imap-login: Add internal, external and trusted fields to imap_id_received event

diff --git a/src/imap-login/imap-login-client.h b/src/imap-login/imap-login-client.h
index a62d30445a2a5f7bcdd1aadc7fc55041a72e9057..cf7fb2be503739ccf5b706bdaeee455099fb1c32 100644 (file)
--- a/src/imap-login/imap-login-client.h
+++ b/src/imap-login/imap-login-client.h
@@ -49,6 +49,12 @@ struct imap_client_cmd_id {
        struct event *params_event;
        struct imap_id_params *params;
        string_t *log_reply;
+       /* ID contained internal x-* keys containing IPs/session/etc */
+       bool seen_internal_keys;
+       /* ID contained non-internal keys, i.e. the end user client had sent
+          an ID command with some parameters. Note that Dovecot proxy can
+          send an ID command with both internal and external keys. */
+       bool seen_external_keys;
 };
 
 struct imap_client {

diff --git a/src/imap-login/imap-login-cmd-id.c b/src/imap-login/imap-login-cmd-id.c
index 645f7c1aa92b1896caa5038ab41c2ada7b083192..5c97b84f59612cf5e4a1b60fada6ac597dca7230 100644 (file)
--- a/src/imap-login/imap-login-cmd-id.c
+++ b/src/imap-login/imap-login-cmd-id.c
@@ -183,6 +183,11 @@ static bool cmd_id_handle_keyvalue(struct imap_client *client,
                imap_id_param_handler_find(key);
        bool is_login_id_param = handler != NULL;
 
+       if (is_login_id_param)
+               client->cmd_id->seen_internal_keys = TRUE;
+       else
+               client->cmd_id->seen_external_keys = TRUE;
+
        if (!is_login_id_param) {
                /* not an internal key */
        } else if (client->id_logged) {
@@ -293,8 +298,22 @@ static void cmd_id_finish(struct imap_client *client)
        if (!client->id_logged) {
                client->id_logged = TRUE;
 
-               e_debug(client->cmd_id->params_event,
-                       "Pre-login ID sent: %s",
+               if (client->cmd_id->seen_internal_keys)
+                       event_add_str(client->cmd_id->params_event, "internal", "yes");
+               if (client->cmd_id->seen_external_keys)
+                       event_add_str(client->cmd_id->params_event, "external", "yes");
+               if (client->common.connection_trusted)
+                       event_add_str(client->cmd_id->params_event, "trusted", "yes");
+
+               const char *prefix;
+               if (!client->cmd_id->seen_internal_keys)
+                       prefix = "Pre-login ID sent";
+               else if (client->common.connection_trusted) {
+                       prefix = "Pre-login internal ID sent from trusted client";
+               } else {
+                       prefix = "Pre-login internal ID sent from untrusted client - ignoring";
+               }
+               e_debug(client->cmd_id->params_event, "%s: %s", prefix,
                        str_sanitize(str_c(client->cmd_id->log_reply),
                                     IMAP_ID_PARAMS_LOG_MAX_LEN));
        }