feat: impl naive logger

Author: hlhr202

Cargo.lock

@@ -9,7 +9,7 @@ members = [
 
 [workspace.dependencies]
 lazy_static = "1.4.0"
-reqwest = { version = "0.11.25", features = [
+reqwest = { version = "0.12.2", features = [
     "multipart",
     "blocking",
     "cookies",
@@ -34,4 +34,6 @@ sha2 = "0.10.8"
 rand = "0.8.5"
 hex = "0.4.3"
 machine-uid = "0.5.1"
-chacha20poly1305 = "0.10.1"
+chacha20poly1305 = "0.10.1"
+tracing = "0.1.40"
+tracing-subscriber = "0.3.18"

Cargo.toml

@@ -56,12 +56,13 @@ Special thanks to (MORE THAN) the following projects and technologies for making
 - [x] implement safe ffi
 - [x] implement password login
 - [x] implement cookie login
+- [x] implement ssl certificate validation
 - [ ] implement public key login
-- [ ] implement ssl certificate validation
 
 ### Client
 
 - [x] implement password login
 - [x] implement oidc login
-- [ ] implement logs
+- [x] implement logs
+  - [ ] waiting tracing file rotation
 - [ ] implement CLI

README.md

@@ -30,6 +30,8 @@ hex = { workspace = true }
 rand = { workspace = true }
 machine-uid = { workspace = true }
 chacha20poly1305 = { workspace = true }
+tracing = { workspace = true }
+tracing-subscriber = { workspace = true }
 
 [target.'cfg(windows)'.dependencies]
 windows-sys = { workspace = true }

crates/openconnect-core/Cargo.toml

@@ -14,51 +14,53 @@ pub(crate) struct PeerCerts {
     pub accepted_certs: Mutex<Vec<AcceptedCert>>,
 }
 
-pub(crate) extern "C" fn validate_peer_cert(
-    privdata: *mut ::std::os::raw::c_void,
-    _reason: *const ::std::os::raw::c_char,
-) -> ::std::os::raw::c_int {
-    let client = unsafe { VpnClient::ref_from_raw(privdata) };
-    let vpninfo = client.vpninfo;
-    let host = client.get_hostname();
-    let port = client.get_port();
+impl PeerCerts {
+    pub(crate) extern "C" fn validate_peer_cert(
+        privdata: *mut ::std::os::raw::c_void,
+        _reason: *const ::std::os::raw::c_char,
+    ) -> ::std::os::raw::c_int {
+        let client = unsafe { VpnClient::ref_from_raw(privdata) };
+        let vpninfo = client.vpninfo;
+        let host = client.get_hostname();
+        let port = client.get_port();
 
-    let openssl_cert_guard = client.peer_certs.accepted_certs.lock();
-    if let Ok(openssl_cert) = openssl_cert_guard {
-        for cert in openssl_cert.iter().rev() {
-            if (host.is_none() || cert.host == host) && (port == 0 || cert.port == port) {
-                let fingerprint_in_cstr =
-                    CString::new(cert.fingerprint.as_str()).expect("Invalid fingerprint");
-                let err = unsafe {
-                    openconnect_check_peer_cert_hash(vpninfo, fingerprint_in_cstr.as_ptr())
-                };
-                if err == 0 {
-                    return 0;
-                }
-                if err < 0 {
-                    // TODO: log error
-                    println!("Could not check peer cert hash: {}", cert.fingerprint);
+        let openssl_cert_guard = client.peer_certs.accepted_certs.lock();
+        if let Ok(openssl_cert) = openssl_cert_guard {
+            for cert in openssl_cert.iter().rev() {
+                if (host.is_none() || cert.host == host) && (port == 0 || cert.port == port) {
+                    let fingerprint_in_cstr =
+                        CString::new(cert.fingerprint.as_str()).expect("Invalid fingerprint");
+                    let err = unsafe {
+                        openconnect_check_peer_cert_hash(vpninfo, fingerprint_in_cstr.as_ptr())
+                    };
+                    if err == 0 {
+                        return 0;
+                    }
+                    if err < 0 {
+                        // TODO: log error
+                        println!("Could not check peer cert hash: {}", cert.fingerprint);
+                    }
                 }
             }
         }
-    }
 
-    let fingerprint = client.get_peer_cert_hash();
+        let fingerprint = client.get_peer_cert_hash();
 
-    if client.handle_accept_insecure_cert(&fingerprint) {
-        let newcert = AcceptedCert {
-            fingerprint,
-            host,
-            port,
-        };
-        let openssl_cert_guard = client.peer_certs.accepted_certs.lock();
-        if let Ok(mut openssl_cert) = openssl_cert_guard {
-            openssl_cert.push(newcert);
+        if client.handle_accept_insecure_cert(&fingerprint) {
+            let newcert = AcceptedCert {
+                fingerprint,
+                host,
+                port,
+            };
+            let openssl_cert_guard = client.peer_certs.accepted_certs.lock();
+            if let Ok(mut openssl_cert) = openssl_cert_guard {
+                openssl_cert.push(newcert);
+            }
+            tracing::debug!("User accepted insecure certificate");
+            0
+        } else {
+            tracing::debug!("User rejected insecure certificate");
+            1
         }
-        println!("User accepted insecure certificate");
-        0
-    } else {
-        println!("User rejected insecure certificate");
-        1
     }
 }

crates/openconnect-core/src/cert.rs

@@ -90,7 +90,8 @@ impl FormManager {
         privdata: *mut ::std::os::raw::c_void,
         form: *mut openconnect_sys::oc_auth_form,
     ) -> ::std::os::raw::c_int {
-        println!("process_auth_form_cb");
+        tracing::debug!("Calling process_auth_form_cb");
+
         let client = unsafe { VpnClient::ref_from_raw(privdata) };
         unsafe {
             // TODO: review this
@@ -225,8 +226,8 @@ impl FormManager {
                 return OC_FORM_RESULT_CANCELLED as i32;
             }
         }
-        println!("Submitting form");
-        println!();
+
+        tracing::debug!("Successfully processed auth form");
         OC_FORM_RESULT_OK as i32
     }
 }

crates/openconnect-core/src/form.rs

@@ -5,20 +5,23 @@ pub mod elevator;
 pub mod events;
 pub mod form;
 pub mod ip_info;
+pub mod log;
 pub mod protocols;
 pub mod result;
 pub mod stats;
 pub mod storage;
 
-use cert::PeerCerts;
-use command::{CmdPipe, SIGNAL_HANDLE};
-use config::{Config, Entrypoint, LogLevel};
-use events::{EventHandlers, Events};
-use form::FormManager;
-use ip_info::IpInfo;
+use crate::cert::PeerCerts;
+use crate::command::{CmdPipe, SIGNAL_HANDLE};
+use crate::config::{Config, Entrypoint, LogLevel};
+use crate::events::{EventHandlers, Events};
+use crate::form::FormManager;
+use crate::ip_info::IpInfo;
+use crate::log::Logger;
+use crate::result::{EmitError, OpenconnectError, OpenconnectResult};
+use crate::stats::Stats;
+
 use openconnect_sys::*;
-use result::{EmitError, OpenconnectError, OpenconnectResult};
-use stats::Stats;
 use std::{
     ffi::CString,
     sync::{
@@ -53,25 +56,6 @@ unsafe impl Send for VpnClient {}
 unsafe impl Sync for VpnClient {}
 
 impl VpnClient {
-    pub(crate) unsafe extern "C" fn handle_process_log(
-        _privdata: *mut ::std::os::raw::c_void,
-        level: ::std::os::raw::c_int,
-        buf: *const ::std::os::raw::c_char,
-    ) {
-        let buf = std::ffi::CStr::from_ptr(buf).to_str().ok();
-        let level = level as u32;
-        let level = match level {
-            PRG_ERR => "ERR",
-            PRG_INFO => "INFO",
-            PRG_DEBUG => "DEBUG",
-            PRG_TRACE => "TRACE",
-            _ => "UNKNOWN",
-        };
-        if buf.is_some() {
-            println!("{}: {}", level, buf.unwrap_or(""));
-        }
-    }
-
     pub(crate) extern "C" fn default_setup_tun_vfn(privdata: *mut ::std::os::raw::c_void) {
         let client = unsafe { VpnClient::ref_from_raw(privdata) };
 
@@ -410,7 +394,7 @@ impl VpnClient {
         unsafe {
             openconnect_vpninfo_free(self.vpninfo);
         }
-        println!("free context");
+        tracing::debug!("Client instance is dropped");
     }
 }
 
@@ -454,11 +438,11 @@ impl Connectable for VpnClient {
             }
 
             // format args on C side
-            helper_set_global_progress_vfn(Some(Self::handle_process_log));
+            helper_set_global_progress_vfn(Some(Logger::raw_handle_process_log));
 
             let vpninfo = openconnect_vpninfo_new(
                 useragent.as_ptr(),
-                Some(cert::validate_peer_cert),
+                Some(PeerCerts::validate_peer_cert),
                 None,
                 Some(FormManager::process_auth_form_cb),
                 Some(helper_format_vargs), // format args on C side

crates/openconnect-core/src/lib.rs

@@ -0,0 +1,51 @@
+use openconnect_sys::{PRG_DEBUG, PRG_ERR, PRG_INFO, PRG_TRACE};
+use tracing::{
+    event,
+    subscriber::{set_global_default, SetGlobalDefaultError},
+    Level,
+};
+
+pub struct Logger;
+
+impl Logger {
+    pub fn init() -> Result<(), SetGlobalDefaultError> {
+        // for file based logging, waiting https://github.com/tokio-rs/tracing/pull/2497 to be merged
+        let subscriber = tracing_subscriber::fmt()
+            .compact()
+            .with_level(true)
+            .with_target(true)
+            .with_max_level(Level::TRACE)
+            .finish();
+
+        set_global_default(subscriber)
+    }
+
+    pub(crate) unsafe extern "C" fn raw_handle_process_log(
+        _privdata: *mut ::std::os::raw::c_void,
+        level: ::std::os::raw::c_int,
+        buf: *const ::std::os::raw::c_char,
+    ) {
+        let buf = std::ffi::CStr::from_ptr(buf).to_str().ok();
+        let level = level as u32;
+        let level = match level {
+            PRG_ERR => Level::ERROR,
+            PRG_INFO => Level::INFO,
+            PRG_DEBUG => Level::DEBUG,
+            PRG_TRACE => Level::TRACE,
+            _ => unreachable!("unknown log level: {}", level),
+        };
+        if buf.is_some() {
+            Logger::log(level, buf.unwrap_or(""));
+        }
+    }
+
+    pub fn log(level: Level, message: &str) {
+        match level {
+            Level::ERROR => event!(Level::ERROR, "{}", message),
+            Level::WARN => event!(Level::WARN, "{}", message),
+            Level::INFO => event!(Level::INFO, "{}", message),
+            Level::DEBUG => event!(Level::DEBUG, "{}", message),
+            Level::TRACE => event!(Level::TRACE, "{}", message),
+        }
+    }
+}

crates/openconnect-core/src/log.rs

@@ -76,6 +76,7 @@ fn main() {
                 .body(b"Authenticated, close this window and return to the application.".to_vec())
         })
         .setup(move |app| {
+            openconnect_core::log::Logger::init().expect("failed to init logger");
             // This is to fully remove dock icon, temp disable
             // #[cfg(target_os = "macos")]
             // app.set_activation_policy(tauri::ActivationPolicy::Accessory);