Moved TLS authentication logging from database module to eurephia.c

Also differentiated log level from user certs (depth == 0) and other depths.
author: David Sommerseth <dazo@users.sourceforge.net> 2008-10-08 07:40:03 +0200
committer: David Sommerseth <dazo@users.sourceforge.net> 2008-10-08 07:40:03 +0200
commit: b6f246bb5470ddfd0309769ec908d1fbad7c322d (patch)
tree: 45f7013e0ee94d99873993bf4515f799f3d3f81d
parent: 0caeac27ccd23c9d940d3eac212ef1a70ce91468 (diff)
download: eurephia-b6f246bb5470ddfd0309769ec908d1fbad7c322d.tar.gz
eurephia-b6f246bb5470ddfd0309769ec908d1fbad7c322d.tar.xz
eurephia-b6f246bb5470ddfd0309769ec908d1fbad7c322d.zip
3 files changed, 15 insertions, 28 deletions
diff --git a/database/eurephiadb-driver_template.c b/database/eurephiadb-driver_template.c
index fc67510..d237c00 100644
--- a/database/eurephiadb-driver_template.c
+++ b/database/eurephiadb-driver_template.c
@@ -222,24 +222,13 @@ int eDBauth_TLS(eurephiaCTX *ctx, const char *org, const char *cname, const char
                            org, cname, email, depth, digest
         */
 
-        if( /*IF WE GOT A RESULT */ ) {
+        if( /* IF WE GOT A RESULT */ ) {
                 certid = atoi_nullsafe(/* GET cert.certid FROM SQL RESULT */);
                 blid   = atoi_nullsafe(/* GET blid FROM SQL RESULT */);
                 /* FREE SQL RESULT */
 
-                // Check if we found certificate to be blacklisted or not.  blid == NULL when NOT blacklisted
-                if( blid == NULL ) {
-                        if( certid > 0 ) {
-                                eurephia_log(ctx, LOG_INFO, 0,
-                                             "Found certid %i for user: %s/%s/%s",
-                                             certid, org, cname, email);
-                        } else {
-                                eurephia_log(ctx, LOG_INFO, 1,
-                                             "Unknown certificate for: %s/%s/%s (depth %s, digest: %s)",
-                                             org, cname, email, depth, digest);
-                        }
-                        // Certificate is okay, certid contains the certificate ID
-                } else {
+                // Check if the certificate is blacklisted or not.  blid != NULL when blacklisted
+                if( blid != NULL ) {
                         // If the certificate or IP is blacklisted, update status and deny access.
                         eurephia_log(ctx, LOG_WARNING, 0,
                                      "Attempt with BLACKLISTED certificate (certid %i)", certid);
diff --git a/database/sqlite/eurephiadb-sqlite.c b/database/sqlite/eurephiadb-sqlite.c
index 8fcbd65..1424ffd 100644
--- a/database/sqlite/eurephiadb-sqlite.c
+++ b/database/sqlite/eurephiadb-sqlite.c
@@ -202,19 +202,8 @@ int eDBauth_TLS(eurephiaCTX *ctx, const char *org, const char *cname, const char
                 blid = strdup_nullsafe(sqlite_get_value(res, 0, 1));
                 sqlite_free_results(res);
 
-                // Check if we found certificate to be blacklisted or not.  blid == NULL when NOT blacklisted
-                if( blid == NULL ) {
-                        if( certid > 0 ) {
-                                eurephia_log(ctx, LOG_INFO, 0,
-                                             "Found certid %i for user: %s/%s/%s",
-                                             certid, org, cname, email);
-                        } else {
-                                eurephia_log(ctx, LOG_INFO, 1,
-                                             "Unknown certificate for: %s/%s/%s (depth %s, digest: %s)",
-                                             org, cname, email, depth, digest);
-                        }
-                        // Certificate is okay, certid contains the certificate ID
-                } else {
+                // Check if the certificate is blacklisted or not.  blid != NULL when blacklisted
+                if( blid != NULL ) {
                         // If the certificate or IP is blacklisted, update status and deny access.
                         eurephia_log(ctx, LOG_WARNING, 0,
                                      "Attempt with BLACKLISTED certificate (certid %i)", certid);
diff --git a/eurephia.c b/eurephia.c
index 82aa183..5832a02 100644
--- a/eurephia.c
+++ b/eurephia.c
@@ -276,12 +276,21 @@ int eurephia_tlsverify(eurephiaCTX *ctx, const char **env, const char *depth)
                 eDBregister_attempt(ctx, attempt_IPADDR, ATTEMPT_REGISTER, ipaddr);
                 eDBregister_attempt(ctx, attempt_CERTIFICATE, ATTEMPT_REGISTER, tls_digest);
         }
-        free_certinfo(ci);
 
         if( result > 0 ) {
+                // Certificate is okay, result contains the certificate ID
+                eurephia_log(ctx, LOG_INFO, (depth == 0 ? 0 : 1),
+                             "Found certid %i for user: %s/%s/%s",
+                             result, ci->org, ci->common_name, ci->email);
+
                 // Reset attempt counter for certificate if it is okey
                 eDBregister_attempt(ctx, attempt_CERTIFICATE, ATTEMPT_RESET, tls_digest);
+        } else {
+                eurephia_log(ctx, LOG_WARNING, 0,
+                             "Unknown certificate for: %s/%s/%s (depth %s, digest: %s)",
+                             ci->org, ci->common_name, ci->email, depth, tls_digest);
         }
+        free_certinfo(ci);
         DEBUG(ctx, 10, "** Function result: eurephia_tlsverify(...) == %i", result > 0);
 
         return (result > 0);
author	David Sommerseth <dazo@users.sourceforge.net>	2008-10-08 07:40:03 +0200
committer	David Sommerseth <dazo@users.sourceforge.net>	2008-10-08 07:40:03 +0200
commit	b6f246bb5470ddfd0309769ec908d1fbad7c322d (patch)
tree	45f7013e0ee94d99873993bf4515f799f3d3f81d
parent	0caeac27ccd23c9d940d3eac212ef1a70ce91468 (diff)
download	eurephia-b6f246bb5470ddfd0309769ec908d1fbad7c322d.tar.gz eurephia-b6f246bb5470ddfd0309769ec908d1fbad7c322d.tar.xz eurephia-b6f246bb5470ddfd0309769ec908d1fbad7c322d.zip