summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Sommerseth <dazo@users.sourceforge.net>2008-10-04 00:42:37 +0200
committerDavid Sommerseth <dazo@users.sourceforge.net>2008-10-04 00:42:37 +0200
commit298838fa11b9c4e88e132c4551b93b9a1750fac5 (patch)
tree976bff31b42bb6420d991447fee90dbed78c03c8
parent5a06808210ba0d52c06c34dee124f1a9fd95d92e (diff)
parentdb82a5db49a17e26f87a2779b62707983abd44f3 (diff)
downloadeurephia-298838fa11b9c4e88e132c4551b93b9a1750fac5.tar.gz
eurephia-298838fa11b9c4e88e132c4551b93b9a1750fac5.tar.xz
eurephia-298838fa11b9c4e88e132c4551b93b9a1750fac5.zip
Merge branch 'master' into cmake
Diffstat
-rw-r--r--TODO2
-rw-r--r--TODO.done2
-rw-r--r--database/eurephiadb-driver_template.c160
-rw-r--r--database/sqlite/eurephiadb-sqlite.c170
-rw-r--r--database/sqlite/sqlite.c2
-rw-r--r--eurephia.c28
-rw-r--r--eurephia_getsym.c4
-rw-r--r--eurephia_values.c8
-rw-r--r--eurephiadb.c2
-rw-r--r--eurephiadb_session.c53
-rw-r--r--eurephiafw.c32
-rw-r--r--eurephiafw_helpers.c4
-rw-r--r--firewall/iptables/efw_iptables.c12
13 files changed, 244 insertions, 235 deletions
diff --git a/TODO b/TODO
index 57acbf5..c13e630 100644
--- a/TODO
+++ b/TODO
@@ -2,8 +2,6 @@
** beta_0.9 requirements
**
-* Go through all log statements, make sure log type and log level is sane
-
**
** Release 1.0 requirements
**
diff --git a/TODO.done b/TODO.done
index e5a70cb..a3d54e6 100644
--- a/TODO.done
+++ b/TODO.done
@@ -1,3 +1,5 @@
+* Go through all log statements, make sure log type and log level is sane
+
* Add pthread mutex locking in eurephia_log(...) [beta_0.9 req]
* Make new eurephiadb-driver_template.c - template for creating db driver (DONE)
diff --git a/database/eurephiadb-driver_template.c b/database/eurephiadb-driver_template.c
index 005afc7..fc67510 100644
--- a/database/eurephiadb-driver_template.c
+++ b/database/eurephiadb-driver_template.c
@@ -88,7 +88,7 @@ void update_attempts(eurephiaCTX *ctx, const char *blid) {
" SET last_accessed = CURRENT_TIMESTAMP WHERE blid = %s", blid
*/
if( /* SQL COMMAND FAILED */ ) {
- eurephia_log(ctx, LOG_CRITICAL, 0,
+ eurephia_log(ctx, LOG_CRITICAL, 0,
"Could not update openvpn_blacklist.last_accessed for blid=%s", blid);
}
/* FREE SQL RESULT */
@@ -124,7 +124,7 @@ int eDBconnect(eurephiaCTX *ctx, const int argc, const char **argv)
* You are free to use whatever parameter syntax you would like to use.
*/
- DEBUG(ctx, 10, "Function call: eDBconnect(ctx, %i, '...')", argc, dbame);
+ DEBUG(ctx, 20, "Function call: eDBconnect(ctx, %i, '...')", argc, dbame);
// Connect to the database
dbc = (eDBconn *) malloc(sizeof(eDBconn)+2);
@@ -136,7 +136,7 @@ int eDBconnect(eurephiaCTX *ctx, const int argc, const char **argv)
/* WORK TO DO -- Open a database connection, and save the handle in dbc->handle */
if( /* IF CONNECTION FAILED */ ) {
- eurephia_log(ctx, LOG_FATAL, 0, "Could not open database '%s'", dbc->dbname);
+ eurephia_log(ctx, LOG_PANIC, 0, "Could not open database '%s'", dbc->dbname);
free_nullsafe(dbc->dbname);
free_nullsafe(dbc);
return 0;
@@ -178,7 +178,7 @@ void eDBdisconnect(eurephiaCTX *ctx)
{
eDBconn *dbc = NULL;
- DEBUG(ctx, 10, "Function call: eDBdisconnect(ctx)");
+ DEBUG(ctx, 20, "Function call: eDBdisconnect(ctx)");
if( ctx->dbc == NULL ) {
eurephia_log(ctx, LOG_WARNING, 0, "Database not open, cannot close database.");
@@ -186,7 +186,7 @@ void eDBdisconnect(eurephiaCTX *ctx)
}
dbc = ctx->dbc;
- eurephia_log(ctx, LOG_INFO, 2, "Closing database '%s'", dbc->dbname);
+ eurephia_log(ctx, LOG_INFO, 1, "Closing database '%s'", dbc->dbname);
/* WORK TO DO: Close database connection using dbc->dbhandle */
@@ -209,7 +209,7 @@ int eDBauth_TLS(eurephiaCTX *ctx, const char *org, const char *cname, const char
int certid = 0;
char *blid = NULL;
- DEBUG(ctx, 10, "Function call: eDBauth_TLS(ctx, '%s', '%s', '%s', '%s', %s)",
+ DEBUG(ctx, 20, "Function call: eDBauth_TLS(ctx, '%s', '%s', '%s', '%s', %s)",
org, cname, email, digest, depth);
// Check if certificate is valid, and not too many attempts has been tried with the given certificate
@@ -230,18 +230,18 @@ int eDBauth_TLS(eurephiaCTX *ctx, const char *org, const char *cname, const char
// Check if we found certificate to be blacklisted or not. blid == NULL when NOT blacklisted
if( blid == NULL ) {
if( certid > 0 ) {
- eurephia_log(ctx, LOG_INFO, 0,
+ eurephia_log(ctx, LOG_INFO, 0,
"Found certid %i for user: %s/%s/%s",
certid, org, cname, email);
} else {
- eurephia_log(ctx, LOG_INFO, 1,
+ eurephia_log(ctx, LOG_INFO, 1,
"Unknown certificate for: %s/%s/%s (depth %s, digest: %s)",
org, cname, email, depth, digest);
}
// Certificate is okay, certid contains the certificate ID
} else {
// If the certificate or IP is blacklisted, update status and deny access.
- eurephia_log(ctx, LOG_WARNING, 1,
+ eurephia_log(ctx, LOG_WARNING, 0,
"Attempt with BLACKLISTED certificate (certid %i)", certid);
update_attempts(ctx, blid);
certid = -1;
@@ -251,7 +251,7 @@ int eDBauth_TLS(eurephiaCTX *ctx, const char *org, const char *cname, const char
eurephia_log(ctx, LOG_FATAL, 0, "Could not look up certificate information");
}
- DEBUG(ctx, 10, "Result function call: eDBauth_TLS(ctx, '%s', '%s', '%s', '%s', %s) - %i",
+ DEBUG(ctx, 20, "Result function call: eDBauth_TLS(ctx, '%s', '%s', '%s', '%s', %s) - %i",
org, cname, email, digest, depth, certid);
return certid;
@@ -264,7 +264,7 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const
char *crpwd = NULL, *activated = NULL, *deactivated = NULL, *blid_uname = NULL, *blid_cert;
int uicid = 0, uid = 0, pwdok = 0;
- DEBUG(ctx, 10, "Function call: eDBauth_user(ctx, %i, '%s','xxxxxxxx')", certid, username);
+ DEBUG(ctx, 20, "Function call: eDBauth_user(ctx, %i, '%s','xxxxxxxx')", certid, username);
// Generate SHA1 hash of password, used for password auth
@@ -284,8 +284,8 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const
*/
free_nullsafe(crpwd);
if( /* IF NO RESULT WAS RETURNED */ ) {
- eurephia_log(ctx, LOG_CRITICAL, 0,
- "Could not lookup user in database (certid %i, username '%s'", certid, username);
+ eurephia_log(ctx, LOG_FATAL, 0,
+ "Could not look up user in database (certid %i, username '%s'", certid, username);
return 0;
}
@@ -298,25 +298,29 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const
pwdok = atoi_nullsafe(/* GET pwdok FIELD FROM SQL RESULT */);
if( blid_uname != NULL ) {
- eurephia_log(ctx, LOG_WARNING, 0, "User account is BLACKLISTED (uid: %i, %s)",
+ eurephia_log(ctx, LOG_WARNING, 0,
+ "User account is BLACKLISTED (uid: %i, %s)",
uid, username);
uicid = -1;
} else if( blid_cert != NULL ) {
- eurephia_log(ctx, LOG_WARNING, 0,
+ eurephia_log(ctx, LOG_WARNING, 0,
"User account linked with a BLACKLISTED certificate "
"(uid: %i, %s) - certid: %s",
uid, username, certid);
uicid = -1;
} else if( activated == NULL ) {
- eurephia_log(ctx, LOG_WARNING, 0, "User account is not activated (uid: %i, %s)",
+ eurephia_log(ctx, LOG_WARNING, 0,
+ "User account is not activated (uid: %i, %s)",
uid, username);
uicid = -1;
} else if( deactivated != NULL ) {
- eurephia_log(ctx, LOG_WARNING, 0, "User account is deactivated (uid: %i, %s)",
+ eurephia_log(ctx, LOG_WARNING, 0,
+ "User account is deactivated (uid: %i, %s)",
uid, username);
uicid = -1;
} else if( pwdok != 1 ) {
- eurephia_log(ctx, LOG_WARNING, 0,"Authentication failed for user '%s'. Wrong password.",
+ eurephia_log(ctx, LOG_WARNING, 0,
+ "Authentication failed for user '%s'. Wrong password.",
username);
uicid = -1;
@@ -330,7 +334,7 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const
}
/* FREE SQL RESULT */
- DEBUG(ctx, 10, "Result function call: eDBauth_user(ctx, %i, '%s','xxxxxxxx') - %i",
+ DEBUG(ctx, 20, "Result function call: eDBauth_user(ctx, %i, '%s','xxxxxxxx') - %i",
certid, username, uicid);
return uicid;
@@ -341,7 +345,7 @@ int eDBget_uid(eurephiaCTX *ctx, const int certid, const char *username)
{
int ret = 0;
- DEBUG(ctx, 10, "Function call: eDBget_uid(ctx, %i, '%s')", certid, username);
+ DEBUG(ctx, 20, "Function call: eDBget_uid(ctx, %i, '%s')", certid, username);
/* WORK TO DO -- DO SQL:
"SELECT uid "
@@ -351,7 +355,7 @@ int eDBget_uid(eurephiaCTX *ctx, const int certid, const char *username)
certid, username
*/
if( /* IF NO RESULT FOUND */ || /* OR WE GOT MORE THAN 1 RECORD */ ) {
- eurephia_log(ctx, LOG_CRITICAL, 0, "Could not lookup userid for user '%s'", username);
+ eurephia_log(ctx, LOG_FATAL, 0, "Could not lookup userid for user '%s'", username);
ret = -1;
} else {
ret = atoi_nullsafe(/* GET uid FIELD FROM SQL RESULT */);
@@ -368,7 +372,7 @@ int eDBblacklist_check(eurephiaCTX *ctx, const int type, const char *val)
int atpexceed = -1, blacklisted = 0;
char *atpid = NULL, *blid = NULL;
- DEBUG(ctx, 10, "Function call: eDBblacklist_check(ctx, '%s', '%s')",
+ DEBUG(ctx, 20, "Function call: eDBblacklist_check(ctx, '%s', '%s')",
eDBattempt_types[type].descr, val);
/* WORK TO DO -- DO SQL:
@@ -380,14 +384,14 @@ int eDBblacklist_check(eurephiaCTX *ctx, const int type, const char *val)
/* FREE SQL RESULT */
if( blid != NULL ) { // If we found a blacklisted record
- eurephia_log(ctx, LOG_WARNING, 1, "Attempt from blacklisted %s: %s",
+ eurephia_log(ctx, LOG_WARNING, 0, "Attempt from blacklisted %s: %s",
eDBattempt_types[type].descr, val);
blacklisted = 1; // [type] is blacklisted
}
// Update attempt information
update_attempts(ctx, blid);
} else {
- eurephia_log(ctx, LOG_CRITICAL, 0, "Quering openvpn_blacklist for blacklisted %s",
+ eurephia_log(ctx, LOG_FATAL, 0, "Quering openvpn_blacklist for blacklisted %s failed",
eDBattempt_types[type].descr);
}
@@ -408,15 +412,15 @@ int eDBblacklist_check(eurephiaCTX *ctx, const int type, const char *val)
// If [type] has reached attempt limit and it is not black listed, black list it
if( (atpexceed > 0) && (blid == NULL) ) {
eurephia_log(ctx, LOG_WARNING, 0,
- "%s got BLACKLISTED due to too many failed attempts: %s",
+ "%s got BLACKLISTED due to too many failed attempts: %s",
eDBattempt_types[type].descr, val);
/* WORK TO DO -- DO SQL
"INSERT INTO openvpn_blacklist (%s) VALUES ('%q')",
eDBattempt_types[type].colname, val
*/
if( /* IF SQL QUERY FAILED */ ) {
- eurephia_log(ctx, LOG_CRITICAL, 0,
- "Could not blacklist %s (%s)",
+ eurephia_log(ctx, LOG_CRITICAL, 0,
+ "Could not blacklist %s (%s)",
eDBattempt_types[type].descr, val);
}
/* FREE SQL RESULT */
@@ -424,14 +428,15 @@ int eDBblacklist_check(eurephiaCTX *ctx, const int type, const char *val)
}
free_nullsafe(atpid);
} else {
- eurephia_log(ctx, LOG_CRITICAL, 0, "Quering openvpn_attempts for blacklisted %s failed",
+ eurephia_log(ctx, LOG_CRITICAL, 0,
+ "Quering openvpn_attempts for blacklisted %s failed",
eDBattempt_types[type].descr);
}
free_nullsafe(atpr);
}
free_nullsafe(blid);
- DEBUG(ctx, 10, "Result - function call: eDBblacklist_check(ctx, '%s', '%s') - %i",
+ DEBUG(ctx, 20, "Result - function call: eDBblacklist_check(ctx, '%s', '%s') - %i",
eDBattempt_types[type].descr, val, blacklisted);
return blacklisted;
@@ -443,7 +448,7 @@ void eDBregister_attempt(eurephiaCTX *ctx, int type, int mode, const char *value
char *id = NULL, *atmpt_block = NULL, *blid = NULL;
int attempts = 0;
- DEBUG(ctx, 10, "Function call: eDBregister_attempt(ctx, %s, %s, '%s')",
+ DEBUG(ctx, 20, "Function call: eDBregister_attempt(ctx, %s, %s, '%s')",
eDBattempt_types[type].colname,
(mode == ATTEMPT_RESET ? "ATTEMPT_RESET" : "ATTEMPT_REGISTER"),
value);
@@ -461,7 +466,7 @@ void eDBregister_attempt(eurephiaCTX *ctx, int type, int mode, const char *value
eDBattempt_types[type].colname, value
*/
if( /* IF SQL QUERY FAILED */ ) {
- eurephia_log(ctx, LOG_CRITICAL, 0, "Could not look up atpid in openvpn_attempts");
+ eurephia_log(ctx, LOG_FATAL, 0, "Could not look up atpid in openvpn_attempts");
return;
}
@@ -487,7 +492,7 @@ void eDBregister_attempt(eurephiaCTX *ctx, int type, int mode, const char *value
Result check comes later ...
*/
- } else if( id != NULL ){
+ } else if( id != NULL ) {
// if a attempt record exists, update it according to mode
switch( mode ) {
case ATTEMPT_RESET:
@@ -512,7 +517,7 @@ void eDBregister_attempt(eurephiaCTX *ctx, int type, int mode, const char *value
}
if( /* IF SQL QUERY FAILED */ ) {
eurephia_log(ctx, LOG_CRITICAL, 0,
- "Could not update openvpn_attempts for %s = %s",
+ "Could not update openvpn_attempts for %s = %s",
eDBattempt_types[type].colname, value);
}
/* FREE SQL RESULT */
@@ -528,7 +533,7 @@ void eDBregister_attempt(eurephiaCTX *ctx, int type, int mode, const char *value
eDBattempt_types[type].colname, value
*/
if( /* IF SQL FAILED */ ) {
- eurephia_log(ctx, LOG_CRITICAL, 0,
+ eurephia_log(ctx, LOG_CRITICAL, 0,
"Could not blacklist %s: %s",
eDBattempt_types[type].descr, value);
}
@@ -545,11 +550,11 @@ int eDBregister_login(eurephiaCTX *ctx, eurephiaSESSION *skey, const int certid,
const char *proto, const char *remipaddr, const char *remport,
const char *vpnipaddr, const char *vpnipmask)
{
- DEBUG(ctx, 10, "Function call: eDBregister_login(ctx, '%s', %i, %i, '%s','%s','%s','%s','%s')",
+ DEBUG(ctx, 20, "Function call: eDBregister_login(ctx, '%s', %i, %i, '%s','%s','%s','%s','%s')",
skey->sessionkey, certid, uid, proto, remipaddr, remport, vpnipaddr, vpnipmask);
if( skey->sessionstatus != SESSION_NEW ) {
- eurephia_log(ctx, LOG_WARNING, 10, "Not a new session, will not register it again");
+ eurephia_log(ctx, LOG_ERROR, 5, "Not a new session, will not register it again");
return 1;
}
@@ -562,7 +567,7 @@ int eDBregister_login(eurephiaCTX *ctx, eurephiaSESSION *skey, const int certid,
uid, certid, proto, remipaddr, remport, vpnipaddr, vpnipmask, skey->sessionkey
*/
if( /* IF SQL QUERY FAILED */ ) {
- eurephia_log(ctx, LOG_CRITICAL, 0, "Could not insert new session into openvpn_lastlog");
+ eurephia_log(ctx, LOG_FATAL, 0, "Could not insert new session into openvpn_lastlog");
return 0;
}
/* FREE SQL RESULT */
@@ -574,11 +579,11 @@ int eDBregister_login(eurephiaCTX *ctx, eurephiaSESSION *skey, const int certid,
int eDBregister_vpnmacaddr(eurephiaCTX *ctx, eurephiaSESSION *session, const char *macaddr)
{
- DEBUG(ctx, 10, "Function call: eDBregister_vpnmacaddr(ctx, '%s', '%s')",
+ DEBUG(ctx, 20, "Function call: eDBregister_vpnmacaddr(ctx, '%s', '%s')",
session->sessionkey, macaddr);
if( macaddr == NULL ) {
- eurephia_log(ctx, LOG_CRITICAL, 0, "No MAC address was given to save");
+ eurephia_log(ctx, LOG_FATAL, 0, "No MAC address was given to save");
return 0;
}
@@ -588,7 +593,7 @@ int eDBregister_vpnmacaddr(eurephiaCTX *ctx, eurephiaSESSION *session, const cha
session->sessionkey, macaddr
*/
if( /* IF SQL QUERY FAILED */ ) {
- eurephia_log(ctx, LOG_CRITICAL, 0, "Failed to log new MAC address for session");
+ eurephia_log(ctx, LOG_FATAL, 0, "Failed to log new MAC address for session");
return 0;
}
/* FREE SQL RESULT */
@@ -599,14 +604,14 @@ int eDBregister_vpnmacaddr(eurephiaCTX *ctx, eurephiaSESSION *session, const cha
" WHERE sessionkey = '%q' AND sessionstatus = 1", macaddr, session->sessionkey);
*/
if( /* IF SQL QUERY FAILED */ ) {
- eurephia_log(ctx, LOG_CRITICAL, 0, "Could not update lastlog with new MAC address for session");
+ eurephia_log(ctx, LOG_FATAL, 0, "Could not update lastlog with new MAC address for session");
return 0;
}
/* FREE SQL RESULT */
// Save the MAC address in the session values register - needed for the destroy session
if( eDBset_session_value(ctx, session, "macaddr", macaddr) == 0 ) {
- eurephia_log(ctx, LOG_CRITICAL, 0, "Could not save MAC address into session variables");
+ eurephia_log(ctx, LOG_FATAL, 0, "Could not save MAC address into session variables");
return 0;
}
@@ -615,10 +620,10 @@ int eDBregister_vpnmacaddr(eurephiaCTX *ctx, eurephiaSESSION *session, const cha
// Register the user as logged out
-int eDBregister_logout(eurephiaCTX *ctx, eurephiaSESSION *skey,
+int eDBregister_logout(eurephiaCTX *ctx, eurephiaSESSION *skey,
const char *bytes_sent, const char *bytes_received, const char *duration)
{
- DEBUG(ctx, 10, "Function call: eDBregister_logout(ctx, '%s', %s, %s)",
+ DEBUG(ctx, 20, "Function call: eDBregister_logout(ctx, '%s', %s, %s)",
skey->sessionkey, bytes_sent, bytes_received);
/* WORK TO DO -- DO SQL:
@@ -630,7 +635,8 @@ int eDBregister_logout(eurephiaCTX *ctx, eurephiaSESSION *skey,
atoi_nullsafe(duration), skey->sessionke
*/
if( /* IF SQL QUERY FAILED */ ) {
- eurephia_log(ctx, LOG_CRITICAL, 0, "Could not update lastlog with logout information (%s)",
+ eurephia_log(ctx, LOG_FATAL, 0,
+ "Could not update lastlog with logout information (%s)",
skey->sessionkey);
return 0;
}
@@ -645,10 +651,10 @@ int eDBregister_logout(eurephiaCTX *ctx, eurephiaSESSION *skey,
char *eDBget_sessionkey_seed(eurephiaCTX *ctx, const char *sessionseed) {
char *skey = NULL;
- DEBUG(ctx, 10, "eDBget_sessionkey(ctx, '%s')", sessionseed);
+ DEBUG(ctx, 20, "eDBget_sessionkey(ctx, '%s')", sessionseed);
if( sessionseed == NULL ) {
- eurephia_log(ctx, LOG_CRITICAL, 1,
+ eurephia_log(ctx, LOG_FATAL, 1,
"eDBget_sessionkey: No session seed given - cannot locate sessionkey");
return NULL;
}
@@ -662,7 +668,8 @@ char *eDBget_sessionkey_seed(eurephiaCTX *ctx, const char *sessionseed) {
sessionseed
*/
if( /* IF SQL QUERY FAILED */ ) {
- eurephia_log(ctx, LOG_CRITICAL, 0,"Could not retrieve sessionkey from openvpn_sessionkeys (%s)",
+ eurephia_log(ctx, LOG_FATAL, 0,
+ "Could not retrieve sessionkey from openvpn_sessionkeys (%s)",
sessionseed);
return NULL;
}
@@ -689,7 +696,7 @@ char *eDBget_sessionkey_macaddr(eurephiaCTX *ctx, const char *macaddr) {
macaddr
*/
if( /* IF SQL QUERY FAILED */ ) {
- eurephia_log(ctx, LOG_CRITICAL, 0,
+ eurephia_log(ctx, LOG_FATAL, 0,
"Could not remove session from database (MAC addr: %s)", macaddr);
return 0;
}
@@ -704,9 +711,9 @@ char *eDBget_sessionkey_macaddr(eurephiaCTX *ctx, const char *macaddr) {
int eDBcheck_sessionkey_uniqueness(eurephiaCTX *ctx, const char *seskey) {
int uniq = 0;
- DEBUG(ctx, 10, "eDBcheck_sessionkey_uniqueness(ctx, '%s')", seskey);
+ DEBUG(ctx, 20, "eDBcheck_sessionkey_uniqueness(ctx, '%s')", seskey);
if( seskey == NULL ) {
- eurephia_log(ctx, LOG_CRITICAL, 1,
+ eurephia_log(ctx, LOG_FATAL, 1,
"eDBcheck_sessionkey_uniqness: Invalid session key given");
return 0;
}
@@ -716,7 +723,7 @@ int eDBcheck_sessionkey_uniqueness(eurephiaCTX *ctx, const char *seskey) {
seskey
*/
if( /* IF SQL QUERY FAILED */ ) {
- eurephia_log(ctx, LOG_CRITICAL, 0,
+ eurephia_log(ctx, LOG_FATAL, 0,
"eDBcheck_sessionkey_uniqness: Could not check uniqueness of sessionkey");
return 0;
}
@@ -729,9 +736,9 @@ int eDBcheck_sessionkey_uniqueness(eurephiaCTX *ctx, const char *seskey) {
// register a link between a short-term session seed and a long-term session key
int eDBregister_sessionkey(eurephiaCTX *ctx, const char *seed, const char *seskey) {
- DEBUG(ctx, 10, "eDBregister_sessionkey(ctx, '%s', '%s')", seed, seskey);
+ DEBUG(ctx, 20, "eDBregister_sessionkey(ctx, '%s', '%s')", seed, seskey);
if( (seed == NULL) || (seskey == NULL) ) {
- eurephia_log(ctx, LOG_CRITICAL, 1,
+ eurephia_log(ctx, LOG_FATAL, 1,
"eDBregister_sessionkey: Invalid session seed or session key given");
return 0;
}
@@ -741,7 +748,7 @@ int eDBregister_sessionkey(eurephiaCTX *ctx, const char *seed, const char *seske
seed, seskey
*/
if( /* IF SQL QUERY FAILED */ ) {
- eurephia_log(ctx, LOG_CRITICAL, 0,
+ eurephia_log(ctx, LOG_FATAL, 0,
"eDBregister_sessionkey: Error registering sessionkey into openvpn_sessionkeys");
return 0;
}
@@ -752,9 +759,9 @@ int eDBregister_sessionkey(eurephiaCTX *ctx, const char *seed, const char *seske
// remove a session seed/session key link from openvpn_sessionkeys
int eDBremove_sessionkey(eurephiaCTX *ctx, const char *seskey) {
- DEBUG(ctx, 10, "eDBremove_sessionkey(ctx, '%s')", seskey);
+ DEBUG(ctx, 20, "eDBremove_sessionkey(ctx, '%s')", seskey);
if( seskey == NULL ) {
- eurephia_log(ctx, LOG_CRITICAL, 1,
+ eurephia_log(ctx, LOG_FATAL, 1,
"eDBremove_sessionkey: Invalid session key given");
return 0;
}
@@ -764,7 +771,7 @@ int eDBremove_sessionkey(eurephiaCTX *ctx, const char *seskey) {
seskey
*/
if( /* IF SQL QUERY FAILED */ ) {
- eurephia_log(ctx, LOG_CRITICAL, 0,
+ eurephia_log(ctx, LOG_FATAL, 0,
"eDBremove_sessionkey: Error removing sessionkey from openvpn_sessionkeys");
return 0;
}
@@ -781,7 +788,7 @@ eurephiaVALUES *eDBload_sessiondata(eurephiaCTX *ctx, const char *sesskey) {
return NULL;
}
- DEBUG(ctx, 10, "Function call: eDBload_sessiondata(ctx, '%s')", sesskey);
+ DEBUG(ctx, 20, "Function call: eDBload_sessiondata(ctx, '%s')", sesskey);
sessvals = eCreate_value_space(ctx, 10);
@@ -791,13 +798,13 @@ eurephiaVALUES *eDBload_sessiondata(eurephiaCTX *ctx, const char *sesskey) {
*/
if( /* IF WE GOT RECORDS IN THE QUERY */ ) {
for( /* LOOP THROUGH ALL RECORDS */ ) {
- eAdd_value(ctx, sessvals,
+ eAdd_value(ctx, sessvals,
/* GET datakey FROM SQL RESULT */,
/* GET dataval FROM SQL RESULT */);
}
/* FREE SQL RESULT */
} else {
- eurephia_log(ctx, LOG_CRITICAL, 0,
+ eurephia_log(ctx, LOG_CRITICAL, 0,
"Could not load session values for session '%s'", sesskey);
}
@@ -810,12 +817,12 @@ int eDBstore_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, int mode,
{
if( session == NULL ) {
- DEBUG(ctx, 10,
+ DEBUG(ctx, 20,
"Function call failed to eDBstore_session_value(ctx, ...): Non-existing session key");
return 0;
}
- DEBUG(ctx, 10, "Function call: eDBstore_session_value(ctx, '%s', %i, '%s', '%s')",
+ DEBUG(ctx, 20, "Function call: eDBstore_session_value(ctx, '%s', %i, '%s', '%s')",
session->sessionkey, mode, key, val);
switch( mode ) {
@@ -826,7 +833,7 @@ int eDBstore_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, int mode,
session->sessionkey, key, val
*/
if( /* IF SQL QUERY FAILED */ ) {
- eurephia_log(ctx, LOG_CRITICAL, 0,
+ eurephia_log(ctx, LOG_FATAL, 0,
"Could not register new session variable into database: [%s] %s = %s",
session->sessionkey, key, val);
return 0;
@@ -840,7 +847,8 @@ int eDBstore_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, int mode,
val, session->sessionkey, key
*/
if( /* IF SQL QUERY FAILED */ ) {
- eurephia_log(ctx, LOG_CRITICAL, 0, "Could not update session variable: [%s] %s = %s ",
+ eurephia_log(ctx, LOG_FATAL, 0,
+ "Could not update session variable: [%s] %s = %s ",
session->sessionkey, key, val);
return 0;
}
@@ -852,15 +860,17 @@ int eDBstore_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, int mode,
session->sessionkey, key
*/
if( /* IF SQL QUERY FAILED */ ) {
- eurephia_log(ctx, LOG_CRITICAL, 0, "Could not delete session variable: [%s] %s",
+ eurephia_log(ctx, LOG_FATAL, 0,
+ "Could not delete session variable: [%s] %s",
session->sessionkey, key);
return 0;
}
break;
default:
- eurephia_log(ctx, LOG_FATAL, 0, "Unknown eDBstore_session_value mode '%i'", mode);
- return 1;
+ eurephia_log(ctx, LOG_FATAL, 0,
+ "Unknown eDBstore_session_value mode '%i'", mode);
+ return 0;
}
/* FREE SQL RESULT */
return 1;
@@ -870,10 +880,10 @@ int eDBstore_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, int mode,
// Delete session information from openvpn_sessions and update openvpn_lastlog with status
int eDBdestroy_session(eurephiaCTX *ctx, eurephiaSESSION *session) {
- DEBUG(ctx, 10, "Function call: eDBdestroy_session(ctx, '%s')", session->sessionkey);
+ DEBUG(ctx, 20, "Function call: eDBdestroy_session(ctx, '%s')", session->sessionkey);
if( (session == NULL) || (session->sessionkey == NULL) ) {
- eurephia_log(ctx, LOG_ERROR, 1, "No active session given to be destroyed");
+ eurephia_log(ctx, LOG_WARNING, 1, "No active session given to be destroyed");
return 1;
}
@@ -885,7 +895,7 @@ int eDBdestroy_session(eurephiaCTX *ctx, eurephiaSESSION *session) {
session->sessionkey
*/
if( /* IF SQL QUERY FAILED */ ) {
- eurephia_log(ctx, LOG_CRITICAL, 0,
+ eurephia_log(ctx, LOG_FATAL, 0,
"Could not update session status in lastlog (%s))", session->sessionkey);
return 0;
}
@@ -897,7 +907,7 @@ int eDBdestroy_session(eurephiaCTX *ctx, eurephiaSESSION *session) {
session->sessionkey
*/
if( /* IF SQL QUERY FAILED */ ) {
- eurephia_log(ctx, LOG_CRITICAL, 0,
+ eurephia_log(ctx, LOG_FATAL, 0,
"Could not delete session variables (%s))", session->sessionkey);
return 0;
}
@@ -915,7 +925,7 @@ char *eDBget_firewall_profile(eurephiaCTX *ctx, eurephiaSESSION *session)
{
char *ret = NULL;
- DEBUG(ctx, 10, "Function call: eDBget_firewall_profile(ctx, {session}'%s')",
+ DEBUG(ctx, 20, "Function call: eDBget_firewall_profile(ctx, {session}'%s')",
session->sessionkey);
/* WORK TO DO -- DO SQL:
@@ -927,7 +937,8 @@ char *eDBget_firewall_profile(eurephiaCTX *ctx, eurephiaSESSION *session)
session->sessionkey
*/
if( /* IF SQL QUERY FAILED */ ) {
- eurephia_log(ctx, LOG_CRITICAL, 0, "Could not retrieve firewall profile for session '%s'",
+ eurephia_log(ctx, LOG_FATAL, 0,
+ "Could not retrieve firewall profile for session '%s'",
session->sessionkey);
return NULL;
}
@@ -935,4 +946,3 @@ char *eDBget_firewall_profile(eurephiaCTX *ctx, eurephiaSESSION *session)
/* FREE SQL RESULT */
return ret;
}
-
diff --git a/database/sqlite/eurephiadb-sqlite.c b/database/sqlite/eurephiadb-sqlite.c
index 49e7e36..2a0b9be 100644
--- a/database/sqlite/eurephiadb-sqlite.c
+++ b/database/sqlite/eurephiadb-sqlite.c
@@ -87,7 +87,7 @@ void update_attempts(eurephiaCTX *ctx, const char *blid) {
"UPDATE openvpn_blacklist "
" SET last_accessed = CURRENT_TIMESTAMP WHERE blid = %q", blid);
if( res == NULL ) {
- eurephia_log(ctx, LOG_CRITICAL, 0,
+ eurephia_log(ctx, LOG_CRITICAL, 0,
"Could not update openvpn_blacklist.last_accessed for blid=%s", blid);
}
sqlite_free_results(res);
@@ -105,14 +105,10 @@ int eDBconnect(eurephiaCTX *ctx, const int argc, const char **argv)
dbresult *res = NULL;
int rc;
-#ifdef MEMWATCH
- mwStatistics(3);
-#endif
-
- DEBUG(ctx, 10, "Function call: eDBconnect(ctx, %i, '%s')", argc, argv[0]);
+ DEBUG(ctx, 20, "Function call: eDBconnect(ctx, %i, '%s')", argc, argv[0]);
if( (argc != 1) || (argv[0] == NULL) || (strlen(argv[0]) < 1) ) {
- eurephia_log(ctx, LOG_PANIC, 0, "Wrong parameters to dblink-sqlite. Cannot open database.");
+ eurephia_log(ctx, LOG_PANIC, 0, "Wrong parameters to eurephiadb-sqlite. Cannot open database.");
return 0;
}
@@ -125,7 +121,7 @@ int eDBconnect(eurephiaCTX *ctx, const int argc, const char **argv)
rc = sqlite3_open(argv[0], (void *) &dbc->dbhandle);
if( rc ) {
- eurephia_log(ctx, LOG_FATAL, 0, "Could not open database '%s'", dbc->dbname);
+ eurephia_log(ctx, LOG_PANIC, 0, "Could not open database '%s'", dbc->dbname);
free_nullsafe(dbc->dbname);
free_nullsafe(dbc);
return 0;
@@ -161,7 +157,7 @@ void eDBdisconnect(eurephiaCTX *ctx)
{
eDBconn *dbc = NULL;
- DEBUG(ctx, 10, "Function call: eDBdisconnect(ctx)");
+ DEBUG(ctx, 20, "Function call: eDBdisconnect(ctx)");
if( ctx->dbc == NULL ) {
eurephia_log(ctx, LOG_WARNING, 0, "Database not open, cannot close database.");
@@ -169,7 +165,7 @@ void eDBdisconnect(eurephiaCTX *ctx)
}
dbc = ctx->dbc;
- eurephia_log(ctx, LOG_INFO, 2, "Closing database '%s'", dbc->dbname);
+ eurephia_log(ctx, LOG_INFO, 1, "Closing database '%s'", dbc->dbname);
// Close database connection
sqlite3_close((sqlite3 *) dbc->dbhandle);
@@ -192,8 +188,8 @@ int eDBauth_TLS(eurephiaCTX *ctx, const char *org, const char *cname, const char
int certid = 0;
char *blid = NULL;
- DEBUG(ctx, 10, "Function call: eDBauth_TLS(ctx, '%s', '%s', '%s', '%s', %s)",
- org, cname, email, digest, depth);
+ DEBUG(ctx, 20, "Function call: eDBauth_TLS(ctx, '%s', '%s', '%s', '%s', %s)",
+ org, cname, email, digest, depth);
// Check if certificate is valid, and not too many attempts has been tried with the given certificate
res = sqlite_query(ctx,
@@ -212,18 +208,18 @@ int eDBauth_TLS(eurephiaCTX *ctx, const char *org, const char *cname, const char
// Check if we found certificate to be blacklisted or not. blid == NULL when NOT blacklisted
if( blid == NULL ) {
if( certid > 0 ) {
- eurephia_log(ctx, LOG_INFO, 0,
+ eurephia_log(ctx, LOG_INFO, 0,
"Found certid %i for user: %s/%s/%s",
certid, org, cname, email);
} else {
- eurephia_log(ctx, LOG_INFO, 1,
+ eurephia_log(ctx, LOG_INFO, 1,
"Unknown certificate for: %s/%s/%s (depth %s, digest: %s)",
org, cname, email, depth, digest);
}
// Certificate is okay, certid contains the certificate ID
} else {
// If the certificate or IP is blacklisted, update status and deny access.
- eurephia_log(ctx, LOG_WARNING, 1,
+ eurephia_log(ctx, LOG_WARNING, 0,
"Attempt with BLACKLISTED certificate (certid %i)", certid);
update_attempts(ctx, blid);
certid = -1;
@@ -233,7 +229,7 @@ int eDBauth_TLS(eurephiaCTX *ctx, const char *org, const char *cname, const char
eurephia_log(ctx, LOG_FATAL, 0, "Could not look up certificate information");
}
- DEBUG(ctx, 10, "Result function call: eDBauth_TLS(ctx, '%s', '%s', '%s', '%s', %s) - %i",
+ DEBUG(ctx, 20, "Result function call: eDBauth_TLS(ctx, '%s', '%s', '%s', '%s', %s) - %i",
org, cname, email, digest, depth, certid);
return certid;
@@ -247,13 +243,13 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const
char *crpwd = NULL, *activated = NULL, *deactivated = NULL, *blid_uname = NULL, *blid_cert;
int uicid = 0, uid = 0, pwdok = 0;
- DEBUG(ctx, 10, "Function call: eDBauth_user(ctx, %i, '%s','xxxxxxxx')", certid, username);
+ DEBUG(ctx, 20, "Function call: eDBauth_user(ctx, %i, '%s','xxxxxxxx')", certid, username);
// Generate SHA1 hash of password, used for password auth
crpwd = passwdhash(passwd);
- res = sqlite_query(ctx,
+ res = sqlite_query(ctx,
"SELECT uicid, ou.uid, activated, deactivated, bl1.blid, bl2.blid, "
" (password = '%s') AS pwdok"
" FROM openvpn_users ou"
@@ -266,7 +262,7 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const
crpwd, certid, username);
free_nullsafe(crpwd);
if( res == NULL ) {
- eurephia_log(ctx, LOG_CRITICAL, 0,
+ eurephia_log(ctx, LOG_FATAL, 0,
"Could not lookup user in database (certid %i, username '%s'", certid, username);
return 0;
}
@@ -284,7 +280,7 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const
uid, username);
uicid = -1;
} else if( blid_cert != NULL ) {
- eurephia_log(ctx, LOG_WARNING, 0,
+ eurephia_log(ctx, LOG_WARNING, 0,
"User account linked with a BLACKLISTED certificate "
"(uid: %i, %s) - certid: %s",
uid, username, certid);
@@ -312,7 +308,7 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const
}
sqlite_free_results(res);
- DEBUG(ctx, 10, "Result function call: eDBauth_user(ctx, %i, '%s','xxxxxxxx') - %i",
+ DEBUG(ctx, 20, "Result function call: eDBauth_user(ctx, %i, '%s','xxxxxxxx') - %i",
certid, username, uicid);
return uicid;
@@ -324,16 +320,16 @@ int eDBget_uid(eurephiaCTX *ctx, const int certid, const char *username)
dbresult *res = NULL;
int ret = 0;
- DEBUG(ctx, 10, "Function call: eDBget_uid(ctx, %i, '%s')", certid, username);
+ DEBUG(ctx, 20, "Function call: eDBget_uid(ctx, %i, '%s')", certid, username);
- res = sqlite_query(ctx,
+ res = sqlite_query(ctx,
"SELECT uid "
" FROM openvpn_usercerts "
" JOIN openvpn_users USING (uid) "
" WHERE certid = '%i' AND username = '%q'",
certid, username);
if( (res == NULL) || (sqlite_get_numtuples(res) != 1) ) {
- eurephia_log(ctx, LOG_CRITICAL, 0, "Could not lookup userid for user '%s'", username);
+ eurephia_log(ctx, LOG_FATAL, 0, "Could not lookup userid for user '%s'", username);
ret = -1;
} else {
ret = atoi_nullsafe(sqlite_get_value(res, 0, 0));
@@ -351,10 +347,10 @@ int eDBblacklist_check(eurephiaCTX *ctx, const int type, const char *val)
int atpexceed = -1, blacklisted = 0;
char *atpid = NULL, *blid = NULL;
- DEBUG(ctx, 10, "Function call: eDBblacklist_check(ctx, '%s', '%s')",
+ DEBUG(ctx, 20, "Function call: eDBblacklist_check(ctx, '%s', '%s')",
eDBattempt_types[type].descr, val);
- blr = sqlite_query(ctx, "SELECT blid FROM openvpn_blacklist WHERE %s = '%q'",
+ blr = sqlite_query(ctx, "SELECT blid FROM openvpn_blacklist WHERE %s = '%q'",
eDBattempt_types[type].colname, val);
if( blr != NULL ) {
blid = strdup_nullsafe(sqlite_get_value(blr, 0, 0));
@@ -362,21 +358,21 @@ int eDBblacklist_check(eurephiaCTX *ctx, const int type, const char *val)
blr = NULL;
if( blid != NULL ) {
- eurephia_log(ctx, LOG_WARNING, 1, "Attempt from blacklisted %s: %s",
+ eurephia_log(ctx, LOG_WARNING, 0, "Attempt from blacklisted %s: %s",
eDBattempt_types[type].descr, val);
blacklisted = 1; // [type] is blacklisted
}
// Update attempt information
update_attempts(ctx, blid);
} else {
- eurephia_log(ctx, LOG_CRITICAL, 0, "Quering openvpn_blacklist for blacklisted %s",
+ eurephia_log(ctx, LOG_FATAL, 0, "Quering openvpn_blacklist for blacklisted %s failed",
eDBattempt_types[type].descr);
}
if( blacklisted == 0 ) {
// Check if this [type] has been attempted earlier - if it has reaced the maximum
// attempt limit, blacklist it
- atpr = sqlite_query(ctx,
+ atpr = sqlite_query(ctx,
"SELECT atpid, attempts >= %q FROM openvpn_attempts WHERE %s = '%q'",
eGet_value(ctx->dbc->config, eDBattempt_types[type].allow_cfg),
eDBattempt_types[type].colname, val);
@@ -389,14 +385,14 @@ int eDBblacklist_check(eurephiaCTX *ctx, const int type, const char *val)
// If [type] has reached attempt limit and it is not black listed, black list it
if( (atpexceed > 0) && (blid == NULL) ) {
eurephia_log(ctx, LOG_WARNING, 0,
- "%s got BLACKLISTED due to too many failed attempts: %s",
+ "%s got BLACKLISTED due to too many failed attempts: %s",
eDBattempt_types[type].descr, val);
blr = sqlite_query(ctx,
- "INSERT INTO openvpn_blacklist (%s) VALUES ('%q')",
+ "INSERT INTO openvpn_blacklist (%s) VALUES ('%q')",
eDBattempt_types[type].colname, val);
if( blr == NULL ) {
- eurephia_log(ctx, LOG_CRITICAL, 0,
- "Could not blacklist %s (%s)",
+ eurephia_log(ctx, LOG_CRITICAL, 0,
+ "Could not blacklist %s (%s)",
eDBattempt_types[type].descr, val);
}
sqlite_free_results(blr);
@@ -411,7 +407,7 @@ int eDBblacklist_check(eurephiaCTX *ctx, const int type, const char *val)
}
free_nullsafe(blid);
- DEBUG(ctx, 10, "Result - function call: eDBblacklist_check(ctx, '%s', '%s') - %i",
+ DEBUG(ctx, 20, "Result - function call: eDBblacklist_check(ctx, '%s', '%s') - %i",
eDBattempt_types[type].descr, val, blacklisted);
return blacklisted;
@@ -423,7 +419,7 @@ void eDBregister_attempt(eurephiaCTX *ctx, int type, int mode, const char *value
char *id = NULL, *atmpt_block = NULL, *blid = NULL;
int attempts = 0;
- DEBUG(ctx, 10, "Function call: eDBregister_attempt(ctx, %s, %s, '%s')",
+ DEBUG(ctx, 20, "Function call: eDBregister_attempt(ctx, %s, %s, '%s')",
eDBattempt_types[type].colname,
(mode == ATTEMPT_RESET ? "ATTEMPT_RESET" : "ATTEMPT_REGISTER"),
value);
@@ -440,7 +436,7 @@ void eDBregister_attempt(eurephiaCTX *ctx, int type, int mode, const char *value
eDBattempt_types[type].colname,
eDBattempt_types[type].colname, value);
if( res == NULL ) {
- eurephia_log(ctx, LOG_CRITICAL, 0, "Could not look up atpid in openvpn_attempts");
+ eurephia_log(ctx, LOG_FATAL, 0, "Could not look up atpid in openvpn_attempts");
return;
}
@@ -511,11 +507,11 @@ int eDBregister_login(eurephiaCTX *ctx, eurephiaSESSION *skey, const int certid,
{
dbresult *res = NULL;
- DEBUG(ctx, 10, "Function call: eDBregister_login(ctx, '%s', %i, %i, '%s','%s','%s','%s','%s')",
+ DEBUG(ctx, 20, "Function call: eDBregister_login(ctx, '%s', %i, %i, '%s','%s','%s','%s','%s')",
skey->sessionkey, certid, uid, proto, remipaddr, remport, vpnipaddr, vpnipmask);
if( skey->sessionstatus != SESSION_NEW ) {
- eurephia_log(ctx, LOG_WARNING, 10, "Not a new session, will not register it again");
+ eurephia_log(ctx, LOG_ERROR, 5, "Not a new session, will not register it again");
return 1;
}
@@ -527,7 +523,7 @@ int eDBregister_login(eurephiaCTX *ctx, eurephiaSESSION *skey, const int certid,
"VALUES (%i, %i, '%q','%q','%q','%q','%q', 1,'%q', CURRENT_TIMESTAMP)",
uid, certid, proto, remipaddr, remport, vpnipaddr, vpnipmask, skey->sessionkey);
if( res == NULL ) {
- eurephia_log(ctx, LOG_CRITICAL, 0, "Could not insert new session into openvpn_lastlog");
+ eurephia_log(ctx, LOG_FATAL, 0, "Could not insert new session into openvpn_lastlog");
return 0;
}
sqlite_free_results(res);
@@ -540,11 +536,11 @@ int eDBregister_vpnmacaddr(eurephiaCTX *ctx, eurephiaSESSION *session, const cha
{
dbresult *res = NULL;
- DEBUG(ctx, 10, "Function call: eDBregister_vpnmacaddr(ctx, '%s', '%s')",
+ DEBUG(ctx, 20, "Function call: eDBregister_vpnmacaddr(ctx, '%s', '%s')",
session->sessionkey, macaddr);
if( macaddr == NULL ) {
- eurephia_log(ctx, LOG_CRITICAL, 0, "No MAC address was given to save");
+ eurephia_log(ctx, LOG_FATAL, 0, "No MAC address was given to save");
return 0;
}
@@ -552,7 +548,7 @@ int eDBregister_vpnmacaddr(eurephiaCTX *ctx, eurephiaSESSION *session, const cha
res = sqlite_query(ctx, "INSERT INTO openvpn_macaddr_history (sessionkey, macaddr) VALUES ('%q','%q')",
session->sessionkey, macaddr);
if( res == NULL ) {
- eurephia_log(ctx, LOG_CRITICAL, 0, "Failed to log new MAC address for session");
+ eurephia_log(ctx, LOG_FATAL, 0, "Failed to log new MAC address for session");
return 0;
}
sqlite_free_results(res);
@@ -562,7 +558,7 @@ int eDBregister_vpnmacaddr(eurephiaCTX *ctx, eurephiaSESSION *session, const cha
"UPDATE openvpn_lastlog SET sessionstatus = 2, macaddr = '%q' "
" WHERE sessionkey = '%q' AND sessionstatus = 1", macaddr, session->sessionkey);
if( res == NULL ) {
- eurephia_log(ctx, LOG_CRITICAL, 0, "Could not update lastlog with new MAC address for session");
+ eurephia_log(ctx, LOG_FATAL, 0, "Could not update lastlog with new MAC address for session");
return 0;
}
@@ -570,7 +566,7 @@ int eDBregister_vpnmacaddr(eurephiaCTX *ctx, eurephiaSESSION *session, const cha
// Save the MAC address in the session values register - needed for the destroy session
if( eDBset_session_value(ctx, session, "macaddr", macaddr) == 0 ) {
- eurephia_log(ctx, LOG_CRITICAL, 0, "Could not save MAC address into session variables");
+ eurephia_log(ctx, LOG_FATAL, 0, "Could not save MAC address into session variables");
return 0;
}
@@ -584,7 +580,7 @@ int eDBregister_logout(eurephiaCTX *ctx, eurephiaSESSION *skey,
{
dbresult *res = NULL;
- DEBUG(ctx, 10, "Function call: eDBregister_logout(ctx, '%s', %s, %s)",
+ DEBUG(ctx, 20, "Function call: eDBregister_logout(ctx, '%s', %s, %s)",
skey->sessionkey, bytes_sent, bytes_received);
res = sqlite_query(ctx,
@@ -595,7 +591,7 @@ int eDBregister_logout(eurephiaCTX *ctx, eurephiaSESSION *skey,
atoi_nullsafe(bytes_sent), atoi_nullsafe(bytes_received),
atoi_nullsafe(duration), skey->sessionkey);
if( res == NULL ) {
- eurephia_log(ctx, LOG_CRITICAL, 0, "Could not update lastlog with logout information (%s)",
+ eurephia_log(ctx, LOG_FATAL, 0, "Could not update lastlog with logout information (%s)",
skey->sessionkey);
return 0;
}
@@ -611,10 +607,10 @@ char *eDBget_sessionkey_seed(eurephiaCTX *ctx, const char *sessionseed) {
dbresult *res = NULL;
char *skey = NULL;
- DEBUG(ctx, 10, "eDBget_sessionkey(ctx, '%s')", sessionseed);
+ DEBUG(ctx, 20, "eDBget_sessionkey(ctx, '%s')", sessionseed);
if( sessionseed == NULL ) {
- eurephia_log(ctx, LOG_CRITICAL, 1,
+ eurephia_log(ctx, LOG_FATAL, 1,
"eDBget_sessionkey: No session seed given - cannot locate sessionkey");
return NULL;
}
@@ -626,7 +622,7 @@ char *eDBget_sessionkey_seed(eurephiaCTX *ctx, const char *sessionseed) {
" AND sessionseed = '%q'",
sessionseed);
if( res == NULL ) {
- eurephia_log(ctx, LOG_CRITICAL, 0,"Could not retrieve sessionkey from openvpn_sessionkeys (%s)",
+ eurephia_log(ctx, LOG_FATAL, 0,"Could not retrieve sessionkey from openvpn_sessionkeys (%s)",
sessionseed);
return NULL;
}
@@ -649,10 +645,10 @@ char *eDBget_sessionkey_macaddr(eurephiaCTX *ctx, const char *macaddr) {
" FROM openvpn_sessions "
" JOIN openvpn_lastlog USING (sessionkey)"
" WHERE sessionstatus = 3 "
- " AND datakey = 'macaddr' "
+ " AND datakey = 'macaddr'"
" AND dataval = '%q'", macaddr);
if( res == NULL ) {
- eurephia_log(ctx, LOG_CRITICAL, 0,
+ eurephia_log(ctx, LOG_FATAL, 0,
"Could not remove session from database (MAC addr: %s)", macaddr);
return 0;
}
@@ -668,16 +664,18 @@ int eDBcheck_sessionkey_uniqueness(eurephiaCTX *ctx, const char *seskey) {
dbresult *res;
int uniq = 0;
- DEBUG(ctx, 10, "eDBcheck_sessionkey_uniqueness(ctx, '%s')", seskey);
+ DEBUG(ctx, 20, "eDBcheck_sessionkey_uniqueness(ctx, '%s')", seskey);
if( seskey == NULL ) {
- eurephia_log(ctx, LOG_CRITICAL, 1,
+ eurephia_log(ctx, LOG_FATAL, 1,
"eDBcheck_sessionkey_uniqness: Invalid session key given");
return 0;
}
- res = sqlite_query(ctx, "SELECT count(sessionkey) = 0 FROM openvpn_lastlog WHERE sessionkey = '%q'", seskey);
+ res = sqlite_query(ctx,
+ "SELECT count(sessionkey) = 0 "
+ "FROM openvpn_lastlog WHERE sessionkey = '%q'", seskey);
if( res == NULL ) {
- eurephia_log(ctx, LOG_CRITICAL, 0,
+ eurephia_log(ctx, LOG_FATAL, 0,
"eDBcheck_sessionkey_uniqness: Could not check uniqueness of sessionkey");
return 0;
}
@@ -691,18 +689,18 @@ int eDBcheck_sessionkey_uniqueness(eurephiaCTX *ctx, const char *seskey) {
int eDBregister_sessionkey(eurephiaCTX *ctx, const char *seed, const char *seskey) {
dbresult *res;
- DEBUG(ctx, 10, "eDBregister_sessionkey(ctx, '%s', '%s')", seed, seskey);
+ DEBUG(ctx, 20, "eDBregister_sessionkey(ctx, '%s', '%s')", seed, seskey);
if( (seed == NULL) || (seskey == NULL) ) {
- eurephia_log(ctx, LOG_CRITICAL, 1,
+ eurephia_log(ctx, LOG_FATAL, 1,
"eDBregister_sessionkey: Invalid session seed or session key given");
return 0;
}
- res = sqlite_query(ctx,
+ res = sqlite_query(ctx,
"INSERT INTO openvpn_sessionkeys (sessionseed, sessionkey) VALUES('%q','%q')",
seed, seskey);
if( res == NULL ) {
- eurephia_log(ctx, LOG_CRITICAL, 0,
+ eurephia_log(ctx, LOG_FATAL, 0,
"eDBregister_sessionkey: Error registering sessionkey into openvpn_sessionkeys");
return 0;
}
@@ -714,16 +712,16 @@ int eDBregister_sessionkey(eurephiaCTX *ctx, const char *seed, const char *seske
int eDBremove_sessionkey(eurephiaCTX *ctx, const char *seskey) {
dbresult *res;
- DEBUG(ctx, 10, "eDBremove_sessionkey(ctx, '%s')", seskey);
+ DEBUG(ctx, 20, "eDBremove_sessionkey(ctx, '%s')", seskey);
if( seskey == NULL ) {
- eurephia_log(ctx, LOG_CRITICAL, 1,
+ eurephia_log(ctx, LOG_FATAL, 1,
"eDBremove_sessionkey: Invalid session key given");
return 0;
}
res = sqlite_query(ctx, "DELETE FROM openvpn_sessionkeys WHERE sessionkey = '%q'", seskey);
if( res == NULL ) {
- eurephia_log(ctx, LOG_CRITICAL, 0,
+ eurephia_log(ctx, LOG_FATAL, 0,
"eDBremove_sessionkey: Error removing sessionkey from openvpn_sessionkeys");
return 0;
}
@@ -741,11 +739,11 @@ eurephiaVALUES *eDBload_sessiondata(eurephiaCTX *ctx, const char *sesskey) {
return NULL;
}
- DEBUG(ctx, 10, "Function call: eDBload_sessiondata(ctx, '%s')", sesskey);
+ DEBUG(ctx, 20, "Function call: eDBload_sessiondata(ctx, '%s')", sesskey);
sessvals = eCreate_value_space(ctx, 10);
- res = sqlite_query(ctx, "SELECT datakey, dataval FROM openvpn_sessions WHERE sessionkey = '%q'",
+ res = sqlite_query(ctx, "SELECT datakey, dataval FROM openvpn_sessions WHERE sessionkey = '%q'",
sesskey);
if( (res != NULL) || (sqlite_get_numtuples(res) > 0) ) {
for( i = 0; i < sqlite_get_numtuples(res); i++ ) {
@@ -754,7 +752,7 @@ eurephiaVALUES *eDBload_sessiondata(eurephiaCTX *ctx, const char *sesskey) {
sqlite_get_value(res, i, 1));
}
} else {
- eurephia_log(ctx, LOG_CRITICAL, 0,
+ eurephia_log(ctx, LOG_CRITICAL, 0,
"Could not load session values for session '%s'", sesskey);
}
@@ -769,21 +767,21 @@ int eDBstore_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, int mode,
dbresult *res = NULL;
if( session == NULL ) {
- DEBUG(ctx, 10,
+ DEBUG(ctx, 20,
"Function call failed to eDBstore_session_value(ctx, ...): Non-existing session key");
return 0;
}
- DEBUG(ctx, 10, "Function call: eDBstore_session_value(ctx, '%s', %i, '%s', '%s')",
+ DEBUG(ctx, 20, "Function call: eDBstore_session_value(ctx, '%s', %i, '%s', '%s')",
session->sessionkey, mode, key, val);
switch( mode ) {
case SESSVAL_NEW:
- res = sqlite_query(ctx,
+ res = sqlite_query(ctx,
"INSERT INTO openvpn_sessions (sessionkey, datakey, dataval) "
"VALUES ('%q','%q','%q')", session->sessionkey, key, val);
if( res == NULL ) {
- eurephia_log(ctx, LOG_CRITICAL, 0,
+ eurephia_log(ctx, LOG_FATAL, 0,
"Could not register new session variable into database: [%s] %s = %s",
session->sessionkey, key, val);
return 0;
@@ -791,21 +789,24 @@ int eDBstore_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, int mode,
break;
case SESSVAL_UPDATE:
- res = sqlite_query(ctx,
+ res = sqlite_query(ctx,
"UPDATE openvpn_sessions SET dataval = '%q' "
- " WHERE sessionkey = '%q' AND datakey = '%q'", val, session->sessionkey, key);
+ " WHERE sessionkey = '%q' AND datakey = '%q'",
+ val, session->sessionkey, key);
if( res == NULL ) {
- eurephia_log(ctx, LOG_CRITICAL, 0, "Could not update session variable: [%s] %s = %s ",
+ eurephia_log(ctx, LOG_FATAL, 0, "Could not update session variable: [%s] %s = %s ",
session->sessionkey, key, val);
return 0;
}
break;
case SESSVAL_DELETE:
- res = sqlite_query(ctx, "DELETE FROM openvpn_sessions WHERE sessionkey = '%q' AND datakey = '%q'",
- session->sessionkey, key);
+ res = sqlite_query(ctx,
+ "DELETE FROM openvpn_sessions "
+ " WHERE sessionkey = '%q' AND datakey = '%q'",
+ session->sessionkey, key);
if( res == NULL ) {
- eurephia_log(ctx, LOG_CRITICAL, 0, "Could not delete session variable: [%s] %s",
+ eurephia_log(ctx, LOG_FATAL, 0, "Could not delete session variable: [%s] %s",
session->sessionkey, key);
return 0;
}
@@ -813,7 +814,7 @@ int eDBstore_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, int mode,
default:
eurephia_log(ctx, LOG_FATAL, 0, "Unknown eDBstore_session_value mode '%i'", mode);
- return 1;
+ return 0;
}
sqlite_free_results(res);
return 1;
@@ -824,20 +825,20 @@ int eDBstore_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, int mode,
int eDBdestroy_session(eurephiaCTX *ctx, eurephiaSESSION *session) {
dbresult *res = NULL;
- DEBUG(ctx, 10, "Function call: eDBdestroy_session(ctx, '%s')", session->sessionkey);
+ DEBUG(ctx, 20, "Function call: eDBdestroy_session(ctx, '%s')", session->sessionkey);
if( (session == NULL) || (session->sessionkey == NULL) ) {
- eurephia_log(ctx, LOG_ERROR, 1, "No active session given to be destroyed");
+ eurephia_log(ctx, LOG_WARNING, 1, "No active session given to be destroyed");
return 1;
}
// Update session status
- res = sqlite_query(ctx,
+ res = sqlite_query(ctx,
"UPDATE openvpn_lastlog "
" SET sessionstatus = 4, session_deleted = CURRENT_TIMESTAMP "
" WHERE sessionkey = '%q' AND sessionstatus = 3", session->sessionkey);
if( res == NULL ) {
- eurephia_log(ctx, LOG_CRITICAL, 0,
+ eurephia_log(ctx, LOG_FATAL, 0,
"Could not update session status in lastlog (%s))", session->sessionkey);
return 0;
}
@@ -846,7 +847,7 @@ int eDBdestroy_session(eurephiaCTX *ctx, eurephiaSESSION *session) {
// Delete session variables
res = sqlite_query(ctx, "DELETE FROM openvpn_sessions WHERE sessionkey = '%q'", session->sessionkey);
if( res == NULL ) {
- eurephia_log(ctx, LOG_CRITICAL, 0,
+ eurephia_log(ctx, LOG_FATAL, 0,
"Could not delete session variables (%s))", session->sessionkey);
return 0;
}
@@ -865,17 +866,17 @@ char *eDBget_firewall_profile(eurephiaCTX *ctx, eurephiaSESSION *session)
char *ret = NULL;
dbresult *res = NULL;
- DEBUG(ctx, 10, "Function call: eDBget_firewall_profile(ctx, {session}'%s')",
+ DEBUG(ctx, 20, "Function call: eDBget_firewall_profile(ctx, {session}'%s')",
session->sessionkey);
- res = sqlite_query(ctx,
+ res = sqlite_query(ctx,
"SELECT fw_profile "
" FROM openvpn_lastlog "
" JOIN openvpn_usercerts USING(certid, uid)"
" JOIN openvpn_accesses USING(accessprofile)"
" WHERE sessionkey = '%q'", session->sessionkey);
if( res == NULL ) {
- eurephia_log(ctx, LOG_CRITICAL, 0, "Could not retrieve firewall profile for session '%s'",
+ eurephia_log(ctx, LOG_FATAL, 0, "Could not retrieve firewall profile for session '%s'",
session->sessionkey);
return NULL;
}
@@ -883,4 +884,3 @@ char *eDBget_firewall_profile(eurephiaCTX *ctx, eurephiaSESSION *session)
sqlite_free_results(res);
return ret;
}
-
diff --git a/database/sqlite/sqlite.c b/database/sqlite/sqlite.c
index 1a97793..85b41de 100644
--- a/database/sqlite/sqlite.c
+++ b/database/sqlite/sqlite.c
@@ -218,7 +218,7 @@ dbresult *sqlite_query(eurephiaCTX *ctx, char *fmt, ... ) {
sql = sqlite3_vmprintf(fmt, ap);
va_end(ap);
- DEBUG(ctx, 11, "Doing SQL Query: %s", sql);
+ DEBUG(ctx, 25, "Doing SQL Query: %s", sql);
rc = sqlite3_exec( (sqlite3 *) dbc->dbhandle, sql, _cb_parse_result, 0, &errMsg );
if( rc != SQLITE_OK ) {
eurephia_log(ctx, LOG_ERROR, 0, "SQL Error: %s", errMsg);
diff --git a/eurephia.c b/eurephia.c
index 7eeb175..82aa183 100644
--- a/eurephia.c
+++ b/eurephia.c
@@ -59,7 +59,7 @@ const char *get_env(eurephiaCTX *ctx, int logmasking, const char *envp[], const
do_mask = logmasking;
#endif
if( ctx != NULL ) {
- DEBUG(ctx, 23, "Function call: get_env(envp, '%s') == '%s'",
+ DEBUG(ctx, 30, "Function call: get_env(envp, '%s') == '%s'",
key, (do_mask == 0 ? cp + 1 : "xxxxxxxxxxxxxx"));
}
#endif
@@ -69,7 +69,7 @@ const char *get_env(eurephiaCTX *ctx, int logmasking, const char *envp[], const
}
}
if( ctx != NULL ) {
- DEBUG(ctx, 23, "Function call: get_env(envp, '%s') -- environment variable not found",
+ DEBUG(ctx, 15, "Function call: get_env(envp, '%s') -- environment variable not found",
key);
}
va_end(ap);
@@ -194,7 +194,7 @@ eurephiaCTX *eurephiaInit(const char **argv)
eurephia_log(ctx, LOG_INFO, 0, "Loaded firewall interface: %s", fwintf);
eFW_StartFirewall(ctx);
} else {
- eurephia_log(ctx, LOG_INFO, 0, "Loading of firewall interface failed (%s)", fwintf);
+ eurephia_log(ctx, LOG_FATAL, 0, "Loading of firewall interface failed (%s)", fwintf);
ctx->eurephia_fw_intf = NULL;
}
} else {
@@ -251,7 +251,7 @@ int eurephia_tlsverify(eurephiaCTX *ctx, const char **env, const char *depth)
char *tls_digest, *tls_id;
certinfo *ci = NULL;
- DEBUG(ctx, 21, "** Function call: eurephia_tlsverify(...)");
+ DEBUG(ctx, 10, "** Function call: eurephia_tlsverify(...)");
// Check if IP address is blacklisted
ipaddr = (char *) get_env(ctx, 0, env, "untrusted_ip");
@@ -282,7 +282,7 @@ int eurephia_tlsverify(eurephiaCTX *ctx, const char **env, const char *depth)
// Reset attempt counter for certificate if it is okey
eDBregister_attempt(ctx, attempt_CERTIFICATE, ATTEMPT_RESET, tls_digest);
}
- DEBUG(ctx, 21, "** Function result: eurephia_tlsverify(...) == %i", result > 0);
+ DEBUG(ctx, 10, "** Function result: eurephia_tlsverify(...) == %i", result > 0);
return (result > 0);
}
@@ -295,7 +295,7 @@ int eurephia_userauth(eurephiaCTX *ctx, const char **env)
char *tls_digest, *tls_id, *username, *passwd;
certinfo *ci = NULL;
- DEBUG(ctx, 21, "** Function call: eurephia_userauth(...)");
+ DEBUG(ctx, 10, "** Function call: eurephia_userauth(...)");
// Check if IP address is blacklisted
@@ -351,7 +351,7 @@ int eurephia_userauth(eurephiaCTX *ctx, const char **env)
eDBregister_attempt(ctx, attempt_CERTIFICATE, ATTEMPT_RESET, tls_digest);
eDBregister_attempt(ctx, attempt_USERNAME, ATTEMPT_RESET, username);
}
- DEBUG(ctx, 21, "** Function result: eurephia_userauth(...) = %i", (result>0));
+ DEBUG(ctx, 10, "** Function result: eurephia_userauth(...) = %i", (result>0));
return (result > 0);
}
@@ -362,7 +362,7 @@ int eurephia_connect(eurephiaCTX *ctx, const char **env) {
int certid = 0, uid = 0, ret = 0;
certinfo *ci = NULL;
- DEBUG(ctx, 21, "** Function call: eurephia_connect(...)");
+ DEBUG(ctx, 10, "** Function call: eurephia_connect(...)");
// Fetch needed info
digest = get_env(ctx, 0, env, "tls_digest_0");
@@ -396,7 +396,7 @@ int eurephia_connect(eurephiaCTX *ctx, const char **env) {
ret = eDBregister_login(ctx, session, certid, uid, proto, remipaddr, remport, vpnipaddr, vpnipmask);
eDBfree_session(ctx, session);
- DEBUG(ctx, 21, "** Function result: eurephia_connect(...) = %i", ret);
+ DEBUG(ctx, 10, "** Function result: eurephia_connect(...) = %i", ret);
return ret;
}
@@ -407,7 +407,7 @@ int eurephia_disconnect(eurephiaCTX *ctx, const char **env) {
const char *bytes_sent, *bytes_rec, *duration;
int ret = 0;
- DEBUG(ctx, 21, "** Function call: eurephia_disconnect(...)");
+ DEBUG(ctx, 10, "** Function call: eurephia_disconnect(...)");
// Fetch needed info
digest = get_env(ctx, 0, env, "tls_digest_0");
@@ -431,7 +431,7 @@ int eurephia_disconnect(eurephiaCTX *ctx, const char **env) {
ret = eDBregister_logout(ctx, session, bytes_sent, bytes_rec, duration);
eDBfree_session(ctx, session);
- DEBUG(ctx, 21, "** Function result: eurephia_disconnect(...) = %i", ret);
+ DEBUG(ctx, 10, "** Function result: eurephia_disconnect(...) = %i", ret);
return ret;
}
@@ -442,14 +442,14 @@ int eurephia_learn_address(eurephiaCTX *ctx, const char *mode, const char *macad
char *fwprofile = NULL, *fwdest = NULL;
int ret = 0, fw_enabled = 0;
- DEBUG(ctx, 21, "** Function call: eurephia_learn_address(ctx, '%s', '%s', ...)",
+ DEBUG(ctx, 10, "** Function call: eurephia_learn_address(ctx, '%s', '%s', ...)",
mode, macaddr);
// Get firewall information
fw_enabled = (eGet_value(ctx->dbc->config, "firewall_interface") != NULL);
fwdest = eGet_value(ctx->dbc->config, "firewall_destination");
if( fw_enabled && (fwdest == NULL) ) {
- eurephia_log(ctx, LOG_WARNING, 0, "No firewall destination defined in the config.");
+ eurephia_log(ctx, LOG_CRITICAL, 0, "No firewall destination defined in the config.");
}
if( strncmp(mode, "add", 3) == 0 ) {
@@ -508,7 +508,7 @@ int eurephia_learn_address(eurephiaCTX *ctx, const char *mode, const char *macad
}
exit:
- DEBUG(ctx, 21, "** Function result: eurephia_learn_address(ctx, '%s', '%s', ...) = %i",
+ DEBUG(ctx, 10, "** Function result: eurephia_learn_address(ctx, '%s', '%s', ...) = %i",
mode, macaddr, ret);
return ret;
diff --git a/eurephia_getsym.c b/eurephia_getsym.c
index fdf4cdc..e12221f 100644
--- a/eurephia_getsym.c
+++ b/eurephia_getsym.c
@@ -33,10 +33,10 @@ void *eGetSym(eurephiaCTX *ctx, void *dlh, const char *symnam)
return NULL;
}
- DEBUG(ctx, 13, "Locating eDBlink function '%s'", symnam);
+ DEBUG(ctx, 30, "Locating eDBlink function '%s'", symnam);
func = dlsym(dlh, symnam);
if( func == NULL ) {
- eurephia_log(ctx, LOG_ERROR, 1, "Could not find needed '%s' function in eDBlink driver", symnam);
+ eurephia_log(ctx, LOG_PANIC, 0, "Could not find needed '%s' function in eDBlink driver", symnam);
ctx->fatal_error = 1;
}
return func;
diff --git a/eurephia_values.c b/eurephia_values.c
index 604ed3d..0b47374 100644
--- a/eurephia_values.c
+++ b/eurephia_values.c
@@ -57,11 +57,11 @@ eurephiaVALUES *eCreate_value_space(eurephiaCTX *ctx, int evgid)
{
eurephiaVALUES *ptr = NULL;
- DEBUG(ctx, 12, "Function call: eCreate_value_space(ctx, %i)", evgid);
+ DEBUG(ctx, 32, "Function call: eCreate_value_space(ctx, %i)", evgid);
ptr = (eurephiaVALUES *) malloc(sizeof(eurephiaVALUES) + 2);
if( ptr == NULL ) {
- eurephia_log(ctx, LOG_FATAL, 0, "Could not allocate memory for a new eurephiaVALUE struct");
+ eurephia_log(ctx, LOG_PANIC, 0, "Could not allocate memory for a new eurephiaVALUE struct");
return NULL;
}
memset(ptr, 0, sizeof(eurephiaVALUES) + 2);
@@ -75,7 +75,7 @@ void eAdd_value(eurephiaCTX *ctx, eurephiaVALUES *vls, const char *key, const ch
eurephiaVALUES *ptr = NULL, *ptr2 = NULL;
int vid = 0;
- DEBUG(ctx, 12, "Function call: eAdd_value(ctx, vls(%i), '%s', '%s')",
+ DEBUG(ctx, 31, "Function call: eAdd_value(ctx, vls(%i), '%s', '%s')",
(vls != NULL ? vls->evid : -1), key, val);
// Allocate buffer and safe values
@@ -109,7 +109,7 @@ void do_free_vals(eurephiaVALUES *vls) {
}
void eFree_values_func(eurephiaCTX *ctx, eurephiaVALUES *vls) {
- DEBUG(ctx, 12, "Function call: eFree_values(ctx, vls(%i))",
+ DEBUG(ctx, 31, "Function call: eFree_values(ctx, vls(%i))",
(vls != NULL ? vls->evid : -1));
if( (vls == NULL) ) {
diff --git a/eurephiadb.c b/eurephiadb.c
index 3e895b3..6bc63cc 100644
--- a/eurephiadb.c
+++ b/eurephiadb.c
@@ -41,7 +41,7 @@ int eDBlink_close(eurephiaCTX *ctx)
return 1;
}
- DEBUG(ctx, 2, "Unloading eurephiaDB driver");
+ eurephia_log(ctx, LOG_INFO, 3, "Unloading eurephiaDB driver");
if( ctx->eurephia_driver != NULL ) {
dlclose(ctx->eurephia_driver);
ctx->eurephia_driver = NULL;
diff --git a/eurephiadb_session.c b/eurephiadb_session.c
index 1c9b831..927f3ff 100644
--- a/eurephiadb_session.c
+++ b/eurephiadb_session.c
@@ -58,14 +58,14 @@ int eDBset_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, const char
return 0;
}
- DEBUG(ctx, 10, "Function call: eDBset_session_value(ctx, '%s','%s','%s')",
+ DEBUG(ctx, 30, "Function call: eDBset_session_value(ctx, '%s','%s','%s')",
session->sessionkey, key, val);
// Create a new session value buffer if it does not exist
if( session->sessvals == NULL ) {
session->sessvals = eCreate_value_space(ctx, 10);
if( session->sessvals == NULL ) {
- eurephia_log(ctx, LOG_FATAL, 0, "Could not allocate memory for session values");
+ eurephia_log(ctx, LOG_PANIC, 0, "Could not allocate memory for session values");
return 0;
}
}
@@ -73,20 +73,20 @@ int eDBset_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, const char
// Check if the session value exists already. If it does update it, or else add it
svals = eGet_valuestruct(session->sessvals, key);
if( (svals == NULL) && (val != NULL) ) {
- DEBUG(ctx, 23, "eDBset_session_value ... New session value: %s = '%s'", key, val);
+ DEBUG(ctx, 32, "eDBset_session_value ... New session value: %s = '%s'", key, val);
// Add a new session value
if( eDBstore_session_value(ctx, session, SESSVAL_NEW, key, val) ) {
- DEBUG(ctx, 23, "eDBset_session_value ... Adding value to value stack: %s = '%s'",
+ DEBUG(ctx, 32, "eDBset_session_value ... Adding value to value stack: %s = '%s'",
key, val);
// Add value to the stack
eAdd_value(ctx, session->sessvals, key, val);
- DEBUG(ctx, 11, "Registered session variable to session '%s': %s = %s",
+ DEBUG(ctx, 32, "Registered session variable to session '%s': %s = %s",
session->sessionkey, key, val);
}
} else if( svals != NULL ) {
if( (val != NULL) && (strcmp(svals->val, val) == 0) ) {
- DEBUG(ctx, 11, "Session value not changed('%s','%s','%s)",
+ DEBUG(ctx, 32, "Session value not changed('%s','%s','%s)",
session->sessionkey, key, val);
return 1;
}
@@ -94,11 +94,11 @@ int eDBset_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, const char
if( eDBstore_session_value(ctx, session,(val != NULL ? SESSVAL_UPDATE : SESSVAL_DELETE), key,val)){
free_nullsafe(svals->val);
svals->val = strdup_nullsafe(val);
- DEBUG(ctx, 11, "Session variable updated in session '%s': %s = %s",
+ DEBUG(ctx, 32, "Session variable updated in session '%s': %s = %s",
session->sessionkey, key, val);
}
} else if( (svals == NULL) && (val == NULL ) ) {
- DEBUG(ctx, 11, "Ignoring saving new session value '%s' == NULL", key);
+ DEBUG(ctx, 32, "Ignoring saving new session value '%s' == NULL", key);
}
return 1;
}
@@ -111,7 +111,7 @@ int get_randstring(eurephiaCTX *ctx, char *rndstr, int len) {
do {
if( !rand_init ) {
if( !RAND_load_file("/dev/urandom", 64) ) {
- DEBUG(ctx, 5, "Could not load random data from /dev/urandom");
+ eurehpia_log(ctx, LOG_FATAL, 0, "Could not load random data from /dev/urandom");
return 0;
}
rand_init = 1;
@@ -123,7 +123,7 @@ int get_randstring(eurephiaCTX *ctx, char *rndstr, int len) {
sleep(1);
rand_init = 0;
} while( attempts++ < 11 );
- DEBUG(ctx, 5, "RAND_pseudo_bytes() could not generate enough random data");
+ eurephia_log(ctx, LOG_FATAL, 0, "RAND_pseudo_bytes() could not generate enough random data");
return 0;
}
@@ -142,12 +142,12 @@ eurephiaSESSION *eDBopen_session_seed(eurephiaCTX *ctx, const char *digest,
uint8_t sha_res[SHA512_HASH_SIZE];
int totlen = 0, i = 0;
- DEBUG(ctx, 10, "Function call: eDBopen_session_seed(ctx, '%s', '%s', '%s', '%s', '%s', '%s', '%s')",
+ DEBUG(ctx, 12, "Function call: eDBopen_session_seed(ctx, '%s', '%s', '%s', '%s', '%s', '%s', '%s')",
digest, cname, username, vpnipaddr, vpnipmask, remipaddr, remport);
new_session = (eurephiaSESSION *) malloc(sizeof(eurephiaSESSION) + 2);
if( new_session == NULL ) {
- eurephia_log(ctx, LOG_FATAL, 0, "Could not allocate memory for a new session");
+ eurephia_log(ctx, LOG_PANIC, 0, "Could not allocate memory for a new session");
return NULL;
}
memset(new_session, 0, sizeof(eurephiaSESSION) + 2);
@@ -159,7 +159,7 @@ eurephiaSESSION *eDBopen_session_seed(eurephiaCTX *ctx, const char *digest,
seeddata = (char *) malloc((totlen * 2) + 4);
if( seeddata == NULL ) {
- eurephia_log(ctx, LOG_FATAL, 0, "Could not allocate memory for a new session key (1)");
+ eurephia_log(ctx, LOG_PANIC, 0, "Could not allocate memory for a new session key (1)");
free_nullsafe(new_session);
return NULL;
}
@@ -177,7 +177,7 @@ eurephiaSESSION *eDBopen_session_seed(eurephiaCTX *ctx, const char *digest,
seed = (char *) malloc((SHA512_HASH_SIZE*2)+3);
if( seed == NULL ) {
- eurephia_log(ctx, LOG_FATAL, 0, "Could not allocate memory for session seed");
+ eurephia_log(ctx, LOG_PANIC, 0, "Could not allocate memory for session seed");
free_nullsafe(seeddata);
free_nullsafe(new_session);
return NULL;
@@ -192,7 +192,7 @@ eurephiaSESSION *eDBopen_session_seed(eurephiaCTX *ctx, const char *digest,
memset(&sha, 0, sizeof(SHA512Context));
memset(&sha_res, 0, sizeof(sha_res));
- DEBUG(ctx, 12, "Using session seed '%s'", seed);
+ DEBUG(ctx, 13, "Using session seed '%s'", seed);
// Try to retrieve the sessionkey from the database, based on the session seed
new_session->sessionkey = eDBget_sessionkey_seed(ctx, seed);
@@ -203,12 +203,12 @@ eurephiaSESSION *eDBopen_session_seed(eurephiaCTX *ctx, const char *digest,
char *skeydata = NULL;
int loop = 0, uniqcheck = 0;
- DEBUG(ctx, 12, "Unknown session seed, creating new session key");
+ DEBUG(ctx, 13, "Unknown session seed, creating new session key");
// Loop until we get a unique sessionkey - don't loop more than 10 times
skeydata = (char *) malloc((totlen*2)+4);
if( skeydata == NULL ) {
- eurephia_log(ctx, LOG_FATAL, 0, "Could not allocate memory for new session key data");
+ eurephia_log(ctx, LOG_PANIC, 0, "Could not allocate memory for new session key data");
free_nullsafe(new_session->sessionkey);
free_nullsafe(new_session);
free_nullsafe(seeddata);
@@ -223,7 +223,7 @@ eurephiaSESSION *eDBopen_session_seed(eurephiaCTX *ctx, const char *digest,
// Append some random data to our session seed
rndstr = (char *) malloc((totlen * 2));
if( rndstr == NULL ) {
- eurephia_log(ctx, LOG_FATAL, 0,
+ eurephia_log(ctx, LOG_PANIC, 0,
"Could not allocate memory for new session key data (2)");
free_nullsafe(new_session->sessionkey);
free_nullsafe(new_session);
@@ -235,7 +235,7 @@ eurephiaSESSION *eDBopen_session_seed(eurephiaCTX *ctx, const char *digest,
rndlen = ((totlen * 2) - strlen_nullsafe(seed) - 2);
if( !get_randstring(ctx, rndstr, rndlen) ) {
- eurephia_log(ctx, LOG_FATAL, 0,
+ eurephia_log(ctx, LOG_PANIC, 0,
"Could not generate enough random data for session key");
free_nullsafe(new_session->sessionkey);
free_nullsafe(new_session);
@@ -252,7 +252,7 @@ eurephiaSESSION *eDBopen_session_seed(eurephiaCTX *ctx, const char *digest,
free_nullsafe(new_session->sessionkey);
new_session->sessionkey = (char *) malloc((SHA512_HASH_SIZE*2)+3);
if( new_session->sessionkey == NULL ) {
- eurephia_log(ctx, LOG_FATAL, 0,
+ eurephia_log(ctx, LOG_PANIC, 0,
"Could not allocate memory for new session key");
free_nullsafe(new_session);
free_nullsafe(seeddata);
@@ -277,7 +277,7 @@ eurephiaSESSION *eDBopen_session_seed(eurephiaCTX *ctx, const char *digest,
// If we did not manage to create a unique session key (random data collection must have failed!)
if( uniqcheck == 0 ) {
- eurephia_log(ctx, LOG_CRITICAL, 0,
+ eurephia_log(ctx, LOG_FATAL, 0,
"Did not manage to create a unique sessionkey after %i attempts", loop-1);
free_nullsafe(new_session->sessionkey);
free_nullsafe(new_session);
@@ -298,7 +298,7 @@ eurephiaSESSION *eDBopen_session_seed(eurephiaCTX *ctx, const char *digest,
new_session->sessionstatus = SESSION_NEW;
} else {
new_session->sessionstatus = SESSION_EXISTING;
- DEBUG(ctx, 12, "Session seed found, using sessionkey '%s'", new_session->sessionkey);
+ DEBUG(ctx, 13, "Session seed found, using sessionkey '%s'", new_session->sessionkey);
}
free_nullsafe(seed);
free_nullsafe(seeddata);
@@ -314,11 +314,11 @@ eurephiaSESSION *eDBopen_session_seed(eurephiaCTX *ctx, const char *digest,
eurephiaSESSION *eDBopen_session_macaddr(eurephiaCTX *ctx, const char *macaddr) {
eurephiaSESSION *new_session = NULL;
- DEBUG(ctx, 10, "Function call: eDBopen_session_mac(ctx, '%s')", macaddr);
+ DEBUG(ctx, 12, "Function call: eDBopen_session_mac(ctx, '%s')", macaddr);
new_session = (eurephiaSESSION *) malloc(sizeof(eurephiaSESSION) + 2);
if( new_session == NULL ) {
- eurephia_log(ctx, LOG_FATAL, 0, "Could not allocate memory for a new session");
+ eurephia_log(ctx, LOG_PANIC, 0, "Could not allocate memory for a new session");
return NULL;
}
memset(new_session, 0, sizeof(eurephiaSESSION) + 2);
@@ -331,6 +331,7 @@ eurephiaSESSION *eDBopen_session_macaddr(eurephiaCTX *ctx, const char *macaddr)
free_nullsafe(new_session);
return NULL;
}
+ DEBUG(ctx, 13, "Session seed found, using sessionkey '%s'", new_session->sessionkey);
// Load session values from the database
new_session->sessvals = eDBload_sessiondata(ctx, new_session->sessionkey);
@@ -345,10 +346,8 @@ void eDBfree_session_func(eurephiaCTX *ctx, eurephiaSESSION *session) {
if( session == NULL ) {
return;
}
- DEBUG(ctx, 20, "Function call: eDBfree_session(ctx, '%s')", session->sessionkey);
+ DEBUG(ctx, 12, "Function call: eDBfree_session(ctx, '%s')", session->sessionkey);
eFree_values(ctx, session->sessvals);
free_nullsafe(session->sessionkey);
free_nullsafe(session);
}
-
-
diff --git a/eurephiafw.c b/eurephiafw.c
index a84770c..ee4949b 100644
--- a/eurephiafw.c
+++ b/eurephiafw.c
@@ -44,7 +44,7 @@ int eFW_unload(eurephiaCTX *ctx) {
}
if( ctx->eurephia_fw_intf != NULL ) {
- DEBUG(ctx, 2, "Unloading eurephia firewall interface");
+ eurephia_log(ctx, LOG_INFO, 3, "Unloading eurephia firewall interface");
dlclose(ctx->eurephia_fw_intf);
ctx->eurephia_fw_intf = NULL;
return 0;
@@ -116,7 +116,7 @@ void eFW_StartFirewall(eurephiaCTX *ctx) {
(*ctx->fwcfg).thrdata.fw_command = strdup_nullsafe(eGet_value(ctx->dbc->config, "firewall_command"));
if( (*ctx->fwcfg).thrdata.fw_command == NULL) {
- eurephia_log(ctx, LOG_ERROR, 0, "Could not find firewall_command in configuration. "
+ eurephia_log(ctx, LOG_PANIC, 0, "Could not find firewall_command in configuration. "
"Firewall updates will not be available.");
return;
} else {
@@ -126,11 +126,11 @@ void eFW_StartFirewall(eurephiaCTX *ctx) {
fwdest = eGet_value(ctx->dbc->config, "firewall_destination");
if( fwdest == NULL ) {
- eurephia_log(ctx, LOG_ERROR, 0, "Could not find firewall_destination in configuration. "
+ eurephia_log(ctx, LOG_PANIC, 0, "Could not find firewall_destination in configuration. "
"Firewall updates will not be available.");
return;
} else {
- eurephia_log(ctx, LOG_INFO, 1, "Using the %s chain for VPN accesses", fwdest);
+ eurephia_log(ctx, LOG_INFO, 1, "Using '%s' as firewall rule for VPN accesses", fwdest);
}
eurephia_log(ctx, LOG_INFO, 3, "Starting eurephia firewall interface");
@@ -152,7 +152,7 @@ void eFW_StartFirewall(eurephiaCTX *ctx) {
// Start a new process (should run with root permissions) - which will do the firewall work
if( (ctx->fwcfg->fwproc_pid = fork()) < 0 ) {
- eurephia_log(ctx, LOG_FATAL, 0,
+ eurephia_log(ctx, LOG_PANIC, 0,
"Could not fork out a child process for the firewall interface (%s)",
strerror(errno));
return;
@@ -179,13 +179,13 @@ void eFW_StartFirewall(eurephiaCTX *ctx) {
"Error while emptying messages from queue: %s",
strerror(errno));
} else {
- DEBUG(ctx, 22, "Removed message on queue: %s", buf);
+ DEBUG(ctx, 28, "Removed message on queue: %s", buf);
}
}
}
eurephia_log(ctx, LOG_INFO, 3, "Message queue for firewall updates is ready");
} else {
- eurephia_log(ctx, LOG_WARNING, 0, "Could not retrieve message queue attributes (%s)",
+ eurephia_log(ctx, LOG_FATAL, 0, "Could not retrieve message queue attributes (%s)",
strerror(errno));
}
@@ -193,7 +193,7 @@ void eFW_StartFirewall(eurephiaCTX *ctx) {
sem_post(ctx->fwcfg->thrdata.semp_master);
// Waiting for the FW module to get ready
- DEBUG(ctx, 20, "eFW master is ready, waiting for the eFW worker to get ready");
+ DEBUG(ctx, 28, "eFW master is ready, waiting for the eFW worker to get ready");
sem_wait(ctx->fwcfg->thrdata.semp_worker);
eurephia_log(ctx, LOG_INFO, 2, "eFW interface initialised.");
@@ -201,7 +201,7 @@ void eFW_StartFirewall(eurephiaCTX *ctx) {
memset(&buf, 0, 1026);
snprintf(buf, 1024, "F %s", fwdest);
if( mq_send((*ctx->fwcfg).thrdata.msgq, buf, strlen(buf)+1, 1) == -1 ) {
- eurephia_log(ctx, LOG_CRITICAL, 0, "Could not request firewall flushing of the %s chain: %s",
+ eurephia_log(ctx, LOG_ERROR, 0, "Could not request firewall flushing of the %s chain: %s",
fwdest, strerror(errno));
};
}
@@ -214,7 +214,7 @@ void eFW_StopFirewall(eurephiaCTX *ctx) {
return;
}
- eurephia_log(ctx, LOG_INFO, 3, "Stopping eurephia firewall interface");
+ eurephia_log(ctx, LOG_INFO, 2, "Stopping eurephia firewall interface");
// Flush the firewall chain before shutting down, to make sure
// we don't unintentionally some accesses open
@@ -237,20 +237,20 @@ void eFW_StopFirewall(eurephiaCTX *ctx) {
memset(&buf, 0, 520);
snprintf(buf, 512, "FWSHUTDOWN%c", 0);
if( mq_send((*ctx->fwcfg).thrdata.msgq, buf, 11, 1) == -1 ) {
- eurephia_log(ctx, LOG_FATAL, 0, "Could not initiate shutdown on eFW module: %s", strerror(errno));
+ eurephia_log(ctx, LOG_PANIC, 0, "Could not initiate shutdown on eFW module: %s", strerror(errno));
kill(ctx->fwcfg->fwproc_pid, SIGABRT);
}
// Wait for the firewall module process to finish
if( waitpid(ctx->fwcfg->fwproc_pid, &childret, 0) != ctx->fwcfg->fwproc_pid ) {
- eurephia_log(ctx, LOG_FATAL, 0, "Failed to wait for eFW module process to quit: %s",
+ eurephia_log(ctx, LOG_PANIC, 0, "Failed to wait for eFW module process to quit: %s",
strerror(errno));
kill(ctx->fwcfg->fwproc_pid, SIGABRT);
}
free_nullsafe((*ctx->fwcfg).thrdata.fw_command);
free_nullsafe(ctx->fwcfg);
- eurephia_log(ctx, LOG_INFO, 3, "eurephia firewall interface is stopped");
+ eurephia_log(ctx, LOG_INFO, 2, "eurephia firewall interface is stopped");
}
@@ -259,7 +259,7 @@ int eFW_UpdateFirewall(eurephiaCTX *ctx, int mode,
char buf[1026];
if( (*ctx->fwcfg).thrdata.fw_command == NULL ) {
- eurephia_log(ctx, LOG_ERROR, 0, "Function call: eFW_UpdateFirewall() -- "
+ eurephia_log(ctx, LOG_FATAL, 0, "Function call: eFW_UpdateFirewall() -- "
"firewall_command is not configured. Firewall rules was not updated.");
return 0;
}
@@ -267,14 +267,14 @@ int eFW_UpdateFirewall(eurephiaCTX *ctx, int mode,
memset(&buf, 0, 1026);
switch( mode ) {
case FWRULE_ADD:
- eurephia_log(ctx, LOG_INFO, 1, "Function call: eFW_UpdateFirewall(ctx, %s, '%s', '%s', '%s')",
+ eurephia_log(ctx, LOG_INFO, 3, "Function call: eFW_UpdateFirewall(ctx, %s, '%s', '%s', '%s')",
"ADD", macaddr, fwdest, fwprofile);
snprintf(buf, 1024, "A %s %s %s", macaddr, fwdest, fwprofile);
mq_send((*ctx->fwcfg).thrdata.msgq, buf, strlen(buf)+1, 1);
return 1;
case FWRULE_DELETE:
- eurephia_log(ctx, LOG_INFO, 1, "Function call: eFW_UpdateFirewall(ctx, %s, '%s', '%s', '%s')",
+ eurephia_log(ctx, LOG_INFO, 3, "Function call: eFW_UpdateFirewall(ctx, %s, '%s', '%s', '%s')",
"DELETE", macaddr, fwdest, fwprofile);
snprintf(buf, 1024, "D %s %s %s", macaddr, fwdest, fwprofile);
mq_send((*ctx->fwcfg).thrdata.msgq, buf, strlen(buf)+1, 1);
diff --git a/eurephiafw_helpers.c b/eurephiafw_helpers.c
index dd1ff52..ba6305d 100644
--- a/eurephiafw_helpers.c
+++ b/eurephiafw_helpers.c
@@ -52,13 +52,13 @@ int efwSetupSemaphores(eurephiaCTX *ctx, efw_threaddata *cfg) {
int efwRemoveSemaphores(eurephiaCTX *ctx, efw_threaddata *cfg) {
if( sem_close(cfg->semp_worker) != 0 ) {
- eurephia_log(ctx, LOG_CRITICAL, 0,
+ eurephia_log(ctx, LOG_WARNING, 0,
"eFW: Could not destroy semaphore for worker: %s", strerror(errno));
}
sem_unlink(SEMPH_WORKER);
if( sem_close(cfg->semp_master) != 0 ) {
- eurephia_log(ctx, LOG_CRITICAL, 0,
+ eurephia_log(ctx, LOG_WARNING, 0,
"eFW: Could not destroy semaphore for master: %s", strerror(errno));
}
sem_unlink(SEMPH_MASTER);
diff --git a/firewall/iptables/efw_iptables.c b/firewall/iptables/efw_iptables.c
index 3d3e4ff..3bd9cce 100644
--- a/firewall/iptables/efw_iptables.c
+++ b/firewall/iptables/efw_iptables.c
@@ -54,9 +54,9 @@ void eFW_RunFirewall(void *fwargs) {
unsigned int prio;
char buf[EFW_MSG_SIZE+2];
- DEBUG(ctx, 22, "eFW_RunFirewall: Waiting for eFW master to get ready");
+ DEBUG(ctx, 28, "eFW_RunFirewall: Waiting for eFW master to get ready");
sem_wait(cfg->semp_master);
- DEBUG(ctx, 22, "eFW_RunFirewall: Telling eFW master that the worker process is ready");
+ DEBUG(ctx, 28, "eFW_RunFirewall: Telling eFW master that the worker process is ready");
sem_post(cfg->semp_worker);
if( cfg->fw_command == NULL ) {
@@ -79,7 +79,7 @@ void eFW_RunFirewall(void *fwargs) {
if( !quit ) {
int res = 0;
- DEBUG(ctx, 23, "eFW_RunFirewall: Received '%s'", buf);
+ DEBUG(ctx, 20, "eFW_RunFirewall: Received '%s'", buf);
res = process_input(ctx, cfg->fw_command, buf);
if( ! res ) {
@@ -105,7 +105,7 @@ int process_input(eurephiaCTX *ctx, const char *fwcmd, const char *input) {
orig_msg = strdup_nullsafe(input);
msg = orig_msg;
- DEBUG(ctx, 23, "eFW_RunFirewall::process_input(ctx, '%s')", msg);
+ DEBUG(ctx, 36, "eFW_RunFirewall::process_input(ctx, '%s')", msg);
//
// Simple parsing of the input string
@@ -151,7 +151,7 @@ int process_input(eurephiaCTX *ctx, const char *fwcmd, const char *input) {
iptables_args[8] = jump;
iptables_args[9] = NULL;
- eurephia_log(ctx, LOG_INFO, 2, "eFW_RunFirewall - updating iptables rules "
+ eurephia_log(ctx, LOG_INFO, 3, "eFW_RunFirewall - updating iptables rules "
"==> mode: %s macaddr: '%s' destchain: '%s' jump: '%s'",
(mode[1] == 'A' ? "ADD":"DELETE"), macaddr, destchain, jump);
break;
@@ -160,7 +160,7 @@ int process_input(eurephiaCTX *ctx, const char *fwcmd, const char *input) {
destchain = msg;
iptables_args[2] = destchain;
- eurephia_log(ctx, LOG_INFO, 2, "eFW_RunFirewall - updating iptables rules "
+ eurephia_log(ctx, LOG_INFO, 3, "eFW_RunFirewall - updating iptables rules "
"==> mode: FLUSH destchain: '%s'", destchain);
break;
generated by cgit (git 2.34.1) at 2024-05-21 10:58:36 +0000