First pass at updating the cryptlib log messages... step one, the FTP server.

c6a4eaef · deuce · c74260b5 · c6a4eaef · c6a4eaef · c6a4eaef
Commit c6a4eaef authored 7 years ago by deuce
--- a/src/sbbs3/ftpsrvr.c
+++ b/src/sbbs3/ftpsrvr.c
@@ -302,6 +302,7 @@ static int sockprintf(SOCKET sock, CRYPT_SESSION sess, char *fmt, ...)
 	char	sbuf[1024];
 	fd_set	socket_set;
 	struct timeval tv;
+	char	estr[SSL_ESTR_LEN];
    va_start(argptr,fmt);
    len=vsnprintf(sbuf,maxlen=sizeof(sbuf)-2,fmt,argptr);
@@ -344,13 +345,15 @@ static int sockprintf(SOCKET sock, CRYPT_SESSION sess, char *fmt, ...)
 			if (result == CRYPT_OK)
 				sent += tls_sent;
 			else {
-				lprintf(LOG_DEBUG, "pushData returned %d\n", result);
+				get_crypt_error_string(result, sess, estr, "sending data");
-				if (result != -25)
+				lprintf(LOG_DEBUG, "%04d !ERROR %s", sock, estr);
+				if (result != CRYPT_ERROR_TIMEOUT)
 					return 0;
 			}
 			result = cryptFlushData(sess);
 			if (result != CRYPT_OK) {
-				lprintf(LOG_DEBUG, "cryptFlushData() returned %d\n", result);
+				get_crypt_error_string(result, sess, estr, "flushing data");
+				lprintf(LOG_DEBUG, "%04d error %s", sock, estr);
 				return 0;
 			}
 		}
@@ -1163,6 +1166,7 @@ static int sock_recvbyte(SOCKET sock, CRYPT_SESSION sess, char *buf, time_t *las
 	struct	timeval	tv;
 	int ret;
 	int i;
+	char estr[SSL_ESTR_LEN];
 	if(ftp_set==NULL || terminate_server) {
 		sockprintf(sock,sess,"421 Server downed, aborting.");
@@ -1171,7 +1175,10 @@ static int sock_recvbyte(SOCKET sock, CRYPT_SESSION sess, char *buf, time_t *las
 	}
 	if (sess > -1) {
 		/* Try a read with no timeout first. */
-		cryptSetAttribute(sess, CRYPT_OPTION_NET_READTIMEOUT, 0);
+		if ((ret = cryptSetAttribute(sess, CRYPT_OPTION_NET_READTIMEOUT, 0)) != CRYPT_OK) {
+				get_crypt_error_string(ret, sess, estr, "setting read timeout");
+				lprintf(LOG_DEBUG, "%04d !ERROR %s", sock, estr);
+		}
 		while (1) {
 			ret = cryptPopData(sess, buf, 1, &len);
 			/* Successive reads will be with the full timeout after a select() */
@@ -1180,12 +1187,14 @@ static int sock_recvbyte(SOCKET sock, CRYPT_SESSION sess, char *buf, time_t *las
 				case CRYPT_OK:
 					break;
 				case CRYPT_ERROR_TIMEOUT:
-					lprintf(LOG_WARNING,"%04d !TIMEOUT in sock_recvbyte (%u seconds):  INACTIVE SOCKET",sock,startup->max_inactivity);
+					get_crypt_error_string(ret, sess, estr, "popping data");
+					lprintf(LOG_WARNING, "%04d !TIMEOUT %s (%u seconds)", sock, estr, startup->max_inactivity);
 					return -1;
 				case CRYPT_ERROR_COMPLETE:
 					return 0;
 				default:
-					lprintf(LOG_WARNING,"%04d !Cryptlib error in sock_recvbyte:  %d",sock,ret);
+					get_crypt_error_string(ret, sess, estr, "popping data");
+					lprintf(LOG_WARNING, "%04d !ERROR %s", sock, estr);
 					if (ret < -1)
 						return ret;
 					return -2;
@@ -1357,6 +1366,7 @@ static void send_thread(void* arg)
 	socklen_t	addr_len;
 	fd_set		socket_set;
 	struct timeval tv;
+	char		estr[SSL_ESTR_LEN];
 	xfer=*(xfer_t*)arg;
 	free(arg);
@@ -1449,13 +1459,15 @@ static void send_thread(void* arg)
 		if (*xfer.data_sess != -1) {
 			int status = cryptPushData(*xfer.data_sess, buf, rd, &wr);
 			if (status != CRYPT_OK) {
-				lprintf(LOG_DEBUG, "PushData() returned %d\n", status);
+				get_crypt_error_string(status, *xfer.data_sess, estr, "pushing data");
+				lprintf(LOG_DEBUG, "%04d !ERROR %s", *xfer.data_sock, estr);
 				wr = -1;
 			}
 			else {
 				status = cryptFlushData(*xfer.data_sess);
 				if (status != CRYPT_OK) {
-					lprintf(LOG_DEBUG, "cryptFlushData() returned %d\n", status);
+					get_crypt_error_string(status, *xfer.data_sess, estr, "flushing data");
+					lprintf(LOG_DEBUG, "%04d !ERROR %s", *xfer.data_sock, estr);
 					wr = -1;
 				}
 			}
@@ -1633,6 +1645,7 @@ static void receive_thread(void* arg)
 	fd_set		socket_set;
 	struct timeval tv;
 	CRYPT_SESSION	sess = -1;
+	char		estr[SSL_ESTR_LEN];
 	xfer=*(xfer_t*)arg;
 	free(arg);
@@ -1721,9 +1734,12 @@ static void receive_thread(void* arg)
 #endif
 		if (*xfer.data_sess != -1) {
 			int status = cryptPopData(*xfer.data_sess, buf, sizeof(buf), &rd);
-			if (status != CRYPT_OK)
+			if (status != CRYPT_OK) {
+				get_crypt_error_string(status, *xfer.data_sess, estr, "flushing data");
+				lprintf(LOG_DEBUG, "%04d !ERROR %s", *xfer.data_sock, estr);
 				rd = -1;
 			}
+		}
 		else {
 			rd=recv(*xfer.data_sock,buf,sizeof(buf),0);
 		}
@@ -1912,30 +1928,33 @@ static BOOL start_tls(SOCKET *sock, CRYPT_SESSION *sess, BOOL resp)
 	BOOL nodelay;
 	ulong nb;
 	int status;
-	char *estr;
+	char estr[SSL_ESTR_LEN];
-	if (get_ssl_cert(&scfg, NULL) == -1) {
+	if (get_ssl_cert(&scfg, estr) == -1) {
-		lprintf(LOG_ERR, "Unable to get certificate");
+		lprintf(LOG_ERR, "Unable to get certificate %s", estr);
 		if (resp)
 			sockprintf(*sock, *sess, "431 TLS not available");
 		return FALSE;
 	}
-	if (cryptCreateSession(sess, CRYPT_UNUSED, CRYPT_SESSION_SSL_SERVER) != CRYPT_OK) {
+	if ((status = cryptCreateSession(sess, CRYPT_UNUSED, CRYPT_SESSION_SSL_SERVER)) != CRYPT_OK) {
-		lprintf(LOG_ERR, "Unable to create TLS session");
+		get_crypt_error_string(status, CRYPT_UNUSED, estr, "creating session");
+		lprintf(LOG_ERR, "%04d FTP ERROR %s", *sock, estr);
 		if (resp)
 			sockprintf(*sock, *sess, "431 TLS not available");
 		return FALSE;
 	}
-	if (cryptSetAttribute(*sess, CRYPT_SESSINFO_SSL_OPTIONS, CRYPT_SSLOPTION_DISABLE_CERTVERIFY) != CRYPT_OK) {
+	if ((status = cryptSetAttribute(*sess, CRYPT_SESSINFO_SSL_OPTIONS, CRYPT_SSLOPTION_DISABLE_CERTVERIFY)) != CRYPT_OK) {
-		lprintf(LOG_ERR, "Unable to disable certificate verification");
+		get_crypt_error_string(status, *sess, estr, "disabling certificate verification");
+		lprintf(LOG_ERR, "%04d FTP ERROR %s", *sock, estr);
 		cryptDestroySession(*sess);
 		*sess = -1;
 		if(resp)
 			sockprintf(*sock, *sess, "431 TLS not available");
 		return FALSE;
 	}
-	if (cryptSetAttribute(*sess, CRYPT_SESSINFO_PRIVATEKEY, scfg.tls_certificate) != CRYPT_OK) {
+	if ((status=cryptSetAttribute(*sess, CRYPT_SESSINFO_PRIVATEKEY, scfg.tls_certificate)) != CRYPT_OK) {
-		lprintf(LOG_ERR, "Unable to set private key");
+		get_crypt_error_string(status, *sess, estr, "setting private key");
+		lprintf(LOG_ERR, "%04d FTP ERROR %s", *sock, estr);
 		cryptDestroySession(*sess);
 		*sess = -1;
 		if (resp)
@@ -1946,8 +1965,9 @@ static BOOL start_tls(SOCKET *sock, CRYPT_SESSION *sess, BOOL resp)
 	setsockopt(*sock,IPPROTO_TCP,TCP_NODELAY,(char*)&nodelay,sizeof(nodelay));
 	nb=0;
 	ioctlsocket(*sock,FIONBIO,&nb);
-	if (cryptSetAttribute(*sess, CRYPT_SESSINFO_NETWORKSOCKET, *sock) != CRYPT_OK) {
+	if ((status = cryptSetAttribute(*sess, CRYPT_SESSINFO_NETWORKSOCKET, *sock)) != CRYPT_OK) {
-		lprintf(LOG_ERR, "Unable to set network socket");
+		get_crypt_error_string(status, *sess, estr, "setting network socket");
+		lprintf(LOG_ERR, "%04d FTP ERROR %s", *sock, estr);
 		cryptDestroySession(*sess);
 		*sess = -1;
 		if (resp)
@@ -1957,14 +1977,14 @@ static BOOL start_tls(SOCKET *sock, CRYPT_SESSION *sess, BOOL resp)
 	if (resp)
 		sockprintf(*sock, -1, "234 Ready to start TLS");
 	if ((status = cryptSetAttribute(*sess, CRYPT_SESSINFO_ACTIVE, 1)) != CRYPT_OK) {
-		estr = get_crypt_error(*sess);
+		get_crypt_error_string(status, *sess, estr, "setting session active");
-		lprintf(LOG_ERR, "Unable to set session active (%d:%s)", status, estr);
+		lprintf(LOG_ERR, "%04d FTP ERROR %s", *sock, estr);
-		free_crypt_attrstr(estr);
 		return TRUE;
 	}
 	if (startup->max_inactivity) {
-		if (cryptSetAttribute(*sess, CRYPT_OPTION_NET_READTIMEOUT, startup->max_inactivity) != CRYPT_OK) {
+		if ((status = cryptSetAttribute(*sess, CRYPT_OPTION_NET_READTIMEOUT, startup->max_inactivity)) != CRYPT_OK) {
-			lprintf(LOG_ERR, "Unable to set max inactivity");
+			get_crypt_error_string(status, *sess, estr, "setting read timeout");
+			lprintf(LOG_ERR, "%04d FTP ERROR %s", *sock, estr);
 			return TRUE;
 		}
 	}

--- a/src/sbbs3/ssl.c
+++ b/src/sbbs3/ssl.c
@@ -32,13 +32,15 @@ char* DLLCALL get_crypt_error(CRYPT_HANDLE sess)
 	return get_crypt_attribute(sess, CRYPT_ATTRIBUTE_ERRORMESSAGE);
 }
-bool get_crypt_error_string(int status, CRYPT_HANDLE sess, char estr[SSL_ESTR_LEN], char *file, int line)
+bool DLLCALL get_crypt_error_string(int status, CRYPT_HANDLE sess, char estr[SSL_ESTR_LEN], const char *action)
 {
-	char	*emsg;
+	char	*emsg = NULL;
 	if (cryptStatusOK(status))
 		return true;
+	if (estr) {
+		if (sess != CRYPT_UNUSED)
 			emsg = get_crypt_error(sess);
 		if (emsg == NULL) {
 			switch(status) {
@@ -156,11 +158,12 @@ bool get_crypt_error_string(int status, CRYPT_HANDLE sess, char estr[SSL_ESTR_LE
 			}
 		}
 		if (emsg) {
-		safe_snprintf(estr, SSL_ESTR_LEN, "cryptlib error %d at %s:%d (%s)", status, file, line, emsg);
+			safe_snprintf(estr, SSL_ESTR_LEN, "'%s' (%d) %s", emsg, status, action);
 			free_crypt_attrstr(emsg);
 		}
 		else
-		safe_snprintf(estr, SSL_ESTR_LEN, "cryptlib error %d at %s:%d", status, file, line);
+			safe_snprintf(estr, SSL_ESTR_LEN, "(%d) %s", status, action);
+	}
 	return false;
 }
@@ -201,7 +204,7 @@ bool DLLCALL is_crypt_initialized(void)
 	return cryptlib_initialized;
 }
-#define DO(x)	get_crypt_error_string(x, ssl_context, estr, __FILE__, __LINE__)
+#define DO(action, handle, x)	get_crypt_error_string(x, handle, estr, action)
 CRYPT_CONTEXT DLLCALL get_ssl_cert(scfg_t *cfg, char estr[SSL_ESTR_LEN])
 {
@@ -222,56 +225,54 @@ CRYPT_CONTEXT DLLCALL get_ssl_cert(scfg_t *cfg, char estr[SSL_ESTR_LEN])
 	/* Get the certificate... first try loading it from a file... */
 	SAFEPRINTF2(str,"%s%s",cfg->ctrl_dir,"ssl.cert");
 	if(cryptStatusOK(cryptKeysetOpen(&ssl_keyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, str, CRYPT_KEYOPT_READONLY))) {
-		if(!DO(cryptGetPrivateKey(ssl_keyset, &ssl_context, CRYPT_KEYID_NAME, "ssl_cert", cfg->sys_pass))) {
+		if(!DO("getting private key", ssl_keyset, cryptGetPrivateKey(ssl_keyset, &ssl_context, CRYPT_KEYID_NAME, "ssl_cert", cfg->sys_pass))) {
 			pthread_mutex_unlock(&ssl_cert_mutex);
 			return -1;
 		}
 	}
 	else {
 		/* Couldn't do that... create a new context and use the cert from there... */
-		if(!cryptStatusOK(i=cryptCreateContext(&ssl_context, CRYPT_UNUSED, CRYPT_ALGO_RSA))) {
+		if(!DO("creating SSL context", CRYPT_UNUSED, cryptStatusOK(i=cryptCreateContext(&ssl_context, CRYPT_UNUSED, CRYPT_ALGO_RSA)))) {
 			pthread_mutex_unlock(&ssl_cert_mutex);
-			if (estr)
-				sprintf(estr, "cryptlib error %d creating SSL context",i);
 			return -1;
 		}
-		if(!DO(cryptSetAttributeString(ssl_context, CRYPT_CTXINFO_LABEL, "ssl_cert", 8)))
+		if(!DO("setting label", ssl_context, cryptSetAttributeString(ssl_context, CRYPT_CTXINFO_LABEL, "ssl_cert", 8)))
 			goto failure_return_1;
-		if(!DO(cryptGenerateKey(ssl_context)))
+		if(!DO("generating key", ssl_context, cryptGenerateKey(ssl_context)))
 			goto failure_return_1;
-		if(!DO(cryptKeysetOpen(&ssl_keyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, str, CRYPT_KEYOPT_CREATE)))
+		if(!DO("opening keyset", CRYPT_UNUSED, cryptKeysetOpen(&ssl_keyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, str, CRYPT_KEYOPT_CREATE)))
 			goto failure_return_1;
-		if(!DO(cryptAddPrivateKey(ssl_keyset, ssl_context, cfg->sys_pass)))
+		if(!DO("adding private key", ssl_keyset, cryptAddPrivateKey(ssl_keyset, ssl_context, cfg->sys_pass)))
 			goto failure_return_2;
-		if(!DO(cryptCreateCert(&ssl_cert, CRYPT_UNUSED, CRYPT_CERTTYPE_CERTIFICATE)))
+		if(!DO("creating certificate", CRYPT_UNUSED, cryptCreateCert(&ssl_cert, CRYPT_UNUSED, CRYPT_CERTTYPE_CERTIFICATE)))
 			goto failure_return_2;
-		if(!DO(cryptSetAttribute(ssl_cert, CRYPT_CERTINFO_SUBJECTPUBLICKEYINFO, ssl_context)))
+		if(!DO("setting public key", ssl_cert, cryptSetAttribute(ssl_cert, CRYPT_CERTINFO_SUBJECTPUBLICKEYINFO, ssl_context)))
 			goto failure_return_3;
-		if(!DO(cryptSetAttribute(ssl_cert, CRYPT_CERTINFO_SELFSIGNED, 1)))
+		if(!DO("signing certificate", ssl_cert, cryptSetAttribute(ssl_cert, CRYPT_CERTINFO_SELFSIGNED, 1)))
 			goto failure_return_3;
-		if(!DO(cryptSetAttribute(ssl_cert, CRYPT_OPTION_CERT_VALIDITY, 3650)))
+		if(!DO("verifying certificate", ssl_cert, cryptSetAttribute(ssl_cert, CRYPT_OPTION_CERT_VALIDITY, 3650)))
 			goto failure_return_3;
-		if(!DO(cryptSetAttributeString(ssl_cert, CRYPT_CERTINFO_COUNTRYNAME, "ZZ", 2)))
+		if(!DO("setting country name", ssl_cert, cryptSetAttributeString(ssl_cert, CRYPT_CERTINFO_COUNTRYNAME, "ZZ", 2)))
 			goto failure_return_3;
-		if(!DO(cryptSetAttributeString(ssl_cert, CRYPT_CERTINFO_ORGANIZATIONNAME, cfg->sys_name, strlen(cfg->sys_name))))
+		if(!DO("setting orginization name", ssl_cert, cryptSetAttributeString(ssl_cert, CRYPT_CERTINFO_ORGANIZATIONNAME, cfg->sys_name, strlen(cfg->sys_name))))
 			goto failure_return_3;
-		if(!DO(cryptSetAttributeString(ssl_cert, CRYPT_CERTINFO_DNSNAME, cfg->sys_inetaddr, strlen(cfg->sys_inetaddr))))
+		if(!DO("setting DNS name", ssl_cert, cryptSetAttributeString(ssl_cert, CRYPT_CERTINFO_DNSNAME, cfg->sys_inetaddr, strlen(cfg->sys_inetaddr))))
 			goto failure_return_3;
-		if(!DO(cryptSetAttributeString(ssl_cert, CRYPT_CERTINFO_COMMONNAME, cfg->sys_inetaddr, strlen(cfg->sys_inetaddr))))
+		if(!DO("setting Common Name", ssl_cert, cryptSetAttributeString(ssl_cert, CRYPT_CERTINFO_COMMONNAME, cfg->sys_inetaddr, strlen(cfg->sys_inetaddr))))
 			goto failure_return_3;
 		sprintf(sysop_email, "sysop@%s", cfg->sys_inetaddr);
-		if(!DO(cryptSetAttributeString(ssl_cert, CRYPT_CERTINFO_RFC822NAME, sysop_email, strlen(sysop_email))))
+		if(!DO("setting email", ssl_cert, cryptSetAttributeString(ssl_cert, CRYPT_CERTINFO_RFC822NAME, sysop_email, strlen(sysop_email))))
 			goto failure_return_3;
-		if(!DO(cryptSignCert(ssl_cert, ssl_context)))
+		if(!DO("signing certificate", ssl_cert, cryptSignCert(ssl_cert, ssl_context)))
 			goto failure_return_3;
-		if(!DO(cryptAddPublicKey(ssl_keyset, ssl_cert)))
+		if(!DO("adding public key", ssl_keyset, cryptAddPublicKey(ssl_keyset, ssl_cert)))
 			goto failure_return_3;
 		cryptDestroyCert(ssl_cert);
 		cryptKeysetClose(ssl_keyset);
 		cryptDestroyContext(ssl_context);
 		// Finally, load it from the file.
 		if(cryptStatusOK(cryptKeysetOpen(&ssl_keyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, str, CRYPT_KEYOPT_READONLY))) {
-			if(!DO(cryptGetPrivateKey(ssl_keyset, &ssl_context, CRYPT_KEYID_NAME, "ssl_cert", cfg->sys_pass))) {
+			if(!DO("getting private key", ssl_keyset, cryptGetPrivateKey(ssl_keyset, &ssl_context, CRYPT_KEYID_NAME, "ssl_cert", cfg->sys_pass))) {
 				ssl_context = -1;
 			}
 		}

--- a/src/sbbs3/ssl.h
+++ b/src/sbbs3/ssl.h
@@ -40,7 +40,7 @@ DLLEXPORT char* DLLCALL get_crypt_error(CRYPT_HANDLE sess);
 DLLEXPORT CRYPT_CONTEXT DLLCALL get_ssl_cert(scfg_t *cfg, char estr[SSL_ESTR_LEN]);
 DLLEXPORT int DLLCALL do_cryptInit(void);
 DLLEXPORT bool DLLCALL is_crypt_initialized(void);
-DLLEXPORT bool DLLCALL get_crypt_error_string(int status, CRYPT_HANDLE sess, char estr[SSL_ESTR_LEN], char *file, int line)
+DLLEXPORT bool DLLCALL get_crypt_error_string(int status, CRYPT_HANDLE sess, char estr[SSL_ESTR_LEN], const char *action);
 #if defined(__cplusplus)
 }