[thirdparty/systemd.git] / src / journal / journald-syslog.c

/* SPDX-License-Identifier: LGPL-2.1+ */

#include <stddef.h>
#include <sys/epoll.h>
#include <unistd.h>

#include "sd-messages.h"

#include "alloc-util.h"
#include "fd-util.h"
#include "format-util.h"
#include "io-util.h"
#include "journald-console.h"
#include "journald-kmsg.h"
#include "journald-server.h"
#include "journald-syslog.h"
#include "journald-wall.h"
#include "process-util.h"
#include "selinux-util.h"
#include "socket-util.h"
#include "stdio-util.h"
#include "string-util.h"
#include "syslog-util.h"

/* Warn once every 30s if we missed syslog message */
#define WARN_FORWARD_SYSLOG_MISSED_USEC (30 * USEC_PER_SEC)

static void forward_syslog_iovec(Server *s, const struct iovec *iovec, unsigned n_iovec, const struct ucred *ucred, const struct timeval *tv) {

        static const union sockaddr_union sa = {
                .un.sun_family = AF_UNIX,
                .un.sun_path = "/run/systemd/journal/syslog",
        };
        struct msghdr msghdr = {
                .msg_iov = (struct iovec *) iovec,
                .msg_iovlen = n_iovec,
                .msg_name = (struct sockaddr*) &sa.sa,
                .msg_namelen = SOCKADDR_UN_LEN(sa.un),
        };
        struct cmsghdr *cmsg;
        union {
                struct cmsghdr cmsghdr;
                uint8_t buf[CMSG_SPACE(sizeof(struct ucred))];
        } control;

        assert(s);
        assert(iovec);
        assert(n_iovec > 0);

        if (ucred) {
                zero(control);
                msghdr.msg_control = &control;
                msghdr.msg_controllen = sizeof(control);

                cmsg = CMSG_FIRSTHDR(&msghdr);
                cmsg->cmsg_level = SOL_SOCKET;
                cmsg->cmsg_type = SCM_CREDENTIALS;
                cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
                memcpy(CMSG_DATA(cmsg), ucred, sizeof(struct ucred));
                msghdr.msg_controllen = cmsg->cmsg_len;
        }

        /* Forward the syslog message we received via /dev/log to
         * /run/systemd/syslog. Unfortunately we currently can't set
         * the SO_TIMESTAMP auxiliary data, and hence we don't. */

        if (sendmsg(s->syslog_fd, &msghdr, MSG_NOSIGNAL) >= 0)
                return;

        /* The socket is full? I guess the syslog implementation is
         * too slow, and we shouldn't wait for that... */
        if (errno == EAGAIN) {
                s->n_forward_syslog_missed++;
                return;
        }

        if (ucred && IN_SET(errno, ESRCH, EPERM)) {
                struct ucred u;

                /* Hmm, presumably the sender process vanished
                 * by now, or we don't have CAP_SYS_AMDIN, so
                 * let's fix it as good as we can, and retry */

                u = *ucred;
                u.pid = getpid_cached();
                memcpy(CMSG_DATA(cmsg), &u, sizeof(struct ucred));

                if (sendmsg(s->syslog_fd, &msghdr, MSG_NOSIGNAL) >= 0)
                        return;

                if (errno == EAGAIN) {
                        s->n_forward_syslog_missed++;
                        return;
                }
        }

        if (errno != ENOENT)
                log_debug_errno(errno, "Failed to forward syslog message: %m");
}

static void forward_syslog_raw(Server *s, int priority, const char *buffer, size_t buffer_len, const struct ucred *ucred, const struct timeval *tv) {
        struct iovec iovec;

        assert(s);
        assert(buffer);

        if (LOG_PRI(priority) > s->max_level_syslog)
                return;

        iovec = IOVEC_MAKE((char *) buffer, buffer_len);
        forward_syslog_iovec(s, &iovec, 1, ucred, tv);
}

void server_forward_syslog(Server *s, int priority, const char *identifier, const char *message, const struct ucred *ucred, const struct timeval *tv) {
        struct iovec iovec[5];
        char header_priority[DECIMAL_STR_MAX(priority) + 3], header_time[64],
             header_pid[STRLEN("[]: ") + DECIMAL_STR_MAX(pid_t) + 1];
        int n = 0;
        time_t t;
        struct tm *tm;
        _cleanup_free_ char *ident_buf = NULL;

        assert(s);
        assert(priority >= 0);
        assert(priority <= 999);
        assert(message);

        if (LOG_PRI(priority) > s->max_level_syslog)
                return;

        /* First: priority field */
        xsprintf(header_priority, "<%i>", priority);
        iovec[n++] = IOVEC_MAKE_STRING(header_priority);

        /* Second: timestamp */
        t = tv ? tv->tv_sec : ((time_t) (now(CLOCK_REALTIME) / USEC_PER_SEC));
        tm = localtime(&t);
        if (!tm)
                return;
        if (strftime(header_time, sizeof(header_time), "%h %e %T ", tm) <= 0)
                return;
        iovec[n++] = IOVEC_MAKE_STRING(header_time);

        /* Third: identifier and PID */
        if (ucred) {
                if (!identifier) {
                        get_process_comm(ucred->pid, &ident_buf);
                        identifier = ident_buf;
                }

                xsprintf(header_pid, "["PID_FMT"]: ", ucred->pid);

                if (identifier)
                        iovec[n++] = IOVEC_MAKE_STRING(identifier);

                iovec[n++] = IOVEC_MAKE_STRING(header_pid);
        } else if (identifier) {
                iovec[n++] = IOVEC_MAKE_STRING(identifier);
                iovec[n++] = IOVEC_MAKE_STRING(": ");
        }

        /* Fourth: message */
        iovec[n++] = IOVEC_MAKE_STRING(message);

        forward_syslog_iovec(s, iovec, n, ucred, tv);
}

int syslog_fixup_facility(int priority) {

        if ((priority & LOG_FACMASK) == 0)
                return (priority & LOG_PRIMASK) | LOG_USER;

        return priority;
}

size_t syslog_parse_identifier(const char **buf, char **identifier, char **pid) {
        const char *p;
        char *t;
        size_t l, e;

        assert(buf);
        assert(identifier);
        assert(pid);

        p = *buf;

        p += strspn(p, WHITESPACE);
        l = strcspn(p, WHITESPACE);

        if (l <= 0 ||
            p[l-1] != ':')
                return 0;

        e = l;
        l--;

        if (p[l-1] == ']') {
                size_t k = l-1;

                for (;;) {

                        if (p[k] == '[') {
                                t = strndup(p+k+1, l-k-2);
                                if (t)
                                        *pid = t;

                                l = k;
                                break;
                        }

                        if (k == 0)
                                break;

                        k--;
                }
        }

        t = strndup(p, l);
        if (t)
                *identifier = t;

        if (strchr(WHITESPACE, p[e]))
                e++;
        *buf = p + e;
        return e;
}

static void syslog_skip_date(const char **buf) {
        enum {
                LETTER,
                SPACE,
                NUMBER,
                SPACE_OR_NUMBER,
                COLON
        } sequence[] = {
                LETTER, LETTER, LETTER,
                SPACE,
                SPACE_OR_NUMBER, NUMBER,
                SPACE,
                SPACE_OR_NUMBER, NUMBER,
                COLON,
                SPACE_OR_NUMBER, NUMBER,
                COLON,
                SPACE_OR_NUMBER, NUMBER,
                SPACE
        };

        const char *p;
        unsigned i;

        assert(buf);
        assert(*buf);

        p = *buf;

        for (i = 0; i < ELEMENTSOF(sequence); i++, p++) {

                if (!*p)
                        return;

                switch (sequence[i]) {

                case SPACE:
                        if (*p != ' ')
                                return;
                        break;

                case SPACE_OR_NUMBER:
                        if (*p == ' ')
                                break;

                        _fallthrough_;
                case NUMBER:
                        if (*p < '0' || *p > '9')
                                return;

                        break;

                case LETTER:
                        if (!(*p >= 'A' && *p <= 'Z') &&
                            !(*p >= 'a' && *p <= 'z'))
                                return;

                        break;

                case COLON:
                        if (*p != ':')
                                return;
                        break;

                }
        }

        *buf = p;
}

void server_process_syslog_message(
                Server *s,
                const char *buf,
                size_t raw_len,
                const struct ucred *ucred,
                const struct timeval *tv,
                const char *label,
                size_t label_len) {

        char syslog_priority[sizeof("PRIORITY=") + DECIMAL_STR_MAX(int)],
             syslog_facility[sizeof("SYSLOG_FACILITY=") + DECIMAL_STR_MAX(int)];
        const char *message = NULL, *syslog_identifier = NULL, *syslog_pid = NULL, *msg;
        _cleanup_free_ char *identifier = NULL, *pid = NULL;
        int priority = LOG_USER | LOG_INFO, r;
        ClientContext *context = NULL;
        struct iovec *iovec;
        size_t n = 0, m, i, leading_ws;

        assert(s);
        assert(buf);
        /* The message cannot be empty. */
        assert(raw_len > 0);
        /* The buffer NUL-terminated and can be used a string. raw_len is the length
         * without the terminating NUL byte, the buffer is actually one bigger. */
        assert(buf[raw_len] == '\0');

        if (ucred && pid_is_valid(ucred->pid)) {
                r = client_context_get(s, ucred->pid, ucred, label, label_len, NULL, &context);
                if (r < 0)
                        log_warning_errno(r, "Failed to retrieve credentials for PID " PID_FMT ", ignoring: %m", ucred->pid);
        }

        /* We are creating a copy of the message because we want to forward the original message
           verbatim to the legacy syslog implementation */
        for (i = raw_len; i > 0; i--)
                if (!strchr(WHITESPACE, buf[i-1]))
                        break;

        leading_ws = strspn(buf, WHITESPACE);

        if (i == raw_len)
                /* Nice! No need to strip anything on the end, let's optimize this a bit */
                msg = buf + leading_ws;
        else {
                char *t;

                msg = t = newa(char, i - leading_ws + 1);
                memcpy(t, buf + leading_ws, i - leading_ws);
                t[i - leading_ws] = 0;
        }

        syslog_parse_priority(&msg, &priority, true);

        if (!client_context_test_priority(context, priority))
                return;

        syslog_skip_date(&msg);
        syslog_parse_identifier(&msg, &identifier, &pid);

        if (s->forward_to_syslog)
                forward_syslog_raw(s, priority, buf, raw_len, ucred, tv);

        if (s->forward_to_kmsg)
                server_forward_kmsg(s, priority, identifier, msg, ucred);

        if (s->forward_to_console)
                server_forward_console(s, priority, identifier, msg, ucred);

        if (s->forward_to_wall)
                server_forward_wall(s, priority, identifier, msg, ucred);

        m = N_IOVEC_META_FIELDS + 6 + client_context_extra_fields_n_iovec(context);
        iovec = newa(struct iovec, m);

        iovec[n++] = IOVEC_MAKE_STRING("_TRANSPORT=syslog");

        xsprintf(syslog_priority, "PRIORITY=%i", priority & LOG_PRIMASK);
        iovec[n++] = IOVEC_MAKE_STRING(syslog_priority);

        if (priority & LOG_FACMASK) {
                xsprintf(syslog_facility, "SYSLOG_FACILITY=%i", LOG_FAC(priority));
                iovec[n++] = IOVEC_MAKE_STRING(syslog_facility);
        }

        if (identifier) {
                syslog_identifier = strjoina("SYSLOG_IDENTIFIER=", identifier);
                iovec[n++] = IOVEC_MAKE_STRING(syslog_identifier);
        }

        if (pid) {
                syslog_pid = strjoina("SYSLOG_PID=", pid);
                iovec[n++] = IOVEC_MAKE_STRING(syslog_pid);
        }

        message = strjoina("MESSAGE=", msg);
        if (message)
                iovec[n++] = IOVEC_MAKE_STRING(message);

        server_dispatch_message(s, iovec, n, m, context, tv, priority, 0);
}

int server_open_syslog_socket(Server *s) {

        static const union sockaddr_union sa = {
                .un.sun_family = AF_UNIX,
                .un.sun_path = "/run/systemd/journal/dev-log",
        };
        static const int one = 1;
        int r;

        assert(s);

        if (s->syslog_fd < 0) {
                s->syslog_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
                if (s->syslog_fd < 0)
                        return log_error_errno(errno, "socket() failed: %m");

                (void) unlink(sa.un.sun_path);

                r = bind(s->syslog_fd, &sa.sa, SOCKADDR_UN_LEN(sa.un));
                if (r < 0)
                        return log_error_errno(errno, "bind(%s) failed: %m", sa.un.sun_path);

                (void) chmod(sa.un.sun_path, 0666);
        } else
                fd_nonblock(s->syslog_fd, 1);

        r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one));
        if (r < 0)
                return log_error_errno(errno, "SO_PASSCRED failed: %m");

#if HAVE_SELINUX
        if (mac_selinux_use()) {
                r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one));
                if (r < 0)
                        log_warning_errno(errno, "SO_PASSSEC failed: %m");
        }
#endif

        r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_TIMESTAMP, &one, sizeof(one));
        if (r < 0)
                return log_error_errno(errno, "SO_TIMESTAMP failed: %m");

        r = sd_event_add_io(s->event, &s->syslog_event_source, s->syslog_fd, EPOLLIN, server_process_datagram, s);
        if (r < 0)
                return log_error_errno(r, "Failed to add syslog server fd to event loop: %m");

        r = sd_event_source_set_priority(s->syslog_event_source, SD_EVENT_PRIORITY_NORMAL+5);
        if (r < 0)
                return log_error_errno(r, "Failed to adjust syslog event source priority: %m");

        return 0;
}

void server_maybe_warn_forward_syslog_missed(Server *s) {
        usec_t n;

        assert(s);

        if (s->n_forward_syslog_missed <= 0)
                return;

        n = now(CLOCK_MONOTONIC);
        if (s->last_warn_forward_syslog_missed + WARN_FORWARD_SYSLOG_MISSED_USEC > n)
                return;

        server_driver_message(s, 0,
                              "MESSAGE_ID=" SD_MESSAGE_FORWARD_SYSLOG_MISSED_STR,
                              LOG_MESSAGE("Forwarding to syslog missed %u messages.",
                                          s->n_forward_syslog_missed),
                              NULL);

        s->n_forward_syslog_missed = 0;
        s->last_warn_forward_syslog_missed = n;
}
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
35e2e347	2
4871690d	3	#include <stddef.h>
35e2e347	4	#include <sys/epoll.h>
07630cea	5	#include <unistd.h>
35e2e347	6
07630cea LP	7	#include "sd-messages.h"
07630cea LP	8
b5efdb8a	9	#include "alloc-util.h"
3ffd4af2	10	#include "fd-util.h"
f97b34a6	11	#include "format-util.h"
afc5dbf3	12	#include "io-util.h"
3b7124a8	13	#include "journald-console.h"
07630cea LP	14	#include "journald-kmsg.h"
07630cea LP	15	#include "journald-server.h"
3ffd4af2	16	#include "journald-syslog.h"
40b71e89	17	#include "journald-wall.h"
0b452006	18	#include "process-util.h"
07630cea LP	19	#include "selinux-util.h"
07630cea LP	20	#include "socket-util.h"
15a5e950	21	#include "stdio-util.h"
07630cea	22	#include "string-util.h"
7ccbd1ae	23	#include "syslog-util.h"
35e2e347	24
178cc770 LP	25	/* Warn once every 30s if we missed syslog message */
	26	#define WARN_FORWARD_SYSLOG_MISSED_USEC (30 * USEC_PER_SEC)
	27
3b3154df	28	static void forward_syslog_iovec(Server s, const struct iovec iovec, unsigned n_iovec, const struct ucred ucred, const struct timeval tv) {
b92bea5d	29
46b13157	30	static const union sockaddr_union sa = {
b92bea5d ZJS	31	.un.sun_family = AF_UNIX,
	32	.un.sun_path = "/run/systemd/journal/syslog",
	33	};
	34	struct msghdr msghdr = {
	35	.msg_iov = (struct iovec *) iovec,
	36	.msg_iovlen = n_iovec,
46b13157	37	.msg_name = (struct sockaddr*) &sa.sa,
fc2fffe7	38	.msg_namelen = SOCKADDR_UN_LEN(sa.un),
b92bea5d	39	};
35e2e347 LP	40	struct cmsghdr *cmsg;
	41	union {
	42	struct cmsghdr cmsghdr;
	43	uint8_t buf[CMSG_SPACE(sizeof(struct ucred))];
	44	} control;
35e2e347 LP	45
	46	assert(s);
	47	assert(iovec);
	48	assert(n_iovec > 0);
	49
35e2e347 LP	50	if (ucred) {
	51	zero(control);
	52	msghdr.msg_control = &control;
	53	msghdr.msg_controllen = sizeof(control);
	54
	55	cmsg = CMSG_FIRSTHDR(&msghdr);
	56	cmsg->cmsg_level = SOL_SOCKET;
	57	cmsg->cmsg_type = SCM_CREDENTIALS;
	58	cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
	59	memcpy(CMSG_DATA(cmsg), ucred, sizeof(struct ucred));
	60	msghdr.msg_controllen = cmsg->cmsg_len;
	61	}
	62
	63	/* Forward the syslog message we received via /dev/log to
	64	* /run/systemd/syslog. Unfortunately we currently can't set
	65	* the SO_TIMESTAMP auxiliary data, and hence we don't. */
	66
	67	if (sendmsg(s->syslog_fd, &msghdr, MSG_NOSIGNAL) >= 0)
	68	return;
	69
	70	/* The socket is full? I guess the syslog implementation is
	71	* too slow, and we shouldn't wait for that... */
178cc770 LP	72	if (errno == EAGAIN) {
178cc770 LP	73	s->n_forward_syslog_missed++;
35e2e347	74	return;
178cc770	75	}
35e2e347	76
3742095b	77	if (ucred && IN_SET(errno, ESRCH, EPERM)) {
35e2e347 LP	78	struct ucred u;
	79
	80	/* Hmm, presumably the sender process vanished
ccf23ad5 CS	81	* by now, or we don't have CAP_SYS_AMDIN, so
ccf23ad5 CS	82	* let's fix it as good as we can, and retry */
35e2e347 LP	83
35e2e347 LP	84	u = *ucred;
df0ff127	85	u.pid = getpid_cached();
35e2e347 LP	86	memcpy(CMSG_DATA(cmsg), &u, sizeof(struct ucred));
	87
	88	if (sendmsg(s->syslog_fd, &msghdr, MSG_NOSIGNAL) >= 0)
	89	return;
	90
178cc770 LP	91	if (errno == EAGAIN) {
178cc770 LP	92	s->n_forward_syslog_missed++;
35e2e347	93	return;
178cc770	94	}
35e2e347 LP	95	}
	96
	97	if (errno != ENOENT)
56f64d95	98	log_debug_errno(errno, "Failed to forward syslog message: %m");
35e2e347 LP	99	}
35e2e347 LP	100
bb3ff70a	101	static void forward_syslog_raw(Server s, int priority, const char buffer, size_t buffer_len, const struct ucred ucred, const struct timeval tv) {
35e2e347 LP	102	struct iovec iovec;
	103
	104	assert(s);
	105	assert(buffer);
	106
	107	if (LOG_PRI(priority) > s->max_level_syslog)
	108	return;
	109
bb3ff70a	110	iovec = IOVEC_MAKE((char *) buffer, buffer_len);
35e2e347 LP	111	forward_syslog_iovec(s, &iovec, 1, ucred, tv);
	112	}
	113
3b3154df	114	void server_forward_syslog(Server s, int priority, const char identifier, const char message, const struct ucred ucred, const struct timeval *tv) {
35e2e347	115	struct iovec iovec[5];
3b97fcbd	116	char header_priority[DECIMAL_STR_MAX(priority) + 3], header_time[64],
fbd0b64f	117	header_pid[STRLEN("[]: ") + DECIMAL_STR_MAX(pid_t) + 1];
35e2e347 LP	118	int n = 0;
	119	time_t t;
	120	struct tm *tm;
e6a7ec4b	121	_cleanup_free_ char *ident_buf = NULL;
35e2e347 LP	122
	123	assert(s);
	124	assert(priority >= 0);
	125	assert(priority <= 999);
	126	assert(message);
	127
	128	if (LOG_PRI(priority) > s->max_level_syslog)
	129	return;
	130
	131	/* First: priority field */
5ffa8c81	132	xsprintf(header_priority, "<%i>", priority);
e6a7ec4b	133	iovec[n++] = IOVEC_MAKE_STRING(header_priority);
35e2e347 LP	134
	135	/* Second: timestamp */
	136	t = tv ? tv->tv_sec : ((time_t) (now(CLOCK_REALTIME) / USEC_PER_SEC));
	137	tm = localtime(&t);
	138	if (!tm)
	139	return;
	140	if (strftime(header_time, sizeof(header_time), "%h %e %T ", tm) <= 0)
	141	return;
e6a7ec4b	142	iovec[n++] = IOVEC_MAKE_STRING(header_time);
35e2e347 LP	143
	144	/* Third: identifier and PID */
	145	if (ucred) {
	146	if (!identifier) {
	147	get_process_comm(ucred->pid, &ident_buf);
	148	identifier = ident_buf;
	149	}
	150
5ffa8c81	151	xsprintf(header_pid, "["PID_FMT"]: ", ucred->pid);
35e2e347 LP	152
35e2e347 LP	153	if (identifier)
e6a7ec4b	154	iovec[n++] = IOVEC_MAKE_STRING(identifier);
35e2e347	155
e6a7ec4b	156	iovec[n++] = IOVEC_MAKE_STRING(header_pid);
35e2e347	157	} else if (identifier) {
e6a7ec4b LP	158	iovec[n++] = IOVEC_MAKE_STRING(identifier);
e6a7ec4b LP	159	iovec[n++] = IOVEC_MAKE_STRING(": ");
35e2e347 LP	160	}
	161
	162	/* Fourth: message */
e6a7ec4b	163	iovec[n++] = IOVEC_MAKE_STRING(message);
35e2e347 LP	164
35e2e347 LP	165	forward_syslog_iovec(s, iovec, n, ucred, tv);
35e2e347 LP	166	}
	167
	168	int syslog_fixup_facility(int priority) {
	169
	170	if ((priority & LOG_FACMASK) == 0)
	171	return (priority & LOG_PRIMASK) \| LOG_USER;
	172
	173	return priority;
	174	}
	175
e88baee8	176	size_t syslog_parse_identifier(const char buf, char identifier, char **pid) {
35e2e347 LP	177	const char *p;
	178	char *t;
	179	size_t l, e;
	180
	181	assert(buf);
	182	assert(identifier);
	183	assert(pid);
	184
	185	p = *buf;
	186
	187	p += strspn(p, WHITESPACE);
	188	l = strcspn(p, WHITESPACE);
	189
	190	if (l <= 0 \|\|
	191	p[l-1] != ':')
e88baee8	192	return 0;
35e2e347 LP	193
	194	e = l;
	195	l--;
	196
	197	if (p[l-1] == ']') {
	198	size_t k = l-1;
	199
	200	for (;;) {
	201
	202	if (p[k] == '[') {
	203	t = strndup(p+k+1, l-k-2);
	204	if (t)
	205	*pid = t;
	206
	207	l = k;
	208	break;
	209	}
	210
	211	if (k == 0)
	212	break;
	213
	214	k--;
	215	}
	216	}
	217
	218	t = strndup(p, l);
	219	if (t)
	220	*identifier = t;
	221
ec5ff444 FB	222	if (strchr(WHITESPACE, p[e]))
ec5ff444 FB	223	e++;
35e2e347	224	*buf = p + e;
e88baee8	225	return e;
35e2e347 LP	226	}
35e2e347 LP	227
c3950a9b	228	static void syslog_skip_date(const char **buf) {
5809560d LP	229	enum {
	230	LETTER,
	231	SPACE,
	232	NUMBER,
	233	SPACE_OR_NUMBER,
	234	COLON
	235	} sequence[] = {
	236	LETTER, LETTER, LETTER,
	237	SPACE,
	238	SPACE_OR_NUMBER, NUMBER,
	239	SPACE,
	240	SPACE_OR_NUMBER, NUMBER,
	241	COLON,
	242	SPACE_OR_NUMBER, NUMBER,
	243	COLON,
	244	SPACE_OR_NUMBER, NUMBER,
	245	SPACE
	246	};
	247
c3950a9b	248	const char *p;
5809560d LP	249	unsigned i;
	250
	251	assert(buf);
	252	assert(*buf);
	253
	254	p = *buf;
	255
	256	for (i = 0; i < ELEMENTSOF(sequence); i++, p++) {
	257
	258	if (!*p)
	259	return;
	260
	261	switch (sequence[i]) {
	262
	263	case SPACE:
	264	if (*p != ' ')
	265	return;
	266	break;
	267
	268	case SPACE_OR_NUMBER:
	269	if (*p == ' ')
	270	break;
	271
4831981d	272	_fallthrough_;
5809560d LP	273	case NUMBER:
	274	if (p < '0' \|\| p > '9')
	275	return;
	276
	277	break;
	278
	279	case LETTER:
	280	if (!(p >= 'A' && p <= 'Z') &&
	281	!(p >= 'a' && p <= 'z'))
	282	return;
	283
	284	break;
	285
	286	case COLON:
	287	if (*p != ':')
	288	return;
	289	break;
	290
	291	}
	292	}
	293
	294	*buf = p;
	295	}
	296
35e2e347	297	void server_process_syslog_message(
23be5709 LP	298	Server *s,
23be5709 LP	299	const char *buf,
c3950a9b	300	size_t raw_len,
23be5709 LP	301	const struct ucred *ucred,
	302	const struct timeval *tv,
	303	const char *label,
	304	size_t label_len) {
35e2e347	305
8457f8d6	306	char syslog_priority[sizeof("PRIORITY=") + DECIMAL_STR_MAX(int)],
c3950a9b ZJS	307	syslog_facility[sizeof("SYSLOG_FACILITY=") + DECIMAL_STR_MAX(int)];
c3950a9b ZJS	308	const char message = NULL, syslog_identifier = NULL, syslog_pid = NULL, msg;
8457f8d6	309	_cleanup_free_ char identifier = NULL, pid = NULL;
22e3a02b LP	310	int priority = LOG_USER \| LOG_INFO, r;
22e3a02b LP	311	ClientContext *context = NULL;
d3070fbd	312	struct iovec *iovec;
c3950a9b	313	size_t n = 0, m, i, leading_ws;
35e2e347 LP	314
	315	assert(s);
	316	assert(buf);
c3950a9b ZJS	317	/* The message cannot be empty. */
	318	assert(raw_len > 0);
	319	/* The buffer NUL-terminated and can be used a string. raw_len is the length
	320	* without the terminating NUL byte, the buffer is actually one bigger. */
	321	assert(buf[raw_len] == '\0');
35e2e347	322
d3070fbd LP	323	if (ucred && pid_is_valid(ucred->pid)) {
	324	r = client_context_get(s, ucred->pid, ucred, label, label_len, NULL, &context);
	325	if (r < 0)
	326	log_warning_errno(r, "Failed to retrieve credentials for PID " PID_FMT ", ignoring: %m", ucred->pid);
	327	}
	328
c3950a9b ZJS	329	/* We are creating a copy of the message because we want to forward the original message
	330	verbatim to the legacy syslog implementation */
	331	for (i = raw_len; i > 0; i--)
bb3ff70a MS	332	if (!strchr(WHITESPACE, buf[i-1]))
	333	break;
	334
c3950a9b ZJS	335	leading_ws = strspn(buf, WHITESPACE);
	336
	337	if (i == raw_len)
	338	/* Nice! No need to strip anything on the end, let's optimize this a bit */
	339	msg = buf + leading_ws;
	340	else {
	341	char *t;
	342
	343	msg = t = newa(char, i - leading_ws + 1);
	344	memcpy(t, buf + leading_ws, i - leading_ws);
	345	t[i - leading_ws] = 0;
	346	}
bb3ff70a	347
c3950a9b	348	syslog_parse_priority(&msg, &priority, true);
35e2e347	349
d3070fbd LP	350	if (!client_context_test_priority(context, priority))
	351	return;
	352
bb3ff70a	353	syslog_skip_date(&msg);
c3950a9b ZJS	354	syslog_parse_identifier(&msg, &identifier, &pid);
	355
	356	if (s->forward_to_syslog)
	357	forward_syslog_raw(s, priority, buf, raw_len, ucred, tv);
35e2e347 LP	358
35e2e347 LP	359	if (s->forward_to_kmsg)
bb3ff70a	360	server_forward_kmsg(s, priority, identifier, msg, ucred);
35e2e347 LP	361
35e2e347 LP	362	if (s->forward_to_console)
bb3ff70a	363	server_forward_console(s, priority, identifier, msg, ucred);
35e2e347	364
40b71e89	365	if (s->forward_to_wall)
bb3ff70a	366	server_forward_wall(s, priority, identifier, msg, ucred);
40b71e89	367
d3070fbd LP	368	m = N_IOVEC_META_FIELDS + 6 + client_context_extra_fields_n_iovec(context);
	369	iovec = newa(struct iovec, m);
	370
e6a7ec4b	371	iovec[n++] = IOVEC_MAKE_STRING("_TRANSPORT=syslog");
35e2e347	372
d054f0a4	373	xsprintf(syslog_priority, "PRIORITY=%i", priority & LOG_PRIMASK);
e6a7ec4b	374	iovec[n++] = IOVEC_MAKE_STRING(syslog_priority);
35e2e347	375
8457f8d6	376	if (priority & LOG_FACMASK) {
d054f0a4	377	xsprintf(syslog_facility, "SYSLOG_FACILITY=%i", LOG_FAC(priority));
e6a7ec4b	378	iovec[n++] = IOVEC_MAKE_STRING(syslog_facility);
8457f8d6	379	}
35e2e347 LP	380
35e2e347 LP	381	if (identifier) {
63c372cb	382	syslog_identifier = strjoina("SYSLOG_IDENTIFIER=", identifier);
e6a7ec4b	383	iovec[n++] = IOVEC_MAKE_STRING(syslog_identifier);
35e2e347 LP	384	}
	385
	386	if (pid) {
63c372cb	387	syslog_pid = strjoina("SYSLOG_PID=", pid);
e6a7ec4b	388	iovec[n++] = IOVEC_MAKE_STRING(syslog_pid);
35e2e347 LP	389	}
35e2e347 LP	390
bb3ff70a	391	message = strjoina("MESSAGE=", msg);
35e2e347	392	if (message)
e6a7ec4b	393	iovec[n++] = IOVEC_MAKE_STRING(message);
35e2e347	394
d3070fbd	395	server_dispatch_message(s, iovec, n, m, context, tv, priority, 0);
35e2e347 LP	396	}
	397
	398	int server_open_syslog_socket(Server *s) {
fc2fffe7 LP	399
	400	static const union sockaddr_union sa = {
	401	.un.sun_family = AF_UNIX,
	402	.un.sun_path = "/run/systemd/journal/dev-log",
	403	};
3b3154df LP	404	static const int one = 1;
3b3154df LP	405	int r;
35e2e347 LP	406
	407	assert(s);
	408
	409	if (s->syslog_fd < 0) {
35e2e347	410	s->syslog_fd = socket(AF_UNIX, SOCK_DGRAM\|SOCK_CLOEXEC\|SOCK_NONBLOCK, 0);
4a62c710 MS	411	if (s->syslog_fd < 0)
4a62c710 MS	412	return log_error_errno(errno, "socket() failed: %m");
35e2e347	413
fc2fffe7	414	(void) unlink(sa.un.sun_path);
35e2e347	415
fc2fffe7	416	r = bind(s->syslog_fd, &sa.sa, SOCKADDR_UN_LEN(sa.un));
4a62c710 MS	417	if (r < 0)
4a62c710 MS	418	return log_error_errno(errno, "bind(%s) failed: %m", sa.un.sun_path);
35e2e347	419
4a61c3e5	420	(void) chmod(sa.un.sun_path, 0666);
35e2e347 LP	421	} else
	422	fd_nonblock(s->syslog_fd, 1);
	423
35e2e347	424	r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one));
4a62c710 MS	425	if (r < 0)
4a62c710 MS	426	return log_error_errno(errno, "SO_PASSCRED failed: %m");
35e2e347	427
349cc4a5	428	#if HAVE_SELINUX
6d395665	429	if (mac_selinux_use()) {
d682b3a7 LP	430	r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one));
d682b3a7 LP	431	if (r < 0)
56f64d95	432	log_warning_errno(errno, "SO_PASSSEC failed: %m");
d682b3a7	433	}
35e2e347 LP	434	#endif
35e2e347 LP	435
35e2e347	436	r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_TIMESTAMP, &one, sizeof(one));
4a62c710 MS	437	if (r < 0)
4a62c710 MS	438	return log_error_errno(errno, "SO_TIMESTAMP failed: %m");
35e2e347	439
8531ae70	440	r = sd_event_add_io(s->event, &s->syslog_event_source, s->syslog_fd, EPOLLIN, server_process_datagram, s);
23bbb0de MS	441	if (r < 0)
23bbb0de MS	442	return log_error_errno(r, "Failed to add syslog server fd to event loop: %m");
35e2e347	443
48cef295 VC	444	r = sd_event_source_set_priority(s->syslog_event_source, SD_EVENT_PRIORITY_NORMAL+5);
	445	if (r < 0)
	446	return log_error_errno(r, "Failed to adjust syslog event source priority: %m");
	447
35e2e347 LP	448	return 0;
35e2e347 LP	449	}
178cc770 LP	450
	451	void server_maybe_warn_forward_syslog_missed(Server *s) {
	452	usec_t n;
fc2fffe7	453
178cc770 LP	454	assert(s);
	455
	456	if (s->n_forward_syslog_missed <= 0)
	457	return;
	458
	459	n = now(CLOCK_MONOTONIC);
	460	if (s->last_warn_forward_syslog_missed + WARN_FORWARD_SYSLOG_MISSED_USEC > n)
	461	return;
	462
13181942	463	server_driver_message(s, 0,
2b044526	464	"MESSAGE_ID=" SD_MESSAGE_FORWARD_SYSLOG_MISSED_STR,
8a03c9ef ZJS	465	LOG_MESSAGE("Forwarding to syslog missed %u messages.",
	466	s->n_forward_syslog_missed),
	467	NULL);
178cc770 LP	468
	469	s->n_forward_syslog_missed = 0;
	470	s->last_warn_forward_syslog_missed = n;
	471	}