diff options
author | David Sommerseth <dazo@users.sourceforge.net> | 2008-10-08 07:40:03 +0200 |
---|---|---|
committer | David Sommerseth <dazo@users.sourceforge.net> | 2008-10-08 07:40:03 +0200 |
commit | b6f246bb5470ddfd0309769ec908d1fbad7c322d (patch) | |
tree | 45f7013e0ee94d99873993bf4515f799f3d3f81d | |
parent | 0caeac27ccd23c9d940d3eac212ef1a70ce91468 (diff) | |
download | eurephia-b6f246bb5470ddfd0309769ec908d1fbad7c322d.tar.gz eurephia-b6f246bb5470ddfd0309769ec908d1fbad7c322d.tar.xz eurephia-b6f246bb5470ddfd0309769ec908d1fbad7c322d.zip |
Moved TLS authentication logging from database module to eurephia.c
Also differentiated log level from user certs (depth == 0) and other depths.
-rw-r--r-- | database/eurephiadb-driver_template.c | 17 | ||||
-rw-r--r-- | database/sqlite/eurephiadb-sqlite.c | 15 | ||||
-rw-r--r-- | eurephia.c | 11 |
3 files changed, 15 insertions, 28 deletions
diff --git a/database/eurephiadb-driver_template.c b/database/eurephiadb-driver_template.c index fc67510..d237c00 100644 --- a/database/eurephiadb-driver_template.c +++ b/database/eurephiadb-driver_template.c @@ -222,24 +222,13 @@ int eDBauth_TLS(eurephiaCTX *ctx, const char *org, const char *cname, const char org, cname, email, depth, digest */ - if( /*IF WE GOT A RESULT */ ) { + if( /* IF WE GOT A RESULT */ ) { certid = atoi_nullsafe(/* GET cert.certid FROM SQL RESULT */); blid = atoi_nullsafe(/* GET blid FROM SQL RESULT */); /* FREE SQL RESULT */ - // Check if we found certificate to be blacklisted or not. blid == NULL when NOT blacklisted - if( blid == NULL ) { - if( certid > 0 ) { - eurephia_log(ctx, LOG_INFO, 0, - "Found certid %i for user: %s/%s/%s", - certid, org, cname, email); - } else { - eurephia_log(ctx, LOG_INFO, 1, - "Unknown certificate for: %s/%s/%s (depth %s, digest: %s)", - org, cname, email, depth, digest); - } - // Certificate is okay, certid contains the certificate ID - } else { + // Check if the certificate is blacklisted or not. blid != NULL when blacklisted + if( blid != NULL ) { // If the certificate or IP is blacklisted, update status and deny access. eurephia_log(ctx, LOG_WARNING, 0, "Attempt with BLACKLISTED certificate (certid %i)", certid); diff --git a/database/sqlite/eurephiadb-sqlite.c b/database/sqlite/eurephiadb-sqlite.c index 8fcbd65..1424ffd 100644 --- a/database/sqlite/eurephiadb-sqlite.c +++ b/database/sqlite/eurephiadb-sqlite.c @@ -202,19 +202,8 @@ int eDBauth_TLS(eurephiaCTX *ctx, const char *org, const char *cname, const char blid = strdup_nullsafe(sqlite_get_value(res, 0, 1)); sqlite_free_results(res); - // Check if we found certificate to be blacklisted or not. blid == NULL when NOT blacklisted - if( blid == NULL ) { - if( certid > 0 ) { - eurephia_log(ctx, LOG_INFO, 0, - "Found certid %i for user: %s/%s/%s", - certid, org, cname, email); - } else { - eurephia_log(ctx, LOG_INFO, 1, - "Unknown certificate for: %s/%s/%s (depth %s, digest: %s)", - org, cname, email, depth, digest); - } - // Certificate is okay, certid contains the certificate ID - } else { + // Check if the certificate is blacklisted or not. blid != NULL when blacklisted + if( blid != NULL ) { // If the certificate or IP is blacklisted, update status and deny access. eurephia_log(ctx, LOG_WARNING, 0, "Attempt with BLACKLISTED certificate (certid %i)", certid); @@ -276,12 +276,21 @@ int eurephia_tlsverify(eurephiaCTX *ctx, const char **env, const char *depth) eDBregister_attempt(ctx, attempt_IPADDR, ATTEMPT_REGISTER, ipaddr); eDBregister_attempt(ctx, attempt_CERTIFICATE, ATTEMPT_REGISTER, tls_digest); } - free_certinfo(ci); if( result > 0 ) { + // Certificate is okay, result contains the certificate ID + eurephia_log(ctx, LOG_INFO, (depth == 0 ? 0 : 1), + "Found certid %i for user: %s/%s/%s", + result, ci->org, ci->common_name, ci->email); + // Reset attempt counter for certificate if it is okey eDBregister_attempt(ctx, attempt_CERTIFICATE, ATTEMPT_RESET, tls_digest); + } else { + eurephia_log(ctx, LOG_WARNING, 0, + "Unknown certificate for: %s/%s/%s (depth %s, digest: %s)", + ci->org, ci->common_name, ci->email, depth, tls_digest); } + free_certinfo(ci); DEBUG(ctx, 10, "** Function result: eurephia_tlsverify(...) == %i", result > 0); return (result > 0); |