[thirdparty/systemd.git] / src / shared / journal-util.c

/* SPDX-License-Identifier: LGPL-2.1+ */
/***
  This file is part of systemd.

  Copyright 2013 Zbigniew Jędrzejewski-Szmek
  Copyright 2015 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include "acl-util.h"
#include "fs-util.h"
#include "hashmap.h"
#include "journal-internal.h"
#include "journal-util.h"
#include "log.h"
#include "strv.h"
#include "user-util.h"

static int access_check_var_log_journal(sd_journal *j) {
#if HAVE_ACL
        _cleanup_strv_free_ char **g = NULL;
        const char* dir;
#endif
        int r;

        assert(j);

        /* If we are root, we should have access, don't warn. */
        if (getuid() == 0)
                return 0;

        /* If we are in the 'systemd-journal' group, we should have
         * access too. */
        r = in_group("systemd-journal");
        if (r < 0)
                return log_error_errno(r, "Failed to check if we are in the 'systemd-journal' group: %m");
        if (r > 0)
                return 0;

#if HAVE_ACL
        if (laccess("/run/log/journal", F_OK) >= 0)
                dir = "/run/log/journal";
        else
                dir = "/var/log/journal";

        /* If we are in any of the groups listed in the journal ACLs,
         * then all is good, too. Let's enumerate all groups from the
         * default ACL of the directory, which generally should allow
         * access to most journal files too. */
        r = acl_search_groups(dir, &g);
        if (r < 0)
                return log_error_errno(r, "Failed to search journal ACL: %m");
        if (r > 0)
                return 0;

        /* Print a pretty list, if there were ACLs set. */
        if (!strv_isempty(g)) {
                _cleanup_free_ char *s = NULL;

                /* Thre are groups in the ACL, let's list them */
                r = strv_extend(&g, "systemd-journal");
                if (r < 0)
                        return log_oom();

                strv_sort(g);
                strv_uniq(g);

                s = strv_join(g, "', '");
                if (!s)
                        return log_oom();

                log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
                           "      Users in groups '%s' can see all messages.\n"
                           "      Pass -q to turn off this notice.", s);
                return 1;
        }
#endif

        /* If no ACLs were found, print a short version of the message. */
        log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
                   "      Users in the 'systemd-journal' group can see all messages. Pass -q to\n"
                   "      turn off this notice.");

        return 1;
}

int journal_access_check_and_warn(sd_journal *j, bool quiet) {
        Iterator it;
        void *code;
        char *path;
        int r = 0;

        assert(j);

        if (hashmap_isempty(j->errors)) {
                if (ordered_hashmap_isempty(j->files) && !quiet)
                        log_notice("No journal files were found.");

                return 0;
        }

        if (hashmap_contains(j->errors, INT_TO_PTR(-EACCES))) {
                if (!quiet)
                        (void) access_check_var_log_journal(j);

                if (ordered_hashmap_isempty(j->files))
                        r = log_error_errno(EACCES, "No journal files were opened due to insufficient permissions.");
        }

        HASHMAP_FOREACH_KEY(path, code, j->errors, it) {
                int err;

                err = abs(PTR_TO_INT(code));

                switch (err) {
                case EACCES:
                        continue;

                case ENODATA:
                        log_warning_errno(err, "Journal file %s is truncated, ignoring file.", path);
                        break;

                case EPROTONOSUPPORT:
                        log_warning_errno(err, "Journal file %1$s uses an unsupported feature, ignoring file.\n"
                                               "Use SYSTEMD_LOG_LEVEL=debug journalctl --file=%1$s to see the details.",
                                               path);
                        break;

                case EBADMSG:
                        log_warning_errno(err, "Journal file %s corrupted, ignoring file.", path);
                        break;

                default:
                        log_warning_errno(err, "An error was encountered while opening journal file or directory %s, ignoring file: %m", path);
                        break;
                }
        }

        return r;
}

bool journal_field_valid(const char *p, size_t l, bool allow_protected) {
        const char *a;

        /* We kinda enforce POSIX syntax recommendations for
           environment variables here, but make a couple of additional
           requirements.

           http://pubs.opengroup.org/onlinepubs/000095399/basedefs/xbd_chap08.html */

        if (l == (size_t) -1)
                l = strlen(p);

        /* No empty field names */
        if (l <= 0)
                return false;

        /* Don't allow names longer than 64 chars */
        if (l > 64)
                return false;

        /* Variables starting with an underscore are protected */
        if (!allow_protected && p[0] == '_')
                return false;

        /* Don't allow digits as first character */
        if (p[0] >= '0' && p[0] <= '9')
                return false;

        /* Only allow A-Z0-9 and '_' */
        for (a = p; a < p + l; a++)
                if ((*a < 'A' || *a > 'Z') &&
                    (*a < '0' || *a > '9') &&
                    *a != '_')
                        return false;

        return true;
}
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
4f37cbd9 ZJS	2	/***
	3	This file is part of systemd.
	4
	5	Copyright 2013 Zbigniew Jędrzejewski-Szmek
	6	Copyright 2015 Lennart Poettering
	7
	8	systemd is free software; you can redistribute it and/or modify it
	9	under the terms of the GNU Lesser General Public License as published by
	10	the Free Software Foundation; either version 2.1 of the License, or
	11	(at your option) any later version.
	12
	13	systemd is distributed in the hope that it will be useful, but
	14	WITHOUT ANY WARRANTY; without even the implied warranty of
	15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	16	Lesser General Public License for more details.
	17
	18	You should have received a copy of the GNU Lesser General Public License
	19	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	20	***/
	21
	22	#include "acl-util.h"
	23	#include "fs-util.h"
	24	#include "hashmap.h"
	25	#include "journal-internal.h"
	26	#include "journal-util.h"
	27	#include "log.h"
	28	#include "strv.h"
	29	#include "user-util.h"
	30
	31	static int access_check_var_log_journal(sd_journal *j) {
349cc4a5	32	#if HAVE_ACL
4f37cbd9 ZJS	33	_cleanup_strv_free_ char **g = NULL;
	34	const char* dir;
	35	#endif
	36	int r;
	37
	38	assert(j);
	39
	40	/* If we are root, we should have access, don't warn. */
	41	if (getuid() == 0)
	42	return 0;
	43
	44	/* If we are in the 'systemd-journal' group, we should have
	45	* access too. */
	46	r = in_group("systemd-journal");
	47	if (r < 0)
	48	return log_error_errno(r, "Failed to check if we are in the 'systemd-journal' group: %m");
	49	if (r > 0)
	50	return 0;
	51
349cc4a5	52	#if HAVE_ACL
4f37cbd9 ZJS	53	if (laccess("/run/log/journal", F_OK) >= 0)
	54	dir = "/run/log/journal";
	55	else
	56	dir = "/var/log/journal";
	57
	58	/* If we are in any of the groups listed in the journal ACLs,
	59	* then all is good, too. Let's enumerate all groups from the
	60	* default ACL of the directory, which generally should allow
	61	* access to most journal files too. */
	62	r = acl_search_groups(dir, &g);
	63	if (r < 0)
	64	return log_error_errno(r, "Failed to search journal ACL: %m");
	65	if (r > 0)
	66	return 0;
	67
	68	/* Print a pretty list, if there were ACLs set. */
	69	if (!strv_isempty(g)) {
	70	_cleanup_free_ char *s = NULL;
	71
	72	/* Thre are groups in the ACL, let's list them */
	73	r = strv_extend(&g, "systemd-journal");
	74	if (r < 0)
	75	return log_oom();
	76
	77	strv_sort(g);
	78	strv_uniq(g);
	79
	80	s = strv_join(g, "', '");
	81	if (!s)
	82	return log_oom();
	83
	84	log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
	85	" Users in groups '%s' can see all messages.\n"
	86	" Pass -q to turn off this notice.", s);
	87	return 1;
	88	}
	89	#endif
	90
	91	/* If no ACLs were found, print a short version of the message. */
	92	log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
	93	" Users in the 'systemd-journal' group can see all messages. Pass -q to\n"
	94	" turn off this notice.");
	95
	96	return 1;
	97	}
	98
	99	int journal_access_check_and_warn(sd_journal *j, bool quiet) {
	100	Iterator it;
	101	void *code;
	102	char *path;
	103	int r = 0;
	104
	105	assert(j);
	106
	107	if (hashmap_isempty(j->errors)) {
	108	if (ordered_hashmap_isempty(j->files) && !quiet)
	109	log_notice("No journal files were found.");
	110
	111	return 0;
	112	}
	113
	114	if (hashmap_contains(j->errors, INT_TO_PTR(-EACCES))) {
	115	if (!quiet)
	116	(void) access_check_var_log_journal(j);
117
118	if (ordered_hashmap_isempty(j->files))
119	r = log_error_errno(EACCES, "No journal files were opened due to insufficient permissions.");
120	}
121
122	HASHMAP_FOREACH_KEY(path, code, j->errors, it) {
123	int err;
124
125	err = abs(PTR_TO_INT(code));
126
127	switch (err) {
128	case EACCES:
129	continue;
130
131	case ENODATA:
132	log_warning_errno(err, "Journal file %s is truncated, ignoring file.", path);
133	break;
134
135	case EPROTONOSUPPORT:
136	log_warning_errno(err, "Journal file %1$s uses an unsupported feature, ignoring file.\n"
137	"Use SYSTEMD_LOG_LEVEL=debug journalctl --file=%1$s to see the details.",
138	path);
139	break;
140
141	case EBADMSG:
142	log_warning_errno(err, "Journal file %s corrupted, ignoring file.", path);
143	break;
144
145	default:
146	log_warning_errno(err, "An error was encountered while opening journal file or directory %s, ignoring file: %m", path);
147	break;
148	}
149	}
150
151	return r;
152	}
53978b98 LP	153
	154	bool journal_field_valid(const char *p, size_t l, bool allow_protected) {
	155	const char *a;
	156
	157	/* We kinda enforce POSIX syntax recommendations for
	158	environment variables here, but make a couple of additional
	159	requirements.
	160
	161	http://pubs.opengroup.org/onlinepubs/000095399/basedefs/xbd_chap08.html */
	162
	163	if (l == (size_t) -1)
	164	l = strlen(p);
	165
	166	/* No empty field names */
	167	if (l <= 0)
	168	return false;
	169
	170	/* Don't allow names longer than 64 chars */
	171	if (l > 64)
	172	return false;
	173
	174	/* Variables starting with an underscore are protected */
	175	if (!allow_protected && p[0] == '_')
	176	return false;
	177
	178	/* Don't allow digits as first character */
	179	if (p[0] >= '0' && p[0] <= '9')
	180	return false;
	181
	182	/* Only allow A-Z0-9 and '_' */
	183	for (a = p; a < p + l; a++)
	184	if ((a < 'A' \|\| a > 'Z') &&
	185	(a < '0' \|\| a > '9') &&
	186	*a != '_')
	187	return false;
	188
	189	return true;
	190	}