diff options
author | David Sommerseth <dazo@users.sourceforge.net> | 2008-10-04 00:42:37 +0200 |
---|---|---|
committer | David Sommerseth <dazo@users.sourceforge.net> | 2008-10-04 00:42:37 +0200 |
commit | 298838fa11b9c4e88e132c4551b93b9a1750fac5 (patch) | |
tree | 976bff31b42bb6420d991447fee90dbed78c03c8 | |
parent | 5a06808210ba0d52c06c34dee124f1a9fd95d92e (diff) | |
parent | db82a5db49a17e26f87a2779b62707983abd44f3 (diff) | |
download | eurephia-298838fa11b9c4e88e132c4551b93b9a1750fac5.tar.gz eurephia-298838fa11b9c4e88e132c4551b93b9a1750fac5.tar.xz eurephia-298838fa11b9c4e88e132c4551b93b9a1750fac5.zip |
Merge branch 'master' into cmake
-rw-r--r-- | TODO | 2 | ||||
-rw-r--r-- | TODO.done | 2 | ||||
-rw-r--r-- | database/eurephiadb-driver_template.c | 160 | ||||
-rw-r--r-- | database/sqlite/eurephiadb-sqlite.c | 170 | ||||
-rw-r--r-- | database/sqlite/sqlite.c | 2 | ||||
-rw-r--r-- | eurephia.c | 28 | ||||
-rw-r--r-- | eurephia_getsym.c | 4 | ||||
-rw-r--r-- | eurephia_values.c | 8 | ||||
-rw-r--r-- | eurephiadb.c | 2 | ||||
-rw-r--r-- | eurephiadb_session.c | 53 | ||||
-rw-r--r-- | eurephiafw.c | 32 | ||||
-rw-r--r-- | eurephiafw_helpers.c | 4 | ||||
-rw-r--r-- | firewall/iptables/efw_iptables.c | 12 |
13 files changed, 244 insertions, 235 deletions
@@ -2,8 +2,6 @@ ** beta_0.9 requirements ** -* Go through all log statements, make sure log type and log level is sane - ** ** Release 1.0 requirements ** @@ -1,3 +1,5 @@ +* Go through all log statements, make sure log type and log level is sane + * Add pthread mutex locking in eurephia_log(...) [beta_0.9 req] * Make new eurephiadb-driver_template.c - template for creating db driver (DONE) diff --git a/database/eurephiadb-driver_template.c b/database/eurephiadb-driver_template.c index 005afc7..fc67510 100644 --- a/database/eurephiadb-driver_template.c +++ b/database/eurephiadb-driver_template.c @@ -88,7 +88,7 @@ void update_attempts(eurephiaCTX *ctx, const char *blid) { " SET last_accessed = CURRENT_TIMESTAMP WHERE blid = %s", blid */ if( /* SQL COMMAND FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_CRITICAL, 0, "Could not update openvpn_blacklist.last_accessed for blid=%s", blid); } /* FREE SQL RESULT */ @@ -124,7 +124,7 @@ int eDBconnect(eurephiaCTX *ctx, const int argc, const char **argv) * You are free to use whatever parameter syntax you would like to use. */ - DEBUG(ctx, 10, "Function call: eDBconnect(ctx, %i, '...')", argc, dbame); + DEBUG(ctx, 20, "Function call: eDBconnect(ctx, %i, '...')", argc, dbame); // Connect to the database dbc = (eDBconn *) malloc(sizeof(eDBconn)+2); @@ -136,7 +136,7 @@ int eDBconnect(eurephiaCTX *ctx, const int argc, const char **argv) /* WORK TO DO -- Open a database connection, and save the handle in dbc->handle */ if( /* IF CONNECTION FAILED */ ) { - eurephia_log(ctx, LOG_FATAL, 0, "Could not open database '%s'", dbc->dbname); + eurephia_log(ctx, LOG_PANIC, 0, "Could not open database '%s'", dbc->dbname); free_nullsafe(dbc->dbname); free_nullsafe(dbc); return 0; @@ -178,7 +178,7 @@ void eDBdisconnect(eurephiaCTX *ctx) { eDBconn *dbc = NULL; - DEBUG(ctx, 10, "Function call: eDBdisconnect(ctx)"); + DEBUG(ctx, 20, "Function call: eDBdisconnect(ctx)"); if( ctx->dbc == NULL ) { eurephia_log(ctx, LOG_WARNING, 0, "Database not open, cannot close database."); @@ -186,7 +186,7 @@ void eDBdisconnect(eurephiaCTX *ctx) } dbc = ctx->dbc; - eurephia_log(ctx, LOG_INFO, 2, "Closing database '%s'", dbc->dbname); + eurephia_log(ctx, LOG_INFO, 1, "Closing database '%s'", dbc->dbname); /* WORK TO DO: Close database connection using dbc->dbhandle */ @@ -209,7 +209,7 @@ int eDBauth_TLS(eurephiaCTX *ctx, const char *org, const char *cname, const char int certid = 0; char *blid = NULL; - DEBUG(ctx, 10, "Function call: eDBauth_TLS(ctx, '%s', '%s', '%s', '%s', %s)", + DEBUG(ctx, 20, "Function call: eDBauth_TLS(ctx, '%s', '%s', '%s', '%s', %s)", org, cname, email, digest, depth); // Check if certificate is valid, and not too many attempts has been tried with the given certificate @@ -230,18 +230,18 @@ int eDBauth_TLS(eurephiaCTX *ctx, const char *org, const char *cname, const char // Check if we found certificate to be blacklisted or not. blid == NULL when NOT blacklisted if( blid == NULL ) { if( certid > 0 ) { - eurephia_log(ctx, LOG_INFO, 0, + eurephia_log(ctx, LOG_INFO, 0, "Found certid %i for user: %s/%s/%s", certid, org, cname, email); } else { - eurephia_log(ctx, LOG_INFO, 1, + eurephia_log(ctx, LOG_INFO, 1, "Unknown certificate for: %s/%s/%s (depth %s, digest: %s)", org, cname, email, depth, digest); } // Certificate is okay, certid contains the certificate ID } else { // If the certificate or IP is blacklisted, update status and deny access. - eurephia_log(ctx, LOG_WARNING, 1, + eurephia_log(ctx, LOG_WARNING, 0, "Attempt with BLACKLISTED certificate (certid %i)", certid); update_attempts(ctx, blid); certid = -1; @@ -251,7 +251,7 @@ int eDBauth_TLS(eurephiaCTX *ctx, const char *org, const char *cname, const char eurephia_log(ctx, LOG_FATAL, 0, "Could not look up certificate information"); } - DEBUG(ctx, 10, "Result function call: eDBauth_TLS(ctx, '%s', '%s', '%s', '%s', %s) - %i", + DEBUG(ctx, 20, "Result function call: eDBauth_TLS(ctx, '%s', '%s', '%s', '%s', %s) - %i", org, cname, email, digest, depth, certid); return certid; @@ -264,7 +264,7 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const char *crpwd = NULL, *activated = NULL, *deactivated = NULL, *blid_uname = NULL, *blid_cert; int uicid = 0, uid = 0, pwdok = 0; - DEBUG(ctx, 10, "Function call: eDBauth_user(ctx, %i, '%s','xxxxxxxx')", certid, username); + DEBUG(ctx, 20, "Function call: eDBauth_user(ctx, %i, '%s','xxxxxxxx')", certid, username); // Generate SHA1 hash of password, used for password auth @@ -284,8 +284,8 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const */ free_nullsafe(crpwd); if( /* IF NO RESULT WAS RETURNED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, - "Could not lookup user in database (certid %i, username '%s'", certid, username); + eurephia_log(ctx, LOG_FATAL, 0, + "Could not look up user in database (certid %i, username '%s'", certid, username); return 0; } @@ -298,25 +298,29 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const pwdok = atoi_nullsafe(/* GET pwdok FIELD FROM SQL RESULT */); if( blid_uname != NULL ) { - eurephia_log(ctx, LOG_WARNING, 0, "User account is BLACKLISTED (uid: %i, %s)", + eurephia_log(ctx, LOG_WARNING, 0, + "User account is BLACKLISTED (uid: %i, %s)", uid, username); uicid = -1; } else if( blid_cert != NULL ) { - eurephia_log(ctx, LOG_WARNING, 0, + eurephia_log(ctx, LOG_WARNING, 0, "User account linked with a BLACKLISTED certificate " "(uid: %i, %s) - certid: %s", uid, username, certid); uicid = -1; } else if( activated == NULL ) { - eurephia_log(ctx, LOG_WARNING, 0, "User account is not activated (uid: %i, %s)", + eurephia_log(ctx, LOG_WARNING, 0, + "User account is not activated (uid: %i, %s)", uid, username); uicid = -1; } else if( deactivated != NULL ) { - eurephia_log(ctx, LOG_WARNING, 0, "User account is deactivated (uid: %i, %s)", + eurephia_log(ctx, LOG_WARNING, 0, + "User account is deactivated (uid: %i, %s)", uid, username); uicid = -1; } else if( pwdok != 1 ) { - eurephia_log(ctx, LOG_WARNING, 0,"Authentication failed for user '%s'. Wrong password.", + eurephia_log(ctx, LOG_WARNING, 0, + "Authentication failed for user '%s'. Wrong password.", username); uicid = -1; @@ -330,7 +334,7 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const } /* FREE SQL RESULT */ - DEBUG(ctx, 10, "Result function call: eDBauth_user(ctx, %i, '%s','xxxxxxxx') - %i", + DEBUG(ctx, 20, "Result function call: eDBauth_user(ctx, %i, '%s','xxxxxxxx') - %i", certid, username, uicid); return uicid; @@ -341,7 +345,7 @@ int eDBget_uid(eurephiaCTX *ctx, const int certid, const char *username) { int ret = 0; - DEBUG(ctx, 10, "Function call: eDBget_uid(ctx, %i, '%s')", certid, username); + DEBUG(ctx, 20, "Function call: eDBget_uid(ctx, %i, '%s')", certid, username); /* WORK TO DO -- DO SQL: "SELECT uid " @@ -351,7 +355,7 @@ int eDBget_uid(eurephiaCTX *ctx, const int certid, const char *username) certid, username */ if( /* IF NO RESULT FOUND */ || /* OR WE GOT MORE THAN 1 RECORD */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not lookup userid for user '%s'", username); + eurephia_log(ctx, LOG_FATAL, 0, "Could not lookup userid for user '%s'", username); ret = -1; } else { ret = atoi_nullsafe(/* GET uid FIELD FROM SQL RESULT */); @@ -368,7 +372,7 @@ int eDBblacklist_check(eurephiaCTX *ctx, const int type, const char *val) int atpexceed = -1, blacklisted = 0; char *atpid = NULL, *blid = NULL; - DEBUG(ctx, 10, "Function call: eDBblacklist_check(ctx, '%s', '%s')", + DEBUG(ctx, 20, "Function call: eDBblacklist_check(ctx, '%s', '%s')", eDBattempt_types[type].descr, val); /* WORK TO DO -- DO SQL: @@ -380,14 +384,14 @@ int eDBblacklist_check(eurephiaCTX *ctx, const int type, const char *val) /* FREE SQL RESULT */ if( blid != NULL ) { // If we found a blacklisted record - eurephia_log(ctx, LOG_WARNING, 1, "Attempt from blacklisted %s: %s", + eurephia_log(ctx, LOG_WARNING, 0, "Attempt from blacklisted %s: %s", eDBattempt_types[type].descr, val); blacklisted = 1; // [type] is blacklisted } // Update attempt information update_attempts(ctx, blid); } else { - eurephia_log(ctx, LOG_CRITICAL, 0, "Quering openvpn_blacklist for blacklisted %s", + eurephia_log(ctx, LOG_FATAL, 0, "Quering openvpn_blacklist for blacklisted %s failed", eDBattempt_types[type].descr); } @@ -408,15 +412,15 @@ int eDBblacklist_check(eurephiaCTX *ctx, const int type, const char *val) // If [type] has reached attempt limit and it is not black listed, black list it if( (atpexceed > 0) && (blid == NULL) ) { eurephia_log(ctx, LOG_WARNING, 0, - "%s got BLACKLISTED due to too many failed attempts: %s", + "%s got BLACKLISTED due to too many failed attempts: %s", eDBattempt_types[type].descr, val); /* WORK TO DO -- DO SQL "INSERT INTO openvpn_blacklist (%s) VALUES ('%q')", eDBattempt_types[type].colname, val */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, - "Could not blacklist %s (%s)", + eurephia_log(ctx, LOG_CRITICAL, 0, + "Could not blacklist %s (%s)", eDBattempt_types[type].descr, val); } /* FREE SQL RESULT */ @@ -424,14 +428,15 @@ int eDBblacklist_check(eurephiaCTX *ctx, const int type, const char *val) } free_nullsafe(atpid); } else { - eurephia_log(ctx, LOG_CRITICAL, 0, "Quering openvpn_attempts for blacklisted %s failed", + eurephia_log(ctx, LOG_CRITICAL, 0, + "Quering openvpn_attempts for blacklisted %s failed", eDBattempt_types[type].descr); } free_nullsafe(atpr); } free_nullsafe(blid); - DEBUG(ctx, 10, "Result - function call: eDBblacklist_check(ctx, '%s', '%s') - %i", + DEBUG(ctx, 20, "Result - function call: eDBblacklist_check(ctx, '%s', '%s') - %i", eDBattempt_types[type].descr, val, blacklisted); return blacklisted; @@ -443,7 +448,7 @@ void eDBregister_attempt(eurephiaCTX *ctx, int type, int mode, const char *value char *id = NULL, *atmpt_block = NULL, *blid = NULL; int attempts = 0; - DEBUG(ctx, 10, "Function call: eDBregister_attempt(ctx, %s, %s, '%s')", + DEBUG(ctx, 20, "Function call: eDBregister_attempt(ctx, %s, %s, '%s')", eDBattempt_types[type].colname, (mode == ATTEMPT_RESET ? "ATTEMPT_RESET" : "ATTEMPT_REGISTER"), value); @@ -461,7 +466,7 @@ void eDBregister_attempt(eurephiaCTX *ctx, int type, int mode, const char *value eDBattempt_types[type].colname, value */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not look up atpid in openvpn_attempts"); + eurephia_log(ctx, LOG_FATAL, 0, "Could not look up atpid in openvpn_attempts"); return; } @@ -487,7 +492,7 @@ void eDBregister_attempt(eurephiaCTX *ctx, int type, int mode, const char *value Result check comes later ... */ - } else if( id != NULL ){ + } else if( id != NULL ) { // if a attempt record exists, update it according to mode switch( mode ) { case ATTEMPT_RESET: @@ -512,7 +517,7 @@ void eDBregister_attempt(eurephiaCTX *ctx, int type, int mode, const char *value } if( /* IF SQL QUERY FAILED */ ) { eurephia_log(ctx, LOG_CRITICAL, 0, - "Could not update openvpn_attempts for %s = %s", + "Could not update openvpn_attempts for %s = %s", eDBattempt_types[type].colname, value); } /* FREE SQL RESULT */ @@ -528,7 +533,7 @@ void eDBregister_attempt(eurephiaCTX *ctx, int type, int mode, const char *value eDBattempt_types[type].colname, value */ if( /* IF SQL FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_CRITICAL, 0, "Could not blacklist %s: %s", eDBattempt_types[type].descr, value); } @@ -545,11 +550,11 @@ int eDBregister_login(eurephiaCTX *ctx, eurephiaSESSION *skey, const int certid, const char *proto, const char *remipaddr, const char *remport, const char *vpnipaddr, const char *vpnipmask) { - DEBUG(ctx, 10, "Function call: eDBregister_login(ctx, '%s', %i, %i, '%s','%s','%s','%s','%s')", + DEBUG(ctx, 20, "Function call: eDBregister_login(ctx, '%s', %i, %i, '%s','%s','%s','%s','%s')", skey->sessionkey, certid, uid, proto, remipaddr, remport, vpnipaddr, vpnipmask); if( skey->sessionstatus != SESSION_NEW ) { - eurephia_log(ctx, LOG_WARNING, 10, "Not a new session, will not register it again"); + eurephia_log(ctx, LOG_ERROR, 5, "Not a new session, will not register it again"); return 1; } @@ -562,7 +567,7 @@ int eDBregister_login(eurephiaCTX *ctx, eurephiaSESSION *skey, const int certid, uid, certid, proto, remipaddr, remport, vpnipaddr, vpnipmask, skey->sessionkey */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not insert new session into openvpn_lastlog"); + eurephia_log(ctx, LOG_FATAL, 0, "Could not insert new session into openvpn_lastlog"); return 0; } /* FREE SQL RESULT */ @@ -574,11 +579,11 @@ int eDBregister_login(eurephiaCTX *ctx, eurephiaSESSION *skey, const int certid, int eDBregister_vpnmacaddr(eurephiaCTX *ctx, eurephiaSESSION *session, const char *macaddr) { - DEBUG(ctx, 10, "Function call: eDBregister_vpnmacaddr(ctx, '%s', '%s')", + DEBUG(ctx, 20, "Function call: eDBregister_vpnmacaddr(ctx, '%s', '%s')", session->sessionkey, macaddr); if( macaddr == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "No MAC address was given to save"); + eurephia_log(ctx, LOG_FATAL, 0, "No MAC address was given to save"); return 0; } @@ -588,7 +593,7 @@ int eDBregister_vpnmacaddr(eurephiaCTX *ctx, eurephiaSESSION *session, const cha session->sessionkey, macaddr */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Failed to log new MAC address for session"); + eurephia_log(ctx, LOG_FATAL, 0, "Failed to log new MAC address for session"); return 0; } /* FREE SQL RESULT */ @@ -599,14 +604,14 @@ int eDBregister_vpnmacaddr(eurephiaCTX *ctx, eurephiaSESSION *session, const cha " WHERE sessionkey = '%q' AND sessionstatus = 1", macaddr, session->sessionkey); */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not update lastlog with new MAC address for session"); + eurephia_log(ctx, LOG_FATAL, 0, "Could not update lastlog with new MAC address for session"); return 0; } /* FREE SQL RESULT */ // Save the MAC address in the session values register - needed for the destroy session if( eDBset_session_value(ctx, session, "macaddr", macaddr) == 0 ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not save MAC address into session variables"); + eurephia_log(ctx, LOG_FATAL, 0, "Could not save MAC address into session variables"); return 0; } @@ -615,10 +620,10 @@ int eDBregister_vpnmacaddr(eurephiaCTX *ctx, eurephiaSESSION *session, const cha // Register the user as logged out -int eDBregister_logout(eurephiaCTX *ctx, eurephiaSESSION *skey, +int eDBregister_logout(eurephiaCTX *ctx, eurephiaSESSION *skey, const char *bytes_sent, const char *bytes_received, const char *duration) { - DEBUG(ctx, 10, "Function call: eDBregister_logout(ctx, '%s', %s, %s)", + DEBUG(ctx, 20, "Function call: eDBregister_logout(ctx, '%s', %s, %s)", skey->sessionkey, bytes_sent, bytes_received); /* WORK TO DO -- DO SQL: @@ -630,7 +635,8 @@ int eDBregister_logout(eurephiaCTX *ctx, eurephiaSESSION *skey, atoi_nullsafe(duration), skey->sessionke */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not update lastlog with logout information (%s)", + eurephia_log(ctx, LOG_FATAL, 0, + "Could not update lastlog with logout information (%s)", skey->sessionkey); return 0; } @@ -645,10 +651,10 @@ int eDBregister_logout(eurephiaCTX *ctx, eurephiaSESSION *skey, char *eDBget_sessionkey_seed(eurephiaCTX *ctx, const char *sessionseed) { char *skey = NULL; - DEBUG(ctx, 10, "eDBget_sessionkey(ctx, '%s')", sessionseed); + DEBUG(ctx, 20, "eDBget_sessionkey(ctx, '%s')", sessionseed); if( sessionseed == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 1, + eurephia_log(ctx, LOG_FATAL, 1, "eDBget_sessionkey: No session seed given - cannot locate sessionkey"); return NULL; } @@ -662,7 +668,8 @@ char *eDBget_sessionkey_seed(eurephiaCTX *ctx, const char *sessionseed) { sessionseed */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0,"Could not retrieve sessionkey from openvpn_sessionkeys (%s)", + eurephia_log(ctx, LOG_FATAL, 0, + "Could not retrieve sessionkey from openvpn_sessionkeys (%s)", sessionseed); return NULL; } @@ -689,7 +696,7 @@ char *eDBget_sessionkey_macaddr(eurephiaCTX *ctx, const char *macaddr) { macaddr */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_FATAL, 0, "Could not remove session from database (MAC addr: %s)", macaddr); return 0; } @@ -704,9 +711,9 @@ char *eDBget_sessionkey_macaddr(eurephiaCTX *ctx, const char *macaddr) { int eDBcheck_sessionkey_uniqueness(eurephiaCTX *ctx, const char *seskey) { int uniq = 0; - DEBUG(ctx, 10, "eDBcheck_sessionkey_uniqueness(ctx, '%s')", seskey); + DEBUG(ctx, 20, "eDBcheck_sessionkey_uniqueness(ctx, '%s')", seskey); if( seskey == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 1, + eurephia_log(ctx, LOG_FATAL, 1, "eDBcheck_sessionkey_uniqness: Invalid session key given"); return 0; } @@ -716,7 +723,7 @@ int eDBcheck_sessionkey_uniqueness(eurephiaCTX *ctx, const char *seskey) { seskey */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_FATAL, 0, "eDBcheck_sessionkey_uniqness: Could not check uniqueness of sessionkey"); return 0; } @@ -729,9 +736,9 @@ int eDBcheck_sessionkey_uniqueness(eurephiaCTX *ctx, const char *seskey) { // register a link between a short-term session seed and a long-term session key int eDBregister_sessionkey(eurephiaCTX *ctx, const char *seed, const char *seskey) { - DEBUG(ctx, 10, "eDBregister_sessionkey(ctx, '%s', '%s')", seed, seskey); + DEBUG(ctx, 20, "eDBregister_sessionkey(ctx, '%s', '%s')", seed, seskey); if( (seed == NULL) || (seskey == NULL) ) { - eurephia_log(ctx, LOG_CRITICAL, 1, + eurephia_log(ctx, LOG_FATAL, 1, "eDBregister_sessionkey: Invalid session seed or session key given"); return 0; } @@ -741,7 +748,7 @@ int eDBregister_sessionkey(eurephiaCTX *ctx, const char *seed, const char *seske seed, seskey */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_FATAL, 0, "eDBregister_sessionkey: Error registering sessionkey into openvpn_sessionkeys"); return 0; } @@ -752,9 +759,9 @@ int eDBregister_sessionkey(eurephiaCTX *ctx, const char *seed, const char *seske // remove a session seed/session key link from openvpn_sessionkeys int eDBremove_sessionkey(eurephiaCTX *ctx, const char *seskey) { - DEBUG(ctx, 10, "eDBremove_sessionkey(ctx, '%s')", seskey); + DEBUG(ctx, 20, "eDBremove_sessionkey(ctx, '%s')", seskey); if( seskey == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 1, + eurephia_log(ctx, LOG_FATAL, 1, "eDBremove_sessionkey: Invalid session key given"); return 0; } @@ -764,7 +771,7 @@ int eDBremove_sessionkey(eurephiaCTX *ctx, const char *seskey) { seskey */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_FATAL, 0, "eDBremove_sessionkey: Error removing sessionkey from openvpn_sessionkeys"); return 0; } @@ -781,7 +788,7 @@ eurephiaVALUES *eDBload_sessiondata(eurephiaCTX *ctx, const char *sesskey) { return NULL; } - DEBUG(ctx, 10, "Function call: eDBload_sessiondata(ctx, '%s')", sesskey); + DEBUG(ctx, 20, "Function call: eDBload_sessiondata(ctx, '%s')", sesskey); sessvals = eCreate_value_space(ctx, 10); @@ -791,13 +798,13 @@ eurephiaVALUES *eDBload_sessiondata(eurephiaCTX *ctx, const char *sesskey) { */ if( /* IF WE GOT RECORDS IN THE QUERY */ ) { for( /* LOOP THROUGH ALL RECORDS */ ) { - eAdd_value(ctx, sessvals, + eAdd_value(ctx, sessvals, /* GET datakey FROM SQL RESULT */, /* GET dataval FROM SQL RESULT */); } /* FREE SQL RESULT */ } else { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_CRITICAL, 0, "Could not load session values for session '%s'", sesskey); } @@ -810,12 +817,12 @@ int eDBstore_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, int mode, { if( session == NULL ) { - DEBUG(ctx, 10, + DEBUG(ctx, 20, "Function call failed to eDBstore_session_value(ctx, ...): Non-existing session key"); return 0; } - DEBUG(ctx, 10, "Function call: eDBstore_session_value(ctx, '%s', %i, '%s', '%s')", + DEBUG(ctx, 20, "Function call: eDBstore_session_value(ctx, '%s', %i, '%s', '%s')", session->sessionkey, mode, key, val); switch( mode ) { @@ -826,7 +833,7 @@ int eDBstore_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, int mode, session->sessionkey, key, val */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_FATAL, 0, "Could not register new session variable into database: [%s] %s = %s", session->sessionkey, key, val); return 0; @@ -840,7 +847,8 @@ int eDBstore_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, int mode, val, session->sessionkey, key */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not update session variable: [%s] %s = %s ", + eurephia_log(ctx, LOG_FATAL, 0, + "Could not update session variable: [%s] %s = %s ", session->sessionkey, key, val); return 0; } @@ -852,15 +860,17 @@ int eDBstore_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, int mode, session->sessionkey, key */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not delete session variable: [%s] %s", + eurephia_log(ctx, LOG_FATAL, 0, + "Could not delete session variable: [%s] %s", session->sessionkey, key); return 0; } break; default: - eurephia_log(ctx, LOG_FATAL, 0, "Unknown eDBstore_session_value mode '%i'", mode); - return 1; + eurephia_log(ctx, LOG_FATAL, 0, + "Unknown eDBstore_session_value mode '%i'", mode); + return 0; } /* FREE SQL RESULT */ return 1; @@ -870,10 +880,10 @@ int eDBstore_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, int mode, // Delete session information from openvpn_sessions and update openvpn_lastlog with status int eDBdestroy_session(eurephiaCTX *ctx, eurephiaSESSION *session) { - DEBUG(ctx, 10, "Function call: eDBdestroy_session(ctx, '%s')", session->sessionkey); + DEBUG(ctx, 20, "Function call: eDBdestroy_session(ctx, '%s')", session->sessionkey); if( (session == NULL) || (session->sessionkey == NULL) ) { - eurephia_log(ctx, LOG_ERROR, 1, "No active session given to be destroyed"); + eurephia_log(ctx, LOG_WARNING, 1, "No active session given to be destroyed"); return 1; } @@ -885,7 +895,7 @@ int eDBdestroy_session(eurephiaCTX *ctx, eurephiaSESSION *session) { session->sessionkey */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_FATAL, 0, "Could not update session status in lastlog (%s))", session->sessionkey); return 0; } @@ -897,7 +907,7 @@ int eDBdestroy_session(eurephiaCTX *ctx, eurephiaSESSION *session) { session->sessionkey */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_FATAL, 0, "Could not delete session variables (%s))", session->sessionkey); return 0; } @@ -915,7 +925,7 @@ char *eDBget_firewall_profile(eurephiaCTX *ctx, eurephiaSESSION *session) { char *ret = NULL; - DEBUG(ctx, 10, "Function call: eDBget_firewall_profile(ctx, {session}'%s')", + DEBUG(ctx, 20, "Function call: eDBget_firewall_profile(ctx, {session}'%s')", session->sessionkey); /* WORK TO DO -- DO SQL: @@ -927,7 +937,8 @@ char *eDBget_firewall_profile(eurephiaCTX *ctx, eurephiaSESSION *session) session->sessionkey */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not retrieve firewall profile for session '%s'", + eurephia_log(ctx, LOG_FATAL, 0, + "Could not retrieve firewall profile for session '%s'", session->sessionkey); return NULL; } @@ -935,4 +946,3 @@ char *eDBget_firewall_profile(eurephiaCTX *ctx, eurephiaSESSION *session) /* FREE SQL RESULT */ return ret; } - diff --git a/database/sqlite/eurephiadb-sqlite.c b/database/sqlite/eurephiadb-sqlite.c index 49e7e36..2a0b9be 100644 --- a/database/sqlite/eurephiadb-sqlite.c +++ b/database/sqlite/eurephiadb-sqlite.c @@ -87,7 +87,7 @@ void update_attempts(eurephiaCTX *ctx, const char *blid) { "UPDATE openvpn_blacklist " " SET last_accessed = CURRENT_TIMESTAMP WHERE blid = %q", blid); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_CRITICAL, 0, "Could not update openvpn_blacklist.last_accessed for blid=%s", blid); } sqlite_free_results(res); @@ -105,14 +105,10 @@ int eDBconnect(eurephiaCTX *ctx, const int argc, const char **argv) dbresult *res = NULL; int rc; -#ifdef MEMWATCH - mwStatistics(3); -#endif - - DEBUG(ctx, 10, "Function call: eDBconnect(ctx, %i, '%s')", argc, argv[0]); + DEBUG(ctx, 20, "Function call: eDBconnect(ctx, %i, '%s')", argc, argv[0]); if( (argc != 1) || (argv[0] == NULL) || (strlen(argv[0]) < 1) ) { - eurephia_log(ctx, LOG_PANIC, 0, "Wrong parameters to dblink-sqlite. Cannot open database."); + eurephia_log(ctx, LOG_PANIC, 0, "Wrong parameters to eurephiadb-sqlite. Cannot open database."); return 0; } @@ -125,7 +121,7 @@ int eDBconnect(eurephiaCTX *ctx, const int argc, const char **argv) rc = sqlite3_open(argv[0], (void *) &dbc->dbhandle); if( rc ) { - eurephia_log(ctx, LOG_FATAL, 0, "Could not open database '%s'", dbc->dbname); + eurephia_log(ctx, LOG_PANIC, 0, "Could not open database '%s'", dbc->dbname); free_nullsafe(dbc->dbname); free_nullsafe(dbc); return 0; @@ -161,7 +157,7 @@ void eDBdisconnect(eurephiaCTX *ctx) { eDBconn *dbc = NULL; - DEBUG(ctx, 10, "Function call: eDBdisconnect(ctx)"); + DEBUG(ctx, 20, "Function call: eDBdisconnect(ctx)"); if( ctx->dbc == NULL ) { eurephia_log(ctx, LOG_WARNING, 0, "Database not open, cannot close database."); @@ -169,7 +165,7 @@ void eDBdisconnect(eurephiaCTX *ctx) } dbc = ctx->dbc; - eurephia_log(ctx, LOG_INFO, 2, "Closing database '%s'", dbc->dbname); + eurephia_log(ctx, LOG_INFO, 1, "Closing database '%s'", dbc->dbname); // Close database connection sqlite3_close((sqlite3 *) dbc->dbhandle); @@ -192,8 +188,8 @@ int eDBauth_TLS(eurephiaCTX *ctx, const char *org, const char *cname, const char int certid = 0; char *blid = NULL; - DEBUG(ctx, 10, "Function call: eDBauth_TLS(ctx, '%s', '%s', '%s', '%s', %s)", - org, cname, email, digest, depth); + DEBUG(ctx, 20, "Function call: eDBauth_TLS(ctx, '%s', '%s', '%s', '%s', %s)", + org, cname, email, digest, depth); // Check if certificate is valid, and not too many attempts has been tried with the given certificate res = sqlite_query(ctx, @@ -212,18 +208,18 @@ int eDBauth_TLS(eurephiaCTX *ctx, const char *org, const char *cname, const char // Check if we found certificate to be blacklisted or not. blid == NULL when NOT blacklisted if( blid == NULL ) { if( certid > 0 ) { - eurephia_log(ctx, LOG_INFO, 0, + eurephia_log(ctx, LOG_INFO, 0, "Found certid %i for user: %s/%s/%s", certid, org, cname, email); } else { - eurephia_log(ctx, LOG_INFO, 1, + eurephia_log(ctx, LOG_INFO, 1, "Unknown certificate for: %s/%s/%s (depth %s, digest: %s)", org, cname, email, depth, digest); } // Certificate is okay, certid contains the certificate ID } else { // If the certificate or IP is blacklisted, update status and deny access. - eurephia_log(ctx, LOG_WARNING, 1, + eurephia_log(ctx, LOG_WARNING, 0, "Attempt with BLACKLISTED certificate (certid %i)", certid); update_attempts(ctx, blid); certid = -1; @@ -233,7 +229,7 @@ int eDBauth_TLS(eurephiaCTX *ctx, const char *org, const char *cname, const char eurephia_log(ctx, LOG_FATAL, 0, "Could not look up certificate information"); } - DEBUG(ctx, 10, "Result function call: eDBauth_TLS(ctx, '%s', '%s', '%s', '%s', %s) - %i", + DEBUG(ctx, 20, "Result function call: eDBauth_TLS(ctx, '%s', '%s', '%s', '%s', %s) - %i", org, cname, email, digest, depth, certid); return certid; @@ -247,13 +243,13 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const char *crpwd = NULL, *activated = NULL, *deactivated = NULL, *blid_uname = NULL, *blid_cert; int uicid = 0, uid = 0, pwdok = 0; - DEBUG(ctx, 10, "Function call: eDBauth_user(ctx, %i, '%s','xxxxxxxx')", certid, username); + DEBUG(ctx, 20, "Function call: eDBauth_user(ctx, %i, '%s','xxxxxxxx')", certid, username); // Generate SHA1 hash of password, used for password auth crpwd = passwdhash(passwd); - res = sqlite_query(ctx, + res = sqlite_query(ctx, "SELECT uicid, ou.uid, activated, deactivated, bl1.blid, bl2.blid, " " (password = '%s') AS pwdok" " FROM openvpn_users ou" @@ -266,7 +262,7 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const crpwd, certid, username); free_nullsafe(crpwd); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_FATAL, 0, "Could not lookup user in database (certid %i, username '%s'", certid, username); return 0; } @@ -284,7 +280,7 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const uid, username); uicid = -1; } else if( blid_cert != NULL ) { - eurephia_log(ctx, LOG_WARNING, 0, + eurephia_log(ctx, LOG_WARNING, 0, "User account linked with a BLACKLISTED certificate " "(uid: %i, %s) - certid: %s", uid, username, certid); @@ -312,7 +308,7 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const } sqlite_free_results(res); - DEBUG(ctx, 10, "Result function call: eDBauth_user(ctx, %i, '%s','xxxxxxxx') - %i", + DEBUG(ctx, 20, "Result function call: eDBauth_user(ctx, %i, '%s','xxxxxxxx') - %i", certid, username, uicid); return uicid; @@ -324,16 +320,16 @@ int eDBget_uid(eurephiaCTX *ctx, const int certid, const char *username) dbresult *res = NULL; int ret = 0; - DEBUG(ctx, 10, "Function call: eDBget_uid(ctx, %i, '%s')", certid, username); + DEBUG(ctx, 20, "Function call: eDBget_uid(ctx, %i, '%s')", certid, username); - res = sqlite_query(ctx, + res = sqlite_query(ctx, "SELECT uid " " FROM openvpn_usercerts " " JOIN openvpn_users USING (uid) " " WHERE certid = '%i' AND username = '%q'", certid, username); if( (res == NULL) || (sqlite_get_numtuples(res) != 1) ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not lookup userid for user '%s'", username); + eurephia_log(ctx, LOG_FATAL, 0, "Could not lookup userid for user '%s'", username); ret = -1; } else { ret = atoi_nullsafe(sqlite_get_value(res, 0, 0)); @@ -351,10 +347,10 @@ int eDBblacklist_check(eurephiaCTX *ctx, const int type, const char *val) int atpexceed = -1, blacklisted = 0; char *atpid = NULL, *blid = NULL; - DEBUG(ctx, 10, "Function call: eDBblacklist_check(ctx, '%s', '%s')", + DEBUG(ctx, 20, "Function call: eDBblacklist_check(ctx, '%s', '%s')", eDBattempt_types[type].descr, val); - blr = sqlite_query(ctx, "SELECT blid FROM openvpn_blacklist WHERE %s = '%q'", + blr = sqlite_query(ctx, "SELECT blid FROM openvpn_blacklist WHERE %s = '%q'", eDBattempt_types[type].colname, val); if( blr != NULL ) { blid = strdup_nullsafe(sqlite_get_value(blr, 0, 0)); @@ -362,21 +358,21 @@ int eDBblacklist_check(eurephiaCTX *ctx, const int type, const char *val) blr = NULL; if( blid != NULL ) { - eurephia_log(ctx, LOG_WARNING, 1, "Attempt from blacklisted %s: %s", + eurephia_log(ctx, LOG_WARNING, 0, "Attempt from blacklisted %s: %s", eDBattempt_types[type].descr, val); blacklisted = 1; // [type] is blacklisted } // Update attempt information update_attempts(ctx, blid); } else { - eurephia_log(ctx, LOG_CRITICAL, 0, "Quering openvpn_blacklist for blacklisted %s", + eurephia_log(ctx, LOG_FATAL, 0, "Quering openvpn_blacklist for blacklisted %s failed", eDBattempt_types[type].descr); } if( blacklisted == 0 ) { // Check if this [type] has been attempted earlier - if it has reaced the maximum // attempt limit, blacklist it - atpr = sqlite_query(ctx, + atpr = sqlite_query(ctx, "SELECT atpid, attempts >= %q FROM openvpn_attempts WHERE %s = '%q'", eGet_value(ctx->dbc->config, eDBattempt_types[type].allow_cfg), eDBattempt_types[type].colname, val); @@ -389,14 +385,14 @@ int eDBblacklist_check(eurephiaCTX *ctx, const int type, const char *val) // If [type] has reached attempt limit and it is not black listed, black list it if( (atpexceed > 0) && (blid == NULL) ) { eurephia_log(ctx, LOG_WARNING, 0, - "%s got BLACKLISTED due to too many failed attempts: %s", + "%s got BLACKLISTED due to too many failed attempts: %s", eDBattempt_types[type].descr, val); blr = sqlite_query(ctx, - "INSERT INTO openvpn_blacklist (%s) VALUES ('%q')", + "INSERT INTO openvpn_blacklist (%s) VALUES ('%q')", eDBattempt_types[type].colname, val); if( blr == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, - "Could not blacklist %s (%s)", + eurephia_log(ctx, LOG_CRITICAL, 0, + "Could not blacklist %s (%s)", eDBattempt_types[type].descr, val); } sqlite_free_results(blr); @@ -411,7 +407,7 @@ int eDBblacklist_check(eurephiaCTX *ctx, const int type, const char *val) } free_nullsafe(blid); - DEBUG(ctx, 10, "Result - function call: eDBblacklist_check(ctx, '%s', '%s') - %i", + DEBUG(ctx, 20, "Result - function call: eDBblacklist_check(ctx, '%s', '%s') - %i", eDBattempt_types[type].descr, val, blacklisted); return blacklisted; @@ -423,7 +419,7 @@ void eDBregister_attempt(eurephiaCTX *ctx, int type, int mode, const char *value char *id = NULL, *atmpt_block = NULL, *blid = NULL; int attempts = 0; - DEBUG(ctx, 10, "Function call: eDBregister_attempt(ctx, %s, %s, '%s')", + DEBUG(ctx, 20, "Function call: eDBregister_attempt(ctx, %s, %s, '%s')", eDBattempt_types[type].colname, (mode == ATTEMPT_RESET ? "ATTEMPT_RESET" : "ATTEMPT_REGISTER"), value); @@ -440,7 +436,7 @@ void eDBregister_attempt(eurephiaCTX *ctx, int type, int mode, const char *value eDBattempt_types[type].colname, eDBattempt_types[type].colname, value); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not look up atpid in openvpn_attempts"); + eurephia_log(ctx, LOG_FATAL, 0, "Could not look up atpid in openvpn_attempts"); return; } @@ -511,11 +507,11 @@ int eDBregister_login(eurephiaCTX *ctx, eurephiaSESSION *skey, const int certid, { dbresult *res = NULL; - DEBUG(ctx, 10, "Function call: eDBregister_login(ctx, '%s', %i, %i, '%s','%s','%s','%s','%s')", + DEBUG(ctx, 20, "Function call: eDBregister_login(ctx, '%s', %i, %i, '%s','%s','%s','%s','%s')", skey->sessionkey, certid, uid, proto, remipaddr, remport, vpnipaddr, vpnipmask); if( skey->sessionstatus != SESSION_NEW ) { - eurephia_log(ctx, LOG_WARNING, 10, "Not a new session, will not register it again"); + eurephia_log(ctx, LOG_ERROR, 5, "Not a new session, will not register it again"); return 1; } @@ -527,7 +523,7 @@ int eDBregister_login(eurephiaCTX *ctx, eurephiaSESSION *skey, const int certid, "VALUES (%i, %i, '%q','%q','%q','%q','%q', 1,'%q', CURRENT_TIMESTAMP)", uid, certid, proto, remipaddr, remport, vpnipaddr, vpnipmask, skey->sessionkey); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not insert new session into openvpn_lastlog"); + eurephia_log(ctx, LOG_FATAL, 0, "Could not insert new session into openvpn_lastlog"); return 0; } sqlite_free_results(res); @@ -540,11 +536,11 @@ int eDBregister_vpnmacaddr(eurephiaCTX *ctx, eurephiaSESSION *session, const cha { dbresult *res = NULL; - DEBUG(ctx, 10, "Function call: eDBregister_vpnmacaddr(ctx, '%s', '%s')", + DEBUG(ctx, 20, "Function call: eDBregister_vpnmacaddr(ctx, '%s', '%s')", session->sessionkey, macaddr); if( macaddr == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "No MAC address was given to save"); + eurephia_log(ctx, LOG_FATAL, 0, "No MAC address was given to save"); return 0; } @@ -552,7 +548,7 @@ int eDBregister_vpnmacaddr(eurephiaCTX *ctx, eurephiaSESSION *session, const cha res = sqlite_query(ctx, "INSERT INTO openvpn_macaddr_history (sessionkey, macaddr) VALUES ('%q','%q')", session->sessionkey, macaddr); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Failed to log new MAC address for session"); + eurephia_log(ctx, LOG_FATAL, 0, "Failed to log new MAC address for session"); return 0; } sqlite_free_results(res); @@ -562,7 +558,7 @@ int eDBregister_vpnmacaddr(eurephiaCTX *ctx, eurephiaSESSION *session, const cha "UPDATE openvpn_lastlog SET sessionstatus = 2, macaddr = '%q' " " WHERE sessionkey = '%q' AND sessionstatus = 1", macaddr, session->sessionkey); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not update lastlog with new MAC address for session"); + eurephia_log(ctx, LOG_FATAL, 0, "Could not update lastlog with new MAC address for session"); return 0; } @@ -570,7 +566,7 @@ int eDBregister_vpnmacaddr(eurephiaCTX *ctx, eurephiaSESSION *session, const cha // Save the MAC address in the session values register - needed for the destroy session if( eDBset_session_value(ctx, session, "macaddr", macaddr) == 0 ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not save MAC address into session variables"); + eurephia_log(ctx, LOG_FATAL, 0, "Could not save MAC address into session variables"); return 0; } @@ -584,7 +580,7 @@ int eDBregister_logout(eurephiaCTX *ctx, eurephiaSESSION *skey, { dbresult *res = NULL; - DEBUG(ctx, 10, "Function call: eDBregister_logout(ctx, '%s', %s, %s)", + DEBUG(ctx, 20, "Function call: eDBregister_logout(ctx, '%s', %s, %s)", skey->sessionkey, bytes_sent, bytes_received); res = sqlite_query(ctx, @@ -595,7 +591,7 @@ int eDBregister_logout(eurephiaCTX *ctx, eurephiaSESSION *skey, atoi_nullsafe(bytes_sent), atoi_nullsafe(bytes_received), atoi_nullsafe(duration), skey->sessionkey); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not update lastlog with logout information (%s)", + eurephia_log(ctx, LOG_FATAL, 0, "Could not update lastlog with logout information (%s)", skey->sessionkey); return 0; } @@ -611,10 +607,10 @@ char *eDBget_sessionkey_seed(eurephiaCTX *ctx, const char *sessionseed) { dbresult *res = NULL; char *skey = NULL; - DEBUG(ctx, 10, "eDBget_sessionkey(ctx, '%s')", sessionseed); + DEBUG(ctx, 20, "eDBget_sessionkey(ctx, '%s')", sessionseed); if( sessionseed == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 1, + eurephia_log(ctx, LOG_FATAL, 1, "eDBget_sessionkey: No session seed given - cannot locate sessionkey"); return NULL; } @@ -626,7 +622,7 @@ char *eDBget_sessionkey_seed(eurephiaCTX *ctx, const char *sessionseed) { " AND sessionseed = '%q'", sessionseed); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0,"Could not retrieve sessionkey from openvpn_sessionkeys (%s)", + eurephia_log(ctx, LOG_FATAL, 0,"Could not retrieve sessionkey from openvpn_sessionkeys (%s)", sessionseed); return NULL; } @@ -649,10 +645,10 @@ char *eDBget_sessionkey_macaddr(eurephiaCTX *ctx, const char *macaddr) { " FROM openvpn_sessions " " JOIN openvpn_lastlog USING (sessionkey)" " WHERE sessionstatus = 3 " - " AND datakey = 'macaddr' " + " AND datakey = 'macaddr'" " AND dataval = '%q'", macaddr); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_FATAL, 0, "Could not remove session from database (MAC addr: %s)", macaddr); return 0; } @@ -668,16 +664,18 @@ int eDBcheck_sessionkey_uniqueness(eurephiaCTX *ctx, const char *seskey) { dbresult *res; int uniq = 0; - DEBUG(ctx, 10, "eDBcheck_sessionkey_uniqueness(ctx, '%s')", seskey); + DEBUG(ctx, 20, "eDBcheck_sessionkey_uniqueness(ctx, '%s')", seskey); if( seskey == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 1, + eurephia_log(ctx, LOG_FATAL, 1, "eDBcheck_sessionkey_uniqness: Invalid session key given"); return 0; } - res = sqlite_query(ctx, "SELECT count(sessionkey) = 0 FROM openvpn_lastlog WHERE sessionkey = '%q'", seskey); + res = sqlite_query(ctx, + "SELECT count(sessionkey) = 0 " + "FROM openvpn_lastlog WHERE sessionkey = '%q'", seskey); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_FATAL, 0, "eDBcheck_sessionkey_uniqness: Could not check uniqueness of sessionkey"); return 0; } @@ -691,18 +689,18 @@ int eDBcheck_sessionkey_uniqueness(eurephiaCTX *ctx, const char *seskey) { int eDBregister_sessionkey(eurephiaCTX *ctx, const char *seed, const char *seskey) { dbresult *res; - DEBUG(ctx, 10, "eDBregister_sessionkey(ctx, '%s', '%s')", seed, seskey); + DEBUG(ctx, 20, "eDBregister_sessionkey(ctx, '%s', '%s')", seed, seskey); if( (seed == NULL) || (seskey == NULL) ) { - eurephia_log(ctx, LOG_CRITICAL, 1, + eurephia_log(ctx, LOG_FATAL, 1, "eDBregister_sessionkey: Invalid session seed or session key given"); return 0; } - res = sqlite_query(ctx, + res = sqlite_query(ctx, "INSERT INTO openvpn_sessionkeys (sessionseed, sessionkey) VALUES('%q','%q')", seed, seskey); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_FATAL, 0, "eDBregister_sessionkey: Error registering sessionkey into openvpn_sessionkeys"); return 0; } @@ -714,16 +712,16 @@ int eDBregister_sessionkey(eurephiaCTX *ctx, const char *seed, const char *seske int eDBremove_sessionkey(eurephiaCTX *ctx, const char *seskey) { dbresult *res; - DEBUG(ctx, 10, "eDBremove_sessionkey(ctx, '%s')", seskey); + DEBUG(ctx, 20, "eDBremove_sessionkey(ctx, '%s')", seskey); if( seskey == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 1, + eurephia_log(ctx, LOG_FATAL, 1, "eDBremove_sessionkey: Invalid session key given"); return 0; } res = sqlite_query(ctx, "DELETE FROM openvpn_sessionkeys WHERE sessionkey = '%q'", seskey); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_FATAL, 0, "eDBremove_sessionkey: Error removing sessionkey from openvpn_sessionkeys"); return 0; } @@ -741,11 +739,11 @@ eurephiaVALUES *eDBload_sessiondata(eurephiaCTX *ctx, const char *sesskey) { return NULL; } - DEBUG(ctx, 10, "Function call: eDBload_sessiondata(ctx, '%s')", sesskey); + DEBUG(ctx, 20, "Function call: eDBload_sessiondata(ctx, '%s')", sesskey); sessvals = eCreate_value_space(ctx, 10); - res = sqlite_query(ctx, "SELECT datakey, dataval FROM openvpn_sessions WHERE sessionkey = '%q'", + res = sqlite_query(ctx, "SELECT datakey, dataval FROM openvpn_sessions WHERE sessionkey = '%q'", sesskey); if( (res != NULL) || (sqlite_get_numtuples(res) > 0) ) { for( i = 0; i < sqlite_get_numtuples(res); i++ ) { @@ -754,7 +752,7 @@ eurephiaVALUES *eDBload_sessiondata(eurephiaCTX *ctx, const char *sesskey) { sqlite_get_value(res, i, 1)); } } else { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_CRITICAL, 0, "Could not load session values for session '%s'", sesskey); } @@ -769,21 +767,21 @@ int eDBstore_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, int mode, dbresult *res = NULL; if( session == NULL ) { - DEBUG(ctx, 10, + DEBUG(ctx, 20, "Function call failed to eDBstore_session_value(ctx, ...): Non-existing session key"); return 0; } - DEBUG(ctx, 10, "Function call: eDBstore_session_value(ctx, '%s', %i, '%s', '%s')", + DEBUG(ctx, 20, "Function call: eDBstore_session_value(ctx, '%s', %i, '%s', '%s')", session->sessionkey, mode, key, val); switch( mode ) { case SESSVAL_NEW: - res = sqlite_query(ctx, + res = sqlite_query(ctx, "INSERT INTO openvpn_sessions (sessionkey, datakey, dataval) " "VALUES ('%q','%q','%q')", session->sessionkey, key, val); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_FATAL, 0, "Could not register new session variable into database: [%s] %s = %s", session->sessionkey, key, val); return 0; @@ -791,21 +789,24 @@ int eDBstore_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, int mode, break; case SESSVAL_UPDATE: - res = sqlite_query(ctx, + res = sqlite_query(ctx, "UPDATE openvpn_sessions SET dataval = '%q' " - " WHERE sessionkey = '%q' AND datakey = '%q'", val, session->sessionkey, key); + " WHERE sessionkey = '%q' AND datakey = '%q'", + val, session->sessionkey, key); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not update session variable: [%s] %s = %s ", + eurephia_log(ctx, LOG_FATAL, 0, "Could not update session variable: [%s] %s = %s ", session->sessionkey, key, val); return 0; } break; case SESSVAL_DELETE: - res = sqlite_query(ctx, "DELETE FROM openvpn_sessions WHERE sessionkey = '%q' AND datakey = '%q'", - session->sessionkey, key); + res = sqlite_query(ctx, + "DELETE FROM openvpn_sessions " + " WHERE sessionkey = '%q' AND datakey = '%q'", + session->sessionkey, key); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not delete session variable: [%s] %s", + eurephia_log(ctx, LOG_FATAL, 0, "Could not delete session variable: [%s] %s", session->sessionkey, key); return 0; } @@ -813,7 +814,7 @@ int eDBstore_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, int mode, default: eurephia_log(ctx, LOG_FATAL, 0, "Unknown eDBstore_session_value mode '%i'", mode); - return 1; + return 0; } sqlite_free_results(res); return 1; @@ -824,20 +825,20 @@ int eDBstore_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, int mode, int eDBdestroy_session(eurephiaCTX *ctx, eurephiaSESSION *session) { dbresult *res = NULL; - DEBUG(ctx, 10, "Function call: eDBdestroy_session(ctx, '%s')", session->sessionkey); + DEBUG(ctx, 20, "Function call: eDBdestroy_session(ctx, '%s')", session->sessionkey); if( (session == NULL) || (session->sessionkey == NULL) ) { - eurephia_log(ctx, LOG_ERROR, 1, "No active session given to be destroyed"); + eurephia_log(ctx, LOG_WARNING, 1, "No active session given to be destroyed"); return 1; } // Update session status - res = sqlite_query(ctx, + res = sqlite_query(ctx, "UPDATE openvpn_lastlog " " SET sessionstatus = 4, session_deleted = CURRENT_TIMESTAMP " " WHERE sessionkey = '%q' AND sessionstatus = 3", session->sessionkey); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_FATAL, 0, "Could not update session status in lastlog (%s))", session->sessionkey); return 0; } @@ -846,7 +847,7 @@ int eDBdestroy_session(eurephiaCTX *ctx, eurephiaSESSION *session) { // Delete session variables res = sqlite_query(ctx, "DELETE FROM openvpn_sessions WHERE sessionkey = '%q'", session->sessionkey); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_FATAL, 0, "Could not delete session variables (%s))", session->sessionkey); return 0; } @@ -865,17 +866,17 @@ char *eDBget_firewall_profile(eurephiaCTX *ctx, eurephiaSESSION *session) char *ret = NULL; dbresult *res = NULL; - DEBUG(ctx, 10, "Function call: eDBget_firewall_profile(ctx, {session}'%s')", + DEBUG(ctx, 20, "Function call: eDBget_firewall_profile(ctx, {session}'%s')", session->sessionkey); - res = sqlite_query(ctx, + res = sqlite_query(ctx, "SELECT fw_profile " " FROM openvpn_lastlog " " JOIN openvpn_usercerts USING(certid, uid)" " JOIN openvpn_accesses USING(accessprofile)" " WHERE sessionkey = '%q'", session->sessionkey); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not retrieve firewall profile for session '%s'", + eurephia_log(ctx, LOG_FATAL, 0, "Could not retrieve firewall profile for session '%s'", session->sessionkey); return NULL; } @@ -883,4 +884,3 @@ char *eDBget_firewall_profile(eurephiaCTX *ctx, eurephiaSESSION *session) sqlite_free_results(res); return ret; } - diff --git a/database/sqlite/sqlite.c b/database/sqlite/sqlite.c index 1a97793..85b41de 100644 --- a/database/sqlite/sqlite.c +++ b/database/sqlite/sqlite.c @@ -218,7 +218,7 @@ dbresult *sqlite_query(eurephiaCTX *ctx, char *fmt, ... ) { sql = sqlite3_vmprintf(fmt, ap); va_end(ap); - DEBUG(ctx, 11, "Doing SQL Query: %s", sql); + DEBUG(ctx, 25, "Doing SQL Query: %s", sql); rc = sqlite3_exec( (sqlite3 *) dbc->dbhandle, sql, _cb_parse_result, 0, &errMsg ); if( rc != SQLITE_OK ) { eurephia_log(ctx, LOG_ERROR, 0, "SQL Error: %s", errMsg); @@ -59,7 +59,7 @@ const char *get_env(eurephiaCTX *ctx, int logmasking, const char *envp[], const do_mask = logmasking; #endif if( ctx != NULL ) { - DEBUG(ctx, 23, "Function call: get_env(envp, '%s') == '%s'", + DEBUG(ctx, 30, "Function call: get_env(envp, '%s') == '%s'", key, (do_mask == 0 ? cp + 1 : "xxxxxxxxxxxxxx")); } #endif @@ -69,7 +69,7 @@ const char *get_env(eurephiaCTX *ctx, int logmasking, const char *envp[], const } } if( ctx != NULL ) { - DEBUG(ctx, 23, "Function call: get_env(envp, '%s') -- environment variable not found", + DEBUG(ctx, 15, "Function call: get_env(envp, '%s') -- environment variable not found", key); } va_end(ap); @@ -194,7 +194,7 @@ eurephiaCTX *eurephiaInit(const char **argv) eurephia_log(ctx, LOG_INFO, 0, "Loaded firewall interface: %s", fwintf); eFW_StartFirewall(ctx); } else { - eurephia_log(ctx, LOG_INFO, 0, "Loading of firewall interface failed (%s)", fwintf); + eurephia_log(ctx, LOG_FATAL, 0, "Loading of firewall interface failed (%s)", fwintf); ctx->eurephia_fw_intf = NULL; } } else { @@ -251,7 +251,7 @@ int eurephia_tlsverify(eurephiaCTX *ctx, const char **env, const char *depth) char *tls_digest, *tls_id; certinfo *ci = NULL; - DEBUG(ctx, 21, "** Function call: eurephia_tlsverify(...)"); + DEBUG(ctx, 10, "** Function call: eurephia_tlsverify(...)"); // Check if IP address is blacklisted ipaddr = (char *) get_env(ctx, 0, env, "untrusted_ip"); @@ -282,7 +282,7 @@ int eurephia_tlsverify(eurephiaCTX *ctx, const char **env, const char *depth) // Reset attempt counter for certificate if it is okey eDBregister_attempt(ctx, attempt_CERTIFICATE, ATTEMPT_RESET, tls_digest); } - DEBUG(ctx, 21, "** Function result: eurephia_tlsverify(...) == %i", result > 0); + DEBUG(ctx, 10, "** Function result: eurephia_tlsverify(...) == %i", result > 0); return (result > 0); } @@ -295,7 +295,7 @@ int eurephia_userauth(eurephiaCTX *ctx, const char **env) char *tls_digest, *tls_id, *username, *passwd; certinfo *ci = NULL; - DEBUG(ctx, 21, "** Function call: eurephia_userauth(...)"); + DEBUG(ctx, 10, "** Function call: eurephia_userauth(...)"); // Check if IP address is blacklisted @@ -351,7 +351,7 @@ int eurephia_userauth(eurephiaCTX *ctx, const char **env) eDBregister_attempt(ctx, attempt_CERTIFICATE, ATTEMPT_RESET, tls_digest); eDBregister_attempt(ctx, attempt_USERNAME, ATTEMPT_RESET, username); } - DEBUG(ctx, 21, "** Function result: eurephia_userauth(...) = %i", (result>0)); + DEBUG(ctx, 10, "** Function result: eurephia_userauth(...) = %i", (result>0)); return (result > 0); } @@ -362,7 +362,7 @@ int eurephia_connect(eurephiaCTX *ctx, const char **env) { int certid = 0, uid = 0, ret = 0; certinfo *ci = NULL; - DEBUG(ctx, 21, "** Function call: eurephia_connect(...)"); + DEBUG(ctx, 10, "** Function call: eurephia_connect(...)"); // Fetch needed info digest = get_env(ctx, 0, env, "tls_digest_0"); @@ -396,7 +396,7 @@ int eurephia_connect(eurephiaCTX *ctx, const char **env) { ret = eDBregister_login(ctx, session, certid, uid, proto, remipaddr, remport, vpnipaddr, vpnipmask); eDBfree_session(ctx, session); - DEBUG(ctx, 21, "** Function result: eurephia_connect(...) = %i", ret); + DEBUG(ctx, 10, "** Function result: eurephia_connect(...) = %i", ret); return ret; } @@ -407,7 +407,7 @@ int eurephia_disconnect(eurephiaCTX *ctx, const char **env) { const char *bytes_sent, *bytes_rec, *duration; int ret = 0; - DEBUG(ctx, 21, "** Function call: eurephia_disconnect(...)"); + DEBUG(ctx, 10, "** Function call: eurephia_disconnect(...)"); // Fetch needed info digest = get_env(ctx, 0, env, "tls_digest_0"); @@ -431,7 +431,7 @@ int eurephia_disconnect(eurephiaCTX *ctx, const char **env) { ret = eDBregister_logout(ctx, session, bytes_sent, bytes_rec, duration); eDBfree_session(ctx, session); - DEBUG(ctx, 21, "** Function result: eurephia_disconnect(...) = %i", ret); + DEBUG(ctx, 10, "** Function result: eurephia_disconnect(...) = %i", ret); return ret; } @@ -442,14 +442,14 @@ int eurephia_learn_address(eurephiaCTX *ctx, const char *mode, const char *macad char *fwprofile = NULL, *fwdest = NULL; int ret = 0, fw_enabled = 0; - DEBUG(ctx, 21, "** Function call: eurephia_learn_address(ctx, '%s', '%s', ...)", + DEBUG(ctx, 10, "** Function call: eurephia_learn_address(ctx, '%s', '%s', ...)", mode, macaddr); // Get firewall information fw_enabled = (eGet_value(ctx->dbc->config, "firewall_interface") != NULL); fwdest = eGet_value(ctx->dbc->config, "firewall_destination"); if( fw_enabled && (fwdest == NULL) ) { - eurephia_log(ctx, LOG_WARNING, 0, "No firewall destination defined in the config."); + eurephia_log(ctx, LOG_CRITICAL, 0, "No firewall destination defined in the config."); } if( strncmp(mode, "add", 3) == 0 ) { @@ -508,7 +508,7 @@ int eurephia_learn_address(eurephiaCTX *ctx, const char *mode, const char *macad } exit: - DEBUG(ctx, 21, "** Function result: eurephia_learn_address(ctx, '%s', '%s', ...) = %i", + DEBUG(ctx, 10, "** Function result: eurephia_learn_address(ctx, '%s', '%s', ...) = %i", mode, macaddr, ret); return ret; diff --git a/eurephia_getsym.c b/eurephia_getsym.c index fdf4cdc..e12221f 100644 --- a/eurephia_getsym.c +++ b/eurephia_getsym.c @@ -33,10 +33,10 @@ void *eGetSym(eurephiaCTX *ctx, void *dlh, const char *symnam) return NULL; } - DEBUG(ctx, 13, "Locating eDBlink function '%s'", symnam); + DEBUG(ctx, 30, "Locating eDBlink function '%s'", symnam); func = dlsym(dlh, symnam); if( func == NULL ) { - eurephia_log(ctx, LOG_ERROR, 1, "Could not find needed '%s' function in eDBlink driver", symnam); + eurephia_log(ctx, LOG_PANIC, 0, "Could not find needed '%s' function in eDBlink driver", symnam); ctx->fatal_error = 1; } return func; diff --git a/eurephia_values.c b/eurephia_values.c index 604ed3d..0b47374 100644 --- a/eurephia_values.c +++ b/eurephia_values.c @@ -57,11 +57,11 @@ eurephiaVALUES *eCreate_value_space(eurephiaCTX *ctx, int evgid) { eurephiaVALUES *ptr = NULL; - DEBUG(ctx, 12, "Function call: eCreate_value_space(ctx, %i)", evgid); + DEBUG(ctx, 32, "Function call: eCreate_value_space(ctx, %i)", evgid); ptr = (eurephiaVALUES *) malloc(sizeof(eurephiaVALUES) + 2); if( ptr == NULL ) { - eurephia_log(ctx, LOG_FATAL, 0, "Could not allocate memory for a new eurephiaVALUE struct"); + eurephia_log(ctx, LOG_PANIC, 0, "Could not allocate memory for a new eurephiaVALUE struct"); return NULL; } memset(ptr, 0, sizeof(eurephiaVALUES) + 2); @@ -75,7 +75,7 @@ void eAdd_value(eurephiaCTX *ctx, eurephiaVALUES *vls, const char *key, const ch eurephiaVALUES *ptr = NULL, *ptr2 = NULL; int vid = 0; - DEBUG(ctx, 12, "Function call: eAdd_value(ctx, vls(%i), '%s', '%s')", + DEBUG(ctx, 31, "Function call: eAdd_value(ctx, vls(%i), '%s', '%s')", (vls != NULL ? vls->evid : -1), key, val); // Allocate buffer and safe values @@ -109,7 +109,7 @@ void do_free_vals(eurephiaVALUES *vls) { } void eFree_values_func(eurephiaCTX *ctx, eurephiaVALUES *vls) { - DEBUG(ctx, 12, "Function call: eFree_values(ctx, vls(%i))", + DEBUG(ctx, 31, "Function call: eFree_values(ctx, vls(%i))", (vls != NULL ? vls->evid : -1)); if( (vls == NULL) ) { diff --git a/eurephiadb.c b/eurephiadb.c index 3e895b3..6bc63cc 100644 --- a/eurephiadb.c +++ b/eurephiadb.c @@ -41,7 +41,7 @@ int eDBlink_close(eurephiaCTX *ctx) return 1; } - DEBUG(ctx, 2, "Unloading eurephiaDB driver"); + eurephia_log(ctx, LOG_INFO, 3, "Unloading eurephiaDB driver"); if( ctx->eurephia_driver != NULL ) { dlclose(ctx->eurephia_driver); ctx->eurephia_driver = NULL; diff --git a/eurephiadb_session.c b/eurephiadb_session.c index 1c9b831..927f3ff 100644 --- a/eurephiadb_session.c +++ b/eurephiadb_session.c @@ -58,14 +58,14 @@ int eDBset_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, const char return 0; } - DEBUG(ctx, 10, "Function call: eDBset_session_value(ctx, '%s','%s','%s')", + DEBUG(ctx, 30, "Function call: eDBset_session_value(ctx, '%s','%s','%s')", session->sessionkey, key, val); // Create a new session value buffer if it does not exist if( session->sessvals == NULL ) { session->sessvals = eCreate_value_space(ctx, 10); if( session->sessvals == NULL ) { - eurephia_log(ctx, LOG_FATAL, 0, "Could not allocate memory for session values"); + eurephia_log(ctx, LOG_PANIC, 0, "Could not allocate memory for session values"); return 0; } } @@ -73,20 +73,20 @@ int eDBset_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, const char // Check if the session value exists already. If it does update it, or else add it svals = eGet_valuestruct(session->sessvals, key); if( (svals == NULL) && (val != NULL) ) { - DEBUG(ctx, 23, "eDBset_session_value ... New session value: %s = '%s'", key, val); + DEBUG(ctx, 32, "eDBset_session_value ... New session value: %s = '%s'", key, val); // Add a new session value if( eDBstore_session_value(ctx, session, SESSVAL_NEW, key, val) ) { - DEBUG(ctx, 23, "eDBset_session_value ... Adding value to value stack: %s = '%s'", + DEBUG(ctx, 32, "eDBset_session_value ... Adding value to value stack: %s = '%s'", key, val); // Add value to the stack eAdd_value(ctx, session->sessvals, key, val); - DEBUG(ctx, 11, "Registered session variable to session '%s': %s = %s", + DEBUG(ctx, 32, "Registered session variable to session '%s': %s = %s", session->sessionkey, key, val); } } else if( svals != NULL ) { if( (val != NULL) && (strcmp(svals->val, val) == 0) ) { - DEBUG(ctx, 11, "Session value not changed('%s','%s','%s)", + DEBUG(ctx, 32, "Session value not changed('%s','%s','%s)", session->sessionkey, key, val); return 1; } @@ -94,11 +94,11 @@ int eDBset_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, const char if( eDBstore_session_value(ctx, session,(val != NULL ? SESSVAL_UPDATE : SESSVAL_DELETE), key,val)){ free_nullsafe(svals->val); svals->val = strdup_nullsafe(val); - DEBUG(ctx, 11, "Session variable updated in session '%s': %s = %s", + DEBUG(ctx, 32, "Session variable updated in session '%s': %s = %s", session->sessionkey, key, val); } } else if( (svals == NULL) && (val == NULL ) ) { - DEBUG(ctx, 11, "Ignoring saving new session value '%s' == NULL", key); + DEBUG(ctx, 32, "Ignoring saving new session value '%s' == NULL", key); } return 1; } @@ -111,7 +111,7 @@ int get_randstring(eurephiaCTX *ctx, char *rndstr, int len) { do { if( !rand_init ) { if( !RAND_load_file("/dev/urandom", 64) ) { - DEBUG(ctx, 5, "Could not load random data from /dev/urandom"); + eurehpia_log(ctx, LOG_FATAL, 0, "Could not load random data from /dev/urandom"); return 0; } rand_init = 1; @@ -123,7 +123,7 @@ int get_randstring(eurephiaCTX *ctx, char *rndstr, int len) { sleep(1); rand_init = 0; } while( attempts++ < 11 ); - DEBUG(ctx, 5, "RAND_pseudo_bytes() could not generate enough random data"); + eurephia_log(ctx, LOG_FATAL, 0, "RAND_pseudo_bytes() could not generate enough random data"); return 0; } @@ -142,12 +142,12 @@ eurephiaSESSION *eDBopen_session_seed(eurephiaCTX *ctx, const char *digest, uint8_t sha_res[SHA512_HASH_SIZE]; int totlen = 0, i = 0; - DEBUG(ctx, 10, "Function call: eDBopen_session_seed(ctx, '%s', '%s', '%s', '%s', '%s', '%s', '%s')", + DEBUG(ctx, 12, "Function call: eDBopen_session_seed(ctx, '%s', '%s', '%s', '%s', '%s', '%s', '%s')", digest, cname, username, vpnipaddr, vpnipmask, remipaddr, remport); new_session = (eurephiaSESSION *) malloc(sizeof(eurephiaSESSION) + 2); if( new_session == NULL ) { - eurephia_log(ctx, LOG_FATAL, 0, "Could not allocate memory for a new session"); + eurephia_log(ctx, LOG_PANIC, 0, "Could not allocate memory for a new session"); return NULL; } memset(new_session, 0, sizeof(eurephiaSESSION) + 2); @@ -159,7 +159,7 @@ eurephiaSESSION *eDBopen_session_seed(eurephiaCTX *ctx, const char *digest, seeddata = (char *) malloc((totlen * 2) + 4); if( seeddata == NULL ) { - eurephia_log(ctx, LOG_FATAL, 0, "Could not allocate memory for a new session key (1)"); + eurephia_log(ctx, LOG_PANIC, 0, "Could not allocate memory for a new session key (1)"); free_nullsafe(new_session); return NULL; } @@ -177,7 +177,7 @@ eurephiaSESSION *eDBopen_session_seed(eurephiaCTX *ctx, const char *digest, seed = (char *) malloc((SHA512_HASH_SIZE*2)+3); if( seed == NULL ) { - eurephia_log(ctx, LOG_FATAL, 0, "Could not allocate memory for session seed"); + eurephia_log(ctx, LOG_PANIC, 0, "Could not allocate memory for session seed"); free_nullsafe(seeddata); free_nullsafe(new_session); return NULL; @@ -192,7 +192,7 @@ eurephiaSESSION *eDBopen_session_seed(eurephiaCTX *ctx, const char *digest, memset(&sha, 0, sizeof(SHA512Context)); memset(&sha_res, 0, sizeof(sha_res)); - DEBUG(ctx, 12, "Using session seed '%s'", seed); + DEBUG(ctx, 13, "Using session seed '%s'", seed); // Try to retrieve the sessionkey from the database, based on the session seed new_session->sessionkey = eDBget_sessionkey_seed(ctx, seed); @@ -203,12 +203,12 @@ eurephiaSESSION *eDBopen_session_seed(eurephiaCTX *ctx, const char *digest, char *skeydata = NULL; int loop = 0, uniqcheck = 0; - DEBUG(ctx, 12, "Unknown session seed, creating new session key"); + DEBUG(ctx, 13, "Unknown session seed, creating new session key"); // Loop until we get a unique sessionkey - don't loop more than 10 times skeydata = (char *) malloc((totlen*2)+4); if( skeydata == NULL ) { - eurephia_log(ctx, LOG_FATAL, 0, "Could not allocate memory for new session key data"); + eurephia_log(ctx, LOG_PANIC, 0, "Could not allocate memory for new session key data"); free_nullsafe(new_session->sessionkey); free_nullsafe(new_session); free_nullsafe(seeddata); @@ -223,7 +223,7 @@ eurephiaSESSION *eDBopen_session_seed(eurephiaCTX *ctx, const char *digest, // Append some random data to our session seed rndstr = (char *) malloc((totlen * 2)); if( rndstr == NULL ) { - eurephia_log(ctx, LOG_FATAL, 0, + eurephia_log(ctx, LOG_PANIC, 0, "Could not allocate memory for new session key data (2)"); free_nullsafe(new_session->sessionkey); free_nullsafe(new_session); @@ -235,7 +235,7 @@ eurephiaSESSION *eDBopen_session_seed(eurephiaCTX *ctx, const char *digest, rndlen = ((totlen * 2) - strlen_nullsafe(seed) - 2); if( !get_randstring(ctx, rndstr, rndlen) ) { - eurephia_log(ctx, LOG_FATAL, 0, + eurephia_log(ctx, LOG_PANIC, 0, "Could not generate enough random data for session key"); free_nullsafe(new_session->sessionkey); free_nullsafe(new_session); @@ -252,7 +252,7 @@ eurephiaSESSION *eDBopen_session_seed(eurephiaCTX *ctx, const char *digest, free_nullsafe(new_session->sessionkey); new_session->sessionkey = (char *) malloc((SHA512_HASH_SIZE*2)+3); if( new_session->sessionkey == NULL ) { - eurephia_log(ctx, LOG_FATAL, 0, + eurephia_log(ctx, LOG_PANIC, 0, "Could not allocate memory for new session key"); free_nullsafe(new_session); free_nullsafe(seeddata); @@ -277,7 +277,7 @@ eurephiaSESSION *eDBopen_session_seed(eurephiaCTX *ctx, const char *digest, // If we did not manage to create a unique session key (random data collection must have failed!) if( uniqcheck == 0 ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_FATAL, 0, "Did not manage to create a unique sessionkey after %i attempts", loop-1); free_nullsafe(new_session->sessionkey); free_nullsafe(new_session); @@ -298,7 +298,7 @@ eurephiaSESSION *eDBopen_session_seed(eurephiaCTX *ctx, const char *digest, new_session->sessionstatus = SESSION_NEW; } else { new_session->sessionstatus = SESSION_EXISTING; - DEBUG(ctx, 12, "Session seed found, using sessionkey '%s'", new_session->sessionkey); + DEBUG(ctx, 13, "Session seed found, using sessionkey '%s'", new_session->sessionkey); } free_nullsafe(seed); free_nullsafe(seeddata); @@ -314,11 +314,11 @@ eurephiaSESSION *eDBopen_session_seed(eurephiaCTX *ctx, const char *digest, eurephiaSESSION *eDBopen_session_macaddr(eurephiaCTX *ctx, const char *macaddr) { eurephiaSESSION *new_session = NULL; - DEBUG(ctx, 10, "Function call: eDBopen_session_mac(ctx, '%s')", macaddr); + DEBUG(ctx, 12, "Function call: eDBopen_session_mac(ctx, '%s')", macaddr); new_session = (eurephiaSESSION *) malloc(sizeof(eurephiaSESSION) + 2); if( new_session == NULL ) { - eurephia_log(ctx, LOG_FATAL, 0, "Could not allocate memory for a new session"); + eurephia_log(ctx, LOG_PANIC, 0, "Could not allocate memory for a new session"); return NULL; } memset(new_session, 0, sizeof(eurephiaSESSION) + 2); @@ -331,6 +331,7 @@ eurephiaSESSION *eDBopen_session_macaddr(eurephiaCTX *ctx, const char *macaddr) free_nullsafe(new_session); return NULL; } + DEBUG(ctx, 13, "Session seed found, using sessionkey '%s'", new_session->sessionkey); // Load session values from the database new_session->sessvals = eDBload_sessiondata(ctx, new_session->sessionkey); @@ -345,10 +346,8 @@ void eDBfree_session_func(eurephiaCTX *ctx, eurephiaSESSION *session) { if( session == NULL ) { return; } - DEBUG(ctx, 20, "Function call: eDBfree_session(ctx, '%s')", session->sessionkey); + DEBUG(ctx, 12, "Function call: eDBfree_session(ctx, '%s')", session->sessionkey); eFree_values(ctx, session->sessvals); free_nullsafe(session->sessionkey); free_nullsafe(session); } - - diff --git a/eurephiafw.c b/eurephiafw.c index a84770c..ee4949b 100644 --- a/eurephiafw.c +++ b/eurephiafw.c @@ -44,7 +44,7 @@ int eFW_unload(eurephiaCTX *ctx) { } if( ctx->eurephia_fw_intf != NULL ) { - DEBUG(ctx, 2, "Unloading eurephia firewall interface"); + eurephia_log(ctx, LOG_INFO, 3, "Unloading eurephia firewall interface"); dlclose(ctx->eurephia_fw_intf); ctx->eurephia_fw_intf = NULL; return 0; @@ -116,7 +116,7 @@ void eFW_StartFirewall(eurephiaCTX *ctx) { (*ctx->fwcfg).thrdata.fw_command = strdup_nullsafe(eGet_value(ctx->dbc->config, "firewall_command")); if( (*ctx->fwcfg).thrdata.fw_command == NULL) { - eurephia_log(ctx, LOG_ERROR, 0, "Could not find firewall_command in configuration. " + eurephia_log(ctx, LOG_PANIC, 0, "Could not find firewall_command in configuration. " "Firewall updates will not be available."); return; } else { @@ -126,11 +126,11 @@ void eFW_StartFirewall(eurephiaCTX *ctx) { fwdest = eGet_value(ctx->dbc->config, "firewall_destination"); if( fwdest == NULL ) { - eurephia_log(ctx, LOG_ERROR, 0, "Could not find firewall_destination in configuration. " + eurephia_log(ctx, LOG_PANIC, 0, "Could not find firewall_destination in configuration. " "Firewall updates will not be available."); return; } else { - eurephia_log(ctx, LOG_INFO, 1, "Using the %s chain for VPN accesses", fwdest); + eurephia_log(ctx, LOG_INFO, 1, "Using '%s' as firewall rule for VPN accesses", fwdest); } eurephia_log(ctx, LOG_INFO, 3, "Starting eurephia firewall interface"); @@ -152,7 +152,7 @@ void eFW_StartFirewall(eurephiaCTX *ctx) { // Start a new process (should run with root permissions) - which will do the firewall work if( (ctx->fwcfg->fwproc_pid = fork()) < 0 ) { - eurephia_log(ctx, LOG_FATAL, 0, + eurephia_log(ctx, LOG_PANIC, 0, "Could not fork out a child process for the firewall interface (%s)", strerror(errno)); return; @@ -179,13 +179,13 @@ void eFW_StartFirewall(eurephiaCTX *ctx) { "Error while emptying messages from queue: %s", strerror(errno)); } else { - DEBUG(ctx, 22, "Removed message on queue: %s", buf); + DEBUG(ctx, 28, "Removed message on queue: %s", buf); } } } eurephia_log(ctx, LOG_INFO, 3, "Message queue for firewall updates is ready"); } else { - eurephia_log(ctx, LOG_WARNING, 0, "Could not retrieve message queue attributes (%s)", + eurephia_log(ctx, LOG_FATAL, 0, "Could not retrieve message queue attributes (%s)", strerror(errno)); } @@ -193,7 +193,7 @@ void eFW_StartFirewall(eurephiaCTX *ctx) { sem_post(ctx->fwcfg->thrdata.semp_master); // Waiting for the FW module to get ready - DEBUG(ctx, 20, "eFW master is ready, waiting for the eFW worker to get ready"); + DEBUG(ctx, 28, "eFW master is ready, waiting for the eFW worker to get ready"); sem_wait(ctx->fwcfg->thrdata.semp_worker); eurephia_log(ctx, LOG_INFO, 2, "eFW interface initialised."); @@ -201,7 +201,7 @@ void eFW_StartFirewall(eurephiaCTX *ctx) { memset(&buf, 0, 1026); snprintf(buf, 1024, "F %s", fwdest); if( mq_send((*ctx->fwcfg).thrdata.msgq, buf, strlen(buf)+1, 1) == -1 ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not request firewall flushing of the %s chain: %s", + eurephia_log(ctx, LOG_ERROR, 0, "Could not request firewall flushing of the %s chain: %s", fwdest, strerror(errno)); }; } @@ -214,7 +214,7 @@ void eFW_StopFirewall(eurephiaCTX *ctx) { return; } - eurephia_log(ctx, LOG_INFO, 3, "Stopping eurephia firewall interface"); + eurephia_log(ctx, LOG_INFO, 2, "Stopping eurephia firewall interface"); // Flush the firewall chain before shutting down, to make sure // we don't unintentionally some accesses open @@ -237,20 +237,20 @@ void eFW_StopFirewall(eurephiaCTX *ctx) { memset(&buf, 0, 520); snprintf(buf, 512, "FWSHUTDOWN%c", 0); if( mq_send((*ctx->fwcfg).thrdata.msgq, buf, 11, 1) == -1 ) { - eurephia_log(ctx, LOG_FATAL, 0, "Could not initiate shutdown on eFW module: %s", strerror(errno)); + eurephia_log(ctx, LOG_PANIC, 0, "Could not initiate shutdown on eFW module: %s", strerror(errno)); kill(ctx->fwcfg->fwproc_pid, SIGABRT); } // Wait for the firewall module process to finish if( waitpid(ctx->fwcfg->fwproc_pid, &childret, 0) != ctx->fwcfg->fwproc_pid ) { - eurephia_log(ctx, LOG_FATAL, 0, "Failed to wait for eFW module process to quit: %s", + eurephia_log(ctx, LOG_PANIC, 0, "Failed to wait for eFW module process to quit: %s", strerror(errno)); kill(ctx->fwcfg->fwproc_pid, SIGABRT); } free_nullsafe((*ctx->fwcfg).thrdata.fw_command); free_nullsafe(ctx->fwcfg); - eurephia_log(ctx, LOG_INFO, 3, "eurephia firewall interface is stopped"); + eurephia_log(ctx, LOG_INFO, 2, "eurephia firewall interface is stopped"); } @@ -259,7 +259,7 @@ int eFW_UpdateFirewall(eurephiaCTX *ctx, int mode, char buf[1026]; if( (*ctx->fwcfg).thrdata.fw_command == NULL ) { - eurephia_log(ctx, LOG_ERROR, 0, "Function call: eFW_UpdateFirewall() -- " + eurephia_log(ctx, LOG_FATAL, 0, "Function call: eFW_UpdateFirewall() -- " "firewall_command is not configured. Firewall rules was not updated."); return 0; } @@ -267,14 +267,14 @@ int eFW_UpdateFirewall(eurephiaCTX *ctx, int mode, memset(&buf, 0, 1026); switch( mode ) { case FWRULE_ADD: - eurephia_log(ctx, LOG_INFO, 1, "Function call: eFW_UpdateFirewall(ctx, %s, '%s', '%s', '%s')", + eurephia_log(ctx, LOG_INFO, 3, "Function call: eFW_UpdateFirewall(ctx, %s, '%s', '%s', '%s')", "ADD", macaddr, fwdest, fwprofile); snprintf(buf, 1024, "A %s %s %s", macaddr, fwdest, fwprofile); mq_send((*ctx->fwcfg).thrdata.msgq, buf, strlen(buf)+1, 1); return 1; case FWRULE_DELETE: - eurephia_log(ctx, LOG_INFO, 1, "Function call: eFW_UpdateFirewall(ctx, %s, '%s', '%s', '%s')", + eurephia_log(ctx, LOG_INFO, 3, "Function call: eFW_UpdateFirewall(ctx, %s, '%s', '%s', '%s')", "DELETE", macaddr, fwdest, fwprofile); snprintf(buf, 1024, "D %s %s %s", macaddr, fwdest, fwprofile); mq_send((*ctx->fwcfg).thrdata.msgq, buf, strlen(buf)+1, 1); diff --git a/eurephiafw_helpers.c b/eurephiafw_helpers.c index dd1ff52..ba6305d 100644 --- a/eurephiafw_helpers.c +++ b/eurephiafw_helpers.c @@ -52,13 +52,13 @@ int efwSetupSemaphores(eurephiaCTX *ctx, efw_threaddata *cfg) { int efwRemoveSemaphores(eurephiaCTX *ctx, efw_threaddata *cfg) { if( sem_close(cfg->semp_worker) != 0 ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_WARNING, 0, "eFW: Could not destroy semaphore for worker: %s", strerror(errno)); } sem_unlink(SEMPH_WORKER); if( sem_close(cfg->semp_master) != 0 ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_WARNING, 0, "eFW: Could not destroy semaphore for master: %s", strerror(errno)); } sem_unlink(SEMPH_MASTER); diff --git a/firewall/iptables/efw_iptables.c b/firewall/iptables/efw_iptables.c index 3d3e4ff..3bd9cce 100644 --- a/firewall/iptables/efw_iptables.c +++ b/firewall/iptables/efw_iptables.c @@ -54,9 +54,9 @@ void eFW_RunFirewall(void *fwargs) { unsigned int prio; char buf[EFW_MSG_SIZE+2]; - DEBUG(ctx, 22, "eFW_RunFirewall: Waiting for eFW master to get ready"); + DEBUG(ctx, 28, "eFW_RunFirewall: Waiting for eFW master to get ready"); sem_wait(cfg->semp_master); - DEBUG(ctx, 22, "eFW_RunFirewall: Telling eFW master that the worker process is ready"); + DEBUG(ctx, 28, "eFW_RunFirewall: Telling eFW master that the worker process is ready"); sem_post(cfg->semp_worker); if( cfg->fw_command == NULL ) { @@ -79,7 +79,7 @@ void eFW_RunFirewall(void *fwargs) { if( !quit ) { int res = 0; - DEBUG(ctx, 23, "eFW_RunFirewall: Received '%s'", buf); + DEBUG(ctx, 20, "eFW_RunFirewall: Received '%s'", buf); res = process_input(ctx, cfg->fw_command, buf); if( ! res ) { @@ -105,7 +105,7 @@ int process_input(eurephiaCTX *ctx, const char *fwcmd, const char *input) { orig_msg = strdup_nullsafe(input); msg = orig_msg; - DEBUG(ctx, 23, "eFW_RunFirewall::process_input(ctx, '%s')", msg); + DEBUG(ctx, 36, "eFW_RunFirewall::process_input(ctx, '%s')", msg); // // Simple parsing of the input string @@ -151,7 +151,7 @@ int process_input(eurephiaCTX *ctx, const char *fwcmd, const char *input) { iptables_args[8] = jump; iptables_args[9] = NULL; - eurephia_log(ctx, LOG_INFO, 2, "eFW_RunFirewall - updating iptables rules " + eurephia_log(ctx, LOG_INFO, 3, "eFW_RunFirewall - updating iptables rules " "==> mode: %s macaddr: '%s' destchain: '%s' jump: '%s'", (mode[1] == 'A' ? "ADD":"DELETE"), macaddr, destchain, jump); break; @@ -160,7 +160,7 @@ int process_input(eurephiaCTX *ctx, const char *fwcmd, const char *input) { destchain = msg; iptables_args[2] = destchain; - eurephia_log(ctx, LOG_INFO, 2, "eFW_RunFirewall - updating iptables rules " + eurephia_log(ctx, LOG_INFO, 3, "eFW_RunFirewall - updating iptables rules " "==> mode: FLUSH destchain: '%s'", destchain); break; |