 07:43:55 +0000 (07:43 +0000)
src/auth/auth-request-handler.c
src/auth/auth-request.c
src/auth/auth-request.h

index f85570e3e8351fae6f2d4534955489f7bc110e5f..5d43e9e31da5bf8046ddfa28762336388c4c8119 100644 (file)
@@ -207,6 +207,9 @@ auth_request_handle_failure(struct auth_request *request, const char *reply)
 {
         struct auth_request_handler *handler = request->handler;
 
+       /* handle failure here */
+       auth_request_log_finished(request);
+
        if (request->in_delayed_failure_queue) {
                /* we came here from flush_failures() */
                handler->callback(reply, handler->conn);
@@ -252,6 +255,8 @@ auth_request_handler_reply_success_finish(struct auth_request *request)
         struct auth_request_handler *handler = request->handler;
        string_t *str = t_str_new(128);
 
+       auth_request_log_finished(request);
+
        if (request->last_penalty != 0 && auth_penalty != NULL) {
                /* reset penalty */
                auth_penalty_update(auth_penalty, request, 0);
index cea52a1d217c0c16a1449133b60740c4e580709f..c11194b120cbd38f8593afd2d931d9f64d63bd6b 100644 (file)
@@ -185,6 +185,78 @@ void auth_request_success(struct auth_request *request,
        auth_policy_check(request, request->mech_password, auth_request_policy_check_callback, ctx);
 }
 
+struct event_passthrough *
+auth_request_finished_event(struct auth_request *request, struct event *event)
+{
+       struct event_passthrough *e = event_create_passthrough(event);
+
+       if (request->user != NULL)
+               e->add_str("user", request->user);
+       if (request->original_username != NULL)
+               e->add_str("original_username", request->original_username);
+       if (request->translated_username != NULL)
+               e->add_str("translated_username", request->translated_username);
+       if (request->master_user != NULL) {
+               e->add_str("login_user", request->requested_login_user);
+               e->add_str("master_user", request->master_user);
+       }
+       if (request->failed) {
+               if (request->internal_failure) {
+                       e->add_str("error", "internal failure");
+               } else {
+                       e->add_str("error", "authentication failed");
+               }
+       } else if (request->successful) {
+               e->add_str("success", "yes");
+       }
+       switch(request->secured) {
+       case AUTH_REQUEST_SECURED_NONE:
+               e->add_str("transport", "insecure");
+               break;
+       case AUTH_REQUEST_SECURED:
+               e->add_str("transport", "trusted");
+               break;
+       case AUTH_REQUEST_SECURED_TLS:
+               e->add_str("transport", "TLS");
+               break;
+       default:
+               i_unreached();
+       }
+       if (request->userdb_lookup) {
+               return e;
+       }
+       if (request->mech != NULL)
+               e->add_str("mechanism", request->mech->mech_name);
+       if (request->credentials_scheme != NULL)
+               e->add_str("credentials_scheme", request->credentials_scheme);
+       if (request->realm != NULL)
+               e->add_str("realm", request->realm);
+       if (request->policy_penalty > 0)
+               e->add_int("policy_penalty", request->policy_penalty);
+       if (request->policy_refusal) {
+               e->add_str("policy_result", "refused");
+       } else if (request->policy_processed && request->policy_penalty > 0) {
+               e->add_str("policy_result", "delayed");
+               e->add_int("policy_penalty", request->policy_penalty);
+       } else if (request->policy_processed) {
+               e->add_str("policy_result", "ok");
+       }
+       return e;
+}
+
+void auth_request_log_finished(struct auth_request *request)
+{
+       if (request->event_finished_sent)
+               return;
+       request->event_finished_sent = TRUE;
+       string_t *str = t_str_new(64);
+       auth_request_get_log_prefix(str, request, "auth");
+       struct event_passthrough *e =
+               auth_request_finished_event(request, request->event)->
+               set_name("auth_request_finished");
+       e_debug(e->event(), "%sAuth request finished", str_c(str));
+}
+
 static
 void auth_request_success_continue(struct auth_policy_check_ctx *ctx)
 {
@@ -200,6 +272,9 @@ void auth_request_success_continue(struct auth_policy_check_ctx *ctx)
                return;
        }
 
+       /* log before delay */
+       auth_request_log_finished(request);
+
        if (request->delay_until > ioloop_time) {
                unsigned int delay_secs = request->delay_until - ioloop_time;
                request->to_penalty = timeout_add(delay_secs * 1000,
@@ -239,6 +314,7 @@ void auth_request_fail(struct auth_request *request)
        auth_request_set_state(request, AUTH_REQUEST_STATE_FINISHED);
        auth_request_refresh_last_access(request);
        auth_request_handler_reply(request, AUTH_CLIENT_RESULT_FAILURE, "", 0);
+       auth_request_log_finished(request);
 }
 
 void auth_request_internal_failure(struct auth_request *request)
index cdea4d29c272335ed2976899d195caecc7c81f44..9492580d9f3c1652ed17b369c82b641952a048dd 100644 (file)
@@ -164,6 +164,8 @@ struct auth_request {
        bool policy_refusal:1;
        bool policy_processed:1;
 
+       bool event_finished_sent:1;
+
        /* ... mechanism specific data ... */
 };
 
@@ -294,5 +296,8 @@ void auth_request_userdb_callback(enum userdb_result result,
 void auth_request_refresh_last_access(struct auth_request *request);
 void auth_str_append(string_t *dest, const char *key, const char *value);
 bool auth_request_username_accepted(const char *const *filter, const char *username);
+struct event_passthrough *
+auth_request_finished_event(struct auth_request *request, struct event *event);
+void auth_request_log_finished(struct auth_request *request);
 
 #endif