mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2026-02-10 08:46:58 +08:00
Added the --http-debug option to ocserv to avoid printing full HTTP messages to normal debug mode.
This commit is contained in:
Nikos Mavrogiannopoulos
@@ -132,7 +132,7 @@ socket-file = /var/run/ocserv-socket
|
||||
# The user the worker processes will be run as. It should be
|
||||
# unique (no other services run as this user).
|
||||
run-as-user = nobody
|
||||
run-as-group = nogroup
|
||||
run-as-group = nobody
|
||||
|
||||
# Network settings
|
||||
|
||||
|
||||
@@ -475,6 +475,9 @@ int cmd_parser (int argc, char **argv, struct cfg_st* config)
|
||||
if (HAVE_OPT(TLS_DEBUG))
|
||||
config->tls_debug = 1;
|
||||
|
||||
if (HAVE_OPT(HTTP_DEBUG))
|
||||
config->http_debug = 1;
|
||||
|
||||
if (HAVE_OPT(DEBUG))
|
||||
config->debug = 1;
|
||||
|
||||
|
||||
14
src/log.c
14
src/log.c
@@ -74,6 +74,13 @@ void __attribute__ ((format(printf, 3, 4)))
|
||||
if (priority == LOG_DEBUG && ws->config->debug == 0)
|
||||
return;
|
||||
|
||||
if (priority == LOG_HTTP_DEBUG) {
|
||||
if (ws->config->http_debug == 0)
|
||||
return;
|
||||
else
|
||||
priority = LOG_INFO;
|
||||
}
|
||||
|
||||
ip = human_addr((void*)&ws->remote_addr, ws->remote_addr_len,
|
||||
ipbuf, sizeof(ipbuf));
|
||||
|
||||
@@ -103,6 +110,13 @@ void __attribute__ ((format(printf, 4, 5)))
|
||||
if (priority == LOG_DEBUG && s->config->debug == 0)
|
||||
return;
|
||||
|
||||
if (priority == LOG_HTTP_DEBUG) {
|
||||
if (s->config->http_debug == 0)
|
||||
return;
|
||||
else
|
||||
priority = LOG_DEBUG;
|
||||
}
|
||||
|
||||
if (proc) {
|
||||
ip = human_addr((void*)&proc->remote_addr, proc->remote_addr_len,
|
||||
ipbuf, sizeof(ipbuf));
|
||||
|
||||
@@ -691,7 +691,7 @@ int main(int argc, char** argv)
|
||||
|
||||
flags = LOG_PID|LOG_NDELAY;
|
||||
#ifdef LOG_PERROR
|
||||
if (config.debug != 0)
|
||||
if (config.debug != 0 || config.http_debug != 0 || config.tls_debug != 0)
|
||||
flags |= LOG_PERROR;
|
||||
#endif
|
||||
openlog("ocserv", flags, LOG_DAEMON);
|
||||
|
||||
@@ -38,6 +38,12 @@ flag = {
|
||||
doc = "";
|
||||
};
|
||||
|
||||
flag = {
|
||||
name = http-debug;
|
||||
descrip = "Enable verbose HTTP debugging information";
|
||||
doc = "";
|
||||
};
|
||||
|
||||
flag = {
|
||||
name = debug;
|
||||
value = d;
|
||||
|
||||
@@ -73,6 +73,8 @@ extern int syslog_open;
|
||||
#define ERR_EXEC -10
|
||||
#define ERR_WORKER_TERMINATED -11
|
||||
|
||||
#define LOG_HTTP_DEBUG 2048
|
||||
|
||||
typedef struct
|
||||
{
|
||||
struct htable ht;
|
||||
@@ -151,6 +153,7 @@ struct cfg_st {
|
||||
unsigned dpd;
|
||||
unsigned foreground;
|
||||
unsigned tls_debug;
|
||||
unsigned http_debug;
|
||||
unsigned debug;
|
||||
unsigned max_clients;
|
||||
unsigned max_same_clients;
|
||||
|
||||
@@ -638,7 +638,7 @@ int read_user_pass(worker_st *ws, char* body, unsigned body_length, char** usern
|
||||
char *p;
|
||||
|
||||
if (memmem(body, body_length, "<?xml", 5) != 0) {
|
||||
oclog(ws, LOG_DEBUG, "POST body: '%.*s'", body_length, body);
|
||||
oclog(ws, LOG_HTTP_DEBUG, "POST body: '%.*s'", body_length, body);
|
||||
|
||||
if (username != NULL) {
|
||||
/* body should contain <username>test</username><password>test</password> */
|
||||
|
||||
@@ -47,7 +47,7 @@ int get_config_handler(worker_st *ws, unsigned http_ver)
|
||||
int ret;
|
||||
struct stat st;
|
||||
|
||||
oclog(ws, LOG_DEBUG, "requested config: %s", ws->req.url);
|
||||
oclog(ws, LOG_HTTP_DEBUG, "requested config: %s", ws->req.url);
|
||||
if (ws->config->xml_config_file == NULL) {
|
||||
oclog(ws, LOG_INFO, "requested config but no config file is set");
|
||||
tls_printf(ws->session, "HTTP/1.%u 404 Not found\r\n", http_ver);
|
||||
@@ -108,7 +108,7 @@ int ret;
|
||||
const char *data;
|
||||
int len;
|
||||
|
||||
oclog(ws, LOG_DEBUG, "requested fixed string: %s", ws->req.url);
|
||||
oclog(ws, LOG_HTTP_DEBUG, "requested fixed string: %s", ws->req.url);
|
||||
if (!strcmp(ws->req.url, "/2/binaries/update.txt")) {
|
||||
data = VPN_VERSION;
|
||||
len = sizeof(VPN_VERSION)-1;
|
||||
@@ -158,7 +158,7 @@ int ret;
|
||||
const char *data;
|
||||
int len;
|
||||
|
||||
oclog(ws, LOG_DEBUG, "requested downloader: %s", ws->req.url);
|
||||
oclog(ws, LOG_HTTP_DEBUG, "requested downloader: %s", ws->req.url);
|
||||
|
||||
data = SH_SCRIPT;
|
||||
len = sizeof(SH_SCRIPT)-1;
|
||||
|
||||
@@ -188,7 +188,7 @@ char * str;
|
||||
if (req->value.length <= 0)
|
||||
return;
|
||||
|
||||
oclog(ws, LOG_DEBUG, "HTTP: %.*s: %.*s", (int)req->header.length, req->header.data,
|
||||
oclog(ws, LOG_HTTP_DEBUG, "HTTP: %.*s: %.*s", (int)req->header.length, req->header.data,
|
||||
(int)req->value.length, req->value.data);
|
||||
|
||||
switch (req->next_header) {
|
||||
@@ -609,7 +609,7 @@ restart:
|
||||
} while(ws->req.headers_complete == 0);
|
||||
|
||||
if (parser.method == HTTP_GET) {
|
||||
oclog(ws, LOG_DEBUG, "HTTP GET %s", ws->req.url);
|
||||
oclog(ws, LOG_HTTP_DEBUG, "HTTP GET %s", ws->req.url);
|
||||
fn = get_url_handler(ws->req.url);
|
||||
if (fn == NULL) {
|
||||
oclog(ws, LOG_INFO, "unexpected URL %s", ws->req.url);
|
||||
@@ -622,7 +622,7 @@ restart:
|
||||
|
||||
} else if (parser.method == HTTP_POST) {
|
||||
/* continue reading */
|
||||
oclog(ws, LOG_DEBUG, "HTTP POST %s", ws->req.url);
|
||||
oclog(ws, LOG_HTTP_DEBUG, "HTTP POST %s", ws->req.url);
|
||||
while(ws->req.message_complete == 0) {
|
||||
nrecvd = tls_recv(session, buf, sizeof(buf));
|
||||
GNUTLS_FATAL_ERR(nrecvd);
|
||||
@@ -646,7 +646,7 @@ restart:
|
||||
goto restart;
|
||||
|
||||
} else if (parser.method == HTTP_CONNECT) {
|
||||
oclog(ws, LOG_DEBUG, "HTTP CONNECT %s", ws->req.url);
|
||||
oclog(ws, LOG_HTTP_DEBUG, "HTTP CONNECT %s", ws->req.url);
|
||||
ret = connect_handler(ws);
|
||||
if (ret == 0 && (parser.http_major != 1 || parser.http_minor != 0))
|
||||
goto restart;
|
||||
|
||||
Reference in New Issue
Block a user