]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/journal-remote/journal-remote.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #57 from pwithnall/wip/pwithnall/udev-virtualbox-rules
[thirdparty/systemd.git] / src / journal-remote / journal-remote.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2012 Zbigniew Jędrzejewski-Szmek
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <errno.h>
23 #include <fcntl.h>
24 #include <stdio.h>
25 #include <stdlib.h>
26 #include <string.h>
27 #include <sys/prctl.h>
28 #include <sys/socket.h>
29 #include <unistd.h>
30 #include <getopt.h>
31
32 #include "sd-daemon.h"
33 #include "signal-util.h"
34 #include "journal-file.h"
35 #include "journald-native.h"
36 #include "socket-util.h"
37 #include "build.h"
38 #include "macro.h"
39 #include "strv.h"
40 #include "fileio.h"
41 #include "conf-parser.h"
42
43 #ifdef HAVE_GNUTLS
44 #include <gnutls/gnutls.h>
45 #endif
46
47 #include "journal-remote.h"
48 #include "journal-remote-write.h"
49
50 #define REMOTE_JOURNAL_PATH "/var/log/journal/remote"
51
52 #define PRIV_KEY_FILE CERTIFICATE_ROOT "/private/journal-remote.pem"
53 #define CERT_FILE CERTIFICATE_ROOT "/certs/journal-remote.pem"
54 #define TRUST_FILE CERTIFICATE_ROOT "/ca/trusted.pem"
55
56 static char* arg_url = NULL;
57 static char* arg_getter = NULL;
58 static char* arg_listen_raw = NULL;
59 static char* arg_listen_http = NULL;
60 static char* arg_listen_https = NULL;
61 static char** arg_files = NULL;
62 static int arg_compress = true;
63 static int arg_seal = false;
64 static int http_socket = -1, https_socket = -1;
65 static char** arg_gnutls_log = NULL;
66
67 static JournalWriteSplitMode arg_split_mode = JOURNAL_WRITE_SPLIT_HOST;
68 static char* arg_output = NULL;
69
70 static char *arg_key = NULL;
71 static char *arg_cert = NULL;
72 static char *arg_trust = NULL;
73 static bool arg_trust_all = false;
74
75 /**********************************************************************
76 **********************************************************************
77 **********************************************************************/
78
79 static int spawn_child(const char* child, char** argv) {
80 int fd[2];
81 pid_t parent_pid, child_pid;
82 int r;
83
84 if (pipe(fd) < 0)
85 return log_error_errno(errno, "Failed to create pager pipe: %m");
86
87 parent_pid = getpid();
88
89 child_pid = fork();
90 if (child_pid < 0) {
91 r = -errno;
92 log_error_errno(errno, "Failed to fork: %m");
93 safe_close_pair(fd);
94 return r;
95 }
96
97 /* In the child */
98 if (child_pid == 0) {
99 r = dup2(fd[1], STDOUT_FILENO);
100 if (r < 0) {
101 log_error_errno(errno, "Failed to dup pipe to stdout: %m");
102 _exit(EXIT_FAILURE);
103 }
104
105 safe_close_pair(fd);
106
107 /* Make sure the child goes away when the parent dies */
108 if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0)
109 _exit(EXIT_FAILURE);
110
111 /* Check whether our parent died before we were able
112 * to set the death signal */
113 if (getppid() != parent_pid)
114 _exit(EXIT_SUCCESS);
115
116 execvp(child, argv);
117 log_error_errno(errno, "Failed to exec child %s: %m", child);
118 _exit(EXIT_FAILURE);
119 }
120
121 r = close(fd[1]);
122 if (r < 0)
123 log_warning_errno(errno, "Failed to close write end of pipe: %m");
124
125 return fd[0];
126 }
127
128 static int spawn_curl(const char* url) {
129 char **argv = STRV_MAKE("curl",
130 "-HAccept: application/vnd.fdo.journal",
131 "--silent",
132 "--show-error",
133 url);
134 int r;
135
136 r = spawn_child("curl", argv);
137 if (r < 0)
138 log_error_errno(errno, "Failed to spawn curl: %m");
139 return r;
140 }
141
142 static int spawn_getter(const char *getter, const char *url) {
143 int r;
144 _cleanup_strv_free_ char **words = NULL;
145
146 assert(getter);
147 r = strv_split_quoted(&words, getter, 0);
148 if (r < 0)
149 return log_error_errno(r, "Failed to split getter option: %m");
150
151 r = strv_extend(&words, url);
152 if (r < 0)
153 return log_error_errno(r, "Failed to create command line: %m");
154
155 r = spawn_child(words[0], words);
156 if (r < 0)
157 log_error_errno(errno, "Failed to spawn getter %s: %m", getter);
158
159 return r;
160 }
161
162 #define filename_escape(s) xescape((s), "/ ")
163
164 static int open_output(Writer *w, const char* host) {
165 _cleanup_free_ char *_output = NULL;
166 const char *output;
167 int r;
168
169 switch (arg_split_mode) {
170 case JOURNAL_WRITE_SPLIT_NONE:
171 output = arg_output ?: REMOTE_JOURNAL_PATH "/remote.journal";
172 break;
173
174 case JOURNAL_WRITE_SPLIT_HOST: {
175 _cleanup_free_ char *name;
176
177 assert(host);
178
179 name = filename_escape(host);
180 if (!name)
181 return log_oom();
182
183 r = asprintf(&_output, "%s/remote-%s.journal",
184 arg_output ?: REMOTE_JOURNAL_PATH,
185 name);
186 if (r < 0)
187 return log_oom();
188
189 output = _output;
190 break;
191 }
192
193 default:
194 assert_not_reached("what?");
195 }
196
197 r = journal_file_open_reliably(output,
198 O_RDWR|O_CREAT, 0640,
199 arg_compress, arg_seal,
200 &w->metrics,
201 w->mmap,
202 NULL, &w->journal);
203 if (r < 0)
204 log_error_errno(r, "Failed to open output journal %s: %m",
205 output);
206 else
207 log_debug("Opened output file %s", w->journal->path);
208 return r;
209 }
210
211 /**********************************************************************
212 **********************************************************************
213 **********************************************************************/
214
215 static int init_writer_hashmap(RemoteServer *s) {
216 static const struct hash_ops *hash_ops[] = {
217 [JOURNAL_WRITE_SPLIT_NONE] = NULL,
218 [JOURNAL_WRITE_SPLIT_HOST] = &string_hash_ops,
219 };
220
221 assert(arg_split_mode >= 0 && arg_split_mode < (int) ELEMENTSOF(hash_ops));
222
223 s->writers = hashmap_new(hash_ops[arg_split_mode]);
224 if (!s->writers)
225 return log_oom();
226
227 return 0;
228 }
229
230 static int get_writer(RemoteServer *s, const char *host,
231 Writer **writer) {
232 const void *key;
233 _cleanup_writer_unref_ Writer *w = NULL;
234 int r;
235
236 switch(arg_split_mode) {
237 case JOURNAL_WRITE_SPLIT_NONE:
238 key = "one and only";
239 break;
240
241 case JOURNAL_WRITE_SPLIT_HOST:
242 assert(host);
243 key = host;
244 break;
245
246 default:
247 assert_not_reached("what split mode?");
248 }
249
250 w = hashmap_get(s->writers, key);
251 if (w)
252 writer_ref(w);
253 else {
254 w = writer_new(s);
255 if (!w)
256 return log_oom();
257
258 if (arg_split_mode == JOURNAL_WRITE_SPLIT_HOST) {
259 w->hashmap_key = strdup(key);
260 if (!w->hashmap_key)
261 return log_oom();
262 }
263
264 r = open_output(w, host);
265 if (r < 0)
266 return r;
267
268 r = hashmap_put(s->writers, w->hashmap_key ?: key, w);
269 if (r < 0)
270 return r;
271 }
272
273 *writer = w;
274 w = NULL;
275 return 0;
276 }
277
278 /**********************************************************************
279 **********************************************************************
280 **********************************************************************/
281
282 /* This should go away as soon as µhttpd allows state to be passed around. */
283 static RemoteServer *server;
284
285 static int dispatch_raw_source_event(sd_event_source *event,
286 int fd,
287 uint32_t revents,
288 void *userdata);
289 static int dispatch_raw_source_until_block(sd_event_source *event,
290 void *userdata);
291 static int dispatch_blocking_source_event(sd_event_source *event,
292 void *userdata);
293 static int dispatch_raw_connection_event(sd_event_source *event,
294 int fd,
295 uint32_t revents,
296 void *userdata);
297 static int dispatch_http_event(sd_event_source *event,
298 int fd,
299 uint32_t revents,
300 void *userdata);
301
302 static int get_source_for_fd(RemoteServer *s,
303 int fd, char *name, RemoteSource **source) {
304 Writer *writer;
305 int r;
306
307 /* This takes ownership of name, but only on success. */
308
309 assert(fd >= 0);
310 assert(source);
311
312 if (!GREEDY_REALLOC0(s->sources, s->sources_size, fd + 1))
313 return log_oom();
314
315 r = get_writer(s, name, &writer);
316 if (r < 0)
317 return log_warning_errno(r, "Failed to get writer for source %s: %m",
318 name);
319
320 if (s->sources[fd] == NULL) {
321 s->sources[fd] = source_new(fd, false, name, writer);
322 if (!s->sources[fd]) {
323 writer_unref(writer);
324 return log_oom();
325 }
326
327 s->active++;
328 }
329
330 *source = s->sources[fd];
331 return 0;
332 }
333
334 static int remove_source(RemoteServer *s, int fd) {
335 RemoteSource *source;
336
337 assert(s);
338 assert(fd >= 0 && fd < (ssize_t) s->sources_size);
339
340 source = s->sources[fd];
341 if (source) {
342 /* this closes fd too */
343 source_free(source);
344 s->sources[fd] = NULL;
345 s->active--;
346 }
347
348 return 0;
349 }
350
351 static int add_source(RemoteServer *s, int fd, char* name, bool own_name) {
352
353 RemoteSource *source = NULL;
354 int r;
355
356 /* This takes ownership of name, even on failure, if own_name is true. */
357
358 assert(s);
359 assert(fd >= 0);
360 assert(name);
361
362 if (!own_name) {
363 name = strdup(name);
364 if (!name)
365 return log_oom();
366 }
367
368 r = get_source_for_fd(s, fd, name, &source);
369 if (r < 0) {
370 log_error_errno(r, "Failed to create source for fd:%d (%s): %m",
371 fd, name);
372 free(name);
373 return r;
374 }
375
376 r = sd_event_add_io(s->events, &source->event,
377 fd, EPOLLIN|EPOLLRDHUP|EPOLLPRI,
378 dispatch_raw_source_event, source);
379 if (r == 0) {
380 /* Add additional source for buffer processing. It will be
381 * enabled later. */
382 r = sd_event_add_defer(s->events, &source->buffer_event,
383 dispatch_raw_source_until_block, source);
384 if (r == 0)
385 sd_event_source_set_enabled(source->buffer_event, SD_EVENT_OFF);
386 } else if (r == -EPERM) {
387 log_debug("Falling back to sd_event_add_defer for fd:%d (%s)", fd, name);
388 r = sd_event_add_defer(s->events, &source->event,
389 dispatch_blocking_source_event, source);
390 if (r == 0)
391 sd_event_source_set_enabled(source->event, SD_EVENT_ON);
392 }
393 if (r < 0) {
394 log_error_errno(r, "Failed to register event source for fd:%d: %m",
395 fd);
396 goto error;
397 }
398
399 r = sd_event_source_set_description(source->event, name);
400 if (r < 0) {
401 log_error_errno(r, "Failed to set source name for fd:%d: %m", fd);
402 goto error;
403 }
404
405 return 1; /* work to do */
406
407 error:
408 remove_source(s, fd);
409 return r;
410 }
411
412 static int add_raw_socket(RemoteServer *s, int fd) {
413 int r;
414 _cleanup_close_ int fd_ = fd;
415 char name[sizeof("raw-socket-")-1 + DECIMAL_STR_MAX(int) + 1];
416
417 assert(fd >= 0);
418
419 r = sd_event_add_io(s->events, &s->listen_event,
420 fd, EPOLLIN,
421 dispatch_raw_connection_event, s);
422 if (r < 0)
423 return r;
424
425 xsprintf(name, "raw-socket-%d", fd);
426
427 r = sd_event_source_set_description(s->listen_event, name);
428 if (r < 0)
429 return r;
430
431 fd_ = -1;
432 s->active ++;
433 return 0;
434 }
435
436 static int setup_raw_socket(RemoteServer *s, const char *address) {
437 int fd;
438
439 fd = make_socket_fd(LOG_INFO, address, SOCK_STREAM | SOCK_CLOEXEC);
440 if (fd < 0)
441 return fd;
442
443 return add_raw_socket(s, fd);
444 }
445
446 /**********************************************************************
447 **********************************************************************
448 **********************************************************************/
449
450 static int request_meta(void **connection_cls, int fd, char *hostname) {
451 RemoteSource *source;
452 Writer *writer;
453 int r;
454
455 assert(connection_cls);
456 if (*connection_cls)
457 return 0;
458
459 r = get_writer(server, hostname, &writer);
460 if (r < 0)
461 return log_warning_errno(r, "Failed to get writer for source %s: %m",
462 hostname);
463
464 source = source_new(fd, true, hostname, writer);
465 if (!source) {
466 writer_unref(writer);
467 return log_oom();
468 }
469
470 log_debug("Added RemoteSource as connection metadata %p", source);
471
472 *connection_cls = source;
473 return 0;
474 }
475
476 static void request_meta_free(void *cls,
477 struct MHD_Connection *connection,
478 void **connection_cls,
479 enum MHD_RequestTerminationCode toe) {
480 RemoteSource *s;
481
482 assert(connection_cls);
483 s = *connection_cls;
484
485 if (s) {
486 log_debug("Cleaning up connection metadata %p", s);
487 source_free(s);
488 *connection_cls = NULL;
489 }
490 }
491
492 static int process_http_upload(
493 struct MHD_Connection *connection,
494 const char *upload_data,
495 size_t *upload_data_size,
496 RemoteSource *source) {
497
498 bool finished = false;
499 size_t remaining;
500 int r;
501
502 assert(source);
503
504 log_trace("%s: connection %p, %zu bytes",
505 __func__, connection, *upload_data_size);
506
507 if (*upload_data_size) {
508 log_trace("Received %zu bytes", *upload_data_size);
509
510 r = push_data(source, upload_data, *upload_data_size);
511 if (r < 0)
512 return mhd_respond_oom(connection);
513
514 *upload_data_size = 0;
515 } else
516 finished = true;
517
518 while (true) {
519 r = process_source(source, arg_compress, arg_seal);
520 if (r == -EAGAIN)
521 break;
522 else if (r < 0) {
523 log_warning("Failed to process data for connection %p", connection);
524 if (r == -E2BIG)
525 return mhd_respondf(connection,
526 MHD_HTTP_REQUEST_ENTITY_TOO_LARGE,
527 "Entry is too large, maximum is %u bytes.\n",
528 DATA_SIZE_MAX);
529 else
530 return mhd_respondf(connection,
531 MHD_HTTP_UNPROCESSABLE_ENTITY,
532 "Processing failed: %s.", strerror(-r));
533 }
534 }
535
536 if (!finished)
537 return MHD_YES;
538
539 /* The upload is finished */
540
541 remaining = source_non_empty(source);
542 if (remaining > 0) {
543 log_warning("Premature EOFbyte. %zu bytes lost.", remaining);
544 return mhd_respondf(connection, MHD_HTTP_EXPECTATION_FAILED,
545 "Premature EOF. %zu bytes of trailing data not processed.",
546 remaining);
547 }
548
549 return mhd_respond(connection, MHD_HTTP_ACCEPTED, "OK.\n");
550 };
551
552 static int request_handler(
553 void *cls,
554 struct MHD_Connection *connection,
555 const char *url,
556 const char *method,
557 const char *version,
558 const char *upload_data,
559 size_t *upload_data_size,
560 void **connection_cls) {
561
562 const char *header;
563 int r, code, fd;
564 _cleanup_free_ char *hostname = NULL;
565
566 assert(connection);
567 assert(connection_cls);
568 assert(url);
569 assert(method);
570
571 log_trace("Handling a connection %s %s %s", method, url, version);
572
573 if (*connection_cls)
574 return process_http_upload(connection,
575 upload_data, upload_data_size,
576 *connection_cls);
577
578 if (!streq(method, "POST"))
579 return mhd_respond(connection, MHD_HTTP_METHOD_NOT_ACCEPTABLE,
580 "Unsupported method.\n");
581
582 if (!streq(url, "/upload"))
583 return mhd_respond(connection, MHD_HTTP_NOT_FOUND,
584 "Not found.\n");
585
586 header = MHD_lookup_connection_value(connection,
587 MHD_HEADER_KIND, "Content-Type");
588 if (!header || !streq(header, "application/vnd.fdo.journal"))
589 return mhd_respond(connection, MHD_HTTP_UNSUPPORTED_MEDIA_TYPE,
590 "Content-Type: application/vnd.fdo.journal"
591 " is required.\n");
592
593 {
594 const union MHD_ConnectionInfo *ci;
595
596 ci = MHD_get_connection_info(connection,
597 MHD_CONNECTION_INFO_CONNECTION_FD);
598 if (!ci) {
599 log_error("MHD_get_connection_info failed: cannot get remote fd");
600 return mhd_respond(connection, MHD_HTTP_INTERNAL_SERVER_ERROR,
601 "Cannot check remote address");
602 }
603
604 fd = ci->connect_fd;
605 assert(fd >= 0);
606 }
607
608 if (server->check_trust) {
609 r = check_permissions(connection, &code, &hostname);
610 if (r < 0)
611 return code;
612 } else {
613 r = getnameinfo_pretty(fd, &hostname);
614 if (r < 0) {
615 return mhd_respond(connection, MHD_HTTP_INTERNAL_SERVER_ERROR,
616 "Cannot check remote hostname");
617 }
618 }
619
620 assert(hostname);
621
622 r = request_meta(connection_cls, fd, hostname);
623 if (r == -ENOMEM)
624 return respond_oom(connection);
625 else if (r < 0)
626 return mhd_respond(connection, MHD_HTTP_INTERNAL_SERVER_ERROR,
627 strerror(-r));
628
629 hostname = NULL;
630 return MHD_YES;
631 }
632
633 static int setup_microhttpd_server(RemoteServer *s,
634 int fd,
635 const char *key,
636 const char *cert,
637 const char *trust) {
638 struct MHD_OptionItem opts[] = {
639 { MHD_OPTION_NOTIFY_COMPLETED, (intptr_t) request_meta_free},
640 { MHD_OPTION_EXTERNAL_LOGGER, (intptr_t) microhttpd_logger},
641 { MHD_OPTION_LISTEN_SOCKET, fd},
642 { MHD_OPTION_END},
643 { MHD_OPTION_END},
644 { MHD_OPTION_END},
645 { MHD_OPTION_END}};
646 int opts_pos = 3;
647 int flags =
648 MHD_USE_DEBUG |
649 MHD_USE_PEDANTIC_CHECKS |
650 MHD_USE_EPOLL_LINUX_ONLY |
651 MHD_USE_DUAL_STACK;
652
653 const union MHD_DaemonInfo *info;
654 int r, epoll_fd;
655 MHDDaemonWrapper *d;
656
657 assert(fd >= 0);
658
659 r = fd_nonblock(fd, true);
660 if (r < 0)
661 return log_error_errno(r, "Failed to make fd:%d nonblocking: %m", fd);
662
663 if (key) {
664 assert(cert);
665
666 opts[opts_pos++] = (struct MHD_OptionItem)
667 {MHD_OPTION_HTTPS_MEM_KEY, 0, (char*) key};
668 opts[opts_pos++] = (struct MHD_OptionItem)
669 {MHD_OPTION_HTTPS_MEM_CERT, 0, (char*) cert};
670
671 flags |= MHD_USE_SSL;
672
673 if (trust)
674 opts[opts_pos++] = (struct MHD_OptionItem)
675 {MHD_OPTION_HTTPS_MEM_TRUST, 0, (char*) trust};
676 }
677
678 d = new(MHDDaemonWrapper, 1);
679 if (!d)
680 return log_oom();
681
682 d->fd = (uint64_t) fd;
683
684 d->daemon = MHD_start_daemon(flags, 0,
685 NULL, NULL,
686 request_handler, NULL,
687 MHD_OPTION_ARRAY, opts,
688 MHD_OPTION_END);
689 if (!d->daemon) {
690 log_error("Failed to start µhttp daemon");
691 r = -EINVAL;
692 goto error;
693 }
694
695 log_debug("Started MHD %s daemon on fd:%d (wrapper @ %p)",
696 key ? "HTTPS" : "HTTP", fd, d);
697
698
699 info = MHD_get_daemon_info(d->daemon, MHD_DAEMON_INFO_EPOLL_FD_LINUX_ONLY);
700 if (!info) {
701 log_error("µhttp returned NULL daemon info");
702 r = -EOPNOTSUPP;
703 goto error;
704 }
705
706 epoll_fd = info->listen_fd;
707 if (epoll_fd < 0) {
708 log_error("µhttp epoll fd is invalid");
709 r = -EUCLEAN;
710 goto error;
711 }
712
713 r = sd_event_add_io(s->events, &d->event,
714 epoll_fd, EPOLLIN,
715 dispatch_http_event, d);
716 if (r < 0) {
717 log_error_errno(r, "Failed to add event callback: %m");
718 goto error;
719 }
720
721 r = sd_event_source_set_description(d->event, "epoll-fd");
722 if (r < 0) {
723 log_error_errno(r, "Failed to set source name: %m");
724 goto error;
725 }
726
727 r = hashmap_ensure_allocated(&s->daemons, &uint64_hash_ops);
728 if (r < 0) {
729 log_oom();
730 goto error;
731 }
732
733 r = hashmap_put(s->daemons, &d->fd, d);
734 if (r < 0) {
735 log_error_errno(r, "Failed to add daemon to hashmap: %m");
736 goto error;
737 }
738
739 s->active ++;
740 return 0;
741
742 error:
743 MHD_stop_daemon(d->daemon);
744 free(d->daemon);
745 free(d);
746 return r;
747 }
748
749 static int setup_microhttpd_socket(RemoteServer *s,
750 const char *address,
751 const char *key,
752 const char *cert,
753 const char *trust) {
754 int fd;
755
756 fd = make_socket_fd(LOG_DEBUG, address, SOCK_STREAM | SOCK_CLOEXEC);
757 if (fd < 0)
758 return fd;
759
760 return setup_microhttpd_server(s, fd, key, cert, trust);
761 }
762
763 static int dispatch_http_event(sd_event_source *event,
764 int fd,
765 uint32_t revents,
766 void *userdata) {
767 MHDDaemonWrapper *d = userdata;
768 int r;
769
770 assert(d);
771
772 r = MHD_run(d->daemon);
773 if (r == MHD_NO) {
774 log_error("MHD_run failed!");
775 // XXX: unregister daemon
776 return -EINVAL;
777 }
778
779 return 1; /* work to do */
780 }
781
782 /**********************************************************************
783 **********************************************************************
784 **********************************************************************/
785
786 static int setup_signals(RemoteServer *s) {
787 sigset_t mask;
788 int r;
789
790 assert(s);
791
792 assert_se(sigemptyset(&mask) == 0);
793 sigset_add_many(&mask, SIGINT, SIGTERM, -1);
794 assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) == 0);
795
796 r = sd_event_add_signal(s->events, &s->sigterm_event, SIGTERM, NULL, s);
797 if (r < 0)
798 return r;
799
800 r = sd_event_add_signal(s->events, &s->sigint_event, SIGINT, NULL, s);
801 if (r < 0)
802 return r;
803
804 return 0;
805 }
806
807 static int negative_fd(const char *spec) {
808 /* Return a non-positive number as its inverse, -EINVAL otherwise. */
809
810 int fd, r;
811
812 r = safe_atoi(spec, &fd);
813 if (r < 0)
814 return r;
815
816 if (fd > 0)
817 return -EINVAL;
818 else
819 return -fd;
820 }
821
822 static int remoteserver_init(RemoteServer *s,
823 const char* key,
824 const char* cert,
825 const char* trust) {
826 int r, n, fd;
827 char **file;
828
829 assert(s);
830
831 if ((arg_listen_raw || arg_listen_http) && trust) {
832 log_error("Option --trust makes all non-HTTPS connections untrusted.");
833 return -EINVAL;
834 }
835
836 r = sd_event_default(&s->events);
837 if (r < 0)
838 return log_error_errno(r, "Failed to allocate event loop: %m");
839
840 setup_signals(s);
841
842 assert(server == NULL);
843 server = s;
844
845 r = init_writer_hashmap(s);
846 if (r < 0)
847 return r;
848
849 n = sd_listen_fds(true);
850 if (n < 0)
851 return log_error_errno(n, "Failed to read listening file descriptors from environment: %m");
852 else
853 log_debug("Received %d descriptors", n);
854
855 if (MAX(http_socket, https_socket) >= SD_LISTEN_FDS_START + n) {
856 log_error("Received fewer sockets than expected");
857 return -EBADFD;
858 }
859
860 for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
861 if (sd_is_socket(fd, AF_UNSPEC, 0, true)) {
862 log_debug("Received a listening socket (fd:%d)", fd);
863
864 if (fd == http_socket)
865 r = setup_microhttpd_server(s, fd, NULL, NULL, NULL);
866 else if (fd == https_socket)
867 r = setup_microhttpd_server(s, fd, key, cert, trust);
868 else
869 r = add_raw_socket(s, fd);
870 } else if (sd_is_socket(fd, AF_UNSPEC, 0, false)) {
871 char *hostname;
872
873 r = getnameinfo_pretty(fd, &hostname);
874 if (r < 0)
875 return log_error_errno(r, "Failed to retrieve remote name: %m");
876
877 log_debug("Received a connection socket (fd:%d) from %s", fd, hostname);
878
879 r = add_source(s, fd, hostname, true);
880 } else {
881 log_error("Unknown socket passed on fd:%d", fd);
882
883 return -EINVAL;
884 }
885
886 if (r < 0)
887 return log_error_errno(r, "Failed to register socket (fd:%d): %m",
888 fd);
889 }
890
891 if (arg_url) {
892 const char *url, *hostname;
893
894 url = strjoina(arg_url, "/entries");
895
896 if (arg_getter) {
897 log_info("Spawning getter %s...", url);
898 fd = spawn_getter(arg_getter, url);
899 } else {
900 log_info("Spawning curl %s...", url);
901 fd = spawn_curl(url);
902 }
903 if (fd < 0)
904 return fd;
905
906 hostname =
907 startswith(arg_url, "https://") ?:
908 startswith(arg_url, "http://") ?:
909 arg_url;
910
911 r = add_source(s, fd, (char*) hostname, false);
912 if (r < 0)
913 return r;
914 }
915
916 if (arg_listen_raw) {
917 log_debug("Listening on a socket...");
918 r = setup_raw_socket(s, arg_listen_raw);
919 if (r < 0)
920 return r;
921 }
922
923 if (arg_listen_http) {
924 r = setup_microhttpd_socket(s, arg_listen_http, NULL, NULL, NULL);
925 if (r < 0)
926 return r;
927 }
928
929 if (arg_listen_https) {
930 r = setup_microhttpd_socket(s, arg_listen_https, key, cert, trust);
931 if (r < 0)
932 return r;
933 }
934
935 STRV_FOREACH(file, arg_files) {
936 const char *output_name;
937
938 if (streq(*file, "-")) {
939 log_debug("Using standard input as source.");
940
941 fd = STDIN_FILENO;
942 output_name = "stdin";
943 } else {
944 log_debug("Reading file %s...", *file);
945
946 fd = open(*file, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
947 if (fd < 0)
948 return log_error_errno(errno, "Failed to open %s: %m", *file);
949 output_name = *file;
950 }
951
952 r = add_source(s, fd, (char*) output_name, false);
953 if (r < 0)
954 return r;
955 }
956
957 if (s->active == 0) {
958 log_error("Zarro sources specified");
959 return -EINVAL;
960 }
961
962 if (arg_split_mode == JOURNAL_WRITE_SPLIT_NONE) {
963 /* In this case we know what the writer will be
964 called, so we can create it and verify that we can
965 create output as expected. */
966 r = get_writer(s, NULL, &s->_single_writer);
967 if (r < 0)
968 return r;
969 }
970
971 return 0;
972 }
973
974 static void server_destroy(RemoteServer *s) {
975 size_t i;
976 MHDDaemonWrapper *d;
977
978 while ((d = hashmap_steal_first(s->daemons))) {
979 MHD_stop_daemon(d->daemon);
980 sd_event_source_unref(d->event);
981 free(d);
982 }
983
984 hashmap_free(s->daemons);
985
986 assert(s->sources_size == 0 || s->sources);
987 for (i = 0; i < s->sources_size; i++)
988 remove_source(s, i);
989 free(s->sources);
990
991 writer_unref(s->_single_writer);
992 hashmap_free(s->writers);
993
994 sd_event_source_unref(s->sigterm_event);
995 sd_event_source_unref(s->sigint_event);
996 sd_event_source_unref(s->listen_event);
997 sd_event_unref(s->events);
998
999 /* fds that we're listening on remain open... */
1000 }
1001
1002 /**********************************************************************
1003 **********************************************************************
1004 **********************************************************************/
1005
1006 static int handle_raw_source(sd_event_source *event,
1007 int fd,
1008 uint32_t revents,
1009 RemoteServer *s) {
1010
1011 RemoteSource *source;
1012 int r;
1013
1014 /* Returns 1 if there might be more data pending,
1015 * 0 if data is currently exhausted, negative on error.
1016 */
1017
1018 assert(fd >= 0 && fd < (ssize_t) s->sources_size);
1019 source = s->sources[fd];
1020 assert(source->fd == fd);
1021
1022 r = process_source(source, arg_compress, arg_seal);
1023 if (source->state == STATE_EOF) {
1024 size_t remaining;
1025
1026 log_debug("EOF reached with source fd:%d (%s)",
1027 source->fd, source->name);
1028
1029 remaining = source_non_empty(source);
1030 if (remaining > 0)
1031 log_notice("Premature EOF. %zu bytes lost.", remaining);
1032 remove_source(s, source->fd);
1033 log_debug("%zu active sources remaining", s->active);
1034 return 0;
1035 } else if (r == -E2BIG) {
1036 log_notice_errno(E2BIG, "Entry too big, skipped");
1037 return 1;
1038 } else if (r == -EAGAIN) {
1039 return 0;
1040 } else if (r < 0) {
1041 log_debug_errno(r, "Closing connection: %m");
1042 remove_source(server, fd);
1043 return 0;
1044 } else
1045 return 1;
1046 }
1047
1048 static int dispatch_raw_source_until_block(sd_event_source *event,
1049 void *userdata) {
1050 RemoteSource *source = userdata;
1051 int r;
1052
1053 /* Make sure event stays around even if source is destroyed */
1054 sd_event_source_ref(event);
1055
1056 r = handle_raw_source(event, source->fd, EPOLLIN, server);
1057 if (r != 1)
1058 /* No more data for now */
1059 sd_event_source_set_enabled(event, SD_EVENT_OFF);
1060
1061 sd_event_source_unref(event);
1062
1063 return r;
1064 }
1065
1066 static int dispatch_raw_source_event(sd_event_source *event,
1067 int fd,
1068 uint32_t revents,
1069 void *userdata) {
1070 RemoteSource *source = userdata;
1071 int r;
1072
1073 assert(source->event);
1074 assert(source->buffer_event);
1075
1076 r = handle_raw_source(event, fd, EPOLLIN, server);
1077 if (r == 1)
1078 /* Might have more data. We need to rerun the handler
1079 * until we are sure the buffer is exhausted. */
1080 sd_event_source_set_enabled(source->buffer_event, SD_EVENT_ON);
1081
1082 return r;
1083 }
1084
1085 static int dispatch_blocking_source_event(sd_event_source *event,
1086 void *userdata) {
1087 RemoteSource *source = userdata;
1088
1089 return handle_raw_source(event, source->fd, EPOLLIN, server);
1090 }
1091
1092 static int accept_connection(const char* type, int fd,
1093 SocketAddress *addr, char **hostname) {
1094 int fd2, r;
1095
1096 log_debug("Accepting new %s connection on fd:%d", type, fd);
1097 fd2 = accept4(fd, &addr->sockaddr.sa, &addr->size, SOCK_NONBLOCK|SOCK_CLOEXEC);
1098 if (fd2 < 0)
1099 return log_error_errno(errno, "accept() on fd:%d failed: %m", fd);
1100
1101 switch(socket_address_family(addr)) {
1102 case AF_INET:
1103 case AF_INET6: {
1104 _cleanup_free_ char *a = NULL;
1105 char *b;
1106
1107 r = socket_address_print(addr, &a);
1108 if (r < 0) {
1109 log_error_errno(r, "socket_address_print(): %m");
1110 close(fd2);
1111 return r;
1112 }
1113
1114 r = socknameinfo_pretty(&addr->sockaddr, addr->size, &b);
1115 if (r < 0) {
1116 close(fd2);
1117 return r;
1118 }
1119
1120 log_debug("Accepted %s %s connection from %s",
1121 type,
1122 socket_address_family(addr) == AF_INET ? "IP" : "IPv6",
1123 a);
1124
1125 *hostname = b;
1126
1127 return fd2;
1128 };
1129 default:
1130 log_error("Rejected %s connection with unsupported family %d",
1131 type, socket_address_family(addr));
1132 close(fd2);
1133
1134 return -EINVAL;
1135 }
1136 }
1137
1138 static int dispatch_raw_connection_event(sd_event_source *event,
1139 int fd,
1140 uint32_t revents,
1141 void *userdata) {
1142 RemoteServer *s = userdata;
1143 int fd2;
1144 SocketAddress addr = {
1145 .size = sizeof(union sockaddr_union),
1146 .type = SOCK_STREAM,
1147 };
1148 char *hostname = NULL;
1149
1150 fd2 = accept_connection("raw", fd, &addr, &hostname);
1151 if (fd2 < 0)
1152 return fd2;
1153
1154 return add_source(s, fd2, hostname, true);
1155 }
1156
1157 /**********************************************************************
1158 **********************************************************************
1159 **********************************************************************/
1160
1161 static const char* const journal_write_split_mode_table[_JOURNAL_WRITE_SPLIT_MAX] = {
1162 [JOURNAL_WRITE_SPLIT_NONE] = "none",
1163 [JOURNAL_WRITE_SPLIT_HOST] = "host",
1164 };
1165
1166 DEFINE_PRIVATE_STRING_TABLE_LOOKUP(journal_write_split_mode, JournalWriteSplitMode);
1167 static DEFINE_CONFIG_PARSE_ENUM(config_parse_write_split_mode,
1168 journal_write_split_mode,
1169 JournalWriteSplitMode,
1170 "Failed to parse split mode setting");
1171
1172 static int parse_config(void) {
1173 const ConfigTableItem items[] = {
1174 { "Remote", "SplitMode", config_parse_write_split_mode, 0, &arg_split_mode },
1175 { "Remote", "ServerKeyFile", config_parse_path, 0, &arg_key },
1176 { "Remote", "ServerCertificateFile", config_parse_path, 0, &arg_cert },
1177 { "Remote", "TrustedCertificateFile", config_parse_path, 0, &arg_trust },
1178 {}};
1179
1180 return config_parse_many(PKGSYSCONFDIR "/journal-remote.conf",
1181 CONF_DIRS_NULSTR("systemd/journal-remote.conf"),
1182 "Remote\0", config_item_table_lookup, items,
1183 false, NULL);
1184 }
1185
1186 static void help(void) {
1187 printf("%s [OPTIONS...] {FILE|-}...\n\n"
1188 "Write external journal events to journal file(s).\n\n"
1189 " -h --help Show this help\n"
1190 " --version Show package version\n"
1191 " --url=URL Read events from systemd-journal-gatewayd at URL\n"
1192 " --getter=COMMAND Read events from the output of COMMAND\n"
1193 " --listen-raw=ADDR Listen for connections at ADDR\n"
1194 " --listen-http=ADDR Listen for HTTP connections at ADDR\n"
1195 " --listen-https=ADDR Listen for HTTPS connections at ADDR\n"
1196 " -o --output=FILE|DIR Write output to FILE or DIR/external-*.journal\n"
1197 " --compress[=BOOL] XZ-compress the output journal (default: yes)\n"
1198 " --seal[=BOOL] Use event sealing (default: no)\n"
1199 " --key=FILENAME SSL key in PEM format (default:\n"
1200 " \"" PRIV_KEY_FILE "\")\n"
1201 " --cert=FILENAME SSL certificate in PEM format (default:\n"
1202 " \"" CERT_FILE "\")\n"
1203 " --trust=FILENAME|all SSL CA certificate or disable checking (default:\n"
1204 " \"" TRUST_FILE "\")\n"
1205 " --gnutls-log=CATEGORY...\n"
1206 " Specify a list of gnutls logging categories\n"
1207 " --split-mode=none|host How many output files to create\n"
1208 "\n"
1209 "Note: file descriptors from sd_listen_fds() will be consumed, too.\n"
1210 , program_invocation_short_name);
1211 }
1212
1213 static int parse_argv(int argc, char *argv[]) {
1214 enum {
1215 ARG_VERSION = 0x100,
1216 ARG_URL,
1217 ARG_LISTEN_RAW,
1218 ARG_LISTEN_HTTP,
1219 ARG_LISTEN_HTTPS,
1220 ARG_GETTER,
1221 ARG_SPLIT_MODE,
1222 ARG_COMPRESS,
1223 ARG_SEAL,
1224 ARG_KEY,
1225 ARG_CERT,
1226 ARG_TRUST,
1227 ARG_GNUTLS_LOG,
1228 };
1229
1230 static const struct option options[] = {
1231 { "help", no_argument, NULL, 'h' },
1232 { "version", no_argument, NULL, ARG_VERSION },
1233 { "url", required_argument, NULL, ARG_URL },
1234 { "getter", required_argument, NULL, ARG_GETTER },
1235 { "listen-raw", required_argument, NULL, ARG_LISTEN_RAW },
1236 { "listen-http", required_argument, NULL, ARG_LISTEN_HTTP },
1237 { "listen-https", required_argument, NULL, ARG_LISTEN_HTTPS },
1238 { "output", required_argument, NULL, 'o' },
1239 { "split-mode", required_argument, NULL, ARG_SPLIT_MODE },
1240 { "compress", optional_argument, NULL, ARG_COMPRESS },
1241 { "seal", optional_argument, NULL, ARG_SEAL },
1242 { "key", required_argument, NULL, ARG_KEY },
1243 { "cert", required_argument, NULL, ARG_CERT },
1244 { "trust", required_argument, NULL, ARG_TRUST },
1245 { "gnutls-log", required_argument, NULL, ARG_GNUTLS_LOG },
1246 {}
1247 };
1248
1249 int c, r;
1250 bool type_a, type_b;
1251
1252 assert(argc >= 0);
1253 assert(argv);
1254
1255 while ((c = getopt_long(argc, argv, "ho:", options, NULL)) >= 0)
1256 switch(c) {
1257 case 'h':
1258 help();
1259 return 0 /* done */;
1260
1261 case ARG_VERSION:
1262 puts(PACKAGE_STRING);
1263 puts(SYSTEMD_FEATURES);
1264 return 0 /* done */;
1265
1266 case ARG_URL:
1267 if (arg_url) {
1268 log_error("cannot currently set more than one --url");
1269 return -EINVAL;
1270 }
1271
1272 arg_url = optarg;
1273 break;
1274
1275 case ARG_GETTER:
1276 if (arg_getter) {
1277 log_error("cannot currently use --getter more than once");
1278 return -EINVAL;
1279 }
1280
1281 arg_getter = optarg;
1282 break;
1283
1284 case ARG_LISTEN_RAW:
1285 if (arg_listen_raw) {
1286 log_error("cannot currently use --listen-raw more than once");
1287 return -EINVAL;
1288 }
1289
1290 arg_listen_raw = optarg;
1291 break;
1292
1293 case ARG_LISTEN_HTTP:
1294 if (arg_listen_http || http_socket >= 0) {
1295 log_error("cannot currently use --listen-http more than once");
1296 return -EINVAL;
1297 }
1298
1299 r = negative_fd(optarg);
1300 if (r >= 0)
1301 http_socket = r;
1302 else
1303 arg_listen_http = optarg;
1304 break;
1305
1306 case ARG_LISTEN_HTTPS:
1307 if (arg_listen_https || https_socket >= 0) {
1308 log_error("cannot currently use --listen-https more than once");
1309 return -EINVAL;
1310 }
1311
1312 r = negative_fd(optarg);
1313 if (r >= 0)
1314 https_socket = r;
1315 else
1316 arg_listen_https = optarg;
1317
1318 break;
1319
1320 case ARG_KEY:
1321 if (arg_key) {
1322 log_error("Key file specified twice");
1323 return -EINVAL;
1324 }
1325
1326 arg_key = strdup(optarg);
1327 if (!arg_key)
1328 return log_oom();
1329
1330 break;
1331
1332 case ARG_CERT:
1333 if (arg_cert) {
1334 log_error("Certificate file specified twice");
1335 return -EINVAL;
1336 }
1337
1338 arg_cert = strdup(optarg);
1339 if (!arg_cert)
1340 return log_oom();
1341
1342 break;
1343
1344 case ARG_TRUST:
1345 if (arg_trust || arg_trust_all) {
1346 log_error("Confusing trusted CA configuration");
1347 return -EINVAL;
1348 }
1349
1350 if (streq(optarg, "all"))
1351 arg_trust_all = true;
1352 else {
1353 #ifdef HAVE_GNUTLS
1354 arg_trust = strdup(optarg);
1355 if (!arg_trust)
1356 return log_oom();
1357 #else
1358 log_error("Option --trust is not available.");
1359 return -EINVAL;
1360 #endif
1361 }
1362
1363 break;
1364
1365 case 'o':
1366 if (arg_output) {
1367 log_error("cannot use --output/-o more than once");
1368 return -EINVAL;
1369 }
1370
1371 arg_output = optarg;
1372 break;
1373
1374 case ARG_SPLIT_MODE:
1375 arg_split_mode = journal_write_split_mode_from_string(optarg);
1376 if (arg_split_mode == _JOURNAL_WRITE_SPLIT_INVALID) {
1377 log_error("Invalid split mode: %s", optarg);
1378 return -EINVAL;
1379 }
1380 break;
1381
1382 case ARG_COMPRESS:
1383 if (optarg) {
1384 r = parse_boolean(optarg);
1385 if (r < 0) {
1386 log_error("Failed to parse --compress= parameter.");
1387 return -EINVAL;
1388 }
1389
1390 arg_compress = !!r;
1391 } else
1392 arg_compress = true;
1393
1394 break;
1395
1396 case ARG_SEAL:
1397 if (optarg) {
1398 r = parse_boolean(optarg);
1399 if (r < 0) {
1400 log_error("Failed to parse --seal= parameter.");
1401 return -EINVAL;
1402 }
1403
1404 arg_seal = !!r;
1405 } else
1406 arg_seal = true;
1407
1408 break;
1409
1410 case ARG_GNUTLS_LOG: {
1411 #ifdef HAVE_GNUTLS
1412 const char *word, *state;
1413 size_t size;
1414
1415 FOREACH_WORD_SEPARATOR(word, size, optarg, ",", state) {
1416 char *cat;
1417
1418 cat = strndup(word, size);
1419 if (!cat)
1420 return log_oom();
1421
1422 if (strv_consume(&arg_gnutls_log, cat) < 0)
1423 return log_oom();
1424 }
1425 break;
1426 #else
1427 log_error("Option --gnutls-log is not available.");
1428 return -EINVAL;
1429 #endif
1430 }
1431
1432 case '?':
1433 return -EINVAL;
1434
1435 default:
1436 assert_not_reached("Unknown option code.");
1437 }
1438
1439 if (optind < argc)
1440 arg_files = argv + optind;
1441
1442 type_a = arg_getter || !strv_isempty(arg_files);
1443 type_b = arg_url
1444 || arg_listen_raw
1445 || arg_listen_http || arg_listen_https
1446 || sd_listen_fds(false) > 0;
1447 if (type_a && type_b) {
1448 log_error("Cannot use file input or --getter with "
1449 "--arg-listen-... or socket activation.");
1450 return -EINVAL;
1451 }
1452 if (type_a) {
1453 if (!arg_output) {
1454 log_error("Option --output must be specified with file input or --getter.");
1455 return -EINVAL;
1456 }
1457
1458 arg_split_mode = JOURNAL_WRITE_SPLIT_NONE;
1459 }
1460
1461 if (arg_split_mode == JOURNAL_WRITE_SPLIT_NONE
1462 && arg_output && is_dir(arg_output, true) > 0) {
1463 log_error("For SplitMode=none, output must be a file.");
1464 return -EINVAL;
1465 }
1466
1467 if (arg_split_mode == JOURNAL_WRITE_SPLIT_HOST
1468 && arg_output && is_dir(arg_output, true) <= 0) {
1469 log_error("For SplitMode=host, output must be a directory.");
1470 return -EINVAL;
1471 }
1472
1473 log_debug("Full config: SplitMode=%s Key=%s Cert=%s Trust=%s",
1474 journal_write_split_mode_to_string(arg_split_mode),
1475 strna(arg_key),
1476 strna(arg_cert),
1477 strna(arg_trust));
1478
1479 return 1 /* work to do */;
1480 }
1481
1482 static int load_certificates(char **key, char **cert, char **trust) {
1483 int r;
1484
1485 r = read_full_file(arg_key ?: PRIV_KEY_FILE, key, NULL);
1486 if (r < 0)
1487 return log_error_errno(r, "Failed to read key from file '%s': %m",
1488 arg_key ?: PRIV_KEY_FILE);
1489
1490 r = read_full_file(arg_cert ?: CERT_FILE, cert, NULL);
1491 if (r < 0)
1492 return log_error_errno(r, "Failed to read certificate from file '%s': %m",
1493 arg_cert ?: CERT_FILE);
1494
1495 if (arg_trust_all)
1496 log_info("Certificate checking disabled.");
1497 else {
1498 r = read_full_file(arg_trust ?: TRUST_FILE, trust, NULL);
1499 if (r < 0)
1500 return log_error_errno(r, "Failed to read CA certificate file '%s': %m",
1501 arg_trust ?: TRUST_FILE);
1502 }
1503
1504 return 0;
1505 }
1506
1507 int main(int argc, char **argv) {
1508 RemoteServer s = {};
1509 int r;
1510 _cleanup_free_ char *key = NULL, *cert = NULL, *trust = NULL;
1511
1512 log_show_color(true);
1513 log_parse_environment();
1514
1515 r = parse_config();
1516 if (r < 0)
1517 return EXIT_FAILURE;
1518
1519 r = parse_argv(argc, argv);
1520 if (r <= 0)
1521 return r == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
1522
1523
1524 if (arg_listen_http || arg_listen_https) {
1525 r = setup_gnutls_logger(arg_gnutls_log);
1526 if (r < 0)
1527 return EXIT_FAILURE;
1528 }
1529
1530 if (arg_listen_https || https_socket >= 0)
1531 if (load_certificates(&key, &cert, &trust) < 0)
1532 return EXIT_FAILURE;
1533
1534 if (remoteserver_init(&s, key, cert, trust) < 0)
1535 return EXIT_FAILURE;
1536
1537 r = sd_event_set_watchdog(s.events, true);
1538 if (r < 0)
1539 log_error_errno(r, "Failed to enable watchdog: %m");
1540 else
1541 log_debug("Watchdog is %s.", r > 0 ? "enabled" : "disabled");
1542
1543 log_debug("%s running as pid "PID_FMT,
1544 program_invocation_short_name, getpid());
1545 sd_notify(false,
1546 "READY=1\n"
1547 "STATUS=Processing requests...");
1548
1549 while (s.active) {
1550 r = sd_event_get_state(s.events);
1551 if (r < 0)
1552 break;
1553 if (r == SD_EVENT_FINISHED)
1554 break;
1555
1556 r = sd_event_run(s.events, -1);
1557 if (r < 0) {
1558 log_error_errno(r, "Failed to run event loop: %m");
1559 break;
1560 }
1561 }
1562
1563 sd_notifyf(false,
1564 "STOPPING=1\n"
1565 "STATUS=Shutting down after writing %" PRIu64 " entries...", s.event_count);
1566 log_info("Finishing after writing %" PRIu64 " entries", s.event_count);
1567
1568 server_destroy(&s);
1569
1570 free(arg_key);
1571 free(arg_cert);
1572 free(arg_trust);
1573
1574 return r >= 0 ? EXIT_SUCCESS : EXIT_FAILURE;
1575 }
Unnamed repository; edit this file 'description' to name the repository.