Streamlined log messages in ipseckey plugin
authorAndreas Steffen <andreas.steffen@strongswan.org>
Sun, 17 Feb 2013 18:31:56 +0000 (19:31 +0100)
committerTobias Brunner <tobias@strongswan.org>
Tue, 19 Feb 2013 11:25:00 +0000 (12:25 +0100)
src/libcharon/plugins/ipseckey/ipseckey.c
src/libcharon/plugins/ipseckey/ipseckey_cred.c

index d79d566..78ae2cc 100644 (file)
@@ -118,7 +118,7 @@ ipseckey_t *ipseckey_create_frm_rr(rr_t *rr)
 
        if (rr->get_type(rr) != RR_TYPE_IPSECKEY)
        {
-               DBG1(DBG_CFG, "unable to create an ipseckey out of a RR "
+               DBG1(DBG_CFG, "unable to create an ipseckey out of an RR "
                                          "whose type is not IPSECKEY");
                free(this);
                return NULL;
@@ -143,8 +143,8 @@ ipseckey_t *ipseckey_create_frm_rr(rr_t *rr)
                case IPSECKEY_GW_TP_IPV4:
                        if (!reader->read_data(reader, 4, &this->gateway))
                        {
-                               DBG1(DBG_CFG, "ipseckey gateway field does not contain an IPv4 "
-                                                         "address as expected");
+                               DBG1(DBG_CFG, "ipseckey gateway field does not contain an "
+                                                         "IPv4 address as expected");
                                reader->destroy(reader);
                                free(this);
                                return NULL;
@@ -155,8 +155,8 @@ ipseckey_t *ipseckey_create_frm_rr(rr_t *rr)
                case IPSECKEY_GW_TP_IPV6:
                        if (!reader->read_data(reader, 16, &this->gateway))
                        {
-                               DBG1(DBG_CFG, "ipseckey gateway field does not contain an IPv6 "
-                                                         "address as expected");
+                               DBG1(DBG_CFG, "ipseckey gateway field does not contain an "
+                                                         "IPv6 address as expected");
                                reader->destroy(reader);
                                free(this);
                                return NULL;
@@ -171,13 +171,13 @@ ipseckey_t *ipseckey_create_frm_rr(rr_t *rr)
                         * TODO: Currently we ignore wire encoded domain names.
                         *
                         */
-                       while(reader->read_uint8(reader, &label) && label != 0 &&
-                                 label < 192)
+                       while (reader->read_uint8(reader, &label) &&
+                                  label != 0 && label < 192)
                        {
-                               if(!reader->read_data(reader, label, &tmp))
+                               if (!reader->read_data(reader, label, &tmp))
                                {
-                                       DBG1(DBG_CFG, "ipseckey gateway field: Wire encoded "
-                                                                 "domain name has the wrong format");
+                                       DBG1(DBG_CFG, "wrong wire encoded domain name format "
+                                                                 "in ipseckey gateway field");
                                        reader->destroy(reader);
                                        free(this);
                                        return NULL;
@@ -186,9 +186,7 @@ ipseckey_t *ipseckey_create_frm_rr(rr_t *rr)
                        break;
 
                default:
-                       DBG1(DBG_CFG, "ipseckey gateway field: Unable to parse the "
-                                                 "ipseckey gateway field. The gateway type field "
-                                                 "indicates an unknown gateway type");
+                       DBG1(DBG_CFG, "unable to parse ipseckey gateway field");
                        reader->destroy(reader);
                        free(this);
                        return NULL;
@@ -197,8 +195,7 @@ ipseckey_t *ipseckey_create_frm_rr(rr_t *rr)
        if (!reader->read_data(reader, reader->remaining(reader),
                                                   &this->public_key))
        {
-               DBG1(DBG_CFG, "ipseckey public key field: Failure while reading "
-                                         "the public key");
+               DBG1(DBG_CFG, "failed to read ipseckey public key field");
                reader->destroy(reader);
                chunk_free(&this->gateway);
                free(this);
index 53f30fe..e8722f1 100644 (file)
@@ -67,8 +67,6 @@ METHOD(enumerator_t, cert_enumerator_enumerate, bool,
        public_key_t * key = NULL;
        bool supported_ipseckey_found = FALSE;
 
-       DBG1(DBG_CFG, "ipseckey_cred: Enumerating over IPSECKEY certificates");
-
        /* Get the next supported IPSECKEY using the inner enumerator. */
        while (this->inner->enumerate(this->inner, &cur_rr) &&
                   !supported_ipseckey_found)
@@ -79,16 +77,14 @@ METHOD(enumerator_t, cert_enumerator_enumerate, bool,
 
                if (!cur_ipseckey)
                {
-                       DBG1(DBG_CFG, "ipseckey_cred: Error while parsing an IPSECKEY. "
-                                                 "Skipping this key");
+                       DBG1(DBG_CFG, "failed to parse ipseckey - skipping this key");
                        supported_ipseckey_found = FALSE;
                }
 
                if (cur_ipseckey &&
                        cur_ipseckey->get_algorithm(cur_ipseckey) != IPSECKEY_ALGORITHM_RSA)
                {
-                       DBG1(DBG_CFG, "ipseckey_cred: Skipping an IPSECKEY which uses an "
-                                                 "unsupported algorithm");
+                       DBG1(DBG_CFG, "unsupported ipseckey algorithm -skipping this key");
                        cur_ipseckey->destroy(cur_ipseckey);
                        supported_ipseckey_found = FALSE;
                }
@@ -108,8 +104,7 @@ METHOD(enumerator_t, cert_enumerator_enumerate, bool,
 
                if (!key)
                {
-                       DBG1(DBG_CFG, "ipseckey_cred: Failed to create a public key "
-                                                 "from the IPSECKEY");
+                       DBG1(DBG_CFG, "failed to create public key from ipseckey");
                        cur_ipseckey->destroy(cur_ipseckey);
                        return FALSE;
                }
@@ -155,18 +150,17 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
 
                if (0 >= asprintf(&fqdn, "%Y", id))
                {
-                       DBG1(DBG_CFG, "ipseckey_cred: ID is empty");
+                       DBG1(DBG_CFG, "empty FQDN string");
                        return enumerator_create_empty();
                }
 
-               DBG1(DBG_CFG, "ipseckey_cred: Performing a DNS query for the IPSECKEY "
-                                         "RRs of the domain %s", fqdn);
-
+               DBG1(DBG_CFG, "performing a DNS query for IPSECKEY RRs of '%s'",
+                                          fqdn);
                response = this->res->query(this->res, fqdn, RR_CLASS_IN,
                                                                        RR_TYPE_IPSECKEY);
                if (!response)
                {
-                       DBG1(DBG_CFG, "ipseckey_cred: DNS query failed");
+                       DBG1(DBG_CFG, "  query for IPSECKEY RRs failed");
                        free(fqdn);
                        return enumerator_create_empty();
                }
@@ -174,8 +168,7 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
                if (!response->has_data(response) ||
                        !response->query_name_exist(response))
                {
-                       DBG1(DBG_CFG, "ipseckey_cred: Unable to retrieve IPSECKEY RRs "
-                                                 "for the domain %s from the DNS", fqdn);
+                       DBG1(DBG_CFG, "  unable to retrieve IPSECKEY RRs from the DNS");
                        response->destroy(response);
                        free(fqdn);
                        return enumerator_create_empty();
@@ -183,9 +176,7 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
 
                if (!(response->get_security_state(response) == SECURE))
                {
-                       DBG1(DBG_CFG, "ipseckey_cred: DNSSEC security state of the "
-                                                 "IPSECKEY RRs of the domain %s is not SECURE "
-                                                 "as required", fqdn);
+                       DBG1(DBG_CFG, "  DNSSEC state of IPSECKEY RRs is not secure");
                        response->destroy(response);
                        free(fqdn);
                        return enumerator_create_empty();
@@ -196,38 +187,22 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
                /** Determine the validity period of the retrieved IPSECKEYs
                 *
                 * We use the "Signature Inception" and "Signature Expiration" field
-                * of the RRSIG resource record to determine the validity period of the
-                * IPSECKEY RRs.
+                * of the first RRSIG RR to determine the validity period of the
+                * IPSECKEY RRs. TODO: Take multiple RRSIGs into account.
                 */
                rrset = response->get_rr_set(response);
                rrsig_enum = rrset->create_rrsig_enumerator(rrset);
-               if (!rrsig_enum)
-               {
-                       DBG1(DBG_CFG, "ipseckey_cred: Unable to determine the validity "
-                                                 "period of the RRs, because there are "
-                                                 "no RRSIGs present");
-                       response->destroy(response);
-                       return enumerator_create_empty();
-               }
-
-               /**
-                * Currently we use the first RRSIG of the IPSECKEY RRset
-                * to determine the validity period of the IPSECKEYs.
-                * TODO: Take multiple RRSIGs into account.
-                */
-               if (!rrsig_enum->enumerate(rrsig_enum, &rrsig))
+               if (!rrsig_enum || !rrsig_enum->enumerate(rrsig_enum, &rrsig))
                {
-                       DBG1(DBG_CFG, "ipseckey_cred: Unable to determine the validity "
-                                                 "period of the IPSECKEY RRs, because there are "
-                                                 "no RRSIGs present");
-                       rrsig_enum->destroy(rrsig_enum);
+                       DBG1(DBG_CFG, "  unable to determine the validity period of "
+                                                 "IPSECKEY RRs because no RRSIGs are present");
+                       DESTROY_IF(rrsig_enum);
                        response->destroy(response);
                        return enumerator_create_empty();
                }
 
                /**
-                * Parse the RRSIG for its validity period.
-                * For the format of a RRSIG see RFC 4034.
+                * Parse the RRSIG for its validity period (RFC 4034)
                 */
                reader = bio_reader_create(rrsig->get_rdata(rrsig));
                reader->read_data(reader, 8, &ignore);
@@ -235,14 +210,14 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
                reader->read_uint32(reader, &nBefore);
                reader->destroy(reader);
 
-               /*Create and return an iterator over the retrieved IPSECKEYs */
+               /*Create and return an iterator over the retrieved IPSECKEYs */
                INIT(e,
                        .public = {
                                .enumerate = (void*)_cert_enumerator_enumerate,
                                .destroy = _cert_enumerator_destroy,
                        },
                        .inner = response->get_rr_set(response)->create_rr_enumerator(
-                                                                                               response->get_rr_set(response)),
+                                                                                 response->get_rr_set(response)),
                        .response = response,
                        .notBefore = nBefore,
                        .notAfter = nAfter,