dovecot-2.2: auth: Use special AUTH_SUBSYS_DB/MECH parameters as...
dovecot at dovecot.org
dovecot at dovecot.org
Thu Apr 17 12:26:09 UTC 2014
details: http://hg.dovecot.org/dovecot-2.2/rev/9b095cec9332
changeset: 17235:9b095cec9332
user: Timo Sirainen <tss at iki.fi>
date: Thu Apr 17 14:21:55 2014 +0200
description:
auth: Use special AUTH_SUBSYS_DB/MECH parameters as auth_request_log*() subsystem.
This avoids hardcoded strings all over the place and also allows assigning
the correct passdb/userdb name for log messages generated by generic
passdb/userdb code, which doesn't know exactly where it was called from.
diffstat:
src/auth/auth-request-handler.c | 6 +-
src/auth/auth-request.c | 79 +++++++++++++++++++++++-----------------
src/auth/auth-request.h | 4 ++
src/auth/db-checkpassword.c | 53 +++++++++++++--------------
src/auth/db-dict.c | 6 +-
src/auth/db-ldap.c | 28 +++++++-------
src/auth/db-passwd-file.c | 10 ++--
src/auth/mech-anonymous.c | 2 +-
src/auth/mech-apop.c | 9 ++--
src/auth/mech-cram-md5.c | 6 +-
src/auth/mech-digest-md5.c | 6 +-
src/auth/mech-dovecot-token.c | 4 +-
src/auth/mech-external.c | 6 +-
src/auth/mech-gssapi.c | 43 +++++++++++----------
src/auth/mech-login.c | 2 +-
src/auth/mech-ntlm.c | 16 ++++----
src/auth/mech-otp.c | 16 ++++----
src/auth/mech-plain.c | 6 +-
src/auth/mech-rpa.c | 8 ++--
src/auth/mech-scram-sha1.c | 7 +--
src/auth/mech-skey.c | 13 +++---
src/auth/mech-winbind.c | 14 +++---
src/auth/passdb-blocking.c | 4 +-
src/auth/passdb-bsdauth.c | 8 ++--
src/auth/passdb-cache.c | 19 +++++----
src/auth/passdb-checkpassword.c | 2 +-
src/auth/passdb-dict.c | 10 ++--
src/auth/passdb-imap.c | 8 ++--
src/auth/passdb-ldap.c | 28 +++++++------
src/auth/passdb-pam.c | 33 +++++++++-------
src/auth/passdb-passwd-file.c | 2 +-
src/auth/passdb-passwd.c | 10 ++--
src/auth/passdb-shadow.c | 8 ++--
src/auth/passdb-sia.c | 4 +-
src/auth/passdb-sql.c | 22 ++++++-----
src/auth/passdb-static.c | 4 +-
src/auth/passdb-vpopmail.c | 6 +-
src/auth/passdb.c | 12 +++---
src/auth/userdb-dict.c | 12 +++---
src/auth/userdb-ldap.c | 6 +-
src/auth/userdb-nss.c | 10 ++--
src/auth/userdb-passwd.c | 6 +-
src/auth/userdb-prefetch.c | 8 ++--
src/auth/userdb-sql.c | 10 ++--
src/auth/userdb-static.c | 2 +-
src/auth/userdb-vpopmail.c | 12 +++---
src/auth/userdb.c | 4 +-
47 files changed, 312 insertions(+), 282 deletions(-)
diffs (truncated from 2363 to 300 lines):
diff -r 2fcb1d28ddbc -r 9b095cec9332 src/auth/auth-request-handler.c
--- a/src/auth/auth-request-handler.c Thu Apr 17 12:26:46 2014 +0200
+++ b/src/auth/auth-request-handler.c Thu Apr 17 14:21:55 2014 +0200
@@ -391,7 +391,7 @@
{
string_t *str = t_str_new(128);
- auth_request_log_info(request, request->mech->mech_name, "%s", reason);
+ auth_request_log_info(request, AUTH_SUBSYS_MECH, "%s", reason);
str_printfa(str, "FAIL\t%u\treason=", request->id);
str_append_tabescaped(str, reason);
@@ -406,12 +406,12 @@
if (request->state != AUTH_REQUEST_STATE_MECH_CONTINUE) {
/* client's fault */
- auth_request_log_error(request, request->mech->mech_name,
+ auth_request_log_error(request, AUTH_SUBSYS_MECH,
"Request %u.%u timed out after %u secs, state=%d",
request->handler->client_pid, request->id,
secs, request->state);
} else if (request->set->verbose) {
- auth_request_log_info(request, request->mech->mech_name,
+ auth_request_log_info(request, AUTH_SUBSYS_MECH,
"Request timed out waiting for client to continue authentication "
"(%u secs)", secs);
}
diff -r 2fcb1d28ddbc -r 9b095cec9332 src/auth/auth-request.c
--- a/src/auth/auth-request.c Thu Apr 17 12:26:46 2014 +0200
+++ b/src/auth/auth-request.c Thu Apr 17 14:21:55 2014 +0200
@@ -28,6 +28,7 @@
#include <stdlib.h>
#include <sys/stat.h>
+#define AUTH_SUBSYS_PROXY "proxy"
#define AUTH_DNS_SOCKET_PATH "dns-client"
#define AUTH_DNS_DEFAULT_TIMEOUT_MSECS (1000*10)
#define AUTH_DNS_WARN_MSECS 500
@@ -39,6 +40,8 @@
struct dns_lookup *dns_lookup;
};
+const char auth_default_subsystems[2];
+
unsigned int auth_request_state_count[AUTH_REQUEST_STATE_MAX];
static void get_log_prefix(string_t *str, struct auth_request *auth_request,
@@ -479,7 +482,8 @@
return;
/* master login successful. update user and master_user variables. */
- auth_request_log_info(request, "passdb", "Master user logging in as %s",
+ auth_request_log_info(request, AUTH_SUBSYS_DB,
+ "Master user logging in as %s",
request->requested_login_user);
request->master_user = request->user;
@@ -540,7 +544,7 @@
lookup returned that user doesn't exist in it. internal
errors are fatal here. */
if (*result != PASSDB_RESULT_INTERNAL_FAILURE) {
- auth_request_log_info(request, "passdb",
+ auth_request_log_info(request, AUTH_SUBSYS_DB,
"User found from deny passdb");
*result = PASSDB_RESULT_USER_DISABLED;
}
@@ -699,7 +703,7 @@
if (passdb_cache_verify_plain(request, cache_key,
request->mech_password,
&result, TRUE)) {
- auth_request_log_info(request, "passdb",
+ auth_request_log_info(request, AUTH_SUBSYS_DB,
"Falling back to expired data from cache");
}
}
@@ -731,7 +735,7 @@
/* no masterdbs, master logins not supported */
i_assert(request->requested_login_user != NULL);
- auth_request_log_info(request, "passdb",
+ auth_request_log_info(request, AUTH_SUBSYS_MECH,
"Attempted master login with no master passdbs "
"(trying to log in as user: %s)",
request->requested_login_user);
@@ -754,7 +758,7 @@
}
if (password_has_illegal_chars(password)) {
- auth_request_log_info(request, "passdb",
+ auth_request_log_info(request, AUTH_SUBSYS_DB,
"Attempted login with password having illegal chars");
callback(PASSDB_RESULT_USER_UNKNOWN, request);
return;
@@ -805,7 +809,7 @@
} else {
if (request->set->debug_passwords &&
result == PASSDB_RESULT_OK) {
- auth_request_log_debug(request, "password",
+ auth_request_log_debug(request, AUTH_SUBSYS_DB,
"Credentials: %s",
binary_to_hex(credentials, size));
}
@@ -845,7 +849,7 @@
if (passdb_cache_lookup_credentials(request, cache_key,
&cache_cred, &cache_scheme,
&result, TRUE)) {
- auth_request_log_info(request, "passdb",
+ auth_request_log_info(request, AUTH_SUBSYS_DB,
"Falling back to expired data from cache");
passdb_handle_credentials(
result, cache_cred, cache_scheme,
@@ -895,7 +899,7 @@
if (passdb->iface.lookup_credentials == NULL) {
/* this passdb doesn't support credentials */
- auth_request_log_debug(request, "password",
+ auth_request_log_debug(request, AUTH_SUBSYS_DB,
"passdb doesn't support credential lookups");
auth_request_lookup_credentials_callback(
PASSDB_RESULT_SCHEME_NOT_AVAILABLE,
@@ -976,11 +980,13 @@
value = auth_cache_lookup(passdb_cache, request, key, &node,
&expired, &neg_expired);
if (value == NULL || (expired && !use_expired)) {
- auth_request_log_debug(request, "userdb-cache",
- value == NULL ? "miss" : "expired");
+ auth_request_log_debug(request, AUTH_SUBSYS_DB,
+ value == NULL ? "userdb cache miss" :
+ "userdb cache expired");
return FALSE;
}
- auth_request_log_debug(request, "userdb-cache", "hit: %s", value);
+ auth_request_log_debug(request, AUTH_SUBSYS_DB,
+ "userdb cache hit: %s", value);
if (*value == '\0') {
/* negative cache entry */
@@ -1075,11 +1081,10 @@
/* this was an actual login attempt, the user should
have been found. */
if (auth_request_get_auth(request)->userdbs->next == NULL) {
- auth_request_log_error(request, "userdb",
- "user not found from userdb %s",
- request->userdb->userdb->iface->name);
+ auth_request_log_error(request, AUTH_SUBSYS_DB,
+ "user not found from userdb");
} else {
- auth_request_log_error(request, "userdb",
+ auth_request_log_error(request, AUTH_SUBSYS_MECH,
"user not found from any userdbs");
}
}
@@ -1098,7 +1103,7 @@
if (auth_request_lookup_user_cache(request, cache_key, &reply,
&result, TRUE)) {
request->userdb_reply = reply;
- auth_request_log_info(request, "userdb",
+ auth_request_log_info(request, AUTH_SUBSYS_DB,
"Falling back to expired data from cache");
}
}
@@ -1269,7 +1274,7 @@
if (request->requested_login_user == NULL)
return FALSE;
- auth_request_log_debug(request, "auth",
+ auth_request_log_debug(request, AUTH_SUBSYS_DB,
"Master user lookup for login: %s",
request->requested_login_user);
return TRUE;
@@ -1285,18 +1290,18 @@
if (request->remote_ip.family == 0) {
/* IP not known */
- auth_request_log_info(request, "passdb",
+ auth_request_log_info(request, AUTH_SUBSYS_DB,
"allow_nets check failed: Remote IP not known");
request->failed = TRUE;
return;
}
for (net = t_strsplit_spaces(networks, ", "); *net != NULL; net++) {
- auth_request_log_debug(request, "auth",
+ auth_request_log_debug(request, AUTH_SUBSYS_DB,
"allow_nets: Matching for network %s", *net);
if (net_parse_range(*net, &net_ip, &bits) < 0) {
- auth_request_log_info(request, "passdb",
+ auth_request_log_info(request, AUTH_SUBSYS_DB,
"allow_nets: Invalid network '%s'", *net);
}
@@ -1307,7 +1312,7 @@
}
if (!found) {
- auth_request_log_info(request, "passdb",
+ auth_request_log_info(request, AUTH_SUBSYS_DB,
"allow_nets check failed: IP not in allowed networks");
}
request->failed = !found;
@@ -1318,8 +1323,7 @@
const char *default_scheme, bool noscheme)
{
if (request->passdb_password != NULL) {
- auth_request_log_error(request,
- request->passdb->passdb->iface.name,
+ auth_request_log_error(request, AUTH_SUBSYS_DB,
"Multiple password values not supported");
return;
}
@@ -1382,7 +1386,7 @@
return FALSE;
if (strcmp(request->user, new_value) != 0) {
- auth_request_log_debug(request, "auth",
+ auth_request_log_debug(request, AUTH_SUBSYS_DB,
"username changed %s -> %s",
request->user, new_value);
request->user = p_strdup(request->pool, new_value);
@@ -1441,8 +1445,7 @@
if (password != NULL) {
(void)password_get_scheme(&password);
if (*password != '\0') {
- auth_request_log_error(request,
- request->passdb->passdb->iface.name,
+ auth_request_log_error(request, AUTH_SUBSYS_DB,
"nopassword set but password is "
"non-empty");
return;
@@ -1533,7 +1536,7 @@
var_expand(path, path_template,
auth_request_get_var_expand_table(request, NULL));
if (stat(str_c(path), &st) < 0) {
- auth_request_log_error(request, "uidgid_file",
+ auth_request_log_error(request, AUTH_SUBSYS_DB,
"stat(%s) failed: %m", str_c(path));
} else {
auth_fields_add(request->userdb_reply,
@@ -1635,7 +1638,7 @@
} else {
/* add only one */
if (values[1] != NULL) {
- auth_request_log_warning(request, "userdb",
+ auth_request_log_warning(request, AUTH_SUBSYS_DB,
"Multiple values found for '%s', "
"using value '%s'", name, *values);
}
@@ -1723,13 +1726,13 @@
i_assert(host != NULL);
if (result->ret != 0) {
- auth_request_log_error(request, "proxy",
+ auth_request_log_error(request, AUTH_SUBSYS_PROXY,
"DNS lookup for %s failed: %s", host, result->error);
request->internal_failure = TRUE;
auth_request_proxy_finish_failure(request);
} else {
if (result->msecs > AUTH_DNS_WARN_MSECS) {
- auth_request_log_warning(request, "proxy",
+ auth_request_log_warning(request, AUTH_SUBSYS_PROXY,
"DNS lookup for %s took %u.%03u s",
host, result->msecs/1000, result->msecs % 1000);
}
@@ -1766,7 +1769,7 @@
value = auth_fields_find(request->extra_fields, "proxy_timeout");
if (value != NULL) {
if (str_to_uint(value, &secs) < 0) {
- auth_request_log_error(request, "proxy",
+ auth_request_log_error(request, AUTH_SUBSYS_PROXY,
"Invalid proxy_timeout value: %s", value);
} else {
dns_set.timeout_msecs = secs*1000;
@@ -2133,9 +2136,19 @@
const char *subsystem)
{
#define MAX_LOG_USERNAME_LEN 64
- const char *ip;
+ const char *ip, *name;
- str_append(str, subsystem);
+ if (subsystem == AUTH_SUBSYS_DB) {
+ if (!auth_request->userdb_lookup)
+ name = auth_request->passdb->passdb->iface.name;
+ else
+ name = auth_request->userdb->userdb->iface->name;
+ } else if (subsystem == AUTH_SUBSYS_MECH) {
+ name = t_str_lcase(auth_request->mech->mech_name);
+ } else {
+ name = subsystem;
+ }
+ str_append(str, name);
str_append_c(str, '(');
if (auth_request->user == NULL)
diff -r 2fcb1d28ddbc -r 9b095cec9332 src/auth/auth-request.h
--- a/src/auth/auth-request.h Thu Apr 17 12:26:46 2014 +0200
+++ b/src/auth/auth-request.h Thu Apr 17 14:21:55 2014 +0200
@@ -153,6 +153,10 @@
extern const struct var_expand_table
More information about the dovecot-cvs
mailing list