Commit 0a172661 authored by ale's avatar ale

Increase and standardize logging messages

parent ae32c88a
Pipeline #5428 passed with stages
in 5 minutes and 23 seconds
...@@ -202,14 +202,16 @@ func (s *KeyStore) Get(username, ssoTicket string) ([]byte, error) { ...@@ -202,14 +202,16 @@ func (s *KeyStore) Get(username, ssoTicket string) ([]byte, error) {
} }
// Close the user's key store and wipe the associated unencrypted key // Close the user's key store and wipe the associated unencrypted key
// from memory. // from memory. Returns true if a key was actually discarded.
func (s *KeyStore) Close(username string) { func (s *KeyStore) Close(username string) bool {
s.mx.Lock() s.mx.Lock()
if k, ok := s.userKeys[username]; ok { defer s.mx.Unlock()
k, ok := s.userKeys[username]
if ok {
wipeBytes(k.pkey) wipeBytes(k.pkey)
delete(s.userKeys, username) delete(s.userKeys, username)
} }
s.mx.Unlock() return ok
} }
func wipeBytes(b []byte) { func wipeBytes(b []byte) {
......
...@@ -23,13 +23,13 @@ func (s *keyStoreServer) handleOpen(w http.ResponseWriter, r *http.Request) { ...@@ -23,13 +23,13 @@ func (s *keyStoreServer) handleOpen(w http.ResponseWriter, r *http.Request) {
err := s.KeyStore.Open(r.Context(), req.Username, req.Password, req.TTL) err := s.KeyStore.Open(r.Context(), req.Username, req.Password, req.TTL)
if err == errNoKeys { if err == errNoKeys {
log.Printf("no keys found for %s", req.Username) log.Printf("Open(%s): no encrypted keys found in database", req.Username)
} else if err != nil { } else if err != nil {
log.Printf("Open(%s) error: %v", req.Username, err) log.Printf("Open(%s): error: %v", req.Username, err)
http.Error(w, err.Error(), http.StatusInternalServerError) http.Error(w, err.Error(), http.StatusInternalServerError)
return return
} else { } else {
log.Printf("decrypted key for %s, ttl=%d", req.Username, req.TTL) log.Printf("Open(%s): decrypted key, ttl=%d", req.Username, req.TTL)
} }
serverutil.EncodeJSONResponse(w, &emptyResponse) serverutil.EncodeJSONResponse(w, &emptyResponse)
...@@ -44,20 +44,21 @@ func (s *keyStoreServer) handleGet(w http.ResponseWriter, r *http.Request) { ...@@ -44,20 +44,21 @@ func (s *keyStoreServer) handleGet(w http.ResponseWriter, r *http.Request) {
var resp keystore.GetResponse var resp keystore.GetResponse
key, err := s.KeyStore.Get(req.Username, req.SSOTicket) key, err := s.KeyStore.Get(req.Username, req.SSOTicket)
if err == errNoKeys { if err == errNoKeys {
log.Printf("no keys for %s", req.Username) log.Printf("Get(%s): no unlocked keys found in memory", req.Username)
} else if err != nil { } else if err != nil {
// Return an appropriate error code. // Return an appropriate error code.
switch err { switch err {
case errUnauthorized, errBadUser: case errUnauthorized, errBadUser:
http.Error(w, err.Error(), http.StatusForbidden) http.Error(w, err.Error(), http.StatusForbidden)
default: default:
log.Printf("Get(%s) error: %v", req.Username, err) log.Printf("Get(%s): error: %v", req.Username, err)
http.Error(w, err.Error(), http.StatusInternalServerError) http.Error(w, err.Error(), http.StatusInternalServerError)
} }
return return
} else { } else {
resp.HasKey = true resp.HasKey = true
resp.Key = key resp.Key = key
log.Printf("Get(%s): fetched key", req.Username)
} }
serverutil.EncodeJSONResponse(w, &resp) serverutil.EncodeJSONResponse(w, &resp)
...@@ -69,7 +70,9 @@ func (s *keyStoreServer) handleClose(w http.ResponseWriter, r *http.Request) { ...@@ -69,7 +70,9 @@ func (s *keyStoreServer) handleClose(w http.ResponseWriter, r *http.Request) {
return return
} }
s.KeyStore.Close(req.Username) if s.KeyStore.Close(req.Username) {
log.Printf("Close(%s): discarded key", req.Username)
}
serverutil.EncodeJSONResponse(w, &emptyResponse) serverutil.EncodeJSONResponse(w, &emptyResponse)
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment