diff options
| author | David Sommerseth <dazo@users.sourceforge.net> | 2008-09-19 18:00:31 +0200 |
|---|---|---|
| committer | David Sommerseth <dazo@users.sourceforge.net> | 2008-09-19 18:00:31 +0200 |
| commit | 587028ddd4136637e3b94a877ecceae4217dfe72 (patch) | |
| tree | 4428ff1483f41a450363c0bb379014c58710d72d /database/sqlite | |
| parent | 8f883490ce6ddfa8fe8f883817353b51000f886f (diff) | |
| download | eurephia-587028ddd4136637e3b94a877ecceae4217dfe72.tar.gz eurephia-587028ddd4136637e3b94a877ecceae4217dfe72.tar.xz eurephia-587028ddd4136637e3b94a877ecceae4217dfe72.zip | |
Improved code security. LOG_DEBUG statements are only compiled if DEBUG=1 is sent to make.
Since several parts of the code where LOG_DEBUG was used with eurephia_log(...)
contains security sensitive information (like logging password retrieved with
get_env(...)), all debug logging is now done via the DEBUG macro.
This macro will not produce any security relevant eurephia_log(...) statements
unless the source is compiled with -DENABLE_DEBUG. This is activated via
make by adding DEBUG=1 before the make targets. When not enabled, the
binaries will not do any debug logging at all.
Diffstat (limited to 'database/sqlite')
| -rw-r--r-- | database/sqlite/eurephiadb-sqlite.c | 75 | ||||
| -rw-r--r-- | database/sqlite/sqlite.c | 2 |
2 files changed, 36 insertions, 41 deletions
diff --git a/database/sqlite/eurephiadb-sqlite.c b/database/sqlite/eurephiadb-sqlite.c index 1abcfeb..5aa765c 100644 --- a/database/sqlite/eurephiadb-sqlite.c +++ b/database/sqlite/eurephiadb-sqlite.c @@ -106,7 +106,7 @@ int eDBconnect(eurephiaCTX *ctx, const int argc, const char **argv) mwStatistics(3); #endif - eurephia_log(ctx, LOG_DEBUG, 10, "Function call: eDBconnect(ctx, %i, '%s')", argc, argv[1]); + DEBUG(ctx, 10, "Function call: eDBconnect(ctx, %i, '%s')", argc, argv[1]); if( (argc != 1) || (argv[0] == NULL) || (strlen(argv[0]) < 1) ) { eurephia_log(ctx, LOG_PANIC, 0, "Wrong parameters to dblink-sqlite. Cannot open database."); @@ -158,7 +158,7 @@ void eDBdisconnect(eurephiaCTX *ctx) { eDBconn *dbc = NULL; - eurephia_log(ctx, LOG_DEBUG, 10, "Function call: eDBdisconnect(ctx)"); + DEBUG(ctx, 10, "Function call: eDBdisconnect(ctx)"); if( ctx->dbc == NULL ) { eurephia_log(ctx, LOG_WARNING, 0, "Database not open, cannot close database."); @@ -189,7 +189,7 @@ int eDBauth_TLS(eurephiaCTX *ctx, const char *org, const char *cname, const char int certid = 0; char *blid = NULL; - eurephia_log(ctx, LOG_DEBUG, 10, "Function call: eDBauth_TLS(ctx, '%s', '%s', '%s', '%s', %s)", + DEBUG(ctx, 10, "Function call: eDBauth_TLS(ctx, '%s', '%s', '%s', '%s', %s)", org, cname, email, digest, depth); // Check if certificate is valid, and not too many attempts has been tried with the given certificate @@ -230,9 +230,8 @@ int eDBauth_TLS(eurephiaCTX *ctx, const char *org, const char *cname, const char eurephia_log(ctx, LOG_FATAL, 0, "Could not look up certificate information"); } - eurephia_log(ctx, LOG_DEBUG, 10, - "Result function call: eDBauth_TLS(ctx, '%s', '%s', '%s', '%s', %s) - %i", - org, cname, email, digest, depth, certid); + DEBUG(ctx, 10, "Result function call: eDBauth_TLS(ctx, '%s', '%s', '%s', '%s', %s) - %i", + org, cname, email, digest, depth, certid); return certid; } @@ -245,8 +244,7 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const char *crpwd = NULL, *activated = NULL, *deactivated = NULL, *blid_uname = NULL, *blid_cert; int uicid = 0, uid = 0, pwdok = 0; - eurephia_log(ctx, LOG_DEBUG, 10, "Function call: eDBauth_user(ctx, %i, '%s','xxxxxxxx')", - certid, username); + DEBUG(ctx, 10, "Function call: eDBauth_user(ctx, %i, '%s','xxxxxxxx')", certid, username); // Generate SHA1 hash of password, used for password auth @@ -311,8 +309,8 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const } sqlite_free_results(res); - eurephia_log(ctx, LOG_DEBUG, 10, "Result function call: eDBauth_user(ctx, %i, '%s','xxxxxxxx') - %i", - certid, username, uicid); + DEBUG(ctx, 10, "Result function call: eDBauth_user(ctx, %i, '%s','xxxxxxxx') - %i", + certid, username, uicid); return uicid; } @@ -323,7 +321,7 @@ int eDBget_uid(eurephiaCTX *ctx, const int certid, const char *username) dbresult *res = NULL; int ret = 0; - eurephia_log(ctx, LOG_DEBUG, 10, "Function call: eDBget_uid(ctx, %i, '%s')", certid, username); + DEBUG(ctx, 10, "Function call: eDBget_uid(ctx, %i, '%s')", certid, username); res = sqlite_query(ctx, "SELECT uid " @@ -350,8 +348,8 @@ int eDBblacklist_check(eurephiaCTX *ctx, const int type, const char *val) int atpexceed = -1, blacklisted = 0; char *atpid = NULL, *blid = NULL; - eurephia_log(ctx, LOG_DEBUG, 10, "Function call: eDBblacklist_check(ctx, '%s', '%s')", - eDBattempt_types[type].descr, val); + DEBUG(ctx, 10, "Function call: eDBblacklist_check(ctx, '%s', '%s')", + eDBattempt_types[type].descr, val); blr = sqlite_query(ctx, "SELECT blid FROM openvpn_blacklist WHERE %s = '%q'", eDBattempt_types[type].colname, val); @@ -410,8 +408,8 @@ int eDBblacklist_check(eurephiaCTX *ctx, const int type, const char *val) } free_nullsafe(blid); - eurephia_log(ctx, LOG_DEBUG, 10, "Result - function call: eDBblacklist_check(ctx, '%s', '%s') - %i", - eDBattempt_types[type].descr, val, blacklisted); + DEBUG(ctx, 10, "Result - function call: eDBblacklist_check(ctx, '%s', '%s') - %i", + eDBattempt_types[type].descr, val, blacklisted); return blacklisted; } @@ -422,10 +420,10 @@ void eDBregister_attempt(eurephiaCTX *ctx, int type, int mode, const char *value char *id = NULL, *atmpt_block = NULL, *blid = NULL; int attempts = 0; - eurephia_log(ctx, LOG_DEBUG, 10, "Function call: eDBregister_attempt(ctx, %s, %s, '%s')", - eDBattempt_types[type].colname, - (mode == ATTEMPT_RESET ? "ATTEMPT_RESET" : "ATTEMPT_REGISTER"), - value); + DEBUG(ctx, 10, "Function call: eDBregister_attempt(ctx, %s, %s, '%s')", + eDBattempt_types[type].colname, + (mode == ATTEMPT_RESET ? "ATTEMPT_RESET" : "ATTEMPT_REGISTER"), + value); // // openvpn_attempts @@ -511,9 +509,8 @@ int eDBregister_login(eurephiaCTX *ctx, eurephiaSESSION *skey, const int certid, { dbresult *res = NULL; - eurephia_log(ctx, LOG_DEBUG, 10, - "Function call: eDBregister_login(ctx, '%s', %i, %i, '%s','%s','%s','%s','%s')", - skey->sessionkey, certid, uid, proto, remipaddr, remport, vpnipaddr, vpnipmask); + DEBUG(ctx, 10, "Function call: eDBregister_login(ctx, '%s', %i, %i, '%s','%s','%s','%s','%s')", + skey->sessionkey, certid, uid, proto, remipaddr, remport, vpnipaddr, vpnipmask); if( skey->sessionstatus != SESSION_NEW ) { eurephia_log(ctx, LOG_WARNING, 10, "Not a new session, will not register it again"); @@ -541,9 +538,8 @@ int eDBregister_vpnmacaddr(eurephiaCTX *ctx, eurephiaSESSION *session, const cha { dbresult *res = NULL; - eurephia_log(ctx, LOG_DEBUG, 10, - "Function call: eDBregister_vpnmacaddr(ctx, '%s', '%s')", - session->sessionkey, macaddr); + DEBUG(ctx, 10, "Function call: eDBregister_vpnmacaddr(ctx, '%s', '%s')", + session->sessionkey, macaddr); if( macaddr == NULL ) { eurephia_log(ctx, LOG_CRITICAL, 0, "No MAC address was given to save"); @@ -585,9 +581,8 @@ int eDBregister_logout(eurephiaCTX *ctx, eurephiaSESSION *skey, { dbresult *res = NULL; - eurephia_log(ctx, LOG_DEBUG, 10, - "Function call: eDBregister_logout(ctx, '%s', %s, %s)", - skey->sessionkey, bytes_sent, bytes_received); + DEBUG(ctx, 10, "Function call: eDBregister_logout(ctx, '%s', %s, %s)", + skey->sessionkey, bytes_sent, bytes_received); res = sqlite_query(ctx, "UPDATE openvpn_lastlog " @@ -613,7 +608,7 @@ char *eDBget_sessionkey_seed(eurephiaCTX *ctx, const char *sessionseed) { dbresult *res = NULL; char *skey = NULL; - eurephia_log(ctx, LOG_DEBUG, 10, "eDBget_sessionkey(ctx, '%s')", sessionseed); + DEBUG(ctx, 10, "eDBget_sessionkey(ctx, '%s')", sessionseed); if( sessionseed == NULL ) { eurephia_log(ctx, LOG_CRITICAL, 1, @@ -662,7 +657,7 @@ int eDBcheck_sessionkey_uniqueness(eurephiaCTX *ctx, const char *seskey) { dbresult *res; int uniq = 0; - eurephia_log(ctx, LOG_DEBUG, 10, "eDBcheck_sessionkey_uniqueness(ctx, '%s')", seskey); + DEBUG(ctx, 10, "eDBcheck_sessionkey_uniqueness(ctx, '%s')", seskey); if( seskey == NULL ) { eurephia_log(ctx, LOG_CRITICAL, 1, "eDBcheck_sessionkey_uniqness: Invalid session key given"); @@ -685,7 +680,7 @@ int eDBcheck_sessionkey_uniqueness(eurephiaCTX *ctx, const char *seskey) { int eDBregister_sessionkey(eurephiaCTX *ctx, const char *seed, const char *seskey) { dbresult *res; - eurephia_log(ctx, LOG_DEBUG, 10, "eDBregister_sessionkey(ctx, '%s', '%s')", seed, seskey); + DEBUG(ctx, 10, "eDBregister_sessionkey(ctx, '%s', '%s')", seed, seskey); if( (seed == NULL) || (seskey == NULL) ) { eurephia_log(ctx, LOG_CRITICAL, 1, "eDBregister_sessionkey: Invalid session seed or session key given"); @@ -708,7 +703,7 @@ int eDBregister_sessionkey(eurephiaCTX *ctx, const char *seed, const char *seske int eDBremove_sessionkey(eurephiaCTX *ctx, const char *seskey) { dbresult *res; - eurephia_log(ctx, LOG_DEBUG, 10, "eDBremove_sessionkey(ctx, '%s')", seskey); + DEBUG(ctx, 10, "eDBremove_sessionkey(ctx, '%s')", seskey); if( seskey == NULL ) { eurephia_log(ctx, LOG_CRITICAL, 1, "eDBremove_sessionkey: Invalid session key given"); @@ -735,7 +730,7 @@ eurephiaVALUES *eDBload_sessiondata(eurephiaCTX *ctx, const char *sesskey) { return NULL; } - eurephia_log(ctx, LOG_DEBUG, 10, "Function call: eDBload_sessiondata(ctx, '%s')", sesskey); + DEBUG(ctx, 10, "Function call: eDBload_sessiondata(ctx, '%s')", sesskey); sessvals = eCreate_value_space(ctx, 10); @@ -763,13 +758,13 @@ int eDBstore_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, int mode, dbresult *res = NULL; if( session == NULL ) { - eurephia_log(ctx, LOG_DEBUG, 10, - "Function call failed to eDBstore_session_value(ctx, ...): Non-existing session key"); + DEBUG(ctx, 10, + "Function call failed to eDBstore_session_value(ctx, ...): Non-existing session key"); return 0; } - eurephia_log(ctx, LOG_DEBUG, 10, "Function call: eDBstore_session_value(ctx, '%s', %i, '%s', '%s')", - session->sessionkey, mode, key, val); + DEBUG(ctx, 10, "Function call: eDBstore_session_value(ctx, '%s', %i, '%s', '%s')", + session->sessionkey, mode, key, val); switch( mode ) { case SESSVAL_NEW: @@ -818,7 +813,7 @@ int eDBstore_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, int mode, int eDBdestroy_session(eurephiaCTX *ctx, eurephiaSESSION *session) { dbresult *res = NULL; - eurephia_log(ctx, LOG_DEBUG, 10, "Function call: eDBdestroy_session(ctx, '%s')", session->sessionkey); + DEBUG(ctx, 10, "Function call: eDBdestroy_session(ctx, '%s')", session->sessionkey); if( (session == NULL) || (session->sessionkey == NULL) ) { eurephia_log(ctx, LOG_ERROR, 1, "No active session given to be destroyed"); @@ -859,8 +854,8 @@ char *eDBget_firewall_profile(eurephiaCTX *ctx, eurephiaSESSION *session) char *ret = NULL; dbresult *res = NULL; - eurephia_log(ctx, LOG_DEBUG, 10, "Function call: eDBget_firewall_profile(ctx, {session}'%s')", - session->sessionkey); + DEBUG(ctx, 10, "Function call: eDBget_firewall_profile(ctx, {session}'%s')", + session->sessionkey); res = sqlite_query(ctx, "SELECT fw_profile " diff --git a/database/sqlite/sqlite.c b/database/sqlite/sqlite.c index c58aa01..1a97793 100644 --- a/database/sqlite/sqlite.c +++ b/database/sqlite/sqlite.c @@ -218,7 +218,7 @@ dbresult *sqlite_query(eurephiaCTX *ctx, char *fmt, ... ) { sql = sqlite3_vmprintf(fmt, ap); va_end(ap); - eurephia_log(ctx, LOG_DEBUG, 11, "Doing SQL Query: %s", sql); + DEBUG(ctx, 11, "Doing SQL Query: %s", sql); rc = sqlite3_exec( (sqlite3 *) dbc->dbhandle, sql, _cb_parse_result, 0, &errMsg ); if( rc != SQLITE_OK ) { eurephia_log(ctx, LOG_ERROR, 0, "SQL Error: %s", errMsg); |