aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2021-02-23 00:58:46 +0100
committerGuilhem Moulin <guilhem@fripost.org>2021-02-23 01:00:07 +0100
commit3a527c2159cdd23f489970f935edbccc37da1901 (patch)
tree14a1402570c050a57a34a505b74407dc55dd743f
parent2d08a72c2f6b2afb04fb5382a5f592075a0004a8 (diff)
lacme-accountd: Refactor logging logic.
-rw-r--r--Changelog2
-rwxr-xr-xlacme-accountd27
2 files changed, 16 insertions, 13 deletions
diff --git a/Changelog b/Changelog
index c4dd0fc..b7459fd 100644
--- a/Changelog
+++ b/Changelog
@@ -1,6 +1,6 @@
lacme (0.8.1) upstream;
- + lacme-accountd: improve log messages.
+ + lacme-accountd: improve log messages and refactor logging logic.
+ lacme-accountd: refuse to sign JWS with an invalid Protected Header.
- lacme: in the [accountd] config, let lacme-accountd(1) do the
%-expansion for 'config', not lacme(8) when building the command.
diff --git a/lacme-accountd b/lacme-accountd
index 47a4c32..a35ac88 100755
--- a/lacme-accountd
+++ b/lacme-accountd
@@ -64,18 +64,21 @@ sub usage(;$$) {
usage(1) unless GetOptions(\%OPTS, qw/config=s privkey=s socket=s stdio quiet|q debug help|h/);
usage(0) if $OPTS{help};
-my $LOG;
+my ($LOG, $LOGLEVEL);
+my ($LOG_INFO, $LOG_VERBOSE, $LOG_DEBUG) = (0,1,2);
sub logmsg($@) {
- my $lvl = shift // "all";
- if (defined $LOG and ($lvl ne "debug" or $OPTS{debug})) {
+ my $lvl = shift;
+ if (defined $LOG and ($lvl <= $LOGLEVEL or $lvl <= $LOG_VERBOSE)) {
+ # --quiet flag hides verbose-level messages from the standard
+ # error but we add them to the logfile nonetheless
my $now = localtime;
$LOG->printflush("[", $now, "] ", @_, "\n") or warn "print: $!";
}
- unless (($lvl eq "debug" and !$OPTS{debug}) or ($lvl eq "noquiet" and $OPTS{quiet})) {
+ if ($lvl <= $LOGLEVEL) {
print STDERR @_, "\n" or warn "print: $!";
}
}
-sub info(@) { logmsg(all => @_); }
+sub info(@) { logmsg($LOG_INFO => @_); }
sub error(@) {
my @msg = ("Error: ", @_);
info(@msg);
@@ -134,7 +137,7 @@ do {
print STDERR "Ignoring missing configuration file at default location $conffile\n" if $OPTS{debug};
}
- $OPTS{quiet} = 0 if $OPTS{debug};
+ $LOGLEVEL = $OPTS{debug} ? $LOG_DEBUG : $OPTS{quiet} ? $LOG_INFO : $LOG_VERBOSE;
error("'privkey' is not specified") unless defined $OPTS{privkey};
};
@@ -214,7 +217,7 @@ unless (defined $OPTS{stdio}) {
my $umask = umask(0177) // panic("umask: $!");
- logmsg(noquiet => "Starting lacme Account Key Manager at $sockname");
+ logmsg($LOG_VERBOSE => "Starting lacme Account Key Manager at $sockname");
socket(my $sock, PF_UNIX, SOCK_STREAM, 0) or panic("socket: $!");
my $sockaddr = Socket::sockaddr_un($sockname) // panic();
bind($sock, $sockaddr) or panic("bind: $!");
@@ -271,7 +274,7 @@ sub conn($$$) {
my $sig = eval { $SIGN->($data) };
panic($@) if $@ or !defined $sig;
- logmsg(noquiet => "[$id] SIGNED ", $req);
+ logmsg($LOG_VERBOSE => "[$id] SIGNED ", $req);
$out->printflush( encode_base64url($sig), "\r\n" ) or warn "print: $!";
}
}
@@ -285,9 +288,9 @@ if (defined $OPTS{stdio}) {
next if $! == EINTR; # try again if accept(2) was interrupted by a signal
panic("accept: $!");
};
- logmsg(noquiet => "[$count] Accepted new connection");
+ logmsg($LOG_VERBOSE => "[$count] Accepted new connection");
conn($conn, $conn, $count);
- logmsg(noquiet => "[$count] Connection terminated");
+ logmsg($LOG_VERBOSE => "[$count] Connection terminated");
$conn->close() or warn "close: $!";
}
}
@@ -297,11 +300,11 @@ if (defined $OPTS{stdio}) {
#
END {
if (defined $SOCKNAME and -S $SOCKNAME) {
- logmsg(debug => "Unlinking $SOCKNAME");
+ logmsg($LOG_DEBUG => "Unlinking $SOCKNAME");
unlink $SOCKNAME or info("Error: unlink($SOCKNAME): $!");
}
if (defined $S) {
- logmsg(noquiet => "Shutting down and closing lacme Account Key Manager");
+ logmsg($LOG_VERBOSE => "Shutting down and closing lacme Account Key Manager");
shutdown($S, SHUT_RDWR) or info("Error: shutdown: $!");
close $S or info("Error: close: $!");
}