]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/journal/journald-syslog.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tree-wide: drop 'This file is part of systemd' blurb
[thirdparty/systemd.git] / src / journal / journald-syslog.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2 /***
3 Copyright 2011 Lennart Poettering
4 ***/
5
6 #include <stddef.h>
7 #include <sys/epoll.h>
8 #include <unistd.h>
9
10 #include "sd-messages.h"
11
12 #include "alloc-util.h"
13 #include "fd-util.h"
14 #include "format-util.h"
15 #include "io-util.h"
16 #include "journald-console.h"
17 #include "journald-kmsg.h"
18 #include "journald-server.h"
19 #include "journald-syslog.h"
20 #include "journald-wall.h"
21 #include "process-util.h"
22 #include "selinux-util.h"
23 #include "socket-util.h"
24 #include "stdio-util.h"
25 #include "string-util.h"
26 #include "syslog-util.h"
27
28 /* Warn once every 30s if we missed syslog message */
29 #define WARN_FORWARD_SYSLOG_MISSED_USEC (30 * USEC_PER_SEC)
30
31 static void forward_syslog_iovec(Server *s, const struct iovec *iovec, unsigned n_iovec, const struct ucred *ucred, const struct timeval *tv) {
32
33 static const union sockaddr_union sa = {
34 .un.sun_family = AF_UNIX,
35 .un.sun_path = "/run/systemd/journal/syslog",
36 };
37 struct msghdr msghdr = {
38 .msg_iov = (struct iovec *) iovec,
39 .msg_iovlen = n_iovec,
40 .msg_name = (struct sockaddr*) &sa.sa,
41 .msg_namelen = SOCKADDR_UN_LEN(sa.un),
42 };
43 struct cmsghdr *cmsg;
44 union {
45 struct cmsghdr cmsghdr;
46 uint8_t buf[CMSG_SPACE(sizeof(struct ucred))];
47 } control;
48
49 assert(s);
50 assert(iovec);
51 assert(n_iovec > 0);
52
53 if (ucred) {
54 zero(control);
55 msghdr.msg_control = &control;
56 msghdr.msg_controllen = sizeof(control);
57
58 cmsg = CMSG_FIRSTHDR(&msghdr);
59 cmsg->cmsg_level = SOL_SOCKET;
60 cmsg->cmsg_type = SCM_CREDENTIALS;
61 cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
62 memcpy(CMSG_DATA(cmsg), ucred, sizeof(struct ucred));
63 msghdr.msg_controllen = cmsg->cmsg_len;
64 }
65
66 /* Forward the syslog message we received via /dev/log to
67 * /run/systemd/syslog. Unfortunately we currently can't set
68 * the SO_TIMESTAMP auxiliary data, and hence we don't. */
69
70 if (sendmsg(s->syslog_fd, &msghdr, MSG_NOSIGNAL) >= 0)
71 return;
72
73 /* The socket is full? I guess the syslog implementation is
74 * too slow, and we shouldn't wait for that... */
75 if (errno == EAGAIN) {
76 s->n_forward_syslog_missed++;
77 return;
78 }
79
80 if (ucred && IN_SET(errno, ESRCH, EPERM)) {
81 struct ucred u;
82
83 /* Hmm, presumably the sender process vanished
84 * by now, or we don't have CAP_SYS_AMDIN, so
85 * let's fix it as good as we can, and retry */
86
87 u = *ucred;
88 u.pid = getpid_cached();
89 memcpy(CMSG_DATA(cmsg), &u, sizeof(struct ucred));
90
91 if (sendmsg(s->syslog_fd, &msghdr, MSG_NOSIGNAL) >= 0)
92 return;
93
94 if (errno == EAGAIN) {
95 s->n_forward_syslog_missed++;
96 return;
97 }
98 }
99
100 if (errno != ENOENT)
101 log_debug_errno(errno, "Failed to forward syslog message: %m");
102 }
103
104 static void forward_syslog_raw(Server *s, int priority, const char *buffer, size_t buffer_len, const struct ucred *ucred, const struct timeval *tv) {
105 struct iovec iovec;
106
107 assert(s);
108 assert(buffer);
109
110 if (LOG_PRI(priority) > s->max_level_syslog)
111 return;
112
113 iovec = IOVEC_MAKE((char *) buffer, buffer_len);
114 forward_syslog_iovec(s, &iovec, 1, ucred, tv);
115 }
116
117 void server_forward_syslog(Server *s, int priority, const char *identifier, const char *message, const struct ucred *ucred, const struct timeval *tv) {
118 struct iovec iovec[5];
119 char header_priority[DECIMAL_STR_MAX(priority) + 3], header_time[64],
120 header_pid[STRLEN("[]: ") + DECIMAL_STR_MAX(pid_t) + 1];
121 int n = 0;
122 time_t t;
123 struct tm *tm;
124 _cleanup_free_ char *ident_buf = NULL;
125
126 assert(s);
127 assert(priority >= 0);
128 assert(priority <= 999);
129 assert(message);
130
131 if (LOG_PRI(priority) > s->max_level_syslog)
132 return;
133
134 /* First: priority field */
135 xsprintf(header_priority, "<%i>", priority);
136 iovec[n++] = IOVEC_MAKE_STRING(header_priority);
137
138 /* Second: timestamp */
139 t = tv ? tv->tv_sec : ((time_t) (now(CLOCK_REALTIME) / USEC_PER_SEC));
140 tm = localtime(&t);
141 if (!tm)
142 return;
143 if (strftime(header_time, sizeof(header_time), "%h %e %T ", tm) <= 0)
144 return;
145 iovec[n++] = IOVEC_MAKE_STRING(header_time);
146
147 /* Third: identifier and PID */
148 if (ucred) {
149 if (!identifier) {
150 get_process_comm(ucred->pid, &ident_buf);
151 identifier = ident_buf;
152 }
153
154 xsprintf(header_pid, "["PID_FMT"]: ", ucred->pid);
155
156 if (identifier)
157 iovec[n++] = IOVEC_MAKE_STRING(identifier);
158
159 iovec[n++] = IOVEC_MAKE_STRING(header_pid);
160 } else if (identifier) {
161 iovec[n++] = IOVEC_MAKE_STRING(identifier);
162 iovec[n++] = IOVEC_MAKE_STRING(": ");
163 }
164
165 /* Fourth: message */
166 iovec[n++] = IOVEC_MAKE_STRING(message);
167
168 forward_syslog_iovec(s, iovec, n, ucred, tv);
169 }
170
171 int syslog_fixup_facility(int priority) {
172
173 if ((priority & LOG_FACMASK) == 0)
174 return (priority & LOG_PRIMASK) | LOG_USER;
175
176 return priority;
177 }
178
179 size_t syslog_parse_identifier(const char **buf, char **identifier, char **pid) {
180 const char *p;
181 char *t;
182 size_t l, e;
183
184 assert(buf);
185 assert(identifier);
186 assert(pid);
187
188 p = *buf;
189
190 p += strspn(p, WHITESPACE);
191 l = strcspn(p, WHITESPACE);
192
193 if (l <= 0 ||
194 p[l-1] != ':')
195 return 0;
196
197 e = l;
198 l--;
199
200 if (p[l-1] == ']') {
201 size_t k = l-1;
202
203 for (;;) {
204
205 if (p[k] == '[') {
206 t = strndup(p+k+1, l-k-2);
207 if (t)
208 *pid = t;
209
210 l = k;
211 break;
212 }
213
214 if (k == 0)
215 break;
216
217 k--;
218 }
219 }
220
221 t = strndup(p, l);
222 if (t)
223 *identifier = t;
224
225 if (strchr(WHITESPACE, p[e]))
226 e++;
227 *buf = p + e;
228 return e;
229 }
230
231 static void syslog_skip_date(char **buf) {
232 enum {
233 LETTER,
234 SPACE,
235 NUMBER,
236 SPACE_OR_NUMBER,
237 COLON
238 } sequence[] = {
239 LETTER, LETTER, LETTER,
240 SPACE,
241 SPACE_OR_NUMBER, NUMBER,
242 SPACE,
243 SPACE_OR_NUMBER, NUMBER,
244 COLON,
245 SPACE_OR_NUMBER, NUMBER,
246 COLON,
247 SPACE_OR_NUMBER, NUMBER,
248 SPACE
249 };
250
251 char *p;
252 unsigned i;
253
254 assert(buf);
255 assert(*buf);
256
257 p = *buf;
258
259 for (i = 0; i < ELEMENTSOF(sequence); i++, p++) {
260
261 if (!*p)
262 return;
263
264 switch (sequence[i]) {
265
266 case SPACE:
267 if (*p != ' ')
268 return;
269 break;
270
271 case SPACE_OR_NUMBER:
272 if (*p == ' ')
273 break;
274
275 _fallthrough_;
276 case NUMBER:
277 if (*p < '0' || *p > '9')
278 return;
279
280 break;
281
282 case LETTER:
283 if (!(*p >= 'A' && *p <= 'Z') &&
284 !(*p >= 'a' && *p <= 'z'))
285 return;
286
287 break;
288
289 case COLON:
290 if (*p != ':')
291 return;
292 break;
293
294 }
295 }
296
297 *buf = p;
298 }
299
300 void server_process_syslog_message(
301 Server *s,
302 const char *buf,
303 size_t buf_len,
304 const struct ucred *ucred,
305 const struct timeval *tv,
306 const char *label,
307 size_t label_len) {
308
309 char syslog_priority[sizeof("PRIORITY=") + DECIMAL_STR_MAX(int)],
310 syslog_facility[sizeof("SYSLOG_FACILITY=") + DECIMAL_STR_MAX(int)], *msg;
311 const char *message = NULL, *syslog_identifier = NULL, *syslog_pid = NULL;
312 _cleanup_free_ char *identifier = NULL, *pid = NULL;
313 int priority = LOG_USER | LOG_INFO, r;
314 ClientContext *context = NULL;
315 struct iovec *iovec;
316 size_t n = 0, m, i;
317
318 assert(s);
319 assert(buf);
320
321 if (ucred && pid_is_valid(ucred->pid)) {
322 r = client_context_get(s, ucred->pid, ucred, label, label_len, NULL, &context);
323 if (r < 0)
324 log_warning_errno(r, "Failed to retrieve credentials for PID " PID_FMT ", ignoring: %m", ucred->pid);
325 }
326
327 /* We are creating copy of the message because we want to forward original message verbatim to the legacy
328 syslog implementation */
329 for (i = buf_len; i > 0; i--)
330 if (!strchr(WHITESPACE, buf[i-1]))
331 break;
332
333 msg = newa(char, i + 1);
334 *((char *) mempcpy(msg, buf, i)) = 0;
335 msg = skip_leading_chars(msg, WHITESPACE);
336
337 syslog_parse_priority((const char **)&msg, &priority, true);
338
339 if (!client_context_test_priority(context, priority))
340 return;
341
342 if (s->forward_to_syslog)
343 forward_syslog_raw(s, priority, buf, buf_len, ucred, tv);
344
345 syslog_skip_date(&msg);
346 syslog_parse_identifier((const char**)&msg, &identifier, &pid);
347
348 if (s->forward_to_kmsg)
349 server_forward_kmsg(s, priority, identifier, msg, ucred);
350
351 if (s->forward_to_console)
352 server_forward_console(s, priority, identifier, msg, ucred);
353
354 if (s->forward_to_wall)
355 server_forward_wall(s, priority, identifier, msg, ucred);
356
357 m = N_IOVEC_META_FIELDS + 6 + client_context_extra_fields_n_iovec(context);
358 iovec = newa(struct iovec, m);
359
360 iovec[n++] = IOVEC_MAKE_STRING("_TRANSPORT=syslog");
361
362 xsprintf(syslog_priority, "PRIORITY=%i", priority & LOG_PRIMASK);
363 iovec[n++] = IOVEC_MAKE_STRING(syslog_priority);
364
365 if (priority & LOG_FACMASK) {
366 xsprintf(syslog_facility, "SYSLOG_FACILITY=%i", LOG_FAC(priority));
367 iovec[n++] = IOVEC_MAKE_STRING(syslog_facility);
368 }
369
370 if (identifier) {
371 syslog_identifier = strjoina("SYSLOG_IDENTIFIER=", identifier);
372 iovec[n++] = IOVEC_MAKE_STRING(syslog_identifier);
373 }
374
375 if (pid) {
376 syslog_pid = strjoina("SYSLOG_PID=", pid);
377 iovec[n++] = IOVEC_MAKE_STRING(syslog_pid);
378 }
379
380 message = strjoina("MESSAGE=", msg);
381 if (message)
382 iovec[n++] = IOVEC_MAKE_STRING(message);
383
384 server_dispatch_message(s, iovec, n, m, context, tv, priority, 0);
385 }
386
387 int server_open_syslog_socket(Server *s) {
388
389 static const union sockaddr_union sa = {
390 .un.sun_family = AF_UNIX,
391 .un.sun_path = "/run/systemd/journal/dev-log",
392 };
393 static const int one = 1;
394 int r;
395
396 assert(s);
397
398 if (s->syslog_fd < 0) {
399 s->syslog_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
400 if (s->syslog_fd < 0)
401 return log_error_errno(errno, "socket() failed: %m");
402
403 (void) unlink(sa.un.sun_path);
404
405 r = bind(s->syslog_fd, &sa.sa, SOCKADDR_UN_LEN(sa.un));
406 if (r < 0)
407 return log_error_errno(errno, "bind(%s) failed: %m", sa.un.sun_path);
408
409 (void) chmod(sa.un.sun_path, 0666);
410 } else
411 fd_nonblock(s->syslog_fd, 1);
412
413 r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one));
414 if (r < 0)
415 return log_error_errno(errno, "SO_PASSCRED failed: %m");
416
417 #if HAVE_SELINUX
418 if (mac_selinux_use()) {
419 r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one));
420 if (r < 0)
421 log_warning_errno(errno, "SO_PASSSEC failed: %m");
422 }
423 #endif
424
425 r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_TIMESTAMP, &one, sizeof(one));
426 if (r < 0)
427 return log_error_errno(errno, "SO_TIMESTAMP failed: %m");
428
429 r = sd_event_add_io(s->event, &s->syslog_event_source, s->syslog_fd, EPOLLIN, server_process_datagram, s);
430 if (r < 0)
431 return log_error_errno(r, "Failed to add syslog server fd to event loop: %m");
432
433 r = sd_event_source_set_priority(s->syslog_event_source, SD_EVENT_PRIORITY_NORMAL+5);
434 if (r < 0)
435 return log_error_errno(r, "Failed to adjust syslog event source priority: %m");
436
437 return 0;
438 }
439
440 void server_maybe_warn_forward_syslog_missed(Server *s) {
441 usec_t n;
442
443 assert(s);
444
445 if (s->n_forward_syslog_missed <= 0)
446 return;
447
448 n = now(CLOCK_MONOTONIC);
449 if (s->last_warn_forward_syslog_missed + WARN_FORWARD_SYSLOG_MISSED_USEC > n)
450 return;
451
452 server_driver_message(s, 0,
453 "MESSAGE_ID=" SD_MESSAGE_FORWARD_SYSLOG_MISSED_STR,
454 LOG_MESSAGE("Forwarding to syslog missed %u messages.",
455 s->n_forward_syslog_missed),
456 NULL);
457
458 s->n_forward_syslog_missed = 0;
459 s->last_warn_forward_syslog_missed = n;
460 }
Unnamed repository; edit this file 'description' to name the repository.