GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 00:37:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

add part of the session ID in logs to differentiate them

Browse Source
This commit is contained in:
Nikos Mavrogiannopoulos
2015-02-21 17:13:25 +01:00
parent 39494d54ed
commit f1bc754169
3 changed files with 25 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
src/sec-mod-auth.c
View File

@@ -198,8 +198,8 @@ static int check_user_group_status(sec_mod_st * sec, client_entry_st * e,
if (e->auth_type & AUTH_TYPE_CERTIFICATE) {
if (tls_auth_ok == 0) {
seclog(sec, LOG_INFO, "user '%s' presented no certificate",
e->username);
seclog(sec, LOG_INFO, "user %s (session: %s) presented no certificate",
e->username, e->printable_sid);
return -1;
}
@@ -217,8 +217,8 @@ static int check_user_group_status(sec_mod_st * sec, client_entry_st * e,
} else {
if (sec->config->cert_user_oid != NULL && cert_user && strcmp(e->username, cert_user) != 0) {
seclog(sec, LOG_INFO,
"user '%s' presented a certificate from user '%s'",
e->username, cert_user);
"user '%s' (session: %s) presented a certificate from user '%s'",
e->username, e->printable_sid, cert_user);
return -1;
}
@@ -232,8 +232,8 @@ static int check_user_group_status(sec_mod_st * sec, client_entry_st * e,
}
if (found == 0) {
seclog(sec, LOG_INFO,
"user '%s' presented a certificate from group '%s' but he isn't a member of it",
e->username, e->groupname);
"user '%s' (session: %s) presented a certificate from group '%s' but he isn't a member of it",
e->username, e->printable_sid, e->groupname);
return -1;
}
}
@@ -372,7 +372,7 @@ int handle_sec_auth_session_cmd(int cfd, sec_mod_st *sec, const SecAuthSessionMs
if (rep.reply == AUTH__REP__OK && sec->config_module && sec->config_module->get_sup_config) {
ret = sec->config_module->get_sup_config(sec->config, e, &rep, lpool);
if (ret < 0) {
seclog(sec, LOG_ERR, "error reading additional configuration for '%s'", e->username);
seclog(sec, LOG_ERR, "error reading additional configuration for '%s' (session: %s)", e->username, e->printable_sid);
talloc_free(lpool);
return ERR_READ_CONFIG;
}
@@ -387,16 +387,16 @@ int handle_sec_auth_session_cmd(int cfd, sec_mod_st *sec, const SecAuthSessionMs
talloc_free(lpool);
if (rep.reply != AUTH__REP__OK) {
seclog(sec, LOG_INFO, "denied open session for %s", e->username);
seclog(sec, LOG_INFO, "denied open session for user '%s' (session: %s)", e->username, e->printable_sid);
del_client_entry(sec, e);
} else { /* set expiration time to unlimited (until someone closes the session) */
seclog(sec, LOG_INFO, "initiating session for %s", e->username);
seclog(sec, LOG_INFO, "initiating session for user '%s' (session: %s)", e->username, e->printable_sid);
e->time = -1;
e->in_use++;
}
} else { /* CLOSE */
seclog(sec, LOG_INFO, "temporarily closing session for %s", e->username);
seclog(sec, LOG_INFO, "temporarily closing session for %s (session: %s)", e->username, e->printable_sid);
if (req->has_uptime && req->uptime > e->stats.uptime) {
e->stats.uptime = req->uptime;
@@ -479,11 +479,11 @@ int handle_sec_auth_cont(int cfd, sec_mod_st * sec, const SecAuthContMsg * req)
goto cleanup;
}
seclog(sec, LOG_DEBUG, "auth cont for user '%s'", e->username);
seclog(sec, LOG_DEBUG, "auth cont for user '%s' (session: %s)", e->username, e->printable_sid);
if (req->password == NULL) {
seclog(sec, LOG_ERR, "no password given in auth cont for user '%s'",
e->username);
seclog(sec, LOG_ERR, "no password given in auth cont for user '%s' (session: %s)",
e->username, e->printable_sid);
ret = -1;
goto cleanup;
}
@@ -501,8 +501,8 @@ int handle_sec_auth_cont(int cfd, sec_mod_st * sec, const SecAuthContMsg * req)
strlen(req->password));
if (ret < 0) {
seclog(sec, LOG_DEBUG,
"error in password given in auth cont for user '%s'",
e->username);
"error in password given in auth cont for user '%s' (session: %s)",
e->username, e->printable_sid);
goto cleanup;
}
@@ -552,7 +552,7 @@ int handle_sec_auth_init(int cfd, sec_mod_st * sec, const SecAuthInitMsg * req)
}
if (e->status != PS_AUTH_INACTIVE) {
seclog(sec, LOG_ERR, "auth init received for '%s' but we are on state %u!", e->username, e->status);
seclog(sec, LOG_ERR, "auth init received for '%s' (session: %s), but we are on state %u!", e->username, e->printable_sid, e->status);
return -1;
}
@@ -620,9 +620,9 @@ int handle_sec_auth_init(int cfd, sec_mod_st * sec, const SecAuthInitMsg * req)
}
e->status = PS_AUTH_INIT;
seclog(sec, LOG_DEBUG, "auth init %sfor user '%s' (group: '%s') from '%s'",
seclog(sec, LOG_DEBUG, "auth init %sfor user '%s' (session: %s) of group: '%s' from '%s'",
req->tls_auth_ok?"(with cert) ":"",
e->username, e->groupname, req->ip);
e->username, e->printable_sid, e->groupname, req->ip);
if (need_continue != 0) {
ret = ERR_AUTH_CONTINUE;
@@ -639,7 +639,7 @@ void sec_auth_user_deinit(sec_mod_st * sec, client_entry_st * e)
if (e->module == NULL)
return;
seclog(sec, LOG_DEBUG, "permamently closing session of user '%s'", e->username);
seclog(sec, LOG_DEBUG, "permamently closing session of user '%s' (session: %s)", e->username, e->printable_sid);
if (e->auth_ctx != NULL) {
if (e->module->close_session)
e->module->close_session(e->auth_ctx, &e->stats);

2
src/sec-mod-db.c
View File

@@ -100,6 +100,8 @@ client_entry_st *new_client_entry(sec_mod_st *sec, const char *ip)
seclog(sec, LOG_ERR, "error generating SID");
goto fail;
}
snprintf(e->printable_sid, sizeof(e->printable_sid), "%.2x%.2x%.2x",
(unsigned) e->sid[0], (unsigned) e->sid[1], (unsigned) e->sid[2]);
e->time = time(0);
if (htable_add(db, rehash(e, NULL), e) == 0) {

4
src/sec-mod.h
View File

@@ -51,6 +51,10 @@ typedef struct client_entry_st {
* sessions.
*/
uint8_t sid[SID_SIZE];
/* a part of sid used in the logs to differentiate the session */
char printable_sid[7];
void * auth_ctx; /* the context of authentication */
unsigned in_use; /* counter of users of this structure */
unsigned tls_auth_ok;