1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 Copyright 2011 Lennart Poettering
10 #include "sd-messages.h"
12 #include "alloc-util.h"
14 #include "format-util.h"
16 #include "journald-console.h"
17 #include "journald-kmsg.h"
18 #include "journald-server.h"
19 #include "journald-syslog.h"
20 #include "journald-wall.h"
21 #include "process-util.h"
22 #include "selinux-util.h"
23 #include "socket-util.h"
24 #include "stdio-util.h"
25 #include "string-util.h"
26 #include "syslog-util.h"
28 /* Warn once every 30s if we missed syslog message */
29 #define WARN_FORWARD_SYSLOG_MISSED_USEC (30 * USEC_PER_SEC)
31 static void forward_syslog_iovec(Server
*s
, const struct iovec
*iovec
, unsigned n_iovec
, const struct ucred
*ucred
, const struct timeval
*tv
) {
33 static const union sockaddr_union sa
= {
34 .un
.sun_family
= AF_UNIX
,
35 .un
.sun_path
= "/run/systemd/journal/syslog",
37 struct msghdr msghdr
= {
38 .msg_iov
= (struct iovec
*) iovec
,
39 .msg_iovlen
= n_iovec
,
40 .msg_name
= (struct sockaddr
*) &sa
.sa
,
41 .msg_namelen
= SOCKADDR_UN_LEN(sa
.un
),
45 struct cmsghdr cmsghdr
;
46 uint8_t buf
[CMSG_SPACE(sizeof(struct ucred
))];
55 msghdr
.msg_control
= &control
;
56 msghdr
.msg_controllen
= sizeof(control
);
58 cmsg
= CMSG_FIRSTHDR(&msghdr
);
59 cmsg
->cmsg_level
= SOL_SOCKET
;
60 cmsg
->cmsg_type
= SCM_CREDENTIALS
;
61 cmsg
->cmsg_len
= CMSG_LEN(sizeof(struct ucred
));
62 memcpy(CMSG_DATA(cmsg
), ucred
, sizeof(struct ucred
));
63 msghdr
.msg_controllen
= cmsg
->cmsg_len
;
66 /* Forward the syslog message we received via /dev/log to
67 * /run/systemd/syslog. Unfortunately we currently can't set
68 * the SO_TIMESTAMP auxiliary data, and hence we don't. */
70 if (sendmsg(s
->syslog_fd
, &msghdr
, MSG_NOSIGNAL
) >= 0)
73 /* The socket is full? I guess the syslog implementation is
74 * too slow, and we shouldn't wait for that... */
75 if (errno
== EAGAIN
) {
76 s
->n_forward_syslog_missed
++;
80 if (ucred
&& IN_SET(errno
, ESRCH
, EPERM
)) {
83 /* Hmm, presumably the sender process vanished
84 * by now, or we don't have CAP_SYS_AMDIN, so
85 * let's fix it as good as we can, and retry */
88 u
.pid
= getpid_cached();
89 memcpy(CMSG_DATA(cmsg
), &u
, sizeof(struct ucred
));
91 if (sendmsg(s
->syslog_fd
, &msghdr
, MSG_NOSIGNAL
) >= 0)
94 if (errno
== EAGAIN
) {
95 s
->n_forward_syslog_missed
++;
101 log_debug_errno(errno
, "Failed to forward syslog message: %m");
104 static void forward_syslog_raw(Server
*s
, int priority
, const char *buffer
, size_t buffer_len
, const struct ucred
*ucred
, const struct timeval
*tv
) {
110 if (LOG_PRI(priority
) > s
->max_level_syslog
)
113 iovec
= IOVEC_MAKE((char *) buffer
, buffer_len
);
114 forward_syslog_iovec(s
, &iovec
, 1, ucred
, tv
);
117 void server_forward_syslog(Server
*s
, int priority
, const char *identifier
, const char *message
, const struct ucred
*ucred
, const struct timeval
*tv
) {
118 struct iovec iovec
[5];
119 char header_priority
[DECIMAL_STR_MAX(priority
) + 3], header_time
[64],
120 header_pid
[STRLEN("[]: ") + DECIMAL_STR_MAX(pid_t
) + 1];
124 _cleanup_free_
char *ident_buf
= NULL
;
127 assert(priority
>= 0);
128 assert(priority
<= 999);
131 if (LOG_PRI(priority
) > s
->max_level_syslog
)
134 /* First: priority field */
135 xsprintf(header_priority
, "<%i>", priority
);
136 iovec
[n
++] = IOVEC_MAKE_STRING(header_priority
);
138 /* Second: timestamp */
139 t
= tv
? tv
->tv_sec
: ((time_t) (now(CLOCK_REALTIME
) / USEC_PER_SEC
));
143 if (strftime(header_time
, sizeof(header_time
), "%h %e %T ", tm
) <= 0)
145 iovec
[n
++] = IOVEC_MAKE_STRING(header_time
);
147 /* Third: identifier and PID */
150 get_process_comm(ucred
->pid
, &ident_buf
);
151 identifier
= ident_buf
;
154 xsprintf(header_pid
, "["PID_FMT
"]: ", ucred
->pid
);
157 iovec
[n
++] = IOVEC_MAKE_STRING(identifier
);
159 iovec
[n
++] = IOVEC_MAKE_STRING(header_pid
);
160 } else if (identifier
) {
161 iovec
[n
++] = IOVEC_MAKE_STRING(identifier
);
162 iovec
[n
++] = IOVEC_MAKE_STRING(": ");
165 /* Fourth: message */
166 iovec
[n
++] = IOVEC_MAKE_STRING(message
);
168 forward_syslog_iovec(s
, iovec
, n
, ucred
, tv
);
171 int syslog_fixup_facility(int priority
) {
173 if ((priority
& LOG_FACMASK
) == 0)
174 return (priority
& LOG_PRIMASK
) | LOG_USER
;
179 size_t syslog_parse_identifier(const char **buf
, char **identifier
, char **pid
) {
190 p
+= strspn(p
, WHITESPACE
);
191 l
= strcspn(p
, WHITESPACE
);
206 t
= strndup(p
+k
+1, l
-k
-2);
225 if (strchr(WHITESPACE
, p
[e
]))
231 static void syslog_skip_date(char **buf
) {
239 LETTER
, LETTER
, LETTER
,
241 SPACE_OR_NUMBER
, NUMBER
,
243 SPACE_OR_NUMBER
, NUMBER
,
245 SPACE_OR_NUMBER
, NUMBER
,
247 SPACE_OR_NUMBER
, NUMBER
,
259 for (i
= 0; i
< ELEMENTSOF(sequence
); i
++, p
++) {
264 switch (sequence
[i
]) {
271 case SPACE_OR_NUMBER
:
277 if (*p
< '0' || *p
> '9')
283 if (!(*p
>= 'A' && *p
<= 'Z') &&
284 !(*p
>= 'a' && *p
<= 'z'))
300 void server_process_syslog_message(
304 const struct ucred
*ucred
,
305 const struct timeval
*tv
,
309 char syslog_priority
[sizeof("PRIORITY=") + DECIMAL_STR_MAX(int)],
310 syslog_facility
[sizeof("SYSLOG_FACILITY=") + DECIMAL_STR_MAX(int)], *msg
;
311 const char *message
= NULL
, *syslog_identifier
= NULL
, *syslog_pid
= NULL
;
312 _cleanup_free_
char *identifier
= NULL
, *pid
= NULL
;
313 int priority
= LOG_USER
| LOG_INFO
, r
;
314 ClientContext
*context
= NULL
;
321 if (ucred
&& pid_is_valid(ucred
->pid
)) {
322 r
= client_context_get(s
, ucred
->pid
, ucred
, label
, label_len
, NULL
, &context
);
324 log_warning_errno(r
, "Failed to retrieve credentials for PID " PID_FMT
", ignoring: %m", ucred
->pid
);
327 /* We are creating copy of the message because we want to forward original message verbatim to the legacy
328 syslog implementation */
329 for (i
= buf_len
; i
> 0; i
--)
330 if (!strchr(WHITESPACE
, buf
[i
-1]))
333 msg
= newa(char, i
+ 1);
334 *((char *) mempcpy(msg
, buf
, i
)) = 0;
335 msg
= skip_leading_chars(msg
, WHITESPACE
);
337 syslog_parse_priority((const char **)&msg
, &priority
, true);
339 if (!client_context_test_priority(context
, priority
))
342 if (s
->forward_to_syslog
)
343 forward_syslog_raw(s
, priority
, buf
, buf_len
, ucred
, tv
);
345 syslog_skip_date(&msg
);
346 syslog_parse_identifier((const char**)&msg
, &identifier
, &pid
);
348 if (s
->forward_to_kmsg
)
349 server_forward_kmsg(s
, priority
, identifier
, msg
, ucred
);
351 if (s
->forward_to_console
)
352 server_forward_console(s
, priority
, identifier
, msg
, ucred
);
354 if (s
->forward_to_wall
)
355 server_forward_wall(s
, priority
, identifier
, msg
, ucred
);
357 m
= N_IOVEC_META_FIELDS
+ 6 + client_context_extra_fields_n_iovec(context
);
358 iovec
= newa(struct iovec
, m
);
360 iovec
[n
++] = IOVEC_MAKE_STRING("_TRANSPORT=syslog");
362 xsprintf(syslog_priority
, "PRIORITY=%i", priority
& LOG_PRIMASK
);
363 iovec
[n
++] = IOVEC_MAKE_STRING(syslog_priority
);
365 if (priority
& LOG_FACMASK
) {
366 xsprintf(syslog_facility
, "SYSLOG_FACILITY=%i", LOG_FAC(priority
));
367 iovec
[n
++] = IOVEC_MAKE_STRING(syslog_facility
);
371 syslog_identifier
= strjoina("SYSLOG_IDENTIFIER=", identifier
);
372 iovec
[n
++] = IOVEC_MAKE_STRING(syslog_identifier
);
376 syslog_pid
= strjoina("SYSLOG_PID=", pid
);
377 iovec
[n
++] = IOVEC_MAKE_STRING(syslog_pid
);
380 message
= strjoina("MESSAGE=", msg
);
382 iovec
[n
++] = IOVEC_MAKE_STRING(message
);
384 server_dispatch_message(s
, iovec
, n
, m
, context
, tv
, priority
, 0);
387 int server_open_syslog_socket(Server
*s
) {
389 static const union sockaddr_union sa
= {
390 .un
.sun_family
= AF_UNIX
,
391 .un
.sun_path
= "/run/systemd/journal/dev-log",
393 static const int one
= 1;
398 if (s
->syslog_fd
< 0) {
399 s
->syslog_fd
= socket(AF_UNIX
, SOCK_DGRAM
|SOCK_CLOEXEC
|SOCK_NONBLOCK
, 0);
400 if (s
->syslog_fd
< 0)
401 return log_error_errno(errno
, "socket() failed: %m");
403 (void) unlink(sa
.un
.sun_path
);
405 r
= bind(s
->syslog_fd
, &sa
.sa
, SOCKADDR_UN_LEN(sa
.un
));
407 return log_error_errno(errno
, "bind(%s) failed: %m", sa
.un
.sun_path
);
409 (void) chmod(sa
.un
.sun_path
, 0666);
411 fd_nonblock(s
->syslog_fd
, 1);
413 r
= setsockopt(s
->syslog_fd
, SOL_SOCKET
, SO_PASSCRED
, &one
, sizeof(one
));
415 return log_error_errno(errno
, "SO_PASSCRED failed: %m");
418 if (mac_selinux_use()) {
419 r
= setsockopt(s
->syslog_fd
, SOL_SOCKET
, SO_PASSSEC
, &one
, sizeof(one
));
421 log_warning_errno(errno
, "SO_PASSSEC failed: %m");
425 r
= setsockopt(s
->syslog_fd
, SOL_SOCKET
, SO_TIMESTAMP
, &one
, sizeof(one
));
427 return log_error_errno(errno
, "SO_TIMESTAMP failed: %m");
429 r
= sd_event_add_io(s
->event
, &s
->syslog_event_source
, s
->syslog_fd
, EPOLLIN
, server_process_datagram
, s
);
431 return log_error_errno(r
, "Failed to add syslog server fd to event loop: %m");
433 r
= sd_event_source_set_priority(s
->syslog_event_source
, SD_EVENT_PRIORITY_NORMAL
+5);
435 return log_error_errno(r
, "Failed to adjust syslog event source priority: %m");
440 void server_maybe_warn_forward_syslog_missed(Server
*s
) {
445 if (s
->n_forward_syslog_missed
<= 0)
448 n
= now(CLOCK_MONOTONIC
);
449 if (s
->last_warn_forward_syslog_missed
+ WARN_FORWARD_SYSLOG_MISSED_USEC
> n
)
452 server_driver_message(s
, 0,
453 "MESSAGE_ID=" SD_MESSAGE_FORWARD_SYSLOG_MISSED_STR
,
454 LOG_MESSAGE("Forwarding to syslog missed %u messages.",
455 s
->n_forward_syslog_missed
),
458 s
->n_forward_syslog_missed
= 0;
459 s
->last_warn_forward_syslog_missed
= n
;