journal-gatewayd: log to journal from gnutls

Prefix "gnutls: " is added. Some semi-random mapping of gnutls levels to syslog levels is done, but since gnutls levels seem to be used rather loosely, most end up as debug.
2012-11-28 23:08:35 +01:00 · 2012-11-28 23:08:35 +01:00 · cafc7f9130
parent 6031319956
commit cafc7f9130
4 changed files with 57 additions and 0 deletions
--- a/Makefile.am
+++ b/Makefile.am
@ -3437,6 +3437,11 @@ systemd_journal_gatewayd_LDADD = \
 	libsystemd-shared.la \
 	$(MICROHTTPD_LIBS)

+if HAVE_GNUTLS
+systemd_journal_gatewayd_LDADD += \
+	$(GNUTLS_LIBS)
+endif
+
 systemd_journal_gatewayd_CFLAGS = \
 	$(AM_CFLAGS) \
 	$(MICROHTTPD_CFLAGS)
--- a/src/journal/journal-gatewayd.c
+++ b/src/journal/journal-gatewayd.c
@ -1024,6 +1024,11 @@ int main(int argc, char *argv[]) {
        if (r == 0)
                return EXIT_SUCCESS;

+#ifdef HAVE_GNUTLS
+        gnutls_global_set_log_function(log_func_gnutls);
+        gnutls_global_set_log_level(GNUTLS_LOG_LEVEL);
+#endif
+
        n = sd_listen_fds(1);
        if (n < 0) {
                log_error("Failed to determine passed sockets: %s", strerror(-n));
--- a/src/journal/microhttpd-util.c
+++ b/src/journal/microhttpd-util.c
@ -39,3 +39,38 @@ void microhttpd_logger(void *arg, const char *fmt, va_list ap) {
        log_metav(LOG_INFO, NULL, 0, NULL, f, ap);
        REENABLE_WARNING;
 }
+
+#ifdef HAVE_GNUTLS
+
+static int log_level_map[] = {
+        LOG_DEBUG,
+        LOG_WARNING, /* gnutls session audit */
+        LOG_DEBUG,   /* gnutls debug log */
+        LOG_WARNING, /* gnutls assert log */
+        LOG_INFO,    /* gnutls handshake log */
+        LOG_DEBUG,   /* gnutls record log */
+        LOG_DEBUG,   /* gnutls dtls log */
+        LOG_DEBUG,
+        LOG_DEBUG,
+        LOG_DEBUG,
+        LOG_DEBUG,   /* gnutls hard log */
+        LOG_DEBUG,   /* gnutls read log */
+        LOG_DEBUG,   /* gnutls write log */
+        LOG_DEBUG,   /* gnutls io log */
+        LOG_DEBUG,   /* gnutls buffers log */
+};
+
+void log_func_gnutls(int level, const char *message) {
+        int ourlevel;
+
+        assert_se(message);
+
+        if (0 <= level && level < (int) ELEMENTSOF(log_level_map))
+                ourlevel = log_level_map[level];
+        else
+                level = LOG_DEBUG;
+
+        log_meta(ourlevel, NULL, 0, NULL, "gnutls: %s", message);
+}
+
+#endif
--- a/src/journal/microhttpd-util.h
+++ b/src/journal/microhttpd-util.h
@ -26,3 +26,15 @@
 #include "macro.h"

 void microhttpd_logger(void *arg, const char *fmt, va_list ap) _printf_(2, 0);
+
+#ifdef HAVE_GNUTLS
+#include <gnutls/gnutls.h>
+
+void log_func_gnutls(int level, const char *message);
+
+/* This is additionally filtered by our internal log level, so it
+ * should be set fairly high to capture all potentially interesting
+ * events without overwhelming detail.
+ */
+#define GNUTLS_LOG_LEVEL 6
+#endif