diff options
| author | David Sommerseth <dazo@users.sourceforge.net> | 2008-10-03 23:33:11 +0200 |
|---|---|---|
| committer | David Sommerseth <dazo@users.sourceforge.net> | 2008-10-03 23:33:11 +0200 |
| commit | 1a3a4b3b242e1a045a5f08c91edd074865a85cee (patch) | |
| tree | 71781295704f67ac76cb50143d53512bf999656f /database | |
| parent | 62b23e6d98353f4093d42bd3cdf14e826bbd4055 (diff) | |
Log review (part 1) - log categories
Went through all parts of the code, and reorganised log categories. The
following "rules" where used for categorisation:
LOG_INFO - General info, should avoid log level higher than 5
LOG_DEBUG - Using DEBUG function only log level always > 10
LOG_WARNING - When something action fails, but not as severe that
the process cannot continue. Log level never > 2
LOG_ERROR - API errors, but not severe, can continue
LOG_FATAL - Action failed and we cannot continue in this function.
Log level always < 2
LOG_PANIC - Action failed and eurephia-auth cannot continue to
work any more (program restart needed). Log level
always 0
Diffstat (limited to 'database')
| -rw-r--r-- | database/eurephiadb-driver_template.c | 114 | ||||
| -rw-r--r-- | database/sqlite/eurephiadb-sqlite.c | 122 |
2 files changed, 123 insertions, 113 deletions
diff --git a/database/eurephiadb-driver_template.c b/database/eurephiadb-driver_template.c index 005afc7..f640ee8 100644 --- a/database/eurephiadb-driver_template.c +++ b/database/eurephiadb-driver_template.c @@ -88,7 +88,7 @@ void update_attempts(eurephiaCTX *ctx, const char *blid) { " SET last_accessed = CURRENT_TIMESTAMP WHERE blid = %s", blid */ if( /* SQL COMMAND FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_CRITICAL, 0, "Could not update openvpn_blacklist.last_accessed for blid=%s", blid); } /* FREE SQL RESULT */ @@ -136,7 +136,7 @@ int eDBconnect(eurephiaCTX *ctx, const int argc, const char **argv) /* WORK TO DO -- Open a database connection, and save the handle in dbc->handle */ if( /* IF CONNECTION FAILED */ ) { - eurephia_log(ctx, LOG_FATAL, 0, "Could not open database '%s'", dbc->dbname); + eurephia_log(ctx, LOG_PANIC, 0, "Could not open database '%s'", dbc->dbname); free_nullsafe(dbc->dbname); free_nullsafe(dbc); return 0; @@ -186,7 +186,7 @@ void eDBdisconnect(eurephiaCTX *ctx) } dbc = ctx->dbc; - eurephia_log(ctx, LOG_INFO, 2, "Closing database '%s'", dbc->dbname); + eurephia_log(ctx, LOG_INFO, 1, "Closing database '%s'", dbc->dbname); /* WORK TO DO: Close database connection using dbc->dbhandle */ @@ -230,18 +230,18 @@ int eDBauth_TLS(eurephiaCTX *ctx, const char *org, const char *cname, const char // Check if we found certificate to be blacklisted or not. blid == NULL when NOT blacklisted if( blid == NULL ) { if( certid > 0 ) { - eurephia_log(ctx, LOG_INFO, 0, + eurephia_log(ctx, LOG_INFO, 0, "Found certid %i for user: %s/%s/%s", certid, org, cname, email); } else { - eurephia_log(ctx, LOG_INFO, 1, + eurephia_log(ctx, LOG_INFO, 1, "Unknown certificate for: %s/%s/%s (depth %s, digest: %s)", org, cname, email, depth, digest); } // Certificate is okay, certid contains the certificate ID } else { // If the certificate or IP is blacklisted, update status and deny access. - eurephia_log(ctx, LOG_WARNING, 1, + eurephia_log(ctx, LOG_WARNING, 0, "Attempt with BLACKLISTED certificate (certid %i)", certid); update_attempts(ctx, blid); certid = -1; @@ -284,8 +284,8 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const */ free_nullsafe(crpwd); if( /* IF NO RESULT WAS RETURNED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, - "Could not lookup user in database (certid %i, username '%s'", certid, username); + eurephia_log(ctx, LOG_FATAL, 0, + "Could not look up user in database (certid %i, username '%s'", certid, username); return 0; } @@ -298,25 +298,29 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const pwdok = atoi_nullsafe(/* GET pwdok FIELD FROM SQL RESULT */); if( blid_uname != NULL ) { - eurephia_log(ctx, LOG_WARNING, 0, "User account is BLACKLISTED (uid: %i, %s)", + eurephia_log(ctx, LOG_WARNING, 0, + "User account is BLACKLISTED (uid: %i, %s)", uid, username); uicid = -1; } else if( blid_cert != NULL ) { - eurephia_log(ctx, LOG_WARNING, 0, + eurephia_log(ctx, LOG_WARNING, 0, "User account linked with a BLACKLISTED certificate " "(uid: %i, %s) - certid: %s", uid, username, certid); uicid = -1; } else if( activated == NULL ) { - eurephia_log(ctx, LOG_WARNING, 0, "User account is not activated (uid: %i, %s)", + eurephia_log(ctx, LOG_WARNING, 0, + "User account is not activated (uid: %i, %s)", uid, username); uicid = -1; } else if( deactivated != NULL ) { - eurephia_log(ctx, LOG_WARNING, 0, "User account is deactivated (uid: %i, %s)", + eurephia_log(ctx, LOG_WARNING, 0, + "User account is deactivated (uid: %i, %s)", uid, username); uicid = -1; } else if( pwdok != 1 ) { - eurephia_log(ctx, LOG_WARNING, 0,"Authentication failed for user '%s'. Wrong password.", + eurephia_log(ctx, LOG_WARNING, 0, + "Authentication failed for user '%s'. Wrong password.", username); uicid = -1; @@ -351,7 +355,7 @@ int eDBget_uid(eurephiaCTX *ctx, const int certid, const char *username) certid, username */ if( /* IF NO RESULT FOUND */ || /* OR WE GOT MORE THAN 1 RECORD */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not lookup userid for user '%s'", username); + eurephia_log(ctx, LOG_FATAL, 0, "Could not lookup userid for user '%s'", username); ret = -1; } else { ret = atoi_nullsafe(/* GET uid FIELD FROM SQL RESULT */); @@ -380,14 +384,14 @@ int eDBblacklist_check(eurephiaCTX *ctx, const int type, const char *val) /* FREE SQL RESULT */ if( blid != NULL ) { // If we found a blacklisted record - eurephia_log(ctx, LOG_WARNING, 1, "Attempt from blacklisted %s: %s", + eurephia_log(ctx, LOG_WARNING, 0, "Attempt from blacklisted %s: %s", eDBattempt_types[type].descr, val); blacklisted = 1; // [type] is blacklisted } // Update attempt information update_attempts(ctx, blid); } else { - eurephia_log(ctx, LOG_CRITICAL, 0, "Quering openvpn_blacklist for blacklisted %s", + eurephia_log(ctx, LOG_FATAL, 0, "Quering openvpn_blacklist for blacklisted %s failed", eDBattempt_types[type].descr); } @@ -408,15 +412,15 @@ int eDBblacklist_check(eurephiaCTX *ctx, const int type, const char *val) // If [type] has reached attempt limit and it is not black listed, black list it if( (atpexceed > 0) && (blid == NULL) ) { eurephia_log(ctx, LOG_WARNING, 0, - "%s got BLACKLISTED due to too many failed attempts: %s", + "%s got BLACKLISTED due to too many failed attempts: %s", eDBattempt_types[type].descr, val); /* WORK TO DO -- DO SQL "INSERT INTO openvpn_blacklist (%s) VALUES ('%q')", eDBattempt_types[type].colname, val */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, - "Could not blacklist %s (%s)", + eurephia_log(ctx, LOG_CRITICAL, 0, + "Could not blacklist %s (%s)", eDBattempt_types[type].descr, val); } /* FREE SQL RESULT */ @@ -424,7 +428,8 @@ int eDBblacklist_check(eurephiaCTX *ctx, const int type, const char *val) } free_nullsafe(atpid); } else { - eurephia_log(ctx, LOG_CRITICAL, 0, "Quering openvpn_attempts for blacklisted %s failed", + eurephia_log(ctx, LOG_CRITICAL, 0, + "Quering openvpn_attempts for blacklisted %s failed", eDBattempt_types[type].descr); } free_nullsafe(atpr); @@ -461,7 +466,7 @@ void eDBregister_attempt(eurephiaCTX *ctx, int type, int mode, const char *value eDBattempt_types[type].colname, value */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not look up atpid in openvpn_attempts"); + eurephia_log(ctx, LOG_FATAL, 0, "Could not look up atpid in openvpn_attempts"); return; } @@ -487,7 +492,7 @@ void eDBregister_attempt(eurephiaCTX *ctx, int type, int mode, const char *value Result check comes later ... */ - } else if( id != NULL ){ + } else if( id != NULL ) { // if a attempt record exists, update it according to mode switch( mode ) { case ATTEMPT_RESET: @@ -512,7 +517,7 @@ void eDBregister_attempt(eurephiaCTX *ctx, int type, int mode, const char *value } if( /* IF SQL QUERY FAILED */ ) { eurephia_log(ctx, LOG_CRITICAL, 0, - "Could not update openvpn_attempts for %s = %s", + "Could not update openvpn_attempts for %s = %s", eDBattempt_types[type].colname, value); } /* FREE SQL RESULT */ @@ -528,7 +533,7 @@ void eDBregister_attempt(eurephiaCTX *ctx, int type, int mode, const char *value eDBattempt_types[type].colname, value */ if( /* IF SQL FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_CRITICAL, 0, "Could not blacklist %s: %s", eDBattempt_types[type].descr, value); } @@ -549,7 +554,7 @@ int eDBregister_login(eurephiaCTX *ctx, eurephiaSESSION *skey, const int certid, skey->sessionkey, certid, uid, proto, remipaddr, remport, vpnipaddr, vpnipmask); if( skey->sessionstatus != SESSION_NEW ) { - eurephia_log(ctx, LOG_WARNING, 10, "Not a new session, will not register it again"); + eurephia_log(ctx, LOG_WARNING, 5, "Not a new session, will not register it again"); return 1; } @@ -562,7 +567,7 @@ int eDBregister_login(eurephiaCTX *ctx, eurephiaSESSION *skey, const int certid, uid, certid, proto, remipaddr, remport, vpnipaddr, vpnipmask, skey->sessionkey */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not insert new session into openvpn_lastlog"); + eurephia_log(ctx, LOG_FATAL, 0, "Could not insert new session into openvpn_lastlog"); return 0; } /* FREE SQL RESULT */ @@ -578,7 +583,7 @@ int eDBregister_vpnmacaddr(eurephiaCTX *ctx, eurephiaSESSION *session, const cha session->sessionkey, macaddr); if( macaddr == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "No MAC address was given to save"); + eurephia_log(ctx, LOG_FATAL, 0, "No MAC address was given to save"); return 0; } @@ -588,7 +593,7 @@ int eDBregister_vpnmacaddr(eurephiaCTX *ctx, eurephiaSESSION *session, const cha session->sessionkey, macaddr */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Failed to log new MAC address for session"); + eurephia_log(ctx, LOG_FATAL, 0, "Failed to log new MAC address for session"); return 0; } /* FREE SQL RESULT */ @@ -599,14 +604,14 @@ int eDBregister_vpnmacaddr(eurephiaCTX *ctx, eurephiaSESSION *session, const cha " WHERE sessionkey = '%q' AND sessionstatus = 1", macaddr, session->sessionkey); */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not update lastlog with new MAC address for session"); + eurephia_log(ctx, LOG_FATAL, 0, "Could not update lastlog with new MAC address for session"); return 0; } /* FREE SQL RESULT */ // Save the MAC address in the session values register - needed for the destroy session if( eDBset_session_value(ctx, session, "macaddr", macaddr) == 0 ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not save MAC address into session variables"); + eurephia_log(ctx, LOG_FATAL, 0, "Could not save MAC address into session variables"); return 0; } @@ -615,7 +620,7 @@ int eDBregister_vpnmacaddr(eurephiaCTX *ctx, eurephiaSESSION *session, const cha // Register the user as logged out -int eDBregister_logout(eurephiaCTX *ctx, eurephiaSESSION *skey, +int eDBregister_logout(eurephiaCTX *ctx, eurephiaSESSION *skey, const char *bytes_sent, const char *bytes_received, const char *duration) { DEBUG(ctx, 10, "Function call: eDBregister_logout(ctx, '%s', %s, %s)", @@ -630,7 +635,8 @@ int eDBregister_logout(eurephiaCTX *ctx, eurephiaSESSION *skey, atoi_nullsafe(duration), skey->sessionke */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not update lastlog with logout information (%s)", + eurephia_log(ctx, LOG_FATAL, 0, + "Could not update lastlog with logout information (%s)", skey->sessionkey); return 0; } @@ -648,7 +654,7 @@ char *eDBget_sessionkey_seed(eurephiaCTX *ctx, const char *sessionseed) { DEBUG(ctx, 10, "eDBget_sessionkey(ctx, '%s')", sessionseed); if( sessionseed == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 1, + eurephia_log(ctx, LOG_FATAL, 1, "eDBget_sessionkey: No session seed given - cannot locate sessionkey"); return NULL; } @@ -662,7 +668,8 @@ char *eDBget_sessionkey_seed(eurephiaCTX *ctx, const char *sessionseed) { sessionseed */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0,"Could not retrieve sessionkey from openvpn_sessionkeys (%s)", + eurephia_log(ctx, LOG_FATAL, 0, + "Could not retrieve sessionkey from openvpn_sessionkeys (%s)", sessionseed); return NULL; } @@ -689,7 +696,7 @@ char *eDBget_sessionkey_macaddr(eurephiaCTX *ctx, const char *macaddr) { macaddr */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_FATAL, 0, "Could not remove session from database (MAC addr: %s)", macaddr); return 0; } @@ -706,7 +713,7 @@ int eDBcheck_sessionkey_uniqueness(eurephiaCTX *ctx, const char *seskey) { DEBUG(ctx, 10, "eDBcheck_sessionkey_uniqueness(ctx, '%s')", seskey); if( seskey == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 1, + eurephia_log(ctx, LOG_FATAL, 1, "eDBcheck_sessionkey_uniqness: Invalid session key given"); return 0; } @@ -716,7 +723,7 @@ int eDBcheck_sessionkey_uniqueness(eurephiaCTX *ctx, const char *seskey) { seskey */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_FATAL, 0, "eDBcheck_sessionkey_uniqness: Could not check uniqueness of sessionkey"); return 0; } @@ -731,7 +738,7 @@ int eDBregister_sessionkey(eurephiaCTX *ctx, const char *seed, const char *seske DEBUG(ctx, 10, "eDBregister_sessionkey(ctx, '%s', '%s')", seed, seskey); if( (seed == NULL) || (seskey == NULL) ) { - eurephia_log(ctx, LOG_CRITICAL, 1, + eurephia_log(ctx, LOG_FATAL, 1, "eDBregister_sessionkey: Invalid session seed or session key given"); return 0; } @@ -741,7 +748,7 @@ int eDBregister_sessionkey(eurephiaCTX *ctx, const char *seed, const char *seske seed, seskey */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_FATAL, 0, "eDBregister_sessionkey: Error registering sessionkey into openvpn_sessionkeys"); return 0; } @@ -754,7 +761,7 @@ int eDBremove_sessionkey(eurephiaCTX *ctx, const char *seskey) { DEBUG(ctx, 10, "eDBremove_sessionkey(ctx, '%s')", seskey); if( seskey == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 1, + eurephia_log(ctx, LOG_FATAL, 1, "eDBremove_sessionkey: Invalid session key given"); return 0; } @@ -764,7 +771,7 @@ int eDBremove_sessionkey(eurephiaCTX *ctx, const char *seskey) { seskey */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_FATAL, 0, "eDBremove_sessionkey: Error removing sessionkey from openvpn_sessionkeys"); return 0; } @@ -791,13 +798,13 @@ eurephiaVALUES *eDBload_sessiondata(eurephiaCTX *ctx, const char *sesskey) { */ if( /* IF WE GOT RECORDS IN THE QUERY */ ) { for( /* LOOP THROUGH ALL RECORDS */ ) { - eAdd_value(ctx, sessvals, + eAdd_value(ctx, sessvals, /* GET datakey FROM SQL RESULT */, /* GET dataval FROM SQL RESULT */); } /* FREE SQL RESULT */ } else { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_CRITICAL, 0, "Could not load session values for session '%s'", sesskey); } @@ -826,7 +833,7 @@ int eDBstore_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, int mode, session->sessionkey, key, val */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_FATAL, 0, "Could not register new session variable into database: [%s] %s = %s", session->sessionkey, key, val); return 0; @@ -840,7 +847,8 @@ int eDBstore_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, int mode, val, session->sessionkey, key */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not update session variable: [%s] %s = %s ", + eurephia_log(ctx, LOG_FATAL, 0, + "Could not update session variable: [%s] %s = %s ", session->sessionkey, key, val); return 0; } @@ -852,15 +860,17 @@ int eDBstore_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, int mode, session->sessionkey, key */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not delete session variable: [%s] %s", + eurephia_log(ctx, LOG_FATAL, 0, + "Could not delete session variable: [%s] %s", session->sessionkey, key); return 0; } break; default: - eurephia_log(ctx, LOG_FATAL, 0, "Unknown eDBstore_session_value mode '%i'", mode); - return 1; + eurephia_log(ctx, LOG_FATAL, 0, + "Unknown eDBstore_session_value mode '%i'", mode); + return 0; } /* FREE SQL RESULT */ return 1; @@ -885,7 +895,7 @@ int eDBdestroy_session(eurephiaCTX *ctx, eurephiaSESSION *session) { session->sessionkey */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_FATAL, 0, "Could not update session status in lastlog (%s))", session->sessionkey); return 0; } @@ -897,7 +907,7 @@ int eDBdestroy_session(eurephiaCTX *ctx, eurephiaSESSION *session) { session->sessionkey */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_FATAL, 0, "Could not delete session variables (%s))", session->sessionkey); return 0; } @@ -927,7 +937,8 @@ char *eDBget_firewall_profile(eurephiaCTX *ctx, eurephiaSESSION *session) session->sessionkey */ if( /* IF SQL QUERY FAILED */ ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not retrieve firewall profile for session '%s'", + eurephia_log(ctx, LOG_FATAL, 0, + "Could not retrieve firewall profile for session '%s'", session->sessionkey); return NULL; } @@ -935,4 +946,3 @@ char *eDBget_firewall_profile(eurephiaCTX *ctx, eurephiaSESSION *session) /* FREE SQL RESULT */ return ret; } - diff --git a/database/sqlite/eurephiadb-sqlite.c b/database/sqlite/eurephiadb-sqlite.c index 4fc7c5d..bdfbea5 100644 --- a/database/sqlite/eurephiadb-sqlite.c +++ b/database/sqlite/eurephiadb-sqlite.c @@ -84,7 +84,7 @@ void update_attempts(eurephiaCTX *ctx, const char *blid) { "UPDATE openvpn_blacklist " " SET last_accessed = CURRENT_TIMESTAMP WHERE blid = %q", blid); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_CRITICAL, 0, "Could not update openvpn_blacklist.last_accessed for blid=%s", blid); } sqlite_free_results(res); @@ -102,10 +102,6 @@ int eDBconnect(eurephiaCTX *ctx, const int argc, const char **argv) dbresult *res = NULL; int rc; -#ifdef MEMWATCH - mwStatistics(3); -#endif - DEBUG(ctx, 10, "Function call: eDBconnect(ctx, %i, '%s')", argc, argv[0]); if( (argc != 1) || (argv[0] == NULL) || (strlen(argv[0]) < 1) ) { @@ -122,7 +118,7 @@ int eDBconnect(eurephiaCTX *ctx, const int argc, const char **argv) rc = sqlite3_open(argv[0], (void *) &dbc->dbhandle); if( rc ) { - eurephia_log(ctx, LOG_FATAL, 0, "Could not open database '%s'", dbc->dbname); + eurephia_log(ctx, LOG_PANIC, 0, "Could not open database '%s'", dbc->dbname); free_nullsafe(dbc->dbname); free_nullsafe(dbc); return 0; @@ -166,7 +162,7 @@ void eDBdisconnect(eurephiaCTX *ctx) } dbc = ctx->dbc; - eurephia_log(ctx, LOG_INFO, 2, "Closing database '%s'", dbc->dbname); + eurephia_log(ctx, LOG_INFO, 1, "Closing database '%s'", dbc->dbname); // Close database connection sqlite3_close((sqlite3 *) dbc->dbhandle); @@ -190,7 +186,7 @@ int eDBauth_TLS(eurephiaCTX *ctx, const char *org, const char *cname, const char char *blid = NULL; DEBUG(ctx, 10, "Function call: eDBauth_TLS(ctx, '%s', '%s', '%s', '%s', %s)", - org, cname, email, digest, depth); + org, cname, email, digest, depth); // Check if certificate is valid, and not too many attempts has been tried with the given certificate res = sqlite_query(ctx, @@ -209,18 +205,18 @@ int eDBauth_TLS(eurephiaCTX *ctx, const char *org, const char *cname, const char // Check if we found certificate to be blacklisted or not. blid == NULL when NOT blacklisted if( blid == NULL ) { if( certid > 0 ) { - eurephia_log(ctx, LOG_INFO, 0, + eurephia_log(ctx, LOG_INFO, 0, "Found certid %i for user: %s/%s/%s", certid, org, cname, email); } else { - eurephia_log(ctx, LOG_INFO, 1, + eurephia_log(ctx, LOG_INFO, 1, "Unknown certificate for: %s/%s/%s (depth %s, digest: %s)", org, cname, email, depth, digest); } // Certificate is okay, certid contains the certificate ID } else { // If the certificate or IP is blacklisted, update status and deny access. - eurephia_log(ctx, LOG_WARNING, 1, + eurephia_log(ctx, LOG_WARNING, 0, "Attempt with BLACKLISTED certificate (certid %i)", certid); update_attempts(ctx, blid); certid = -1; @@ -250,7 +246,7 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const // Generate SHA1 hash of password, used for password auth crpwd = passwdhash(passwd); - res = sqlite_query(ctx, + res = sqlite_query(ctx, "SELECT uicid, ou.uid, activated, deactivated, bl1.blid, bl2.blid, " " (password = '%s') AS pwdok" " FROM openvpn_users ou" @@ -263,7 +259,7 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const crpwd, certid, username); free_nullsafe(crpwd); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_FATAL, 0, "Could not lookup user in database (certid %i, username '%s'", certid, username); return 0; } @@ -281,7 +277,7 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const uid, username); uicid = -1; } else if( blid_cert != NULL ) { - eurephia_log(ctx, LOG_WARNING, 0, + eurephia_log(ctx, LOG_WARNING, 0, "User account linked with a BLACKLISTED certificate " "(uid: %i, %s) - certid: %s", uid, username, certid); @@ -323,14 +319,14 @@ int eDBget_uid(eurephiaCTX *ctx, const int certid, const char *username) DEBUG(ctx, 10, "Function call: eDBget_uid(ctx, %i, '%s')", certid, username); - res = sqlite_query(ctx, + res = sqlite_query(ctx, "SELECT uid " " FROM openvpn_usercerts " " JOIN openvpn_users USING (uid) " " WHERE certid = '%i' AND username = '%q'", certid, username); if( (res == NULL) || (sqlite_get_numtuples(res) != 1) ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not lookup userid for user '%s'", username); + eurephia_log(ctx, LOG_FATAL, 0, "Could not lookup userid for user '%s'", username); ret = -1; } else { ret = atoi_nullsafe(sqlite_get_value(res, 0, 0)); @@ -351,7 +347,7 @@ int eDBblacklist_check(eurephiaCTX *ctx, const int type, const char *val) DEBUG(ctx, 10, "Function call: eDBblacklist_check(ctx, '%s', '%s')", eDBattempt_types[type].descr, val); - blr = sqlite_query(ctx, "SELECT blid FROM openvpn_blacklist WHERE %s = '%q'", + blr = sqlite_query(ctx, "SELECT blid FROM openvpn_blacklist WHERE %s = '%q'", eDBattempt_types[type].colname, val); if( blr != NULL ) { blid = strdup_nullsafe(sqlite_get_value(blr, 0, 0)); @@ -359,21 +355,21 @@ int eDBblacklist_check(eurephiaCTX *ctx, const int type, const char *val) blr = NULL; if( blid != NULL ) { - eurephia_log(ctx, LOG_WARNING, 1, "Attempt from blacklisted %s: %s", + eurephia_log(ctx, LOG_WARNING, 0, "Attempt from blacklisted %s: %s", eDBattempt_types[type].descr, val); blacklisted = 1; // [type] is blacklisted } // Update attempt information update_attempts(ctx, blid); } else { - eurephia_log(ctx, LOG_CRITICAL, 0, "Quering openvpn_blacklist for blacklisted %s", + eurephia_log(ctx, LOG_FATAL, 0, "Quering openvpn_blacklist for blacklisted %s failed", eDBattempt_types[type].descr); } if( blacklisted == 0 ) { // Check if this [type] has been attempted earlier - if it has reaced the maximum // attempt limit, blacklist it - atpr = sqlite_query(ctx, + atpr = sqlite_query(ctx, "SELECT atpid, attempts >= %q FROM openvpn_attempts WHERE %s = '%q'", eGet_value(ctx->dbc->config, eDBattempt_types[type].allow_cfg), eDBattempt_types[type].colname, val); @@ -386,14 +382,14 @@ int eDBblacklist_check(eurephiaCTX *ctx, const int type, const char *val) // If [type] has reached attempt limit and it is not black listed, black list it if( (atpexceed > 0) && (blid == NULL) ) { eurephia_log(ctx, LOG_WARNING, 0, - "%s got BLACKLISTED due to too many failed attempts: %s", + "%s got BLACKLISTED due to too many failed attempts: %s", eDBattempt_types[type].descr, val); blr = sqlite_query(ctx, - "INSERT INTO openvpn_blacklist (%s) VALUES ('%q')", + "INSERT INTO openvpn_blacklist (%s) VALUES ('%q')", eDBattempt_types[type].colname, val); if( blr == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, - "Could not blacklist %s (%s)", + eurephia_log(ctx, LOG_CRITICAL, 0, + "Could not blacklist %s (%s)", eDBattempt_types[type].descr, val); } sqlite_free_results(blr); @@ -437,7 +433,7 @@ void eDBregister_attempt(eurephiaCTX *ctx, int type, int mode, const char *value eDBattempt_types[type].colname, eDBattempt_types[type].colname, value); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not look up atpid in openvpn_attempts"); + eurephia_log(ctx, LOG_FATAL, 0, "Could not look up atpid in openvpn_attempts"); return; } @@ -512,7 +508,7 @@ int eDBregister_login(eurephiaCTX *ctx, eurephiaSESSION *skey, const int certid, skey->sessionkey, certid, uid, proto, remipaddr, remport, vpnipaddr, vpnipmask); if( skey->sessionstatus != SESSION_NEW ) { - eurephia_log(ctx, LOG_WARNING, 10, "Not a new session, will not register it again"); + eurephia_log(ctx, LOG_WARNING, 5, "Not a new session, will not register it again"); return 1; } @@ -524,7 +520,7 @@ int eDBregister_login(eurephiaCTX *ctx, eurephiaSESSION *skey, const int certid, "VALUES (%i, %i, '%q','%q','%q','%q','%q', 1,'%q', CURRENT_TIMESTAMP)", uid, certid, proto, remipaddr, remport, vpnipaddr, vpnipmask, skey->sessionkey); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not insert new session into openvpn_lastlog"); + eurephia_log(ctx, LOG_FATAL, 0, "Could not insert new session into openvpn_lastlog"); return 0; } sqlite_free_results(res); @@ -541,7 +537,7 @@ int eDBregister_vpnmacaddr(eurephiaCTX *ctx, eurephiaSESSION *session, const cha session->sessionkey, macaddr); if( macaddr == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "No MAC address was given to save"); + eurephia_log(ctx, LOG_FATAL, 0, "No MAC address was given to save"); return 0; } @@ -549,7 +545,7 @@ int eDBregister_vpnmacaddr(eurephiaCTX *ctx, eurephiaSESSION *session, const cha res = sqlite_query(ctx, "INSERT INTO openvpn_macaddr_history (sessionkey, macaddr) VALUES ('%q','%q')", session->sessionkey, macaddr); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Failed to log new MAC address for session"); + eurephia_log(ctx, LOG_FATAL, 0, "Failed to log new MAC address for session"); return 0; } sqlite_free_results(res); @@ -559,7 +555,7 @@ int eDBregister_vpnmacaddr(eurephiaCTX *ctx, eurephiaSESSION *session, const cha "UPDATE openvpn_lastlog SET sessionstatus = 2, macaddr = '%q' " " WHERE sessionkey = '%q' AND sessionstatus = 1", macaddr, session->sessionkey); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not update lastlog with new MAC address for session"); + eurephia_log(ctx, LOG_FATAL, 0, "Could not update lastlog with new MAC address for session"); return 0; } @@ -567,7 +563,7 @@ int eDBregister_vpnmacaddr(eurephiaCTX *ctx, eurephiaSESSION *session, const cha // Save the MAC address in the session values register - needed for the destroy session if( eDBset_session_value(ctx, session, "macaddr", macaddr) == 0 ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not save MAC address into session variables"); + eurephia_log(ctx, LOG_FATAL, 0, "Could not save MAC address into session variables"); return 0; } @@ -592,7 +588,7 @@ int eDBregister_logout(eurephiaCTX *ctx, eurephiaSESSION *skey, atoi_nullsafe(bytes_sent), atoi_nullsafe(bytes_received), atoi_nullsafe(duration), skey->sessionkey); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not update lastlog with logout information (%s)", + eurephia_log(ctx, LOG_FATAL, 0, "Could not update lastlog with logout information (%s)", skey->sessionkey); return 0; } @@ -611,7 +607,7 @@ char *eDBget_sessionkey_seed(eurephiaCTX *ctx, const char *sessionseed) { DEBUG(ctx, 10, "eDBget_sessionkey(ctx, '%s')", sessionseed); if( sessionseed == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 1, + eurephia_log(ctx, LOG_FATAL, 1, "eDBget_sessionkey: No session seed given - cannot locate sessionkey"); return NULL; } @@ -623,7 +619,7 @@ char *eDBget_sessionkey_seed(eurephiaCTX *ctx, const char *sessionseed) { " AND sessionseed = '%q'", sessionseed); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0,"Could not retrieve sessionkey from openvpn_sessionkeys (%s)", + eurephia_log(ctx, LOG_FATAL, 0,"Could not retrieve sessionkey from openvpn_sessionkeys (%s)", sessionseed); return NULL; } @@ -646,10 +642,10 @@ char *eDBget_sessionkey_macaddr(eurephiaCTX *ctx, const char *macaddr) { " FROM openvpn_sessions " " JOIN openvpn_lastlog USING (sessionkey)" " WHERE sessionstatus = 3 " - " AND datakey = 'macaddr' " + " AND datakey = 'macaddr'" " AND dataval = '%q'", macaddr); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_FATAL, 0, "Could not remove session from database (MAC addr: %s)", macaddr); return 0; } @@ -667,14 +663,16 @@ int eDBcheck_sessionkey_uniqueness(eurephiaCTX *ctx, const char *seskey) { DEBUG(ctx, 10, "eDBcheck_sessionkey_uniqueness(ctx, '%s')", seskey); if( seskey == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 1, + eurephia_log(ctx, LOG_FATAL, 1, "eDBcheck_sessionkey_uniqness: Invalid session key given"); return 0; } - res = sqlite_query(ctx, "SELECT count(sessionkey) = 0 FROM openvpn_lastlog WHERE sessionkey = '%q'", seskey); + res = sqlite_query(ctx, + "SELECT count(sessionkey) = 0 " + "FROM openvpn_lastlog WHERE sessionkey = '%q'", seskey); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_FATAL, 0, "eDBcheck_sessionkey_uniqness: Could not check uniqueness of sessionkey"); return 0; } @@ -690,16 +688,16 @@ int eDBregister_sessionkey(eurephiaCTX *ctx, const char *seed, const char *seske DEBUG(ctx, 10, "eDBregister_sessionkey(ctx, '%s', '%s')", seed, seskey); if( (seed == NULL) || (seskey == NULL) ) { - eurephia_log(ctx, LOG_CRITICAL, 1, + eurephia_log(ctx, LOG_FATAL, 1, "eDBregister_sessionkey: Invalid session seed or session key given"); return 0; } - res = sqlite_query(ctx, + res = sqlite_query(ctx, "INSERT INTO openvpn_sessionkeys (sessionseed, sessionkey) VALUES('%q','%q')", seed, seskey); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_FATAL, 0, "eDBregister_sessionkey: Error registering sessionkey into openvpn_sessionkeys"); return 0; } @@ -713,14 +711,14 @@ int eDBremove_sessionkey(eurephiaCTX *ctx, const char *seskey) { DEBUG(ctx, 10, "eDBremove_sessionkey(ctx, '%s')", seskey); if( seskey == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 1, + eurephia_log(ctx, LOG_FATAL, 1, "eDBremove_sessionkey: Invalid session key given"); return 0; } res = sqlite_query(ctx, "DELETE FROM openvpn_sessionkeys WHERE sessionkey = '%q'", seskey); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_FATAL, 0, "eDBremove_sessionkey: Error removing sessionkey from openvpn_sessionkeys"); return 0; } @@ -742,7 +740,7 @@ eurephiaVALUES *eDBload_sessiondata(eurephiaCTX *ctx, const char *sesskey) { sessvals = eCreate_value_space(ctx, 10); - res = sqlite_query(ctx, "SELECT datakey, dataval FROM openvpn_sessions WHERE sessionkey = '%q'", + res = sqlite_query(ctx, "SELECT datakey, dataval FROM openvpn_sessions WHERE sessionkey = '%q'", sesskey); if( (res != NULL) || (sqlite_get_numtuples(res) > 0) ) { for( i = 0; i < sqlite_get_numtuples(res); i++ ) { @@ -751,7 +749,7 @@ eurephiaVALUES *eDBload_sessiondata(eurephiaCTX *ctx, const char *sesskey) { sqlite_get_value(res, i, 1)); } } else { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_CRITICAL, 0, "Could not load session values for session '%s'", sesskey); } @@ -776,11 +774,11 @@ int eDBstore_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, int mode, switch( mode ) { case SESSVAL_NEW: - res = sqlite_query(ctx, + res = sqlite_query(ctx, "INSERT INTO openvpn_sessions (sessionkey, datakey, dataval) " "VALUES ('%q','%q','%q')", session->sessionkey, key, val); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_FATAL, 0, "Could not register new session variable into database: [%s] %s = %s", session->sessionkey, key, val); return 0; @@ -788,21 +786,24 @@ int eDBstore_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, int mode, break; case SESSVAL_UPDATE: - res = sqlite_query(ctx, + res = sqlite_query(ctx, "UPDATE openvpn_sessions SET dataval = '%q' " - " WHERE sessionkey = '%q' AND datakey = '%q'", val, session->sessionkey, key); + " WHERE sessionkey = '%q' AND datakey = '%q'", + val, session->sessionkey, key); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not update session variable: [%s] %s = %s ", + eurephia_log(ctx, LOG_FATAL, 0, "Could not update session variable: [%s] %s = %s ", session->sessionkey, key, val); return 0; } break; case SESSVAL_DELETE: - res = sqlite_query(ctx, "DELETE FROM openvpn_sessions WHERE sessionkey = '%q' AND datakey = '%q'", - session->sessionkey, key); + res = sqlite_query(ctx, + "DELETE FROM openvpn_sessions " + " WHERE sessionkey = '%q' AND datakey = '%q'", + session->sessionkey, key); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not delete session variable: [%s] %s", + eurephia_log(ctx, LOG_FATAL, 0, "Could not delete session variable: [%s] %s", session->sessionkey, key); return 0; } @@ -810,7 +811,7 @@ int eDBstore_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, int mode, default: eurephia_log(ctx, LOG_FATAL, 0, "Unknown eDBstore_session_value mode '%i'", mode); - return 1; + return 0; } sqlite_free_results(res); return 1; @@ -829,12 +830,12 @@ int eDBdestroy_session(eurephiaCTX *ctx, eurephiaSESSION *session) { } // Update session status - res = sqlite_query(ctx, + res = sqlite_query(ctx, "UPDATE openvpn_lastlog " " SET sessionstatus = 4, session_deleted = CURRENT_TIMESTAMP " " WHERE sessionkey = '%q' AND sessionstatus = 3", session->sessionkey); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_FATAL, 0, "Could not update session status in lastlog (%s))", session->sessionkey); return 0; } @@ -843,7 +844,7 @@ int eDBdestroy_session(eurephiaCTX *ctx, eurephiaSESSION *session) { // Delete session variables res = sqlite_query(ctx, "DELETE FROM openvpn_sessions WHERE sessionkey = '%q'", session->sessionkey); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, + eurephia_log(ctx, LOG_FATAL, 0, "Could not delete session variables (%s))", session->sessionkey); return 0; } @@ -865,14 +866,14 @@ char *eDBget_firewall_profile(eurephiaCTX *ctx, eurephiaSESSION *session) DEBUG(ctx, 10, "Function call: eDBget_firewall_profile(ctx, {session}'%s')", session->sessionkey); - res = sqlite_query(ctx, + res = sqlite_query(ctx, "SELECT fw_profile " " FROM openvpn_lastlog " " JOIN openvpn_usercerts USING(certid, uid)" " JOIN openvpn_accesses USING(accessprofile)" " WHERE sessionkey = '%q'", session->sessionkey); if( res == NULL ) { - eurephia_log(ctx, LOG_CRITICAL, 0, "Could not retrieve firewall profile for session '%s'", + eurephia_log(ctx, LOG_FATAL, 0, "Could not retrieve firewall profile for session '%s'", session->sessionkey); return NULL; } @@ -880,4 +881,3 @@ char *eDBget_firewall_profile(eurephiaCTX *ctx, eurephiaSESSION *session) sqlite_free_results(res); return ret; } - |