1 | /* |
---|
2 | * Logging and error handling for the remctld server. |
---|
3 | * |
---|
4 | * A set of helper routines to do error handling and other logging for |
---|
5 | * remctld, mostly wrappers around warn and die which will send errors to the |
---|
6 | * right place. |
---|
7 | * |
---|
8 | * Written by Russ Allbery <rra@stanford.edu> |
---|
9 | * Copyright 2006, 2007, 2008 |
---|
10 | * Board of Trustees, Leland Stanford Jr. University |
---|
11 | * |
---|
12 | * See LICENSE for licensing terms. |
---|
13 | */ |
---|
14 | |
---|
15 | #include <config.h> |
---|
16 | #include <portable/system.h> |
---|
17 | #include <portable/gssapi.h> |
---|
18 | #include <portable/socket.h> |
---|
19 | #include <portable/uio.h> |
---|
20 | |
---|
21 | #include <errno.h> |
---|
22 | |
---|
23 | #include <server/internal.h> |
---|
24 | #include <util/util.h> |
---|
25 | |
---|
26 | /* |
---|
27 | * Report a GSS-API failure using warn. |
---|
28 | */ |
---|
29 | void |
---|
30 | warn_gssapi(const char *error, OM_uint32 major, OM_uint32 minor) |
---|
31 | { |
---|
32 | char *string; |
---|
33 | |
---|
34 | string = gssapi_error_string(error, major, minor); |
---|
35 | warn("%s", string); |
---|
36 | free(string); |
---|
37 | } |
---|
38 | |
---|
39 | |
---|
40 | /* |
---|
41 | * Report a token error using warn. |
---|
42 | */ |
---|
43 | void |
---|
44 | warn_token(const char *error, int status, OM_uint32 major, OM_uint32 minor) |
---|
45 | { |
---|
46 | switch (status) { |
---|
47 | case TOKEN_OK: |
---|
48 | warn("error %s", error); |
---|
49 | break; |
---|
50 | case TOKEN_FAIL_SYSTEM: |
---|
51 | syswarn("error %s", error); |
---|
52 | break; |
---|
53 | case TOKEN_FAIL_SOCKET: |
---|
54 | warn("error %s: %s", error, socket_strerror(socket_errno)); |
---|
55 | break; |
---|
56 | case TOKEN_FAIL_INVALID: |
---|
57 | warn("error %s: invalid token format", error); |
---|
58 | break; |
---|
59 | case TOKEN_FAIL_LARGE: |
---|
60 | warn("error %s: token too large", error); |
---|
61 | break; |
---|
62 | case TOKEN_FAIL_EOF: |
---|
63 | warn("error %s: unexpected end of file", error); |
---|
64 | break; |
---|
65 | case TOKEN_FAIL_GSSAPI: |
---|
66 | warn_gssapi(error, major, minor); |
---|
67 | break; |
---|
68 | default: |
---|
69 | warn("error %s: unknown error", error); |
---|
70 | break; |
---|
71 | } |
---|
72 | } |
---|
73 | |
---|
74 | |
---|
75 | /* |
---|
76 | * Log a command. Takes the argument vector, the configuration line that |
---|
77 | * matched the command, and the principal running the command. |
---|
78 | */ |
---|
79 | void |
---|
80 | server_log_command(struct iovec **argv, struct confline *cline, |
---|
81 | const char *user) |
---|
82 | { |
---|
83 | char *command, *p; |
---|
84 | unsigned int i; |
---|
85 | unsigned int *j; |
---|
86 | struct vector *masked; |
---|
87 | const char *arg; |
---|
88 | |
---|
89 | masked = vector_new(); |
---|
90 | for (i = 0; argv[i] != NULL; i++) { |
---|
91 | arg = NULL; |
---|
92 | if (cline != NULL) { |
---|
93 | if (cline->logmask != NULL) |
---|
94 | for (j = cline->logmask; *j != 0; j++) { |
---|
95 | if (*j == i) { |
---|
96 | arg = "**MASKED**"; |
---|
97 | break; |
---|
98 | } |
---|
99 | } |
---|
100 | if (i > 0 |
---|
101 | && (cline->stdin_arg == (long) i |
---|
102 | || (cline->stdin_arg == -1 && argv[i + 1] == NULL))) { |
---|
103 | arg = "**DATA**"; |
---|
104 | } |
---|
105 | } |
---|
106 | if (arg != NULL) |
---|
107 | vector_add(masked, arg); |
---|
108 | else |
---|
109 | vector_addn(masked, argv[i]->iov_base, argv[i]->iov_len); |
---|
110 | } |
---|
111 | command = vector_join(masked, " "); |
---|
112 | vector_free(masked); |
---|
113 | |
---|
114 | /* Replace non-printable characters with . when logging. */ |
---|
115 | for (p = command; *p != '\0'; p++) |
---|
116 | if (*p < 9 || (*p > 9 && *p < 32) || *p == 127) |
---|
117 | *p = '.'; |
---|
118 | notice("COMMAND from %s: %s", user, command); |
---|
119 | free(command); |
---|
120 | } |
---|