Commit 5febc3e0 authored by sikeda's avatar sikeda
Browse files

[-dev] Normalize log messages (except in wwsympa.fcgi).

- Use sprintf format instead of string interpolation: Latter is potentially insecure.
- Function/method names in messages are removed because they are automatically prepended by Log::do?log().
- Otheer cosmetic issues.


git-svn-id: https://subversion.renater.fr/sympa/branches/sympa-6.2-branch@10849 05aa8bb8-cd2b-0410-b1d7-8918dfa770ce
parent 7df015ed
......@@ -52,8 +52,11 @@ if ($main::options{'log_level'}) {
);
} else {
Log::set_log_level($Conf::Conf{'log_level'});
Log::do_log('info',
"Logs seems OK, default log level $Conf::Conf{'log_level'}");
Log::do_log(
'info',
'Logs seems OK, default log level %s',
$Conf::Conf{'log_level'}
);
}
printf "Ok, now check logs \n";
......
......@@ -46,7 +46,7 @@ my $serial_number = 0; # incremented on each archived mail
sub store_last {
my ($list, $msg) = @_;
Log::do_log('debug2', 'archive::store ()');
Log::do_log('debug2', '');
my ($filename, $newfile);
......@@ -73,20 +73,19 @@ sub store_last {
sub list {
my $name = shift;
Log::do_log('debug', "archive::list($name)");
Log::do_log('debug', '(%s)', $name);
my ($filename, $newfile);
my (@l, $i);
unless (-d "$name") {
Log::do_log('warning',
"archive::list($name) failed, no directory $name");
Log::do_log('warning', '(%s) Failed, no directory %s', $name, $name);
# @l = ($msg::no_archives_available);
return @l;
}
unless (opendir(DIR, "$name")) {
Log::do_log('warning',
"archive::list($name) failed, cannot open directory $name");
Log::do_log('warning', '(%s) Failed, cannot open directory %s',
$name, $name);
# @l = ($msg::no_archives_available);
return @l;
}
......@@ -104,7 +103,7 @@ sub scan_dir_archive {
my ($dir, $month) = @_;
Log::do_log('info', "archive::scan_dir_archive($dir, $month)");
Log::do_log('info', '(%s, %s)', $dir, $month);
unless (opendir(DIR, "$dir/$month/arctxt")) {
Log::do_log('info',
......@@ -131,7 +130,7 @@ sub scan_dir_archive {
return undef;
}
Log::do_log('debug', "MAIL object : $mail");
Log::do_log('debug', 'MAIL object: %s', $mail);
$i++;
my $msg = {};
......@@ -143,11 +142,8 @@ sub scan_dir_archive {
$msg->{'full_msg'} = $mail->{'msg'}->as_string;
Log::do_log(
'debug',
'Archive::scan_dir_archive adding message %s in archive to send',
$msg->{'subject'}
);
Log::do_log('debug', 'Adding message %s in archive to send',
$msg->{'subject'});
push @{$all_msg}, $msg;
}
......@@ -172,14 +168,14 @@ sub search_msgid {
my ($dir, $msgid) = @_;
Log::do_log('info', "archive::search_msgid($dir, $msgid)");
Log::do_log('info', '(%s, %s)', $dir, $msgid);
if ($msgid =~ /NO-ID-FOUND\.mhonarc\.org/) {
Log::do_log('err', 'remove_arc: no message id found');
Log::do_log('err', 'No message id found');
return undef;
}
unless ($dir =~ /\d\d\d\d\-\d\d\/arctxt/) {
Log::do_log('info', "archive::search_msgid : dir $dir look unproper");
Log::do_log('info', 'Dir %s look unproper', $dir);
return undef;
}
unless (opendir(ARC, "$dir")) {
......@@ -222,7 +218,7 @@ sub last_path {
my $list = shift;
Log::do_log('debug', 'Archived::last_path(%s)', $list->{'name'});
Log::do_log('debug', '(%s)', $list->{'name'});
return undef unless ($list->is_archived());
my $file = $list->{'dir'} . '/archives/last_message';
......@@ -244,7 +240,7 @@ sub load_html_message {
unless (open ARC, $parameters{'file_path'}) {
Log::do_log(
'err',
"Failed to load message '%s' : $!",
'Failed to load message "%s": %m',
$parameters{'file_path'}
);
return undef;
......@@ -289,7 +285,7 @@ sub clean_archive_directory {
) {
Log::do_log(
'err',
"Unable to create a temporary directory where to store files for HTML escaping (%s). Cancelling.",
'Unable to create a temporary directory where to store files for HTML escaping (%s). Cancelling',
$number_of_copies
);
return undef;
......@@ -304,7 +300,7 @@ sub clean_archive_directory {
closedir DIR;
if ($files_left_uncleaned) {
Log::do_log('err',
"HTML cleaning failed for %s files in the directory %s.",
'HTML cleaning failed for %s files in the directory %s',
$files_left_uncleaned, $answer->{'dir_to_rebuild'});
}
$answer->{'dir_to_rebuild'} = $answer->{'cleaned_dir'};
......@@ -347,7 +343,7 @@ sub clean_archived_message {
return undef;
}
} else {
Log::do_log('err', 'HTML cleaning in file %s failed.', $output);
Log::do_log('err', 'HTML cleaning in file %s failed', $output);
return undef;
}
}
......
......@@ -42,7 +42,7 @@ use Sympa::User;
## by sha1 or ....)
sub password_fingerprint {
Log::do_log('debug', 'Auth::password_fingerprint');
Log::do_log('debug', '');
my $pwd = shift;
if (Conf::get_robot_conf('*', 'password_case') eq 'insensitive') {
......@@ -57,7 +57,7 @@ sub check_auth {
my $robot = shift;
my $auth = shift; ## User email or UID
my $pwd = shift; ## Password
Log::do_log('debug', 'Auth::check_auth(%s)', $auth);
Log::do_log('debug', '(%s)', $auth);
my ($canonic, $user);
......@@ -124,7 +124,7 @@ sub may_use_sympa_native_auth {
sub authentication {
my ($robot, $email, $pwd) = @_;
my ($user, $canonic);
Log::do_log('debug', 'Auth::authentication(%s)', $email);
Log::do_log('debug', '(%s)', $email);
unless ($user = Sympa::User::get_global_user($email)) {
$user = {'email' => $email};
......@@ -141,7 +141,7 @@ sub authentication {
report::reject_report_web('user', 'too_many_wrong_login', {})
unless ($ENV{'SYMPA_SOAP'});
Log::do_log('err',
'login is blocked : too many wrong password submission for %s',
'Login is blocked: too many wrong password submission for %s',
$email);
return undef;
}
......@@ -192,8 +192,7 @@ sub authentication {
report::reject_report_web('user', 'incorrect_passwd', {})
unless ($ENV{'SYMPA_SOAP'});
Log::do_log('err', 'authentication: incorrect password for user %s',
$email);
Log::do_log('err', 'Incorrect password for user %s', $email);
my $param; #FIXME FIXME: not used.
$param->{'init_email'} = $email;
......@@ -204,8 +203,7 @@ sub authentication {
sub ldap_authentication {
my ($robot, $ldap, $auth, $pwd, $whichfilter) = @_;
my ($mesg, $host, $ldap_passwd, $ldap_anonymous);
Log::do_log('debug2', 'Auth::ldap_authentication(%s,%s,%s)',
$auth, '****', $whichfilter);
Log::do_log('debug2', '(%s, %s, %s)', $auth, '****', $whichfilter);
Log::do_log('debug3', 'Password used: %s', $pwd);
unless (tools::search_fullpath($robot, 'auth.conf')) {
......@@ -238,7 +236,7 @@ sub ldap_authentication {
my $ds = LDAPSource->new($param);
unless (defined $ds && ($ldap_anonymous = $ds->connect())) {
Log::do_log('err', "Unable to connect to the LDAP server '%s'",
Log::do_log('err', 'Unable to connect to the LDAP server "%s"',
$ldap->{'host'});
return undef;
}
......@@ -273,7 +271,7 @@ sub ldap_authentication {
$ds = LDAPSource->new($param);
unless (defined $ds && ($ldap_passwd = $ds->connect())) {
Log::do_log('err', "Unable to connect to the LDAP server '%s'",
Log::do_log('err', 'Unable to connect to the LDAP server "%s"',
$param->{'host'});
return undef;
}
......@@ -323,8 +321,8 @@ sub ldap_authentication {
$param->{'alt_emails'}{$alt} = $previous->{$alt};
}
$ds->disconnect() or Log::do_log('notice', "unable to unbind");
Log::do_log('debug3', "canonic: $canonic_email[0]");
$ds->disconnect() or Log::do_log('notice', 'Unable to unbind');
Log::do_log('debug3', 'Canonic: %s', $canonic_email[0]);
## If the identifier provided was a valid email, return the provided
## email.
## Otherwise, return the canonical email guessed after the login.
......@@ -343,8 +341,7 @@ sub get_email_by_net_id {
my $auth_id = shift;
my $attributes = shift;
Log::do_log('debug',
"Auth::get_email_by_net_id($auth_id,$attributes->{'uid'})");
Log::do_log('debug', '(%s, %s)', $auth_id, $attributes->{'uid'});
if (defined $Conf::Conf{'auth_services'}{$robot}[$auth_id]
{'internal_email_by_netid'}) {
......@@ -367,7 +364,7 @@ sub get_email_by_net_id {
my $ldap_anonymous;
unless (defined $ds && ($ldap_anonymous = $ds->connect())) {
Log::do_log('err', "Unable to connect to the LDAP server '%s'",
Log::do_log('err', 'Unable to connect to the LDAP server "%s"',
$ldap->{'ldap_host'});
return undef;
}
......@@ -408,8 +405,7 @@ sub get_email_by_net_id {
sub remote_app_check_password {
my ($trusted_application_name, $password, $robot) = @_;
Log::do_log('debug', 'Auth::remote_app_check_password (%s,%s)',
$trusted_application_name, $robot);
Log::do_log('debug', '(%s, %s)', $trusted_application_name, $robot);
my $md5 = tools::md5_fingerprint($password);
......@@ -424,7 +420,7 @@ sub remote_app_check_password {
if (lc($application->{'name'}) eq lc($trusted_application_name)) {
if ($md5 eq $application->{'md5password'}) {
# Log::do_log('debug', 'Auth::remote_app_check_password : authentication succeed for %s',$application->{'name'});
# Log::do_log('debug', 'Authentication succeed for %s',$application->{'name'});
my %proxy_for_vars;
foreach my $varname (@{$application->{'proxy_for_variables'}})
{
......@@ -432,16 +428,14 @@ sub remote_app_check_password {
}
return (\%proxy_for_vars);
} else {
Log::do_log('info',
'Auth::remote_app_check_password: bad password from %s',
Log::do_log('info', 'Bad password from %s',
$trusted_application_name);
return undef;
}
}
}
# no matching application found
Log::do_log('info',
'Auth::remote_app-check_password: unknown application name %s',
Log::do_log('info', '-check_password: unknown application name %s',
$trusted_application_name);
return undef;
}
......@@ -458,8 +452,7 @@ sub create_one_time_ticket {
shift; ## Value may be 'mail' if the IP address is not known
my $ticket = SympaSession::get_random();
Log::do_log('info',
'Auth::create_one_time_ticket(%s,%s,%s,%s) value = %s',
Log::do_log('info', '(%s, %s, %s, %s) Value = %s',
$email, $robot, $data_string, $remote_addr, $ticket);
my $date = time;
......@@ -513,9 +506,7 @@ sub get_one_time_ticket {
my $ticket = $sth->fetchrow_hashref('NAME_lc');
unless ($ticket) {
Log::do_log('info',
'Auth::get_one_time_ticket: Unable to find one time ticket %s',
$ticket);
Log::do_log('info', 'Unable to find one time ticket %s', $ticket);
return {'result' => 'not_found'};
}
......@@ -525,21 +516,11 @@ sub get_one_time_ticket {
if ($ticket->{'status'} ne 'open') {
$result = 'closed';
Log::do_log(
'info',
'Auth::get_one_time_ticket: ticket %s from %s has been used before (%s)',
$ticket_number,
$ticket->{'email'},
$printable_date
);
Log::do_log('info', 'Ticket %s from %s has been used before (%s)',
$ticket_number, $ticket->{'email'}, $printable_date);
} elsif (time - $ticket->{'date'} > 48 * 60 * 60) {
Log::do_log(
'info',
'Auth::get_one_time_ticket: ticket %s from %s refused because expired (%s)',
$ticket_number,
$ticket->{'email'},
$printable_date
);
Log::do_log('info', 'Ticket %s from %s refused because expired (%s)',
$ticket_number, $ticket->{'email'}, $printable_date);
$result = 'expired';
} else {
$result = 'success';
......@@ -555,8 +536,7 @@ sub get_one_time_ticket {
$ticket_number, $addr);
}
Log::do_log('info', 'Auth::get_one_time_ticket(%s) : result : %s',
$ticket_number, $result);
Log::do_log('info', '(%s) Result: %s', $ticket_number, $result);
return {
'result' => $result,
'date' => $ticket->{'date'},
......
......@@ -63,7 +63,7 @@ my $message_fingerprint;
# Next lock the packetb to prevent multiple proccessing of a single packet
sub next {
Log::do_log('debug', 'Bulk::next');
Log::do_log('debug', '');
# lock next packet
my $lock = tools::get_lockname();
......@@ -167,7 +167,7 @@ sub remove {
my $messagekey = shift;
my $packetid = shift;
Log::do_log('debug', "Bulk::remove(%s,%s)", $messagekey, $packetid);
Log::do_log('debug', '(%s, %s)', $messagekey, $packetid);
unless (
$sth = SDM::do_query(
......@@ -185,7 +185,7 @@ sub remove {
sub messageasstring {
my $messagekey = shift;
Log::do_log('debug', 'Bulk::messageasstring(%s)', $messagekey);
Log::do_log('debug', '(%s)', $messagekey);
unless (
$sth = SDM::do_query(
......@@ -204,7 +204,8 @@ sub messageasstring {
my $messageasstring = $sth->fetchrow_hashref('NAME_lc');
unless ($messageasstring) {
Log::do_log('err', "could not fetch message $messagekey from spool");
Log::do_log('err', 'Could not fetch message %s from spool',
$messagekey);
return undef;
}
my $msg = MIME::Base64::decode($messageasstring->{'message'});
......@@ -221,7 +222,7 @@ sub messageasstring {
#
sub message_from_spool {
my $messagekey = shift;
Log::do_log('debug', '(messagekey : %s)', $messagekey);
Log::do_log('debug', '(messagekey: %s)', $messagekey);
unless (
$sth = SDM::do_query(
......@@ -271,7 +272,7 @@ sub merge_msg {
my $data = shift;
unless (ref $entity eq 'MIME::Entity') {
Log::do_log('err', 'false entity');
Log::do_log('err', 'False entity');
return undef;
}
......@@ -377,7 +378,7 @@ sub _merge_msg {
'message_output' => \$message_output,
)
) {
Log::do_log('err', 'error merging message');
Log::do_log('err', 'Error merging message');
return undef;
}
$utf8_body = $message_output;
......@@ -478,7 +479,7 @@ sub merge_data {
# Parse the TT2 in the message : replace the tags and the parameters by
# the corresponding values
unless (tt2::parse_tt2($data, \$body, $message_output, '', $options)) {
Log::do_log('err', 'Unable to parse body : "%s"', \$body);
Log::do_log('err', 'Unable to parse body: "%s"', \$body);
return undef;
}
......@@ -510,7 +511,7 @@ sub store {
Log::do_log(
'debug',
'Bulk::store(<msg>,<rcpts>,from = %s,robot = %s,listname= %s,priority_message = %s, delivery_date= %s,verp = %s, tracking = %s, merge = %s, dkim: d= %s i=%s, last: %s)',
'(<msg>, <rcpts>, from = %s, robot = %s, listname= %s, priority_message = %s, delivery_date= %s, verp = %s, tracking = %s, merge = %s, dkim: d= %s i=%s, last: %s)',
$from,
$robot,
$listname,
......@@ -744,7 +745,7 @@ sub store {
## remove file that are not referenced by any packet
sub purge_bulkspool {
Log::do_log('debug', 'purge_bulkspool');
Log::do_log('debug', '');
unless (
$sth = SDM::do_query(
......@@ -812,7 +813,7 @@ sub store_test {
Log::do_log(
'debug',
'Bulk::store_test(<msg>,<rcpts>,from = %s,robot = %s,listname= %s,priority_message = %s,delivery_date= %s,verp = %s, merge = %s)',
'(<msg>, <rcpts>, from = %s, robot = %s, listname= %s, priority_message = %s, delivery_date= %s, verp = %s, merge = %s)',
$from,
$robot,
$listname,
......@@ -884,7 +885,7 @@ sub store_test {
## Return the number of remaining packets in the bulkmailer table.
sub get_remaining_packets_count {
Log::do_log('debug3', 'get_remaining_packets_count');
Log::do_log('debug3', '');
my $m_count = 0;
......@@ -907,7 +908,7 @@ sub get_remaining_packets_count {
## exceeds
## the value of the 'bulk_fork_threshold' config parameter.
sub there_is_too_much_remaining_packets {
Log::do_log('debug3', 'there_is_too_much_remaining_packets');
Log::do_log('debug3', '');
my $remaining_packets = get_remaining_packets_count();
if ($remaining_packets > Conf::get_robot_conf('*', 'bulk_fork_threshold'))
{
......
......@@ -35,101 +35,136 @@ use SympaSession;
use SDM;
# this structure is used to define which session attributes are stored in a dedicated database col where others are compiled in col 'data_session'
my %challenge_hard_attributes = ('id_challenge' => 1, 'date' => 1, 'robot' => 1,'email' => 1, 'list' => 1);
my %challenge_hard_attributes = (
'id_challenge' => 1,
'date' => 1,
'robot' => 1,
'email' => 1,
'list' => 1
);
# create a challenge context and store it in challenge table
sub create {
my ($robot, $email, $context) = @_;
Log::do_log('debug', 'Challenge::new(%s, %s, %s)', $challenge_id, $email, $robot);
Log::do_log('debug', '(%s, %s, %s)', $challenge_id, $email, $robot);
my $challenge = {};
my $challenge={};
unless ($robot) {
Log::do_log('err', 'Missing robot parameter, cannot create challenge object') ;
return undef;
Log::do_log('err',
'Missing robot parameter, cannot create challenge object');
return undef;
}
unless ($email) {
Log::do_log('err', 'Missing email parameter, cannot create challenge object') ;
return undef;
Log::do_log('err',
'Missing email parameter, cannot create challenge object');
return undef;
}
$challenge->{'id_challenge'} = get_random();
$challenge->{'email'} = $email;
$challenge->{'date'} = time;
$challenge->{'robot'} = $robot;
$challenge->{'data'} = $context;
$challenge->{'email'} = $email;
$challenge->{'date'} = time;
$challenge->{'robot'} = $robot;
$challenge->{'data'} = $context;
return undef unless (Challenge::store($challenge));
return $challenge->{'id_challenge'}
return $challenge->{'id_challenge'};
}
sub load {
my $id_challenge = shift;
Log::do_log('debug', 'Challenge::load(%s)', $id_challenge);
Log::do_log('debug', '(%s)', $id_challenge);
unless ($challenge_id) {
Log::do_log('err', 'Challenge::load() : internal error, SympaSession::load called with undef id_challenge');
return undef;
Log::do_log('err',
'Internal error, SympaSession::load called with undef id_challenge'
);
return undef;
}
my $sth;
unless($sth = SDM::do_query("SELECT id_challenge AS id_challenge, date_challenge AS 'date', remote_addr_challenge AS remote_addr, robot_challenge AS robot, email_challenge AS email, data_challenge AS data, hit_challenge AS hit, start_date_challenge AS start_date FROM challenge_table WHERE id_challenge = %s", $cookie)) {
Log::do_log('err','Unable to retrieve challenge %s from database',$cookie);
return undef;
unless (
$sth = SDM::do_query(
"SELECT id_challenge AS id_challenge, date_challenge AS 'date', remote_addr_challenge AS remote_addr, robot_challenge AS robot, email_challenge AS email, data_challenge AS data, hit_challenge AS hit, start_date_challenge AS start_date FROM challenge_table WHERE id_challenge = %s",
$cookie
)
) {
Log::do_log('err', 'Unable to retrieve challenge %s from database',
$cookie);
return undef;
}
my $challenge = $sth->fetchrow_hashref('NAME_lc');
unless ($challenge) {
return 'not_found';
return 'not_found';
}
my $challenge_datas;
my %datas= tools::string_2_hash($challenge->{'data'});
foreach my $key (keys %datas) {$challenge_datas->{$key} = $datas{$key};}
my %datas = tools::string_2_hash($challenge->{'data'});
foreach my $key (keys %datas) { $challenge_datas->{$key} = $datas{$key}; }
$challenge_datas->{'id_challenge'} = $challenge->{'id_challenge'};
$challenge_datas->{'date'} = $challenge->{'date'};
$challenge_datas->{'robot'} = $challenge->{'robot'};
$challenge_datas->{'email'} = $challenge->{'email'};
Log::do_log('debug3', 'Challenge::load(): removing existing challenge del_statement = %s',$del_statement);
unless(SDM::do_query("DELETE FROM challenge_table WHERE (id_challenge=%s)",$id_challenge)) {
Log::do_log('err','Unable to delete challenge %s from database',$id_challenge);
return undef;
$challenge_datas->{'date'} = $challenge->{'date'};
$challenge_datas->{'robot'} = $challenge->{'robot'};
$challenge_datas->{'email'} = $challenge->{'email'};
Log::do_log('debug3', 'Removing existing challenge del_statement = %s',
$del_statement);
unless (
SDM::do_query(
"DELETE FROM challenge_table WHERE (id_challenge=%s)",
$id_challenge
)
) {
Log::do_log('err', 'Unable to delete challenge %s from database',
$id_challenge);
return undef;
}
return ('expired') if (time - $challenge_datas->{'date'} >= tools::duration_conv($Conf::Conf{'challenge_table_ttl'}));
return ('expired')
if (
time - $challenge_datas->{'date'} >=
tools::duration_conv($Conf::Conf{'challenge_table_ttl'}));
return ($challenge_datas);
}
sub store {
my $challenge = shift;
Log::do_log('debug', 'Challenge::store()');
Log::do_log('debug', '');
return undef unless ($challenge->{'id_challenge'});
my %hash ;
foreach my $var (keys %$challenge ) {
next if ($challenge_hard_attributes{$var});
next unless ($var);
$hash{$var} = $challenge->{$var};
my %hash;
foreach my $var (keys %$challenge) {
next if ($challenge_hard_attributes{$var});
next unless ($var);
$hash{$var} = $challenge->{$var};
}
my $data_string = tools::hash_2_string (\%hash);
my $data_string = tools::hash_2_string(\%hash);
my $sth;
unless(SDM::do_query("INSERT INTO challenge_table (id_challenge, date_challenge, robot_challenge, email_challenge, data_challenge) VALUES ('%s','%s','%s','%s','%s'')",$challenge->{'id_challenge'},$challenge->{'date'},$challenge->{'robot'},$challenge->{'email'},$data_string)) {
Log::do_log('err','Unable to store challenge %s informations in database (robot: %s, user: %s)',$challenge->{'id_challenge'},$challenge->{'robot'},$challenge->{'email'});
return undef;
unless (
SDM::do_query(
"INSERT INTO challenge_table (id_challenge, date_challenge, robot_challenge, email_challenge, data_challenge) VALUES ('%s','%s','%s','%s','%s'')",
$challenge->{'id_challenge'}, $challenge->{'date'},
$challenge->{'robot'}, $challenge->{'email'},
$data_string
)
) {
Log::do_log(
'err',
'Unable to store challenge %s informations in database (robot: %s, user: %s)',
$challenge->{'id_challenge'},