commit ddbcd3c13f2159113bb7e9921a1bec13755c5d43 from: Omar Polo date: Mon Aug 07 14:04:47 2023 UTC use the subject' common name as the user field in log commit - 35579431eb3d6fbdef6bfa6723afcb72cdfd73ee commit + ddbcd3c13f2159113bb7e9921a1bec13755c5d43 blob - 071ab9e36bd81d6994e183dbdaa1d9225df644de blob + 75d81b27e0a59ff377536d2d0699b46a8d281dca --- ge.c +++ ge.c @@ -28,6 +28,7 @@ #include #include #include +#include #include "log.h" @@ -43,6 +44,7 @@ void log_request(struct client *c, int code, const char *meta) { char b[GEMINI_URL_LEN]; + char cntmp[64], cn[64] = "-"; char rfc3339[32]; const char *t; struct tm *tm; @@ -80,9 +82,21 @@ log_request(struct client *c, int code, const char *me strlcpy(b, t, sizeof(b)); } - fprintf(stderr, "%s %s - %s %s 0 %d %s\n", rfc3339, - c->rhost, *c->domain == '\0' ? c->iri.host : c->domain, - b, code, meta); + if (tls_peer_cert_provided(c->ctx)) { + const char *subj; + char *n; + + subj = tls_peer_cert_subject(c->ctx); + if ((n = strstr(subj, "/CN=")) != NULL) { + strlcpy(cntmp, subj + 4, sizeof(cntmp)); + if ((n = strchr(cntmp, '/')) != NULL) + *n = '\0'; + strnvis(cn, cntmp, sizeof(cn), VIS_WHITE|VIS_DQ); + } + } + + fprintf(stderr, "%s %s %s %s %s 0 %d %s\n", rfc3339, c->rhost, cn, + *c->domain == '\0' ? c->iri.host : c->domain, b, code, meta); } void blob - dbd31812f82003ede46a6fac98224031be907baa blob + d97a6da7ed8eb5016819cce8f1f5e221d4533f6f --- gmid.c +++ gmid.c @@ -29,6 +29,7 @@ #include #include #include +#include #include "log.h" #include "proc.h" @@ -85,6 +86,7 @@ log_request(struct client *c, int code, const char *me { struct conf *conf = c->conf; char tstamp[64], rfc3339[32]; + char cntmp[64], cn[64] = "-"; char b[GEMINI_URL_LEN]; char *fmted; const char *t; @@ -126,6 +128,19 @@ log_request(struct client *c, int code, const char *me strlcpy(b, t, sizeof(b)); } + if (tls_peer_cert_provided(c->ctx)) { + const char *subj; + char *n; + + subj = tls_peer_cert_subject(c->ctx); + if ((n = strstr(subj, "/CN=")) != NULL) { + strlcpy(cntmp, subj + 4, sizeof(cntmp)); + if ((n = strchr(cntmp, '/')) != NULL) + *n = '\0'; + strnvis(cn, cntmp, sizeof(cn), VIS_WHITE|VIS_DQ); + } + } + switch (conf->log_format) { case LOG_FORMAT_LEGACY: ec = asprintf(&fmted, "%s:%s GET %s %d %s", c->rhost, @@ -134,14 +149,11 @@ log_request(struct client *c, int code, const char *me case LOG_FORMAT_CONDENSED: /* - * XXX the first '-' is the remote user name, we - * could use the client cert for it. - * * XXX it should log the size of the request and * response. */ - ec = asprintf(&fmted, "%s %s - %s %s 0 0 %d %s", rfc3339, - c->rhost, *c->domain == '\0' ? c->iri.host : c->domain, + ec = asprintf(&fmted, "%s %s %s %s %s 0 0 %d %s", rfc3339, + c->rhost, cn, *c->domain == '\0' ? c->iri.host : c->domain, b, code, meta); break; @@ -152,14 +164,11 @@ log_request(struct client *c, int code, const char *me */ case LOG_FORMAT_COMMON: /* - * XXX the second '-' is the remote user name, we - * could use the client cert for it. - * * XXX it should log the size of the response. */ - ec = asprintf(&fmted, "%s %s - - %s \"%s\" %d 0", + ec = asprintf(&fmted, "%s %s - %s %s \"%s\" %d 0", *c->domain == '\0' ? c->iri.host : c->domain, - c->rhost, tstamp, b, code); + c->rhost, cn, tstamp, b, code); break; /* @@ -170,13 +179,10 @@ log_request(struct client *c, int code, const char *me case LOG_FORMAT_COMBINED: default: /* - * XXX the second '-' is the remote user name, we - * could use the client cert for it. - * * XXX it should log the size of the response. */ - ec = asprintf(&fmted, "%s - - [%s] \"%s\" %d 0 \"-\" \"\"", - c->rhost, tstamp, b, code); + ec = asprintf(&fmted, "%s - %s [%s] \"%s\" %d 0 \"-\" \"\"", + c->rhost, cn, tstamp, b, code); break; }