From 37a8f09c5dd4c2be236e42bcd9f264e818aef5ed Mon Sep 17 00:00:00 2001 From: Bingyu Shen Date: Wed, 6 May 2020 23:44:54 -0700 Subject: [PATCH 1/4] Enhance the log messages for check_authentication failures --- cherokee/connection.c | 5 +++++ cherokee/error_list.py | 21 +++++++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/cherokee/connection.c b/cherokee/connection.c index e11c01c3f..60ba859f6 100644 --- a/cherokee/connection.c +++ b/cherokee/connection.c @@ -2315,6 +2315,7 @@ cherokee_connection_check_authentication (cherokee_connection_t *conn, cherokee_ */ ret = cherokee_header_get_known (&conn->header, header_authorization, &ptr, &len); if (ret != ret_ok) { + LOG_ERROR_S(CHEROKEE_ERROR_CONNECTION_HEADER_AUTH); goto unauthorized; } @@ -2330,6 +2331,7 @@ cherokee_connection_check_authentication (cherokee_connection_t *conn, cherokee_ */ ret = get_authorization (conn, config_entry->authentication, conn->validator, ptr, len); if (ret != ret_ok) { + LOG_ERROR_S(CHEROKEE_ERROR_CONNECTION_AUTH_GET_HEADER); goto unauthorized; } @@ -2339,11 +2341,13 @@ cherokee_connection_check_authentication (cherokee_connection_t *conn, cherokee_ void *foo; if (cherokee_buffer_is_empty (&conn->validator->user)) { + LOG_ERROR_S(CHEROKEE_ERROR_CONNECTION_NO_USER); goto unauthorized; } ret = cherokee_avl_get (config_entry->users, &conn->validator->user, &foo); if (ret != ret_ok) { + LOG_ERROR(CHEROKEE_ERROR_CONNECTION_NO_VALID_USER, conn->validator->user.buf); goto unauthorized; } } @@ -2359,6 +2363,7 @@ cherokee_connection_check_authentication (cherokee_connection_t *conn, cherokee_ ret = cherokee_validator_check (conn->validator, conn); if (ret != ret_ok) { + LOG_ERROR_S(CHEROKEE_ERROR_CONNECTION_LOGIN_ERROR); goto unauthorized; } diff --git a/cherokee/error_list.py b/cherokee/error_list.py index e66867d3d..396f52fce 100644 --- a/cherokee/error_list.py +++ b/cherokee/error_list.py @@ -964,6 +964,27 @@ # cherokee/connection.c # + +e('CONNECTION_HEADER_AUTH', + title = "Could not get authentication information from the header", + desc = CODING_BUG) + +e('CONNECTION_AUTH_GET_HEADER', + title = "Could not parse the authentication information in the header", + desc = "The authentication information in the connection header does not match with the configuration type.") + +e('CONNECTION_LOGIN_ERROR', + title = "Login failed: invalid password", + desc = "The supplied password is invalid.") + +e('CONNECTION_NO_USER', + title = "The connection does not have users", + desc = BROKEN_CONFIG) + +e('CONNECTION_NO_VALID_USER', + title = "The connection's user (%s) is not valid, please check the configuration.", + desc = BROKEN_CONFIG) + e('CONNECTION_AUTH', title = "Unknown authentication method", desc = BROKEN_CONFIG) From 619ddfb2b24a5aef6640b2a0033fde82ad0d7ed7 Mon Sep 17 00:00:00 2001 From: byshen-dev Date: Mon, 10 Aug 2020 00:32:19 -0700 Subject: [PATCH 2/4] Log the reasons of failures in the connection setup stage --- cherokee/connection.c | 3 +++ cherokee/error_list.py | 8 ++++++++ 2 files changed, 11 insertions(+) diff --git a/cherokee/connection.c b/cherokee/connection.c index 60ba859f6..6b9e3a885 100644 --- a/cherokee/connection.c +++ b/cherokee/connection.c @@ -2396,6 +2396,8 @@ cherokee_connection_check_ip_validation (cherokee_connection_t *conn, cherokee_c } conn->error_code = http_access_denied; + LOG_ERROR_S(CHEROKEE_ERROR_CONNECTION_INVALID_IP); + return ret_error; } @@ -2440,6 +2442,7 @@ cherokee_connection_check_http_method (cherokee_connection_t *conn, cherokee_con conn->header.method = http_get; } + LOG_ERROR_S(CHEROKEE_ERROR_CONNECTION_HTTPD_METHOD); return ret_error; } diff --git a/cherokee/error_list.py b/cherokee/error_list.py index 396f52fce..346691985 100644 --- a/cherokee/error_list.py +++ b/cherokee/error_list.py @@ -985,6 +985,14 @@ title = "The connection's user (%s) is not valid, please check the configuration.", desc = BROKEN_CONFIG) +e('CONNECTION_INVALID_IP', + title = "The connection's IP is invalid: please check IP or subnet configuration.", + desc = BROKEN_CONFIG) + +e('CONNECTION_HTTPD_METHOD', + title = "The connection's HTTP method is not allowed.", + desc = BROKEN_CONFIG) + e('CONNECTION_AUTH', title = "Unknown authentication method", desc = BROKEN_CONFIG) From a4dbd3598cf37e3068aafca3de43dac69a474317 Mon Sep 17 00:00:00 2001 From: Bingyu Shen Date: Thu, 27 Aug 2020 22:52:03 -0700 Subject: [PATCH 3/4] Improve log message for creating directory errors, add detailed information for required write permission --- cherokee/error_list.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cherokee/error_list.py b/cherokee/error_list.py index 346691985..c89de01eb 100644 --- a/cherokee/error_list.py +++ b/cherokee/error_list.py @@ -58,7 +58,7 @@ admin = '/general#tabs_general-0') e('RRD_MKDIR_WRITE', - title = "Cannot create the '%s' directory", + title = "Could not create the '%s' directory or it doesn't have write permission", desc = SYSTEM_ISSUE, admin = '/general#tabs_general-0') From c78b4b7aef1dfd194a5b1eadebc4b8d1fea83ee4 Mon Sep 17 00:00:00 2001 From: Bingyu Shen Date: Wed, 9 Sep 2020 16:06:32 -0700 Subject: [PATCH 4/4] Use more appropriate descriptions in the log messages --- cherokee/error_list.py | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/cherokee/error_list.py b/cherokee/error_list.py index c89de01eb..0aa321a0b 100644 --- a/cherokee/error_list.py +++ b/cherokee/error_list.py @@ -966,23 +966,22 @@ # e('CONNECTION_HEADER_AUTH', - title = "Could not get authentication information from the header", - desc = CODING_BUG) + title = "Authentication failed: could not get authentication information from the header") e('CONNECTION_AUTH_GET_HEADER', - title = "Could not parse the authentication information in the header", - desc = "The authentication information in the connection header does not match with the configuration type.") + title = "Authentication failed: could not parse the authentication information in the header", + desc = "The authentication method in the connection does not match with the configuration.") e('CONNECTION_LOGIN_ERROR', title = "Login failed: invalid password", desc = "The supplied password is invalid.") e('CONNECTION_NO_USER', - title = "The connection does not have users", - desc = BROKEN_CONFIG) + title = "The connection does not have a user", + desc = "The connection's user field is empty.") e('CONNECTION_NO_VALID_USER', - title = "The connection's user (%s) is not valid, please check the configuration.", + title = "The connection's user (%s) is not in the fixed list, please check the configuration.", desc = BROKEN_CONFIG) e('CONNECTION_INVALID_IP',