doveadm-auth: If auth_debug setting is enabled, send "debug" field to…

… auth lookups. The idea is that you could enable auth_debug for specific requests with e.g.: doveadm -o auth_debug=yes user user@example.com
dovecot · Mar 11, 2016 · 2087543 · 2087543
1 parent d76a914
commit 2087543
Show file tree

Hide file tree

Showing 7 changed files with 25 additions and 13 deletions.
diff --git a/src/doveadm/doveadm-auth.c b/src/doveadm/doveadm-auth.c
@@ -176,6 +176,8 @@ static void auth_connected(struct auth_client *client,
 	info.remote_ip = input->info.remote_ip;
 	info.remote_port = input->info.remote_port;
 	info.initial_resp_base64 = str_c(base64_resp);
+	if (doveadm_settings->auth_debug)
+		info.flags |= AUTH_REQUEST_FLAG_DEBUG;
 
 	input->request = auth_client_request_new(client, &info,
 						 auth_callback, input);
@@ -280,15 +282,20 @@ static void cmd_auth_cache_flush(int argc, char *argv[])
 	auth_master_deinit(&conn);
 }
 
+static void authtest_input_init(struct authtest_input *input)
+{
+	memset(input, 0, sizeof(*input));
+	input->info.service = "doveadm";
+	input->info.debug = doveadm_settings->auth_debug;
+}
+
 static void cmd_auth_test(int argc, char *argv[])
 {
 	const char *auth_socket_path = NULL;
 	struct authtest_input input;
 	int c;
 
-	memset(&input, 0, sizeof(input));
-	input.info.service = "doveadm";
-
+	authtest_input_init(&input);
 	while ((c = getopt(argc, argv, "a:M:x:")) > 0) {
 		switch (c) {
 		case 'a':
@@ -374,9 +381,7 @@ static void cmd_auth_login(int argc, char *argv[])
 	struct authtest_input input;
 	int c;
 
-	memset(&input, 0, sizeof(input));
-	input.info.service = "doveadm";
-
+	authtest_input_init(&input);
 	auth_login_socket_path = t_strconcat(doveadm_settings->base_dir,
 					     "/auth-login", NULL);
 	auth_master_socket_path = t_strconcat(doveadm_settings->base_dir,
@@ -433,9 +438,7 @@ static void cmd_auth_lookup(int argc, char *argv[])
 	bool first = TRUE;
 	int c, ret;
 
-	memset(&input, 0, sizeof(input));
-	input.info.service = "doveadm";
-
+	authtest_input_init(&input);
 	while ((c = getopt(argc, argv, "a:f:x:")) > 0) {
 		switch (c) {
 		case 'a':
@@ -507,6 +510,7 @@ static int cmd_user_mail_input(struct mail_storage_service_ctx *storage_service,
 	service_input.local_port = input->info.local_port;
 	service_input.remote_ip = input->info.remote_ip;
 	service_input.remote_port = input->info.remote_port;
+	service_input.debug = input->info.debug;
 
 	pool = pool_alloconly_create("userdb fields", 1024);
 	mail_storage_service_save_userdb_fields(storage_service, pool,
@@ -567,9 +571,7 @@ static void cmd_user(int argc, char *argv[])
 	bool have_wildcards, userdb_only = FALSE, first = TRUE;
 	int c, ret;
 
-	memset(&input, 0, sizeof(input));
-	input.info.service = "doveadm";
-
+	authtest_input_init(&input);
 	while ((c = getopt(argc, argv, "a:f:ux:")) > 0) {
 		switch (c) {
 		case 'a':

diff --git a/src/doveadm/doveadm-settings.c b/src/doveadm/doveadm-settings.c
@@ -56,6 +56,7 @@ static const struct setting_define doveadm_setting_defines[] = {
 	DEF(SET_STR, libexec_dir),
 	DEF(SET_STR, mail_plugins),
 	DEF(SET_STR, mail_plugin_dir),
+	DEF(SET_BOOL, auth_debug),
 	DEF(SET_STR, auth_socket_path),
 	DEF(SET_STR, doveadm_socket_path),
 	DEF(SET_UINT, doveadm_worker_count),
@@ -81,6 +82,7 @@ const struct doveadm_settings doveadm_default_settings = {
 	.libexec_dir = PKG_LIBEXECDIR,
 	.mail_plugins = "",
 	.mail_plugin_dir = MODULEDIR,
+	.auth_debug = FALSE,
 	.auth_socket_path = "auth-userdb",
 	.doveadm_socket_path = "doveadm-server",
 	.doveadm_worker_count = 0,

diff --git a/src/doveadm/doveadm-settings.h b/src/doveadm/doveadm-settings.h
@@ -8,6 +8,7 @@ struct doveadm_settings {
 	const char *libexec_dir;
 	const char *mail_plugins;
 	const char *mail_plugin_dir;
+	bool auth_debug;
 	const char *auth_socket_path;
 	const char *doveadm_socket_path;
 	unsigned int doveadm_worker_count;

diff --git a/src/lib-auth/auth-client-request.c b/src/lib-auth/auth-client-request.c
@@ -42,6 +42,8 @@ static void auth_server_send_new_request(struct auth_server_connection *conn,
 		str_append(str, "\tno-penalty");
 	if ((info->flags & AUTH_REQUEST_FLAG_VALID_CLIENT_CERT) != 0)
 		str_append(str, "\tvalid-client-cert");
+	if ((info->flags & AUTH_REQUEST_FLAG_DEBUG) != 0)
+		str_append(str, "\tdebug");
 
 	if (info->session_id != NULL) {
 		str_append(str, "\tsession=");

diff --git a/src/lib-auth/auth-client.h b/src/lib-auth/auth-client.h
@@ -13,7 +13,9 @@ enum auth_request_flags {
 	/* Skip penalty checks for this request */
 	AUTH_REQUEST_FLAG_NO_PENALTY		= 0x04,
 	/* Support final SASL response */
-	AUTH_REQUEST_FLAG_SUPPORT_FINAL_RESP	= 0x08
+	AUTH_REQUEST_FLAG_SUPPORT_FINAL_RESP	= 0x08,
+	/* Enable auth_debug=yes logging for this request */
+	AUTH_REQUEST_FLAG_DEBUG			= 0x10
 };
 
 enum auth_request_status {

diff --git a/src/lib-auth/auth-master.c b/src/lib-auth/auth-master.c
@@ -467,6 +467,8 @@ auth_user_info_export(string_t *str, const struct auth_user_info *info)
 		str_printfa(str, "\trip=%s", net_ip2addr(&info->remote_ip));
 	if (info->remote_port != 0)
 		str_printfa(str, "\trport=%d", info->remote_port);
+	if (info->debug)
+		str_append(str, "\tdebug");
 }
 
 int auth_master_user_lookup(struct auth_master_connection *conn,

diff --git a/src/lib-auth/auth-master.h b/src/lib-auth/auth-master.h
@@ -14,6 +14,7 @@ struct auth_user_info {
 	const char *service;
 	struct ip_addr local_ip, remote_ip;
 	in_port_t local_port, remote_port;
+	bool debug;
 };
 
 struct auth_user_reply {