From: Aki Tuomi Date: Mon, 3 Dec 2018 08:50:48 +0000 (+0200) Subject: auth: Use event logging for subsys mech X-Git-Tag: 2.3.9~766 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=49c930f7f395fde9fe22f9e2e7ffad601a2928d1;p=thirdparty%2Fdovecot%2Fcore.git auth: Use event logging for subsys mech Automated change sed -i -e 's/auth_request_log_\(.*\)(\(.*\), AUTH_SUBSYS_MECH,/e_\1(\2->mech_event,/' *.c Whitespace fixing done with custom script --- diff --git a/src/auth/auth-request-handler.c b/src/auth/auth-request-handler.c index 5d43e9e31d..0575e0ce06 100644 --- a/src/auth/auth-request-handler.c +++ b/src/auth/auth-request-handler.c @@ -418,7 +418,7 @@ auth_request_handler_auth_fail_code(struct auth_request_handler *handler, { string_t *str = t_str_new(128); - auth_request_log_info(request, AUTH_SUBSYS_MECH, "%s", reason); + e_info(request->mech_event, "%s", reason); str_printfa(str, "FAIL\t%u", request->id); if (*fail_code != '\0') { @@ -445,14 +445,14 @@ static void auth_request_timeout(struct auth_request *request) if (request->state != AUTH_REQUEST_STATE_MECH_CONTINUE) { /* client's fault */ - auth_request_log_error(request, AUTH_SUBSYS_MECH, + e_error(request->mech_event, "Request %u.%u timed out after %u secs, state=%d", request->handler->client_pid, request->id, secs, request->state); } else if (request->set->verbose) { - auth_request_log_info(request, AUTH_SUBSYS_MECH, - "Request timed out waiting for client to continue authentication " - "(%u secs)", secs); + e_info(request->mech_event, + "Request timed out waiting for client to continue authentication " + "(%u secs)", secs); } auth_request_handler_remove(request->handler, request); } diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c index 0a926542cf..0c7b846786 100644 --- a/src/auth/auth-request.c +++ b/src/auth/auth-request.c @@ -1195,10 +1195,10 @@ static bool auth_request_is_disabled_master_user(struct auth_request *request) return FALSE; /* no masterdbs, master logins not supported */ - auth_request_log_info(request, AUTH_SUBSYS_MECH, - "Attempted master login with no master passdbs " - "(trying to log in as user: %s)", - request->requested_login_user); + e_info(request->mech_event, + "Attempted master login with no master passdbs " + "(trying to log in as user: %s)", + request->requested_login_user); return TRUE; } @@ -1752,7 +1752,7 @@ void auth_request_userdb_callback(enum userdb_result result, e_error(authdb_event(request), "user not found from userdb"); } else { - auth_request_log_error(request, AUTH_SUBSYS_MECH, + e_error(request->mech_event, "user not found from any userdbs"); } result = USERDB_RESULT_USER_UNKNOWN; diff --git a/src/auth/mech-anonymous.c b/src/auth/mech-anonymous.c index c83fa406a9..05b89236a6 100644 --- a/src/auth/mech-anonymous.c +++ b/src/auth/mech-anonymous.c @@ -14,7 +14,7 @@ mech_anonymous_auth_continue(struct auth_request *request, so that the log message goes right */ request->user = p_strndup(pool_datastack_create(), data, data_size); - auth_request_log_info(request, AUTH_SUBSYS_MECH, "login"); + e_info(request->mech_event, "login"); } request->user = p_strdup(request->pool, diff --git a/src/auth/mech-apop.c b/src/auth/mech-apop.c index bbc61053f5..86533db083 100644 --- a/src/auth/mech-apop.c +++ b/src/auth/mech-apop.c @@ -82,8 +82,8 @@ mech_apop_auth_initial(struct auth_request *auth_request, if (data_size == 0) { /* Should never happen */ - auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, - "no initial response"); + e_info(auth_request->mech_event, + "no initial response"); auth_request_fail(auth_request); return; } @@ -103,16 +103,16 @@ mech_apop_auth_initial(struct auth_request *auth_request, tmp++; } else { /* should never happen */ - auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, - "malformed data"); + e_info(auth_request->mech_event, + "malformed data"); auth_request_fail(auth_request); return; } if (tmp + 1 + 16 != end) { /* Should never happen */ - auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, - "malformed data"); + e_info(auth_request->mech_event, + "malformed data"); auth_request_fail(auth_request); return; } @@ -129,15 +129,15 @@ mech_apop_auth_initial(struct auth_request *auth_request, connect_uid != auth_request->connect_uid || pid != (unsigned long)getpid() || (time_t)timestamp < process_start_time) { - auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, - "invalid challenge"); + e_info(auth_request->mech_event, + "invalid challenge"); auth_request_fail(auth_request); return; } if (!auth_request_set_username(auth_request, (const char *)username, &error)) { - auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, "%s", error); + e_info(auth_request->mech_event, "%s", error); auth_request_fail(auth_request); return; } diff --git a/src/auth/mech-cram-md5.c b/src/auth/mech-cram-md5.c index a980b26c31..e6ab88881b 100644 --- a/src/auth/mech-cram-md5.c +++ b/src/auth/mech-cram-md5.c @@ -55,8 +55,8 @@ static bool verify_credentials(struct cram_auth_request *request, const char *response_hex; if (size != CRAM_MD5_CONTEXTLEN) { - auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH, - "invalid credentials length"); + e_error(request->auth_request.mech_event, + "invalid credentials length"); return FALSE; } @@ -68,8 +68,8 @@ static bool verify_credentials(struct cram_auth_request *request, response_hex = binary_to_hex(digest, sizeof(digest)); if (!mem_equals_timing_safe(response_hex, request->response, sizeof(digest)*2)) { - auth_request_log_info(&request->auth_request, AUTH_SUBSYS_MECH, - AUTH_LOG_MSG_PASSWORD_MISMATCH); + e_info(request->auth_request.mech_event, + AUTH_LOG_MSG_PASSWORD_MISMATCH); return FALSE; } @@ -150,7 +150,7 @@ mech_cram_md5_auth_continue(struct auth_request *auth_request, if (error == NULL) error = "authentication failed"; - auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, "%s", error); + e_info(auth_request->mech_event, "%s", error); auth_request_fail(auth_request); } diff --git a/src/auth/mech-digest-md5.c b/src/auth/mech-digest-md5.c index 7defdfc8f4..9e81907b78 100644 --- a/src/auth/mech-digest-md5.c +++ b/src/auth/mech-digest-md5.c @@ -121,8 +121,8 @@ static bool verify_credentials(struct digest_auth_request *request, /* get the MD5 password */ if (size != MD5_RESULTLEN) { - auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH, - "invalid credentials length"); + e_error(request->auth_request.mech_event, + "invalid credentials length"); return FALSE; } @@ -572,7 +572,7 @@ mech_digest_md5_auth_continue(struct auth_request *auth_request, } if (error != NULL) - auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, "%s", error); + e_info(auth_request->mech_event, "%s", error); auth_request_fail(auth_request); } diff --git a/src/auth/mech-dovecot-token.c b/src/auth/mech-dovecot-token.c index 2470d180b8..6dee6819fb 100644 --- a/src/auth/mech-dovecot-token.c +++ b/src/auth/mech-dovecot-token.c @@ -41,11 +41,11 @@ mech_dovecot_token_auth_continue(struct auth_request *request, if (count != 4) { /* invalid input */ - auth_request_log_info(request, AUTH_SUBSYS_MECH, "invalid input"); + e_info(request->mech_event, "invalid input"); auth_request_fail(request); } else if (!auth_request_set_username(request, username, &error)) { /* invalid username */ - auth_request_log_info(request, AUTH_SUBSYS_MECH, "%s", error); + e_info(request->mech_event, "%s", error); auth_request_fail(request); } else { const char *valid_token = diff --git a/src/auth/mech-external.c b/src/auth/mech-external.c index bb00b7a961..b9a287b2fc 100644 --- a/src/auth/mech-external.c +++ b/src/auth/mech-external.c @@ -13,8 +13,8 @@ mech_external_auth_continue(struct auth_request *request, authzid = t_strndup(data, data_size); if (request->user == NULL) { - auth_request_log_info(request, AUTH_SUBSYS_MECH, - "username not known"); + e_info(request->mech_event, + "username not known"); auth_request_fail(request); return; } @@ -22,8 +22,8 @@ mech_external_auth_continue(struct auth_request *request, /* this call is done simply to put the username through translation settings */ if (!auth_request_set_username(request, "", &error)) { - auth_request_log_info(request, AUTH_SUBSYS_MECH, - "Invalid username"); + e_info(request->mech_event, + "Invalid username"); auth_request_fail(request); return; } @@ -31,8 +31,8 @@ mech_external_auth_continue(struct auth_request *request, if (*authzid != '\0' && !auth_request_set_login_username(request, authzid, &error)) { /* invalid login username */ - auth_request_log_info(request, AUTH_SUBSYS_MECH, - "login user: %s", error); + e_info(request->mech_event, + "login user: %s", error); auth_request_fail(request); } else { auth_request_verify_plain(request, "", diff --git a/src/auth/mech-gssapi.c b/src/auth/mech-gssapi.c index 2d8182e5ca..61a464f0a1 100644 --- a/src/auth/mech-gssapi.c +++ b/src/auth/mech-gssapi.c @@ -95,9 +95,9 @@ static void mech_gssapi_log_error(struct auth_request *request, status_type, GSS_C_NO_OID, &message_context, &status_string); - auth_request_log_info(request, AUTH_SUBSYS_MECH, - "While %s: %s", description, - str_sanitize(status_string.value, (size_t)-1)); + e_info(request->mech_event, + "While %s: %s", description, + str_sanitize(status_string.value, (size_t)-1)); (void)gss_release_buffer(&minor_status, &status_string); } while (message_context != 0); @@ -148,8 +148,8 @@ obtain_service_credentials(struct auth_request *request, gss_cred_id_t *ret_r) } if (strcmp(request->set->gssapi_hostname, "$ALL") == 0) { - auth_request_log_debug(request, AUTH_SUBSYS_MECH, - "Using all keytab entries"); + e_debug(request->mech_event, + "Using all keytab entries"); *ret_r = GSS_C_NO_CREDENTIAL; return GSS_S_COMPLETE; } @@ -167,7 +167,7 @@ obtain_service_credentials(struct auth_request *request, gss_cred_id_t *ret_r) str_append_c(principal_name, '@'); str_append(principal_name, request->set->gssapi_hostname); - auth_request_log_debug(request, AUTH_SUBSYS_MECH, + e_debug(request->mech_event, "Obtaining credentials for %s", str_c(principal_name)); inbuf.length = str_len(principal_name); @@ -263,8 +263,8 @@ static int get_display_name(struct auth_request *auth_request, gss_name_t name, return -1; } if (data_has_nuls(buf.value, buf.length)) { - auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, - "authn_name has NULs"); + e_info(auth_request->mech_event, + "authn_name has NULs"); return -1; } *display_name_r = t_strndup(buf.value, buf.length); @@ -318,30 +318,30 @@ mech_gssapi_sec_context(struct gssapi_auth_request *request, switch (major_status) { case GSS_S_COMPLETE: if (!mech_gssapi_oid_cmp(mech_type, &mech_gssapi_krb5_oid)) { - auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, - "GSSAPI mechanism not Kerberos5"); + e_info(auth_request->mech_event, + "GSSAPI mechanism not Kerberos5"); ret = -1; } else if (get_display_name(auth_request, request->authn_name, &name_type, &username) < 0) ret = -1; else if (!auth_request_set_username(auth_request, username, &error)) { - auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, - "authn_name: %s", error); + e_info(auth_request->mech_event, + "authn_name: %s", error); ret = -1; } else { request->sasl_gssapi_state = GSS_STATE_WRAP; - auth_request_log_debug(auth_request, AUTH_SUBSYS_MECH, + e_debug(auth_request->mech_event, "security context state completed."); } break; case GSS_S_CONTINUE_NEEDED: - auth_request_log_debug(auth_request, AUTH_SUBSYS_MECH, - "Processed incoming packet correctly, " - "waiting for another."); + e_debug(auth_request->mech_event, + "Processed incoming packet correctly, " + "waiting for another."); break; default: - auth_request_log_error(auth_request, AUTH_SUBSYS_MECH, + e_error(auth_request->mech_event, "Received unexpected major status %d", major_status); break; } @@ -392,8 +392,8 @@ mech_gssapi_wrap(struct gssapi_auth_request *request, gss_buffer_desc inbuf) return -1; } - auth_request_log_debug(&request->auth_request, AUTH_SUBSYS_MECH, - "Negotiated security layer"); + e_debug(&request->auth_request->mech_event, + "Negotiated security layer"); auth_request_handler_reply_continue(&request->auth_request, outbuf.value, outbuf.length); @@ -416,7 +416,7 @@ k5_principal_is_authorized(struct auth_request *request, const char *name) authorized_names = t_strsplit_spaces(value, ","); for (tmp = authorized_names; *tmp != NULL; tmp++) { if (strcmp(*tmp, name) == 0) { - auth_request_log_debug(request, AUTH_SUBSYS_MECH, + e_debug(request->mech_event, "authorized by k5principals field: %s", name); return TRUE; } @@ -443,15 +443,15 @@ mech_gssapi_krb5_userok(struct gssapi_auth_request *request, if (!mech_gssapi_oid_cmp(name_type, GSS_KRB5_NT_PRINCIPAL_NAME) && check_name_type) { - auth_request_log_info(&request->auth_request, AUTH_SUBSYS_MECH, - "OID not kerberos principal name"); + e_info(&request->auth_request->mech_event, + "OID not kerberos principal name"); return FALSE; } /* Init a krb5 context and parse the principal username */ krb5_err = krb5_init_context(&ctx); if (krb5_err != 0) { - auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH, + e_error(&request->auth_request->mech_event, "krb5_init_context() failed: %d", (int)krb5_err); return FALSE; } @@ -460,9 +460,9 @@ mech_gssapi_krb5_userok(struct gssapi_auth_request *request, /* writing the error string would be better, but we probably rarely get here and there doesn't seem to be a standard way of getting it */ - auth_request_log_info(&request->auth_request, AUTH_SUBSYS_MECH, - "krb5_parse_name() failed: %d", - (int)krb5_err); + e_info(&request->auth_request->mech_event, + "krb5_parse_name() failed: %d", + (int)krb5_err); } else { /* See if the principal is in the list of authorized * principals for the user */ @@ -519,24 +519,24 @@ mech_gssapi_userok(struct gssapi_auth_request *request, const char *login_user) } if (login_ok == 0) { - auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, - "User not authorized to log in as %s", login_user); + e_info(auth_request->mech_event, + "User not authorized to log in as %s", login_user); return -1; } return 0; #elif defined(USE_KRB5_USEROK) if (!mech_gssapi_krb5_userok(request, request->authn_name, login_user, TRUE)) { - auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, - "User not authorized to log in as %s", login_user); + e_info(auth_request->mech_event, + "User not authorized to log in as %s", login_user); return -1; } return 0; #else - auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, - "Cross-realm authentication not supported " - "(authn_name=%s, authz_name=%s)", request->auth_request.original_username, login_user); + e_info(auth_request->mech_event, + "Cross-realm authentication not supported " + "(authn_name=%s, authz_name=%s)", request->auth_request.original_username, login_user); return -1; #endif } @@ -599,8 +599,8 @@ mech_gssapi_unwrap(struct gssapi_auth_request *request, gss_buffer_desc inbuf) /* outbuf[0] contains bitmask for selected security layer, outbuf[1..3] contains maximum output_message size */ if (outbuf.length < 4) { - auth_request_log_error(auth_request, AUTH_SUBSYS_MECH, - "Invalid response length"); + e_error(auth_request->mech_event, + "Invalid response length"); return -1; } @@ -609,8 +609,8 @@ mech_gssapi_unwrap(struct gssapi_auth_request *request, gss_buffer_desc inbuf) name_len = outbuf.length - 4; if (data_has_nuls(name, name_len)) { - auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, - "authz_name has NULs"); + e_info(auth_request->mech_event, + "authz_name has NULs"); return -1; } @@ -625,8 +625,8 @@ mech_gssapi_unwrap(struct gssapi_auth_request *request, gss_buffer_desc inbuf) } if (request->authz_name == GSS_C_NO_NAME) { - auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, - "no authz_name"); + e_info(auth_request->mech_event, + "no authz_name"); return -1; } @@ -636,8 +636,8 @@ mech_gssapi_unwrap(struct gssapi_auth_request *request, gss_buffer_desc inbuf) * name, which may mean that future log messages should be adjusted * to log the right thing. */ if (!auth_request_set_username(auth_request, login_user, &error)) { - auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, - "authz_name: %s", error); + e_info(auth_request->mech_event, + "authz_name: %s", error); return -1; } diff --git a/src/auth/mech-login.c b/src/auth/mech-login.c index b54b899557..e4da330b93 100644 --- a/src/auth/mech-login.c +++ b/src/auth/mech-login.c @@ -24,7 +24,7 @@ mech_login_auth_continue(struct auth_request *request, username = t_strndup(data, data_size); if (!auth_request_set_username(request, username, &error)) { - auth_request_log_info(request, AUTH_SUBSYS_MECH, "%s", error); + e_info(request->mech_event, "%s", error); auth_request_fail(request); return; } diff --git a/src/auth/mech-ntlm.c b/src/auth/mech-ntlm.c index 6a928f4dc6..43afd896f9 100644 --- a/src/auth/mech-ntlm.c +++ b/src/auth/mech-ntlm.c @@ -38,8 +38,8 @@ static bool lm_verify_credentials(struct ntlm_auth_request *request, unsigned int response_length; if (size != LM_HASH_SIZE) { - auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH, - "invalid LM credentials length"); + e_error(request->auth_request.mech_event, + "invalid LM credentials length"); return FALSE; } @@ -48,7 +48,7 @@ static bool lm_verify_credentials(struct ntlm_auth_request *request, client_response = ntlmssp_buffer_data(request->response, lm_response); if (response_length < LM_RESPONSE_SIZE) { - auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH, + e_error(request->auth_request.mech_event, "LM response length is too small"); return FALSE; } @@ -99,8 +99,8 @@ ntlm_verify_credentials(struct ntlm_auth_request *request, } if (size != NTLMSSP_HASH_SIZE) { - auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH, - "invalid NTLM credentials length"); + e_error(request->auth_request.mech_event, + "invalid NTLM credentials length"); return -1; } @@ -188,8 +188,8 @@ mech_ntlm_auth_continue(struct auth_request *auth_request, uint32_t flags; if (!ntlmssp_check_request(ntlm_request, data_size, &error)) { - auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, - "invalid NTLM request: %s", error); + e_info(auth_request->mech_event, + "invalid NTLM request: %s", error); auth_request_fail(auth_request); return; } @@ -209,8 +209,8 @@ mech_ntlm_auth_continue(struct auth_request *auth_request, const char *username; if (!ntlmssp_check_response(response, data_size, &error)) { - auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, - "invalid NTLM response: %s", error); + e_info(auth_request->mech_event, + "invalid NTLM response: %s", error); auth_request_fail(auth_request); return; } @@ -222,8 +222,8 @@ mech_ntlm_auth_continue(struct auth_request *auth_request, request->unicode_negotiated); if (!auth_request_set_username(auth_request, username, &error)) { - auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, - "%s", error); + e_info(auth_request->mech_event, + "%s", error); auth_request_fail(auth_request); return; } diff --git a/src/auth/mech-oauth2.c b/src/auth/mech-oauth2.c index b5e9be52ca..52eb1007ed 100644 --- a/src/auth/mech-oauth2.c +++ b/src/auth/mech-oauth2.c @@ -109,8 +109,8 @@ mech_xoauth2_auth_continue(struct auth_request *request, format does not contain anything to escape */ const char *username = (*ptr)+5; if (!auth_request_set_username(request, username, &error)) { - auth_request_log_info(request, AUTH_SUBSYS_MECH, - "%s", error); + e_info(request->mech_event, + "%s", error); auth_request_fail(request); return; } @@ -121,8 +121,8 @@ mech_xoauth2_auth_continue(struct auth_request *request, oauth2_valid_token(value+7)) { token = value+7; } else { - auth_request_log_info(request, AUTH_SUBSYS_MECH, - "Invalid continued data"); + e_info(request->mech_event, + "Invalid continued data"); auth_request_fail(request); return; } @@ -134,7 +134,7 @@ mech_xoauth2_auth_continue(struct auth_request *request, auth_request_verify_plain(request, token, xoauth2_verify_callback); else { - auth_request_log_info(request, AUTH_SUBSYS_MECH, "Username or token missing"); + e_info(request->mech_event, "Username or token missing"); auth_request_fail(request); } } @@ -165,8 +165,8 @@ mech_oauthbearer_auth_continue(struct auth_request *request, const char *token = NULL; /* ensure initial field is OK */ if (*fields == NULL || *(fields[0]) == '\0') { - auth_request_log_info(request, AUTH_SUBSYS_MECH, - "Invalid continued data"); + e_info(request->mech_event, + "Invalid continued data"); auth_request_fail(request); return; } @@ -175,14 +175,14 @@ mech_oauthbearer_auth_continue(struct auth_request *request, for(ptr = t_strsplit_spaces(fields[0], ","); *ptr != NULL; ptr++) { switch(*ptr[0]) { case 'f': - auth_request_log_info(request, AUTH_SUBSYS_MECH, - "Client requested non-standard mechanism"); + e_info(request->mech_event, + "Client requested non-standard mechanism"); auth_request_fail(request); return; case 'p': /* channel binding is not supported */ - auth_request_log_info(request, AUTH_SUBSYS_MECH, - "Client requested and used channel-binding"); + e_info(request->mech_event, + "Client requested and used channel-binding"); auth_request_fail(request); return; case 'n': @@ -192,20 +192,20 @@ mech_oauthbearer_auth_continue(struct auth_request *request, case 'a': /* authzid */ if ((*ptr)[1] != '=' || !oauth2_unescape_username((*ptr)+2, &username)) { - auth_request_log_info(request, AUTH_SUBSYS_MECH, - "Invalid username escaping"); + e_info(request->mech_event, + "Invalid username escaping"); auth_request_fail(request); return; } else if (!auth_request_set_username(request, username, &error)) { - auth_request_log_info(request, AUTH_SUBSYS_MECH, - "%s", error); + e_info(request->mech_event, + "%s", error); } else { user_given = TRUE; } break; default: - auth_request_log_info(request, AUTH_SUBSYS_MECH, - "Invalid gs2-header in request"); + e_info(request->mech_event, + "Invalid gs2-header in request"); auth_request_fail(request); return; } @@ -218,8 +218,8 @@ mech_oauthbearer_auth_continue(struct auth_request *request, oauth2_valid_token(value+7)) { token = value+7; } else { - auth_request_log_info(request, AUTH_SUBSYS_MECH, - "Invalid continued data"); + e_info(request->mech_event, + "Invalid continued data"); auth_request_fail(request); return; } @@ -230,7 +230,7 @@ mech_oauthbearer_auth_continue(struct auth_request *request, auth_request_verify_plain(request, token, oauthbearer_verify_callback); else { - auth_request_log_info(request, AUTH_SUBSYS_MECH, "Missing username or token"); + e_info(request->mech_event, "Missing username or token"); auth_request_fail(request); } } diff --git a/src/auth/mech-otp.c b/src/auth/mech-otp.c index 5666e99f36..706fde4dde 100644 --- a/src/auth/mech-otp.c +++ b/src/auth/mech-otp.c @@ -25,23 +25,23 @@ otp_send_challenge(struct auth_request *auth_request, if (otp_parse_dbentry(t_strndup(credentials, size), &request->state) != 0) { - auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH, - "invalid OTP data in passdb"); + e_error(request->auth_request.mech_event, + "invalid OTP data in passdb"); auth_request_fail(auth_request); return; } if (--request->state.seq < 1) { - auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH, - "sequence number < 1"); + e_error(request->auth_request.mech_event, + "sequence number < 1"); auth_request_fail(auth_request); return; } request->lock = otp_try_lock(auth_request); if (!request->lock) { - auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH, - "user is locked, race attack?"); + e_error(request->auth_request.mech_event, + "user is locked, race attack?"); auth_request_fail(auth_request); return; } @@ -114,14 +114,14 @@ mech_otp_auth_phase1(struct auth_request *auth_request, } if ((count < 1) || (count > 2)) { - auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH, - "invalid input"); + e_error(request->auth_request.mech_event, + "invalid input"); auth_request_fail(auth_request); return; } if (!auth_request_set_username(auth_request, authenid, &error)) { - auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, "%s", error); + e_info(auth_request->mech_event, "%s", error); auth_request_fail(auth_request); return; } @@ -141,8 +141,8 @@ static void mech_otp_verify(struct auth_request *auth_request, ret = otp_parse_response(data, hash, hex); if (ret < 0) { - auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH, - "invalid response"); + e_error(request->auth_request.mech_event, + "invalid response"); auth_request_fail(auth_request); otp_unlock(auth_request); return; @@ -176,8 +176,8 @@ static void mech_otp_verify_init(struct auth_request *auth_request, ret = otp_parse_init_response(data, &new_state, cur_hash, hex, &error); if (ret < 0) { - auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH, - "invalid init response, %s", error); + e_error(request->auth_request.mech_event, + "invalid init response, %s", error); auth_request_fail(auth_request); otp_unlock(auth_request); return; @@ -212,8 +212,8 @@ mech_otp_auth_phase2(struct auth_request *auth_request, } else if (str_begins(str, "init-word:")) { mech_otp_verify_init(auth_request, str + 10, FALSE); } else { - auth_request_log_error(auth_request, AUTH_SUBSYS_MECH, - "unsupported response type"); + e_error(auth_request->mech_event, + "unsupported response type"); auth_request_fail(auth_request); otp_unlock(auth_request); } diff --git a/src/auth/mech-plain.c b/src/auth/mech-plain.c index 1d2a2fb383..344cbe1bf8 100644 --- a/src/auth/mech-plain.c +++ b/src/auth/mech-plain.c @@ -41,17 +41,17 @@ mech_plain_auth_continue(struct auth_request *request, if (count != 2) { /* invalid input */ - auth_request_log_info(request, AUTH_SUBSYS_MECH, "invalid input"); + e_info(request->mech_event, "invalid input"); auth_request_fail(request); } else if (!auth_request_set_username(request, authenid, &error)) { /* invalid username */ - auth_request_log_info(request, AUTH_SUBSYS_MECH, "%s", error); + e_info(request->mech_event, "%s", error); auth_request_fail(request); } else if (*authid != '\0' && !auth_request_set_login_username(request, authid, &error)) { /* invalid login username */ - auth_request_log_info(request, AUTH_SUBSYS_MECH, - "login user: %s", error); + e_info(request->mech_event, + "login user: %s", error); auth_request_fail(request); } else { auth_request_verify_plain(request, pass, diff --git a/src/auth/mech-rpa.c b/src/auth/mech-rpa.c index 00fe66971d..94fca52ec0 100644 --- a/src/auth/mech-rpa.c +++ b/src/auth/mech-rpa.c @@ -424,8 +424,8 @@ static bool verify_credentials(struct rpa_auth_request *request, unsigned char response[MD5_RESULTLEN]; if (size != sizeof(request->pwd_md5)) { - auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH, - "invalid credentials length"); + e_error(request->auth_request.mech_event, + "invalid credentials length"); return FALSE; } @@ -476,8 +476,8 @@ mech_rpa_auth_phase1(struct auth_request *auth_request, const char *service, *error; if (!rpa_parse_token1(data, data_size, &error)) { - auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, - "invalid token 1: %s", error); + e_info(auth_request->mech_event, + "invalid token 1: %s", error); auth_request_fail(auth_request); return; } @@ -502,8 +502,8 @@ mech_rpa_auth_phase2(struct auth_request *auth_request, const char *error; if (!rpa_parse_token3(request, data, data_size, &error)) { - auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, - "invalid token 3: %s", error); + e_info(auth_request->mech_event, + "invalid token 3: %s", error); auth_request_fail(auth_request); return; } @@ -520,8 +520,8 @@ mech_rpa_auth_phase3(struct auth_request *auth_request, if ((data_size != sizeof(client_ack)) || (memcmp(data, client_ack, sizeof(client_ack)) != 0)) { - auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, - "invalid token 5 or client rejects us"); + e_info(auth_request->mech_event, + "invalid token 5 or client rejects us"); auth_request_fail(auth_request); } else { auth_request_success(auth_request, "", 0); diff --git a/src/auth/mech-scram-sha1.c b/src/auth/mech-scram-sha1.c index ddf23e2eff..27e1cd2607 100644 --- a/src/auth/mech-scram-sha1.c +++ b/src/auth/mech-scram-sha1.c @@ -263,8 +263,8 @@ static void credentials_callback(enum passdb_result result, if (scram_sha1_scheme_parse(credentials, size, &iter_count, &salt, request->stored_key, request->server_key, &error) < 0) { - auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, - "%s", error); + e_info(auth_request->mech_event, + "%s", error); auth_request_fail(auth_request); break; } @@ -366,8 +366,8 @@ static void mech_scram_sha1_auth_continue(struct auth_request *auth_request, if (parse_scram_client_final(request, data, data_size, &error)) { if (!verify_credentials(request)) { - auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, - AUTH_LOG_MSG_PASSWORD_MISMATCH); + e_info(auth_request->mech_event, + AUTH_LOG_MSG_PASSWORD_MISMATCH); } else { server_final_message = get_scram_server_final(request); @@ -380,7 +380,7 @@ static void mech_scram_sha1_auth_continue(struct auth_request *auth_request, } if (error != NULL) - auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, "%s", error); + e_info(auth_request->mech_event, "%s", error); auth_request_fail(auth_request); } diff --git a/src/auth/mech-skey.c b/src/auth/mech-skey.c index 74d26ef49b..d6819a8590 100644 --- a/src/auth/mech-skey.c +++ b/src/auth/mech-skey.c @@ -25,30 +25,30 @@ skey_send_challenge(struct auth_request *auth_request, if (otp_parse_dbentry(t_strndup(credentials, size), &request->state) != 0) { - auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH, - "invalid OTP data in passdb"); + e_error(request->auth_request.mech_event, + "invalid OTP data in passdb"); auth_request_fail(auth_request); return; } if (request->state.algo != OTP_HASH_MD4) { - auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH, - "md4 hash is needed"); + e_error(request->auth_request.mech_event, + "md4 hash is needed"); auth_request_fail(auth_request); return; } if (--request->state.seq < 1) { - auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH, - "sequence number < 1"); + e_error(request->auth_request.mech_event, + "sequence number < 1"); auth_request_fail(auth_request); return; } request->lock = otp_try_lock(auth_request); if (!request->lock) { - auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH, - "user is locked, race attack?"); + e_error(request->auth_request.mech_event, + "user is locked, race attack?"); auth_request_fail(auth_request); return; } @@ -107,8 +107,8 @@ mech_skey_auth_phase1(struct auth_request *auth_request, username = t_strndup(data, data_size); if (!auth_request_set_username(auth_request, username, &error)) { - auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, - "%s", error); + e_info(auth_request->mech_event, + "%s", error); auth_request_fail(auth_request); return; } @@ -134,8 +134,8 @@ mech_skey_auth_phase2(struct auth_request *auth_request, ret = otp_parse_response(words, hash, FALSE); if (ret < 0) { - auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH, - "invalid response"); + e_error(request->auth_request.mech_event, + "invalid response"); auth_request_fail(auth_request); otp_unlock(auth_request); return; diff --git a/src/auth/mech-winbind.c b/src/auth/mech-winbind.c index ca1a9a6d0d..c7f80a7e29 100644 --- a/src/auth/mech-winbind.c +++ b/src/auth/mech-winbind.c @@ -177,7 +177,7 @@ do_auth_continue(struct auth_request *auth_request, if (o_stream_send(request->winbind->out_pipe, str_data(str), str_len(str)) < 0 || o_stream_flush(request->winbind->out_pipe) < 0) { - auth_request_log_error(auth_request, AUTH_SUBSYS_MECH, + e_error(auth_request->mech_event, "write(out_pipe) failed: %s", o_stream_get_error(request->winbind->out_pipe)); return HR_RESTART; @@ -190,12 +190,12 @@ do_auth_continue(struct auth_request *auth_request, } if (answer == NULL) { if (in_pipe->stream_errno != 0) { - auth_request_log_error(auth_request, AUTH_SUBSYS_MECH, - "read(in_pipe) failed: %m"); + e_error(auth_request->mech_event, + "read(in_pipe) failed: %m"); } else { - auth_request_log_error(auth_request, AUTH_SUBSYS_MECH, - "read(in_pipe) failed: " - "unexpected end of file"); + e_error(auth_request->mech_event, + "read(in_pipe) failed: " + "unexpected end of file"); } return HR_RESTART; } @@ -204,8 +204,8 @@ do_auth_continue(struct auth_request *auth_request, if (token[0] == NULL || (token[1] == NULL && strcmp(token[0], "BH") != 0) || (gss_spnego && (token[1] == NULL || token[2] == NULL))) { - auth_request_log_error(auth_request, AUTH_SUBSYS_MECH, - "Invalid input from helper: %s", answer); + e_error(auth_request->mech_event, + "Invalid input from helper: %s", answer); return HR_RESTART; } @@ -239,8 +239,8 @@ do_auth_continue(struct auth_request *auth_request, } else if (strcmp(token[0], "NA") == 0) { const char *error = gss_spnego ? token[2] : token[1]; - auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, - "user not authenticated: %s", error); + e_info(auth_request->mech_event, + "user not authenticated: %s", error); return HR_FAIL; } else if (strcmp(token[0], "AF") == 0) { const char *user, *p, *error; @@ -257,8 +257,8 @@ do_auth_continue(struct auth_request *auth_request, } if (!auth_request_set_username(auth_request, user, &error)) { - auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, - "%s", error); + e_info(auth_request->mech_event, + "%s", error); return HR_FAIL; } @@ -274,13 +274,13 @@ do_auth_continue(struct auth_request *auth_request, } return HR_OK; } else if (strcmp(token[0], "BH") == 0) { - auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, - "ntlm_auth reports broken helper: %s", - token[1] != NULL ? token[1] : ""); + e_info(auth_request->mech_event, + "ntlm_auth reports broken helper: %s", + token[1] != NULL ? token[1] : ""); return HR_RESTART; } else { - auth_request_log_error(auth_request, AUTH_SUBSYS_MECH, - "Invalid input from helper: %s", answer); + e_error(auth_request->mech_event, + "Invalid input from helper: %s", answer); return HR_RESTART; } }