tlshd: Add tlshd_log_completion()

Refactor the code that emits the handshake completion notice.
Simplify and de-duplicate.

One functional change: Emit the completion notice only when
debugging is enabled. It's a best practice to avoid giving remote
attackers a mechanism to flood the system journal.

Signed-off-by: Chuck Lever <[email protected]>

Author: chucklever

src/tlshd/handshake.c

@@ -181,16 +181,10 @@ void tlshd_service_socket(void)
 
 out:
 	tlshd_genl_done(&parms);
+	tlshd_log_completion(&parms);
 
 	if (parms.keyring)
 		keyctl_unlink(parms.keyring, KEY_SPEC_SESSION_KEYRING);
 
 	free(parms.peerids);
-
-	if (parms.session_status) {
-		tlshd_log_failure(parms.peername, parms.peeraddr,
-				  parms.peeraddr_len);
-		return;
-	}
-	tlshd_log_success(parms.peername, parms.peeraddr, parms.peeraddr_len);
 }

src/tlshd/log.c

@@ -45,40 +45,31 @@ int tlshd_tls_debug;
 int tlshd_stderr;
 
 /**
- * tlshd_log_success - Emit "handshake successful" notification
- * @hostname: peer's DNS name
- * @sap: peer's IP address
- * @salen: length of IP address
+ * tlshd_log_completion - Emit completion notification
+ * @parms: handshake parameters
  *
  */
-void tlshd_log_success(const char *hostname, const struct sockaddr *sap,
-		       socklen_t salen)
+void tlshd_log_completion(struct tlshd_handshake_parms *parms)
 {
-	char buf[NI_MAXHOST];
+	const char *status = "succeeded";
+	int priority = LOG_INFO;
 
-	getnameinfo(sap, salen, buf, sizeof(buf), NULL, 0, NI_NUMERICHOST);
-	syslog(LOG_INFO, "Handshake with %s (%s) was successful\n",
-		hostname, buf);
-}
+	if (!tlshd_debug)
+		return;
 
-/**
- * tlshd_log_failure - Emit "handshake failed" notification
- * @hostname: peer's DNS name
- * @sap: peer's IP address
- * @salen: length of IP address
- *
- */
-void tlshd_log_failure(const char *hostname, const struct sockaddr *sap,
-		       socklen_t salen)
-{
-	if (salen) {
+	if (parms->session_status) {
+		status = "failed";
+		priority = LOG_ERR;
+	}
+	if (parms->peeraddr_len) {
 		char buf[NI_MAXHOST];
 
-		getnameinfo(sap, salen, buf, sizeof(buf), NULL, 0, NI_NUMERICHOST);
-		syslog(LOG_ERR, "Handshake with '%s' (%s) failed\n",
-		       hostname, buf);
+		getnameinfo(parms->peeraddr, parms->peeraddr_len, buf,
+			    sizeof(buf), NULL, 0, NI_NUMERICHOST);
+		syslog(priority, "Handshake with '%s' (%s) %s\n",
+		       parms->peername, buf, status);
 	} else
-		syslog(LOG_ERR, "Handshake request failed\n");
+		syslog(priority, "Handshake request %s\n", status);
 }
 
 /**

src/tlshd/tlshd.h

@@ -96,11 +96,7 @@ extern void tlshd_log_init(const char *progname);
 extern void tlshd_log_shutdown(void);
 extern void tlshd_log_close(void);
 
-extern void tlshd_log_success(const char *hostname,
-			      const struct sockaddr *sap, socklen_t salen);
-extern void tlshd_log_failure(const char *hostname,
-			      const struct sockaddr *sap, socklen_t salen);
-
+extern void tlshd_log_completion(struct tlshd_handshake_parms *parms);
 extern void tlshd_log_debug(const char *fmt, ...);
 extern void tlshd_log_notice(const char *fmt, ...);
 extern void tlshd_log_error(const char *fmt, ...);