diff --git a/lib/auth/touchid/api.go b/lib/auth/touchid/api.go index 7769b6dd5d2f7..0d96a61f05297 100644 --- a/lib/auth/touchid/api.go +++ b/lib/auth/touchid/api.go @@ -20,6 +20,7 @@ package touchid import ( "bytes" + "context" "crypto/ecdsa" "crypto/sha256" "encoding/base64" @@ -38,10 +39,11 @@ import ( "github.com/go-webauthn/webauthn/protocol" "github.com/go-webauthn/webauthn/protocol/webauthncose" "github.com/gravitational/trace" - log "github.com/sirupsen/logrus" + "github.com/gravitational/teleport" wantypes "github.com/gravitational/teleport/lib/auth/webauthntypes" "github.com/gravitational/teleport/lib/darwin" + logutils "github.com/gravitational/teleport/lib/utils/log" ) var ( @@ -52,6 +54,8 @@ var ( PromptPlatformMessage = "Using platform authenticator, follow the OS prompt" // PromptWriter is the writer used for prompt messages. PromptWriter io.Writer = os.Stderr + + logger = logutils.NewPackageLogger(teleport.ComponentKey, "TouchID") ) func promptPlatform() { @@ -167,7 +171,7 @@ func IsAvailable() bool { var err error cachedDiag, err = Diag() if err != nil { - log.WithError(err).Warn("Touch ID self-diagnostics failed") + logger.WarnContext(context.Background(), "self-diagnostics failed", "error", err) return false } } @@ -356,7 +360,7 @@ func HasCredentials(rpid, user string) bool { } creds, err := native.FindCredentials(rpid, user) if err != nil { - log.WithError(err).Debug("Touch ID: Could not find credentials") + logger.DebugContext(context.Background(), "Could not find credentials", "error", err) return false } return len(creds) > 0 @@ -494,7 +498,7 @@ func Login(origin, user string, assertion *wantypes.CredentialAssertion, picker if err != nil { return nil, "", trace.Wrap(err) } - log.Debugf("Touch ID: using credential %q", cred.CredentialID) + logger.DebugContext(context.Background(), "using credential", "credential_id", cred.CredentialID) attData, err := makeAttestationData(protocol.AssertCeremony, origin, rpID, assertion.Response.Challenge, nil /* cred */) if err != nil { @@ -609,7 +613,7 @@ func ListCredentials() ([]CredentialInfo, error) { info := &infos[i] key, err := darwin.ECDSAPublicKeyFromRaw(info.publicKeyRaw) if err != nil { - log.Warnf("Failed to convert public key: %v", err) + logger.WarnContext(context.Background(), "Failed to convert public key", "error", err) } info.PublicKey = key // this is OK, even if it's nil info.publicKeyRaw = nil diff --git a/lib/auth/touchid/api_darwin.go b/lib/auth/touchid/api_darwin.go index a7ac71653a863..723660e831c50 100644 --- a/lib/auth/touchid/api_darwin.go +++ b/lib/auth/touchid/api_darwin.go @@ -33,6 +33,7 @@ package touchid import "C" import ( + "context" "encoding/base64" "fmt" "runtime/cgo" @@ -42,7 +43,8 @@ import ( "github.com/google/uuid" "github.com/gravitational/trace" - log "github.com/sirupsen/logrus" + + logutils "github.com/gravitational/teleport/lib/utils/log" ) const ( @@ -110,7 +112,7 @@ func (touchIDImpl) Diag() (*DiagResult, error) { laErrorDomain := C.GoString(resC.la_error_domain) laErrorDescription := C.GoString(resC.la_error_description) if !passedLA && laErrorDescription != "" { - log.Debugf("Touch ID: LAError description: %v", laErrorDescription) + logger.DebugContext(context.Background(), "Received non-empty LAError description", "description", laErrorDescription) } isAvailable := signed && entitled && passedLA && passedEnclave @@ -141,7 +143,7 @@ func runGoFuncHandle(handle C.uintptr_t) { val := cgo.Handle(handle).Value() fn, ok := val.(func()) if !ok { - log.Warnf("Touch ID: received unexpected function handle: %T", val) + logger.WarnContext(context.Background(), "received unexpected function handle", "handle", logutils.TypeAttr(val)) return } fn() @@ -304,6 +306,8 @@ func readCredentialInfos(find func(**C.CredentialInfo) C.int) ([]CredentialInfo, var infosC *C.CredentialInfo defer func() { C.free(unsafe.Pointer(infosC)) }() + ctx := context.Background() + res := find(&infosC) if res < 0 { return nil, int(res) @@ -338,21 +342,30 @@ func readCredentialInfos(find func(**C.CredentialInfo) C.int) ([]CredentialInfo, // user@rpid parsedLabel, err := parseLabel(label) if err != nil { - log.Debugf("Skipping credential %q: %v", credentialID, err) + logger.DebugContext(ctx, "Skipping credential", + "credential_id", credentialID, + "error", err, + ) continue } // user handle userHandle, err := base64.RawURLEncoding.DecodeString(appTag) if err != nil { - log.Debugf("Skipping credential %q: unexpected application tag: %q", credentialID, appTag) + logger.DebugContext(ctx, "Skipping credential, unexpected application tag", + "credential_id", credentialID, + "app_tag", appTag, + ) continue } // ECDSA public key pubKeyRaw, err := base64.StdEncoding.DecodeString(pubKeyB64) if err != nil { - log.WithError(err).Warnf("Failed to decode public key for credential %q", credentialID) + logger.WarnContext(ctx, "Failed to decode public key for credential", + "credential_id", credentialID, + "error", err, + ) // Do not return or break out of the loop, it needs to run in order to // deallocate the structs within. } @@ -361,7 +374,11 @@ func readCredentialInfos(find func(**C.CredentialInfo) C.int) ([]CredentialInfo, const iso8601Format = "2006-01-02T15:04:05Z0700" createTime, err := time.Parse(iso8601Format, creationDate) if err != nil { - log.WithError(err).Warnf("Failed to parse creation time %q for credential %q", creationDate, credentialID) + logger.WarnContext(ctx, "Failed to parse creation time for credential", + "creation_time", creationDate, + "credential_id", credentialID, + "error", err, + ) } infos = append(infos, CredentialInfo{