]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
auth: Use event logging for subsys mech
authorAki Tuomi <aki.tuomi@dovecot.fi>
Mon, 3 Dec 2018 08:50:48 +0000 (10:50 +0200)
committerAki Tuomi <aki.tuomi@open-xchange.com>
Thu, 21 Feb 2019 07:43:56 +0000 (07:43 +0000)
Automated change

sed -i -e 's/auth_request_log_\(.*\)(\(.*\), AUTH_SUBSYS_MECH,/e_\1(\2->mech_event,/' *.c

Whitespace fixing done with custom script

18 files changed:
src/auth/auth-request-handler.c
src/auth/auth-request.c
src/auth/mech-anonymous.c
src/auth/mech-apop.c
src/auth/mech-cram-md5.c
src/auth/mech-digest-md5.c
src/auth/mech-dovecot-token.c
src/auth/mech-external.c
src/auth/mech-gssapi.c
src/auth/mech-login.c
src/auth/mech-ntlm.c
src/auth/mech-oauth2.c
src/auth/mech-otp.c
src/auth/mech-plain.c
src/auth/mech-rpa.c
src/auth/mech-scram-sha1.c
src/auth/mech-skey.c
src/auth/mech-winbind.c

index 5d43e9e31da5bf8046ddfa28762336388c4c8119..0575e0ce06efe099f400a898038edb34fa2b3650 100644 (file)
@@ -418,7 +418,7 @@ auth_request_handler_auth_fail_code(struct auth_request_handler *handler,
 {
        string_t *str = t_str_new(128);
 
-       auth_request_log_info(request, AUTH_SUBSYS_MECH, "%s", reason);
+       e_info(request->mech_event, "%s", reason);
 
        str_printfa(str, "FAIL\t%u", request->id);
        if (*fail_code != '\0') {
@@ -445,14 +445,14 @@ static void auth_request_timeout(struct auth_request *request)
 
        if (request->state != AUTH_REQUEST_STATE_MECH_CONTINUE) {
                /* client's fault */
-               auth_request_log_error(request, AUTH_SUBSYS_MECH,
+               e_error(request->mech_event,
                        "Request %u.%u timed out after %u secs, state=%d",
                        request->handler->client_pid, request->id,
                        secs, request->state);
        } else if (request->set->verbose) {
-               auth_request_log_info(request, AUTH_SUBSYS_MECH,
-                       "Request timed out waiting for client to continue authentication "
-                       "(%u secs)", secs);
+               e_info(request->mech_event,
+                      "Request timed out waiting for client to continue authentication "
+                      "(%u secs)", secs);
        }
        auth_request_handler_remove(request->handler, request);
 }
index 0a926542cf623a0cc4134b8619a8499164dbdf2c..0c7b846786e888354337ef27ab03ad4ce55f120b 100644 (file)
@@ -1195,10 +1195,10 @@ static bool auth_request_is_disabled_master_user(struct auth_request *request)
                return FALSE;
 
        /* no masterdbs, master logins not supported */
-       auth_request_log_info(request, AUTH_SUBSYS_MECH,
-                             "Attempted master login with no master passdbs "
-                             "(trying to log in as user: %s)",
-                             request->requested_login_user);
+       e_info(request->mech_event,
+              "Attempted master login with no master passdbs "
+              "(trying to log in as user: %s)",
+              request->requested_login_user);
        return TRUE;
 }
 
@@ -1752,7 +1752,7 @@ void auth_request_userdb_callback(enum userdb_result result,
                        e_error(authdb_event(request),
                                "user not found from userdb");
                } else {
-                       auth_request_log_error(request, AUTH_SUBSYS_MECH,
+                       e_error(request->mech_event,
                                "user not found from any userdbs");
                }
                result = USERDB_RESULT_USER_UNKNOWN;
index c83fa406a9e3e277635006795be6a98ef7162db3..05b89236a6cb443233618af30ccbe58adfe143bf 100644 (file)
@@ -14,7 +14,7 @@ mech_anonymous_auth_continue(struct auth_request *request,
                   so that the log message goes right */
                request->user =
                        p_strndup(pool_datastack_create(), data, data_size);
-               auth_request_log_info(request, AUTH_SUBSYS_MECH, "login");
+               e_info(request->mech_event, "login");
        }
 
        request->user = p_strdup(request->pool,
index bbc61053f5d61df98c2b1f66d39503b925b99f18..86533db083420d53bdd1adbfd59fafeb8f803f3c 100644 (file)
@@ -82,8 +82,8 @@ mech_apop_auth_initial(struct auth_request *auth_request,
 
        if (data_size == 0) {
                /* Should never happen */
-               auth_request_log_info(auth_request, AUTH_SUBSYS_MECH,
-                                     "no initial response");
+               e_info(auth_request->mech_event,
+                      "no initial response");
                auth_request_fail(auth_request);
                return;
        }
@@ -103,16 +103,16 @@ mech_apop_auth_initial(struct auth_request *auth_request,
                        tmp++;
        } else {
                /* should never happen */
-               auth_request_log_info(auth_request, AUTH_SUBSYS_MECH,
-                       "malformed data");
+               e_info(auth_request->mech_event,
+                      "malformed data");
                auth_request_fail(auth_request);
                return;
        }
 
        if (tmp + 1 + 16 != end) {
                /* Should never happen */
-               auth_request_log_info(auth_request, AUTH_SUBSYS_MECH,
-                                     "malformed data");
+               e_info(auth_request->mech_event,
+                      "malformed data");
                auth_request_fail(auth_request);
                return;
        }
@@ -129,15 +129,15 @@ mech_apop_auth_initial(struct auth_request *auth_request,
            connect_uid != auth_request->connect_uid ||
             pid != (unsigned long)getpid() ||
            (time_t)timestamp < process_start_time) {
-               auth_request_log_info(auth_request, AUTH_SUBSYS_MECH,
-                                     "invalid challenge");
+               e_info(auth_request->mech_event,
+                      "invalid challenge");
                auth_request_fail(auth_request);
                return;
        }
 
        if (!auth_request_set_username(auth_request, (const char *)username,
                                       &error)) {
-               auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, "%s", error);
+               e_info(auth_request->mech_event, "%s", error);
                auth_request_fail(auth_request);
                return;
        }
index a980b26c317849289bcfbcccb38edf122c9ed180..e6ab88881bce034187768afad7229d1ff5aa6a31 100644 (file)
@@ -55,8 +55,8 @@ static bool verify_credentials(struct cram_auth_request *request,
        const char *response_hex;
 
        if (size != CRAM_MD5_CONTEXTLEN) {
-                auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH,
-                                      "invalid credentials length");
+                e_error(request->auth_request.mech_event,
+                       "invalid credentials length");
                return FALSE;
        }
 
@@ -68,8 +68,8 @@ static bool verify_credentials(struct cram_auth_request *request,
        response_hex = binary_to_hex(digest, sizeof(digest));
 
        if (!mem_equals_timing_safe(response_hex, request->response, sizeof(digest)*2)) {
-               auth_request_log_info(&request->auth_request, AUTH_SUBSYS_MECH,
-                                     AUTH_LOG_MSG_PASSWORD_MISMATCH);
+               e_info(request->auth_request.mech_event,
+                      AUTH_LOG_MSG_PASSWORD_MISMATCH);
                return FALSE;
        }
 
@@ -150,7 +150,7 @@ mech_cram_md5_auth_continue(struct auth_request *auth_request,
        if (error == NULL)
                error = "authentication failed";
 
-        auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, "%s", error);
+        e_info(auth_request->mech_event, "%s", error);
        auth_request_fail(auth_request);
 }
 
index 7defdfc8f42b6e68530cb548fe97fb420930d91d..9e81907b781759e86d3251b546dc3af9d324b870 100644 (file)
@@ -121,8 +121,8 @@ static bool verify_credentials(struct digest_auth_request *request,
 
        /* get the MD5 password */
        if (size != MD5_RESULTLEN) {
-                auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH,
-                                      "invalid credentials length");
+                e_error(request->auth_request.mech_event,
+                       "invalid credentials length");
                return FALSE;
        }
 
@@ -572,7 +572,7 @@ mech_digest_md5_auth_continue(struct auth_request *auth_request,
        }
 
        if (error != NULL)
-                auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, "%s", error);
+                e_info(auth_request->mech_event, "%s", error);
 
        auth_request_fail(auth_request);
 }
index 2470d180b8bd843d502cc2c046865ec9fd580a43..6dee6819fb8938b2702728376cb1faa33d8341f1 100644 (file)
@@ -41,11 +41,11 @@ mech_dovecot_token_auth_continue(struct auth_request *request,
 
        if (count != 4) {
                /* invalid input */
-               auth_request_log_info(request, AUTH_SUBSYS_MECH, "invalid input");
+               e_info(request->mech_event, "invalid input");
                auth_request_fail(request);
        } else if (!auth_request_set_username(request, username, &error)) {
                /* invalid username */
-               auth_request_log_info(request, AUTH_SUBSYS_MECH, "%s", error);
+               e_info(request->mech_event, "%s", error);
                auth_request_fail(request);
        } else {
                const char *valid_token =
index bb00b7a961c5c99cc76d0272db3ddc9cdf46e3be..b9a287b2fc7f7638ff8592693274599653db1b0f 100644 (file)
@@ -13,8 +13,8 @@ mech_external_auth_continue(struct auth_request *request,
 
        authzid = t_strndup(data, data_size);
        if (request->user == NULL) {
-               auth_request_log_info(request, AUTH_SUBSYS_MECH,
-                                     "username not known");
+               e_info(request->mech_event,
+                      "username not known");
                auth_request_fail(request);
                return;
        }
@@ -22,8 +22,8 @@ mech_external_auth_continue(struct auth_request *request,
        /* this call is done simply to put the username through translation
           settings */
        if (!auth_request_set_username(request, "", &error)) {
-               auth_request_log_info(request, AUTH_SUBSYS_MECH,
-                                     "Invalid username");
+               e_info(request->mech_event,
+                      "Invalid username");
                auth_request_fail(request);
                return;
        }
@@ -31,8 +31,8 @@ mech_external_auth_continue(struct auth_request *request,
        if (*authzid != '\0' &&
            !auth_request_set_login_username(request, authzid, &error)) {
                /* invalid login username */
-               auth_request_log_info(request, AUTH_SUBSYS_MECH,
-                                     "login user: %s", error);
+               e_info(request->mech_event,
+                      "login user: %s", error);
                auth_request_fail(request);
        } else {
                 auth_request_verify_plain(request, "",
index 2d8182e5caec83151fa8cadd1ceece2d892edf3d..61a464f0a1edcb84fa335d97306dd502532bfb78 100644 (file)
@@ -95,9 +95,9 @@ static void mech_gssapi_log_error(struct auth_request *request,
                                         status_type, GSS_C_NO_OID,
                                         &message_context, &status_string);
 
-               auth_request_log_info(request, AUTH_SUBSYS_MECH,
-                       "While %s: %s", description,
-                       str_sanitize(status_string.value, (size_t)-1));
+               e_info(request->mech_event,
+                      "While %s: %s", description,
+                      str_sanitize(status_string.value, (size_t)-1));
 
                (void)gss_release_buffer(&minor_status, &status_string);
        } while (message_context != 0);
@@ -148,8 +148,8 @@ obtain_service_credentials(struct auth_request *request, gss_cred_id_t *ret_r)
        }
 
        if (strcmp(request->set->gssapi_hostname, "$ALL") == 0) {
-               auth_request_log_debug(request, AUTH_SUBSYS_MECH,
-                                      "Using all keytab entries");
+               e_debug(request->mech_event,
+                       "Using all keytab entries");
                *ret_r = GSS_C_NO_CREDENTIAL;
                return GSS_S_COMPLETE;
        }
@@ -167,7 +167,7 @@ obtain_service_credentials(struct auth_request *request, gss_cred_id_t *ret_r)
        str_append_c(principal_name, '@');
        str_append(principal_name, request->set->gssapi_hostname);
 
-       auth_request_log_debug(request, AUTH_SUBSYS_MECH,
+       e_debug(request->mech_event,
                "Obtaining credentials for %s", str_c(principal_name));
 
        inbuf.length = str_len(principal_name);
@@ -263,8 +263,8 @@ static int get_display_name(struct auth_request *auth_request, gss_name_t name,
                return -1;
        }
        if (data_has_nuls(buf.value, buf.length)) {
-               auth_request_log_info(auth_request, AUTH_SUBSYS_MECH,
-                                     "authn_name has NULs");
+               e_info(auth_request->mech_event,
+                      "authn_name has NULs");
                return -1;
        }
        *display_name_r = t_strndup(buf.value, buf.length);
@@ -318,30 +318,30 @@ mech_gssapi_sec_context(struct gssapi_auth_request *request,
        switch (major_status) {
        case GSS_S_COMPLETE:
                if (!mech_gssapi_oid_cmp(mech_type, &mech_gssapi_krb5_oid)) {
-                       auth_request_log_info(auth_request, AUTH_SUBSYS_MECH,
-                                             "GSSAPI mechanism not Kerberos5");
+                       e_info(auth_request->mech_event,
+                              "GSSAPI mechanism not Kerberos5");
                        ret = -1;
                } else if (get_display_name(auth_request, request->authn_name,
                                            &name_type, &username) < 0)
                        ret = -1;
                else if (!auth_request_set_username(auth_request, username,
                                                    &error)) {
-                       auth_request_log_info(auth_request, AUTH_SUBSYS_MECH,
-                                             "authn_name: %s", error);
+                       e_info(auth_request->mech_event,
+                              "authn_name: %s", error);
                        ret = -1;
                } else {
                        request->sasl_gssapi_state = GSS_STATE_WRAP;
-                       auth_request_log_debug(auth_request, AUTH_SUBSYS_MECH,
+                       e_debug(auth_request->mech_event,
                                "security context state completed.");
                }
                break;
        case GSS_S_CONTINUE_NEEDED:
-               auth_request_log_debug(auth_request, AUTH_SUBSYS_MECH,
-                                      "Processed incoming packet correctly, "
-                                      "waiting for another.");
+               e_debug(auth_request->mech_event,
+                       "Processed incoming packet correctly, "
+                       "waiting for another.");
                break;
        default:
-               auth_request_log_error(auth_request, AUTH_SUBSYS_MECH,
+               e_error(auth_request->mech_event,
                        "Received unexpected major status %d", major_status);
                break;
        }
@@ -392,8 +392,8 @@ mech_gssapi_wrap(struct gssapi_auth_request *request, gss_buffer_desc inbuf)
                return -1;
        } 
 
-       auth_request_log_debug(&request->auth_request, AUTH_SUBSYS_MECH,
-                              "Negotiated security layer");
+       e_debug(&request->auth_request->mech_event,
+               "Negotiated security layer");
 
        auth_request_handler_reply_continue(&request->auth_request,
                                            outbuf.value, outbuf.length);
@@ -416,7 +416,7 @@ k5_principal_is_authorized(struct auth_request *request, const char *name)
        authorized_names = t_strsplit_spaces(value, ",");
        for (tmp = authorized_names; *tmp != NULL; tmp++) {
                if (strcmp(*tmp, name) == 0) {
-                       auth_request_log_debug(request, AUTH_SUBSYS_MECH,
+                       e_debug(request->mech_event,
                                "authorized by k5principals field: %s", name);
                        return TRUE;
                }
@@ -443,15 +443,15 @@ mech_gssapi_krb5_userok(struct gssapi_auth_request *request,
 
        if (!mech_gssapi_oid_cmp(name_type, GSS_KRB5_NT_PRINCIPAL_NAME) &&
            check_name_type) {
-               auth_request_log_info(&request->auth_request, AUTH_SUBSYS_MECH,
-                                     "OID not kerberos principal name");
+               e_info(&request->auth_request->mech_event,
+                      "OID not kerberos principal name");
                return FALSE;
        }
 
        /* Init a krb5 context and parse the principal username */
        krb5_err = krb5_init_context(&ctx);
        if (krb5_err != 0) {
-               auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH,
+               e_error(&request->auth_request->mech_event,
                        "krb5_init_context() failed: %d", (int)krb5_err);
                return FALSE;
        }
@@ -460,9 +460,9 @@ mech_gssapi_krb5_userok(struct gssapi_auth_request *request,
                /* writing the error string would be better, but we probably
                   rarely get here and there doesn't seem to be a standard
                   way of getting it */
-               auth_request_log_info(&request->auth_request, AUTH_SUBSYS_MECH,
-                                     "krb5_parse_name() failed: %d",
-                                     (int)krb5_err);
+               e_info(&request->auth_request->mech_event,
+                      "krb5_parse_name() failed: %d",
+                      (int)krb5_err);
        } else {
                /* See if the principal is in the list of authorized
                 * principals for the user */
@@ -519,24 +519,24 @@ mech_gssapi_userok(struct gssapi_auth_request *request, const char *login_user)
        } 
 
        if (login_ok == 0) {
-               auth_request_log_info(auth_request, AUTH_SUBSYS_MECH,
-                       "User not authorized to log in as %s", login_user);
+               e_info(auth_request->mech_event,
+                      "User not authorized to log in as %s", login_user);
                return -1;
        }
        return 0;
 #elif defined(USE_KRB5_USEROK)
        if (!mech_gssapi_krb5_userok(request, request->authn_name,
                                     login_user, TRUE)) {
-               auth_request_log_info(auth_request, AUTH_SUBSYS_MECH,
-                       "User not authorized to log in as %s", login_user);
+               e_info(auth_request->mech_event,
+                      "User not authorized to log in as %s", login_user);
                return -1;
        }
 
        return 0;
 #else
-       auth_request_log_info(auth_request, AUTH_SUBSYS_MECH,
-                             "Cross-realm authentication not supported "
-                             "(authn_name=%s, authz_name=%s)", request->auth_request.original_username, login_user);
+       e_info(auth_request->mech_event,
+              "Cross-realm authentication not supported "
+              "(authn_name=%s, authz_name=%s)", request->auth_request.original_username, login_user);
        return -1;
 #endif
 }
@@ -599,8 +599,8 @@ mech_gssapi_unwrap(struct gssapi_auth_request *request, gss_buffer_desc inbuf)
        /* outbuf[0] contains bitmask for selected security layer,
           outbuf[1..3] contains maximum output_message size */
        if (outbuf.length < 4) {
-               auth_request_log_error(auth_request, AUTH_SUBSYS_MECH,
-                                      "Invalid response length");
+               e_error(auth_request->mech_event,
+                       "Invalid response length");
                return -1;
        }
 
@@ -609,8 +609,8 @@ mech_gssapi_unwrap(struct gssapi_auth_request *request, gss_buffer_desc inbuf)
                name_len = outbuf.length - 4;
 
                if (data_has_nuls(name, name_len)) {
-                       auth_request_log_info(auth_request, AUTH_SUBSYS_MECH,
-                                             "authz_name has NULs");
+                       e_info(auth_request->mech_event,
+                              "authz_name has NULs");
                        return -1;
                }
 
@@ -625,8 +625,8 @@ mech_gssapi_unwrap(struct gssapi_auth_request *request, gss_buffer_desc inbuf)
        }
 
        if (request->authz_name == GSS_C_NO_NAME) {
-               auth_request_log_info(auth_request, AUTH_SUBSYS_MECH,
-                                     "no authz_name");
+               e_info(auth_request->mech_event,
+                      "no authz_name");
                return -1;
        }
 
@@ -636,8 +636,8 @@ mech_gssapi_unwrap(struct gssapi_auth_request *request, gss_buffer_desc inbuf)
         * name, which may mean that future log messages should be adjusted
         * to log the right thing. */
        if (!auth_request_set_username(auth_request, login_user, &error)) {
-               auth_request_log_info(auth_request, AUTH_SUBSYS_MECH,
-                                     "authz_name: %s", error);
+               e_info(auth_request->mech_event,
+                      "authz_name: %s", error);
                return -1;
        }
 
index b54b8995578187392d5f5d50630638ae0e3a8c6f..e4da330b9345ff83ca8c607b4b94a132a161eb76 100644 (file)
@@ -24,7 +24,7 @@ mech_login_auth_continue(struct auth_request *request,
                username = t_strndup(data, data_size);
 
                if (!auth_request_set_username(request, username, &error)) {
-                        auth_request_log_info(request, AUTH_SUBSYS_MECH, "%s", error);
+                        e_info(request->mech_event, "%s", error);
                        auth_request_fail(request);
                        return;
                }
index 6a928f4dc6a6e55fedd266ca8b304d61f8d377d4..43afd896f975a73d1d6eb1f2a217f43f2c60c53b 100644 (file)
@@ -38,8 +38,8 @@ static bool lm_verify_credentials(struct ntlm_auth_request *request,
        unsigned int response_length;
 
        if (size != LM_HASH_SIZE) {
-                auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH,
-                                      "invalid LM credentials length");
+                e_error(request->auth_request.mech_event,
+                       "invalid LM credentials length");
                return FALSE;
        }
 
@@ -48,7 +48,7 @@ static bool lm_verify_credentials(struct ntlm_auth_request *request,
        client_response = ntlmssp_buffer_data(request->response, lm_response);
 
        if (response_length < LM_RESPONSE_SIZE) {
-                auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH,
+                e_error(request->auth_request.mech_event,
                        "LM response length is too small");
                return FALSE;
        }
@@ -99,8 +99,8 @@ ntlm_verify_credentials(struct ntlm_auth_request *request,
        }
 
        if (size != NTLMSSP_HASH_SIZE) {
-                auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH,
-                                      "invalid NTLM credentials length");
+                e_error(request->auth_request.mech_event,
+                       "invalid NTLM credentials length");
                return -1;
        }
 
@@ -188,8 +188,8 @@ mech_ntlm_auth_continue(struct auth_request *auth_request,
                uint32_t flags;
 
                if (!ntlmssp_check_request(ntlm_request, data_size, &error)) {
-                       auth_request_log_info(auth_request, AUTH_SUBSYS_MECH,
-                               "invalid NTLM request: %s", error);
+                       e_info(auth_request->mech_event,
+                              "invalid NTLM request: %s", error);
                        auth_request_fail(auth_request);
                        return;
                }
@@ -209,8 +209,8 @@ mech_ntlm_auth_continue(struct auth_request *auth_request,
                const char *username;
 
                if (!ntlmssp_check_response(response, data_size, &error)) {
-                       auth_request_log_info(auth_request, AUTH_SUBSYS_MECH,
-                               "invalid NTLM response: %s", error);
+                       e_info(auth_request->mech_event,
+                              "invalid NTLM response: %s", error);
                        auth_request_fail(auth_request);
                        return;
                }
@@ -222,8 +222,8 @@ mech_ntlm_auth_continue(struct auth_request *auth_request,
                                         request->unicode_negotiated);
 
                if (!auth_request_set_username(auth_request, username, &error)) {
-                       auth_request_log_info(auth_request, AUTH_SUBSYS_MECH,
-                                             "%s", error);
+                       e_info(auth_request->mech_event,
+                              "%s", error);
                        auth_request_fail(auth_request);
                        return;
                }
index b5e9be52cad589cc1c329296a88eb4e64e48cb08..52eb1007ed915ebb133c38629b11f5bc9448954b 100644 (file)
@@ -109,8 +109,8 @@ mech_xoauth2_auth_continue(struct auth_request *request,
                           format does not contain anything to escape */
                        const char *username = (*ptr)+5;
                        if (!auth_request_set_username(request, username, &error)) {
-                               auth_request_log_info(request, AUTH_SUBSYS_MECH,
-                                                     "%s", error);
+                               e_info(request->mech_event,
+                                      "%s", error);
                                auth_request_fail(request);
                                return;
                        }
@@ -121,8 +121,8 @@ mech_xoauth2_auth_continue(struct auth_request *request,
                            oauth2_valid_token(value+7)) {
                                token = value+7;
                        } else {
-                               auth_request_log_info(request, AUTH_SUBSYS_MECH,
-                                                     "Invalid continued data");
+                               e_info(request->mech_event,
+                                      "Invalid continued data");
                                auth_request_fail(request);
                                return;
                        }
@@ -134,7 +134,7 @@ mech_xoauth2_auth_continue(struct auth_request *request,
                auth_request_verify_plain(request, token,
                                          xoauth2_verify_callback);
        else {
-               auth_request_log_info(request, AUTH_SUBSYS_MECH, "Username or token missing");
+               e_info(request->mech_event, "Username or token missing");
                auth_request_fail(request);
        }
 }
@@ -165,8 +165,8 @@ mech_oauthbearer_auth_continue(struct auth_request *request,
        const char *token = NULL;
        /* ensure initial field is OK */
        if (*fields == NULL || *(fields[0]) == '\0') {
-               auth_request_log_info(request, AUTH_SUBSYS_MECH,
-                                     "Invalid continued data");
+               e_info(request->mech_event,
+                      "Invalid continued data");
                auth_request_fail(request);
                return;
        }
@@ -175,14 +175,14 @@ mech_oauthbearer_auth_continue(struct auth_request *request,
        for(ptr = t_strsplit_spaces(fields[0], ","); *ptr != NULL; ptr++) {
                switch(*ptr[0]) {
                case 'f':
-                       auth_request_log_info(request, AUTH_SUBSYS_MECH,
-                                             "Client requested non-standard mechanism");
+                       e_info(request->mech_event,
+                              "Client requested non-standard mechanism");
                        auth_request_fail(request);
                        return;
                case 'p':
                        /* channel binding is not supported */
-                       auth_request_log_info(request, AUTH_SUBSYS_MECH,
-                                             "Client requested and used channel-binding");
+                       e_info(request->mech_event,
+                              "Client requested and used channel-binding");
                        auth_request_fail(request);
                        return;
                case 'n':
@@ -192,20 +192,20 @@ mech_oauthbearer_auth_continue(struct auth_request *request,
                case 'a': /* authzid */
                        if ((*ptr)[1] != '=' ||
                            !oauth2_unescape_username((*ptr)+2, &username)) {
-                                auth_request_log_info(request, AUTH_SUBSYS_MECH,
-                                                      "Invalid username escaping");
+                                e_info(request->mech_event,
+                                       "Invalid username escaping");
                                 auth_request_fail(request);
                                 return;
                        } else if (!auth_request_set_username(request, username, &error)) {
-                               auth_request_log_info(request, AUTH_SUBSYS_MECH,
-                                                     "%s", error);
+                               e_info(request->mech_event,
+                                      "%s", error);
                        } else {
                                user_given = TRUE;
                        }
                        break;
                default:
-                       auth_request_log_info(request, AUTH_SUBSYS_MECH,
-                                             "Invalid gs2-header in request");
+                       e_info(request->mech_event,
+                              "Invalid gs2-header in request");
                        auth_request_fail(request);
                        return;
                }
@@ -218,8 +218,8 @@ mech_oauthbearer_auth_continue(struct auth_request *request,
                            oauth2_valid_token(value+7)) {
                                token = value+7;
                        } else {
-                               auth_request_log_info(request, AUTH_SUBSYS_MECH,
-                                                     "Invalid continued data");
+                               e_info(request->mech_event,
+                                      "Invalid continued data");
                                auth_request_fail(request);
                                return;
                        }
@@ -230,7 +230,7 @@ mech_oauthbearer_auth_continue(struct auth_request *request,
                auth_request_verify_plain(request, token,
                                          oauthbearer_verify_callback);
        else {
-               auth_request_log_info(request, AUTH_SUBSYS_MECH, "Missing username or token");
+               e_info(request->mech_event, "Missing username or token");
                auth_request_fail(request);
        }
 }
index 5666e99f36a24a19d3a9e174dfc44f8cc4fbcf73..706fde4ddea356efba43d427758ad714e125af63 100644 (file)
@@ -25,23 +25,23 @@ otp_send_challenge(struct auth_request *auth_request,
 
        if (otp_parse_dbentry(t_strndup(credentials, size),
                              &request->state) != 0) {
-               auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH,
-                                      "invalid OTP data in passdb");
+               e_error(request->auth_request.mech_event,
+                       "invalid OTP data in passdb");
                auth_request_fail(auth_request);
                return;
        }
 
        if (--request->state.seq < 1) {
-               auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH,
-                                      "sequence number < 1");
+               e_error(request->auth_request.mech_event,
+                       "sequence number < 1");
                auth_request_fail(auth_request);
                return;
        }
 
        request->lock = otp_try_lock(auth_request);
        if (!request->lock) {
-               auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH,
-                                      "user is locked, race attack?");
+               e_error(request->auth_request.mech_event,
+                       "user is locked, race attack?");
                auth_request_fail(auth_request);
                return;
        }
@@ -114,14 +114,14 @@ mech_otp_auth_phase1(struct auth_request *auth_request,
        }
 
        if ((count < 1) || (count > 2)) {
-               auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH,
-                                       "invalid input");
+               e_error(request->auth_request.mech_event,
+                       "invalid input");
                auth_request_fail(auth_request);
                return;
        }
 
        if (!auth_request_set_username(auth_request, authenid, &error)) {
-               auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, "%s", error);
+               e_info(auth_request->mech_event, "%s", error);
                auth_request_fail(auth_request);
                return;
        }
@@ -141,8 +141,8 @@ static void mech_otp_verify(struct auth_request *auth_request,
 
        ret = otp_parse_response(data, hash, hex);
        if (ret < 0) {
-               auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH,
-                                      "invalid response");
+               e_error(request->auth_request.mech_event,
+                       "invalid response");
                auth_request_fail(auth_request);
                otp_unlock(auth_request);
                return;
@@ -176,8 +176,8 @@ static void mech_otp_verify_init(struct auth_request *auth_request,
 
        ret = otp_parse_init_response(data, &new_state, cur_hash, hex, &error);
        if (ret < 0) {
-               auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH,
-                                       "invalid init response, %s", error);
+               e_error(request->auth_request.mech_event,
+                       "invalid init response, %s", error);
                auth_request_fail(auth_request);
                otp_unlock(auth_request);
                return;
@@ -212,8 +212,8 @@ mech_otp_auth_phase2(struct auth_request *auth_request,
        } else if (str_begins(str, "init-word:")) {
                mech_otp_verify_init(auth_request, str + 10, FALSE);
        } else {
-               auth_request_log_error(auth_request, AUTH_SUBSYS_MECH,
-                                      "unsupported response type");
+               e_error(auth_request->mech_event,
+                       "unsupported response type");
                auth_request_fail(auth_request);
                otp_unlock(auth_request);
        }
index 1d2a2fb383a0713e80bd313f44b68af72cb3df9a..344cbe1bf8ed932d5ec635b76fade0fa4d6d8ea6 100644 (file)
@@ -41,17 +41,17 @@ mech_plain_auth_continue(struct auth_request *request,
 
        if (count != 2) {
                /* invalid input */
-               auth_request_log_info(request, AUTH_SUBSYS_MECH, "invalid input");
+               e_info(request->mech_event, "invalid input");
                auth_request_fail(request);
        } else if (!auth_request_set_username(request, authenid, &error)) {
                 /* invalid username */
-                auth_request_log_info(request, AUTH_SUBSYS_MECH, "%s", error);
+                e_info(request->mech_event, "%s", error);
                 auth_request_fail(request);
         } else if (*authid != '\0' &&
                    !auth_request_set_login_username(request, authid, &error)) {
                 /* invalid login username */
-                auth_request_log_info(request, AUTH_SUBSYS_MECH,
-                                      "login user: %s", error);
+                e_info(request->mech_event,
+                      "login user: %s", error);
                 auth_request_fail(request);
         } else {
                 auth_request_verify_plain(request, pass,
index 00fe66971d3b0834f79a0101d343a0af71004a15..94fca52ec0e1ff53aef311352fa6bd46679fbb6f 100644 (file)
@@ -424,8 +424,8 @@ static bool verify_credentials(struct rpa_auth_request *request,
        unsigned char response[MD5_RESULTLEN];
 
        if (size != sizeof(request->pwd_md5)) {
-                auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH,
-                                      "invalid credentials length");
+                e_error(request->auth_request.mech_event,
+                       "invalid credentials length");
                return FALSE;
        }
 
@@ -476,8 +476,8 @@ mech_rpa_auth_phase1(struct auth_request *auth_request,
        const char *service, *error;
 
        if (!rpa_parse_token1(data, data_size, &error)) {
-               auth_request_log_info(auth_request, AUTH_SUBSYS_MECH,
-                       "invalid token 1: %s", error);
+               e_info(auth_request->mech_event,
+                      "invalid token 1: %s", error);
                auth_request_fail(auth_request);
                return;
        }
@@ -502,8 +502,8 @@ mech_rpa_auth_phase2(struct auth_request *auth_request,
        const char *error;
 
        if (!rpa_parse_token3(request, data, data_size, &error)) {
-               auth_request_log_info(auth_request, AUTH_SUBSYS_MECH,
-                       "invalid token 3: %s", error);
+               e_info(auth_request->mech_event,
+                      "invalid token 3: %s", error);
                auth_request_fail(auth_request);
                return;
        }
@@ -520,8 +520,8 @@ mech_rpa_auth_phase3(struct auth_request *auth_request,
 
        if ((data_size != sizeof(client_ack)) ||
            (memcmp(data, client_ack, sizeof(client_ack)) != 0)) {
-               auth_request_log_info(auth_request, AUTH_SUBSYS_MECH,
-                       "invalid token 5 or client rejects us");
+               e_info(auth_request->mech_event,
+                      "invalid token 5 or client rejects us");
                auth_request_fail(auth_request);
        } else {
                auth_request_success(auth_request, "", 0);
index ddf23e2effea436a9d0d06fb91c3c7fc6e4b5bd0..27e1cd2607a1ee1dca884d756a60a39bb9e54b3d 100644 (file)
@@ -263,8 +263,8 @@ static void credentials_callback(enum passdb_result result,
                if (scram_sha1_scheme_parse(credentials, size, &iter_count,
                                            &salt, request->stored_key,
                                            request->server_key, &error) < 0) {
-                       auth_request_log_info(auth_request, AUTH_SUBSYS_MECH,
-                                             "%s", error);
+                       e_info(auth_request->mech_event,
+                              "%s", error);
                        auth_request_fail(auth_request);
                        break;
                }
@@ -366,8 +366,8 @@ static void mech_scram_sha1_auth_continue(struct auth_request *auth_request,
                if (parse_scram_client_final(request, data, data_size,
                                             &error)) {
                        if (!verify_credentials(request)) {
-                               auth_request_log_info(auth_request, AUTH_SUBSYS_MECH,
-                                                     AUTH_LOG_MSG_PASSWORD_MISMATCH);
+                               e_info(auth_request->mech_event,
+                                      AUTH_LOG_MSG_PASSWORD_MISMATCH);
                        } else {
                                server_final_message =
                                        get_scram_server_final(request);
@@ -380,7 +380,7 @@ static void mech_scram_sha1_auth_continue(struct auth_request *auth_request,
        }
 
        if (error != NULL)
-               auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, "%s", error);
+               e_info(auth_request->mech_event, "%s", error);
        auth_request_fail(auth_request);
 }
 
index 74d26ef49b97d35bc474a55bb8cf18a787847bf5..d6819a85902dbd9497451dcaab957b84d2d5e571 100644 (file)
@@ -25,30 +25,30 @@ skey_send_challenge(struct auth_request *auth_request,
 
        if (otp_parse_dbentry(t_strndup(credentials, size),
                              &request->state) != 0) {
-               auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH,
-                                      "invalid OTP data in passdb");
+               e_error(request->auth_request.mech_event,
+                       "invalid OTP data in passdb");
                auth_request_fail(auth_request);
                return;
        }
 
        if (request->state.algo != OTP_HASH_MD4) {
-               auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH,
-                                      "md4 hash is needed");
+               e_error(request->auth_request.mech_event,
+                       "md4 hash is needed");
                auth_request_fail(auth_request);
                return;
        }
 
        if (--request->state.seq < 1) {
-               auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH,
-                                      "sequence number < 1");
+               e_error(request->auth_request.mech_event,
+                       "sequence number < 1");
                auth_request_fail(auth_request);
                return;
        }
 
        request->lock = otp_try_lock(auth_request);
        if (!request->lock) {
-               auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH,
-                                      "user is locked, race attack?");
+               e_error(request->auth_request.mech_event,
+                       "user is locked, race attack?");
                auth_request_fail(auth_request);
                return;
        }
@@ -107,8 +107,8 @@ mech_skey_auth_phase1(struct auth_request *auth_request,
        username = t_strndup(data, data_size);
 
        if (!auth_request_set_username(auth_request, username, &error)) {
-               auth_request_log_info(auth_request, AUTH_SUBSYS_MECH,
-                                     "%s", error);
+               e_info(auth_request->mech_event,
+                      "%s", error);
                auth_request_fail(auth_request);
                return;
        }
@@ -134,8 +134,8 @@ mech_skey_auth_phase2(struct auth_request *auth_request,
 
                ret = otp_parse_response(words, hash, FALSE);
                if (ret < 0) {
-                       auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH,
-                                              "invalid response");
+                       e_error(request->auth_request.mech_event,
+                               "invalid response");
                        auth_request_fail(auth_request);
                        otp_unlock(auth_request);
                        return;
index ca1a9a6d0da7749233149fa2521ae2e22ee11a01..c7f80a7e29264d5c8904cac8f56174c0ac7dfd42 100644 (file)
@@ -177,7 +177,7 @@ do_auth_continue(struct auth_request *auth_request,
        if (o_stream_send(request->winbind->out_pipe,
                          str_data(str), str_len(str)) < 0 ||
            o_stream_flush(request->winbind->out_pipe) < 0) {
-               auth_request_log_error(auth_request, AUTH_SUBSYS_MECH,
+               e_error(auth_request->mech_event,
                        "write(out_pipe) failed: %s",
                        o_stream_get_error(request->winbind->out_pipe));
                return HR_RESTART;
@@ -190,12 +190,12 @@ do_auth_continue(struct auth_request *auth_request,
        }
        if (answer == NULL) {
                if (in_pipe->stream_errno != 0) {
-                       auth_request_log_error(auth_request, AUTH_SUBSYS_MECH,
-                                              "read(in_pipe) failed: %m");
+                       e_error(auth_request->mech_event,
+                               "read(in_pipe) failed: %m");
                } else {
-                       auth_request_log_error(auth_request, AUTH_SUBSYS_MECH,
-                                              "read(in_pipe) failed: "
-                                              "unexpected end of file");
+                       e_error(auth_request->mech_event,
+                               "read(in_pipe) failed: "
+                               "unexpected end of file");
                }
                return HR_RESTART;
        }
@@ -204,8 +204,8 @@ do_auth_continue(struct auth_request *auth_request,
        if (token[0] == NULL ||
            (token[1] == NULL && strcmp(token[0], "BH") != 0) ||
            (gss_spnego && (token[1] == NULL || token[2] == NULL))) {
-               auth_request_log_error(auth_request, AUTH_SUBSYS_MECH,
-                                      "Invalid input from helper: %s", answer);
+               e_error(auth_request->mech_event,
+                       "Invalid input from helper: %s", answer);
                return HR_RESTART;
        }
 
@@ -239,8 +239,8 @@ do_auth_continue(struct auth_request *auth_request,
        } else if (strcmp(token[0], "NA") == 0) {
                const char *error = gss_spnego ? token[2] : token[1];
 
-               auth_request_log_info(auth_request, AUTH_SUBSYS_MECH,
-                                     "user not authenticated: %s", error);
+               e_info(auth_request->mech_event,
+                      "user not authenticated: %s", error);
                return HR_FAIL;
        } else if (strcmp(token[0], "AF") == 0) {
                const char *user, *p, *error;
@@ -257,8 +257,8 @@ do_auth_continue(struct auth_request *auth_request,
                }
 
                if (!auth_request_set_username(auth_request, user, &error)) {
-                       auth_request_log_info(auth_request, AUTH_SUBSYS_MECH,
-                                             "%s", error);
+                       e_info(auth_request->mech_event,
+                              "%s", error);
                        return HR_FAIL;
                }
 
@@ -274,13 +274,13 @@ do_auth_continue(struct auth_request *auth_request,
                }
                return HR_OK;
        } else if (strcmp(token[0], "BH") == 0) {
-               auth_request_log_info(auth_request, AUTH_SUBSYS_MECH,
-                                     "ntlm_auth reports broken helper: %s",
-                                     token[1] != NULL ? token[1] : "");
+               e_info(auth_request->mech_event,
+                      "ntlm_auth reports broken helper: %s",
+                      token[1] != NULL ? token[1] : "");
                return HR_RESTART;
        } else {
-               auth_request_log_error(auth_request, AUTH_SUBSYS_MECH,
-                                      "Invalid input from helper: %s", answer);
+               e_error(auth_request->mech_event,
+                       "Invalid input from helper: %s", answer);
                return HR_RESTART;
        }
 }