thr3ads.net - dovecot - [bug] success field never emited in auth_request

If this information is useful, please help other people find it:
Share via:

Jean-Daniel Dupas

2019-Jul-12 13:31 UTC

[bug] success field never emited in auth_request_finished event

Hi,

I'm playing with the new events, and encounter some issues:

First the 'auth_request_finished' event is documented as having a
'successful' field, but in the code, the field is defined as
'success' (e->add_str("success", "yes")).

But more important, in the function "auth_request_success_continue()"
(auth/auth-request.c:288), "auth_request_log_finished(request)"  is
call (line 303) before updating the request status: "request->successful
= TRUE" (line 312)

So the log function never set the success field to "yes" as at this
point request->successful is still false.

Jean-Daniel

Jean-Daniel Dupas

2019-Jul-12 14:05 UTC

head link

[bug] success field never emited in auth_request_finished event

An other issue is that when 'request->passdb_success' is FALSE, the
request fails but the error field is not set (as it is only set when
request->failure is TRUE), which make it hard to create metrics for failed
login attempts.

We have (assuming success were working as expected):
- success = yes -> means auth OK
- error is present -> means request failed for some reasons
- neither success nor error is present -> means requests failed for other
reasons.

As we can't create metric filter testing field absence, getting the count of
failed requests would mean create 2 metrics (one for success, one for all) and
diff the 2 to get the count of failed attempts.

> Le 12 juil. 2019 ? 15:31, Jean-Daniel Dupas via dovecot <dovecot at
dovecot.org> a ?crit :
> 
> Hi,
> 
> I'm playing with the new events, and encounter some issues:
> 
> First the 'auth_request_finished' event is documented as having a
'successful' field, but in the code, the field is defined as
'success' (e->add_str("success", "yes")).
> 
> But more important, in the function
"auth_request_success_continue()" (auth/auth-request.c:288),
"auth_request_log_finished(request)"  is call (line 303) before
updating the request status: "request->successful = TRUE" (line
312)
> 
> So the log function never set the success field to "yes" as at
this point request->successful is still false.
> 
> Jean-Daniel
> 
> 
> 
>

Aki Tuomi

2019-Jul-12 14:43 UTC

head link

[bug] success field never emited in auth_request_finished event

<!doctype html>
<html>
 <head> 
  <meta charset="UTF-8"> 
 </head>
 <body>
  <div>
   Would you like to try with 2.3.7? It was released today.
  </div>
  <div>
   <br>
  </div>
  <div>
   Aki
  </div>
  <blockquote type="cite">
   <div>
    On 12/07/2019 17:05 Jean-Daniel Dupas via dovecot <
    <a
href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>>
wrote:
   </div>
   <div>
    <br>
   </div>
   <div>
    <br>
   </div>
   <div>
    An other issue is that when 'request->passdb_success' is FALSE,
the request fails but the error field is not set (as it is only set when
request->failure is TRUE), which make it hard to create metrics for failed
login attempts.
   </div>
   <div>
    <br>
   </div>
   <div>
    We have (assuming success were working as expected):
   </div>
   <div>
    - success = yes -> means auth OK
   </div>
   <div>
    - error is present -> means request failed for some reasons
   </div>
   <div>
    - neither success nor error is present -> means requests failed for other
reasons.
   </div>
   <div>
    <br>
   </div>
   <div>
    As we can't create metric filter testing field absence, getting the
count of failed requests would mean create 2 metrics (one for success, one for
all) and diff the 2 to get the count of failed attempts.
   </div>
   <div>
    <br>
   </div>
   <div>
    <br>
   </div>
   <blockquote type="cite">
    <div>
     Le 12 juil. 2019 à 15:31, Jean-Daniel Dupas via dovecot <
     <a
href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>>
a écrit :
    </div>
    <div>
     <br>
    </div>
    <div>
     Hi,
    </div>
    <div>
     <br>
    </div>
    <div>
     I'm playing with the new events, and encounter some issues:
    </div>
    <div>
     <br>
    </div>
    <div>
     First the 'auth_request_finished' event is documented as having a
'successful' field, but in the code, the field is defined as
'success' (e->add_str("success", "yes")).
    </div>
    <div>
     <br>
    </div>
    <div>
     But more important, in the function
"auth_request_success_continue()" (auth/auth-request.c:288),
"auth_request_log_finished(request)" is call (line 303) before
updating the request status: "request->successful = TRUE" (line
312)
    </div>
    <div>
     <br>
    </div>
    <div>
     So the log function never set the success field to "yes" as at
this point request->successful is still false.
    </div>
    <div>
     <br>
    </div>
    <div>
     Jean-Daniel
    </div>
    <div>
     <br>
    </div>
    <div>
     <br>
    </div>
    <div>
     <br>
    </div>
   </blockquote>
  </blockquote>
  <div>
   <br>
  </div>
  <div class="io-ox-signature">
   <pre>---
Aki Tuomi</pre>
  </div> 
 </body>
</html>

Maybe Matching Threads

Search for more maybe matching threads

dovecot - Jul 2019 - [bug] success field never emited in auth_request_finished event

[bug] success field never emited in auth_request_finished event

[bug] success field never emited in auth_request_finished event

[bug] success field never emited in auth_request_finished event

Maybe Matching Threads