From: Timo Sirainen Date: Sun, 3 May 2020 15:35:57 +0000 (+0300) Subject: login-proxy: Replace e_error()+client_proxy_failed() calls with login_proxy_failed() X-Git-Tag: 2.3.13~676 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e3aa7687d60d5632ecfed41ed9b644a7314a2ee7;p=thirdparty%2Fdovecot%2Fcore.git login-proxy: Replace e_error()+client_proxy_failed() calls with login_proxy_failed() The event parameter for login_proxy_failed() allows creating named events using passthrough events, but for now there aren't any named events. --- diff --git a/src/imap-login/imap-proxy.c b/src/imap-login/imap-proxy.c index bf13ec9076..34f98d5fc0 100644 --- a/src/imap-login/imap-proxy.c +++ b/src/imap-login/imap-proxy.c @@ -80,9 +80,10 @@ static int proxy_write_starttls(struct imap_client *client, string_t *str) if ((ssl_flags & PROXY_SSL_FLAG_STARTTLS) != 0) { if (client->proxy_backend_capability != NULL && !str_array_icase_find(t_strsplit(client->proxy_backend_capability, " "), "STARTTLS")) { - e_error(login_proxy_get_event(client->common.login_proxy), - "Remote doesn't support STARTTLS"); - client_proxy_failed(&client->common, TRUE); + login_proxy_failed(client->common.login_proxy, + login_proxy_get_event(client->common.login_proxy), + LOGIN_PROXY_FAILURE_TYPE_REMOTE_CONFIG, + "STARTTLS not supported"); return -1; } str_append(str, "S STARTTLS\r\n"); @@ -121,9 +122,10 @@ static int proxy_write_login(struct imap_client *client, string_t *str) /* logging in normally - use LOGIN command */ if (client->proxy_logindisabled && login_proxy_get_ssl_flags(client->common.login_proxy) == 0) { - e_error(login_proxy_get_event(client->common.login_proxy), - "Remote advertised LOGINDISABLED and SSL/TLS not enabled"); - client_proxy_failed(&client->common, TRUE); + login_proxy_failed(client->common.login_proxy, + login_proxy_get_event(client->common.login_proxy), + LOGIN_PROXY_FAILURE_TYPE_REMOTE_CONFIG, + "LOGINDISABLED advertised, but SSL/TLS not enabled"); return -1; } str_append(str, "L LOGIN "); @@ -152,10 +154,12 @@ static int proxy_write_login(struct imap_client *client, string_t *str) if (client->proxy_sasl_ir) { if (dsasl_client_output(client->common.proxy_sasl_client, &output, &len, &error) < 0) { - e_error(login_proxy_get_event(client->common.login_proxy), + const char *reason = t_strdup_printf( "SASL mechanism %s init failed: %s", mech_name, error); - client_proxy_failed(&client->common, TRUE); + login_proxy_failed(client->common.login_proxy, + login_proxy_get_event(client->common.login_proxy), + LOGIN_PROXY_FAILURE_TYPE_INTERNAL, reason); return -1; } str_append_c(str, ' '); @@ -178,10 +182,11 @@ static int proxy_input_banner(struct imap_client *client, int ret; if (!str_begins(line, "* OK ")) { - e_error(login_proxy_get_event(client->common.login_proxy), - "Remote returned invalid banner: %s", + const char *reason = t_strdup_printf("Invalid banner: %s", str_sanitize(line, 160)); - client_proxy_failed(&client->common, TRUE); + login_proxy_failed(client->common.login_proxy, + login_proxy_get_event(client->common.login_proxy), + LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason); return -1; } @@ -285,9 +290,11 @@ int imap_proxy_parse_line(struct client *client, const char *line) str = t_str_new(128); if (line[1] != ' ' || base64_decode(line+2, strlen(line+2), NULL, str) < 0) { - e_error(login_proxy_get_event(client->login_proxy), - "Server sent invalid base64 data in AUTHENTICATE response"); - client_proxy_failed(client, TRUE); + const char *reason = t_strdup_printf( + "Invalid base64 data in AUTHENTICATE response"); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason); return -1; } ret = dsasl_client_input(client->proxy_sasl_client, @@ -297,10 +304,11 @@ int imap_proxy_parse_line(struct client *client, const char *line) &data, &data_len, &error); } if (ret < 0) { - e_error(login_proxy_get_event(client->login_proxy), - "Server sent invalid authentication data: %s", - error); - client_proxy_failed(client, TRUE); + const char *reason = t_strdup_printf( + "Invalid authentication data: %s", error); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason); return -1; } i_assert(ret == 0); @@ -318,10 +326,12 @@ int imap_proxy_parse_line(struct client *client, const char *line) if (!str_begins(line, "S OK ")) { /* STARTTLS failed */ - e_error(login_proxy_get_event(client->login_proxy), - "Remote STARTTLS failed: %s", + const char *reason = t_strdup_printf( + "STARTTLS failed: %s", str_sanitize(line + 5, 160)); - client_proxy_failed(client, TRUE); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_REMOTE, reason); return -1; } /* STARTTLS successful, begin TLS negotiation. */ diff --git a/src/login-common/client-common-auth.c b/src/login-common/client-common-auth.c index 1fea855e4b..0d2852d0f3 100644 --- a/src/login-common/client-common-auth.c +++ b/src/login-common/client-common-auth.c @@ -344,7 +344,9 @@ static void proxy_input(struct client *client) } /* failed for some reason, probably server disconnected */ - client_proxy_failed(client, TRUE); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_CONNECT, NULL); return; } @@ -352,22 +354,24 @@ static void proxy_input(struct client *client) switch (i_stream_read(input)) { case -2: - e_error(login_proxy_get_event(client->login_proxy), - "Disconnected by proxy: " - "Received too long line from remote server"); - client_proxy_failed(client, TRUE); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, + "Too long input line"); return; case -1: line = i_stream_next_line(input); duration = ioloop_time - client->created; - e_error(login_proxy_get_event(client->login_proxy), + const char *reason = t_strdup_printf( "Disconnected by server: %s " "(state=%s, duration=%us)%s", io_stream_get_disconnect_reason(input, NULL), client_proxy_get_state(client), duration, line == NULL ? "" : t_strdup_printf( " - BUG: line not read: %s", line)); - client_proxy_failed(client, TRUE); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_CONNECT, reason); return; } diff --git a/src/login-common/login-proxy.c b/src/login-common/login-proxy.c index 48a998c07c..65cd51427b 100644 --- a/src/login-common/login-proxy.c +++ b/src/login-common/login-proxy.c @@ -739,9 +739,10 @@ int login_proxy_starttls(struct login_proxy *proxy) io_remove(&proxy->server_io); if (ssl_iostream_client_context_cache_get(&ssl_set, &ssl_ctx, &error) < 0) { - e_error(proxy->event, "Failed to create SSL client context: %s", - error); - client_proxy_failed(proxy->client, TRUE); + const char *reason = t_strdup_printf( + "Failed to create SSL client context: %s", error); + login_proxy_failed(proxy, proxy->event, + LOGIN_PROXY_FAILURE_TYPE_INTERNAL, reason); return -1; } @@ -750,17 +751,21 @@ int login_proxy_starttls(struct login_proxy *proxy) &proxy->server_output, &proxy->server_ssl_iostream, &error) < 0) { - e_error(proxy->event, "Failed to create SSL client: %s", error); - client_proxy_failed(proxy->client, TRUE); + const char *reason = t_strdup_printf( + "Failed to create SSL client: %s", error); + login_proxy_failed(proxy, proxy->event, + LOGIN_PROXY_FAILURE_TYPE_INTERNAL, reason); ssl_iostream_context_unref(&ssl_ctx); return -1; } ssl_iostream_context_unref(&ssl_ctx); if (ssl_iostream_handshake(proxy->server_ssl_iostream) < 0) { error = ssl_iostream_get_last_error(proxy->server_ssl_iostream); - e_error(proxy->event, "Failed to start SSL handshake: %s", + const char *reason = t_strdup_printf( + "Failed to start SSL handshake: %s", ssl_iostream_get_last_error(proxy->server_ssl_iostream)); - client_proxy_failed(proxy->client, TRUE); + login_proxy_failed(proxy, proxy->event, + LOGIN_PROXY_FAILURE_TYPE_INTERNAL, reason); return -1; } diff --git a/src/pop3-login/pop3-proxy.c b/src/pop3-login/pop3-proxy.c index 11bae13e7e..496c29bfb0 100644 --- a/src/pop3-login/pop3-proxy.c +++ b/src/pop3-login/pop3-proxy.c @@ -87,10 +87,12 @@ static int proxy_send_login(struct pop3_client *client, struct ostream *output) str_printfa(str, "AUTH %s ", mech_name); if (dsasl_client_output(client->common.proxy_sasl_client, &sasl_output, &len, &error) < 0) { - e_error(login_proxy_get_event(client->common.login_proxy), + const char *reason = t_strdup_printf( "SASL mechanism %s init failed: %s", mech_name, error); - client_proxy_failed(&client->common, TRUE); + login_proxy_failed(client->common.login_proxy, + login_proxy_get_event(client->common.login_proxy), + LOGIN_PROXY_FAILURE_TYPE_INTERNAL, reason); return -1; } if (len == 0) @@ -118,9 +120,11 @@ pop3_proxy_continue_sasl_auth(struct client *client, struct ostream *output, str = t_str_new(128); if (base64_decode(line, strlen(line), NULL, str) < 0) { - e_error(login_proxy_get_event(client->login_proxy), - "Server sent invalid base64 data in AUTH response"); - client_proxy_failed(client, TRUE); + const char *reason = t_strdup_printf( + "Invalid base64 data in AUTH response"); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason); return -1; } ret = dsasl_client_input(client->proxy_sasl_client, @@ -130,9 +134,11 @@ pop3_proxy_continue_sasl_auth(struct client *client, struct ostream *output, &data, &data_len, &error); } if (ret < 0) { - e_error(login_proxy_get_event(client->login_proxy), - "Server sent invalid authentication data: %s", error); - client_proxy_failed(client, TRUE); + const char *reason = t_strdup_printf( + "Invalid authentication data: %s", error); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason); return -1; } i_assert(ret == 0); @@ -158,10 +164,11 @@ int pop3_proxy_parse_line(struct client *client, const char *line) case POP3_PROXY_BANNER: /* this is a banner */ if (!str_begins(line, "+OK")) { - e_error(login_proxy_get_event(client->login_proxy), - "Remote returned invalid banner: %s", - str_sanitize(line, 160)); - client_proxy_failed(client, TRUE); + const char *reason = t_strdup_printf( + "Invalid banner: %s", str_sanitize(line, 160)); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason); return -1; } pop3_client->proxy_xclient = @@ -178,10 +185,11 @@ int pop3_proxy_parse_line(struct client *client, const char *line) return 0; case POP3_PROXY_STARTTLS: if (!str_begins(line, "+OK")) { - e_error(login_proxy_get_event(client->login_proxy), - "Remote STLS failed: %s", - str_sanitize(line, 160)); - client_proxy_failed(client, TRUE); + const char *reason = t_strdup_printf( + "STLS failed: %s", str_sanitize(line, 160)); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_REMOTE, reason); return -1; } if (login_proxy_starttls(client->login_proxy) < 0) @@ -193,10 +201,11 @@ int pop3_proxy_parse_line(struct client *client, const char *line) return 1; case POP3_PROXY_XCLIENT: if (!str_begins(line, "+OK")) { - e_error(login_proxy_get_event(client->login_proxy), - "Remote XCLIENT failed: %s", - str_sanitize(line, 160)); - client_proxy_failed(client, TRUE); + const char *reason = t_strdup_printf( + "XCLIENT failed: %s", str_sanitize(line, 160)); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_REMOTE, reason); return -1; } pop3_client->proxy_state = client->proxy_sasl_client == NULL ? diff --git a/src/submission-login/submission-proxy.c b/src/submission-login/submission-proxy.c index d1e849991c..9e6a202787 100644 --- a/src/submission-login/submission-proxy.c +++ b/src/submission-login/submission-proxy.c @@ -101,9 +101,10 @@ proxy_send_login(struct submission_client *client, struct ostream *output) if ((client->proxy_capability & SMTP_CAPABILITY_AUTH) == 0) { /* Prevent sending credentials to a server that has login disabled; i.e., due to the lack of TLS */ - e_error(login_proxy_get_event(client->common.login_proxy), - "Server has disabled authentication (TLS required?)"); - client_proxy_failed(&client->common, TRUE); + login_proxy_failed(client->common.login_proxy, + login_proxy_get_event(client->common.login_proxy), + LOGIN_PROXY_FAILURE_TYPE_REMOTE_CONFIG, + "Authentication support not advertised (TLS required?)"); return -1; } @@ -128,10 +129,12 @@ proxy_send_login(struct submission_client *client, struct ostream *output) str_printfa(str, "AUTH %s ", mech_name); if (dsasl_client_output(client->common.proxy_sasl_client, &sasl_output, &len, &error) < 0) { - e_error(login_proxy_get_event(client->common.login_proxy), + const char *reason = t_strdup_printf( "SASL mechanism %s init failed: %s", mech_name, error); - client_proxy_failed(&client->common, TRUE); + login_proxy_failed(client->common.login_proxy, + login_proxy_get_event(client->common.login_proxy), + LOGIN_PROXY_FAILURE_TYPE_INTERNAL, reason); return -1; } if (len == 0) @@ -160,9 +163,10 @@ submission_proxy_continue_sasl_auth(struct client *client, struct ostream *outpu str = t_str_new(128); if (base64_decode(line, strlen(line), NULL, str) < 0) { - e_error(login_proxy_get_event(client->login_proxy), - "Server sent invalid base64 data in AUTH response"); - client_proxy_failed(client, TRUE); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, + "Invalid base64 data in AUTH response"); return -1; } ret = dsasl_client_input(client->proxy_sasl_client, @@ -172,9 +176,11 @@ submission_proxy_continue_sasl_auth(struct client *client, struct ostream *outpu &data, &data_len, &error); } if (ret < 0) { - e_error(login_proxy_get_event(client->login_proxy), - "Server sent invalid authentication data: %s", error); - client_proxy_failed(client, TRUE); + const char *reason = t_strdup_printf( + "Invalid authentication data: %s", error); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason); return -1; } i_assert(ret == 0); @@ -259,11 +265,13 @@ int submission_proxy_parse_line(struct client *client, const char *line) } if (subm_client->proxy_reply_status != 0 && subm_client->proxy_reply_status != status) { - e_error(login_proxy_get_event(client->login_proxy), - "Remote returned inconsistent SMTP reply: %s " - "(status != %u)", str_sanitize(line, 160), + const char *reason = t_strdup_printf( + "Inconsistent SMTP reply: %s (status != %u)", + str_sanitize(line, 160), subm_client->proxy_reply_status); - client_proxy_failed(client, TRUE); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason); return -1; } if (line[3] == ' ') { @@ -278,10 +286,11 @@ int submission_proxy_parse_line(struct client *client, const char *line) case SUBMISSION_PROXY_BANNER: /* this is a banner */ if (invalid_line || status != 220) { - e_error(login_proxy_get_event(client->login_proxy), - "Remote returned invalid banner: %s", - str_sanitize(line, 160)); - client_proxy_failed(client, TRUE); + const char *reason = t_strdup_printf( + "Invalid banner: %s", str_sanitize(line, 160)); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason); return -1; } if (!last_line) @@ -294,10 +303,12 @@ int submission_proxy_parse_line(struct client *client, const char *line) case SUBMISSION_PROXY_EHLO: case SUBMISSION_PROXY_TLS_EHLO: if (invalid_line || (status / 100) != 2) { - e_error(login_proxy_get_event(client->login_proxy), - "Remote returned invalid EHLO line: %s", + const char *reason = t_strdup_printf( + "Invalid EHLO line: %s", str_sanitize(line, 160)); - client_proxy_failed(client, TRUE); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason); return -1; } @@ -334,9 +345,10 @@ int submission_proxy_parse_line(struct client *client, const char *line) } else { if ((subm_client->proxy_capability & SMTP_CAPABILITY_STARTTLS) == 0) { - e_error(login_proxy_get_event(client->login_proxy), - "Remote doesn't support STARTTLS"); - client_proxy_failed(client, TRUE); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_REMOTE_CONFIG, + "STARTTLS not supported"); return -1; } o_stream_nsend_str(output, "STARTTLS\r\n"); @@ -345,10 +357,12 @@ int submission_proxy_parse_line(struct client *client, const char *line) return 0; case SUBMISSION_PROXY_STARTTLS: if (invalid_line || status != 220) { - e_error(login_proxy_get_event(client->login_proxy), - "Remote STARTTLS failed: %s", + const char *reason = t_strdup_printf( + "STARTTLS failed: %s", str_sanitize(line, 160)); - client_proxy_failed(client, TRUE); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_REMOTE, reason); return -1; } if (!last_line) @@ -366,10 +380,11 @@ int submission_proxy_parse_line(struct client *client, const char *line) return 0; case SUBMISSION_PROXY_XCLIENT: if (invalid_line || (status / 100) != 2) { - e_error(login_proxy_get_event(client->login_proxy), - "Remote XCLIENT failed: %s", - str_sanitize(line, 160)); - client_proxy_failed(client, TRUE); + const char *reason = t_strdup_printf( + "XCLIENT failed: %s", str_sanitize(line, 160)); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_REMOTE, reason); return -1; } if (!last_line)