]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/journal/journald.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
journal: automatically evolve FSS key even when nothing is logged
[thirdparty/systemd.git] / src / journal / journald.c
CommitLineData
87d2c1ff
LP		 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3/***
4 This file is part of systemd.
5
6 Copyright 2011 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
87d2c1ff
LP		 11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 16 Lesser General Public License for more details.
87d2c1ff 17
5430f7f2 18 You should have received a copy of the GNU Lesser General Public License
87d2c1ff
LP		 19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
22#include <sys/epoll.h>
23#include <sys/socket.h>
24#include <errno.h>
25#include <sys/signalfd.h>
26#include <unistd.h>
27#include <fcntl.h>
7f3e6257
LP		 28#include <stddef.h>
29#include <sys/ioctl.h>
30#include <linux/sockios.h>
6e409ce1 31#include <sys/statvfs.h>
cee5e9a7 32#include <sys/mman.h>
87d2c1ff 33
81527be1 34#include <systemd/sd-journal.h>
81527be1
LP		 35#include <systemd/sd-messages.h>
36#include <systemd/sd-daemon.h>
37
ba1261bc
LP		 38#ifdef HAVE_LOGIND
39#include <systemd/sd-login.h>
40#endif
41
49e942b2 42#include "mkdir.h"
87d2c1ff 43#include "hashmap.h"
cec736d2 44#include "journal-file.h"
87d2c1ff 45#include "socket-util.h"
69e5d42d 46#include "cgroup-util.h"
fe652127 47#include "list.h"
6e409ce1 48#include "journal-rate-limit.h"
cf244689 49#include "journal-internal.h"
0284adc6 50#include "journal-vacuum.h"
89fef990 51#include "journal-authenticate.h"
e6960940
LP		 52#include "conf-parser.h"
53#include "journald.h"
effb1102 54#include "virt.h"
7f2c63cb 55#include "missing.h"
87d2c1ff 56
e6520a0f
LP		 57#ifdef HAVE_ACL
58#include <sys/acl.h>
59#include <acl/libacl.h>
79c07722 60#include "acl-util.h"
e6520a0f
LP		 61#endif
62
8a0f04e6
LP		 63#ifdef HAVE_SELINUX
64#include <selinux/selinux.h>
65#endif
66
cab8ac60 67#define USER_JOURNALS_MAX 1024
fe652127
LP		 68#define STDOUT_STREAMS_MAX 4096
69
de97b26a
LP		 70#define DEFAULT_RATE_LIMIT_INTERVAL (10*USEC_PER_SEC)
71#define DEFAULT_RATE_LIMIT_BURST 200
72
9cfb57c9
LP		 73#define RECHECK_AVAILABLE_SPACE_USEC (30*USEC_PER_SEC)
74
8a0f04e6 75#define N_IOVEC_META_FIELDS 17
e7573d7f 76#define N_IOVEC_KERNEL_FIELDS 64
224f2ee2 77
0dad12c1
LP		 78#define ENTRY_SIZE_MAX (1024*1024*32)
79
fe652127 80typedef enum StdoutStreamState {
4cd9a9d9 81 STDOUT_STREAM_IDENTIFIER,
62bca2c6 82 STDOUT_STREAM_UNIT_ID,
fe652127 83 STDOUT_STREAM_PRIORITY,
258cdffc 84 STDOUT_STREAM_LEVEL_PREFIX,
224f2ee2
LP		 85 STDOUT_STREAM_FORWARD_TO_SYSLOG,
86 STDOUT_STREAM_FORWARD_TO_KMSG,
87 STDOUT_STREAM_FORWARD_TO_CONSOLE,
fe652127
LP		 88 STDOUT_STREAM_RUNNING
89} StdoutStreamState;
90
91struct StdoutStream {
92 Server *server;
93 StdoutStreamState state;
94
95 int fd;
96
97 struct ucred ucred;
7f2c63cb
LP		 98#ifdef HAVE_SELINUX
99 security_context_t security_context;
100#endif
fe652127 101
4cd9a9d9 102 char *identifier;
62bca2c6 103 char *unit_id;
fe652127 104 int priority;
258cdffc 105 bool level_prefix:1;
224f2ee2
LP		 106 bool forward_to_syslog:1;
107 bool forward_to_kmsg:1;
108 bool forward_to_console:1;
fe652127
LP		 109
110 char buffer[LINE_MAX+1];
111 size_t length;
112
113 LIST_FIELDS(StdoutStream, stdout_stream);
114};
115
e156d769
LP		 116static const char* const storage_table[] = {
117 [STORAGE_AUTO] = "auto",
118 [STORAGE_VOLATILE] = "volatile",
205c4d1d 119 [STORAGE_PERSISTENT] = "persistent",
e156d769
LP		 120 [STORAGE_NONE] = "none"
121};
122
123DEFINE_STRING_TABLE_LOOKUP(storage, Storage);
124DEFINE_CONFIG_PARSE_ENUM(config_parse_storage, storage, Storage, "Failed to parse storage setting");
125
6e409ce1 126static uint64_t available_space(Server *s) {
babfc091 127 char ids[33], *p;
6e409ce1 128 const char *f;
babfc091 129 sd_id128_t machine;
6e409ce1
LP		 130 struct statvfs ss;
131 uint64_t sum = 0, avail = 0, ss_avail = 0;
132 int r;
133 DIR *d;
babfc091
LP		 134 usec_t ts;
135 JournalMetrics *m;
136
137 ts = now(CLOCK_MONOTONIC);
9cfb57c9
LP		 138
139 if (s->cached_available_space_timestamp + RECHECK_AVAILABLE_SPACE_USEC > ts)
140 return s->cached_available_space;
6e409ce1
LP		 141
142 r = sd_id128_get_machine(&machine);
143 if (r < 0)
144 return 0;
145
babfc091 146 if (s->system_journal) {
6e409ce1 147 f = "/var/log/journal/";
babfc091
LP		 148 m = &s->system_metrics;
149 } else {
6e409ce1 150 f = "/run/log/journal/";
babfc091
LP		 151 m = &s->runtime_metrics;
152 }
153
154 assert(m);
6e409ce1
LP		 155
156 p = strappend(f, sd_id128_to_string(machine, ids));
157 if (!p)
158 return 0;
159
160 d = opendir(p);
161 free(p);
162
163 if (!d)
164 return 0;
165
166 if (fstatvfs(dirfd(d), &ss) < 0)
167 goto finish;
168
169 for (;;) {
170 struct stat st;
171 struct dirent buf, *de;
6e409ce1 172
34a35ece
LP		 173 r = readdir_r(d, &buf, &de);
174 if (r != 0)
175 break;
6e409ce1
LP		 176
177 if (!de)
178 break;
179
c0421793
LP		 180 if (!endswith(de->d_name, ".journal") &&
181 !endswith(de->d_name, ".journal~"))
6e409ce1
LP		 182 continue;
183
184 if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0)
185 continue;
186
a3a52c0f
LP		 187 if (!S_ISREG(st.st_mode))
188 continue;
189
190 sum += (uint64_t) st.st_blocks * 512UL;
6e409ce1
LP		 191 }
192
babfc091 193 avail = sum >= m->max_use ? 0 : m->max_use - sum;
6e409ce1
LP		 194
195 ss_avail = ss.f_bsize * ss.f_bavail;
196
babfc091 197 ss_avail = ss_avail < m->keep_free ? 0 : ss_avail - m->keep_free;
6e409ce1
LP		 198
199 if (ss_avail < avail)
200 avail = ss_avail;
201
9cfb57c9
LP		 202 s->cached_available_space = avail;
203 s->cached_available_space_timestamp = ts;
204
6e409ce1
LP		 205finish:
206 closedir(d);
207
208 return avail;
209}
210
5e41cfec
LP		 211static void server_read_file_gid(Server *s) {
212 const char *adm = "adm";
213 int r;
214
215 assert(s);
216
217 if (s->file_gid_valid)
218 return;
219
220 r = get_group_creds(&adm, &s->file_gid);
221 if (r < 0)
222 log_warning("Failed to resolve 'adm' group: %s", strerror(-r));
223
224 /* if we couldn't read the gid, then it will be 0, but that's
225 * fine and we shouldn't try to resolve the group again, so
226 * let's just pretend it worked right-away. */
227 s->file_gid_valid = true;
228}
229
230static void server_fix_perms(Server *s, JournalFile *f, uid_t uid) {
e6520a0f
LP		 231 int r;
232#ifdef HAVE_ACL
f4b47811
LP		 233 acl_t acl;
234 acl_entry_t entry;
235 acl_permset_t permset;
e6520a0f 236#endif
f4b47811
LP		 237
238 assert(f);
239
5e41cfec
LP		 240 server_read_file_gid(s);
241
242 r = fchmod_and_fchown(f->fd, 0640, 0, s->file_gid);
f4b47811
LP		 243 if (r < 0)
244 log_warning("Failed to fix access mode/rights on %s, ignoring: %s", f->path, strerror(-r));
245
e6520a0f 246#ifdef HAVE_ACL
f4b47811
LP		 247 if (uid <= 0)
248 return;
249
250 acl = acl_get_fd(f->fd);
251 if (!acl) {
252 log_warning("Failed to read ACL on %s, ignoring: %m", f->path);
253 return;
254 }
255
256 r = acl_find_uid(acl, uid, &entry);
257 if (r <= 0) {
258
259 if (acl_create_entry(&acl, &entry) < 0 ||
260 acl_set_tag_type(entry, ACL_USER) < 0 ||
261 acl_set_qualifier(entry, &uid) < 0) {
262 log_warning("Failed to patch ACL on %s, ignoring: %m", f->path);
263 goto finish;
264 }
265 }
266
267 if (acl_get_permset(entry, &permset) < 0 ||
268 acl_add_perm(permset, ACL_READ) < 0 ||
269 acl_calc_mask(&acl) < 0) {
270 log_warning("Failed to patch ACL on %s, ignoring: %m", f->path);
271 goto finish;
272 }
273
274 if (acl_set_fd(f->fd, acl) < 0)
275 log_warning("Failed to set ACL on %s, ignoring: %m", f->path);
276
277finish:
278 acl_free(acl);
e6520a0f 279#endif
f4b47811
LP		 280}
281
282static JournalFile* find_journal(Server *s, uid_t uid) {
283 char *p;
284 int r;
285 JournalFile *f;
3fbf9cbb 286 sd_id128_t machine;
f4b47811
LP		 287
288 assert(s);
289
cf244689
LP		 290 /* We split up user logs only on /var, not on /run. If the
291 * runtime file is open, we write to it exclusively, in order
292 * to guarantee proper order as soon as we flush /run to
293 * /var and close the runtime file. */
294
295 if (s->runtime_journal)
f4b47811
LP		 296 return s->runtime_journal;
297
298 if (uid <= 0)
299 return s->system_journal;
300
3fbf9cbb
LP		 301 r = sd_id128_get_machine(&machine);
302 if (r < 0)
303 return s->system_journal;
304
f4b47811
LP		 305 f = hashmap_get(s->user_journals, UINT32_TO_PTR(uid));
306 if (f)
307 return f;
308
7560fffc
LP		 309 if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/user-%lu.journal",
310 SD_ID128_FORMAT_VAL(machine), (unsigned long) uid) < 0)
f4b47811
LP		 311 return s->system_journal;
312
cab8ac60
LP		 313 while (hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
314 /* Too many open? Then let's close one */
315 f = hashmap_steal_first(s->user_journals);
316 assert(f);
317 journal_file_close(f);
318 }
319
eb53b74f 320 r = journal_file_open_reliably(p, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, s->system_journal, &f);
f4b47811
LP		 321 free(p);
322
323 if (r < 0)
324 return s->system_journal;
325
5e41cfec 326 server_fix_perms(s, f, uid);
f4b47811
LP		 327
328 r = hashmap_put(s->user_journals, UINT32_TO_PTR(uid), f);
329 if (r < 0) {
330 journal_file_close(f);
331 return s->system_journal;
332 }
333
334 return f;
335}
336
b1a0ab71
LP		 337static void server_rotate(Server *s) {
338 JournalFile *f;
bc85bfee 339 void *k;
b1a0ab71 340 Iterator i;
bc85bfee 341 int r;
bc85bfee
LP		 342
343 log_info("Rotating...");
344
345 if (s->runtime_journal) {
7560fffc 346 r = journal_file_rotate(&s->runtime_journal, s->compress, false);
bc85bfee 347 if (r < 0)
499fb215
SS		 348 if (s->runtime_journal)
349 log_error("Failed to rotate %s: %s", s->runtime_journal->path, strerror(-r));
350 else
351 log_error("Failed to create new runtime journal: %s", strerror(-r));
5e62067d
LP		 352 else
353 server_fix_perms(s, s->runtime_journal, 0);
bc85bfee
LP		 354 }
355
356 if (s->system_journal) {
eb53b74f 357 r = journal_file_rotate(&s->system_journal, s->compress, s->seal);
bc85bfee 358 if (r < 0)
499fb215
SS		 359 if (s->system_journal)
360 log_error("Failed to rotate %s: %s", s->system_journal->path, strerror(-r));
361 else
362 log_error("Failed to create new system journal: %s", strerror(-r));
363
5e62067d
LP		 364 else
365 server_fix_perms(s, s->system_journal, 0);
bc85bfee
LP		 366 }
367
368 HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
eb53b74f 369 r = journal_file_rotate(&f, s->compress, s->seal);
bc85bfee 370 if (r < 0)
499fb215
SS		 371 if (f->path)
372 log_error("Failed to rotate %s: %s", f->path, strerror(-r));
373 else
374 log_error("Failed to create user journal: %s", strerror(-r));
5e62067d 375 else {
bc85bfee 376 hashmap_replace(s->user_journals, k, f);
5e62067d
LP		 377 server_fix_perms(s, s->system_journal, PTR_TO_UINT32(k));
378 }
bc85bfee 379 }
b1a0ab71
LP		 380}
381
382static void server_vacuum(Server *s) {
383 char *p;
384 char ids[33];
385 sd_id128_t machine;
386 int r;
bc85bfee
LP		 387
388 log_info("Vacuuming...");
389
390 r = sd_id128_get_machine(&machine);
391 if (r < 0) {
392 log_error("Failed to get machine ID: %s", strerror(-r));
393 return;
394 }
395
babfc091 396 sd_id128_to_string(machine, ids);
bc85bfee 397
babfc091
LP		 398 if (s->system_journal) {
399 if (asprintf(&p, "/var/log/journal/%s", ids) < 0) {
0d0f0c50 400 log_oom();
babfc091
LP		 401 return;
402 }
bc85bfee 403
babfc091
LP		 404 r = journal_directory_vacuum(p, s->system_metrics.max_use, s->system_metrics.keep_free);
405 if (r < 0 && r != -ENOENT)
406 log_error("Failed to vacuum %s: %s", p, strerror(-r));
407 free(p);
bc85bfee
LP		 408 }
409
babfc091
LP		 410 if (s->runtime_journal) {
411 if (asprintf(&p, "/run/log/journal/%s", ids) < 0) {
0d0f0c50 412 log_oom();
babfc091
LP		 413 return;
414 }
415
416 r = journal_directory_vacuum(p, s->runtime_metrics.max_use, s->runtime_metrics.keep_free);
417 if (r < 0 && r != -ENOENT)
418 log_error("Failed to vacuum %s: %s", p, strerror(-r));
419 free(p);
420 }
9cfb57c9
LP		 421
422 s->cached_available_space_timestamp = 0;
bc85bfee
LP		 423}
424
6e409ce1
LP		 425static char *shortened_cgroup_path(pid_t pid) {
426 int r;
427 char *process_path, *init_path, *path;
428
429 assert(pid > 0);
430
431 r = cg_get_by_pid(SYSTEMD_CGROUP_CONTROLLER, pid, &process_path);
432 if (r < 0)
433 return NULL;
434
435 r = cg_get_by_pid(SYSTEMD_CGROUP_CONTROLLER, 1, &init_path);
436 if (r < 0) {
437 free(process_path);
438 return NULL;
439 }
440
bad75c27
LP		 441 if (endswith(init_path, "/system"))
442 init_path[strlen(init_path) - 7] = 0;
443 else if (streq(init_path, "/"))
6e409ce1
LP		 444 init_path[0] = 0;
445
783d2675
LP		 446 if (startswith(process_path, init_path)) {
447 char *p;
448
449 p = strdup(process_path + strlen(init_path));
450 if (!p) {
451 free(process_path);
452 free(init_path);
453 return NULL;
454 }
455 path = p;
456 } else {
6e409ce1 457 path = process_path;
783d2675
LP		 458 process_path = NULL;
459 }
6e409ce1 460
783d2675 461 free(process_path);
6e409ce1
LP		 462 free(init_path);
463
464 return path;
465}
466
dca6219e
LP		 467static void write_to_journal(Server *s, uid_t uid, struct iovec *iovec, unsigned n) {
468 JournalFile *f;
469 bool vacuumed = false;
470 int r;
471
472 assert(s);
473 assert(iovec);
474 assert(n > 0);
475
476 f = find_journal(s, uid);
477 if (!f)
478 return;
479
480 if (journal_file_rotate_suggested(f)) {
481 log_info("Journal header limits reached or header out-of-date, rotating.");
482 server_rotate(s);
483 server_vacuum(s);
484 vacuumed = true;
c2a623d8
LP		 485
486 f = find_journal(s, uid);
487 if (!f)
488 return;
dca6219e
LP		 489 }
490
491 for (;;) {
492 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
493 if (r >= 0)
494 return;
495
496 if (vacuumed ||
497 (r != -E2BIG && /* hit limit */
498 r != -EFBIG && /* hit fs limit */
499 r != -EDQUOT && /* quota hit */
500 r != -ENOSPC && /* disk full */
501 r != -EBADMSG && /* corrupted */
502 r != -ENODATA && /* truncated */
503 r != -EHOSTDOWN && /* other machine */
71fa6f00
LP		 504 r != -EPROTONOSUPPORT && /* unsupported feature */
505 r != -EBUSY && /* unclean shutdown */
506 r != -ESHUTDOWN /* already archived */)) {
dca6219e
LP		 507 log_error("Failed to write entry, ignoring: %s", strerror(-r));
508 return;
509 }
510
511 if (r == -E2BIG || r == -EFBIG || r == EDQUOT || r == ENOSPC)
512 log_info("Allocation limit reached, rotating.");
513 else if (r == -EHOSTDOWN)
514 log_info("Journal file from other machine, rotating.");
71fa6f00
LP		 515 else if (r == -EBUSY)
516 log_info("Unlcean shutdown, rotating.");
dca6219e
LP		 517 else
518 log_warning("Journal file corrupted, rotating.");
519
520 server_rotate(s);
521 server_vacuum(s);
522 vacuumed = true;
523
32fca2d5
LP		 524 f = find_journal(s, uid);
525 if (!f)
526 return;
527
dca6219e
LP		 528 log_info("Retrying write.");
529 }
530}
531
7f2c63cb
LP		 532static void dispatch_message_real(
533 Server *s,
534 struct iovec *iovec, unsigned n, unsigned m,
535 struct ucred *ucred,
536 struct timeval *tv,
8b38f3cc
LP		 537 const char *label, size_t label_len,
538 const char *unit_id) {
6e409ce1 539
7f3e6257 540 char *pid = NULL, *uid = NULL, *gid = NULL,
87d2c1ff
LP		 541 *source_time = NULL, *boot_id = NULL, *machine_id = NULL,
542 *comm = NULL, *cmdline = NULL, *hostname = NULL,
543 *audit_session = NULL, *audit_loginuid = NULL,
85d83bf4 544 *exe = NULL, *cgroup = NULL, *session = NULL,
8a0f04e6 545 *owner_uid = NULL, *unit = NULL, *selinux_context = NULL;
7f3e6257 546
87d2c1ff
LP		 547 char idbuf[33];
548 sd_id128_t id;
549 int r;
550 char *t;
de190aef 551 uid_t loginuid = 0, realuid = 0;
87d2c1ff 552
7f3e6257 553 assert(s);
6e409ce1
LP		 554 assert(iovec);
555 assert(n > 0);
224f2ee2 556 assert(n + N_IOVEC_META_FIELDS <= m);
87d2c1ff
LP		 557
558 if (ucred) {
85d83bf4 559 uint32_t audit;
ba1261bc 560#ifdef HAVE_LOGIND
85d83bf4 561 uid_t owner;
ba1261bc 562#endif
87d2c1ff 563
de190aef
LP		 564 realuid = ucred->uid;
565
566 if (asprintf(&pid, "_PID=%lu", (unsigned long) ucred->pid) >= 0)
87d2c1ff
LP		 567 IOVEC_SET_STRING(iovec[n++], pid);
568
de190aef 569 if (asprintf(&uid, "_UID=%lu", (unsigned long) ucred->uid) >= 0)
87d2c1ff
LP		 570 IOVEC_SET_STRING(iovec[n++], uid);
571
de190aef 572 if (asprintf(&gid, "_GID=%lu", (unsigned long) ucred->gid) >= 0)
87d2c1ff
LP		 573 IOVEC_SET_STRING(iovec[n++], gid);
574
575 r = get_process_comm(ucred->pid, &t);
576 if (r >= 0) {
de190aef 577 comm = strappend("_COMM=", t);
85d83bf4
LP		 578 free(t);
579
87d2c1ff
LP		 580 if (comm)
581 IOVEC_SET_STRING(iovec[n++], comm);
87d2c1ff
LP		 582 }
583
584 r = get_process_exe(ucred->pid, &t);
585 if (r >= 0) {
de190aef 586 exe = strappend("_EXE=", t);
85d83bf4
LP		 587 free(t);
588
5c3759bf 589 if (exe)
87d2c1ff 590 IOVEC_SET_STRING(iovec[n++], exe);
87d2c1ff
LP		 591 }
592
593 r = get_process_cmdline(ucred->pid, LINE_MAX, false, &t);
594 if (r >= 0) {
de190aef 595 cmdline = strappend("_CMDLINE=", t);
85d83bf4
LP		 596 free(t);
597
87d2c1ff
LP		 598 if (cmdline)
599 IOVEC_SET_STRING(iovec[n++], cmdline);
87d2c1ff
LP		 600 }
601
85d83bf4 602 r = audit_session_from_pid(ucred->pid, &audit);
87d2c1ff 603 if (r >= 0)
85d83bf4 604 if (asprintf(&audit_session, "_AUDIT_SESSION=%lu", (unsigned long) audit) >= 0)
87d2c1ff
LP		 605 IOVEC_SET_STRING(iovec[n++], audit_session);
606
607 r = audit_loginuid_from_pid(ucred->pid, &loginuid);
608 if (r >= 0)
de190aef 609 if (asprintf(&audit_loginuid, "_AUDIT_LOGINUID=%lu", (unsigned long) loginuid) >= 0)
87d2c1ff 610 IOVEC_SET_STRING(iovec[n++], audit_loginuid);
69e5d42d 611
85d83bf4
LP		 612 t = shortened_cgroup_path(ucred->pid);
613 if (t) {
614 cgroup = strappend("_SYSTEMD_CGROUP=", t);
615 free(t);
616
69e5d42d
LP		 617 if (cgroup)
618 IOVEC_SET_STRING(iovec[n++], cgroup);
85d83bf4
LP		 619 }
620
ba1261bc 621#ifdef HAVE_LOGIND
85d83bf4
LP		 622 if (sd_pid_get_session(ucred->pid, &t) >= 0) {
623 session = strappend("_SYSTEMD_SESSION=", t);
624 free(t);
625
626 if (session)
627 IOVEC_SET_STRING(iovec[n++], session);
628 }
6e409ce1 629
ba1261bc
LP		 630 if (sd_pid_get_owner_uid(ucred->uid, &owner) >= 0)
631 if (asprintf(&owner_uid, "_SYSTEMD_OWNER_UID=%lu", (unsigned long) owner) >= 0)
632 IOVEC_SET_STRING(iovec[n++], owner_uid);
633#endif
634
635 if (cg_pid_get_unit(ucred->pid, &t) >= 0) {
94fb446e 636 unit = strappend("_SYSTEMD_UNIT=", t);
85d83bf4 637 free(t);
62bca2c6
ED		 638 } else if (unit_id)
639 unit = strappend("_SYSTEMD_UNIT=", unit_id);
85d83bf4 640
62bca2c6
ED		 641 if (unit)
642 IOVEC_SET_STRING(iovec[n++], unit);
85d83bf4 643
8a0f04e6 644#ifdef HAVE_SELINUX
7f2c63cb
LP		 645 if (label) {
646 selinux_context = malloc(sizeof("_SELINUX_CONTEXT=") + label_len);
647 if (selinux_context) {
648 memcpy(selinux_context, "_SELINUX_CONTEXT=", sizeof("_SELINUX_CONTEXT=")-1);
649 memcpy(selinux_context+sizeof("_SELINUX_CONTEXT=")-1, label, label_len);
650 selinux_context[sizeof("_SELINUX_CONTEXT=")-1+label_len] = 0;
8a0f04e6 651 IOVEC_SET_STRING(iovec[n++], selinux_context);
7f2c63cb
LP		 652 }
653 } else {
654 security_context_t con;
655
656 if (getpidcon(ucred->pid, &con) >= 0) {
657 selinux_context = strappend("_SELINUX_CONTEXT=", con);
658 if (selinux_context)
659 IOVEC_SET_STRING(iovec[n++], selinux_context);
8a0f04e6 660
7f2c63cb
LP		 661 freecon(con);
662 }
8a0f04e6
LP		 663 }
664#endif
87d2c1ff
LP		 665 }
666
667 if (tv) {
de190aef 668 if (asprintf(&source_time, "_SOURCE_REALTIME_TIMESTAMP=%llu",
87d2c1ff
LP		 669 (unsigned long long) timeval_load(tv)) >= 0)
670 IOVEC_SET_STRING(iovec[n++], source_time);
671 }
672
ed49ef3f
LP		 673 /* Note that strictly speaking storing the boot id here is
674 * redundant since the entry includes this in-line
675 * anyway. However, we need this indexed, too. */
87d2c1ff
LP		 676 r = sd_id128_get_boot(&id);
677 if (r >= 0)
de190aef 678 if (asprintf(&boot_id, "_BOOT_ID=%s", sd_id128_to_string(id, idbuf)) >= 0)
87d2c1ff
LP		 679 IOVEC_SET_STRING(iovec[n++], boot_id);
680
681 r = sd_id128_get_machine(&id);
682 if (r >= 0)
de190aef 683 if (asprintf(&machine_id, "_MACHINE_ID=%s", sd_id128_to_string(id, idbuf)) >= 0)
87d2c1ff
LP		 684 IOVEC_SET_STRING(iovec[n++], machine_id);
685
686 t = gethostname_malloc();
687 if (t) {
de190aef 688 hostname = strappend("_HOSTNAME=", t);
85d83bf4 689 free(t);
87d2c1ff
LP		 690 if (hostname)
691 IOVEC_SET_STRING(iovec[n++], hostname);
87d2c1ff
LP		 692 }
693
7f3e6257
LP		 694 assert(n <= m);
695
dca6219e 696 write_to_journal(s, realuid == 0 ? 0 : loginuid, iovec, n);
87d2c1ff 697
87d2c1ff
LP		 698 free(pid);
699 free(uid);
700 free(gid);
701 free(comm);
69e5d42d 702 free(exe);
87d2c1ff
LP		 703 free(cmdline);
704 free(source_time);
705 free(boot_id);
706 free(machine_id);
707 free(hostname);
708 free(audit_session);
709 free(audit_loginuid);
7f3e6257 710 free(cgroup);
85d83bf4
LP		 711 free(session);
712 free(owner_uid);
94fb446e 713 free(unit);
8a0f04e6 714 free(selinux_context);
7f3e6257
LP		 715}
716
224f2ee2
LP		 717static void driver_message(Server *s, sd_id128_t message_id, const char *format, ...) {
718 char mid[11 + 32 + 1];
719 char buffer[16 + LINE_MAX + 1];
33eb8abf 720 struct iovec iovec[N_IOVEC_META_FIELDS + 4];
224f2ee2
LP		 721 int n = 0;
722 va_list ap;
723 struct ucred ucred;
724
725 assert(s);
726 assert(format);
727
c51742d0 728 IOVEC_SET_STRING(iovec[n++], "PRIORITY=6");
33eb8abf 729 IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=driver");
224f2ee2
LP		 730
731 memcpy(buffer, "MESSAGE=", 8);
732 va_start(ap, format);
733 vsnprintf(buffer + 8, sizeof(buffer) - 8, format, ap);
734 va_end(ap);
735 char_array_0(buffer);
736 IOVEC_SET_STRING(iovec[n++], buffer);
737
738 snprintf(mid, sizeof(mid), "MESSAGE_ID=" SD_ID128_FORMAT_STR, SD_ID128_FORMAT_VAL(message_id));
739 char_array_0(mid);
740 IOVEC_SET_STRING(iovec[n++], mid);
741
742 zero(ucred);
743 ucred.pid = getpid();
744 ucred.uid = getuid();
745 ucred.gid = getgid();
746
62bca2c6 747 dispatch_message_real(s, iovec, n, ELEMENTSOF(iovec), &ucred, NULL, NULL, 0, NULL);
224f2ee2
LP		 748}
749
6e409ce1
LP		 750static void dispatch_message(Server *s,
751 struct iovec *iovec, unsigned n, unsigned m,
752 struct ucred *ucred,
753 struct timeval *tv,
7f2c63cb 754 const char *label, size_t label_len,
62bca2c6 755 const char *unit_id,
6e409ce1
LP		 756 int priority) {
757 int rl;
783d2675 758 char *path = NULL, *c;
6e409ce1
LP		 759
760 assert(s);
761 assert(iovec || n == 0);
762
763 if (n == 0)
764 return;
765
213ba152
LP		 766 if (LOG_PRI(priority) > s->max_level_store)
767 return;
768
6e409ce1
LP		 769 if (!ucred)
770 goto finish;
771
772 path = shortened_cgroup_path(ucred->pid);
773 if (!path)
774 goto finish;
775
776 /* example: /user/lennart/3/foobar
777 * /system/dbus.service/foobar
778 *
779 * So let's cut of everything past the third /, since that is
780 * wher user directories start */
781
782 c = strchr(path, '/');
783 if (c) {
784 c = strchr(c+1, '/');
785 if (c) {
786 c = strchr(c+1, '/');
787 if (c)
788 *c = 0;
789 }
790 }
791
224f2ee2 792 rl = journal_rate_limit_test(s->rate_limit, path, priority & LOG_PRIMASK, available_space(s));
6e409ce1
LP		 793
794 if (rl == 0) {
795 free(path);
796 return;
797 }
798
224f2ee2
LP		 799 /* Write a suppression message if we suppressed something */
800 if (rl > 1)
801 driver_message(s, SD_MESSAGE_JOURNAL_DROPPED, "Suppressed %u messages from %s", rl - 1, path);
802
803 free(path);
804
805finish:
62bca2c6 806 dispatch_message_real(s, iovec, n, m, ucred, tv, label, label_len, unit_id);
224f2ee2
LP		 807}
808
809static void forward_syslog_iovec(Server *s, const struct iovec *iovec, unsigned n_iovec, struct ucred *ucred, struct timeval *tv) {
810 struct msghdr msghdr;
811 struct cmsghdr *cmsg;
812 union {
813 struct cmsghdr cmsghdr;
814 uint8_t buf[CMSG_SPACE(sizeof(struct ucred))];
815 } control;
816 union sockaddr_union sa;
817
818 assert(s);
819 assert(iovec);
820 assert(n_iovec > 0);
821
822 zero(msghdr);
823 msghdr.msg_iov = (struct iovec*) iovec;
824 msghdr.msg_iovlen = n_iovec;
825
826 zero(sa);
827 sa.un.sun_family = AF_UNIX;
259d2e76 828 strncpy(sa.un.sun_path, "/run/systemd/journal/syslog", sizeof(sa.un.sun_path));
224f2ee2
LP		 829 msghdr.msg_name = &sa;
830 msghdr.msg_namelen = offsetof(union sockaddr_union, un.sun_path) + strlen(sa.un.sun_path);
831
832 if (ucred) {
833 zero(control);
834 msghdr.msg_control = &control;
835 msghdr.msg_controllen = sizeof(control);
836
837 cmsg = CMSG_FIRSTHDR(&msghdr);
838 cmsg->cmsg_level = SOL_SOCKET;
839 cmsg->cmsg_type = SCM_CREDENTIALS;
840 cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
841 memcpy(CMSG_DATA(cmsg), ucred, sizeof(struct ucred));
842 msghdr.msg_controllen = cmsg->cmsg_len;
843 }
844
845 /* Forward the syslog message we received via /dev/log to
846 * /run/systemd/syslog. Unfortunately we currently can't set
847 * the SO_TIMESTAMP auxiliary data, and hence we don't. */
6e409ce1 848
224f2ee2
LP		 849 if (sendmsg(s->syslog_fd, &msghdr, MSG_NOSIGNAL) >= 0)
850 return;
6e409ce1 851
7c8bbccd
LP		 852 /* The socket is full? I guess the syslog implementation is
853 * too slow, and we shouldn't wait for that... */
854 if (errno == EAGAIN)
855 return;
856
224f2ee2
LP		 857 if (ucred && errno == ESRCH) {
858 struct ucred u;
6e409ce1 859
224f2ee2
LP		 860 /* Hmm, presumably the sender process vanished
861 * by now, so let's fix it as good as we
862 * can, and retry */
6e409ce1 863
224f2ee2
LP		 864 u = *ucred;
865 u.pid = getpid();
866 memcpy(CMSG_DATA(cmsg), &u, sizeof(struct ucred));
867
868 if (sendmsg(s->syslog_fd, &msghdr, MSG_NOSIGNAL) >= 0)
869 return;
7c8bbccd
LP		 870
871 if (errno == EAGAIN)
872 return;
6e409ce1
LP		 873 }
874
4ca86bbc
LP		 875 if (errno != ENOENT)
876 log_debug("Failed to forward syslog message: %m");
224f2ee2
LP		 877}
878
213ba152 879static void forward_syslog_raw(Server *s, int priority, const char *buffer, struct ucred *ucred, struct timeval *tv) {
224f2ee2
LP		 880 struct iovec iovec;
881
882 assert(s);
883 assert(buffer);
884
213ba152
LP		 885 if (LOG_PRI(priority) > s->max_level_syslog)
886 return;
887
224f2ee2
LP		 888 IOVEC_SET_STRING(iovec, buffer);
889 forward_syslog_iovec(s, &iovec, 1, ucred, tv);
890}
891
4cd9a9d9 892static void forward_syslog(Server *s, int priority, const char *identifier, const char *message, struct ucred *ucred, struct timeval *tv) {
224f2ee2
LP		 893 struct iovec iovec[5];
894 char header_priority[6], header_time[64], header_pid[16];
895 int n = 0;
896 time_t t;
897 struct tm *tm;
4cd9a9d9 898 char *ident_buf = NULL;
224f2ee2
LP		 899
900 assert(s);
901 assert(priority >= 0);
902 assert(priority <= 999);
903 assert(message);
904
213ba152
LP		 905 if (LOG_PRI(priority) > s->max_level_syslog)
906 return;
907
224f2ee2
LP		 908 /* First: priority field */
909 snprintf(header_priority, sizeof(header_priority), "<%i>", priority);
910 char_array_0(header_priority);
911 IOVEC_SET_STRING(iovec[n++], header_priority);
912
913 /* Second: timestamp */
914 t = tv ? tv->tv_sec : ((time_t) (now(CLOCK_REALTIME) / USEC_PER_SEC));
915 tm = localtime(&t);
916 if (!tm)
917 return;
918 if (strftime(header_time, sizeof(header_time), "%h %e %T ", tm) <= 0)
919 return;
920 IOVEC_SET_STRING(iovec[n++], header_time);
921
4cd9a9d9 922 /* Third: identifier and PID */
224f2ee2 923 if (ucred) {
4cd9a9d9
LP		 924 if (!identifier) {
925 get_process_comm(ucred->pid, &ident_buf);
926 identifier = ident_buf;
224f2ee2
LP		 927 }
928
929 snprintf(header_pid, sizeof(header_pid), "[%lu]: ", (unsigned long) ucred->pid);
930 char_array_0(header_pid);
931
4cd9a9d9
LP		 932 if (identifier)
933 IOVEC_SET_STRING(iovec[n++], identifier);
224f2ee2
LP		 934
935 IOVEC_SET_STRING(iovec[n++], header_pid);
4cd9a9d9
LP		 936 } else if (identifier) {
937 IOVEC_SET_STRING(iovec[n++], identifier);
224f2ee2
LP		 938 IOVEC_SET_STRING(iovec[n++], ": ");
939 }
940
941 /* Fourth: message */
942 IOVEC_SET_STRING(iovec[n++], message);
943
944 forward_syslog_iovec(s, iovec, n, ucred, tv);
945
4cd9a9d9 946 free(ident_buf);
224f2ee2
LP		 947}
948
949static int fixup_priority(int priority) {
950
951 if ((priority & LOG_FACMASK) == 0)
952 return (priority & LOG_PRIMASK) | LOG_USER;
953
954 return priority;
955}
956
4cd9a9d9 957static void forward_kmsg(Server *s, int priority, const char *identifier, const char *message, struct ucred *ucred) {
224f2ee2
LP		 958 struct iovec iovec[5];
959 char header_priority[6], header_pid[16];
960 int n = 0;
4cd9a9d9 961 char *ident_buf = NULL;
224f2ee2
LP		 962
963 assert(s);
964 assert(priority >= 0);
965 assert(priority <= 999);
966 assert(message);
967
51abe64c
LP		 968 if (_unlikely_(LOG_PRI(priority) > s->max_level_kmsg))
969 return;
970
971 if (_unlikely_(s->dev_kmsg_fd < 0))
213ba152
LP		 972 return;
973
224f2ee2
LP		 974 /* Never allow messages with kernel facility to be written to
975 * kmsg, regardless where the data comes from. */
976 priority = fixup_priority(priority);
977
978 /* First: priority field */
979 snprintf(header_priority, sizeof(header_priority), "<%i>", priority);
980 char_array_0(header_priority);
981 IOVEC_SET_STRING(iovec[n++], header_priority);
982
4cd9a9d9 983 /* Second: identifier and PID */
224f2ee2 984 if (ucred) {
4cd9a9d9
LP		 985 if (!identifier) {
986 get_process_comm(ucred->pid, &ident_buf);
987 identifier = ident_buf;
224f2ee2
LP		 988 }
989
990 snprintf(header_pid, sizeof(header_pid), "[%lu]: ", (unsigned long) ucred->pid);
991 char_array_0(header_pid);
992
4cd9a9d9
LP		 993 if (identifier)
994 IOVEC_SET_STRING(iovec[n++], identifier);
224f2ee2
LP		 995
996 IOVEC_SET_STRING(iovec[n++], header_pid);
4cd9a9d9
LP		 997 } else if (identifier) {
998 IOVEC_SET_STRING(iovec[n++], identifier);
224f2ee2
LP		 999 IOVEC_SET_STRING(iovec[n++], ": ");
1000 }
1001
1002 /* Fourth: message */
1003 IOVEC_SET_STRING(iovec[n++], message);
1004 IOVEC_SET_STRING(iovec[n++], "\n");
1005
51abe64c 1006 if (writev(s->dev_kmsg_fd, iovec, n) < 0)
224f2ee2
LP		 1007 log_debug("Failed to write to /dev/kmsg for logging: %s", strerror(errno));
1008
4cd9a9d9 1009 free(ident_buf);
224f2ee2
LP		 1010}
1011
213ba152 1012static void forward_console(Server *s, int priority, const char *identifier, const char *message, struct ucred *ucred) {
224f2ee2
LP		 1013 struct iovec iovec[4];
1014 char header_pid[16];
1015 int n = 0, fd;
4cd9a9d9 1016 char *ident_buf = NULL;
0d9243f0 1017 const char *tty;
224f2ee2
LP		 1018
1019 assert(s);
1020 assert(message);
1021
213ba152
LP		 1022 if (LOG_PRI(priority) > s->max_level_console)
1023 return;
1024
4cd9a9d9 1025 /* First: identifier and PID */
224f2ee2 1026 if (ucred) {
4cd9a9d9
LP		 1027 if (!identifier) {
1028 get_process_comm(ucred->pid, &ident_buf);
1029 identifier = ident_buf;
224f2ee2
LP		 1030 }
1031
1032 snprintf(header_pid, sizeof(header_pid), "[%lu]: ", (unsigned long) ucred->pid);
1033 char_array_0(header_pid);
1034
4cd9a9d9
LP		 1035 if (identifier)
1036 IOVEC_SET_STRING(iovec[n++], identifier);
224f2ee2
LP		 1037
1038 IOVEC_SET_STRING(iovec[n++], header_pid);
4cd9a9d9
LP		 1039 } else if (identifier) {
1040 IOVEC_SET_STRING(iovec[n++], identifier);
224f2ee2
LP		 1041 IOVEC_SET_STRING(iovec[n++], ": ");
1042 }
1043
1044 /* Third: message */
1045 IOVEC_SET_STRING(iovec[n++], message);
1046 IOVEC_SET_STRING(iovec[n++], "\n");
1047
0d9243f0
LP		 1048 tty = s->tty_path ? s->tty_path : "/dev/console";
1049
1050 fd = open_terminal(tty, O_WRONLY|O_NOCTTY|O_CLOEXEC);
224f2ee2 1051 if (fd < 0) {
0d9243f0 1052 log_debug("Failed to open %s for logging: %s", tty, strerror(errno));
224f2ee2
LP		 1053 goto finish;
1054 }
1055
1056 if (writev(fd, iovec, n) < 0)
0d9243f0 1057 log_debug("Failed to write to %s for logging: %s", tty, strerror(errno));
224f2ee2
LP		 1058
1059 close_nointr_nofail(fd);
1060
1061finish:
4cd9a9d9 1062 free(ident_buf);
224f2ee2
LP		 1063}
1064
6c1e6b98 1065static void read_identifier(const char **buf, char **identifier, char **pid) {
224f2ee2
LP		 1066 const char *p;
1067 char *t;
1068 size_t l, e;
1069
1070 assert(buf);
4cd9a9d9 1071 assert(identifier);
6c1e6b98 1072 assert(pid);
224f2ee2
LP		 1073
1074 p = *buf;
1075
1076 p += strspn(p, WHITESPACE);
1077 l = strcspn(p, WHITESPACE);
1078
1079 if (l <= 0 ||
1080 p[l-1] != ':')
1081 return;
1082
1083 e = l;
1084 l--;
1085
1086 if (p[l-1] == ']') {
1087 size_t k = l-1;
1088
1089 for (;;) {
1090
1091 if (p[k] == '[') {
6c1e6b98
LP		 1092 t = strndup(p+k+1, l-k-2);
1093 if (t)
1094 *pid = t;
1095
224f2ee2
LP		 1096 l = k;
1097 break;
1098 }
1099
1100 if (k == 0)
1101 break;
1102
1103 k--;
1104 }
1105 }
1106
1107 t = strndup(p, l);
1108 if (t)
4cd9a9d9 1109 *identifier = t;
224f2ee2
LP		 1110
1111 *buf = p + e;
1112 *buf += strspn(*buf, WHITESPACE);
6e409ce1
LP		 1113}
1114
7f2c63cb 1115static void process_syslog_message(Server *s, const char *buf, struct ucred *ucred, struct timeval *tv, const char *label, size_t label_len) {
6c1e6b98
LP		 1116 char *message = NULL, *syslog_priority = NULL, *syslog_facility = NULL, *syslog_identifier = NULL, *syslog_pid = NULL;
1117 struct iovec iovec[N_IOVEC_META_FIELDS + 6];
7f3e6257
LP		 1118 unsigned n = 0;
1119 int priority = LOG_USER | LOG_INFO;
6c1e6b98 1120 char *identifier = NULL, *pid = NULL;
213ba152 1121 const char *orig;
7f3e6257
LP		 1122
1123 assert(s);
1124 assert(buf);
1125
213ba152
LP		 1126 orig = buf;
1127 parse_syslog_priority((char**) &buf, &priority);
1128
224f2ee2 1129 if (s->forward_to_syslog)
213ba152 1130 forward_syslog_raw(s, priority, orig, ucred, tv);
224f2ee2 1131
7f3e6257 1132 skip_syslog_date((char**) &buf);
6c1e6b98 1133 read_identifier(&buf, &identifier, &pid);
224f2ee2
LP		 1134
1135 if (s->forward_to_kmsg)
4cd9a9d9 1136 forward_kmsg(s, priority, identifier, buf, ucred);
224f2ee2
LP		 1137
1138 if (s->forward_to_console)
213ba152 1139 forward_console(s, priority, identifier, buf, ucred);
7f3e6257 1140
33eb8abf
LP		 1141 IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=syslog");
1142
7f3e6257
LP		 1143 if (asprintf(&syslog_priority, "PRIORITY=%i", priority & LOG_PRIMASK) >= 0)
1144 IOVEC_SET_STRING(iovec[n++], syslog_priority);
1145
224f2ee2
LP		 1146 if (priority & LOG_FACMASK)
1147 if (asprintf(&syslog_facility, "SYSLOG_FACILITY=%i", LOG_FAC(priority)) >= 0)
1148 IOVEC_SET_STRING(iovec[n++], syslog_facility);
1149
4cd9a9d9
LP		 1150 if (identifier) {
1151 syslog_identifier = strappend("SYSLOG_IDENTIFIER=", identifier);
1152 if (syslog_identifier)
1153 IOVEC_SET_STRING(iovec[n++], syslog_identifier);
224f2ee2 1154 }
7f3e6257 1155
6c1e6b98
LP		 1156 if (pid) {
1157 syslog_pid = strappend("SYSLOG_PID=", pid);
1158 if (syslog_pid)
1159 IOVEC_SET_STRING(iovec[n++], syslog_pid);
1160 }
1161
7f3e6257
LP		 1162 message = strappend("MESSAGE=", buf);
1163 if (message)
1164 IOVEC_SET_STRING(iovec[n++], message);
1165
62bca2c6 1166 dispatch_message(s, iovec, n, ELEMENTSOF(iovec), ucred, tv, label, label_len, NULL, priority);
7f3e6257
LP		 1167
1168 free(message);
4cd9a9d9 1169 free(identifier);
6c1e6b98 1170 free(pid);
87d2c1ff 1171 free(syslog_priority);
224f2ee2 1172 free(syslog_facility);
4cd9a9d9 1173 free(syslog_identifier);
4cdc4599 1174 free(syslog_pid);
7f3e6257
LP		 1175}
1176
6ad1d1c3
LP		 1177static bool valid_user_field(const char *p, size_t l) {
1178 const char *a;
1179
1180 /* We kinda enforce POSIX syntax recommendations for
1181 environment variables here, but make a couple of additional
1182 requirements.
1183
1184 http://pubs.opengroup.org/onlinepubs/000095399/basedefs/xbd_chap08.html */
1185
1186 /* No empty field names */
1187 if (l <= 0)
1188 return false;
1189
1190 /* Don't allow names longer than 64 chars */
1191 if (l > 64)
1192 return false;
1193
1194 /* Variables starting with an underscore are protected */
1195 if (p[0] == '_')
1196 return false;
1197
1198 /* Don't allow digits as first character */
1199 if (p[0] >= '0' && p[0] <= '9')
1200 return false;
1201
1202 /* Only allow A-Z0-9 and '_' */
1203 for (a = p; a < p + l; a++)
1204 if (!((*a >= 'A' && *a <= 'Z') ||
1205 (*a >= '0' && *a <= '9') ||
1206 *a == '_'))
1207 return false;
1208
1209 return true;
1210}
1211
7f2c63cb
LP		 1212static void process_native_message(
1213 Server *s,
1214 const void *buffer, size_t buffer_size,
1215 struct ucred *ucred,
1216 struct timeval *tv,
1217 const char *label, size_t label_len) {
1218
7f3e6257 1219 struct iovec *iovec = NULL;
33eb8abf 1220 unsigned n = 0, m = 0, j, tn = (unsigned) -1;
7f3e6257
LP		 1221 const char *p;
1222 size_t remaining;
6e409ce1 1223 int priority = LOG_INFO;
4cd9a9d9 1224 char *identifier = NULL, *message = NULL;
7f3e6257
LP		 1225
1226 assert(s);
7ea07dcd 1227 assert(buffer || buffer_size == 0);
7f3e6257
LP		 1228
1229 p = buffer;
1230 remaining = buffer_size;
1231
1232 while (remaining > 0) {
1233 const char *e, *q;
1234
1235 e = memchr(p, '\n', remaining);
1236
1237 if (!e) {
1238 /* Trailing noise, let's ignore it, and flush what we collected */
1239 log_debug("Received message with trailing noise, ignoring.");
1240 break;
1241 }
1242
1243 if (e == p) {
1244 /* Entry separator */
62bca2c6 1245 dispatch_message(s, iovec, n, m, ucred, tv, label, label_len, NULL, priority);
7f3e6257 1246 n = 0;
6e409ce1 1247 priority = LOG_INFO;
7f3e6257
LP		 1248
1249 p++;
1250 remaining--;
1251 continue;
1252 }
1253
6ad1d1c3
LP		 1254 if (*p == '.' || *p == '#') {
1255 /* Ignore control commands for now, and
1256 * comments too. */
7f3e6257
LP		 1257 remaining -= (e - p) + 1;
1258 p = e + 1;
1259 continue;
1260 }
1261
1262 /* A property follows */
1263
224f2ee2 1264 if (n+N_IOVEC_META_FIELDS >= m) {
7f3e6257
LP		 1265 struct iovec *c;
1266 unsigned u;
1267
33eb8abf 1268 u = MAX((n+N_IOVEC_META_FIELDS+1) * 2U, 4U);
7f3e6257
LP		 1269 c = realloc(iovec, u * sizeof(struct iovec));
1270 if (!c) {
0d0f0c50 1271 log_oom();
7f3e6257
LP		 1272 break;
1273 }
1274
1275 iovec = c;
1276 m = u;
1277 }
1278
1279 q = memchr(p, '=', e - p);
1280 if (q) {
6ad1d1c3 1281 if (valid_user_field(p, q - p)) {
224f2ee2
LP		 1282 size_t l;
1283
1284 l = e - p;
1285
2b0ba69b
LP		 1286 /* If the field name starts with an
1287 * underscore, skip the variable,
1288 * since that indidates a trusted
1289 * field */
1290 iovec[n].iov_base = (char*) p;
224f2ee2 1291 iovec[n].iov_len = l;
2b0ba69b 1292 n++;
6e409ce1
LP		 1293
1294 /* We need to determine the priority
1295 * of this entry for the rate limiting
1296 * logic */
224f2ee2
LP		 1297 if (l == 10 &&
1298 memcmp(p, "PRIORITY=", 9) == 0 &&
1299 p[9] >= '0' && p[9] <= '9')
1300 priority = (priority & LOG_FACMASK) | (p[9] - '0');
1301
1302 else if (l == 17 &&
1303 memcmp(p, "SYSLOG_FACILITY=", 16) == 0 &&
1304 p[16] >= '0' && p[16] <= '9')
1305 priority = (priority & LOG_PRIMASK) | ((p[16] - '0') << 3);
1306
1307 else if (l == 18 &&
1308 memcmp(p, "SYSLOG_FACILITY=", 16) == 0 &&
1309 p[16] >= '0' && p[16] <= '9' &&
1310 p[17] >= '0' && p[17] <= '9')
1311 priority = (priority & LOG_PRIMASK) | (((p[16] - '0')*10 + (p[17] - '0')) << 3);
1312
401cc72d 1313 else if (l >= 19 &&
fca1b90a 1314 memcmp(p, "SYSLOG_IDENTIFIER=", 18) == 0) {
224f2ee2
LP		 1315 char *t;
1316
fca1b90a 1317 t = strndup(p + 18, l - 18);
224f2ee2 1318 if (t) {
4cd9a9d9
LP		 1319 free(identifier);
1320 identifier = t;
224f2ee2
LP		 1321 }
1322 } else if (l >= 8 &&
1323 memcmp(p, "MESSAGE=", 8) == 0) {
1324 char *t;
1325
1326 t = strndup(p + 8, l - 8);
1327 if (t) {
1328 free(message);
1329 message = t;
1330 }
1331 }
2b0ba69b 1332 }
7f3e6257
LP		 1333
1334 remaining -= (e - p) + 1;
1335 p = e + 1;
1336 continue;
1337 } else {
4fd052ae 1338 le64_t l_le;
7f3e6257
LP		 1339 uint64_t l;
1340 char *k;
1341
1342 if (remaining < e - p + 1 + sizeof(uint64_t) + 1) {
1343 log_debug("Failed to parse message, ignoring.");
1344 break;
1345 }
1346
4fd052ae
FC		 1347 memcpy(&l_le, e + 1, sizeof(uint64_t));
1348 l = le64toh(l_le);
7f3e6257
LP		 1349
1350 if (remaining < e - p + 1 + sizeof(uint64_t) + l + 1 ||
1351 e[1+sizeof(uint64_t)+l] != '\n') {
1352 log_debug("Failed to parse message, ignoring.");
1353 break;
1354 }
1355
1356 k = malloc((e - p) + 1 + l);
1357 if (!k) {
0d0f0c50 1358 log_oom();
7f3e6257
LP		 1359 break;
1360 }
1361
1362 memcpy(k, p, e - p);
1363 k[e - p] = '=';
1364 memcpy(k + (e - p) + 1, e + 1 + sizeof(uint64_t), l);
1365
6ad1d1c3 1366 if (valid_user_field(p, e - p)) {
2b0ba69b
LP		 1367 iovec[n].iov_base = k;
1368 iovec[n].iov_len = (e - p) + 1 + l;
1369 n++;
1370 } else
1371 free(k);
7f3e6257
LP		 1372
1373 remaining -= (e - p) + 1 + sizeof(uint64_t) + l + 1;
1374 p = e + 1 + sizeof(uint64_t) + l + 1;
1375 }
1376 }
1377
33eb8abf
LP		 1378 if (n <= 0)
1379 goto finish;
1380
1381 tn = n++;
1382 IOVEC_SET_STRING(iovec[tn], "_TRANSPORT=journal");
1383
224f2ee2
LP		 1384 if (message) {
1385 if (s->forward_to_syslog)
4cd9a9d9 1386 forward_syslog(s, priority, identifier, message, ucred, tv);
224f2ee2
LP		 1387
1388 if (s->forward_to_kmsg)
4cd9a9d9 1389 forward_kmsg(s, priority, identifier, message, ucred);
224f2ee2
LP		 1390
1391 if (s->forward_to_console)
213ba152 1392 forward_console(s, priority, identifier, message, ucred);
224f2ee2
LP		 1393 }
1394
62bca2c6 1395 dispatch_message(s, iovec, n, m, ucred, tv, label, label_len, NULL, priority);
7f3e6257 1396
33eb8abf
LP		 1397finish:
1398 for (j = 0; j < n; j++) {
1399 if (j == tn)
1400 continue;
1401
7f3e6257
LP		 1402 if (iovec[j].iov_base < buffer ||
1403 (const uint8_t*) iovec[j].iov_base >= (const uint8_t*) buffer + buffer_size)
1404 free(iovec[j].iov_base);
33eb8abf 1405 }
224f2ee2 1406
071fd8c2 1407 free(iovec);
4cd9a9d9 1408 free(identifier);
224f2ee2 1409 free(message);
87d2c1ff
LP		 1410}
1411
7f2c63cb
LP		 1412static void process_native_file(
1413 Server *s,
1414 int fd,
1415 struct ucred *ucred,
1416 struct timeval *tv,
1417 const char *label, size_t label_len) {
1418
0dad12c1
LP		 1419 struct stat st;
1420 void *p;
1421 ssize_t n;
1422
1423 assert(s);
1424 assert(fd >= 0);
1425
1426 /* Data is in the passed file, since it didn't fit in a
1427 * datagram. We can't map the file here, since clients might
1428 * then truncate it and trigger a SIGBUS for us. So let's
1429 * stupidly read it */
1430
1431 if (fstat(fd, &st) < 0) {
1432 log_error("Failed to stat passed file, ignoring: %m");
1433 return;
1434 }
1435
1436 if (!S_ISREG(st.st_mode)) {
1437 log_error("File passed is not regular. Ignoring.");
1438 return;
1439 }
1440
1441 if (st.st_size <= 0)
1442 return;
1443
1444 if (st.st_size > ENTRY_SIZE_MAX) {
1445 log_error("File passed too large. Ignoring.");
1446 return;
1447 }
1448
1449 p = malloc(st.st_size);
1450 if (!p) {
0d0f0c50 1451 log_oom();
0dad12c1
LP		 1452 return;
1453 }
1454
1455 n = pread(fd, p, st.st_size, 0);
1456 if (n < 0)
1457 log_error("Failed to read file, ignoring: %s", strerror(-n));
1458 else if (n > 0)
7f2c63cb 1459 process_native_message(s, p, n, ucred, tv, label, label_len);
0dad12c1
LP		 1460
1461 free(p);
1462}
1463
224f2ee2 1464static int stdout_stream_log(StdoutStream *s, const char *p) {
33eb8abf 1465 struct iovec iovec[N_IOVEC_META_FIELDS + 5];
4cd9a9d9 1466 char *message = NULL, *syslog_priority = NULL, *syslog_facility = NULL, *syslog_identifier = NULL;
fe652127 1467 unsigned n = 0;
fe652127 1468 int priority;
7f2c63cb
LP		 1469 char *label = NULL;
1470 size_t label_len = 0;
fe652127 1471
87d2c1ff 1472 assert(s);
fe652127
LP		 1473 assert(p);
1474
0dad12c1
LP		 1475 if (isempty(p))
1476 return 0;
1477
fe652127
LP		 1478 priority = s->priority;
1479
258cdffc 1480 if (s->level_prefix)
224f2ee2 1481 parse_syslog_priority((char**) &p, &priority);
fe652127 1482
224f2ee2 1483 if (s->forward_to_syslog || s->server->forward_to_syslog)
4cd9a9d9 1484 forward_syslog(s->server, fixup_priority(priority), s->identifier, p, &s->ucred, NULL);
fe652127 1485
224f2ee2 1486 if (s->forward_to_kmsg || s->server->forward_to_kmsg)
4cd9a9d9 1487 forward_kmsg(s->server, priority, s->identifier, p, &s->ucred);
fe652127 1488
224f2ee2 1489 if (s->forward_to_console || s->server->forward_to_console)
213ba152 1490 forward_console(s->server, priority, s->identifier, p, &s->ucred);
224f2ee2 1491
33eb8abf
LP		 1492 IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=stdout");
1493
224f2ee2 1494 if (asprintf(&syslog_priority, "PRIORITY=%i", priority & LOG_PRIMASK) >= 0)
fe652127
LP		 1495 IOVEC_SET_STRING(iovec[n++], syslog_priority);
1496
224f2ee2
LP		 1497 if (priority & LOG_FACMASK)
1498 if (asprintf(&syslog_facility, "SYSLOG_FACILITY=%i", LOG_FAC(priority)) >= 0)
1499 IOVEC_SET_STRING(iovec[n++], syslog_facility);
fe652127 1500
4cd9a9d9
LP		 1501 if (s->identifier) {
1502 syslog_identifier = strappend("SYSLOG_IDENTIFIER=", s->identifier);
1503 if (syslog_identifier)
1504 IOVEC_SET_STRING(iovec[n++], syslog_identifier);
87d2c1ff
LP		 1505 }
1506
224f2ee2
LP		 1507 message = strappend("MESSAGE=", p);
1508 if (message)
1509 IOVEC_SET_STRING(iovec[n++], message);
fe652127 1510
7f2c63cb
LP		 1511#ifdef HAVE_SELINUX
1512 if (s->security_context) {
1513 label = (char*) s->security_context;
1514 label_len = strlen((char*) s->security_context);
1515 }
1516#endif
1517
62bca2c6 1518 dispatch_message(s->server, iovec, n, ELEMENTSOF(iovec), &s->ucred, NULL, label, label_len, s->unit_id, priority);
fe652127
LP		 1519
1520 free(message);
1521 free(syslog_priority);
224f2ee2 1522 free(syslog_facility);
4cd9a9d9 1523 free(syslog_identifier);
fe652127
LP		 1524
1525 return 0;
1526}
1527
224f2ee2
LP		 1528static int stdout_stream_line(StdoutStream *s, char *p) {
1529 int r;
1530
fe652127
LP		 1531 assert(s);
1532 assert(p);
1533
224f2ee2 1534 p = strstrip(p);
fe652127
LP		 1535
1536 switch (s->state) {
1537
4cd9a9d9 1538 case STDOUT_STREAM_IDENTIFIER:
4c7de074
LP		 1539 if (isempty(p))
1540 s->identifier = NULL;
1541 else {
1542 s->identifier = strdup(p);
0d0f0c50
SL		 1543 if (!s->identifier)
1544 return log_oom();
fe652127
LP		 1545 }
1546
62bca2c6
ED		 1547 s->state = STDOUT_STREAM_UNIT_ID;
1548 return 0;
1549
1550 case STDOUT_STREAM_UNIT_ID:
1551 if (s->ucred.uid == 0) {
1552 if (isempty(p))
1553 s->unit_id = NULL;
1554 else {
1555 s->unit_id = strdup(p);
0d0f0c50
SL		 1556 if (!s->unit_id)
1557 return log_oom();
62bca2c6
ED		 1558 }
1559 }
1560
fe652127
LP		 1561 s->state = STDOUT_STREAM_PRIORITY;
1562 return 0;
1563
1564 case STDOUT_STREAM_PRIORITY:
224f2ee2
LP		 1565 r = safe_atoi(p, &s->priority);
1566 if (r < 0 || s->priority <= 0 || s->priority >= 999) {
fe652127
LP		 1567 log_warning("Failed to parse log priority line.");
1568 return -EINVAL;
1569 }
1570
258cdffc 1571 s->state = STDOUT_STREAM_LEVEL_PREFIX;
fe652127
LP		 1572 return 0;
1573
258cdffc 1574 case STDOUT_STREAM_LEVEL_PREFIX:
224f2ee2
LP		 1575 r = parse_boolean(p);
1576 if (r < 0) {
258cdffc 1577 log_warning("Failed to parse level prefix line.");
fe652127
LP		 1578 return -EINVAL;
1579 }
1580
258cdffc 1581 s->level_prefix = !!r;
224f2ee2 1582 s->state = STDOUT_STREAM_FORWARD_TO_SYSLOG;
fe652127
LP		 1583 return 0;
1584
224f2ee2
LP		 1585 case STDOUT_STREAM_FORWARD_TO_SYSLOG:
1586 r = parse_boolean(p);
1587 if (r < 0) {
1588 log_warning("Failed to parse forward to syslog line.");
fe652127
LP		 1589 return -EINVAL;
1590 }
1591
224f2ee2
LP		 1592 s->forward_to_syslog = !!r;
1593 s->state = STDOUT_STREAM_FORWARD_TO_KMSG;
1594 return 0;
1595
1596 case STDOUT_STREAM_FORWARD_TO_KMSG:
1597 r = parse_boolean(p);
1598 if (r < 0) {
1599 log_warning("Failed to parse copy to kmsg line.");
1600 return -EINVAL;
1601 }
1602
1603 s->forward_to_kmsg = !!r;
1604 s->state = STDOUT_STREAM_FORWARD_TO_CONSOLE;
1605 return 0;
1606
1607 case STDOUT_STREAM_FORWARD_TO_CONSOLE:
1608 r = parse_boolean(p);
1609 if (r < 0) {
1610 log_warning("Failed to parse copy to console line.");
1611 return -EINVAL;
1612 }
1613
1614 s->forward_to_console = !!r;
fe652127
LP		 1615 s->state = STDOUT_STREAM_RUNNING;
1616 return 0;
1617
1618 case STDOUT_STREAM_RUNNING:
224f2ee2 1619 return stdout_stream_log(s, p);
fe652127
LP		 1620 }
1621
1622 assert_not_reached("Unknown stream state");
1623}
1624
1625static int stdout_stream_scan(StdoutStream *s, bool force_flush) {
1626 char *p;
1627 size_t remaining;
1628 int r;
1629
1630 assert(s);
1631
1632 p = s->buffer;
1633 remaining = s->length;
1634 for (;;) {
1635 char *end;
1636 size_t skip;
1637
1638 end = memchr(p, '\n', remaining);
224f2ee2 1639 if (end)
fe652127 1640 skip = end - p + 1;
224f2ee2
LP		 1641 else if (remaining >= sizeof(s->buffer) - 1) {
1642 end = p + sizeof(s->buffer) - 1;
6c1e6b98 1643 skip = remaining;
224f2ee2
LP		 1644 } else
1645 break;
1646
1647 *end = 0;
fe652127 1648
224f2ee2 1649 r = stdout_stream_line(s, p);
fe652127
LP		 1650 if (r < 0)
1651 return r;
1652
1653 remaining -= skip;
1654 p += skip;
1655 }
1656
1657 if (force_flush && remaining > 0) {
224f2ee2
LP		 1658 p[remaining] = 0;
1659 r = stdout_stream_line(s, p);
fe652127
LP		 1660 if (r < 0)
1661 return r;
1662
1663 p += remaining;
1664 remaining = 0;
1665 }
1666
1667 if (p > s->buffer) {
1668 memmove(s->buffer, p, remaining);
1669 s->length = remaining;
1670 }
1671
1672 return 0;
1673}
1674
1675static int stdout_stream_process(StdoutStream *s) {
1676 ssize_t l;
1677 int r;
1678
1679 assert(s);
1680
1681 l = read(s->fd, s->buffer+s->length, sizeof(s->buffer)-1-s->length);
1682 if (l < 0) {
1683
1684 if (errno == EAGAIN)
1685 return 0;
1686
1687 log_warning("Failed to read from stream: %m");
1688 return -errno;
1689 }
1690
1691 if (l == 0) {
1692 r = stdout_stream_scan(s, true);
1693 if (r < 0)
1694 return r;
1695
1696 return 0;
1697 }
1698
1699 s->length += l;
1700 r = stdout_stream_scan(s, false);
1701 if (r < 0)
1702 return r;
1703
1704 return 1;
1705
1706}
1707
1708static void stdout_stream_free(StdoutStream *s) {
1709 assert(s);
1710
1711 if (s->server) {
1712 assert(s->server->n_stdout_streams > 0);
1713 s->server->n_stdout_streams --;
1714 LIST_REMOVE(StdoutStream, stdout_stream, s->server->stdout_streams, s);
1715 }
1716
1717 if (s->fd >= 0) {
1718 if (s->server)
1719 epoll_ctl(s->server->epoll_fd, EPOLL_CTL_DEL, s->fd, NULL);
1720
1721 close_nointr_nofail(s->fd);
1722 }
1723
7f2c63cb
LP		 1724#ifdef HAVE_SELINUX
1725 if (s->security_context)
1726 freecon(s->security_context);
1727#endif
1728
4cd9a9d9 1729 free(s->identifier);
fe652127
LP		 1730 free(s);
1731}
1732
1733static int stdout_stream_new(Server *s) {
1734 StdoutStream *stream;
1735 int fd, r;
1736 socklen_t len;
1737 struct epoll_event ev;
1738
1739 assert(s);
1740
1741 fd = accept4(s->stdout_fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC);
1742 if (fd < 0) {
1743 if (errno == EAGAIN)
1744 return 0;
1745
1746 log_error("Failed to accept stdout connection: %m");
1747 return -errno;
1748 }
1749
1750 if (s->n_stdout_streams >= STDOUT_STREAMS_MAX) {
1751 log_warning("Too many stdout streams, refusing connection.");
1752 close_nointr_nofail(fd);
1753 return 0;
1754 }
1755
1756 stream = new0(StdoutStream, 1);
1757 if (!stream) {
fe652127 1758 close_nointr_nofail(fd);
0d0f0c50 1759 return log_oom();
fe652127
LP		 1760 }
1761
1762 stream->fd = fd;
1763
1764 len = sizeof(stream->ucred);
1765 if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &stream->ucred, &len) < 0) {
1766 log_error("Failed to determine peer credentials: %m");
1767 r = -errno;
1768 goto fail;
1769 }
1770
7f2c63cb 1771#ifdef HAVE_SELINUX
1afd5be4
LP		 1772 if (getpeercon(fd, &stream->security_context) < 0 && errno != ENOPROTOOPT)
1773 log_error("Failed to determine peer security context: %m");
7f2c63cb
LP		 1774#endif
1775
fe652127
LP		 1776 if (shutdown(fd, SHUT_WR) < 0) {
1777 log_error("Failed to shutdown writing side of socket: %m");
1778 r = -errno;
1779 goto fail;
1780 }
1781
1782 zero(ev);
1783 ev.data.ptr = stream;
1784 ev.events = EPOLLIN;
1785 if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, fd, &ev) < 0) {
1786 log_error("Failed to add stream to event loop: %m");
1787 r = -errno;
1788 goto fail;
1789 }
1790
1791 stream->server = s;
1792 LIST_PREPEND(StdoutStream, stdout_stream, s->stdout_streams, stream);
1793 s->n_stdout_streams ++;
1794
1795 return 0;
1796
1797fail:
1798 stdout_stream_free(stream);
1799 return r;
1800}
1801
6c3569e1
LP		 1802static bool is_us(const char *pid) {
1803 pid_t t;
1804
1805 assert(pid);
1806
1807 if (parse_pid(pid, &t) < 0)
1808 return false;
1809
1810 return t == getpid();
1811}
1812
51abe64c 1813static void dev_kmsg_record(Server *s, char *p, size_t l) {
e7573d7f 1814 struct iovec iovec[N_IOVEC_META_FIELDS + 7 + N_IOVEC_KERNEL_FIELDS];
6c1e6b98 1815 char *message = NULL, *syslog_priority = NULL, *syslog_pid = NULL, *syslog_facility = NULL, *syslog_identifier = NULL, *source_time = NULL;
51abe64c 1816 int priority, r;
e7573d7f 1817 unsigned n = 0, z = 0, j;
6c1e6b98 1818 usec_t usec;
e7573d7f 1819 char *identifier = NULL, *pid = NULL, *e, *f, *k;
51abe64c 1820 uint64_t serial;
5b4c61cd 1821 size_t pl;
6c1e6b98
LP		 1822
1823 assert(s);
1824 assert(p);
1825
51abe64c 1826 if (l <= 0)
0dad12c1
LP		 1827 return;
1828
51abe64c
LP		 1829 e = memchr(p, ',', l);
1830 if (!e)
1831 return;
1832 *e = 0;
1833
1834 r = safe_atoi(p, &priority);
1835 if (r < 0 || priority < 0 || priority > 999)
1836 return;
6c1e6b98
LP		 1837
1838 if (s->forward_to_kmsg && (priority & LOG_FACMASK) != LOG_KERN)
1839 return;
1840
51abe64c
LP		 1841 l -= (e - p) + 1;
1842 p = e + 1;
1843 e = memchr(p, ',', l);
1844 if (!e)
1845 return;
1846 *e = 0;
1847
1848 r = safe_atou64(p, &serial);
1849 if (r < 0)
1850 return;
1851
cee5e9a7
LP		 1852 if (s->kernel_seqnum) {
1853 /* We already read this one? */
1854 if (serial < *s->kernel_seqnum)
1855 return;
1856
1857 /* Did we lose any? */
1858 if (serial > *s->kernel_seqnum)
1859 driver_message(s, SD_MESSAGE_JOURNAL_MISSED, "Missed %llu kernel messages", (unsigned long long) serial - *s->kernel_seqnum - 1);
1860
1861 /* Make sure we never read this one again. Note that
1862 * we always store the next message serial we expect
1863 * here, simply because this makes handling the first
1864 * message with serial 0 easy. */
1865 *s->kernel_seqnum = serial + 1;
1866 }
1867
51abe64c
LP		 1868 l -= (e - p) + 1;
1869 p = e + 1;
1870 f = memchr(p, ';', l);
1871 if (!f)
1872 return;
1873 /* Kernel 3.6 has the flags field, kernel 3.5 lacks that */
1874 e = memchr(p, ',', l);
1875 if (!e || f < e)
1876 e = f;
1877 *e = 0;
1878
1879 r = parse_usec(p, &usec);
1880 if (r < 0)
1881 return;
1882
1883 l -= (f - p) + 1;
1884 p = f + 1;
1885 e = memchr(p, '\n', l);
e7573d7f
LP		 1886 if (!e)
1887 return;
1888 *e = 0;
1889
5b4c61cd 1890 pl = e - p;
e7573d7f
LP		 1891 l -= (e - p) + 1;
1892 k = e + 1;
1893
1894 for (j = 0; l > 0 && j < N_IOVEC_KERNEL_FIELDS; j++) {
1895 char *m;
1896 /* Meta data fields attached */
1897
1898 if (*k != ' ')
1899 break;
1900
1901 k ++, l --;
1902
1903 e = memchr(k, '\n', l);
1904 if (!e)
1905 return;
1906
51abe64c
LP		 1907 *e = 0;
1908
5b4c61cd 1909 m = cunescape_length_with_prefix(k, e - k, "_KERNEL_");
e7573d7f
LP		 1910 if (!m)
1911 break;
1912
5b4c61cd
LP		 1913 IOVEC_SET_STRING(iovec[n++], m);
1914 z++;
e7573d7f
LP		 1915
1916 l -= (e - k) + 1;
1917 k = e + 1;
1918 }
1919
51abe64c
LP		 1920 if (asprintf(&source_time, "_SOURCE_MONOTONIC_TIMESTAMP=%llu",
1921 (unsigned long long) usec) >= 0)
1922 IOVEC_SET_STRING(iovec[n++], source_time);
6c1e6b98
LP		 1923
1924 IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=kernel");
1925
1926 if (asprintf(&syslog_priority, "PRIORITY=%i", priority & LOG_PRIMASK) >= 0)
1927 IOVEC_SET_STRING(iovec[n++], syslog_priority);
1928
51abe64c 1929 if ((priority & LOG_FACMASK) == LOG_KERN)
6c1e6b98 1930 IOVEC_SET_STRING(iovec[n++], "SYSLOG_IDENTIFIER=kernel");
51abe64c
LP		 1931 else {
1932 read_identifier((const char**) &p, &identifier, &pid);
6c1e6b98 1933
6c3569e1
LP		 1934 /* Avoid any messages we generated ourselves via
1935 * log_info() and friends. */
96ceff56 1936 if (pid && is_us(pid))
6c3569e1
LP		 1937 goto finish;
1938
6c1e6b98
LP		 1939 if (identifier) {
1940 syslog_identifier = strappend("SYSLOG_IDENTIFIER=", identifier);
1941 if (syslog_identifier)
1942 IOVEC_SET_STRING(iovec[n++], syslog_identifier);
1943 }
1944
1945 if (pid) {
1946 syslog_pid = strappend("SYSLOG_PID=", pid);
1947 if (syslog_pid)
1948 IOVEC_SET_STRING(iovec[n++], syslog_pid);
1949 }
1950
1951 if (asprintf(&syslog_facility, "SYSLOG_FACILITY=%i", LOG_FAC(priority)) >= 0)
1952 IOVEC_SET_STRING(iovec[n++], syslog_facility);
1953 }
1954
5b4c61cd 1955 message = cunescape_length_with_prefix(p, pl, "MESSAGE=");
6c1e6b98
LP		 1956 if (message)
1957 IOVEC_SET_STRING(iovec[n++], message);
1958
62bca2c6 1959 dispatch_message(s, iovec, n, ELEMENTSOF(iovec), NULL, NULL, NULL, 0, NULL, priority);
6c1e6b98 1960
6c3569e1 1961finish:
e7573d7f
LP		 1962 for (j = 0; j < z; j++)
1963 free(iovec[j].iov_base);
1964
6c1e6b98
LP		 1965 free(message);
1966 free(syslog_priority);
1967 free(syslog_identifier);
1968 free(syslog_pid);
1969 free(syslog_facility);
1970 free(source_time);
1971 free(identifier);
1972 free(pid);
1973}
1974
cf244689
LP		 1975static int system_journal_open(Server *s) {
1976 int r;
1977 char *fn;
1978 sd_id128_t machine;
1979 char ids[33];
1980
1981 r = sd_id128_get_machine(&machine);
1982 if (r < 0)
1983 return r;
1984
1985 sd_id128_to_string(machine, ids);
1986
e156d769 1987 if (!s->system_journal &&
b8156be0
LP		 1988 (s->storage == STORAGE_PERSISTENT || s->storage == STORAGE_AUTO) &&
1989 access("/run/systemd/journal/flushed", F_OK) >= 0) {
e156d769
LP		 1990
1991 /* If in auto mode: first try to create the machine
1992 * path, but not the prefix.
1993 *
205c4d1d 1994 * If in persistent mode: create /var/log/journal and
e156d769
LP		 1995 * the machine path */
1996
b8156be0 1997 if (s->storage == STORAGE_PERSISTENT)
e156d769 1998 (void) mkdir("/var/log/journal/", 0755);
cf244689 1999
cf244689
LP		 2000 fn = strappend("/var/log/journal/", ids);
2001 if (!fn)
2002 return -ENOMEM;
e156d769 2003
cf244689
LP		 2004 (void) mkdir(fn, 0755);
2005 free(fn);
2006
b7def684 2007 fn = strjoin("/var/log/journal/", ids, "/system.journal", NULL);
cf244689
LP		 2008 if (!fn)
2009 return -ENOMEM;
2010
eb53b74f 2011 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &s->system_journal);
cf244689
LP		 2012 free(fn);
2013
7560fffc 2014 if (r >= 0)
5e41cfec 2015 server_fix_perms(s, s->system_journal, 0);
7560fffc 2016 else if (r < 0) {
cf244689 2017
adf7d506
LP		 2018 if (r != -ENOENT && r != -EROFS)
2019 log_warning("Failed to open system journal: %s", strerror(-r));
2020
2021 r = 0;
cf244689
LP		 2022 }
2023 }
2024
e156d769
LP		 2025 if (!s->runtime_journal &&
2026 (s->storage != STORAGE_NONE)) {
cf244689 2027
b7def684 2028 fn = strjoin("/run/log/journal/", ids, "/system.journal", NULL);
cf244689
LP		 2029 if (!fn)
2030 return -ENOMEM;
2031
2032 if (s->system_journal) {
2033
2034 /* Try to open the runtime journal, but only
2035 * if it already exists, so that we can flush
2036 * it into the system journal */
2037
16e9f408 2038 r = journal_file_open(fn, O_RDWR, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
cf244689
LP		 2039 free(fn);
2040
2041 if (r < 0) {
adf7d506
LP		 2042 if (r != -ENOENT)
2043 log_warning("Failed to open runtime journal: %s", strerror(-r));
cf244689 2044
adf7d506 2045 r = 0;
cf244689
LP		 2046 }
2047
2048 } else {
2049
2050 /* OK, we really need the runtime journal, so create
2051 * it if necessary. */
2052
b8156be0 2053 (void) mkdir_parents(fn, 0755);
16e9f408 2054 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
cf244689
LP		 2055 free(fn);
2056
2057 if (r < 0) {
2058 log_error("Failed to open runtime journal: %s", strerror(-r));
2059 return r;
2060 }
2061 }
2062
7560fffc 2063 if (s->runtime_journal)
5e41cfec 2064 server_fix_perms(s, s->runtime_journal, 0);
cf244689
LP		 2065 }
2066
2067 return r;
2068}
2069
2070static int server_flush_to_var(Server *s) {
cf244689
LP		 2071 Object *o = NULL;
2072 int r;
2073 sd_id128_t machine;
2074 sd_journal *j;
2075
2076 assert(s);
2077
e156d769 2078 if (s->storage != STORAGE_AUTO &&
205c4d1d 2079 s->storage != STORAGE_PERSISTENT)
e156d769
LP		 2080 return 0;
2081
54a7b863
LP		 2082 if (!s->runtime_journal)
2083 return 0;
2084
cf244689
LP		 2085 system_journal_open(s);
2086
54a7b863 2087 if (!s->system_journal)
cf244689
LP		 2088 return 0;
2089
6c1e6b98
LP		 2090 log_info("Flushing to /var...");
2091
cf244689
LP		 2092 r = sd_id128_get_machine(&machine);
2093 if (r < 0) {
2094 log_error("Failed to get machine id: %s", strerror(-r));
2095 return r;
2096 }
2097
2098 r = sd_journal_open(&j, SD_JOURNAL_RUNTIME_ONLY);
2099 if (r < 0) {
2100 log_error("Failed to read runtime journal: %s", strerror(-r));
2101 return r;
2102 }
2103
2104 SD_JOURNAL_FOREACH(j) {
2105 JournalFile *f;
2106
2107 f = j->current_file;
2108 assert(f && f->current_offset > 0);
2109
2110 r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
2111 if (r < 0) {
2112 log_error("Can't read entry: %s", strerror(-r));
2113 goto finish;
2114 }
2115
2116 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
2117 if (r == -E2BIG) {
2118 log_info("Allocation limit reached.");
2119
2120 journal_file_post_change(s->system_journal);
b1a0ab71 2121 server_rotate(s);
cf244689
LP		 2122 server_vacuum(s);
2123
2124 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
2125 }
2126
2127 if (r < 0) {
2128 log_error("Can't write entry: %s", strerror(-r));
2129 goto finish;
2130 }
2131 }
2132
2133finish:
2134 journal_file_post_change(s->system_journal);
2135
2136 journal_file_close(s->runtime_journal);
2137 s->runtime_journal = NULL;
2138
4a299a7a
LP		 2139 if (r >= 0)
2140 rm_rf("/run/log/journal", false, true, false);
cf244689
LP		 2141
2142 return r;
2143}
2144
51abe64c
LP		 2145static int server_read_dev_kmsg(Server *s) {
2146 char buffer[8192+1]; /* the kernel-side limit per record is 8K currently */
6c1e6b98 2147 ssize_t l;
51abe64c 2148
6c1e6b98 2149 assert(s);
51abe64c 2150 assert(s->dev_kmsg_fd >= 0);
6c1e6b98 2151
51abe64c
LP		 2152 l = read(s->dev_kmsg_fd, buffer, sizeof(buffer) - 1);
2153 if (l == 0)
4c2ecfaf 2154 return 0;
6c1e6b98 2155 if (l < 0) {
51abe64c
LP		 2156 /* Old kernels who don't allow reading from /dev/kmsg
2157 * return EINVAL when we try. So handle this cleanly,
2158 * but don' try to ever read from it again. */
2159 if (errno == EINVAL) {
2160 epoll_ctl(s->epoll_fd, EPOLL_CTL_DEL, s->dev_kmsg_fd, NULL);
2161 return 0;
2162 }
6c1e6b98
LP		 2163
2164 if (errno == EAGAIN || errno == EINTR)
2165 return 0;
2166
2167 log_error("Failed to read from kernel: %m");
2168 return -errno;
2169 }
2170
51abe64c 2171 dev_kmsg_record(s, buffer, l);
6c1e6b98
LP		 2172 return 1;
2173}
2174
51abe64c 2175static int server_flush_dev_kmsg(Server *s) {
6c1e6b98
LP		 2176 int r;
2177
2178 assert(s);
2179
51abe64c
LP		 2180 if (s->dev_kmsg_fd < 0)
2181 return 0;
2182
2183 if (!s->dev_kmsg_readable)
6c1e6b98
LP		 2184 return 0;
2185
51abe64c 2186 log_info("Flushing /dev/kmsg...");
6c1e6b98
LP		 2187
2188 for (;;) {
51abe64c 2189 r = server_read_dev_kmsg(s);
6c1e6b98
LP		 2190 if (r < 0)
2191 return r;
2192
2193 if (r == 0)
2194 break;
2195 }
2196
2197 return 0;
2198}
2199
fe652127
LP		 2200static int process_event(Server *s, struct epoll_event *ev) {
2201 assert(s);
ba6b3039 2202 assert(ev);
fe652127 2203
87d2c1ff
LP		 2204 if (ev->data.fd == s->signal_fd) {
2205 struct signalfd_siginfo sfsi;
2206 ssize_t n;
2207
fe652127
LP		 2208 if (ev->events != EPOLLIN) {
2209 log_info("Got invalid event from epoll.");
2210 return -EIO;
2211 }
2212
87d2c1ff
LP		 2213 n = read(s->signal_fd, &sfsi, sizeof(sfsi));
2214 if (n != sizeof(sfsi)) {
2215
2216 if (n >= 0)
2217 return -EIO;
2218
2219 if (errno == EINTR || errno == EAGAIN)
6c1e6b98 2220 return 1;
87d2c1ff
LP		 2221
2222 return -errno;
2223 }
2224
3146a302
LP		 2225 log_info("Received SIG%s", signal_to_string(sfsi.ssi_signo));
2226
cf244689 2227 if (sfsi.ssi_signo == SIGUSR1) {
b8156be0 2228 touch("/run/systemd/journal/flushed");
cf244689 2229 server_flush_to_var(s);
ba6b3039
LP		 2230 return 1;
2231 }
2232
2233 if (sfsi.ssi_signo == SIGUSR2) {
2234 server_rotate(s);
2235 server_vacuum(s);
2236 return 1;
cf244689
LP		 2237 }
2238
87d2c1ff
LP		 2239 return 0;
2240
51abe64c 2241 } else if (ev->data.fd == s->dev_kmsg_fd) {
6c1e6b98
LP		 2242 int r;
2243
2244 if (ev->events != EPOLLIN) {
2245 log_info("Got invalid event from epoll.");
2246 return -EIO;
2247 }
2248
51abe64c 2249 r = server_read_dev_kmsg(s);
6c1e6b98
LP		 2250 if (r < 0)
2251 return r;
2252
2253 return 1;
2254
fe652127
LP		 2255 } else if (ev->data.fd == s->native_fd ||
2256 ev->data.fd == s->syslog_fd) {
2257
2258 if (ev->events != EPOLLIN) {
2259 log_info("Got invalid event from epoll.");
2260 return -EIO;
2261 }
cec736d2 2262
87d2c1ff 2263 for (;;) {
87d2c1ff
LP		 2264 struct msghdr msghdr;
2265 struct iovec iovec;
2266 struct ucred *ucred = NULL;
2267 struct timeval *tv = NULL;
2268 struct cmsghdr *cmsg;
7f2c63cb
LP		 2269 char *label = NULL;
2270 size_t label_len = 0;
87d2c1ff
LP		 2271 union {
2272 struct cmsghdr cmsghdr;
7264278f
LP		 2273
2274 /* We use NAME_MAX space for the
2275 * SELinux label here. The kernel
2276 * currently enforces no limit, but
2277 * according to suggestions from the
2278 * SELinux people this will change and
2279 * it will probably be identical to
2280 * NAME_MAX. For now we use that, but
2281 * this should be updated one day when
2282 * the final limit is known.*/
87d2c1ff 2283 uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
0dad12c1 2284 CMSG_SPACE(sizeof(struct timeval)) +
7264278f
LP		 2285 CMSG_SPACE(sizeof(int)) + /* fd */
2286 CMSG_SPACE(NAME_MAX)]; /* selinux label */
87d2c1ff
LP		 2287 } control;
2288 ssize_t n;
7f3e6257 2289 int v;
0dad12c1
LP		 2290 int *fds = NULL;
2291 unsigned n_fds = 0;
7f3e6257
LP		 2292
2293 if (ioctl(ev->data.fd, SIOCINQ, &v) < 0) {
2294 log_error("SIOCINQ failed: %m");
2295 return -errno;
2296 }
2297
7f3e6257
LP		 2298 if (s->buffer_size < (size_t) v) {
2299 void *b;
2300 size_t l;
2301
2302 l = MAX(LINE_MAX + (size_t) v, s->buffer_size * 2);
2303 b = realloc(s->buffer, l+1);
2304
2305 if (!b) {
2306 log_error("Couldn't increase buffer.");
2307 return -ENOMEM;
2308 }
2309
2310 s->buffer_size = l;
2311 s->buffer = b;
2312 }
87d2c1ff
LP		 2313
2314 zero(iovec);
7f3e6257
LP		 2315 iovec.iov_base = s->buffer;
2316 iovec.iov_len = s->buffer_size;
87d2c1ff
LP		 2317
2318 zero(control);
2319 zero(msghdr);
2320 msghdr.msg_iov = &iovec;
2321 msghdr.msg_iovlen = 1;
2322 msghdr.msg_control = &control;
2323 msghdr.msg_controllen = sizeof(control);
2324
0dad12c1 2325 n = recvmsg(ev->data.fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
87d2c1ff
LP		 2326 if (n < 0) {
2327
2328 if (errno == EINTR || errno == EAGAIN)
2329 return 1;
2330
2331 log_error("recvmsg() failed: %m");
2332 return -errno;
2333 }
2334
2335 for (cmsg = CMSG_FIRSTHDR(&msghdr); cmsg; cmsg = CMSG_NXTHDR(&msghdr, cmsg)) {
2336
2337 if (cmsg->cmsg_level == SOL_SOCKET &&
2338 cmsg->cmsg_type == SCM_CREDENTIALS &&
2339 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
2340 ucred = (struct ucred*) CMSG_DATA(cmsg);
2341 else if (cmsg->cmsg_level == SOL_SOCKET &&
7f2c63cb
LP		 2342 cmsg->cmsg_type == SCM_SECURITY) {
2343 label = (char*) CMSG_DATA(cmsg);
2344 label_len = cmsg->cmsg_len - CMSG_LEN(0);
2345 } else if (cmsg->cmsg_level == SOL_SOCKET &&
87d2c1ff
LP		 2346 cmsg->cmsg_type == SO_TIMESTAMP &&
2347 cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval)))
2348 tv = (struct timeval*) CMSG_DATA(cmsg);
0dad12c1
LP		 2349 else if (cmsg->cmsg_level == SOL_SOCKET &&
2350 cmsg->cmsg_type == SCM_RIGHTS) {
2351 fds = (int*) CMSG_DATA(cmsg);
2352 n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
2353 }
87d2c1ff
LP		 2354 }
2355
7f3e6257
LP		 2356 if (ev->data.fd == s->syslog_fd) {
2357 char *e;
2358
0dad12c1
LP		 2359 if (n > 0 && n_fds == 0) {
2360 e = memchr(s->buffer, '\n', n);
2361 if (e)
2362 *e = 0;
2363 else
2364 s->buffer[n] = 0;
2365
7f2c63cb 2366 process_syslog_message(s, strstrip(s->buffer), ucred, tv, label, label_len);
0dad12c1
LP		 2367 } else if (n_fds > 0)
2368 log_warning("Got file descriptors via syslog socket. Ignoring.");
2369
2370 } else {
2371 if (n > 0 && n_fds == 0)
7f2c63cb 2372 process_native_message(s, s->buffer, n, ucred, tv, label, label_len);
0dad12c1 2373 else if (n == 0 && n_fds == 1)
7f2c63cb 2374 process_native_file(s, fds[0], ucred, tv, label, label_len);
0dad12c1
LP		 2375 else if (n_fds > 0)
2376 log_warning("Got too many file descriptors via native socket. Ignoring.");
2377 }
87d2c1ff 2378
0dad12c1 2379 close_many(fds, n_fds);
87d2c1ff 2380 }
cec736d2
LP		 2381
2382 return 1;
fe652127
LP		 2383
2384 } else if (ev->data.fd == s->stdout_fd) {
2385
2386 if (ev->events != EPOLLIN) {
2387 log_info("Got invalid event from epoll.");
2388 return -EIO;
2389 }
2390
2391 stdout_stream_new(s);
2392 return 1;
2393
2394 } else {
2395 StdoutStream *stream;
2396
2397 if ((ev->events|EPOLLIN|EPOLLHUP) != (EPOLLIN|EPOLLHUP)) {
2398 log_info("Got invalid event from epoll.");
2399 return -EIO;
2400 }
2401
2402 /* If it is none of the well-known fds, it must be an
2403 * stdout stream fd. Note that this is a bit ugly here
2404 * (since we rely that none of the well-known fds
2405 * could be interpreted as pointer), but nonetheless
2406 * safe, since the well-known fds would never get an
2407 * fd > 4096, i.e. beyond the first memory page */
2408
2409 stream = ev->data.ptr;
2410
2411 if (stdout_stream_process(stream) <= 0)
2412 stdout_stream_free(stream);
2413
2414 return 1;
87d2c1ff
LP		 2415 }
2416
cec736d2
LP		 2417 log_error("Unknown event.");
2418 return 0;
87d2c1ff
LP		 2419}
2420
7f3e6257
LP		 2421static int open_syslog_socket(Server *s) {
2422 union sockaddr_union sa;
2423 int one, r;
fe652127 2424 struct epoll_event ev;
87d2c1ff
LP		 2425
2426 assert(s);
2427
7f3e6257 2428 if (s->syslog_fd < 0) {
87d2c1ff 2429
6c1e6b98 2430 s->syslog_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
7f3e6257
LP		 2431 if (s->syslog_fd < 0) {
2432 log_error("socket() failed: %m");
2433 return -errno;
2434 }
2435
2436 zero(sa);
2437 sa.un.sun_family = AF_UNIX;
8b18eb67 2438 strncpy(sa.un.sun_path, "/dev/log", sizeof(sa.un.sun_path));
7f3e6257
LP		 2439
2440 unlink(sa.un.sun_path);
2441
2442 r = bind(s->syslog_fd, &sa.sa, offsetof(union sockaddr_union, un.sun_path) + strlen(sa.un.sun_path));
2443 if (r < 0) {
2444 log_error("bind() failed: %m");
2445 return -errno;
2446 }
2447
2448 chmod(sa.un.sun_path, 0666);
632117b7
LP		 2449 } else
2450 fd_nonblock(s->syslog_fd, 1);
87d2c1ff 2451
7f3e6257
LP		 2452 one = 1;
2453 r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one));
2454 if (r < 0) {
2455 log_error("SO_PASSCRED failed: %m");
2456 return -errno;
87d2c1ff
LP		 2457 }
2458
6bc1ce40 2459#ifdef HAVE_SELINUX
54ecda32
LP		 2460 one = 1;
2461 r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one));
2462 if (r < 0)
2463 log_warning("SO_PASSSEC failed: %m");
67aa4551 2464#endif
54ecda32 2465
7f3e6257
LP		 2466 one = 1;
2467 r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_TIMESTAMP, &one, sizeof(one));
2468 if (r < 0) {
2469 log_error("SO_TIMESTAMP failed: %m");
2470 return -errno;
87d2c1ff
LP		 2471 }
2472
fe652127
LP		 2473 zero(ev);
2474 ev.events = EPOLLIN;
2475 ev.data.fd = s->syslog_fd;
2476 if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, s->syslog_fd, &ev) < 0) {
2477 log_error("Failed to add syslog server fd to epoll object: %m");
2478 return -errno;
2479 }
2480
7f3e6257
LP		 2481 return 0;
2482}
87d2c1ff 2483
7f3e6257
LP		 2484static int open_native_socket(Server*s) {
2485 union sockaddr_union sa;
2486 int one, r;
fe652127 2487 struct epoll_event ev;
7f3e6257
LP		 2488
2489 assert(s);
2490
2491 if (s->native_fd < 0) {
2492
6c1e6b98 2493 s->native_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
7f3e6257 2494 if (s->native_fd < 0) {
87d2c1ff
LP		 2495 log_error("socket() failed: %m");
2496 return -errno;
2497 }
2498
2499 zero(sa);
2500 sa.un.sun_family = AF_UNIX;
259d2e76 2501 strncpy(sa.un.sun_path, "/run/systemd/journal/socket", sizeof(sa.un.sun_path));
87d2c1ff
LP		 2502
2503 unlink(sa.un.sun_path);
2504
7f3e6257 2505 r = bind(s->native_fd, &sa.sa, offsetof(union sockaddr_union, un.sun_path) + strlen(sa.un.sun_path));
87d2c1ff
LP		 2506 if (r < 0) {
2507 log_error("bind() failed: %m");
2508 return -errno;
2509 }
2510
2511 chmod(sa.un.sun_path, 0666);
632117b7
LP		 2512 } else
2513 fd_nonblock(s->native_fd, 1);
87d2c1ff
LP		 2514
2515 one = 1;
7f3e6257 2516 r = setsockopt(s->native_fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one));
87d2c1ff
LP		 2517 if (r < 0) {
2518 log_error("SO_PASSCRED failed: %m");
2519 return -errno;
2520 }
2521
67aa4551 2522#ifdef HAVE_SELINUX
54ecda32
LP		 2523 one = 1;
2524 r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one));
2525 if (r < 0)
2526 log_warning("SO_PASSSEC failed: %m");
67aa4551 2527#endif
54ecda32 2528
87d2c1ff 2529 one = 1;
7f3e6257 2530 r = setsockopt(s->native_fd, SOL_SOCKET, SO_TIMESTAMP, &one, sizeof(one));
87d2c1ff
LP		 2531 if (r < 0) {
2532 log_error("SO_TIMESTAMP failed: %m");
2533 return -errno;
2534 }
2535
fe652127
LP		 2536 zero(ev);
2537 ev.events = EPOLLIN;
2538 ev.data.fd = s->native_fd;
2539 if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, s->native_fd, &ev) < 0) {
2540 log_error("Failed to add native server fd to epoll object: %m");
2541 return -errno;
2542 }
2543
7f3e6257
LP		 2544 return 0;
2545}
2546
fe652127
LP		 2547static int open_stdout_socket(Server *s) {
2548 union sockaddr_union sa;
2549 int r;
7f3e6257 2550 struct epoll_event ev;
fe652127
LP		 2551
2552 assert(s);
2553
2554 if (s->stdout_fd < 0) {
2555
6c1e6b98 2556 s->stdout_fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
fe652127
LP		 2557 if (s->stdout_fd < 0) {
2558 log_error("socket() failed: %m");
2559 return -errno;
2560 }
2561
2562 zero(sa);
2563 sa.un.sun_family = AF_UNIX;
259d2e76 2564 strncpy(sa.un.sun_path, "/run/systemd/journal/stdout", sizeof(sa.un.sun_path));
fe652127
LP		 2565
2566 unlink(sa.un.sun_path);
2567
2568 r = bind(s->stdout_fd, &sa.sa, offsetof(union sockaddr_union, un.sun_path) + strlen(sa.un.sun_path));
2569 if (r < 0) {
2570 log_error("bind() failed: %m");
2571 return -errno;
2572 }
2573
2574 chmod(sa.un.sun_path, 0666);
2575
2576 if (listen(s->stdout_fd, SOMAXCONN) < 0) {
2577 log_error("liste() failed: %m");
2578 return -errno;
2579 }
632117b7
LP		 2580 } else
2581 fd_nonblock(s->stdout_fd, 1);
fe652127
LP		 2582
2583 zero(ev);
2584 ev.events = EPOLLIN;
2585 ev.data.fd = s->stdout_fd;
2586 if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, s->stdout_fd, &ev) < 0) {
2587 log_error("Failed to add stdout server fd to epoll object: %m");
2588 return -errno;
2589 }
2590
2591 return 0;
2592}
2593
51abe64c 2594static int open_dev_kmsg(Server *s) {
6c1e6b98
LP		 2595 struct epoll_event ev;
2596
2597 assert(s);
2598
51abe64c
LP		 2599 s->dev_kmsg_fd = open("/dev/kmsg", O_RDWR|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
2600 if (s->dev_kmsg_fd < 0) {
2601 log_warning("Failed to open /dev/kmsg, ignoring: %m");
6c1e6b98
LP		 2602 return 0;
2603 }
2604
2605 zero(ev);
2606 ev.events = EPOLLIN;
51abe64c
LP		 2607 ev.data.fd = s->dev_kmsg_fd;
2608 if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, s->dev_kmsg_fd, &ev) < 0) {
2609
2610 /* This will fail with EPERM on older kernels where
2611 * /dev/kmsg is not readable. */
2612 if (errno == EPERM)
2613 return 0;
2614
2615 log_error("Failed to add /dev/kmsg fd to epoll object: %m");
6c1e6b98
LP		 2616 return -errno;
2617 }
2618
51abe64c
LP		 2619 s->dev_kmsg_readable = true;
2620
6c1e6b98
LP		 2621 return 0;
2622}
2623
cee5e9a7
LP		 2624static int open_kernel_seqnum(Server *s) {
2625 int fd;
2626 uint64_t *p;
2627
2628 assert(s);
2629
2630 /* We store the seqnum we last read in an mmaped file. That
2631 * way we can just use it like a variable, but it is
2632 * persistant and automatically flushed at reboot. */
2633
2634 fd = open("/run/systemd/journal/kernel-seqnum", O_RDWR|O_CREAT|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0644);
2635 if (fd < 0) {
2636 log_error("Failed to open /run/systemd/journal/kernel-seqnum, ignoring: %m");
2637 return 0;
2638 }
2639
2640 if (posix_fallocate(fd, 0, sizeof(uint64_t)) < 0) {
2641 log_error("Failed to allocate sequential number file, ignoring: %m");
2642 close_nointr_nofail(fd);
2643 return 0;
2644 }
2645
2646 p = mmap(NULL, sizeof(uint64_t), PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
2647 if (p == MAP_FAILED) {
2648 log_error("Failed to map sequential number file, ignoring: %m");
2649 close_nointr_nofail(fd);
2650 return 0;
2651 }
2652
2653 close_nointr_nofail(fd);
2654 s->kernel_seqnum = p;
2655
2656 return 0;
2657}
2658
fe652127 2659static int open_signalfd(Server *s) {
7f3e6257 2660 sigset_t mask;
fe652127
LP		 2661 struct epoll_event ev;
2662
2663 assert(s);
2664
2665 assert_se(sigemptyset(&mask) == 0);
ba6b3039 2666 sigset_add_many(&mask, SIGINT, SIGTERM, SIGUSR1, SIGUSR2, -1);
fe652127
LP		 2667 assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) == 0);
2668
2669 s->signal_fd = signalfd(-1, &mask, SFD_NONBLOCK|SFD_CLOEXEC);
2670 if (s->signal_fd < 0) {
2671 log_error("signalfd(): %m");
2672 return -errno;
2673 }
2674
2675 zero(ev);
2676 ev.events = EPOLLIN;
2677 ev.data.fd = s->signal_fd;
2678
2679 if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, s->signal_fd, &ev) < 0) {
2680 log_error("epoll_ctl(): %m");
2681 return -errno;
2682 }
2683
2684 return 0;
2685}
2686
effb1102
LP		 2687static int server_parse_proc_cmdline(Server *s) {
2688 char *line, *w, *state;
2689 int r;
2690 size_t l;
2691
2692 if (detect_container(NULL) > 0)
2693 return 0;
2694
2695 r = read_one_line_file("/proc/cmdline", &line);
2696 if (r < 0) {
2697 log_warning("Failed to read /proc/cmdline, ignoring: %s", strerror(-r));
2698 return 0;
2699 }
2700
2701 FOREACH_WORD_QUOTED(w, l, line, state) {
2702 char *word;
2703
2704 word = strndup(w, l);
2705 if (!word) {
2706 r = -ENOMEM;
2707 goto finish;
2708 }
2709
c66e7bc7 2710 if (startswith(word, "systemd.journald.forward_to_syslog=")) {
effb1102
LP		 2711 r = parse_boolean(word + 35);
2712 if (r < 0)
2713 log_warning("Failed to parse forward to syslog switch %s. Ignoring.", word + 35);
2714 else
2715 s->forward_to_syslog = r;
c66e7bc7 2716 } else if (startswith(word, "systemd.journald.forward_to_kmsg=")) {
effb1102
LP		 2717 r = parse_boolean(word + 33);
2718 if (r < 0)
2719 log_warning("Failed to parse forward to kmsg switch %s. Ignoring.", word + 33);
2720 else
2721 s->forward_to_kmsg = r;
c66e7bc7 2722 } else if (startswith(word, "systemd.journald.forward_to_console=")) {
effb1102
LP		 2723 r = parse_boolean(word + 36);
2724 if (r < 0)
2725 log_warning("Failed to parse forward to console switch %s. Ignoring.", word + 36);
2726 else
2727 s->forward_to_console = r;
66a78c2b
LP		 2728 } else if (startswith(word, "systemd.journald"))
2729 log_warning("Invalid systemd.journald parameter. Ignoring.");
effb1102
LP		 2730
2731 free(word);
2732 }
2733
2734 r = 0;
2735
2736finish:
2737 free(line);
2738 return r;
2739}
2740
e6960940
LP		 2741static int server_parse_config_file(Server *s) {
2742 FILE *f;
2743 const char *fn;
2744 int r;
2745
2746 assert(s);
2747
18b754d3 2748 fn = "/etc/systemd/journald.conf";
e6960940
LP		 2749 f = fopen(fn, "re");
2750 if (!f) {
2751 if (errno == ENOENT)
2752 return 0;
2753
2754 log_warning("Failed to open configuration file %s: %m", fn);
2755 return -errno;
2756 }
2757
2758 r = config_parse(fn, f, "Journal\0", config_item_perf_lookup, (void*) journald_gperf_lookup, false, s);
2759 if (r < 0)
2760 log_warning("Failed to parse configuration file: %s", strerror(-r));
2761
2762 fclose(f);
2763
2764 return r;
2765}
2766
fe652127
LP		 2767static int server_init(Server *s) {
2768 int n, r, fd;
7f3e6257
LP		 2769
2770 assert(s);
2771
2772 zero(*s);
51abe64c 2773 s->syslog_fd = s->native_fd = s->stdout_fd = s->signal_fd = s->epoll_fd = s->dev_kmsg_fd = -1;
807e17f0 2774 s->compress = true;
eb53b74f 2775 s->seal = true;
7f3e6257 2776
e6960940
LP		 2777 s->rate_limit_interval = DEFAULT_RATE_LIMIT_INTERVAL;
2778 s->rate_limit_burst = DEFAULT_RATE_LIMIT_BURST;
2779
224f2ee2
LP		 2780 s->forward_to_syslog = true;
2781
213ba152
LP		 2782 s->max_level_store = LOG_DEBUG;
2783 s->max_level_syslog = LOG_DEBUG;
2784 s->max_level_kmsg = LOG_NOTICE;
2785 s->max_level_console = LOG_INFO;
2786
babfc091
LP		 2787 memset(&s->system_metrics, 0xFF, sizeof(s->system_metrics));
2788 memset(&s->runtime_metrics, 0xFF, sizeof(s->runtime_metrics));
2789
e6960940 2790 server_parse_config_file(s);
effb1102 2791 server_parse_proc_cmdline(s);
e6960940 2792
cee5e9a7
LP		 2793 mkdir_p("/run/systemd/journal", 0755);
2794
fe652127 2795 s->user_journals = hashmap_new(trivial_hash_func, trivial_compare_func);
0d0f0c50
SL		 2796 if (!s->user_journals)
2797 return log_oom();
fe652127 2798
84168d80 2799 s->mmap = mmap_cache_new();
16e9f408
LP		 2800 if (!s->mmap)
2801 return log_oom();
2802
7f3e6257
LP		 2803 s->epoll_fd = epoll_create1(EPOLL_CLOEXEC);
2804 if (s->epoll_fd < 0) {
2805 log_error("Failed to create epoll object: %m");
2806 return -errno;
2807 }
2808
2809 n = sd_listen_fds(true);
2810 if (n < 0) {
2811 log_error("Failed to read listening file descriptors from environment: %s", strerror(-n));
2812 return n;
2813 }
2814
2815 for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
2816
259d2e76 2817 if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/socket", 0) > 0) {
7f3e6257 2818
fe652127
LP		 2819 if (s->native_fd >= 0) {
2820 log_error("Too many native sockets passed.");
7f3e6257
LP		 2821 return -EINVAL;
2822 }
2823
fe652127 2824 s->native_fd = fd;
7f3e6257 2825
259d2e76 2826 } else if (sd_is_socket_unix(fd, SOCK_STREAM, 1, "/run/systemd/journal/stdout", 0) > 0) {
7f3e6257 2827
fe652127
LP		 2828 if (s->stdout_fd >= 0) {
2829 log_error("Too many stdout sockets passed.");
7f3e6257
LP		 2830 return -EINVAL;
2831 }
2832
fe652127
LP		 2833 s->stdout_fd = fd;
2834
2835 } else if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/dev/log", 0) > 0) {
2836
2837 if (s->syslog_fd >= 0) {
2838 log_error("Too many /dev/log sockets passed.");
2839 return -EINVAL;
2840 }
2841
2842 s->syslog_fd = fd;
2843
7f3e6257
LP		 2844 } else {
2845 log_error("Unknown socket passed.");
2846 return -EINVAL;
2847 }
2848 }
2849
2850 r = open_syslog_socket(s);
2851 if (r < 0)
2852 return r;
2853
7f3e6257
LP		 2854 r = open_native_socket(s);
2855 if (r < 0)
2856 return r;
2857
fe652127
LP		 2858 r = open_stdout_socket(s);
2859 if (r < 0)
2860 return r;
87d2c1ff 2861
51abe64c 2862 r = open_dev_kmsg(s);
6c1e6b98
LP		 2863 if (r < 0)
2864 return r;
2865
cee5e9a7
LP		 2866 r = open_kernel_seqnum(s);
2867 if (r < 0)
2868 return r;
2869
fe652127
LP		 2870 r = open_signalfd(s);
2871 if (r < 0)
2872 return r;
87d2c1ff 2873
e6960940 2874 s->rate_limit = journal_rate_limit_new(s->rate_limit_interval, s->rate_limit_burst);
6e409ce1
LP		 2875 if (!s->rate_limit)
2876 return -ENOMEM;
2877
9447a7f1
LP		 2878 r = system_journal_open(s);
2879 if (r < 0)
2880 return r;
2881
87d2c1ff
LP		 2882 return 0;
2883}
2884
2885static void server_done(Server *s) {
2886 JournalFile *f;
2887 assert(s);
2888
fe652127
LP		 2889 while (s->stdout_streams)
2890 stdout_stream_free(s->stdout_streams);
2891
87d2c1ff
LP		 2892 if (s->system_journal)
2893 journal_file_close(s->system_journal);
2894
f4b47811
LP		 2895 if (s->runtime_journal)
2896 journal_file_close(s->runtime_journal);
2897
87d2c1ff
LP		 2898 while ((f = hashmap_steal_first(s->user_journals)))
2899 journal_file_close(f);
2900
2901 hashmap_free(s->user_journals);
2902
2903 if (s->epoll_fd >= 0)
2904 close_nointr_nofail(s->epoll_fd);
2905
2906 if (s->signal_fd >= 0)
2907 close_nointr_nofail(s->signal_fd);
2908
2909 if (s->syslog_fd >= 0)
2910 close_nointr_nofail(s->syslog_fd);
7f3e6257
LP		 2911
2912 if (s->native_fd >= 0)
2913 close_nointr_nofail(s->native_fd);
fe652127
LP		 2914
2915 if (s->stdout_fd >= 0)
2916 close_nointr_nofail(s->stdout_fd);
6e409ce1 2917
51abe64c
LP		 2918 if (s->dev_kmsg_fd >= 0)
2919 close_nointr_nofail(s->dev_kmsg_fd);
6c1e6b98 2920
6e409ce1
LP		 2921 if (s->rate_limit)
2922 journal_rate_limit_free(s->rate_limit);
783d2675 2923
cee5e9a7
LP		 2924 if (s->kernel_seqnum)
2925 munmap(s->kernel_seqnum, sizeof(uint64_t));
2926
783d2675 2927 free(s->buffer);
0d9243f0 2928 free(s->tty_path);
16e9f408
LP		 2929
2930 if (s->mmap)
2931 mmap_cache_unref(s->mmap);
87d2c1ff
LP		 2932}
2933
2934int main(int argc, char *argv[]) {
2935 Server server;
2936 int r;
2937
2938 /* if (getppid() != 1) { */
2939 /* log_error("This program should be invoked by init only."); */
2940 /* return EXIT_FAILURE; */
2941 /* } */
2942
2943 if (argc > 1) {
2944 log_error("This program does not take arguments.");
2945 return EXIT_FAILURE;
2946 }
2947
a6903061 2948 log_set_target(LOG_TARGET_SAFE);
3eff4208 2949 log_set_facility(LOG_SYSLOG);
f65425cb 2950 log_set_max_level(LOG_DEBUG);
87d2c1ff
LP		 2951 log_parse_environment();
2952 log_open();
2953
2954 umask(0022);
2955
2956 r = server_init(&server);
2957 if (r < 0)
2958 goto finish;
2959
e6960940
LP		 2960 server_vacuum(&server);
2961 server_flush_to_var(&server);
51abe64c 2962 server_flush_dev_kmsg(&server);
e6960940 2963
87d2c1ff 2964 log_debug("systemd-journald running as pid %lu", (unsigned long) getpid());
224f2ee2 2965 driver_message(&server, SD_MESSAGE_JOURNAL_START, "Journal started");
87d2c1ff
LP		 2966
2967 sd_notify(false,
2968 "READY=1\n"
fe652127 2969 "STATUS=Processing requests...");
50f20cfd 2970
87d2c1ff
LP		 2971 for (;;) {
2972 struct epoll_event event;
89fef990 2973 int t;
87d2c1ff 2974
89fef990
LP		 2975#ifdef HAVE_GCRYPT
2976 usec_t u;
2977
2978 if (server.system_journal &&
2979 journal_file_next_evolve_usec(server.system_journal, &u)) {
2980 usec_t n;
2981
2982 n = now(CLOCK_MONOTONIC);
2983
2984 if (n >= u)
2985 t = 0;
2986 else
2987 t = (int) ((u - n + USEC_PER_MSEC - 1) / USEC_PER_MSEC);
2988 } else
2989#endif
2990 t = -1;
2991
2992 r = epoll_wait(server.epoll_fd, &event, 1, t);
87d2c1ff
LP		 2993 if (r < 0) {
2994
2995 if (errno == EINTR)
2996 continue;
2997
2998 log_error("epoll_wait() failed: %m");
2999 r = -errno;
3000 goto finish;
89fef990 3001 }
87d2c1ff 3002
89fef990
LP		 3003 if (r > 0) {
3004 r = process_event(&server, &event);
3005 if (r < 0)
3006 goto finish;
3007 else if (r == 0)
3008 break;
3009 }
3010
3011#ifdef HAVE_GCRYPT
3012 if (server.system_journal)
3013 journal_file_maybe_append_tag(server.system_journal, 0);
3014#endif
87d2c1ff
LP		 3015 }
3016
fe652127 3017 log_debug("systemd-journald stopped as pid %lu", (unsigned long) getpid());
224f2ee2 3018 driver_message(&server, SD_MESSAGE_JOURNAL_STOP, "Journal stopped");
fe652127 3019
87d2c1ff
LP		 3020finish:
3021 sd_notify(false,
3022 "STATUS=Shutting down...");
3023
3024 server_done(&server);
3025
3026 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
3027}
Unnamed repository; edit this file 'description' to name the repository.