login_log_format_elements: Added %k to show SSL protocol/cipher information.

--HG--
branch : HEAD

diff --git a/src/login-common/client-common.c b/src/login-common/client-common.c
index 409f77db90edb12fa5dc5f5afc5e0d4b4d83ecf9..ae1928064dbd9f64d82a2e41e2e5046d0d7da809 100644 (file)
--- a/src/login-common/client-common.c
+++ b/src/login-common/client-common.c
@@ -49,6 +49,7 @@ get_var_expand_table(struct client *client)
                { 'a', NULL },
                { 'b', NULL },
                { 'c', NULL },
+               { 'k', NULL },
                { 'e', NULL },
                { '\0', NULL }
        };
@@ -78,6 +79,7 @@ get_var_expand_table(struct client *client)
        tab[10].value = dec2str(client->remote_port);
        if (!client->tls) {
                tab[11].value = client->secured ? "secured" : NULL;
+               tab[12].value = "";
        } else {
                const char *ssl_state = ssl_proxy_is_handshaked(client->proxy) ?
                        "TLS" : "TLS handshaking";
@@ -85,8 +87,9 @@ get_var_expand_table(struct client *client)
 
                tab[11].value = ssl_error == NULL ? ssl_state :
                        t_strdup_printf("%s: %s", ssl_state, ssl_error);
+               tab[12].value = ssl_proxy_get_security_string(client->proxy);
        }
-       tab[12].value = dec2str(client->mail_pid);
+       tab[13].value = dec2str(client->mail_pid);
 
        return tab;
 }

diff --git a/src/login-common/ssl-proxy-openssl.c b/src/login-common/ssl-proxy-openssl.c
index 9c97031d788590fe260a5ef5190a9f3ea6c4f438..14025d22cdb02e7cbc720fb44c55c2d3ca1ea85f 100644 (file)
--- a/src/login-common/ssl-proxy-openssl.c
+++ b/src/login-common/ssl-proxy-openssl.c
@@ -550,6 +550,22 @@ const char *ssl_proxy_get_last_error(const struct ssl_proxy *proxy)
        return proxy->last_error;
 }
 
+const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy)
+{
+       SSL_CIPHER *cipher;
+       int bits, alg_bits;
+
+       if (!proxy->handshaked)
+               return "";
+
+       cipher = SSL_get_current_cipher(proxy->ssl);
+       bits = SSL_CIPHER_get_bits(cipher, &alg_bits);
+       return t_strdup_printf("%s with cipher %s (%d/%d bits)",
+                              SSL_get_version(proxy->ssl),
+                              SSL_CIPHER_get_name(cipher),
+                              bits, alg_bits);
+}
+
 void ssl_proxy_free(struct ssl_proxy *proxy)
 {
        ssl_proxy_unref(proxy);

diff --git a/src/login-common/ssl-proxy.c b/src/login-common/ssl-proxy.c
index 8b5acbda18a0f93cb2e2751c1926b3b60e7241ed..1c2c17d1abfd07633158ca174c358c4967178bc7 100644 (file)
--- a/src/login-common/ssl-proxy.c
+++ b/src/login-common/ssl-proxy.c
@@ -36,6 +36,11 @@ const char *ssl_proxy_get_last_error(const struct ssl_proxy *proxy ATTR_UNUSED)
        return NULL;
 }
 
+const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy)
+{
+       return "";
+}
+
 void ssl_proxy_free(struct ssl_proxy *proxy ATTR_UNUSED) {}
 
 unsigned int ssl_proxy_get_count(void)

diff --git a/src/login-common/ssl-proxy.h b/src/login-common/ssl-proxy.h
index aa7d442316223c85fabb609aef26f19ab1990f85..40f8abd0140caa46a83aba55c0f7d15a89b3eb38 100644 (file)
--- a/src/login-common/ssl-proxy.h
+++ b/src/login-common/ssl-proxy.h
@@ -14,6 +14,7 @@ bool ssl_proxy_has_valid_client_cert(const struct ssl_proxy *proxy) ATTR_PURE;
 const char *ssl_proxy_get_peer_name(struct ssl_proxy *proxy);
 bool ssl_proxy_is_handshaked(const struct ssl_proxy *proxy) ATTR_PURE;
 const char *ssl_proxy_get_last_error(const struct ssl_proxy *proxy) ATTR_PURE;
+const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy);
 void ssl_proxy_free(struct ssl_proxy *proxy);
 
 /* Return number of active SSL proxies */