mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 12:23:32 +01:00
finish enforcing the log convention
svn:r494
This commit is contained in:
parent
ab8bceb27a
commit
bf10a3c0f1
@ -211,17 +211,17 @@ crypto_create_init_cipher(int cipher_type, char *key, char *iv, int encrypt_mode
|
||||
crypto_cipher_env_t *crypto = NULL;
|
||||
|
||||
if (! (crypto = crypto_new_cipher_env(cipher_type))) {
|
||||
log_fn(LOG_ERR, "Unable to allocate crypto object");
|
||||
log_fn(LOG_WARNING, "Unable to allocate crypto object");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (crypto_cipher_set_key(crypto, key)) {
|
||||
log_fn(LOG_ERR, "Unable to set key: %s", crypto_perror());
|
||||
log_fn(LOG_WARNING, "Unable to set key: %s", crypto_perror());
|
||||
goto error;
|
||||
}
|
||||
|
||||
if (crypto_cipher_set_iv(crypto, iv)) {
|
||||
log_fn(LOG_ERR, "Unable to set iv: %s", crypto_perror());
|
||||
log_fn(LOG_WARNING, "Unable to set iv: %s", crypto_perror());
|
||||
goto error;
|
||||
}
|
||||
|
||||
@ -231,7 +231,7 @@ crypto_create_init_cipher(int cipher_type, char *key, char *iv, int encrypt_mode
|
||||
r = crypto_cipher_decrypt_init_cipher(crypto);
|
||||
|
||||
if (r) {
|
||||
log_fn(LOG_ERR, "Unable to initialize cipher: %s", crypto_perror());
|
||||
log_fn(LOG_WARNING, "Unable to initialize cipher: %s", crypto_perror());
|
||||
goto error;
|
||||
}
|
||||
return crypto;
|
||||
@ -352,45 +352,38 @@ int crypto_pk_read_private_key_from_file(crypto_pk_env_t *env, FILE *src)
|
||||
int crypto_pk_read_private_key_from_filename(crypto_pk_env_t *env, const char *keyfile)
|
||||
{
|
||||
FILE *f_pr;
|
||||
int retval = 0;
|
||||
|
||||
assert(env && keyfile);
|
||||
|
||||
if (strspn(keyfile,CONFIG_LEGAL_FILENAME_CHARACTERS) == strlen(keyfile)) /* filename contains legal characters only */
|
||||
{
|
||||
/* open the keyfile */
|
||||
f_pr=fopen(keyfile,"rb");
|
||||
if (!f_pr)
|
||||
return -1;
|
||||
|
||||
/* read the private key */
|
||||
retval = crypto_pk_read_private_key_from_file(env, f_pr);
|
||||
fclose(f_pr);
|
||||
if (retval == -1)
|
||||
{
|
||||
log_fn(LOG_ERR,"Error reading private key : %s",crypto_perror());
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* check the private key */
|
||||
retval = crypto_pk_check_key(env);
|
||||
if (retval == 0)
|
||||
{
|
||||
log_fn(LOG_ERR,"Private key read but is invalid : %s.", crypto_perror());
|
||||
return -1;
|
||||
}
|
||||
else if (retval == -1)
|
||||
{
|
||||
log_fn(LOG_ERR,"Private key read but validity checking failed : %s",crypto_perror());
|
||||
return -1;
|
||||
}
|
||||
else if (retval == 1)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
} /* filename contains legal characters only */
|
||||
if(strspn(keyfile,CONFIG_LEGAL_FILENAME_CHARACTERS) != strlen(keyfile)) {
|
||||
/* filename contains nonlegal characters */
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* open the keyfile */
|
||||
f_pr=fopen(keyfile,"rb");
|
||||
if (!f_pr)
|
||||
return -1;
|
||||
|
||||
return -1; /* report error */
|
||||
/* read the private key */
|
||||
if(crypto_pk_read_private_key_from_file(env, f_pr) < 0) {
|
||||
log_fn(LOG_WARNING,"Error reading private key : %s",crypto_perror());
|
||||
fclose(f_pr);
|
||||
return -1;
|
||||
}
|
||||
fclose(f_pr);
|
||||
|
||||
/* check the private key */
|
||||
switch(crypto_pk_check_key(env)) {
|
||||
case 0:
|
||||
log_fn(LOG_WARNING,"Private key read but is invalid : %s.", crypto_perror());
|
||||
return -1;
|
||||
case -1:
|
||||
log_fn(LOG_WARNING,"Private key read but validity checking failed : %s",crypto_perror());
|
||||
return -1;
|
||||
/* case 1: fall through */
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
int crypto_pk_read_public_key_from_file(crypto_pk_env_t *env, FILE *src)
|
||||
@ -989,14 +982,14 @@ int crypto_seed_rng()
|
||||
n = fread(buf, 1, 20, f);
|
||||
fclose(f);
|
||||
if (n != 20) {
|
||||
log_fn(LOG_INFO, "Error reading from entropy source");
|
||||
log_fn(LOG_WARNING, "Error reading from entropy source");
|
||||
return -1;
|
||||
}
|
||||
RAND_seed(buf, 20);
|
||||
return 0;
|
||||
}
|
||||
|
||||
log_fn(LOG_INFO, "Cannot seed RNG -- no entropy source found.");
|
||||
log_fn(LOG_WARNING, "Cannot seed RNG -- no entropy source found.");
|
||||
return -1;
|
||||
}
|
||||
|
||||
@ -1053,3 +1046,4 @@ base64_decode(char *dest, int destlen, char *src, int srclen)
|
||||
ret += len;
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
@ -20,13 +20,9 @@ static INLINE const char *sev_to_string(int severity) {
|
||||
switch(severity) {
|
||||
case LOG_DEBUG: return "debug";
|
||||
case LOG_INFO: return "info";
|
||||
case LOG_NOTICE: return "notice";
|
||||
case LOG_WARNING: return "warn";
|
||||
case LOG_ERR: return "err";
|
||||
case LOG_CRIT: return "crit";
|
||||
case LOG_ALERT: return "alert";
|
||||
case LOG_EMERG: return "emerg";
|
||||
default: return "UNKNOWN";
|
||||
default: assert(0); return "UNKNOWN";
|
||||
}
|
||||
}
|
||||
|
||||
@ -167,3 +163,4 @@ void add_file_log(int loglevel, const char *filename)
|
||||
add_stream_log(loglevel, filename, f);
|
||||
logfiles->needs_close = 1;
|
||||
}
|
||||
|
||||
|
@ -214,7 +214,7 @@ tor_tls_context_new(crypto_pk_env_t *rsa,
|
||||
if (rsa) {
|
||||
cert = tor_tls_create_certificate(rsa, nickname);
|
||||
if (!cert) {
|
||||
log(LOG_ERR, "Error creating certificate");
|
||||
log(LOG_WARNING, "Error creating certificate");
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
@ -311,7 +311,7 @@ tor_tls_read(tor_tls *tls, char *cp, int len)
|
||||
r = SSL_read(tls->ssl, cp, len);
|
||||
if (r > 0)
|
||||
return r;
|
||||
err = tor_tls_get_error(tls, r, CATCH_ZERO, "reading", LOG_ERR);
|
||||
err = tor_tls_get_error(tls, r, CATCH_ZERO, "reading", LOG_INFO);
|
||||
if (err == _TOR_TLS_ZERORETURN) {
|
||||
tls->state = TOR_TLS_ST_CLOSED;
|
||||
return TOR_TLS_CLOSE;
|
||||
@ -335,7 +335,7 @@ tor_tls_write(tor_tls *tls, char *cp, int n)
|
||||
if (n == 0)
|
||||
return 0;
|
||||
r = SSL_write(tls->ssl, cp, n);
|
||||
err = tor_tls_get_error(tls, r, 0, "writing", LOG_ERR);
|
||||
err = tor_tls_get_error(tls, r, 0, "writing", LOG_INFO);
|
||||
if (err == TOR_TLS_DONE) {
|
||||
return r;
|
||||
} else {
|
||||
@ -358,7 +358,7 @@ tor_tls_handshake(tor_tls *tls)
|
||||
} else {
|
||||
r = SSL_connect(tls->ssl);
|
||||
}
|
||||
r = tor_tls_get_error(tls,r,0, "handshaking", LOG_ERR);
|
||||
r = tor_tls_get_error(tls,r,0, "handshaking", LOG_INFO);
|
||||
if (r == TOR_TLS_DONE) {
|
||||
tls->state = TOR_TLS_ST_OPEN;
|
||||
}
|
||||
@ -385,7 +385,7 @@ tor_tls_shutdown(tor_tls *tls)
|
||||
r = SSL_read(tls->ssl, buf, 128);
|
||||
} while (r>0);
|
||||
err = tor_tls_get_error(tls, r, CATCH_ZERO, "reading to shut down",
|
||||
LOG_ERR);
|
||||
LOG_INFO);
|
||||
if (err == _TOR_TLS_ZERORETURN) {
|
||||
tls->state = TOR_TLS_ST_GOTCLOSE;
|
||||
/* fall through... */
|
||||
@ -401,7 +401,7 @@ tor_tls_shutdown(tor_tls *tls)
|
||||
return TOR_TLS_DONE;
|
||||
}
|
||||
err = tor_tls_get_error(tls, r, CATCH_SYSCALL|CATCH_ZERO, "shutting down",
|
||||
LOG_ERR);
|
||||
LOG_INFO);
|
||||
if (err == _TOR_TLS_SYSCALL) {
|
||||
/* The underlying TCP connection closed while we were shutting down. */
|
||||
tls->state = TOR_TLS_ST_CLOSED;
|
||||
@ -414,7 +414,7 @@ tor_tls_shutdown(tor_tls *tls)
|
||||
*/
|
||||
if (tls->state == TOR_TLS_ST_GOTCLOSE ||
|
||||
tls->state == TOR_TLS_ST_SENTCLOSE) {
|
||||
log(LOG_ERR,
|
||||
log(LOG_WARNING,
|
||||
"TLS returned \"half-closed\" value while already half-closed");
|
||||
return TOR_TLS_ERROR;
|
||||
}
|
||||
|
@ -60,13 +60,13 @@ tv_udiff(struct timeval *start, struct timeval *end)
|
||||
long secdiff = end->tv_sec - start->tv_sec;
|
||||
|
||||
if (secdiff+1 > LONG_MAX/1000000) {
|
||||
log_fn(LOG_NOTICE, "comparing times too far apart.");
|
||||
log_fn(LOG_WARNING, "comparing times too far apart.");
|
||||
return LONG_MAX;
|
||||
}
|
||||
|
||||
udiff = secdiff*1000000L + (end_usec - start->tv_usec);
|
||||
if(udiff < 0) {
|
||||
log_fn(LOG_NOTICE, "start is after end. Returning 0.");
|
||||
log_fn(LOG_WARNING, "start is after end. Returning 0.");
|
||||
return 0;
|
||||
}
|
||||
return udiff;
|
||||
@ -320,17 +320,17 @@ int check_private_dir(const char *dirname, int create)
|
||||
struct stat st;
|
||||
if (stat(dirname, &st)) {
|
||||
if (errno != ENOENT) {
|
||||
log(LOG_ERR, "Directory %s cannot be read: %s", dirname,
|
||||
log(LOG_WARNING, "Directory %s cannot be read: %s", dirname,
|
||||
strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
if (!create) {
|
||||
log(LOG_ERR, "Directory %s does not exist.", dirname);
|
||||
log(LOG_WARNING, "Directory %s does not exist.", dirname);
|
||||
return -1;
|
||||
}
|
||||
log(LOG_INFO, "Creating directory %s", dirname);
|
||||
if (mkdir(dirname, 0700)) {
|
||||
log(LOG_ERR, "Error creating directory %s: %s", dirname,
|
||||
log(LOG_WARNING, "Error creating directory %s: %s", dirname,
|
||||
strerror(errno));
|
||||
return -1;
|
||||
} else {
|
||||
@ -338,17 +338,17 @@ int check_private_dir(const char *dirname, int create)
|
||||
}
|
||||
}
|
||||
if (!(st.st_mode & S_IFDIR)) {
|
||||
log(LOG_ERR, "%s is not a directory", dirname);
|
||||
log(LOG_WARNING, "%s is not a directory", dirname);
|
||||
return -1;
|
||||
}
|
||||
if (st.st_uid != getuid()) {
|
||||
log(LOG_ERR, "%s is not owned by this UID (%d)", dirname, getuid());
|
||||
log(LOG_WARNING, "%s is not owned by this UID (%d)", dirname, getuid());
|
||||
return -1;
|
||||
}
|
||||
if (st.st_mode & 0077) {
|
||||
log(LOG_WARNING, "Fixing permissions on directory %s", dirname);
|
||||
if (chmod(dirname, 0700)) {
|
||||
log(LOG_ERR, "Could not chmod directory %s: %s", dirname,
|
||||
log(LOG_WARNING, "Could not chmod directory %s: %s", dirname,
|
||||
strerror(errno));
|
||||
return -1;
|
||||
} else {
|
||||
@ -365,28 +365,28 @@ write_str_to_file(const char *fname, const char *str)
|
||||
int fd;
|
||||
FILE *file;
|
||||
if (strlen(fname) > 1000) {
|
||||
log(LOG_ERR, "Filename %s is too long.", fname);
|
||||
log(LOG_WARNING, "Filename %s is too long.", fname);
|
||||
return -1;
|
||||
}
|
||||
strcpy(tempname,fname);
|
||||
strcat(tempname,".tmp");
|
||||
if ((fd = open(tempname, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) {
|
||||
log(LOG_ERR, "Couldn't open %s for writing: %s", tempname,
|
||||
log(LOG_WARNING, "Couldn't open %s for writing: %s", tempname,
|
||||
strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
if (!(file = fdopen(fd, "w"))) {
|
||||
log(LOG_ERR, "Couldn't fdopen %s for writing: %s", tempname,
|
||||
log(LOG_WARNING, "Couldn't fdopen %s for writing: %s", tempname,
|
||||
strerror(errno));
|
||||
close(fd); return -1;
|
||||
}
|
||||
if (fputs(str,file) == EOF) {
|
||||
log(LOG_ERR, "Error writing to %s: %s", tempname, strerror(errno));
|
||||
log(LOG_WARNING, "Error writing to %s: %s", tempname, strerror(errno));
|
||||
fclose(file); return -1;
|
||||
}
|
||||
fclose(file);
|
||||
if (rename(tempname, fname)) {
|
||||
log(LOG_ERR, "Error replacing %s: %s", fname, strerror(errno));
|
||||
log(LOG_WARNING, "Error replacing %s: %s", fname, strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
return 0;
|
||||
|
@ -277,24 +277,16 @@ int getconfig(int argc, char **argv, or_options_t *options) {
|
||||
/* Validate options */
|
||||
|
||||
if(options->LogLevel) {
|
||||
if(!strcmp(options->LogLevel,"emerg"))
|
||||
options->loglevel = LOG_EMERG;
|
||||
else if(!strcmp(options->LogLevel,"alert"))
|
||||
options->loglevel = LOG_ALERT;
|
||||
else if(!strcmp(options->LogLevel,"crit"))
|
||||
options->loglevel = LOG_CRIT;
|
||||
else if(!strcmp(options->LogLevel,"err"))
|
||||
options->loglevel = LOG_ERR;
|
||||
else if(!strcmp(options->LogLevel,"warning"))
|
||||
options->loglevel = LOG_WARNING;
|
||||
else if(!strcmp(options->LogLevel,"notice"))
|
||||
options->loglevel = LOG_NOTICE;
|
||||
else if(!strcmp(options->LogLevel,"info"))
|
||||
options->loglevel = LOG_INFO;
|
||||
else if(!strcmp(options->LogLevel,"debug"))
|
||||
options->loglevel = LOG_DEBUG;
|
||||
else {
|
||||
log(LOG_ERR,"LogLevel must be one of emerg|alert|crit|err|warning|notice|info|debug.");
|
||||
log(LOG_ERR,"LogLevel must be one of err|warning|info|debug.");
|
||||
result = -1;
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user