1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 This file is part of systemd.
5 Copyright 2011 Lennart Poettering
12 #include "sd-messages.h"
14 #include "alloc-util.h"
16 #include "format-util.h"
18 #include "journald-console.h"
19 #include "journald-kmsg.h"
20 #include "journald-server.h"
21 #include "journald-syslog.h"
22 #include "journald-wall.h"
23 #include "process-util.h"
24 #include "selinux-util.h"
25 #include "socket-util.h"
26 #include "stdio-util.h"
27 #include "string-util.h"
28 #include "syslog-util.h"
30 /* Warn once every 30s if we missed syslog message */
31 #define WARN_FORWARD_SYSLOG_MISSED_USEC (30 * USEC_PER_SEC)
33 static void forward_syslog_iovec(Server
*s
, const struct iovec
*iovec
, unsigned n_iovec
, const struct ucred
*ucred
, const struct timeval
*tv
) {
35 static const union sockaddr_union sa
= {
36 .un
.sun_family
= AF_UNIX
,
37 .un
.sun_path
= "/run/systemd/journal/syslog",
39 struct msghdr msghdr
= {
40 .msg_iov
= (struct iovec
*) iovec
,
41 .msg_iovlen
= n_iovec
,
42 .msg_name
= (struct sockaddr
*) &sa
.sa
,
43 .msg_namelen
= SOCKADDR_UN_LEN(sa
.un
),
47 struct cmsghdr cmsghdr
;
48 uint8_t buf
[CMSG_SPACE(sizeof(struct ucred
))];
57 msghdr
.msg_control
= &control
;
58 msghdr
.msg_controllen
= sizeof(control
);
60 cmsg
= CMSG_FIRSTHDR(&msghdr
);
61 cmsg
->cmsg_level
= SOL_SOCKET
;
62 cmsg
->cmsg_type
= SCM_CREDENTIALS
;
63 cmsg
->cmsg_len
= CMSG_LEN(sizeof(struct ucred
));
64 memcpy(CMSG_DATA(cmsg
), ucred
, sizeof(struct ucred
));
65 msghdr
.msg_controllen
= cmsg
->cmsg_len
;
68 /* Forward the syslog message we received via /dev/log to
69 * /run/systemd/syslog. Unfortunately we currently can't set
70 * the SO_TIMESTAMP auxiliary data, and hence we don't. */
72 if (sendmsg(s
->syslog_fd
, &msghdr
, MSG_NOSIGNAL
) >= 0)
75 /* The socket is full? I guess the syslog implementation is
76 * too slow, and we shouldn't wait for that... */
77 if (errno
== EAGAIN
) {
78 s
->n_forward_syslog_missed
++;
82 if (ucred
&& IN_SET(errno
, ESRCH
, EPERM
)) {
85 /* Hmm, presumably the sender process vanished
86 * by now, or we don't have CAP_SYS_AMDIN, so
87 * let's fix it as good as we can, and retry */
90 u
.pid
= getpid_cached();
91 memcpy(CMSG_DATA(cmsg
), &u
, sizeof(struct ucred
));
93 if (sendmsg(s
->syslog_fd
, &msghdr
, MSG_NOSIGNAL
) >= 0)
96 if (errno
== EAGAIN
) {
97 s
->n_forward_syslog_missed
++;
103 log_debug_errno(errno
, "Failed to forward syslog message: %m");
106 static void forward_syslog_raw(Server
*s
, int priority
, const char *buffer
, const struct ucred
*ucred
, const struct timeval
*tv
) {
112 if (LOG_PRI(priority
) > s
->max_level_syslog
)
115 iovec
= IOVEC_MAKE_STRING(buffer
);
116 forward_syslog_iovec(s
, &iovec
, 1, ucred
, tv
);
119 void server_forward_syslog(Server
*s
, int priority
, const char *identifier
, const char *message
, const struct ucred
*ucred
, const struct timeval
*tv
) {
120 struct iovec iovec
[5];
121 char header_priority
[DECIMAL_STR_MAX(priority
) + 3], header_time
[64],
122 header_pid
[STRLEN("[]: ") + DECIMAL_STR_MAX(pid_t
) + 1];
126 _cleanup_free_
char *ident_buf
= NULL
;
129 assert(priority
>= 0);
130 assert(priority
<= 999);
133 if (LOG_PRI(priority
) > s
->max_level_syslog
)
136 /* First: priority field */
137 xsprintf(header_priority
, "<%i>", priority
);
138 iovec
[n
++] = IOVEC_MAKE_STRING(header_priority
);
140 /* Second: timestamp */
141 t
= tv
? tv
->tv_sec
: ((time_t) (now(CLOCK_REALTIME
) / USEC_PER_SEC
));
145 if (strftime(header_time
, sizeof(header_time
), "%h %e %T ", tm
) <= 0)
147 iovec
[n
++] = IOVEC_MAKE_STRING(header_time
);
149 /* Third: identifier and PID */
152 get_process_comm(ucred
->pid
, &ident_buf
);
153 identifier
= ident_buf
;
156 xsprintf(header_pid
, "["PID_FMT
"]: ", ucred
->pid
);
159 iovec
[n
++] = IOVEC_MAKE_STRING(identifier
);
161 iovec
[n
++] = IOVEC_MAKE_STRING(header_pid
);
162 } else if (identifier
) {
163 iovec
[n
++] = IOVEC_MAKE_STRING(identifier
);
164 iovec
[n
++] = IOVEC_MAKE_STRING(": ");
167 /* Fourth: message */
168 iovec
[n
++] = IOVEC_MAKE_STRING(message
);
170 forward_syslog_iovec(s
, iovec
, n
, ucred
, tv
);
173 int syslog_fixup_facility(int priority
) {
175 if ((priority
& LOG_FACMASK
) == 0)
176 return (priority
& LOG_PRIMASK
) | LOG_USER
;
181 size_t syslog_parse_identifier(const char **buf
, char **identifier
, char **pid
) {
192 p
+= strspn(p
, WHITESPACE
);
193 l
= strcspn(p
, WHITESPACE
);
208 t
= strndup(p
+k
+1, l
-k
-2);
227 if (strchr(WHITESPACE
, p
[e
]))
233 static void syslog_skip_date(char **buf
) {
241 LETTER
, LETTER
, LETTER
,
243 SPACE_OR_NUMBER
, NUMBER
,
245 SPACE_OR_NUMBER
, NUMBER
,
247 SPACE_OR_NUMBER
, NUMBER
,
249 SPACE_OR_NUMBER
, NUMBER
,
261 for (i
= 0; i
< ELEMENTSOF(sequence
); i
++, p
++) {
266 switch (sequence
[i
]) {
273 case SPACE_OR_NUMBER
:
279 if (*p
< '0' || *p
> '9')
285 if (!(*p
>= 'A' && *p
<= 'Z') &&
286 !(*p
>= 'a' && *p
<= 'z'))
302 void server_process_syslog_message(
305 const struct ucred
*ucred
,
306 const struct timeval
*tv
,
310 char syslog_priority
[sizeof("PRIORITY=") + DECIMAL_STR_MAX(int)],
311 syslog_facility
[sizeof("SYSLOG_FACILITY=") + DECIMAL_STR_MAX(int)];
312 const char *message
= NULL
, *syslog_identifier
= NULL
, *syslog_pid
= NULL
;
313 _cleanup_free_
char *identifier
= NULL
, *pid
= NULL
;
314 int priority
= LOG_USER
| LOG_INFO
, r
;
315 ClientContext
*context
= NULL
;
323 if (ucred
&& pid_is_valid(ucred
->pid
)) {
324 r
= client_context_get(s
, ucred
->pid
, ucred
, label
, label_len
, NULL
, &context
);
326 log_warning_errno(r
, "Failed to retrieve credentials for PID " PID_FMT
", ignoring: %m", ucred
->pid
);
330 syslog_parse_priority(&buf
, &priority
, true);
332 if (!client_context_test_priority(context
, priority
))
335 if (s
->forward_to_syslog
)
336 forward_syslog_raw(s
, priority
, orig
, ucred
, tv
);
338 syslog_skip_date((char**) &buf
);
339 syslog_parse_identifier(&buf
, &identifier
, &pid
);
341 if (s
->forward_to_kmsg
)
342 server_forward_kmsg(s
, priority
, identifier
, buf
, ucred
);
344 if (s
->forward_to_console
)
345 server_forward_console(s
, priority
, identifier
, buf
, ucred
);
347 if (s
->forward_to_wall
)
348 server_forward_wall(s
, priority
, identifier
, buf
, ucred
);
350 m
= N_IOVEC_META_FIELDS
+ 6 + client_context_extra_fields_n_iovec(context
);
351 iovec
= newa(struct iovec
, m
);
353 iovec
[n
++] = IOVEC_MAKE_STRING("_TRANSPORT=syslog");
355 xsprintf(syslog_priority
, "PRIORITY=%i", priority
& LOG_PRIMASK
);
356 iovec
[n
++] = IOVEC_MAKE_STRING(syslog_priority
);
358 if (priority
& LOG_FACMASK
) {
359 xsprintf(syslog_facility
, "SYSLOG_FACILITY=%i", LOG_FAC(priority
));
360 iovec
[n
++] = IOVEC_MAKE_STRING(syslog_facility
);
364 syslog_identifier
= strjoina("SYSLOG_IDENTIFIER=", identifier
);
365 iovec
[n
++] = IOVEC_MAKE_STRING(syslog_identifier
);
369 syslog_pid
= strjoina("SYSLOG_PID=", pid
);
370 iovec
[n
++] = IOVEC_MAKE_STRING(syslog_pid
);
373 message
= strjoina("MESSAGE=", buf
);
375 iovec
[n
++] = IOVEC_MAKE_STRING(message
);
377 server_dispatch_message(s
, iovec
, n
, m
, context
, tv
, priority
, 0);
380 int server_open_syslog_socket(Server
*s
) {
382 static const union sockaddr_union sa
= {
383 .un
.sun_family
= AF_UNIX
,
384 .un
.sun_path
= "/run/systemd/journal/dev-log",
386 static const int one
= 1;
391 if (s
->syslog_fd
< 0) {
392 s
->syslog_fd
= socket(AF_UNIX
, SOCK_DGRAM
|SOCK_CLOEXEC
|SOCK_NONBLOCK
, 0);
393 if (s
->syslog_fd
< 0)
394 return log_error_errno(errno
, "socket() failed: %m");
396 (void) unlink(sa
.un
.sun_path
);
398 r
= bind(s
->syslog_fd
, &sa
.sa
, SOCKADDR_UN_LEN(sa
.un
));
400 return log_error_errno(errno
, "bind(%s) failed: %m", sa
.un
.sun_path
);
402 (void) chmod(sa
.un
.sun_path
, 0666);
404 fd_nonblock(s
->syslog_fd
, 1);
406 r
= setsockopt(s
->syslog_fd
, SOL_SOCKET
, SO_PASSCRED
, &one
, sizeof(one
));
408 return log_error_errno(errno
, "SO_PASSCRED failed: %m");
411 if (mac_selinux_use()) {
412 r
= setsockopt(s
->syslog_fd
, SOL_SOCKET
, SO_PASSSEC
, &one
, sizeof(one
));
414 log_warning_errno(errno
, "SO_PASSSEC failed: %m");
418 r
= setsockopt(s
->syslog_fd
, SOL_SOCKET
, SO_TIMESTAMP
, &one
, sizeof(one
));
420 return log_error_errno(errno
, "SO_TIMESTAMP failed: %m");
422 r
= sd_event_add_io(s
->event
, &s
->syslog_event_source
, s
->syslog_fd
, EPOLLIN
, server_process_datagram
, s
);
424 return log_error_errno(r
, "Failed to add syslog server fd to event loop: %m");
426 r
= sd_event_source_set_priority(s
->syslog_event_source
, SD_EVENT_PRIORITY_NORMAL
+5);
428 return log_error_errno(r
, "Failed to adjust syslog event source priority: %m");
433 void server_maybe_warn_forward_syslog_missed(Server
*s
) {
438 if (s
->n_forward_syslog_missed
<= 0)
441 n
= now(CLOCK_MONOTONIC
);
442 if (s
->last_warn_forward_syslog_missed
+ WARN_FORWARD_SYSLOG_MISSED_USEC
> n
)
445 server_driver_message(s
, 0,
446 "MESSAGE_ID=" SD_MESSAGE_FORWARD_SYSLOG_MISSED_STR
,
447 LOG_MESSAGE("Forwarding to syslog missed %u messages.",
448 s
->n_forward_syslog_missed
),
451 s
->n_forward_syslog_missed
= 0;
452 s
->last_warn_forward_syslog_missed
= n
;