X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fjournal%2Fmicrohttpd-util.c;h=250be93dbe675c85ac75c643a519b54dc4c70745;hb=9786767a36803f6a27870e6f2a666113565e19d2;hp=17135abf8b48dcf66be684c43d80ef60d9d2f38e;hpb=f12be7e8ca278a5a207d0fd051acec700b804a7a;p=elogind.git

diff --git a/src/journal/microhttpd-util.c b/src/journal/microhttpd-util.c
index 17135abf8..250be93db 100644
--- a/src/journal/microhttpd-util.c
+++ b/src/journal/microhttpd-util.c
@@ -48,30 +48,45 @@ void microhttpd_logger(void *arg, const char *fmt, va_list ap) {
 }
 
 
-int respond_oom_internal(struct MHD_Connection *connection) {
+static int mhd_respond_internal(struct MHD_Connection *connection,
+                                enum MHD_RequestTerminationCode code,
+                                char *buffer,
+                                size_t size,
+                                enum MHD_ResponseMemoryMode mode) {
         struct MHD_Response *response;
-        const char m[] = "Out of memory.\n";
-        int ret;
+        int r;
 
         assert(connection);
 
-        response = MHD_create_response_from_buffer(sizeof(m)-1, (char*) m, MHD_RESPMEM_PERSISTENT);
+        response = MHD_create_response_from_buffer(size, buffer, mode);
         if (!response)
                 return MHD_NO;
 
+        log_debug("Queing response %u: %s", code, buffer);
         MHD_add_response_header(response, "Content-Type", "text/plain");
-        ret = MHD_queue_response(connection, MHD_HTTP_SERVICE_UNAVAILABLE, response);
+        r = MHD_queue_response(connection, code, response);
         MHD_destroy_response(response);
 
-        return ret;
+        return r;
 }
 
-_printf_(3,4)
-int respond_error(struct MHD_Connection *connection,
-                  unsigned code,
-                  const char *format, ...) {
+int mhd_respond(struct MHD_Connection *connection,
+                enum MHD_RequestTerminationCode code,
+                const char *message) {
+
+        return mhd_respond_internal(connection, code,
+                                    (char*) message, strlen(message),
+                                    MHD_RESPMEM_PERSISTENT);
+}
+
+int mhd_respond_oom(struct MHD_Connection *connection) {
+        return mhd_respond(connection, MHD_HTTP_SERVICE_UNAVAILABLE,  "Out of memory.\n");
+}
+
+int mhd_respondf(struct MHD_Connection *connection,
+                 enum MHD_RequestTerminationCode code,
+                 const char *format, ...) {
 
-        struct MHD_Response *response;
         char *m;
         int r;
         va_list ap;
@@ -86,17 +101,9 @@ int respond_error(struct MHD_Connection *connection,
         if (r < 0)
                 return respond_oom(connection);
 
-        response = MHD_create_response_from_buffer(strlen(m), m, MHD_RESPMEM_MUST_FREE);
-        if (!response) {
+        r = mhd_respond_internal(connection, code, m, r, MHD_RESPMEM_MUST_FREE);
+        if (r == MHD_NO)
                 free(m);
-                return respond_oom(connection);
-        }
-
-        log_debug("queing response %u: %s", code, m);
-        MHD_add_response_header(response, "Content-Type", "text/plain");
-        r = MHD_queue_response(connection, code, response);
-        MHD_destroy_response(response);
-
         return r;
 }
 
@@ -227,33 +234,35 @@ int check_permissions(struct MHD_Connection *connection, int *code) {
         ci = MHD_get_connection_info(connection,
                                      MHD_CONNECTION_INFO_GNUTLS_SESSION);
         if (!ci) {
-                log_error("MHD_get_connection_info failed");
-                return -EINVAL;
+                log_error("MHD_get_connection_info failed: session is unencrypted");
+                *code = mhd_respond(connection, MHD_HTTP_FORBIDDEN,
+                                    "Encrypted connection is required");
+                return -EPERM;
         }
         session = ci->tls_session;
         assert(session);
 
         r = get_client_cert(session, &client_cert);
         if (r < 0) {
-                *code = respond_error(connection, MHD_HTTP_UNAUTHORIZED,
-                                      "Authorization through certificate is required");
+                *code = mhd_respond(connection, MHD_HTTP_UNAUTHORIZED,
+                                    "Authorization through certificate is required");
                 return -EPERM;
         }
 
         r = get_auth_dn(client_cert, &buf);
         if (r < 0) {
-                *code = respond_error(connection, MHD_HTTP_UNAUTHORIZED,
-                                      "Failed to determine distinguished name from certificate");
+                *code = mhd_respond(connection, MHD_HTTP_UNAUTHORIZED,
+                                    "Failed to determine distinguished name from certificate");
                 return -EPERM;
         }
 
-        log_info("Connection from %s", buf);
+        log_info("Connection from DN %s", buf);
 
         r = verify_cert_authorized(session);
         if (r < 0) {
-                log_error("Client is not authorized");
-                *code = respond_error(connection, MHD_HTTP_UNAUTHORIZED,
-                                      "Client certificate not signed by recognized authority");
+                log_warning("Client is not authorized");
+                *code = mhd_respond(connection, MHD_HTTP_UNAUTHORIZED,
+                                    "Client certificate not signed by recognized authority");
         }
         return r;
 }