journal-gatewayd: log to journal from gnutls

Prefix "gnutls: " is added. Some semi-random mapping of gnutls levels
to syslog levels is done, but since gnutls levels seem to be used
rather loosely, most end up as debug.

diff --git a/Makefile.am b/Makefile.am
index 9e01cd520bb8cb5f0deca018a03d5019cb92bda8..fed8561ede914ae0dc6d7136a53c519a5db5d561 100644 (file)
--- a/Makefile.am
+++ b/Makefile.am
@@ -3437,6 +3437,11 @@ systemd_journal_gatewayd_LDADD = \
        libsystemd-shared.la \
        $(MICROHTTPD_LIBS)
 
+if HAVE_GNUTLS
+systemd_journal_gatewayd_LDADD += \
+       $(GNUTLS_LIBS)
+endif
+
 systemd_journal_gatewayd_CFLAGS = \
        $(AM_CFLAGS) \
        $(MICROHTTPD_CFLAGS)

diff --git a/src/journal/journal-gatewayd.c b/src/journal/journal-gatewayd.c
index 862ee790308378a3b17aa8e94aae6429994d6d0a..c9a243841d04a2b67f5b5dc39db9357563e9dba3 100644 (file)
--- a/src/journal/journal-gatewayd.c
+++ b/src/journal/journal-gatewayd.c
@@ -1024,6 +1024,11 @@ int main(int argc, char *argv[]) {
         if (r == 0)
                 return EXIT_SUCCESS;
 
+#ifdef HAVE_GNUTLS
+        gnutls_global_set_log_function(log_func_gnutls);
+        gnutls_global_set_log_level(GNUTLS_LOG_LEVEL);
+#endif
+
         n = sd_listen_fds(1);
         if (n < 0) {
                 log_error("Failed to determine passed sockets: %s", strerror(-n));

diff --git a/src/journal/microhttpd-util.c b/src/journal/microhttpd-util.c
index 3844f7a03c5e477e514883afdcde7e33a678ac98..b07ae6dff383c7eaa57ad35f1a7e87e8190d00a4 100644 (file)
--- a/src/journal/microhttpd-util.c
+++ b/src/journal/microhttpd-util.c
@@ -39,3 +39,38 @@ void microhttpd_logger(void *arg, const char *fmt, va_list ap) {
         log_metav(LOG_INFO, NULL, 0, NULL, f, ap);
         REENABLE_WARNING;
 }
+
+#ifdef HAVE_GNUTLS
+
+static int log_level_map[] = {
+        LOG_DEBUG,
+        LOG_WARNING, /* gnutls session audit */
+        LOG_DEBUG,   /* gnutls debug log */
+        LOG_WARNING, /* gnutls assert log */
+        LOG_INFO,    /* gnutls handshake log */
+        LOG_DEBUG,   /* gnutls record log */
+        LOG_DEBUG,   /* gnutls dtls log */
+        LOG_DEBUG,
+        LOG_DEBUG,
+        LOG_DEBUG,
+        LOG_DEBUG,   /* gnutls hard log */
+        LOG_DEBUG,   /* gnutls read log */
+        LOG_DEBUG,   /* gnutls write log */
+        LOG_DEBUG,   /* gnutls io log */
+        LOG_DEBUG,   /* gnutls buffers log */
+};
+
+void log_func_gnutls(int level, const char *message) {
+        int ourlevel;
+
+        assert_se(message);
+
+        if (0 <= level && level < (int) ELEMENTSOF(log_level_map))
+                ourlevel = log_level_map[level];
+        else
+                level = LOG_DEBUG;
+
+        log_meta(ourlevel, NULL, 0, NULL, "gnutls: %s", message);
+}
+
+#endif

diff --git a/src/journal/microhttpd-util.h b/src/journal/microhttpd-util.h
index 74d1668bdfcce1e0038d95cde5e734f7b6cbd79b..4afe0a29d1f95f2df1cb72f611176eb12a2be354 100644 (file)
--- a/src/journal/microhttpd-util.h
+++ b/src/journal/microhttpd-util.h
@@ -26,3 +26,15 @@
 #include "macro.h"
 
 void microhttpd_logger(void *arg, const char *fmt, va_list ap) _printf_(2, 0);
+
+#ifdef HAVE_GNUTLS
+#include <gnutls/gnutls.h>
+
+void log_func_gnutls(int level, const char *message);
+
+/* This is additionally filtered by our internal log level, so it
+ * should be set fairly high to capture all potentially interesting
+ * events without overwhelming detail.
+ */
+#define GNUTLS_LOG_LEVEL 6
+#endif