]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/journal/journald-syslog.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #28697 from 1awesomeJ/new_bsod
[thirdparty/systemd.git] / src / journal / journald-syslog.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <stddef.h>
4 #include <sys/epoll.h>
5 #include <unistd.h>
6
7 #include "sd-messages.h"
8
9 #include "alloc-util.h"
10 #include "fd-util.h"
11 #include "format-util.h"
12 #include "io-util.h"
13 #include "journal-internal.h"
14 #include "journald-client.h"
15 #include "journald-console.h"
16 #include "journald-kmsg.h"
17 #include "journald-server.h"
18 #include "journald-syslog.h"
19 #include "journald-wall.h"
20 #include "process-util.h"
21 #include "selinux-util.h"
22 #include "socket-util.h"
23 #include "stdio-util.h"
24 #include "string-util.h"
25 #include "syslog-util.h"
26
27 /* Warn once every 30s if we missed syslog message */
28 #define WARN_FORWARD_SYSLOG_MISSED_USEC (30 * USEC_PER_SEC)
29
30 static void forward_syslog_iovec(
31 Server *s,
32 const struct iovec *iovec,
33 unsigned n_iovec,
34 const struct ucred *ucred,
35 const struct timeval *tv) {
36
37 union sockaddr_union sa;
38
39 struct msghdr msghdr = {
40 .msg_iov = (struct iovec *) iovec,
41 .msg_iovlen = n_iovec,
42 };
43 struct cmsghdr *cmsg;
44 CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct ucred))) control;
45 const char *j;
46 int r;
47
48 assert(s);
49 assert(iovec);
50 assert(n_iovec > 0);
51
52 j = strjoina(s->runtime_directory, "/syslog");
53 r = sockaddr_un_set_path(&sa.un, j);
54 if (r < 0) {
55 log_debug_errno(r, "Forwarding socket path %s too long for AF_UNIX, not forwarding: %m", j);
56 return;
57 }
58
59 msghdr.msg_name = &sa.sa;
60 msghdr.msg_namelen = r;
61
62 if (ucred) {
63 zero(control);
64 msghdr.msg_control = &control;
65 msghdr.msg_controllen = sizeof(control);
66
67 cmsg = CMSG_FIRSTHDR(&msghdr);
68 cmsg->cmsg_level = SOL_SOCKET;
69 cmsg->cmsg_type = SCM_CREDENTIALS;
70 cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
71 memcpy(CMSG_DATA(cmsg), ucred, sizeof(struct ucred));
72 msghdr.msg_controllen = cmsg->cmsg_len;
73 }
74
75 /* Forward the syslog message we received via /dev/log to /run/systemd/syslog. Unfortunately we
76 * currently can't set the SO_TIMESTAMP auxiliary data, and hence we don't. */
77
78 if (sendmsg(s->syslog_fd, &msghdr, MSG_NOSIGNAL) >= 0)
79 return;
80
81 /* The socket is full? I guess the syslog implementation is
82 * too slow, and we shouldn't wait for that... */
83 if (errno == EAGAIN) {
84 s->n_forward_syslog_missed++;
85 return;
86 }
87
88 if (ucred && IN_SET(errno, ESRCH, EPERM)) {
89 struct ucred u;
90
91 /* Hmm, presumably the sender process vanished
92 * by now, or we don't have CAP_SYS_AMDIN, so
93 * let's fix it as good as we can, and retry */
94
95 u = *ucred;
96 u.pid = getpid_cached();
97 memcpy(CMSG_DATA(cmsg), &u, sizeof(struct ucred));
98
99 if (sendmsg(s->syslog_fd, &msghdr, MSG_NOSIGNAL) >= 0)
100 return;
101
102 if (errno == EAGAIN) {
103 s->n_forward_syslog_missed++;
104 return;
105 }
106 }
107
108 if (errno != ENOENT)
109 log_debug_errno(errno, "Failed to forward syslog message: %m");
110 }
111
112 static void forward_syslog_raw(Server *s, int priority, const char *buffer, size_t buffer_len, const struct ucred *ucred, const struct timeval *tv) {
113 struct iovec iovec;
114
115 assert(s);
116 assert(buffer);
117
118 if (LOG_PRI(priority) > s->max_level_syslog)
119 return;
120
121 iovec = IOVEC_MAKE((char *) buffer, buffer_len);
122 forward_syslog_iovec(s, &iovec, 1, ucred, tv);
123 }
124
125 void server_forward_syslog(Server *s, int priority, const char *identifier, const char *message, const struct ucred *ucred, const struct timeval *tv) {
126 struct iovec iovec[5];
127 char header_priority[DECIMAL_STR_MAX(priority) + 3], header_time[64],
128 header_pid[STRLEN("[]: ") + DECIMAL_STR_MAX(pid_t) + 1];
129 int n = 0;
130 time_t t;
131 struct tm tm;
132 _cleanup_free_ char *ident_buf = NULL;
133
134 assert(s);
135 assert(priority >= 0);
136 assert(priority <= 999);
137 assert(message);
138
139 if (LOG_PRI(priority) > s->max_level_syslog)
140 return;
141
142 /* First: priority field */
143 xsprintf(header_priority, "<%i>", priority);
144 iovec[n++] = IOVEC_MAKE_STRING(header_priority);
145
146 /* Second: timestamp */
147 t = tv ? tv->tv_sec : ((time_t) (now(CLOCK_REALTIME) / USEC_PER_SEC));
148 if (!localtime_r(&t, &tm))
149 return;
150 if (strftime(header_time, sizeof(header_time), "%h %e %T ", &tm) <= 0)
151 return;
152 iovec[n++] = IOVEC_MAKE_STRING(header_time);
153
154 /* Third: identifier and PID */
155 if (ucred) {
156 if (!identifier) {
157 (void) get_process_comm(ucred->pid, &ident_buf);
158 identifier = ident_buf;
159 }
160
161 xsprintf(header_pid, "["PID_FMT"]: ", ucred->pid);
162
163 if (identifier)
164 iovec[n++] = IOVEC_MAKE_STRING(identifier);
165
166 iovec[n++] = IOVEC_MAKE_STRING(header_pid);
167 } else if (identifier) {
168 iovec[n++] = IOVEC_MAKE_STRING(identifier);
169 iovec[n++] = IOVEC_MAKE_STRING(": ");
170 }
171
172 /* Fourth: message */
173 iovec[n++] = IOVEC_MAKE_STRING(message);
174
175 forward_syslog_iovec(s, iovec, n, ucred, tv);
176 }
177
178 int syslog_fixup_facility(int priority) {
179
180 if ((priority & LOG_FACMASK) == 0)
181 return (priority & LOG_PRIMASK) | LOG_USER;
182
183 return priority;
184 }
185
186 size_t syslog_parse_identifier(const char **buf, char **identifier, char **pid) {
187 const char *p;
188 char *t;
189 size_t l, e;
190
191 assert(buf);
192 assert(identifier);
193 assert(pid);
194
195 p = *buf;
196
197 p += strspn(p, WHITESPACE);
198 l = strcspn(p, WHITESPACE);
199
200 if (l <= 0 ||
201 p[l-1] != ':')
202 return 0;
203
204 e = l;
205 l--;
206
207 if (l > 0 && p[l-1] == ']') {
208 size_t k = l-1;
209
210 for (;;) {
211
212 if (p[k] == '[') {
213 t = strndup(p+k+1, l-k-2);
214 if (t)
215 *pid = t;
216
217 l = k;
218 break;
219 }
220
221 if (k == 0)
222 break;
223
224 k--;
225 }
226 }
227
228 t = strndup(p, l);
229 if (t)
230 *identifier = t;
231
232 /* Single space is used as separator */
233 if (p[e] != '\0' && strchr(WHITESPACE, p[e]))
234 e++;
235
236 l = (p - *buf) + e;
237 *buf = p + e;
238 return l;
239 }
240
241 static int syslog_skip_timestamp(const char **buf) {
242 enum {
243 LETTER,
244 SPACE,
245 NUMBER,
246 SPACE_OR_NUMBER,
247 COLON
248 } sequence[] = {
249 LETTER, LETTER, LETTER,
250 SPACE,
251 SPACE_OR_NUMBER, NUMBER,
252 SPACE,
253 SPACE_OR_NUMBER, NUMBER,
254 COLON,
255 SPACE_OR_NUMBER, NUMBER,
256 COLON,
257 SPACE_OR_NUMBER, NUMBER,
258 SPACE
259 };
260
261 const char *p, *t;
262 unsigned i;
263
264 assert(buf);
265 assert(*buf);
266
267 for (i = 0, p = *buf; i < ELEMENTSOF(sequence); i++, p++) {
268 if (!*p)
269 return 0;
270
271 switch (sequence[i]) {
272
273 case SPACE:
274 if (*p != ' ')
275 return 0;
276 break;
277
278 case SPACE_OR_NUMBER:
279 if (*p == ' ')
280 break;
281
282 _fallthrough_;
283 case NUMBER:
284 if (!ascii_isdigit(*p))
285 return 0;
286
287 break;
288
289 case LETTER:
290 if (!ascii_isalpha(*p))
291 return 0;
292
293 break;
294
295 case COLON:
296 if (*p != ':')
297 return 0;
298 break;
299
300 }
301 }
302
303 t = *buf;
304 *buf = p;
305 return p - t;
306 }
307
308 void server_process_syslog_message(
309 Server *s,
310 const char *buf,
311 size_t raw_len,
312 const struct ucred *ucred,
313 const struct timeval *tv,
314 const char *label,
315 size_t label_len) {
316
317 char *t, syslog_priority[sizeof("PRIORITY=") + DECIMAL_STR_MAX(int)],
318 syslog_facility[sizeof("SYSLOG_FACILITY=") + DECIMAL_STR_MAX(int)];
319 const char *msg, *syslog_ts, *a;
320 _cleanup_free_ char *identifier = NULL, *pid = NULL,
321 *dummy = NULL, *msg_msg = NULL, *msg_raw = NULL;
322 int priority = LOG_USER | LOG_INFO, r;
323 ClientContext *context = NULL;
324 struct iovec *iovec;
325 size_t n = 0, m, i, leading_ws, syslog_ts_len;
326 bool store_raw;
327
328 assert(s);
329 assert(buf);
330 /* The message cannot be empty. */
331 assert(raw_len > 0);
332 /* The buffer NUL-terminated and can be used a string. raw_len is the length
333 * without the terminating NUL byte, the buffer is actually one bigger. */
334 assert(buf[raw_len] == '\0');
335
336 if (ucred && pid_is_valid(ucred->pid)) {
337 r = client_context_get(s, ucred->pid, ucred, label, label_len, NULL, &context);
338 if (r < 0)
339 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
340 "Failed to retrieve credentials for PID " PID_FMT ", ignoring: %m",
341 ucred->pid);
342 }
343
344 /* We are creating a copy of the message because we want to forward the original message
345 verbatim to the legacy syslog implementation */
346 for (i = raw_len; i > 0; i--)
347 if (!strchr(WHITESPACE, buf[i-1]))
348 break;
349
350 leading_ws = strspn(buf, WHITESPACE);
351
352 if (i == 0)
353 /* The message contains only whitespaces */
354 msg = buf + raw_len;
355 else if (i == raw_len)
356 /* Nice! No need to strip anything on the end, let's optimize this a bit */
357 msg = buf + leading_ws;
358 else {
359 msg = dummy = new(char, i - leading_ws + 1);
360 if (!dummy) {
361 log_oom();
362 return;
363 }
364
365 memcpy(dummy, buf + leading_ws, i - leading_ws);
366 dummy[i - leading_ws] = 0;
367 }
368
369 /* We will add the SYSLOG_RAW= field when we stripped anything
370 * _or_ if the input message contained NUL bytes. */
371 store_raw = msg != buf || strlen(msg) != raw_len;
372
373 syslog_parse_priority(&msg, &priority, true);
374
375 if (!client_context_test_priority(context, priority))
376 return;
377
378 if (client_context_check_keep_log(context, msg, strlen(msg)) <= 0)
379 return;
380
381 syslog_ts = msg;
382 syslog_ts_len = syslog_skip_timestamp(&msg);
383 if (syslog_ts_len == 0)
384 /* We failed to parse the full timestamp, store the raw message too */
385 store_raw = true;
386
387 syslog_parse_identifier(&msg, &identifier, &pid);
388
389 if (s->forward_to_syslog)
390 forward_syslog_raw(s, priority, buf, raw_len, ucred, tv);
391
392 if (s->forward_to_kmsg)
393 server_forward_kmsg(s, priority, identifier, msg, ucred);
394
395 if (s->forward_to_console)
396 server_forward_console(s, priority, identifier, msg, ucred);
397
398 if (s->forward_to_wall)
399 server_forward_wall(s, priority, identifier, msg, ucred);
400
401 m = N_IOVEC_META_FIELDS + 8 + client_context_extra_fields_n_iovec(context);
402 iovec = newa(struct iovec, m);
403
404 iovec[n++] = IOVEC_MAKE_STRING("_TRANSPORT=syslog");
405
406 xsprintf(syslog_priority, "PRIORITY=%i", priority & LOG_PRIMASK);
407 iovec[n++] = IOVEC_MAKE_STRING(syslog_priority);
408
409 if (priority & LOG_FACMASK) {
410 xsprintf(syslog_facility, "SYSLOG_FACILITY=%i", LOG_FAC(priority));
411 iovec[n++] = IOVEC_MAKE_STRING(syslog_facility);
412 }
413
414 if (identifier) {
415 a = strjoina("SYSLOG_IDENTIFIER=", identifier);
416 iovec[n++] = IOVEC_MAKE_STRING(a);
417 }
418
419 if (pid) {
420 a = strjoina("SYSLOG_PID=", pid);
421 iovec[n++] = IOVEC_MAKE_STRING(a);
422 }
423
424 if (syslog_ts_len > 0) {
425 const size_t hlen = STRLEN("SYSLOG_TIMESTAMP=");
426
427 t = newa(char, hlen + syslog_ts_len);
428 memcpy(t, "SYSLOG_TIMESTAMP=", hlen);
429 memcpy(t + hlen, syslog_ts, syslog_ts_len);
430
431 iovec[n++] = IOVEC_MAKE(t, hlen + syslog_ts_len);
432 }
433
434 msg_msg = strjoin("MESSAGE=", msg);
435 if (!msg_msg) {
436 log_oom();
437 return;
438 }
439 iovec[n++] = IOVEC_MAKE_STRING(msg_msg);
440
441 if (store_raw) {
442 const size_t hlen = STRLEN("SYSLOG_RAW=");
443
444 msg_raw = new(char, hlen + raw_len);
445 if (!msg_raw) {
446 log_oom();
447 return;
448 }
449
450 memcpy(msg_raw, "SYSLOG_RAW=", hlen);
451 memcpy(msg_raw + hlen, buf, raw_len);
452
453 iovec[n++] = IOVEC_MAKE(msg_raw, hlen + raw_len);
454 }
455
456 server_dispatch_message(s, iovec, n, m, context, tv, priority, 0);
457 }
458
459 int server_open_syslog_socket(Server *s, const char *syslog_socket) {
460 int r;
461
462 assert(s);
463 assert(syslog_socket);
464
465 if (s->syslog_fd < 0) {
466 union sockaddr_union sa;
467 socklen_t sa_len;
468
469 r = sockaddr_un_set_path(&sa.un, syslog_socket);
470 if (r < 0)
471 return log_error_errno(r, "Unable to use namespace path %s for AF_UNIX socket: %m", syslog_socket);
472 sa_len = r;
473
474 s->syslog_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
475 if (s->syslog_fd < 0)
476 return log_error_errno(errno, "socket() failed: %m");
477
478 (void) sockaddr_un_unlink(&sa.un);
479
480 r = bind(s->syslog_fd, &sa.sa, sa_len);
481 if (r < 0)
482 return log_error_errno(errno, "bind(%s) failed: %m", sa.un.sun_path);
483
484 (void) chmod(sa.un.sun_path, 0666);
485 } else
486 (void) fd_nonblock(s->syslog_fd, true);
487
488 r = setsockopt_int(s->syslog_fd, SOL_SOCKET, SO_PASSCRED, true);
489 if (r < 0)
490 return log_error_errno(r, "SO_PASSCRED failed: %m");
491
492 if (mac_selinux_use()) {
493 r = setsockopt_int(s->syslog_fd, SOL_SOCKET, SO_PASSSEC, true);
494 if (r < 0)
495 log_warning_errno(r, "SO_PASSSEC failed: %m");
496 }
497
498 r = setsockopt_int(s->syslog_fd, SOL_SOCKET, SO_TIMESTAMP, true);
499 if (r < 0)
500 return log_error_errno(r, "SO_TIMESTAMP failed: %m");
501
502 r = sd_event_add_io(s->event, &s->syslog_event_source, s->syslog_fd, EPOLLIN, server_process_datagram, s);
503 if (r < 0)
504 return log_error_errno(r, "Failed to add syslog server fd to event loop: %m");
505
506 r = sd_event_source_set_priority(s->syslog_event_source, SD_EVENT_PRIORITY_NORMAL+5);
507 if (r < 0)
508 return log_error_errno(r, "Failed to adjust syslog event source priority: %m");
509
510 return 0;
511 }
512
513 void server_maybe_warn_forward_syslog_missed(Server *s) {
514 usec_t n;
515
516 assert(s);
517
518 if (s->n_forward_syslog_missed <= 0)
519 return;
520
521 n = now(CLOCK_MONOTONIC);
522 if (s->last_warn_forward_syslog_missed + WARN_FORWARD_SYSLOG_MISSED_USEC > n)
523 return;
524
525 server_driver_message(s, 0,
526 "MESSAGE_ID=" SD_MESSAGE_FORWARD_SYSLOG_MISSED_STR,
527 LOG_MESSAGE("Forwarding to syslog missed %u messages.",
528 s->n_forward_syslog_missed),
529 NULL);
530
531 s->n_forward_syslog_missed = 0;
532 s->last_warn_forward_syslog_missed = n;
533 }
Unnamed repository; edit this file 'description' to name the repository.