From b6f246bb5470ddfd0309769ec908d1fbad7c322d Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Wed, 8 Oct 2008 07:40:03 +0200 Subject: Moved TLS authentication logging from database module to eurephia.c Also differentiated log level from user certs (depth == 0) and other depths. --- database/eurephiadb-driver_template.c | 17 +++-------------- database/sqlite/eurephiadb-sqlite.c | 15 ++------------- eurephia.c | 11 ++++++++++- 3 files changed, 15 insertions(+), 28 deletions(-) diff --git a/database/eurephiadb-driver_template.c b/database/eurephiadb-driver_template.c index fc67510..d237c00 100644 --- a/database/eurephiadb-driver_template.c +++ b/database/eurephiadb-driver_template.c @@ -222,24 +222,13 @@ int eDBauth_TLS(eurephiaCTX *ctx, const char *org, const char *cname, const char org, cname, email, depth, digest */ - if( /*IF WE GOT A RESULT */ ) { + if( /* IF WE GOT A RESULT */ ) { certid = atoi_nullsafe(/* GET cert.certid FROM SQL RESULT */); blid = atoi_nullsafe(/* GET blid FROM SQL RESULT */); /* FREE SQL RESULT */ - // Check if we found certificate to be blacklisted or not. blid == NULL when NOT blacklisted - if( blid == NULL ) { - if( certid > 0 ) { - eurephia_log(ctx, LOG_INFO, 0, - "Found certid %i for user: %s/%s/%s", - certid, org, cname, email); - } else { - eurephia_log(ctx, LOG_INFO, 1, - "Unknown certificate for: %s/%s/%s (depth %s, digest: %s)", - org, cname, email, depth, digest); - } - // Certificate is okay, certid contains the certificate ID - } else { + // Check if the certificate is blacklisted or not. blid != NULL when blacklisted + if( blid != NULL ) { // If the certificate or IP is blacklisted, update status and deny access. eurephia_log(ctx, LOG_WARNING, 0, "Attempt with BLACKLISTED certificate (certid %i)", certid); diff --git a/database/sqlite/eurephiadb-sqlite.c b/database/sqlite/eurephiadb-sqlite.c index 8fcbd65..1424ffd 100644 --- a/database/sqlite/eurephiadb-sqlite.c +++ b/database/sqlite/eurephiadb-sqlite.c @@ -202,19 +202,8 @@ int eDBauth_TLS(eurephiaCTX *ctx, const char *org, const char *cname, const char blid = strdup_nullsafe(sqlite_get_value(res, 0, 1)); sqlite_free_results(res); - // Check if we found certificate to be blacklisted or not. blid == NULL when NOT blacklisted - if( blid == NULL ) { - if( certid > 0 ) { - eurephia_log(ctx, LOG_INFO, 0, - "Found certid %i for user: %s/%s/%s", - certid, org, cname, email); - } else { - eurephia_log(ctx, LOG_INFO, 1, - "Unknown certificate for: %s/%s/%s (depth %s, digest: %s)", - org, cname, email, depth, digest); - } - // Certificate is okay, certid contains the certificate ID - } else { + // Check if the certificate is blacklisted or not. blid != NULL when blacklisted + if( blid != NULL ) { // If the certificate or IP is blacklisted, update status and deny access. eurephia_log(ctx, LOG_WARNING, 0, "Attempt with BLACKLISTED certificate (certid %i)", certid); diff --git a/eurephia.c b/eurephia.c index 82aa183..5832a02 100644 --- a/eurephia.c +++ b/eurephia.c @@ -276,12 +276,21 @@ int eurephia_tlsverify(eurephiaCTX *ctx, const char **env, const char *depth) eDBregister_attempt(ctx, attempt_IPADDR, ATTEMPT_REGISTER, ipaddr); eDBregister_attempt(ctx, attempt_CERTIFICATE, ATTEMPT_REGISTER, tls_digest); } - free_certinfo(ci); if( result > 0 ) { + // Certificate is okay, result contains the certificate ID + eurephia_log(ctx, LOG_INFO, (depth == 0 ? 0 : 1), + "Found certid %i for user: %s/%s/%s", + result, ci->org, ci->common_name, ci->email); + // Reset attempt counter for certificate if it is okey eDBregister_attempt(ctx, attempt_CERTIFICATE, ATTEMPT_RESET, tls_digest); + } else { + eurephia_log(ctx, LOG_WARNING, 0, + "Unknown certificate for: %s/%s/%s (depth %s, digest: %s)", + ci->org, ci->common_name, ci->email, depth, tls_digest); } + free_certinfo(ci); DEBUG(ctx, 10, "** Function result: eurephia_tlsverify(...) == %i", result > 0); return (result > 0); -- cgit