X-Git-Url: https://code.citadel.org/?p=citadel.git;a=blobdiff_plain;f=citadel%2Fmodules%2Fcrypto%2Fserv_crypto.c;h=6afeee84bc7c0b7a643ea51fce35093bff23932a;hp=66693a7927c8669737bf3b83597c7499b72ee4d2;hb=f1ee61891901850ebbdee1e9440b363dc6df540a;hpb=2d03b6864a657a706b8d2917d912e579b2298025

diff --git a/citadel/modules/crypto/serv_crypto.c b/citadel/modules/crypto/serv_crypto.c
index 66693a792..6afeee84b 100644
--- a/citadel/modules/crypto/serv_crypto.c
+++ b/citadel/modules/crypto/serv_crypto.c
@@ -93,14 +93,14 @@ void init_ssl(void)
 		RAND_egd(EGD_POOL);
 
 	if (!RAND_status()) {
-		CtdlLogPrintf(CTDL_CRIT,
+		syslog(LOG_CRIT,
 			"PRNG not adequately seeded, won't do SSL/TLS\n");
 		return;
 	}
 	SSLCritters =
 	    malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t *));
 	if (!SSLCritters) {
-		CtdlLogPrintf(CTDL_EMERG, "citserver: can't allocate memory!!\n");
+		syslog(LOG_EMERG, "citserver: can't allocate memory!!\n");
 		/* Nothing's been initialized, just die */
 		exit(1);
 	} else {
@@ -109,7 +109,7 @@ void init_ssl(void)
 		for (a = 0; a < CRYPTO_num_locks(); a++) {
 			SSLCritters[a] = malloc(sizeof(pthread_mutex_t));
 			if (!SSLCritters[a]) {
-				CtdlLogPrintf(CTDL_EMERG,
+				syslog(LOG_EMERG,
 					"citserver: can't allocate memory!!\n");
 				/* Nothing's been initialized, just die */
 				exit(1);
@@ -125,12 +125,12 @@ void init_ssl(void)
 	SSL_load_error_strings();
 	ssl_method = SSLv23_server_method();
 	if (!(ssl_ctx = SSL_CTX_new(ssl_method))) {
-		CtdlLogPrintf(CTDL_CRIT, "SSL_CTX_new failed: %s\n",
+		syslog(LOG_CRIT, "SSL_CTX_new failed: %s\n",
 			ERR_reason_error_string(ERR_get_error()));
 		return;
 	}
 	if (!(SSL_CTX_set_cipher_list(ssl_ctx, CIT_CIPHERS))) {
-		CtdlLogPrintf(CTDL_CRIT, "SSL: No ciphers available\n");
+		syslog(LOG_CRIT, "SSL: No ciphers available\n");
 		SSL_CTX_free(ssl_ctx);
 		ssl_ctx = NULL;
 		return;
@@ -148,21 +148,21 @@ void init_ssl(void)
 	/* Load DH parameters into the context */
 	dh = DH_new();
 	if (!dh) {
-		CtdlLogPrintf(CTDL_CRIT, "init_ssl() can't allocate a DH object: %s\n",
+		syslog(LOG_CRIT, "init_ssl() can't allocate a DH object: %s\n",
 			ERR_reason_error_string(ERR_get_error()));
 		SSL_CTX_free(ssl_ctx);
 		ssl_ctx = NULL;
 		return;
 	}
 	if (!(BN_hex2bn(&(dh->p), DH_P))) {
-		CtdlLogPrintf(CTDL_CRIT, "init_ssl() can't assign DH_P: %s\n",
+		syslog(LOG_CRIT, "init_ssl() can't assign DH_P: %s\n",
 			ERR_reason_error_string(ERR_get_error()));
 		SSL_CTX_free(ssl_ctx);
 		ssl_ctx = NULL;
 		return;
 	}
 	if (!(BN_hex2bn(&(dh->g), DH_G))) {
-		CtdlLogPrintf(CTDL_CRIT, "init_ssl() can't assign DH_G: %s\n",
+		syslog(LOG_CRIT, "init_ssl() can't assign DH_G: %s\n",
 			ERR_reason_error_string(ERR_get_error()));
 		SSL_CTX_free(ssl_ctx);
 		ssl_ctx = NULL;
@@ -181,13 +181,13 @@ void init_ssl(void)
 	 * Generate a key pair if we don't have one.
 	 */
 	if (access(file_crpt_file_key, R_OK) != 0) {
-		CtdlLogPrintf(CTDL_INFO, "Generating RSA key pair.\n");
+		syslog(LOG_INFO, "Generating RSA key pair.\n");
 		rsa = RSA_generate_key(1024,	/* modulus size */
 					65537,	/* exponent */
 					NULL,	/* no callback */
 					NULL);	/* no callback */
 		if (rsa == NULL) {
-			CtdlLogPrintf(CTDL_CRIT, "Key generation failed: %s\n",
+			syslog(LOG_CRIT, "Key generation failed: %s\n",
 				ERR_reason_error_string(ERR_get_error()));
 		}
 		if (rsa != NULL) {
@@ -202,7 +202,7 @@ void init_ssl(void)
 							NULL,	/* no callbk */
 							NULL	/* no callbk */
 				) != 1) {
-					CtdlLogPrintf(CTDL_CRIT, "Cannot write key: %s\n",
+					syslog(LOG_CRIT, "Cannot write key: %s\n",
                                 		ERR_reason_error_string(ERR_get_error()));
 					unlink(file_crpt_file_key);
 				}
@@ -218,7 +218,7 @@ void init_ssl(void)
 	 * the CSR in this step so that the next step may commence.
 	 */
 	if ( (access(file_crpt_file_cer, R_OK) != 0) && (access(file_crpt_file_csr, R_OK) != 0) ) {
-		CtdlLogPrintf(CTDL_INFO, "Generating a certificate signing request.\n");
+		syslog(LOG_INFO, "Generating a certificate signing request.\n");
 
 		/*
 		 * Read our key from the file.  No, we don't just keep this
@@ -281,7 +281,7 @@ void init_ssl(void)
 
 					/* Sign the CSR */
 					if (!X509_REQ_sign(req, pk, EVP_md5())) {
-						CtdlLogPrintf(CTDL_CRIT, "X509_REQ_sign(): error\n");
+						syslog(LOG_CRIT, "X509_REQ_sign(): error\n");
 					}
 					else {
 						/* Write it to disk. */	
@@ -301,7 +301,7 @@ void init_ssl(void)
 		}
 
 		else {
-			CtdlLogPrintf(CTDL_CRIT, "Unable to read private key.\n");
+			syslog(LOG_CRIT, "Unable to read private key.\n");
 		}
 	}
 
@@ -311,7 +311,7 @@ void init_ssl(void)
 	 * Generate a self-signed certificate if we don't have one.
 	 */
 	if (access(file_crpt_file_cer, R_OK) != 0) {
-		CtdlLogPrintf(CTDL_INFO, "Generating a self-signed certificate.\n");
+		syslog(LOG_INFO, "Generating a self-signed certificate.\n");
 
 		/* Same deal as before: always read the key from disk because
 		 * it may or may not have just been generated.
@@ -351,7 +351,7 @@ void init_ssl(void)
 					
 					/* Sign the cert */
 					if (!X509_sign(cer, pk, EVP_md5())) {
-						CtdlLogPrintf(CTDL_CRIT, "X509_sign(): error\n");
+						syslog(LOG_CRIT, "X509_sign(): error\n");
 					}
 					else {
 						/* Write it to disk. */	
@@ -377,7 +377,7 @@ void init_ssl(void)
         SSL_CTX_use_certificate_chain_file(ssl_ctx, file_crpt_file_cer);
         SSL_CTX_use_PrivateKey_file(ssl_ctx, file_crpt_file_key, SSL_FILETYPE_PEM);
         if ( !SSL_CTX_check_private_key(ssl_ctx) ) {
-		CtdlLogPrintf(CTDL_CRIT, "Cannot install certificate: %s\n",
+		syslog(LOG_CRIT, "Cannot install certificate: %s\n",
 				ERR_reason_error_string(ERR_get_error()));
         }
 
@@ -403,7 +403,7 @@ void client_write_ssl(const char *buf, int nbytes)
 	while (nremain > 0) {
 		if (SSL_want_write(CC->ssl)) {
 			if ((SSL_read(CC->ssl, junk, 0)) < 1) {
-				CtdlLogPrintf(CTDL_DEBUG, "SSL_read in client_write: %s\n", ERR_reason_error_string(ERR_get_error()));
+				syslog(LOG_DEBUG, "SSL_read in client_write: %s\n", ERR_reason_error_string(ERR_get_error()));
 			}
 		}
 		retval =
@@ -417,9 +417,9 @@ void client_write_ssl(const char *buf, int nbytes)
 				sleep(1);
 				continue;
 			}
-			CtdlLogPrintf(CTDL_DEBUG, "SSL_write got error %ld, ret %d\n", errval, retval);
+			syslog(LOG_DEBUG, "SSL_write got error %ld, ret %d\n", errval, retval);
 			if (retval == -1)
-				CtdlLogPrintf(CTDL_DEBUG, "errno is %d\n", errno);
+				syslog(LOG_DEBUG, "errno is %d\n", errno);
 			endtls();
 			client_write(&buf[nbytes - nremain], nremain);
 			return;
@@ -444,7 +444,7 @@ int client_read_sslbuffer(StrBuf *buf, int timeout)
 	while (1) {
 		if (SSL_want_read(pssl)) {
 			if ((SSL_write(pssl, junk, 0)) < 1) {
-				CtdlLogPrintf(CTDL_DEBUG, "SSL_write in client_read\n");
+				syslog(LOG_DEBUG, "SSL_write in client_read\n");
 			}
 		}
 		rlen = SSL_read(pssl, sbuf, sizeof(sbuf));
@@ -456,7 +456,7 @@ int client_read_sslbuffer(StrBuf *buf, int timeout)
 				sleep(1);
 				continue;
 			}
-			CtdlLogPrintf(CTDL_DEBUG, "SSL_read got error %ld\n", errval);
+			syslog(LOG_DEBUG, "SSL_read got error %ld\n", errval);
 			endtls();
 			return (-1);
 		}
@@ -637,18 +637,18 @@ void CtdlStartTLS(char *ok_response, char *nosup_response,
 	int retval, bits, alg_bits;
 
 	if (!ssl_ctx) {
-		CtdlLogPrintf(CTDL_CRIT, "SSL failed: no ssl_ctx exists?\n");
+		syslog(LOG_CRIT, "SSL failed: no ssl_ctx exists?\n");
 		if (nosup_response != NULL) cprintf("%s", nosup_response);
 		return;
 	}
 	if (!(CC->ssl = SSL_new(ssl_ctx))) {
-		CtdlLogPrintf(CTDL_CRIT, "SSL_new failed: %s\n",
+		syslog(LOG_CRIT, "SSL_new failed: %s\n",
 				ERR_reason_error_string(ERR_get_error()));
 		if (error_response != NULL) cprintf("%s", error_response);
 		return;
 	}
 	if (!(SSL_set_fd(CC->ssl, CC->client_socket))) {
-		CtdlLogPrintf(CTDL_CRIT, "SSL_set_fd failed: %s\n",
+		syslog(LOG_CRIT, "SSL_set_fd failed: %s\n",
 			ERR_reason_error_string(ERR_get_error()));
 		SSL_free(CC->ssl);
 		CC->ssl = NULL;
@@ -667,7 +667,7 @@ void CtdlStartTLS(char *ok_response, char *nosup_response,
 		char error_string[128];
 
 		errval = SSL_get_error(CC->ssl, retval);
-		CtdlLogPrintf(CTDL_CRIT, "SSL_accept failed: retval=%d, errval=%ld, err=%s\n",
+		syslog(LOG_CRIT, "SSL_accept failed: retval=%d, errval=%ld, err=%s\n",
 			retval,
 			errval,
 			ERR_error_string(errval, error_string)
@@ -678,7 +678,7 @@ void CtdlStartTLS(char *ok_response, char *nosup_response,
 	}
 	BIO_set_close(CC->ssl->rbio, BIO_NOCLOSE);
 	bits = SSL_CIPHER_get_bits(SSL_get_current_cipher(CC->ssl), &alg_bits);
-	CtdlLogPrintf(CTDL_INFO, "SSL/TLS using %s on %s (%d of %d bits)\n",
+	syslog(LOG_INFO, "SSL/TLS using %s on %s (%d of %d bits)\n",
 		SSL_CIPHER_get_name(SSL_get_current_cipher(CC->ssl)),
 		SSL_CIPHER_get_version(SSL_get_current_cipher(CC->ssl)),
 		bits, alg_bits);
@@ -745,7 +745,7 @@ void endtls(void)
 		return;
 	}
 
-	CtdlLogPrintf(CTDL_INFO, "Ending SSL/TLS\n");
+	syslog(LOG_INFO, "Ending SSL/TLS\n");
 	SSL_shutdown(CC->ssl);
 	SSL_free(CC->ssl);
 	CC->ssl = NULL;