1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
/* whack debug routines, for libreswan
*
* Copyright (C) 1997 Angelos D. Keromytis.
* Copyright (C) 1998-2001,2013-2016 D. Hugh Redelmeier <hugh@mimosa.com>
* Copyright (C) 2003-2008 Michael Richardson <mcr@xelerance.com>
* Copyright (C) 2003-2010 Paul Wouters <paul@xelerance.com>
* Copyright (C) 2009 Avesh Agarwal <avagarwa@redhat.com>
* Copyright (C) 2010 David McCullough <david_mccullough@securecomputing.com>
* Copyright (C) 2011 Mika Ilmaranta <ilmis@foobar.fi>
* Copyright (C) 2012-2013 Paul Wouters <paul@libreswan.org>
* Copyright (C) 2014-2020 Paul Wouters <pwouters@redhat.com>
* Copyright (C) 2014-2017 Antony Antony <antony@phenome.org>
* Copyright (C) 2019-2023 Andrew Cagney <cagney@gnu.org>
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <https://www.gnu.org/licenses/gpl2.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include "defs.h"
#include "whack_debug.h"
#include "connections.h"
#include "log.h"
#include "show.h"
#include "fips_mode.h"
#include "visit_connection.h"
static unsigned whack_debug_connection(const struct whack_message *m,
struct show *s,
struct connection *c)
{
connection_attach(c, show_logger(s));
c->logger->debugging = lmod(c->logger->debugging, m->debugging);
if (LDBGP(DBG_BASE, c->logger)) {
LLOG_JAMBUF(DEBUG_STREAM|ADD_PREFIX, c->logger, buf) {
jam_string(buf, "extra_debugging = ");
jam_lset_short(buf, &debug_names,
"+", c->logger->debugging);
}
}
connection_detach(c, show_logger(s));
return 1; /* the connection counts */
}
void whack_debug(const struct whack_message *m, struct show *s)
{
struct logger *logger = show_logger(s);
if (is_fips_mode()) {
if (lmod_is_set(m->debugging, DBG_PRIVATE)) {
llog(RC_FATAL, logger,
"FIPS: --debug private is not allowed in FIPS mode, aborted");
return; /*don't shutdown*/
}
if (lmod_is_set(m->debugging, DBG_CRYPT)) {
llog(RC_FATAL, logger,
"FIPS: --debug crypt is not allowed in FIPS mode, aborted");
return; /*don't shutdown*/
}
}
if (m->name == NULL) {
/*
* This is done in two two-steps so that if either old
* or new would cause a debug message to print, it
* will be printed.
*
* XXX: why not unconditionally send what was changed
* back to whack?
*/
lset_t old_debugging = cur_debugging & DBG_MASK;
lset_t new_debugging = lmod(old_debugging, m->debugging);
set_debugging(cur_debugging | new_debugging);
LDBGP_JAMBUF(DBG_BASE, logger, buf) {
jam(buf, "old debugging ");
jam_lset_short(buf, &debug_names,
"+", old_debugging);
jam(buf, " + ");
jam_lmod(buf, &debug_names, m->debugging);
}
LDBGP_JAMBUF(DBG_BASE, logger, buf) {
jam(buf, "new debugging = ");
jam_lset_short(buf, &debug_names,
"+", new_debugging);
}
set_debugging(new_debugging);
} else if (!m->whack_add/*connection*/) {
whack_connection(m, s, whack_debug_connection,
/*alias_order*/OLD2NEW,
(struct each) {
.log_unknown_name = true,
});
}
}
|
