1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
7 #include "sd-messages.h"
9 #include "alloc-util.h"
11 #include "format-util.h"
13 #include "journal-internal.h"
14 #include "journald-client.h"
15 #include "journald-console.h"
16 #include "journald-kmsg.h"
17 #include "journald-server.h"
18 #include "journald-syslog.h"
19 #include "journald-wall.h"
20 #include "process-util.h"
21 #include "selinux-util.h"
22 #include "socket-util.h"
23 #include "stdio-util.h"
24 #include "string-util.h"
25 #include "syslog-util.h"
27 /* Warn once every 30s if we missed syslog message */
28 #define WARN_FORWARD_SYSLOG_MISSED_USEC (30 * USEC_PER_SEC)
30 static void forward_syslog_iovec(
32 const struct iovec
*iovec
,
34 const struct ucred
*ucred
,
35 const struct timeval
*tv
) {
37 union sockaddr_union sa
;
39 struct msghdr msghdr
= {
40 .msg_iov
= (struct iovec
*) iovec
,
41 .msg_iovlen
= n_iovec
,
44 CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct ucred
))) control
;
52 j
= strjoina(s
->runtime_directory
, "/syslog");
53 r
= sockaddr_un_set_path(&sa
.un
, j
);
55 log_debug_errno(r
, "Forwarding socket path %s too long for AF_UNIX, not forwarding: %m", j
);
59 msghdr
.msg_name
= &sa
.sa
;
60 msghdr
.msg_namelen
= r
;
64 msghdr
.msg_control
= &control
;
65 msghdr
.msg_controllen
= sizeof(control
);
67 cmsg
= CMSG_FIRSTHDR(&msghdr
);
68 cmsg
->cmsg_level
= SOL_SOCKET
;
69 cmsg
->cmsg_type
= SCM_CREDENTIALS
;
70 cmsg
->cmsg_len
= CMSG_LEN(sizeof(struct ucred
));
71 memcpy(CMSG_DATA(cmsg
), ucred
, sizeof(struct ucred
));
72 msghdr
.msg_controllen
= cmsg
->cmsg_len
;
75 /* Forward the syslog message we received via /dev/log to /run/systemd/syslog. Unfortunately we
76 * currently can't set the SO_TIMESTAMP auxiliary data, and hence we don't. */
78 if (sendmsg(s
->syslog_fd
, &msghdr
, MSG_NOSIGNAL
) >= 0)
81 /* The socket is full? I guess the syslog implementation is
82 * too slow, and we shouldn't wait for that... */
83 if (errno
== EAGAIN
) {
84 s
->n_forward_syslog_missed
++;
88 if (ucred
&& IN_SET(errno
, ESRCH
, EPERM
)) {
91 /* Hmm, presumably the sender process vanished
92 * by now, or we don't have CAP_SYS_AMDIN, so
93 * let's fix it as good as we can, and retry */
96 u
.pid
= getpid_cached();
97 memcpy(CMSG_DATA(cmsg
), &u
, sizeof(struct ucred
));
99 if (sendmsg(s
->syslog_fd
, &msghdr
, MSG_NOSIGNAL
) >= 0)
102 if (errno
== EAGAIN
) {
103 s
->n_forward_syslog_missed
++;
109 log_debug_errno(errno
, "Failed to forward syslog message: %m");
112 static void forward_syslog_raw(Server
*s
, int priority
, const char *buffer
, size_t buffer_len
, const struct ucred
*ucred
, const struct timeval
*tv
) {
118 if (LOG_PRI(priority
) > s
->max_level_syslog
)
121 iovec
= IOVEC_MAKE((char *) buffer
, buffer_len
);
122 forward_syslog_iovec(s
, &iovec
, 1, ucred
, tv
);
125 void server_forward_syslog(Server
*s
, int priority
, const char *identifier
, const char *message
, const struct ucred
*ucred
, const struct timeval
*tv
) {
126 struct iovec iovec
[5];
127 char header_priority
[DECIMAL_STR_MAX(priority
) + 3], header_time
[64],
128 header_pid
[STRLEN("[]: ") + DECIMAL_STR_MAX(pid_t
) + 1];
132 _cleanup_free_
char *ident_buf
= NULL
;
135 assert(priority
>= 0);
136 assert(priority
<= 999);
139 if (LOG_PRI(priority
) > s
->max_level_syslog
)
142 /* First: priority field */
143 xsprintf(header_priority
, "<%i>", priority
);
144 iovec
[n
++] = IOVEC_MAKE_STRING(header_priority
);
146 /* Second: timestamp */
147 t
= tv
? tv
->tv_sec
: ((time_t) (now(CLOCK_REALTIME
) / USEC_PER_SEC
));
148 if (!localtime_r(&t
, &tm
))
150 if (strftime(header_time
, sizeof(header_time
), "%h %e %T ", &tm
) <= 0)
152 iovec
[n
++] = IOVEC_MAKE_STRING(header_time
);
154 /* Third: identifier and PID */
157 (void) get_process_comm(ucred
->pid
, &ident_buf
);
158 identifier
= ident_buf
;
161 xsprintf(header_pid
, "["PID_FMT
"]: ", ucred
->pid
);
164 iovec
[n
++] = IOVEC_MAKE_STRING(identifier
);
166 iovec
[n
++] = IOVEC_MAKE_STRING(header_pid
);
167 } else if (identifier
) {
168 iovec
[n
++] = IOVEC_MAKE_STRING(identifier
);
169 iovec
[n
++] = IOVEC_MAKE_STRING(": ");
172 /* Fourth: message */
173 iovec
[n
++] = IOVEC_MAKE_STRING(message
);
175 forward_syslog_iovec(s
, iovec
, n
, ucred
, tv
);
178 int syslog_fixup_facility(int priority
) {
180 if ((priority
& LOG_FACMASK
) == 0)
181 return (priority
& LOG_PRIMASK
) | LOG_USER
;
186 size_t syslog_parse_identifier(const char **buf
, char **identifier
, char **pid
) {
197 p
+= strspn(p
, WHITESPACE
);
198 l
= strcspn(p
, WHITESPACE
);
207 if (l
> 0 && p
[l
-1] == ']') {
213 t
= strndup(p
+k
+1, l
-k
-2);
232 /* Single space is used as separator */
233 if (p
[e
] != '\0' && strchr(WHITESPACE
, p
[e
]))
241 static int syslog_skip_timestamp(const char **buf
) {
249 LETTER
, LETTER
, LETTER
,
251 SPACE_OR_NUMBER
, NUMBER
,
253 SPACE_OR_NUMBER
, NUMBER
,
255 SPACE_OR_NUMBER
, NUMBER
,
257 SPACE_OR_NUMBER
, NUMBER
,
267 for (i
= 0, p
= *buf
; i
< ELEMENTSOF(sequence
); i
++, p
++) {
271 switch (sequence
[i
]) {
278 case SPACE_OR_NUMBER
:
284 if (!ascii_isdigit(*p
))
290 if (!ascii_isalpha(*p
))
308 void server_process_syslog_message(
312 const struct ucred
*ucred
,
313 const struct timeval
*tv
,
317 char *t
, syslog_priority
[sizeof("PRIORITY=") + DECIMAL_STR_MAX(int)],
318 syslog_facility
[sizeof("SYSLOG_FACILITY=") + DECIMAL_STR_MAX(int)];
319 const char *msg
, *syslog_ts
, *a
;
320 _cleanup_free_
char *identifier
= NULL
, *pid
= NULL
,
321 *dummy
= NULL
, *msg_msg
= NULL
, *msg_raw
= NULL
;
322 int priority
= LOG_USER
| LOG_INFO
, r
;
323 ClientContext
*context
= NULL
;
325 size_t n
= 0, m
, i
, leading_ws
, syslog_ts_len
;
330 /* The message cannot be empty. */
332 /* The buffer NUL-terminated and can be used a string. raw_len is the length
333 * without the terminating NUL byte, the buffer is actually one bigger. */
334 assert(buf
[raw_len
] == '\0');
336 if (ucred
&& pid_is_valid(ucred
->pid
)) {
337 r
= client_context_get(s
, ucred
->pid
, ucred
, label
, label_len
, NULL
, &context
);
339 log_ratelimit_warning_errno(r
, JOURNAL_LOG_RATELIMIT
,
340 "Failed to retrieve credentials for PID " PID_FMT
", ignoring: %m",
344 /* We are creating a copy of the message because we want to forward the original message
345 verbatim to the legacy syslog implementation */
346 for (i
= raw_len
; i
> 0; i
--)
347 if (!strchr(WHITESPACE
, buf
[i
-1]))
350 leading_ws
= strspn(buf
, WHITESPACE
);
353 /* The message contains only whitespaces */
355 else if (i
== raw_len
)
356 /* Nice! No need to strip anything on the end, let's optimize this a bit */
357 msg
= buf
+ leading_ws
;
359 msg
= dummy
= new(char, i
- leading_ws
+ 1);
365 memcpy(dummy
, buf
+ leading_ws
, i
- leading_ws
);
366 dummy
[i
- leading_ws
] = 0;
369 /* We will add the SYSLOG_RAW= field when we stripped anything
370 * _or_ if the input message contained NUL bytes. */
371 store_raw
= msg
!= buf
|| strlen(msg
) != raw_len
;
373 syslog_parse_priority(&msg
, &priority
, true);
375 if (!client_context_test_priority(context
, priority
))
378 if (client_context_check_keep_log(context
, msg
, strlen(msg
)) <= 0)
382 syslog_ts_len
= syslog_skip_timestamp(&msg
);
383 if (syslog_ts_len
== 0)
384 /* We failed to parse the full timestamp, store the raw message too */
387 syslog_parse_identifier(&msg
, &identifier
, &pid
);
389 if (s
->forward_to_syslog
)
390 forward_syslog_raw(s
, priority
, buf
, raw_len
, ucred
, tv
);
392 if (s
->forward_to_kmsg
)
393 server_forward_kmsg(s
, priority
, identifier
, msg
, ucred
);
395 if (s
->forward_to_console
)
396 server_forward_console(s
, priority
, identifier
, msg
, ucred
);
398 if (s
->forward_to_wall
)
399 server_forward_wall(s
, priority
, identifier
, msg
, ucred
);
401 m
= N_IOVEC_META_FIELDS
+ 8 + client_context_extra_fields_n_iovec(context
);
402 iovec
= newa(struct iovec
, m
);
404 iovec
[n
++] = IOVEC_MAKE_STRING("_TRANSPORT=syslog");
406 xsprintf(syslog_priority
, "PRIORITY=%i", priority
& LOG_PRIMASK
);
407 iovec
[n
++] = IOVEC_MAKE_STRING(syslog_priority
);
409 if (priority
& LOG_FACMASK
) {
410 xsprintf(syslog_facility
, "SYSLOG_FACILITY=%i", LOG_FAC(priority
));
411 iovec
[n
++] = IOVEC_MAKE_STRING(syslog_facility
);
415 a
= strjoina("SYSLOG_IDENTIFIER=", identifier
);
416 iovec
[n
++] = IOVEC_MAKE_STRING(a
);
420 a
= strjoina("SYSLOG_PID=", pid
);
421 iovec
[n
++] = IOVEC_MAKE_STRING(a
);
424 if (syslog_ts_len
> 0) {
425 const size_t hlen
= STRLEN("SYSLOG_TIMESTAMP=");
427 t
= newa(char, hlen
+ syslog_ts_len
);
428 memcpy(t
, "SYSLOG_TIMESTAMP=", hlen
);
429 memcpy(t
+ hlen
, syslog_ts
, syslog_ts_len
);
431 iovec
[n
++] = IOVEC_MAKE(t
, hlen
+ syslog_ts_len
);
434 msg_msg
= strjoin("MESSAGE=", msg
);
439 iovec
[n
++] = IOVEC_MAKE_STRING(msg_msg
);
442 const size_t hlen
= STRLEN("SYSLOG_RAW=");
444 msg_raw
= new(char, hlen
+ raw_len
);
450 memcpy(msg_raw
, "SYSLOG_RAW=", hlen
);
451 memcpy(msg_raw
+ hlen
, buf
, raw_len
);
453 iovec
[n
++] = IOVEC_MAKE(msg_raw
, hlen
+ raw_len
);
456 server_dispatch_message(s
, iovec
, n
, m
, context
, tv
, priority
, 0);
459 int server_open_syslog_socket(Server
*s
, const char *syslog_socket
) {
463 assert(syslog_socket
);
465 if (s
->syslog_fd
< 0) {
466 union sockaddr_union sa
;
469 r
= sockaddr_un_set_path(&sa
.un
, syslog_socket
);
471 return log_error_errno(r
, "Unable to use namespace path %s for AF_UNIX socket: %m", syslog_socket
);
474 s
->syslog_fd
= socket(AF_UNIX
, SOCK_DGRAM
|SOCK_CLOEXEC
|SOCK_NONBLOCK
, 0);
475 if (s
->syslog_fd
< 0)
476 return log_error_errno(errno
, "socket() failed: %m");
478 (void) sockaddr_un_unlink(&sa
.un
);
480 r
= bind(s
->syslog_fd
, &sa
.sa
, sa_len
);
482 return log_error_errno(errno
, "bind(%s) failed: %m", sa
.un
.sun_path
);
484 (void) chmod(sa
.un
.sun_path
, 0666);
486 (void) fd_nonblock(s
->syslog_fd
, true);
488 r
= setsockopt_int(s
->syslog_fd
, SOL_SOCKET
, SO_PASSCRED
, true);
490 return log_error_errno(r
, "SO_PASSCRED failed: %m");
492 if (mac_selinux_use()) {
493 r
= setsockopt_int(s
->syslog_fd
, SOL_SOCKET
, SO_PASSSEC
, true);
495 log_warning_errno(r
, "SO_PASSSEC failed: %m");
498 r
= setsockopt_int(s
->syslog_fd
, SOL_SOCKET
, SO_TIMESTAMP
, true);
500 return log_error_errno(r
, "SO_TIMESTAMP failed: %m");
502 r
= sd_event_add_io(s
->event
, &s
->syslog_event_source
, s
->syslog_fd
, EPOLLIN
, server_process_datagram
, s
);
504 return log_error_errno(r
, "Failed to add syslog server fd to event loop: %m");
506 r
= sd_event_source_set_priority(s
->syslog_event_source
, SD_EVENT_PRIORITY_NORMAL
+5);
508 return log_error_errno(r
, "Failed to adjust syslog event source priority: %m");
513 void server_maybe_warn_forward_syslog_missed(Server
*s
) {
518 if (s
->n_forward_syslog_missed
<= 0)
521 n
= now(CLOCK_MONOTONIC
);
522 if (s
->last_warn_forward_syslog_missed
+ WARN_FORWARD_SYSLOG_MISSED_USEC
> n
)
525 server_driver_message(s
, 0,
526 "MESSAGE_ID=" SD_MESSAGE_FORWARD_SYSLOG_MISSED_STR
,
527 LOG_MESSAGE("Forwarding to syslog missed %u messages.",
528 s
->n_forward_syslog_missed
),
531 s
->n_forward_syslog_missed
= 0;
532 s
->last_warn_forward_syslog_missed
= n
;