1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1983, 1988, 1993, 1994 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the University nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 /*- 32 * SPDX-License-Identifier: BSD-2-Clause 33 * 34 * Copyright (c) 2018 Prodrive Technologies, https://prodrive-technologies.com/ 35 * Author: Ed Schouten <ed@FreeBSD.org> 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 46 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 47 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 48 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 49 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 50 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 51 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 52 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 53 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 54 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 55 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 56 * SUCH DAMAGE. 57 */ 58 59 #ifndef lint 60 static const char copyright[] = 61 "@(#) Copyright (c) 1983, 1988, 1993, 1994\n\ 62 The Regents of the University of California. All rights reserved.\n"; 63 #endif /* not lint */ 64 65 #ifndef lint 66 #if 0 67 static char sccsid[] = "@(#)syslogd.c 8.3 (Berkeley) 4/4/94"; 68 #endif 69 #endif /* not lint */ 70 71 #include <sys/cdefs.h> 72 /* 73 * syslogd -- log system messages 74 * 75 * This program implements a system log. It takes a series of lines. 76 * Each line may have a priority, signified as "<n>" as 77 * the first characters of the line. If this is 78 * not present, a default priority is used. 79 * 80 * To kill syslogd, send a signal 15 (terminate). A signal 1 (hup) will 81 * cause it to reread its configuration file. 82 * 83 * Defined Constants: 84 * 85 * MAXLINE -- the maximum line length that can be handled. 86 * DEFUPRI -- the default priority for user messages 87 * DEFSPRI -- the default priority for kernel messages 88 * 89 * Author: Eric Allman 90 * extensive changes by Ralph Campbell 91 * more extensive changes by Eric Allman (again) 92 * Extension to log by program name as well as facility and priority 93 * by Peter da Silva. 94 * -u and -v by Harlan Stenn. 95 * Priority comparison code by Harlan Stenn. 96 */ 97 98 #define MAXLINE 8192 /* maximum line length */ 99 #define MAXSVLINE MAXLINE /* maximum saved line length */ 100 #define DEFUPRI (LOG_USER|LOG_NOTICE) 101 #define DEFSPRI (LOG_KERN|LOG_CRIT) 102 #define TIMERINTVL 30 /* interval for checking flush, mark */ 103 #define TTYMSGTIME 1 /* timeout passed to ttymsg */ 104 #define RCVBUF_MINSIZE (80 * 1024) /* minimum size of dgram rcv buffer */ 105 106 #include <sys/param.h> 107 #include <sys/event.h> 108 #include <sys/ioctl.h> 109 #include <sys/mman.h> 110 #include <sys/procdesc.h> 111 #include <sys/queue.h> 112 #include <sys/resource.h> 113 #include <sys/socket.h> 114 #include <sys/stat.h> 115 #include <sys/syslimits.h> 116 #include <sys/time.h> 117 #include <sys/uio.h> 118 #include <sys/un.h> 119 #include <sys/wait.h> 120 121 #if defined(INET) || defined(INET6) 122 #include <netinet/in.h> 123 #include <arpa/inet.h> 124 #endif 125 126 #include <assert.h> 127 #include <ctype.h> 128 #include <dirent.h> 129 #include <err.h> 130 #include <errno.h> 131 #include <fcntl.h> 132 #include <fnmatch.h> 133 #include <libgen.h> 134 #include <libutil.h> 135 #include <limits.h> 136 #include <netdb.h> 137 #include <paths.h> 138 #include <poll.h> 139 #include <regex.h> 140 #include <signal.h> 141 #include <stdbool.h> 142 #include <stddef.h> 143 #include <stdio.h> 144 #include <stdlib.h> 145 #include <string.h> 146 #include <sysexits.h> 147 #include <unistd.h> 148 #include <utmpx.h> 149 150 #include "pathnames.h" 151 #include "ttymsg.h" 152 153 #define SYSLOG_NAMES 154 #include <sys/syslog.h> 155 156 static const char *ConfFile = _PATH_LOGCONF; 157 static const char *PidFile = _PATH_LOGPID; 158 static const char include_str[] = "include"; 159 static const char include_ext[] = ".conf"; 160 161 #define dprintf if (Debug) printf 162 163 #define MAXUNAMES 20 /* maximum number of user names */ 164 165 #define sstosa(ss) ((struct sockaddr *)(ss)) 166 #ifdef INET 167 #define sstosin(ss) ((struct sockaddr_in *)(void *)(ss)) 168 #define satosin(sa) ((struct sockaddr_in *)(void *)(sa)) 169 #endif 170 #ifdef INET6 171 #define sstosin6(ss) ((struct sockaddr_in6 *)(void *)(ss)) 172 #define satosin6(sa) ((struct sockaddr_in6 *)(void *)(sa)) 173 #define s6_addr32 __u6_addr.__u6_addr32 174 #define IN6_ARE_MASKED_ADDR_EQUAL(d, a, m) ( \ 175 (((d)->s6_addr32[0] ^ (a)->s6_addr32[0]) & (m)->s6_addr32[0]) == 0 && \ 176 (((d)->s6_addr32[1] ^ (a)->s6_addr32[1]) & (m)->s6_addr32[1]) == 0 && \ 177 (((d)->s6_addr32[2] ^ (a)->s6_addr32[2]) & (m)->s6_addr32[2]) == 0 && \ 178 (((d)->s6_addr32[3] ^ (a)->s6_addr32[3]) & (m)->s6_addr32[3]) == 0 ) 179 #endif 180 181 /* 182 * List of peers and sockets that can't be bound until 183 * flags have been parsed. 184 */ 185 struct peer { 186 const char *pe_name; 187 const char *pe_serv; 188 mode_t pe_mode; 189 STAILQ_ENTRY(peer) next; 190 }; 191 static STAILQ_HEAD(, peer) pqueue = STAILQ_HEAD_INITIALIZER(pqueue); 192 193 /* 194 * Sockets used for logging; monitored by kevent(). 195 */ 196 struct socklist { 197 struct addrinfo sl_ai; 198 #define sl_sa sl_ai.ai_addr 199 #define sl_salen sl_ai.ai_addrlen 200 #define sl_family sl_ai.ai_family 201 int sl_socket; 202 char *sl_name; 203 int sl_dirfd; 204 int (*sl_recv)(struct socklist *); 205 STAILQ_ENTRY(socklist) next; 206 }; 207 static STAILQ_HEAD(, socklist) shead = STAILQ_HEAD_INITIALIZER(shead); 208 209 /* 210 * Flags to logmsg(). 211 */ 212 213 #define IGN_CONS 0x001 /* don't print on console */ 214 #define SYNC_FILE 0x002 /* do fsync on file after printing */ 215 #define MARK 0x008 /* this message is a mark */ 216 #define ISKERNEL 0x010 /* kernel generated message */ 217 218 /* Timestamps of log entries. */ 219 struct logtime { 220 struct tm tm; 221 suseconds_t usec; 222 }; 223 224 /* Traditional syslog timestamp format. */ 225 #define RFC3164_DATELEN 15 226 #define RFC3164_DATEFMT "%b %e %H:%M:%S" 227 228 enum filt_proptype { 229 FILT_PROP_NOOP, 230 FILT_PROP_MSG, 231 FILT_PROP_HOSTNAME, 232 FILT_PROP_PROGNAME, 233 }; 234 235 enum filt_cmptype { 236 FILT_CMP_CONTAINS, 237 FILT_CMP_EQUAL, 238 FILT_CMP_STARTS, 239 FILT_CMP_REGEX, 240 }; 241 242 /* 243 * This structure holds a property-based filter 244 */ 245 struct prop_filter { 246 enum filt_proptype prop_type; 247 enum filt_cmptype cmp_type; 248 uint8_t cmp_flags; 249 #define FILT_FLAG_EXCLUDE (1 << 0) 250 #define FILT_FLAG_ICASE (1 << 1) 251 union { 252 char *p_strval; 253 regex_t *p_re; 254 } pflt_uniptr; 255 #define pflt_strval pflt_uniptr.p_strval 256 #define pflt_re pflt_uniptr.p_re 257 size_t pflt_strlen; 258 }; 259 260 enum f_type { 261 F_UNUSED, /* unused entry */ 262 F_FILE, /* regular file */ 263 F_TTY, /* terminal */ 264 F_CONSOLE, /* console terminal */ 265 F_FORW, /* remote machine */ 266 F_USERS, /* list of users */ 267 F_WALL, /* everyone logged on */ 268 F_PIPE, /* pipe to program */ 269 }; 270 271 /* 272 * This structure represents the files that will have log 273 * copies printed. 274 * We require f_file to be valid if f_type is F_FILE, F_CONSOLE, F_TTY 275 * or if f_type is F_PIPE and f_pid > 0. 276 */ 277 struct filed { 278 enum f_type f_type; 279 280 /* Used for filtering. */ 281 char *f_host; /* host from which to recd. */ 282 char *f_program; /* program this applies to */ 283 struct prop_filter *f_prop_filter; /* property-based filter */ 284 u_char f_pmask[LOG_NFACILITIES+1]; /* priority mask */ 285 u_char f_pcmp[LOG_NFACILITIES+1]; /* compare priority */ 286 #define PRI_LT 0x1 287 #define PRI_EQ 0x2 288 #define PRI_GT 0x4 289 290 /* Logging destinations. */ 291 int f_file; /* file descriptor */ 292 int f_flags; /* file-specific flags */ 293 #define FFLAG_SYNC 0x01 294 #define FFLAG_NEEDSYNC 0x02 295 union { 296 char f_uname[MAXUNAMES][MAXLOGNAME]; /* F_WALL, F_USERS */ 297 char f_fname[MAXPATHLEN]; /* F_FILE, F_CONSOLE, F_TTY */ 298 struct { 299 char f_hname[MAXHOSTNAMELEN]; 300 struct addrinfo *f_addr; 301 } f_forw; /* F_FORW */ 302 struct { 303 char f_pname[MAXPATHLEN]; 304 int f_procdesc; 305 } f_pipe; /* F_PIPE */ 306 } f_un; 307 #define fu_uname f_un.f_uname 308 #define fu_fname f_un.f_fname 309 #define fu_forw_hname f_un.f_forw.f_hname 310 #define fu_forw_addr f_un.f_forw.f_addr 311 #define fu_pipe_pname f_un.f_pipe.f_pname 312 #define fu_pipe_pd f_un.f_pipe.f_procdesc 313 314 /* Book-keeping. */ 315 char f_prevline[MAXSVLINE]; /* last message logged */ 316 time_t f_time; /* time this was last written */ 317 struct logtime f_lasttime; /* time of last occurrence */ 318 int f_prevpri; /* pri of f_prevline */ 319 size_t f_prevlen; /* length of f_prevline */ 320 int f_prevcount; /* repetition cnt of prevline */ 321 u_int f_repeatcount; /* number of "repeated" msgs */ 322 STAILQ_ENTRY(filed) next; /* next in linked list */ 323 }; 324 static STAILQ_HEAD(, filed) fhead = 325 STAILQ_HEAD_INITIALIZER(fhead); /* Log files that we write to */ 326 static struct filed consfile; /* Console */ 327 328 329 /* 330 * Queue of about-to-be dead processes we should watch out for. 331 */ 332 struct deadq_entry { 333 int dq_procdesc; 334 int dq_timeout; 335 TAILQ_ENTRY(deadq_entry) dq_entries; 336 }; 337 static TAILQ_HEAD(, deadq_entry) deadq_head = 338 TAILQ_HEAD_INITIALIZER(deadq_head); 339 340 /* 341 * The timeout to apply to processes waiting on the dead queue. Unit 342 * of measure is `mark intervals', i.e. 20 minutes by default. 343 * Processes on the dead queue will be terminated after that time. 344 */ 345 346 #define DQ_TIMO_INIT 2 347 348 /* 349 * Network addresses that are allowed to log to us. 350 */ 351 struct allowedpeer { 352 bool isnumeric; 353 u_short port; 354 union { 355 struct { 356 struct sockaddr_storage addr; 357 struct sockaddr_storage mask; 358 } numeric; 359 char *name; 360 } u; 361 #define a_addr u.numeric.addr 362 #define a_mask u.numeric.mask 363 #define a_name u.name 364 STAILQ_ENTRY(allowedpeer) next; 365 }; 366 static STAILQ_HEAD(, allowedpeer) aphead = STAILQ_HEAD_INITIALIZER(aphead); 367 368 /* 369 * Intervals at which we flush out "message repeated" messages, 370 * in seconds after previous message is logged. After each flush, 371 * we move to the next interval until we reach the largest. 372 */ 373 static int repeatinterval[] = { 30, 120, 600 }; /* # of secs before flush */ 374 #define MAXREPEAT (nitems(repeatinterval) - 1) 375 #define REPEATTIME(f) ((f)->f_time + repeatinterval[(f)->f_repeatcount]) 376 #define BACKOFF(f) do { \ 377 if (++(f)->f_repeatcount > MAXREPEAT) \ 378 (f)->f_repeatcount = MAXREPEAT; \ 379 } while (0) 380 381 static const char *TypeNames[] = { 382 "UNUSED", 383 "FILE", 384 "TTY", 385 "CONSOLE", 386 "FORW", 387 "USERS", 388 "WALL", 389 "PIPE", 390 }; 391 392 static const int sigcatch[] = { 393 SIGHUP, 394 SIGINT, 395 SIGQUIT, 396 SIGPIPE, 397 SIGALRM, 398 SIGTERM, 399 SIGCHLD, 400 }; 401 402 static int nulldesc; /* /dev/null descriptor */ 403 static bool Debug; /* debug flag */ 404 static bool Foreground = false; /* Run in foreground, instead of daemonizing */ 405 static bool resolve = true; /* resolve hostname */ 406 static char LocalHostName[MAXHOSTNAMELEN]; /* our hostname */ 407 static const char *LocalDomain; /* our local domain name */ 408 static bool Initialized; /* set when we have initialized ourselves */ 409 static int MarkInterval = 20 * 60; /* interval between marks in seconds */ 410 static int MarkSeq; /* mark sequence number */ 411 static bool NoBind; /* don't bind() as suggested by RFC 3164 */ 412 static int SecureMode; /* when true, receive only unix domain socks */ 413 static int MaxForwardLen = 1024; /* max length of forwared message */ 414 #ifdef INET6 415 static int family = PF_UNSPEC; /* protocol family (IPv4, IPv6 or both) */ 416 #else 417 static int family = PF_INET; /* protocol family (IPv4 only) */ 418 #endif 419 static int mask_C1 = 1; /* mask characters from 0x80 - 0x9F */ 420 static int send_to_all; /* send message to all IPv4/IPv6 addresses */ 421 static int use_bootfile; /* log entire bootfile for every kern msg */ 422 static int no_compress; /* don't compress messages (1=pipes, 2=all) */ 423 static int logflags = O_WRONLY|O_APPEND; /* flags used to open log files */ 424 425 static char bootfile[MAXPATHLEN]; /* booted kernel file */ 426 427 static bool RemoteAddDate; /* Always set the date on remote messages */ 428 static bool RemoteHostname; /* Log remote hostname from the message */ 429 430 static bool UniquePriority; /* Only log specified priority? */ 431 static int LogFacPri; /* Put facility and priority in log message: */ 432 /* 0=no, 1=numeric, 2=names */ 433 static bool KeepKernFac; /* Keep remotely logged kernel facility */ 434 static bool needdofsync = true; /* Are any file(s) waiting to be fsynced? */ 435 static struct pidfh *pfh; 436 static bool RFC3164OutputFormat = true; /* Use legacy format by default. */ 437 438 struct iovlist; 439 440 static bool allowaddr(char *); 441 static void addpeer(const char *, const char *, mode_t); 442 static void addsock(const char *, const char *, mode_t); 443 static void cfline(const char *, const char *, const char *, const char *); 444 static const char *cvthname(struct sockaddr *); 445 static void deadq_enter(int); 446 static void deadq_remove(struct deadq_entry *); 447 static int decode(const char *, const CODE *); 448 static void die(int) __dead2; 449 static void dofsync(void); 450 static void fprintlog_first(struct filed *, const char *, const char *, 451 const char *, const char *, const char *, const char *, int); 452 static void fprintlog_write(struct filed *, struct iovlist *, int); 453 static void fprintlog_successive(struct filed *, int); 454 static void init(bool); 455 static void logerror(const char *); 456 static void logmsg(int, const struct logtime *, const char *, const char *, 457 const char *, const char *, const char *, const char *, int); 458 static void markit(void); 459 static struct socklist *socksetup(struct addrinfo *, const char *, mode_t); 460 static int socklist_recv_file(struct socklist *); 461 static int socklist_recv_sock(struct socklist *); 462 static int skip_message(const char *, const char *, int); 463 static int evaluate_prop_filter(const struct prop_filter *filter, 464 const char *value); 465 static struct prop_filter *prop_filter_compile(const char *); 466 static void parsemsg(const char *, char *); 467 static void printsys(char *); 468 static int p_open(const char *, pid_t *); 469 static const char *ttymsg_check(struct iovec *, int, char *, int); 470 static void usage(void); 471 static bool validate(struct sockaddr *, const char *); 472 static void unmapped(struct sockaddr *); 473 static void wallmsg(struct filed *, struct iovec *, const int iovlen); 474 static int waitdaemon(int); 475 static void increase_rcvbuf(int); 476 477 static void 478 close_filed(struct filed *f) 479 { 480 481 if (f == NULL || f->f_file == -1) 482 return; 483 484 switch (f->f_type) { 485 case F_FORW: 486 if (f->fu_forw_addr != NULL) { 487 freeaddrinfo(f->fu_forw_addr); 488 f->fu_forw_addr = NULL; 489 } 490 /* FALLTHROUGH */ 491 case F_FILE: 492 case F_TTY: 493 case F_CONSOLE: 494 f->f_type = F_UNUSED; 495 break; 496 case F_PIPE: 497 if (f->fu_pipe_pd >= 0) { 498 deadq_enter(f->fu_pipe_pd); 499 f->fu_pipe_pd = -1; 500 } 501 break; 502 default: 503 break; 504 } 505 (void)close(f->f_file); 506 f->f_file = -1; 507 } 508 509 static void 510 addpeer(const char *name, const char *serv, mode_t mode) 511 { 512 struct peer *pe = calloc(1, sizeof(*pe)); 513 if (pe == NULL) 514 err(1, "malloc failed"); 515 pe->pe_name = name; 516 pe->pe_serv = serv; 517 pe->pe_mode = mode; 518 STAILQ_INSERT_TAIL(&pqueue, pe, next); 519 } 520 521 static void 522 addsock(const char *name, const char *serv, mode_t mode) 523 { 524 struct addrinfo hints = { }, *res, *res0; 525 struct socklist *sl; 526 int error; 527 char *cp, *msgbuf; 528 529 /* 530 * We have to handle this case for backwards compatibility: 531 * If there are two (or more) colons but no '[' and ']', 532 * assume this is an inet6 address without a service. 533 */ 534 if (name != NULL) { 535 #ifdef INET6 536 if (name[0] == '[' && 537 (cp = strchr(name + 1, ']')) != NULL) { 538 name = &name[1]; 539 *cp = '\0'; 540 if (cp[1] == ':' && cp[2] != '\0') 541 serv = cp + 2; 542 } else { 543 #endif 544 cp = strchr(name, ':'); 545 if (cp != NULL && strchr(cp + 1, ':') == NULL) { 546 *cp = '\0'; 547 if (cp[1] != '\0') 548 serv = cp + 1; 549 if (cp == name) 550 name = NULL; 551 } 552 #ifdef INET6 553 } 554 #endif 555 } 556 hints.ai_family = AF_UNSPEC; 557 hints.ai_socktype = SOCK_DGRAM; 558 hints.ai_flags = AI_PASSIVE; 559 if (name != NULL) 560 dprintf("Trying peer: %s\n", name); 561 if (serv == NULL) 562 serv = "syslog"; 563 error = getaddrinfo(name, serv, &hints, &res0); 564 if (error) { 565 asprintf(&msgbuf, "getaddrinfo failed for %s%s: %s", 566 name == NULL ? "" : name, serv, 567 gai_strerror(error)); 568 errno = 0; 569 if (msgbuf == NULL) 570 logerror(gai_strerror(error)); 571 else 572 logerror(msgbuf); 573 free(msgbuf); 574 die(0); 575 } 576 for (res = res0; res != NULL; res = res->ai_next) { 577 sl = socksetup(res, name, mode); 578 if (sl == NULL) 579 continue; 580 STAILQ_INSERT_TAIL(&shead, sl, next); 581 } 582 freeaddrinfo(res0); 583 } 584 585 static void 586 addfile(int fd) 587 { 588 struct socklist *sl = calloc(1, sizeof(*sl)); 589 if (sl == NULL) 590 err(1, "malloc failed"); 591 sl->sl_socket = fd; 592 sl->sl_recv = socklist_recv_file; 593 STAILQ_INSERT_TAIL(&shead, sl, next); 594 } 595 596 int 597 main(int argc, char *argv[]) 598 { 599 struct sigaction act = { }; 600 struct kevent ev; 601 struct socklist *sl; 602 pid_t spid; 603 int ch, kq, ppipe_w = -1, s; 604 char *p; 605 bool bflag = false, pflag = false, Sflag = false; 606 607 if (madvise(NULL, 0, MADV_PROTECT) != 0) 608 dprintf("madvise() failed: %s\n", strerror(errno)); 609 610 while ((ch = getopt(argc, argv, "468Aa:b:cCdf:FHkl:M:m:nNoO:p:P:sS:Tuv")) 611 != -1) 612 switch (ch) { 613 #ifdef INET 614 case '4': 615 family = PF_INET; 616 break; 617 #endif 618 #ifdef INET6 619 case '6': 620 family = PF_INET6; 621 break; 622 #endif 623 case '8': 624 mask_C1 = 0; 625 break; 626 case 'A': 627 send_to_all = true; 628 break; 629 case 'a': /* allow specific network addresses only */ 630 if (!allowaddr(optarg)) 631 usage(); 632 break; 633 case 'b': 634 bflag = true; 635 p = strchr(optarg, ']'); 636 if (p != NULL) 637 p = strchr(p + 1, ':'); 638 else { 639 p = strchr(optarg, ':'); 640 if (p != NULL && strchr(p + 1, ':') != NULL) 641 p = NULL; /* backward compatibility */ 642 } 643 if (p == NULL) { 644 /* A hostname or filename only. */ 645 addpeer(optarg, "syslog", 0); 646 } else { 647 /* The case of "name:service". */ 648 *p++ = '\0'; 649 addpeer(strlen(optarg) == 0 ? NULL : optarg, 650 p, 0); 651 } 652 break; 653 case 'c': 654 no_compress++; 655 break; 656 case 'C': 657 logflags |= O_CREAT; 658 break; 659 case 'd': /* debug */ 660 Debug = true; 661 break; 662 case 'f': /* configuration file */ 663 ConfFile = optarg; 664 break; 665 case 'F': /* run in foreground instead of daemon */ 666 Foreground = true; 667 break; 668 case 'H': 669 RemoteHostname = true; 670 break; 671 case 'k': /* keep remote kern fac */ 672 KeepKernFac = true; 673 break; 674 case 'l': 675 case 'p': 676 case 'S': 677 { 678 long perml; 679 mode_t mode; 680 char *name, *ep; 681 682 if (ch == 'l') 683 mode = DEFFILEMODE; 684 else if (ch == 'p') { 685 mode = DEFFILEMODE; 686 pflag = true; 687 } else { 688 mode = S_IRUSR | S_IWUSR; 689 Sflag = true; 690 } 691 if (optarg[0] == '/') 692 name = optarg; 693 else if ((name = strchr(optarg, ':')) != NULL) { 694 *name++ = '\0'; 695 if (name[0] != '/') 696 errx(1, "socket name must be absolute " 697 "path"); 698 if (isdigit(*optarg)) { 699 perml = strtol(optarg, &ep, 8); 700 if (*ep || perml < 0 || 701 perml & ~(S_IRWXU|S_IRWXG|S_IRWXO)) 702 errx(1, "invalid mode %s, exiting", 703 optarg); 704 mode = (mode_t )perml; 705 } else 706 errx(1, "invalid mode %s, exiting", 707 optarg); 708 } else 709 errx(1, "invalid filename %s, exiting", 710 optarg); 711 addpeer(name, NULL, mode); 712 break; 713 } 714 case 'M': /* max length of forwarded message */ 715 MaxForwardLen = atoi(optarg); 716 if (MaxForwardLen < 480) 717 errx(1, "minimum length limit of forwarded " 718 "messages is 480 bytes"); 719 break; 720 case 'm': /* mark interval */ 721 MarkInterval = atoi(optarg) * 60; 722 break; 723 case 'N': 724 NoBind = true; 725 if (!SecureMode) 726 SecureMode = 1; 727 break; 728 case 'n': 729 resolve = false; 730 break; 731 case 'O': 732 if (strcmp(optarg, "bsd") == 0 || 733 strcmp(optarg, "rfc3164") == 0) 734 RFC3164OutputFormat = true; 735 else if (strcmp(optarg, "syslog") == 0 || 736 strcmp(optarg, "rfc5424") == 0) 737 RFC3164OutputFormat = false; 738 else 739 usage(); 740 break; 741 case 'o': 742 use_bootfile = true; 743 break; 744 case 'P': /* path for alt. PID */ 745 PidFile = optarg; 746 break; 747 case 's': /* no network mode */ 748 SecureMode++; 749 break; 750 case 'T': 751 RemoteAddDate = true; 752 break; 753 case 'u': /* only log specified priority */ 754 UniquePriority = true; 755 break; 756 case 'v': /* log facility and priority */ 757 LogFacPri++; 758 break; 759 default: 760 usage(); 761 } 762 if ((argc -= optind) != 0) 763 usage(); 764 765 if (RFC3164OutputFormat && MaxForwardLen > 1024) 766 errx(1, "RFC 3164 messages may not exceed 1024 bytes"); 767 768 pfh = pidfile_open(PidFile, 0600, &spid); 769 if (pfh == NULL) { 770 if (errno == EEXIST) 771 errx(1, "syslogd already running, pid: %d", spid); 772 warn("cannot open pid file"); 773 } 774 775 /* 776 * Now that flags have been parsed, we know if we're in 777 * secure mode. Add peers to the socklist, if allowed. 778 */ 779 while (!STAILQ_EMPTY(&pqueue)) { 780 struct peer *pe = STAILQ_FIRST(&pqueue); 781 STAILQ_REMOVE_HEAD(&pqueue, next); 782 addsock(pe->pe_name, pe->pe_serv, pe->pe_mode); 783 free(pe); 784 } 785 /* Listen by default: /dev/klog. */ 786 s = open(_PATH_KLOG, O_RDONLY | O_NONBLOCK | O_CLOEXEC, 0); 787 if (s < 0) { 788 dprintf("can't open %s (%d)\n", _PATH_KLOG, errno); 789 } else { 790 addfile(s); 791 } 792 /* Listen by default: *:514 if no -b flag. */ 793 if (bflag == 0) 794 addsock(NULL, "syslog", 0); 795 /* Listen by default: /var/run/log if no -p flag. */ 796 if (pflag == 0) 797 addsock(_PATH_LOG, NULL, DEFFILEMODE); 798 /* Listen by default: /var/run/logpriv if no -S flag. */ 799 if (Sflag == 0) 800 addsock(_PATH_LOG_PRIV, NULL, S_IRUSR | S_IWUSR); 801 802 consfile.f_type = F_CONSOLE; 803 consfile.f_file = -1; 804 (void)strlcpy(consfile.fu_fname, _PATH_CONSOLE + sizeof(_PATH_DEV) - 1, 805 sizeof(consfile.fu_fname)); 806 807 nulldesc = open(_PATH_DEVNULL, O_RDWR); 808 if (nulldesc == -1) { 809 warn("cannot open %s", _PATH_DEVNULL); 810 pidfile_remove(pfh); 811 exit(1); 812 } 813 814 (void)strlcpy(bootfile, getbootfile(), sizeof(bootfile)); 815 816 if (!Foreground && !Debug) 817 ppipe_w = waitdaemon(30); 818 else if (Debug) 819 setlinebuf(stdout); 820 821 kq = kqueue(); 822 if (kq == -1) { 823 warn("failed to initialize kqueue"); 824 pidfile_remove(pfh); 825 exit(1); 826 } 827 STAILQ_FOREACH(sl, &shead, next) { 828 if (sl->sl_recv == NULL) 829 continue; 830 EV_SET(&ev, sl->sl_socket, EVFILT_READ, EV_ADD, 0, 0, sl); 831 if (kevent(kq, &ev, 1, NULL, 0, NULL) == -1) { 832 warn("failed to add kevent to kqueue"); 833 pidfile_remove(pfh); 834 exit(1); 835 } 836 } 837 838 /* 839 * Syslogd will not reap its children via wait(). 840 * When SIGCHLD is ignored, zombie processes are 841 * not created. A child's PID will be recycled 842 * upon its exit. 843 */ 844 act.sa_handler = SIG_IGN; 845 for (size_t i = 0; i < nitems(sigcatch); ++i) { 846 EV_SET(&ev, sigcatch[i], EVFILT_SIGNAL, EV_ADD, 0, 0, NULL); 847 if (kevent(kq, &ev, 1, NULL, 0, NULL) == -1) { 848 warn("failed to add kevent to kqueue"); 849 pidfile_remove(pfh); 850 exit(1); 851 } 852 if (sigaction(sigcatch[i], &act, NULL) == -1) { 853 warn("failed to apply signal handler"); 854 pidfile_remove(pfh); 855 exit(1); 856 } 857 } 858 (void)alarm(TIMERINTVL); 859 860 /* tuck my process id away */ 861 pidfile_write(pfh); 862 863 dprintf("off & running....\n"); 864 init(false); 865 for (;;) { 866 if (needdofsync) { 867 dofsync(); 868 if (ppipe_w != -1) { 869 /* 870 * Close our end of the pipe so our 871 * parent knows that we have finished 872 * initialization. 873 */ 874 (void)close(ppipe_w); 875 ppipe_w = -1; 876 } 877 } 878 if (kevent(kq, NULL, 0, &ev, 1, NULL) == -1) { 879 if (errno != EINTR) 880 logerror("kevent"); 881 continue; 882 } 883 switch (ev.filter) { 884 case EVFILT_READ: 885 sl = ev.udata; 886 if (sl->sl_socket != -1 && sl->sl_recv != NULL) 887 sl->sl_recv(sl); 888 break; 889 case EVFILT_SIGNAL: 890 switch (ev.ident) { 891 case SIGHUP: 892 init(true); 893 break; 894 case SIGINT: 895 case SIGQUIT: 896 case SIGTERM: 897 if (ev.ident == SIGTERM || Debug) 898 die(ev.ident); 899 break; 900 case SIGALRM: 901 markit(); 902 break; 903 } 904 break; 905 } 906 } 907 } 908 909 static int 910 socklist_recv_sock(struct socklist *sl) 911 { 912 struct sockaddr_storage ss; 913 struct sockaddr *sa = (struct sockaddr *)&ss; 914 socklen_t sslen; 915 const char *hname; 916 char line[MAXLINE + 1]; 917 int len; 918 919 sslen = sizeof(ss); 920 len = recvfrom(sl->sl_socket, line, sizeof(line) - 1, 0, sa, &sslen); 921 dprintf("received sa_len = %d\n", sslen); 922 if (len == 0) 923 return (-1); 924 if (len < 0) { 925 if (errno != EINTR) 926 logerror("recvfrom"); 927 return (-1); 928 } 929 /* Received valid data. */ 930 line[len] = '\0'; 931 if (sl->sl_sa != NULL && sl->sl_family == AF_LOCAL) 932 hname = LocalHostName; 933 else { 934 hname = cvthname(sa); 935 unmapped(sa); 936 if (validate(sa, hname) == 0) { 937 dprintf("Message from %s was ignored.", hname); 938 return (-1); 939 } 940 } 941 parsemsg(hname, line); 942 943 return (0); 944 } 945 946 static void 947 unmapped(struct sockaddr *sa) 948 { 949 #if defined(INET) && defined(INET6) 950 struct sockaddr_in6 *sin6; 951 struct sockaddr_in sin; 952 953 if (sa == NULL || 954 sa->sa_family != AF_INET6 || 955 sa->sa_len != sizeof(*sin6)) 956 return; 957 sin6 = satosin6(sa); 958 if (!IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) 959 return; 960 sin = (struct sockaddr_in){ 961 .sin_family = AF_INET, 962 .sin_len = sizeof(sin), 963 .sin_port = sin6->sin6_port 964 }; 965 memcpy(&sin.sin_addr, &sin6->sin6_addr.s6_addr[12], 966 sizeof(sin.sin_addr)); 967 memcpy(sa, &sin, sizeof(sin)); 968 #else 969 if (sa == NULL) 970 return; 971 #endif 972 } 973 974 static void 975 usage(void) 976 { 977 978 fprintf(stderr, 979 "usage: syslogd [-468ACcdFHknosTuv] [-a allowed_peer]\n" 980 " [-b bind_address] [-f config_file]\n" 981 " [-l [mode:]path] [-M fwd_length]\n" 982 " [-m mark_interval] [-O format] [-P pid_file]\n" 983 " [-p log_socket] [-S logpriv_socket]\n"); 984 exit(1); 985 } 986 987 /* 988 * Removes characters from log messages that are unsafe to display. 989 * TODO: Permit UTF-8 strings that include a BOM per RFC 5424? 990 */ 991 static void 992 parsemsg_remove_unsafe_characters(const char *in, char *out, size_t outlen) 993 { 994 char *q; 995 int c; 996 997 q = out; 998 while ((c = (unsigned char)*in++) != '\0' && q < out + outlen - 4) { 999 if (mask_C1 && (c & 0x80) && c < 0xA0) { 1000 c &= 0x7F; 1001 *q++ = 'M'; 1002 *q++ = '-'; 1003 } 1004 if (isascii(c) && iscntrl(c)) { 1005 if (c == '\n') { 1006 *q++ = ' '; 1007 } else if (c == '\t') { 1008 *q++ = '\t'; 1009 } else { 1010 *q++ = '^'; 1011 *q++ = c ^ 0100; 1012 } 1013 } else { 1014 *q++ = c; 1015 } 1016 } 1017 *q = '\0'; 1018 } 1019 1020 /* 1021 * Parses a syslog message according to RFC 5424, assuming that PRI and 1022 * VERSION (i.e., "<%d>1 ") have already been parsed by parsemsg(). The 1023 * parsed result is passed to logmsg(). 1024 */ 1025 static void 1026 parsemsg_rfc5424(const char *from, int pri, char *msg) 1027 { 1028 const struct logtime *timestamp; 1029 struct logtime timestamp_remote; 1030 const char *omsg, *hostname, *app_name, *procid, *msgid, 1031 *structured_data; 1032 char line[MAXLINE + 1]; 1033 1034 #define FAIL_IF(field, expr) do { \ 1035 if (expr) { \ 1036 dprintf("Failed to parse " field " from %s: %s\n", \ 1037 from, omsg); \ 1038 return; \ 1039 } \ 1040 } while (0) 1041 #define PARSE_CHAR(field, sep) do { \ 1042 FAIL_IF(field, *msg != sep); \ 1043 ++msg; \ 1044 } while (0) 1045 #define IF_NOT_NILVALUE(var) \ 1046 if (msg[0] == '-' && msg[1] == ' ') { \ 1047 msg += 2; \ 1048 var = NULL; \ 1049 } else if (msg[0] == '-' && msg[1] == '\0') { \ 1050 ++msg; \ 1051 var = NULL; \ 1052 } else 1053 1054 omsg = msg; 1055 IF_NOT_NILVALUE(timestamp) { 1056 /* Parse RFC 3339-like timestamp. */ 1057 #define PARSE_NUMBER(dest, length, min, max) do { \ 1058 int i, v; \ 1059 \ 1060 v = 0; \ 1061 for (i = 0; i < length; ++i) { \ 1062 FAIL_IF("TIMESTAMP", *msg < '0' || *msg > '9'); \ 1063 v = v * 10 + *msg++ - '0'; \ 1064 } \ 1065 FAIL_IF("TIMESTAMP", v < min || v > max); \ 1066 dest = v; \ 1067 } while (0) 1068 /* Date and time. */ 1069 memset(×tamp_remote, 0, sizeof(timestamp_remote)); 1070 PARSE_NUMBER(timestamp_remote.tm.tm_year, 4, 0, 9999); 1071 timestamp_remote.tm.tm_year -= 1900; 1072 PARSE_CHAR("TIMESTAMP", '-'); 1073 PARSE_NUMBER(timestamp_remote.tm.tm_mon, 2, 1, 12); 1074 --timestamp_remote.tm.tm_mon; 1075 PARSE_CHAR("TIMESTAMP", '-'); 1076 PARSE_NUMBER(timestamp_remote.tm.tm_mday, 2, 1, 31); 1077 PARSE_CHAR("TIMESTAMP", 'T'); 1078 PARSE_NUMBER(timestamp_remote.tm.tm_hour, 2, 0, 23); 1079 PARSE_CHAR("TIMESTAMP", ':'); 1080 PARSE_NUMBER(timestamp_remote.tm.tm_min, 2, 0, 59); 1081 PARSE_CHAR("TIMESTAMP", ':'); 1082 PARSE_NUMBER(timestamp_remote.tm.tm_sec, 2, 0, 59); 1083 /* Perform normalization. */ 1084 timegm(×tamp_remote.tm); 1085 /* Optional: fractional seconds. */ 1086 if (msg[0] == '.' && msg[1] >= '0' && msg[1] <= '9') { 1087 int i; 1088 1089 ++msg; 1090 for (i = 100000; i != 0; i /= 10) { 1091 if (*msg < '0' || *msg > '9') 1092 break; 1093 timestamp_remote.usec += (*msg++ - '0') * i; 1094 } 1095 } 1096 /* Timezone. */ 1097 if (*msg == 'Z') { 1098 /* UTC. */ 1099 ++msg; 1100 } else { 1101 int sign, tz_hour, tz_min; 1102 1103 /* Local time zone offset. */ 1104 FAIL_IF("TIMESTAMP", *msg != '-' && *msg != '+'); 1105 sign = *msg++ == '-' ? -1 : 1; 1106 PARSE_NUMBER(tz_hour, 2, 0, 23); 1107 PARSE_CHAR("TIMESTAMP", ':'); 1108 PARSE_NUMBER(tz_min, 2, 0, 59); 1109 timestamp_remote.tm.tm_gmtoff = 1110 sign * (tz_hour * 3600 + tz_min * 60); 1111 } 1112 #undef PARSE_NUMBER 1113 PARSE_CHAR("TIMESTAMP", ' '); 1114 timestamp = RemoteAddDate ? NULL : ×tamp_remote; 1115 } 1116 1117 /* String fields part of the HEADER. */ 1118 #define PARSE_STRING(field, var) \ 1119 IF_NOT_NILVALUE(var) { \ 1120 var = msg; \ 1121 while (*msg >= '!' && *msg <= '~') \ 1122 ++msg; \ 1123 FAIL_IF(field, var == msg); \ 1124 PARSE_CHAR(field, ' '); \ 1125 msg[-1] = '\0'; \ 1126 } 1127 PARSE_STRING("HOSTNAME", hostname); 1128 if (hostname == NULL || !RemoteHostname) 1129 hostname = from; 1130 PARSE_STRING("APP-NAME", app_name); 1131 PARSE_STRING("PROCID", procid); 1132 PARSE_STRING("MSGID", msgid); 1133 #undef PARSE_STRING 1134 1135 /* Structured data. */ 1136 #define PARSE_SD_NAME() do { \ 1137 const char *start; \ 1138 \ 1139 start = msg; \ 1140 while (*msg >= '!' && *msg <= '~' && *msg != '=' && \ 1141 *msg != ']' && *msg != '"') \ 1142 ++msg; \ 1143 FAIL_IF("STRUCTURED-NAME", start == msg); \ 1144 } while (0) 1145 IF_NOT_NILVALUE(structured_data) { 1146 structured_data = msg; 1147 /* SD-ELEMENT. */ 1148 while (*msg == '[') { 1149 ++msg; 1150 /* SD-ID. */ 1151 PARSE_SD_NAME(); 1152 /* SD-PARAM. */ 1153 while (*msg == ' ') { 1154 ++msg; 1155 /* PARAM-NAME. */ 1156 PARSE_SD_NAME(); 1157 PARSE_CHAR("STRUCTURED-NAME", '='); 1158 PARSE_CHAR("STRUCTURED-NAME", '"'); 1159 while (*msg != '"') { 1160 FAIL_IF("STRUCTURED-NAME", 1161 *msg == '\0'); 1162 if (*msg++ == '\\') { 1163 FAIL_IF("STRUCTURED-NAME", 1164 *msg == '\0'); 1165 ++msg; 1166 } 1167 } 1168 ++msg; 1169 } 1170 PARSE_CHAR("STRUCTURED-NAME", ']'); 1171 } 1172 PARSE_CHAR("STRUCTURED-NAME", ' '); 1173 msg[-1] = '\0'; 1174 } 1175 #undef PARSE_SD_NAME 1176 1177 #undef FAIL_IF 1178 #undef PARSE_CHAR 1179 #undef IF_NOT_NILVALUE 1180 1181 parsemsg_remove_unsafe_characters(msg, line, sizeof(line)); 1182 logmsg(pri, timestamp, hostname, app_name, procid, msgid, 1183 structured_data, line, 0); 1184 } 1185 1186 /* 1187 * Returns the length of the application name ("TAG" in RFC 3164 1188 * terminology) and process ID from a message if present. 1189 */ 1190 static void 1191 parsemsg_rfc3164_get_app_name_procid(const char *msg, size_t *app_name_length_p, 1192 ptrdiff_t *procid_begin_offset_p, size_t *procid_length_p) 1193 { 1194 const char *m, *procid_begin; 1195 size_t app_name_length, procid_length; 1196 1197 m = msg; 1198 1199 /* Application name. */ 1200 app_name_length = strspn(m, 1201 "abcdefghijklmnopqrstuvwxyz" 1202 "ABCDEFGHIJKLMNOPQRSTUVWXYZ" 1203 "0123456789" 1204 "_-/"); 1205 if (app_name_length == 0) 1206 goto bad; 1207 m += app_name_length; 1208 1209 /* Process identifier (optional). */ 1210 if (*m == '[') { 1211 procid_begin = ++m; 1212 procid_length = strspn(m, "0123456789"); 1213 if (procid_length == 0) 1214 goto bad; 1215 m += procid_length; 1216 if (*m++ != ']') 1217 goto bad; 1218 } else { 1219 procid_begin = NULL; 1220 procid_length = 0; 1221 } 1222 1223 /* Separator. */ 1224 if (m[0] != ':' || m[1] != ' ') 1225 goto bad; 1226 1227 *app_name_length_p = app_name_length; 1228 if (procid_begin_offset_p != NULL) 1229 *procid_begin_offset_p = 1230 procid_begin == NULL ? 0 : procid_begin - msg; 1231 if (procid_length_p != NULL) 1232 *procid_length_p = procid_length; 1233 return; 1234 bad: 1235 *app_name_length_p = 0; 1236 if (procid_begin_offset_p != NULL) 1237 *procid_begin_offset_p = 0; 1238 if (procid_length_p != NULL) 1239 *procid_length_p = 0; 1240 } 1241 1242 /* 1243 * Trims the application name ("TAG" in RFC 3164 terminology) and 1244 * process ID from a message if present. 1245 */ 1246 static void 1247 parsemsg_rfc3164_app_name_procid(char **msg, const char **app_name, 1248 const char **procid) 1249 { 1250 char *m, *app_name_begin, *procid_begin; 1251 size_t app_name_length, procid_length; 1252 ptrdiff_t procid_begin_offset; 1253 1254 m = *msg; 1255 app_name_begin = m; 1256 1257 parsemsg_rfc3164_get_app_name_procid(app_name_begin, &app_name_length, 1258 &procid_begin_offset, &procid_length); 1259 if (app_name_length == 0) 1260 goto bad; 1261 procid_begin = procid_begin_offset == 0 ? NULL : 1262 app_name_begin + procid_begin_offset; 1263 1264 /* Split strings from input. */ 1265 app_name_begin[app_name_length] = '\0'; 1266 m += app_name_length + 1; 1267 if (procid_begin != NULL) { 1268 procid_begin[procid_length] = '\0'; 1269 m += procid_length + 2; 1270 } 1271 1272 *msg = m + 1; 1273 *app_name = app_name_begin; 1274 *procid = procid_begin; 1275 return; 1276 bad: 1277 *app_name = NULL; 1278 *procid = NULL; 1279 } 1280 1281 /* 1282 * Parses a syslog message according to RFC 3164, assuming that PRI 1283 * (i.e., "<%d>") has already been parsed by parsemsg(). The parsed 1284 * result is passed to logmsg(). 1285 */ 1286 static void 1287 parsemsg_rfc3164(const char *from, int pri, char *msg) 1288 { 1289 struct tm tm_parsed; 1290 const struct logtime *timestamp; 1291 struct logtime timestamp_remote; 1292 const char *app_name, *procid; 1293 size_t i, msglen; 1294 char line[MAXLINE + 1]; 1295 1296 /* 1297 * Parse the TIMESTAMP provided by the remote side. If none is 1298 * found, assume this is not an RFC 3164 formatted message, 1299 * only containing a TAG and a MSG. 1300 */ 1301 timestamp = NULL; 1302 if (strptime(msg, RFC3164_DATEFMT, &tm_parsed) == 1303 msg + RFC3164_DATELEN && msg[RFC3164_DATELEN] == ' ') { 1304 msg += RFC3164_DATELEN + 1; 1305 if (!RemoteAddDate) { 1306 struct tm tm_now; 1307 time_t t_now; 1308 int year; 1309 1310 /* 1311 * As the timestamp does not contain the year 1312 * number, daylight saving time information, nor 1313 * a time zone, attempt to infer it. Due to 1314 * clock skews, the timestamp may even be part 1315 * of the next year. Use the last year for which 1316 * the timestamp is at most one week in the 1317 * future. 1318 * 1319 * This loop can only run for at most three 1320 * iterations before terminating. 1321 */ 1322 t_now = time(NULL); 1323 localtime_r(&t_now, &tm_now); 1324 for (year = tm_now.tm_year + 1;; --year) { 1325 assert(year >= tm_now.tm_year - 1); 1326 timestamp_remote.tm = tm_parsed; 1327 timestamp_remote.tm.tm_year = year; 1328 timestamp_remote.tm.tm_isdst = -1; 1329 timestamp_remote.usec = 0; 1330 if (mktime(×tamp_remote.tm) < 1331 t_now + 7 * 24 * 60 * 60) 1332 break; 1333 } 1334 timestamp = ×tamp_remote; 1335 } 1336 1337 /* 1338 * A single space character MUST also follow the HOSTNAME field. 1339 */ 1340 msglen = strlen(msg); 1341 for (i = 0; i < MIN(MAXHOSTNAMELEN, msglen); i++) { 1342 if (msg[i] == ' ') { 1343 if (RemoteHostname) { 1344 msg[i] = '\0'; 1345 from = msg; 1346 } 1347 msg += i + 1; 1348 break; 1349 } 1350 /* 1351 * Support non RFC compliant messages, without hostname. 1352 */ 1353 if (msg[i] == ':') 1354 break; 1355 } 1356 if (i == MIN(MAXHOSTNAMELEN, msglen)) { 1357 dprintf("Invalid HOSTNAME from %s: %s\n", from, msg); 1358 return; 1359 } 1360 } 1361 1362 /* Remove the TAG, if present. */ 1363 parsemsg_rfc3164_app_name_procid(&msg, &app_name, &procid); 1364 parsemsg_remove_unsafe_characters(msg, line, sizeof(line)); 1365 logmsg(pri, timestamp, from, app_name, procid, NULL, NULL, line, 0); 1366 } 1367 1368 /* 1369 * Takes a raw input line, extracts PRI and determines whether the 1370 * message is formatted according to RFC 3164 or RFC 5424. Continues 1371 * parsing of addition fields in the message according to those 1372 * standards and prints the message on the appropriate log files. 1373 */ 1374 static void 1375 parsemsg(const char *from, char *msg) 1376 { 1377 char *q; 1378 long n; 1379 size_t i; 1380 int pri; 1381 1382 i = -1; 1383 pri = DEFUPRI; 1384 1385 /* Parse PRI. */ 1386 if (msg[0] == '<' && isdigit(msg[1])) { 1387 for (i = 2; i <= 4; i++) { 1388 if (msg[i] == '>') { 1389 errno = 0; 1390 n = strtol(msg + 1, &q, 10); 1391 if (errno == 0 && *q == msg[i] && n >= 0 && n <= INT_MAX) { 1392 pri = n; 1393 msg += i + 1; 1394 i = 0; 1395 } 1396 break; 1397 } 1398 } 1399 } 1400 1401 if (pri &~ (LOG_FACMASK|LOG_PRIMASK)) 1402 pri = DEFUPRI; 1403 1404 /* 1405 * Don't allow users to log kernel messages. 1406 * NOTE: since LOG_KERN == 0 this will also match 1407 * messages with no facility specified. 1408 */ 1409 if ((pri & LOG_FACMASK) == LOG_KERN && !KeepKernFac) 1410 pri = LOG_MAKEPRI(LOG_USER, LOG_PRI(pri)); 1411 1412 /* Parse VERSION. */ 1413 if (i == 0 && msg[0] == '1' && msg[1] == ' ') 1414 parsemsg_rfc5424(from, pri, msg + 2); 1415 else 1416 parsemsg_rfc3164(from, pri, msg); 1417 } 1418 1419 /* 1420 * Read /dev/klog while data are available, split into lines. 1421 */ 1422 static int 1423 socklist_recv_file(struct socklist *sl) 1424 { 1425 char *p, *q, line[MAXLINE + 1]; 1426 int len, i; 1427 1428 len = 0; 1429 for (;;) { 1430 i = read(sl->sl_socket, line + len, MAXLINE - 1 - len); 1431 if (i > 0) { 1432 line[i + len] = '\0'; 1433 } else { 1434 if (i < 0 && errno != EINTR && errno != EAGAIN) { 1435 logerror("klog"); 1436 close(sl->sl_socket); 1437 sl->sl_socket = -1; 1438 } 1439 break; 1440 } 1441 1442 for (p = line; (q = strchr(p, '\n')) != NULL; p = q + 1) { 1443 *q = '\0'; 1444 printsys(p); 1445 } 1446 len = strlen(p); 1447 if (len >= MAXLINE - 1) { 1448 printsys(p); 1449 len = 0; 1450 } 1451 if (len > 0) 1452 memmove(line, p, len + 1); 1453 } 1454 if (len > 0) 1455 printsys(line); 1456 1457 return (len); 1458 } 1459 1460 /* 1461 * Take a raw input line from /dev/klog, format similar to syslog(). 1462 */ 1463 static void 1464 printsys(char *msg) 1465 { 1466 char *p, *q; 1467 long n; 1468 int flags, isprintf, pri; 1469 1470 flags = ISKERNEL | SYNC_FILE; /* fsync after write */ 1471 p = msg; 1472 pri = DEFSPRI; 1473 isprintf = 1; 1474 if (*p == '<') { 1475 errno = 0; 1476 n = strtol(p + 1, &q, 10); 1477 if (*q == '>' && n >= 0 && n < INT_MAX && errno == 0) { 1478 p = q + 1; 1479 pri = n; 1480 isprintf = 0; 1481 } 1482 } 1483 /* 1484 * Kernel printf's and LOG_CONSOLE messages have been displayed 1485 * on the console already. 1486 */ 1487 if (isprintf || (pri & LOG_FACMASK) == LOG_CONSOLE) 1488 flags |= IGN_CONS; 1489 if (pri &~ (LOG_FACMASK|LOG_PRIMASK)) 1490 pri = DEFSPRI; 1491 logmsg(pri, NULL, LocalHostName, "kernel", NULL, NULL, NULL, p, flags); 1492 } 1493 1494 static time_t now; 1495 1496 /* 1497 * Match a program or host name against a specification. 1498 * Return a non-0 value if the message must be ignored 1499 * based on the specification. 1500 */ 1501 static int 1502 skip_message(const char *name, const char *spec, int checkcase) 1503 { 1504 const char *s; 1505 char prev, next; 1506 int exclude = 0; 1507 /* Behaviour on explicit match */ 1508 1509 if (spec == NULL) 1510 return (0); 1511 switch (*spec) { 1512 case '-': 1513 exclude = 1; 1514 /*FALLTHROUGH*/ 1515 case '+': 1516 spec++; 1517 break; 1518 default: 1519 break; 1520 } 1521 if (checkcase) 1522 s = strstr (spec, name); 1523 else 1524 s = strcasestr (spec, name); 1525 1526 if (s != NULL) { 1527 prev = (s == spec ? ',' : *(s - 1)); 1528 next = *(s + strlen (name)); 1529 1530 if (prev == ',' && (next == '\0' || next == ',')) 1531 /* Explicit match: skip iff the spec is an 1532 exclusive one. */ 1533 return (exclude); 1534 } 1535 1536 /* No explicit match for this name: skip the message iff 1537 the spec is an inclusive one. */ 1538 return (!exclude); 1539 } 1540 1541 /* 1542 * Match some property of the message against a filter. 1543 * Return a non-0 value if the message must be ignored 1544 * based on the filter. 1545 */ 1546 static int 1547 evaluate_prop_filter(const struct prop_filter *filter, const char *value) 1548 { 1549 const char *s = NULL; 1550 const int exclude = ((filter->cmp_flags & FILT_FLAG_EXCLUDE) > 0); 1551 size_t valuelen; 1552 1553 if (value == NULL) 1554 return (-1); 1555 1556 if (filter->cmp_type == FILT_CMP_REGEX) { 1557 if (regexec(filter->pflt_re, value, 0, NULL, 0) == 0) 1558 return (exclude); 1559 else 1560 return (!exclude); 1561 } 1562 1563 valuelen = strlen(value); 1564 1565 /* a shortcut for equal with different length is always false */ 1566 if (filter->cmp_type == FILT_CMP_EQUAL && 1567 valuelen != filter->pflt_strlen) 1568 return (!exclude); 1569 1570 if (filter->cmp_flags & FILT_FLAG_ICASE) 1571 s = strcasestr(value, filter->pflt_strval); 1572 else 1573 s = strstr(value, filter->pflt_strval); 1574 1575 /* 1576 * FILT_CMP_CONTAINS true if s 1577 * FILT_CMP_STARTS true if s && s == value 1578 * FILT_CMP_EQUAL true if s && s == value && 1579 * valuelen == filter->pflt_strlen 1580 * (and length match is checked 1581 * already) 1582 */ 1583 1584 switch (filter->cmp_type) { 1585 case FILT_CMP_STARTS: 1586 case FILT_CMP_EQUAL: 1587 if (s != value) 1588 return (!exclude); 1589 /* FALLTHROUGH */ 1590 case FILT_CMP_CONTAINS: 1591 if (s) 1592 return (exclude); 1593 else 1594 return (!exclude); 1595 break; 1596 default: 1597 /* unknown cmp_type */ 1598 break; 1599 } 1600 1601 return (-1); 1602 } 1603 1604 /* 1605 * Logs a message to the appropriate log files, users, etc. based on the 1606 * priority. Log messages are formatted according to RFC 3164 or 1607 * RFC 5424 in subsequent fprintlog_*() functions. 1608 */ 1609 static void 1610 logmsg(int pri, const struct logtime *timestamp, const char *hostname, 1611 const char *app_name, const char *procid, const char *msgid, 1612 const char *structured_data, const char *msg, int flags) 1613 { 1614 struct timeval tv; 1615 struct logtime timestamp_now; 1616 struct filed *f; 1617 size_t savedlen; 1618 int fac, prilev; 1619 char saved[MAXSVLINE], kernel_app_name[100]; 1620 1621 dprintf("logmsg: pri %o, flags %x, from %s, msg %s\n", 1622 pri, flags, hostname, msg); 1623 1624 (void)gettimeofday(&tv, NULL); 1625 now = tv.tv_sec; 1626 if (timestamp == NULL) { 1627 localtime_r(&now, ×tamp_now.tm); 1628 timestamp_now.usec = tv.tv_usec; 1629 timestamp = ×tamp_now; 1630 } 1631 1632 /* extract facility and priority level */ 1633 if (flags & MARK) 1634 fac = LOG_NFACILITIES; 1635 else 1636 fac = LOG_FAC(pri); 1637 1638 /* Check maximum facility number. */ 1639 if (fac > LOG_NFACILITIES) 1640 return; 1641 1642 prilev = LOG_PRI(pri); 1643 1644 /* 1645 * Lookup kernel app name from log prefix if present. 1646 * This is only used for local program specification matching. 1647 */ 1648 if (flags & ISKERNEL) { 1649 size_t kernel_app_name_length; 1650 1651 parsemsg_rfc3164_get_app_name_procid(msg, 1652 &kernel_app_name_length, NULL, NULL); 1653 if (kernel_app_name_length != 0) { 1654 strlcpy(kernel_app_name, msg, 1655 MIN(sizeof(kernel_app_name), 1656 kernel_app_name_length + 1)); 1657 } else 1658 kernel_app_name[0] = '\0'; 1659 } 1660 1661 /* log the message to the particular outputs */ 1662 if (!Initialized) { 1663 consfile.f_lasttime = *timestamp; 1664 fprintlog_first(&consfile, hostname, app_name, procid, 1665 msgid, structured_data, msg, flags); 1666 return; 1667 } 1668 1669 /* 1670 * Store all of the fields of the message, except the timestamp, 1671 * in a single string. This string is used to detect duplicate 1672 * messages. 1673 */ 1674 assert(hostname != NULL); 1675 assert(msg != NULL); 1676 savedlen = snprintf(saved, sizeof(saved), 1677 "%d %s %s %s %s %s %s", pri, hostname, 1678 app_name == NULL ? "-" : app_name, procid == NULL ? "-" : procid, 1679 msgid == NULL ? "-" : msgid, 1680 structured_data == NULL ? "-" : structured_data, msg); 1681 1682 STAILQ_FOREACH(f, &fhead, next) { 1683 /* skip messages that are incorrect priority */ 1684 if (!(((f->f_pcmp[fac] & PRI_EQ) && (f->f_pmask[fac] == prilev)) 1685 ||((f->f_pcmp[fac] & PRI_LT) && (f->f_pmask[fac] < prilev)) 1686 ||((f->f_pcmp[fac] & PRI_GT) && (f->f_pmask[fac] > prilev)) 1687 ) 1688 || f->f_pmask[fac] == INTERNAL_NOPRI) 1689 continue; 1690 1691 /* skip messages with the incorrect hostname */ 1692 if (skip_message(hostname, f->f_host, 0)) 1693 continue; 1694 1695 /* skip messages with the incorrect program name */ 1696 if (flags & ISKERNEL && kernel_app_name[0] != '\0') { 1697 if (skip_message(kernel_app_name, f->f_program, 1)) 1698 continue; 1699 } else if (skip_message(app_name == NULL ? "" : app_name, 1700 f->f_program, 1)) 1701 continue; 1702 1703 /* skip messages if a property does not match filter */ 1704 if (f->f_prop_filter != NULL && 1705 f->f_prop_filter->prop_type != FILT_PROP_NOOP) { 1706 switch (f->f_prop_filter->prop_type) { 1707 case FILT_PROP_MSG: 1708 if (evaluate_prop_filter(f->f_prop_filter, 1709 msg)) 1710 continue; 1711 break; 1712 case FILT_PROP_HOSTNAME: 1713 if (evaluate_prop_filter(f->f_prop_filter, 1714 hostname)) 1715 continue; 1716 break; 1717 case FILT_PROP_PROGNAME: 1718 if (evaluate_prop_filter(f->f_prop_filter, 1719 app_name == NULL ? "" : app_name)) 1720 continue; 1721 break; 1722 default: 1723 continue; 1724 } 1725 } 1726 1727 /* skip message to console if it has already been printed */ 1728 if (f->f_type == F_CONSOLE && (flags & IGN_CONS)) 1729 continue; 1730 1731 /* don't output marks to recently written files */ 1732 if ((flags & MARK) && (now - f->f_time) < MarkInterval / 2) 1733 continue; 1734 1735 /* 1736 * suppress duplicate lines to this file 1737 */ 1738 if (no_compress - (f->f_type != F_PIPE) < 1 && 1739 (flags & MARK) == 0 && savedlen == f->f_prevlen && 1740 strcmp(saved, f->f_prevline) == 0) { 1741 f->f_lasttime = *timestamp; 1742 f->f_prevcount++; 1743 dprintf("msg repeated %d times, %ld sec of %d\n", 1744 f->f_prevcount, (long)(now - f->f_time), 1745 repeatinterval[f->f_repeatcount]); 1746 /* 1747 * If domark would have logged this by now, 1748 * flush it now (so we don't hold isolated messages), 1749 * but back off so we'll flush less often 1750 * in the future. 1751 */ 1752 if (now > REPEATTIME(f)) { 1753 fprintlog_successive(f, flags); 1754 BACKOFF(f); 1755 } 1756 } else { 1757 /* new line, save it */ 1758 if (f->f_prevcount) 1759 fprintlog_successive(f, 0); 1760 f->f_repeatcount = 0; 1761 f->f_prevpri = pri; 1762 f->f_lasttime = *timestamp; 1763 static_assert(sizeof(f->f_prevline) == sizeof(saved), 1764 "Space to store saved line incorrect"); 1765 (void)strcpy(f->f_prevline, saved); 1766 f->f_prevlen = savedlen; 1767 fprintlog_first(f, hostname, app_name, procid, msgid, 1768 structured_data, msg, flags); 1769 } 1770 } 1771 } 1772 1773 static void 1774 dofsync(void) 1775 { 1776 struct filed *f; 1777 1778 STAILQ_FOREACH(f, &fhead, next) { 1779 if (f->f_type == F_FILE && 1780 (f->f_flags & FFLAG_NEEDSYNC) != 0) { 1781 f->f_flags &= ~FFLAG_NEEDSYNC; 1782 (void)fsync(f->f_file); 1783 } 1784 } 1785 needdofsync = false; 1786 } 1787 1788 /* 1789 * List of iovecs to which entries can be appended. 1790 * Used for constructing the message to be logged. 1791 */ 1792 struct iovlist { 1793 struct iovec iov[TTYMSG_IOV_MAX]; 1794 size_t iovcnt; 1795 size_t totalsize; 1796 }; 1797 1798 static void 1799 iovlist_init(struct iovlist *il) 1800 { 1801 1802 il->iovcnt = 0; 1803 il->totalsize = 0; 1804 } 1805 1806 static void 1807 iovlist_append(struct iovlist *il, const char *str) 1808 { 1809 size_t size; 1810 1811 /* Discard components if we've run out of iovecs. */ 1812 if (il->iovcnt < nitems(il->iov)) { 1813 size = strlen(str); 1814 il->iov[il->iovcnt++] = (struct iovec){ 1815 .iov_base = __DECONST(char *, str), 1816 .iov_len = size, 1817 }; 1818 il->totalsize += size; 1819 } 1820 } 1821 1822 #if defined(INET) || defined(INET6) 1823 static void 1824 iovlist_truncate(struct iovlist *il, size_t size) 1825 { 1826 struct iovec *last; 1827 size_t diff; 1828 1829 while (il->totalsize > size) { 1830 diff = il->totalsize - size; 1831 last = &il->iov[il->iovcnt - 1]; 1832 if (diff >= last->iov_len) { 1833 /* Remove the last iovec entirely. */ 1834 --il->iovcnt; 1835 il->totalsize -= last->iov_len; 1836 } else { 1837 /* Remove the last iovec partially. */ 1838 last->iov_len -= diff; 1839 il->totalsize -= diff; 1840 } 1841 } 1842 } 1843 #endif 1844 1845 static void 1846 fprintlog_write(struct filed *f, struct iovlist *il, int flags) 1847 { 1848 struct msghdr msghdr; 1849 struct addrinfo *r; 1850 struct socklist *sl; 1851 const char *msgret; 1852 ssize_t lsent; 1853 1854 switch (f->f_type) { 1855 case F_FORW: 1856 dprintf(" %s", f->fu_forw_hname); 1857 switch (f->fu_forw_addr->ai_family) { 1858 #ifdef INET 1859 case AF_INET: 1860 dprintf(":%d\n", 1861 ntohs(satosin(f->fu_forw_addr->ai_addr)->sin_port)); 1862 break; 1863 #endif 1864 #ifdef INET6 1865 case AF_INET6: 1866 dprintf(":%d\n", 1867 ntohs(satosin6(f->fu_forw_addr->ai_addr)->sin6_port)); 1868 break; 1869 #endif 1870 default: 1871 dprintf("\n"); 1872 } 1873 1874 #if defined(INET) || defined(INET6) 1875 /* Truncate messages to maximum forward length. */ 1876 iovlist_truncate(il, MaxForwardLen); 1877 #endif 1878 1879 lsent = 0; 1880 for (r = f->fu_forw_addr; r; r = r->ai_next) { 1881 memset(&msghdr, 0, sizeof(msghdr)); 1882 msghdr.msg_name = r->ai_addr; 1883 msghdr.msg_namelen = r->ai_addrlen; 1884 msghdr.msg_iov = il->iov; 1885 msghdr.msg_iovlen = il->iovcnt; 1886 STAILQ_FOREACH(sl, &shead, next) { 1887 if (sl->sl_socket < 0) 1888 continue; 1889 if (sl->sl_sa == NULL || 1890 sl->sl_family == AF_UNSPEC || 1891 sl->sl_family == AF_LOCAL) 1892 continue; 1893 lsent = sendmsg(sl->sl_socket, &msghdr, 0); 1894 if (lsent == (ssize_t)il->totalsize) 1895 break; 1896 } 1897 if (lsent == (ssize_t)il->totalsize && !send_to_all) 1898 break; 1899 } 1900 dprintf("lsent/totalsize: %zd/%zu\n", lsent, il->totalsize); 1901 if (lsent != (ssize_t)il->totalsize) { 1902 int e = errno; 1903 logerror("sendto"); 1904 errno = e; 1905 switch (errno) { 1906 case ENOBUFS: 1907 case ENETDOWN: 1908 case ENETUNREACH: 1909 case EHOSTUNREACH: 1910 case EHOSTDOWN: 1911 case EADDRNOTAVAIL: 1912 break; 1913 /* case EBADF: */ 1914 /* case EACCES: */ 1915 /* case ENOTSOCK: */ 1916 /* case EFAULT: */ 1917 /* case EMSGSIZE: */ 1918 /* case EAGAIN: */ 1919 /* case ENOBUFS: */ 1920 /* case ECONNREFUSED: */ 1921 default: 1922 dprintf("removing entry: errno=%d\n", e); 1923 f->f_type = F_UNUSED; 1924 break; 1925 } 1926 } 1927 break; 1928 1929 case F_FILE: 1930 dprintf(" %s\n", f->fu_fname); 1931 iovlist_append(il, "\n"); 1932 if (writev(f->f_file, il->iov, il->iovcnt) < 0) { 1933 /* 1934 * If writev(2) fails for potentially transient errors 1935 * like the filesystem being full, ignore it. 1936 * Otherwise remove this logfile from the list. 1937 */ 1938 if (errno != ENOSPC) { 1939 int e = errno; 1940 close_filed(f); 1941 errno = e; 1942 logerror(f->fu_fname); 1943 } 1944 } else if ((flags & SYNC_FILE) && (f->f_flags & FFLAG_SYNC)) { 1945 f->f_flags |= FFLAG_NEEDSYNC; 1946 needdofsync = true; 1947 } 1948 break; 1949 1950 case F_PIPE: 1951 dprintf(" %s\n", f->fu_pipe_pname); 1952 iovlist_append(il, "\n"); 1953 if (f->fu_pipe_pd == -1) { 1954 if ((f->f_file = p_open(f->fu_pipe_pname, 1955 &f->fu_pipe_pd)) < 0) { 1956 logerror(f->fu_pipe_pname); 1957 break; 1958 } 1959 } 1960 if (writev(f->f_file, il->iov, il->iovcnt) < 0) { 1961 logerror(f->fu_pipe_pname); 1962 close_filed(f); 1963 } 1964 break; 1965 1966 case F_CONSOLE: 1967 if (flags & IGN_CONS) { 1968 dprintf(" (ignored)\n"); 1969 break; 1970 } 1971 /* FALLTHROUGH */ 1972 1973 case F_TTY: 1974 dprintf(" %s%s\n", _PATH_DEV, f->fu_fname); 1975 iovlist_append(il, "\r\n"); 1976 errno = 0; /* ttymsg() only sometimes returns an errno */ 1977 if ((msgret = ttymsg(il->iov, il->iovcnt, f->fu_fname, 10))) { 1978 f->f_type = F_UNUSED; 1979 logerror(msgret); 1980 } 1981 break; 1982 1983 case F_USERS: 1984 case F_WALL: 1985 dprintf("\n"); 1986 iovlist_append(il, "\r\n"); 1987 wallmsg(f, il->iov, il->iovcnt); 1988 break; 1989 default: 1990 break; 1991 } 1992 } 1993 1994 static void 1995 fprintlog_rfc5424(struct filed *f, const char *hostname, const char *app_name, 1996 const char *procid, const char *msgid, const char *structured_data, 1997 const char *msg, int flags) 1998 { 1999 struct iovlist il; 2000 suseconds_t usec; 2001 int i; 2002 char timebuf[33], priority_number[5]; 2003 2004 iovlist_init(&il); 2005 if (f->f_type == F_WALL) 2006 iovlist_append(&il, "\r\n\aMessage from syslogd ...\r\n"); 2007 iovlist_append(&il, "<"); 2008 snprintf(priority_number, sizeof(priority_number), "%d", f->f_prevpri); 2009 iovlist_append(&il, priority_number); 2010 iovlist_append(&il, ">1 "); 2011 if (strftime(timebuf, sizeof(timebuf), "%FT%T.______%z", 2012 &f->f_lasttime.tm) == sizeof(timebuf) - 2) { 2013 /* Add colon to the time zone offset, which %z doesn't do. */ 2014 timebuf[32] = '\0'; 2015 timebuf[31] = timebuf[30]; 2016 timebuf[30] = timebuf[29]; 2017 timebuf[29] = ':'; 2018 2019 /* Overwrite space for microseconds with actual value. */ 2020 usec = f->f_lasttime.usec; 2021 for (i = 25; i >= 20; --i) { 2022 timebuf[i] = usec % 10 + '0'; 2023 usec /= 10; 2024 } 2025 iovlist_append(&il, timebuf); 2026 } else 2027 iovlist_append(&il, "-"); 2028 iovlist_append(&il, " "); 2029 iovlist_append(&il, hostname); 2030 iovlist_append(&il, " "); 2031 iovlist_append(&il, app_name == NULL ? "-" : app_name); 2032 iovlist_append(&il, " "); 2033 iovlist_append(&il, procid == NULL ? "-" : procid); 2034 iovlist_append(&il, " "); 2035 iovlist_append(&il, msgid == NULL ? "-" : msgid); 2036 iovlist_append(&il, " "); 2037 iovlist_append(&il, structured_data == NULL ? "-" : structured_data); 2038 iovlist_append(&il, " "); 2039 iovlist_append(&il, msg); 2040 2041 fprintlog_write(f, &il, flags); 2042 } 2043 2044 static void 2045 fprintlog_rfc3164(struct filed *f, const char *hostname, const char *app_name, 2046 const char *procid, const char *msg, int flags) 2047 { 2048 struct iovlist il; 2049 const CODE *c; 2050 int facility, priority; 2051 char timebuf[RFC3164_DATELEN + 1], facility_number[5], 2052 priority_number[5]; 2053 bool facility_found, priority_found; 2054 2055 if (strftime(timebuf, sizeof(timebuf), RFC3164_DATEFMT, 2056 &f->f_lasttime.tm) == 0) 2057 timebuf[0] = '\0'; 2058 2059 iovlist_init(&il); 2060 switch (f->f_type) { 2061 case F_FORW: 2062 /* Message forwarded over the network. */ 2063 iovlist_append(&il, "<"); 2064 snprintf(priority_number, sizeof(priority_number), "%d", 2065 f->f_prevpri); 2066 iovlist_append(&il, priority_number); 2067 iovlist_append(&il, ">"); 2068 iovlist_append(&il, timebuf); 2069 if (strcasecmp(hostname, LocalHostName) != 0) { 2070 iovlist_append(&il, " Forwarded from "); 2071 iovlist_append(&il, hostname); 2072 iovlist_append(&il, ":"); 2073 } 2074 iovlist_append(&il, " "); 2075 break; 2076 2077 case F_WALL: 2078 /* Message written to terminals. */ 2079 iovlist_append(&il, "\r\n\aMessage from syslogd@"); 2080 iovlist_append(&il, hostname); 2081 iovlist_append(&il, " at "); 2082 iovlist_append(&il, timebuf); 2083 iovlist_append(&il, " ...\r\n"); 2084 break; 2085 2086 default: 2087 /* Message written to files. */ 2088 iovlist_append(&il, timebuf); 2089 iovlist_append(&il, " "); 2090 2091 if (LogFacPri) { 2092 iovlist_append(&il, "<"); 2093 2094 facility = f->f_prevpri & LOG_FACMASK; 2095 facility_found = false; 2096 if (LogFacPri > 1) { 2097 for (c = facilitynames; c->c_name; c++) { 2098 if (c->c_val == facility) { 2099 iovlist_append(&il, c->c_name); 2100 facility_found = true; 2101 break; 2102 } 2103 } 2104 } 2105 if (!facility_found) { 2106 snprintf(facility_number, 2107 sizeof(facility_number), "%d", 2108 LOG_FAC(facility)); 2109 iovlist_append(&il, facility_number); 2110 } 2111 2112 iovlist_append(&il, "."); 2113 2114 priority = LOG_PRI(f->f_prevpri); 2115 priority_found = false; 2116 if (LogFacPri > 1) { 2117 for (c = prioritynames; c->c_name; c++) { 2118 if (c->c_val == priority) { 2119 iovlist_append(&il, c->c_name); 2120 priority_found = true; 2121 break; 2122 } 2123 } 2124 } 2125 if (!priority_found) { 2126 snprintf(priority_number, 2127 sizeof(priority_number), "%d", priority); 2128 iovlist_append(&il, priority_number); 2129 } 2130 2131 iovlist_append(&il, "> "); 2132 } 2133 2134 iovlist_append(&il, hostname); 2135 iovlist_append(&il, " "); 2136 break; 2137 } 2138 2139 /* Message body with application name and process ID prefixed. */ 2140 if (app_name != NULL) { 2141 iovlist_append(&il, app_name); 2142 if (procid != NULL) { 2143 iovlist_append(&il, "["); 2144 iovlist_append(&il, procid); 2145 iovlist_append(&il, "]"); 2146 } 2147 iovlist_append(&il, ": "); 2148 } 2149 iovlist_append(&il, msg); 2150 2151 fprintlog_write(f, &il, flags); 2152 } 2153 2154 static void 2155 fprintlog_first(struct filed *f, const char *hostname, const char *app_name, 2156 const char *procid, const char *msgid __unused, 2157 const char *structured_data __unused, const char *msg, int flags) 2158 { 2159 2160 dprintf("Logging to %s", TypeNames[f->f_type]); 2161 f->f_time = now; 2162 f->f_prevcount = 0; 2163 if (f->f_type == F_UNUSED) { 2164 dprintf("\n"); 2165 return; 2166 } 2167 2168 if (RFC3164OutputFormat) 2169 fprintlog_rfc3164(f, hostname, app_name, procid, msg, flags); 2170 else 2171 fprintlog_rfc5424(f, hostname, app_name, procid, msgid, 2172 structured_data, msg, flags); 2173 } 2174 2175 /* 2176 * Prints a message to a log file that the previously logged message was 2177 * received multiple times. 2178 */ 2179 static void 2180 fprintlog_successive(struct filed *f, int flags) 2181 { 2182 char msg[100]; 2183 2184 assert(f->f_prevcount > 0); 2185 snprintf(msg, sizeof(msg), "last message repeated %d times", 2186 f->f_prevcount); 2187 fprintlog_first(f, LocalHostName, "syslogd", NULL, NULL, NULL, msg, 2188 flags); 2189 } 2190 2191 /* 2192 * WALLMSG -- Write a message to the world at large 2193 * 2194 * Write the specified message to either the entire 2195 * world, or a list of approved users. 2196 */ 2197 static void 2198 wallmsg(struct filed *f, struct iovec *iov, const int iovlen) 2199 { 2200 static int reenter; /* avoid calling ourselves */ 2201 struct utmpx *ut; 2202 int i; 2203 const char *p; 2204 2205 if (reenter++) 2206 return; 2207 setutxent(); 2208 /* NOSTRICT */ 2209 while ((ut = getutxent()) != NULL) { 2210 if (ut->ut_type != USER_PROCESS) 2211 continue; 2212 if (f->f_type == F_WALL) { 2213 if ((p = ttymsg(iov, iovlen, ut->ut_line, 2214 TTYMSGTIME)) != NULL) { 2215 errno = 0; /* already in msg */ 2216 logerror(p); 2217 } 2218 continue; 2219 } 2220 /* should we send the message to this user? */ 2221 for (i = 0; i < MAXUNAMES; i++) { 2222 if (!f->fu_uname[i][0]) 2223 break; 2224 if (!strcmp(f->fu_uname[i], ut->ut_user)) { 2225 if ((p = ttymsg_check(iov, iovlen, ut->ut_line, 2226 TTYMSGTIME)) != NULL) { 2227 errno = 0; /* already in msg */ 2228 logerror(p); 2229 } 2230 break; 2231 } 2232 } 2233 } 2234 endutxent(); 2235 reenter = 0; 2236 } 2237 2238 /* 2239 * Wrapper routine for ttymsg() that checks the terminal for messages enabled. 2240 */ 2241 static const char * 2242 ttymsg_check(struct iovec *iov, int iovcnt, char *line, int tmout) 2243 { 2244 static char device[1024]; 2245 static char errbuf[1024]; 2246 struct stat sb; 2247 2248 (void) snprintf(device, sizeof(device), "%s%s", _PATH_DEV, line); 2249 2250 if (stat(device, &sb) < 0) { 2251 (void) snprintf(errbuf, sizeof(errbuf), 2252 "%s: %s", device, strerror(errno)); 2253 return (errbuf); 2254 } 2255 if ((sb.st_mode & S_IWGRP) == 0) 2256 /* Messages disabled. */ 2257 return (NULL); 2258 return (ttymsg(iov, iovcnt, line, tmout)); 2259 } 2260 2261 /* 2262 * Return a printable representation of a host address. 2263 */ 2264 static const char * 2265 cvthname(struct sockaddr *f) 2266 { 2267 int error, hl; 2268 static char hname[NI_MAXHOST], ip[NI_MAXHOST]; 2269 2270 dprintf("cvthname(%d) len = %d\n", f->sa_family, f->sa_len); 2271 error = getnameinfo(f, f->sa_len, ip, sizeof(ip), NULL, 0, 2272 NI_NUMERICHOST); 2273 if (error) { 2274 dprintf("Malformed from address %s\n", gai_strerror(error)); 2275 return ("???"); 2276 } 2277 dprintf("cvthname(%s)\n", ip); 2278 2279 if (!resolve) 2280 return (ip); 2281 2282 error = getnameinfo(f, f->sa_len, hname, sizeof(hname), 2283 NULL, 0, NI_NAMEREQD); 2284 if (error) { 2285 dprintf("Host name for your address (%s) unknown\n", ip); 2286 return (ip); 2287 } 2288 hl = strlen(hname); 2289 if (hl > 0 && hname[hl-1] == '.') 2290 hname[--hl] = '\0'; 2291 /* RFC 5424 prefers logging FQDNs. */ 2292 if (RFC3164OutputFormat) 2293 trimdomain(hname, hl); 2294 return (hname); 2295 } 2296 2297 /* 2298 * Print syslogd errors some place. 2299 */ 2300 static void 2301 logerror(const char *msg) 2302 { 2303 char buf[512]; 2304 static int recursed = 0; 2305 2306 /* If there's an error while trying to log an error, give up. */ 2307 if (recursed) 2308 return; 2309 recursed++; 2310 if (errno != 0) { 2311 (void)snprintf(buf, sizeof(buf), "%s: %s", msg, 2312 strerror(errno)); 2313 msg = buf; 2314 } 2315 errno = 0; 2316 dprintf("%s\n", msg); 2317 logmsg(LOG_SYSLOG|LOG_ERR, NULL, LocalHostName, "syslogd", NULL, NULL, 2318 NULL, msg, 0); 2319 recursed--; 2320 } 2321 2322 static void 2323 die(int signo) 2324 { 2325 struct filed *f; 2326 struct socklist *sl; 2327 char buf[100]; 2328 2329 STAILQ_FOREACH(f, &fhead, next) { 2330 /* flush any pending output */ 2331 if (f->f_prevcount) 2332 fprintlog_successive(f, 0); 2333 /* close our end of the pipe */ 2334 if (f->f_type == F_PIPE) 2335 close_filed(f); 2336 } 2337 if (signo) { 2338 dprintf("syslogd: exiting on signal %d\n", signo); 2339 (void)snprintf(buf, sizeof(buf), "exiting on signal %d", signo); 2340 errno = 0; 2341 logerror(buf); 2342 } 2343 STAILQ_FOREACH(sl, &shead, next) { 2344 if (sl->sl_sa != NULL && sl->sl_family == AF_LOCAL) { 2345 if (unlinkat(sl->sl_dirfd, sl->sl_name, 0) == -1) { 2346 dprintf("Failed to unlink %s: %s", sl->sl_name, 2347 strerror(errno)); 2348 } 2349 } 2350 } 2351 pidfile_remove(pfh); 2352 2353 exit(1); 2354 } 2355 2356 static int 2357 configfiles(const struct dirent *dp) 2358 { 2359 const char *p; 2360 size_t ext_len; 2361 2362 if (dp->d_name[0] == '.') 2363 return (0); 2364 2365 ext_len = sizeof(include_ext) -1; 2366 2367 if (dp->d_namlen <= ext_len) 2368 return (0); 2369 2370 p = &dp->d_name[dp->d_namlen - ext_len]; 2371 if (strcmp(p, include_ext) != 0) 2372 return (0); 2373 2374 return (1); 2375 } 2376 2377 static void 2378 parseconfigfile(FILE *cf, bool allow_includes) 2379 { 2380 FILE *cf2; 2381 struct dirent **ent; 2382 char cline[LINE_MAX]; 2383 char host[MAXHOSTNAMELEN]; 2384 char prog[LINE_MAX]; 2385 char file[MAXPATHLEN]; 2386 char pfilter[LINE_MAX]; 2387 char *p, *tmp; 2388 int i, nents; 2389 size_t include_len; 2390 2391 /* 2392 * Foreach line in the conf table, open that file. 2393 */ 2394 include_len = sizeof(include_str) - 1; 2395 (void)strlcpy(host, "*", sizeof(host)); 2396 (void)strlcpy(prog, "*", sizeof(prog)); 2397 (void)strlcpy(pfilter, "*", sizeof(pfilter)); 2398 while (fgets(cline, sizeof(cline), cf) != NULL) { 2399 /* 2400 * check for end-of-section, comments, strip off trailing 2401 * spaces and newline character. #!prog is treated specially: 2402 * following lines apply only to that program. 2403 */ 2404 for (p = cline; isspace(*p); ++p) 2405 continue; 2406 if (*p == '\0') 2407 continue; 2408 if (allow_includes && 2409 strncmp(p, include_str, include_len) == 0 && 2410 isspace(p[include_len])) { 2411 p += include_len; 2412 while (isspace(*p)) 2413 p++; 2414 tmp = p; 2415 while (*tmp != '\0' && !isspace(*tmp)) 2416 tmp++; 2417 *tmp = '\0'; 2418 dprintf("Trying to include files in '%s'\n", p); 2419 nents = scandir(p, &ent, configfiles, alphasort); 2420 if (nents == -1) { 2421 dprintf("Unable to open '%s': %s\n", p, 2422 strerror(errno)); 2423 continue; 2424 } 2425 for (i = 0; i < nents; i++) { 2426 if (snprintf(file, sizeof(file), "%s/%s", p, 2427 ent[i]->d_name) >= (int)sizeof(file)) { 2428 dprintf("ignoring path too long: " 2429 "'%s/%s'\n", p, ent[i]->d_name); 2430 free(ent[i]); 2431 continue; 2432 } 2433 free(ent[i]); 2434 cf2 = fopen(file, "r"); 2435 if (cf2 == NULL) 2436 continue; 2437 dprintf("reading %s\n", file); 2438 parseconfigfile(cf2, false); 2439 fclose(cf2); 2440 } 2441 free(ent); 2442 continue; 2443 } 2444 if (*p == '#') { 2445 p++; 2446 if (*p == '\0' || strchr("!+-:", *p) == NULL) 2447 continue; 2448 } 2449 if (*p == '+' || *p == '-') { 2450 host[0] = *p++; 2451 while (isspace(*p)) 2452 p++; 2453 if (*p == '\0' || *p == '*') { 2454 (void)strlcpy(host, "*", sizeof(host)); 2455 continue; 2456 } 2457 if (*p == '@') 2458 p = LocalHostName; 2459 for (i = 1; i < MAXHOSTNAMELEN - 1; i++) { 2460 if (!isalnum(*p) && *p != '.' && *p != '-' 2461 && *p != ',' && *p != ':' && *p != '%') 2462 break; 2463 host[i] = *p++; 2464 } 2465 host[i] = '\0'; 2466 continue; 2467 } 2468 if (*p == '!') { 2469 p++; 2470 while (isspace(*p)) 2471 p++; 2472 if (*p == '\0' || *p == '*') { 2473 (void)strlcpy(prog, "*", sizeof(prog)); 2474 continue; 2475 } 2476 for (i = 0; i < LINE_MAX - 1; i++) { 2477 if (!isprint(p[i]) || isspace(p[i])) 2478 break; 2479 prog[i] = p[i]; 2480 } 2481 prog[i] = '\0'; 2482 continue; 2483 } 2484 if (*p == ':') { 2485 p++; 2486 while (isspace(*p)) 2487 p++; 2488 if (*p == '\0' || *p == '*') { 2489 (void)strlcpy(pfilter, "*", sizeof(pfilter)); 2490 continue; 2491 } 2492 (void)strlcpy(pfilter, p, sizeof(pfilter)); 2493 continue; 2494 } 2495 for (p = cline + 1; *p != '\0'; p++) { 2496 if (*p != '#') 2497 continue; 2498 if (*(p - 1) == '\\') { 2499 strcpy(p - 1, p); 2500 p--; 2501 continue; 2502 } 2503 *p = '\0'; 2504 break; 2505 } 2506 for (i = strlen(cline) - 1; i >= 0 && isspace(cline[i]); i--) 2507 cline[i] = '\0'; 2508 cfline(cline, prog, host, pfilter); 2509 } 2510 } 2511 2512 static void 2513 readconfigfile(const char *path) 2514 { 2515 FILE *cf; 2516 2517 if ((cf = fopen(path, "r")) != NULL) { 2518 parseconfigfile(cf, true); 2519 (void)fclose(cf); 2520 } else { 2521 dprintf("cannot open %s\n", ConfFile); 2522 cfline("*.ERR\t/dev/console", "*", "*", "*"); 2523 cfline("*.PANIC\t*", "*", "*", "*"); 2524 } 2525 } 2526 2527 /* 2528 * Close all open log files. 2529 */ 2530 static void 2531 closelogfiles(void) 2532 { 2533 struct filed *f; 2534 2535 while (!STAILQ_EMPTY(&fhead)) { 2536 f = STAILQ_FIRST(&fhead); 2537 STAILQ_REMOVE_HEAD(&fhead, next); 2538 2539 /* flush any pending output */ 2540 if (f->f_prevcount) 2541 fprintlog_successive(f, 0); 2542 2543 switch (f->f_type) { 2544 case F_FILE: 2545 case F_FORW: 2546 case F_CONSOLE: 2547 case F_TTY: 2548 case F_PIPE: 2549 close_filed(f); 2550 break; 2551 default: 2552 break; 2553 } 2554 2555 free(f->f_program); 2556 free(f->f_host); 2557 if (f->f_prop_filter) { 2558 switch (f->f_prop_filter->cmp_type) { 2559 case FILT_CMP_REGEX: 2560 regfree(f->f_prop_filter->pflt_re); 2561 free(f->f_prop_filter->pflt_re); 2562 break; 2563 case FILT_CMP_CONTAINS: 2564 case FILT_CMP_EQUAL: 2565 case FILT_CMP_STARTS: 2566 free(f->f_prop_filter->pflt_strval); 2567 break; 2568 } 2569 free(f->f_prop_filter); 2570 } 2571 free(f); 2572 } 2573 } 2574 2575 /* 2576 * INIT -- Initialize syslogd from configuration table 2577 */ 2578 static void 2579 init(bool reload) 2580 { 2581 int i; 2582 char *p; 2583 char oldLocalHostName[MAXHOSTNAMELEN]; 2584 char hostMsg[2*MAXHOSTNAMELEN+40]; 2585 char bootfileMsg[MAXLINE + 1]; 2586 2587 dprintf("init\n"); 2588 2589 /* 2590 * Load hostname (may have changed). 2591 */ 2592 if (reload) 2593 (void)strlcpy(oldLocalHostName, LocalHostName, 2594 sizeof(oldLocalHostName)); 2595 if (gethostname(LocalHostName, sizeof(LocalHostName))) 2596 err(EX_OSERR, "gethostname() failed"); 2597 if ((p = strchr(LocalHostName, '.')) != NULL) { 2598 /* RFC 5424 prefers logging FQDNs. */ 2599 if (RFC3164OutputFormat) 2600 *p = '\0'; 2601 LocalDomain = p + 1; 2602 } else { 2603 LocalDomain = ""; 2604 } 2605 2606 /* 2607 * Load / reload timezone data (in case it changed). 2608 * 2609 * Just calling tzset() again does not work, the timezone code 2610 * caches the result. However, by setting the TZ variable, one 2611 * can defeat the caching and have the timezone code really 2612 * reload the timezone data. Respect any initial setting of 2613 * TZ, in case the system is configured specially. 2614 */ 2615 dprintf("loading timezone data via tzset()\n"); 2616 if (getenv("TZ")) { 2617 tzset(); 2618 } else { 2619 setenv("TZ", ":/etc/localtime", 1); 2620 tzset(); 2621 unsetenv("TZ"); 2622 } 2623 2624 Initialized = false; 2625 closelogfiles(); 2626 readconfigfile(ConfFile); 2627 Initialized = true; 2628 2629 if (Debug) { 2630 struct filed *f; 2631 int port; 2632 2633 STAILQ_FOREACH(f, &fhead, next) { 2634 for (i = 0; i <= LOG_NFACILITIES; i++) 2635 if (f->f_pmask[i] == INTERNAL_NOPRI) 2636 printf("X "); 2637 else 2638 printf("%d ", f->f_pmask[i]); 2639 printf("%s: ", TypeNames[f->f_type]); 2640 switch (f->f_type) { 2641 case F_FILE: 2642 printf("%s", f->fu_fname); 2643 break; 2644 2645 case F_CONSOLE: 2646 case F_TTY: 2647 printf("%s%s", _PATH_DEV, f->fu_fname); 2648 break; 2649 2650 case F_FORW: 2651 switch (f->fu_forw_addr->ai_family) { 2652 #ifdef INET 2653 case AF_INET: 2654 port = ntohs(satosin(f->fu_forw_addr->ai_addr)->sin_port); 2655 break; 2656 #endif 2657 #ifdef INET6 2658 case AF_INET6: 2659 port = ntohs(satosin6(f->fu_forw_addr->ai_addr)->sin6_port); 2660 break; 2661 #endif 2662 default: 2663 port = 0; 2664 } 2665 if (port != 514) { 2666 printf("%s:%d", 2667 f->fu_forw_hname, port); 2668 } else { 2669 printf("%s", f->fu_forw_hname); 2670 } 2671 break; 2672 2673 case F_PIPE: 2674 printf("%s", f->fu_pipe_pname); 2675 break; 2676 2677 case F_USERS: 2678 for (i = 0; i < MAXUNAMES && *f->fu_uname[i]; i++) 2679 printf("%s, ", f->fu_uname[i]); 2680 break; 2681 default: 2682 break; 2683 } 2684 if (f->f_program) 2685 printf(" (%s)", f->f_program); 2686 printf("\n"); 2687 } 2688 } 2689 2690 logmsg(LOG_SYSLOG | LOG_INFO, NULL, LocalHostName, "syslogd", NULL, 2691 NULL, NULL, "restart", 0); 2692 dprintf("syslogd: restarted\n"); 2693 /* 2694 * Log a change in hostname, but only on reload. 2695 */ 2696 if (reload && strcmp(oldLocalHostName, LocalHostName) != 0) { 2697 (void)snprintf(hostMsg, sizeof(hostMsg), 2698 "hostname changed, \"%s\" to \"%s\"", 2699 oldLocalHostName, LocalHostName); 2700 logmsg(LOG_SYSLOG | LOG_INFO, NULL, LocalHostName, "syslogd", 2701 NULL, NULL, NULL, hostMsg, 0); 2702 dprintf("%s\n", hostMsg); 2703 } 2704 /* 2705 * Log the kernel boot file if we aren't going to use it as 2706 * the prefix, and if this is *not* a reload. 2707 */ 2708 if (!reload && !use_bootfile) { 2709 (void)snprintf(bootfileMsg, sizeof(bootfileMsg), 2710 "kernel boot file is %s", bootfile); 2711 logmsg(LOG_KERN | LOG_INFO, NULL, LocalHostName, "syslogd", 2712 NULL, NULL, NULL, bootfileMsg, 0); 2713 dprintf("%s\n", bootfileMsg); 2714 } 2715 } 2716 2717 /* 2718 * Compile property-based filter. 2719 */ 2720 static struct prop_filter * 2721 prop_filter_compile(const char *cfilter) 2722 { 2723 struct prop_filter *pfilter; 2724 char *filter, *filter_endpos, *filter_begpos, *p; 2725 char **ap, *argv[2] = {NULL, NULL}; 2726 int re_flags = REG_NOSUB; 2727 int escaped; 2728 2729 pfilter = calloc(1, sizeof(*pfilter)); 2730 if (pfilter == NULL) { 2731 logerror("pfilter calloc"); 2732 exit(1); 2733 } 2734 if (*cfilter == '*') { 2735 pfilter->prop_type = FILT_PROP_NOOP; 2736 return (pfilter); 2737 } 2738 filter = strdup(cfilter); 2739 if (filter == NULL) { 2740 logerror("strdup"); 2741 exit(1); 2742 } 2743 filter_begpos = filter; 2744 2745 /* 2746 * Here's some filter examples mentioned in syslog.conf(5) 2747 * 'msg, contains, ".*Deny.*"' 2748 * 'programname, regex, "^bird6?$"' 2749 * 'hostname, icase_ereregex, "^server-(dcA|podB)-rack1[0-9]{2}\\..*"' 2750 */ 2751 2752 /* 2753 * Split filter into 3 parts: property name (argv[0]), 2754 * cmp type (argv[1]) and lvalue for comparison (filter). 2755 */ 2756 for (ap = argv; (*ap = strsep(&filter, ", \t\n")) != NULL;) { 2757 if (**ap != '\0') 2758 if (++ap >= &argv[2]) 2759 break; 2760 } 2761 2762 if (argv[0] == NULL || argv[1] == NULL) { 2763 logerror("filter parse error"); 2764 goto error; 2765 } 2766 2767 /* fill in prop_type */ 2768 if (strcasecmp(argv[0], "msg") == 0) 2769 pfilter->prop_type = FILT_PROP_MSG; 2770 else if (strcasecmp(argv[0], "hostname") == 0) 2771 pfilter->prop_type = FILT_PROP_HOSTNAME; 2772 else if (strcasecmp(argv[0], "source") == 0) 2773 pfilter->prop_type = FILT_PROP_HOSTNAME; 2774 else if (strcasecmp(argv[0], "programname") == 0) 2775 pfilter->prop_type = FILT_PROP_PROGNAME; 2776 else { 2777 logerror("unknown property"); 2778 goto error; 2779 } 2780 2781 /* full in cmp_flags (i.e. !contains, icase_regex, etc.) */ 2782 if (*argv[1] == '!') { 2783 pfilter->cmp_flags |= FILT_FLAG_EXCLUDE; 2784 argv[1]++; 2785 } 2786 if (strncasecmp(argv[1], "icase_", (sizeof("icase_") - 1)) == 0) { 2787 pfilter->cmp_flags |= FILT_FLAG_ICASE; 2788 argv[1] += sizeof("icase_") - 1; 2789 } 2790 2791 /* fill in cmp_type */ 2792 if (strcasecmp(argv[1], "contains") == 0) 2793 pfilter->cmp_type = FILT_CMP_CONTAINS; 2794 else if (strcasecmp(argv[1], "isequal") == 0) 2795 pfilter->cmp_type = FILT_CMP_EQUAL; 2796 else if (strcasecmp(argv[1], "startswith") == 0) 2797 pfilter->cmp_type = FILT_CMP_STARTS; 2798 else if (strcasecmp(argv[1], "regex") == 0) 2799 pfilter->cmp_type = FILT_CMP_REGEX; 2800 else if (strcasecmp(argv[1], "ereregex") == 0) { 2801 pfilter->cmp_type = FILT_CMP_REGEX; 2802 re_flags |= REG_EXTENDED; 2803 } else { 2804 logerror("unknown cmp function"); 2805 goto error; 2806 } 2807 2808 /* 2809 * Handle filter value 2810 */ 2811 2812 /* ' ".*Deny.*"' */ 2813 /* remove leading whitespace and check for '"' next character */ 2814 filter += strspn(filter, ", \t\n"); 2815 if (*filter != '"' || strlen(filter) < 3) { 2816 logerror("property value parse error"); 2817 goto error; 2818 } 2819 filter++; 2820 2821 /* '.*Deny.*"' */ 2822 /* process possible backslash (\") escaping */ 2823 escaped = 0; 2824 filter_endpos = filter; 2825 for (p = filter; *p != '\0'; p++) { 2826 if (*p == '\\' && !escaped) { 2827 escaped = 1; 2828 /* do not shift filter_endpos */ 2829 continue; 2830 } 2831 if (*p == '"' && !escaped) { 2832 p++; 2833 break; 2834 } 2835 /* we've seen some esc symbols, need to compress the line */ 2836 if (filter_endpos != p) 2837 *filter_endpos = *p; 2838 2839 filter_endpos++; 2840 escaped = 0; 2841 } 2842 2843 *filter_endpos = '\0'; 2844 /* '.*Deny.*' */ 2845 2846 /* We should not have anything but whitespace left after closing '"' */ 2847 if (*p != '\0' && strspn(p, " \t\n") != strlen(p)) { 2848 logerror("property value parse error"); 2849 goto error; 2850 } 2851 2852 if (pfilter->cmp_type == FILT_CMP_REGEX) { 2853 pfilter->pflt_re = calloc(1, sizeof(*pfilter->pflt_re)); 2854 if (pfilter->pflt_re == NULL) { 2855 logerror("RE calloc() error"); 2856 goto error; 2857 } 2858 if (pfilter->cmp_flags & FILT_FLAG_ICASE) 2859 re_flags |= REG_ICASE; 2860 if (regcomp(pfilter->pflt_re, filter, re_flags) != 0) { 2861 logerror("RE compilation error"); 2862 goto error; 2863 } 2864 } else { 2865 pfilter->pflt_strval = strdup(filter); 2866 pfilter->pflt_strlen = strlen(filter); 2867 } 2868 2869 free(filter_begpos); 2870 return (pfilter); 2871 error: 2872 free(filter_begpos); 2873 free(pfilter->pflt_re); 2874 free(pfilter); 2875 return (NULL); 2876 } 2877 2878 static const char * 2879 parse_selector(const char *p, struct filed *f) 2880 { 2881 int i, pri; 2882 int pri_done = 0, pri_cmp = 0, pri_invert = 0; 2883 char *bp, buf[LINE_MAX], ebuf[100]; 2884 const char *q; 2885 2886 /* find the end of this facility name list */ 2887 for (q = p; *q && *q != '\t' && *q != ' ' && *q++ != '.';) 2888 continue; 2889 2890 /* get the priority comparison */ 2891 if (*q == '!') { 2892 pri_invert = 1; 2893 q++; 2894 } 2895 while (!pri_done) { 2896 switch (*q) { 2897 case '<': 2898 pri_cmp |= PRI_LT; 2899 q++; 2900 break; 2901 case '=': 2902 pri_cmp |= PRI_EQ; 2903 q++; 2904 break; 2905 case '>': 2906 pri_cmp |= PRI_GT; 2907 q++; 2908 break; 2909 default: 2910 pri_done++; 2911 break; 2912 } 2913 } 2914 2915 /* collect priority name */ 2916 for (bp = buf; *q != '\0' && !strchr("\t,; ", *q); ) 2917 *bp++ = *q++; 2918 *bp = '\0'; 2919 2920 /* skip cruft */ 2921 while (strchr(",;", *q)) 2922 q++; 2923 2924 /* decode priority name */ 2925 if (*buf == '*') { 2926 pri = LOG_PRIMASK; 2927 pri_cmp = PRI_LT | PRI_EQ | PRI_GT; 2928 } else { 2929 /* Ignore trailing spaces. */ 2930 for (i = strlen(buf) - 1; i >= 0 && buf[i] == ' '; i--) 2931 buf[i] = '\0'; 2932 2933 pri = decode(buf, prioritynames); 2934 if (pri < 0) { 2935 errno = 0; 2936 (void)snprintf(ebuf, sizeof(ebuf), 2937 "unknown priority name \"%s\"", buf); 2938 logerror(ebuf); 2939 free(f); 2940 return (NULL); 2941 } 2942 } 2943 if (!pri_cmp) 2944 pri_cmp = UniquePriority ? PRI_EQ : (PRI_EQ | PRI_GT); 2945 if (pri_invert) 2946 pri_cmp ^= PRI_LT | PRI_EQ | PRI_GT; 2947 2948 /* scan facilities */ 2949 while (*p != '\0' && !strchr("\t.; ", *p)) { 2950 for (bp = buf; *p != '\0' && !strchr("\t,;. ", *p); ) 2951 *bp++ = *p++; 2952 *bp = '\0'; 2953 2954 if (*buf == '*') { 2955 for (i = 0; i < LOG_NFACILITIES; i++) { 2956 f->f_pmask[i] = pri; 2957 f->f_pcmp[i] = pri_cmp; 2958 } 2959 } else { 2960 i = decode(buf, facilitynames); 2961 if (i < 0) { 2962 errno = 0; 2963 (void)snprintf(ebuf, sizeof(ebuf), 2964 "unknown facility name \"%s\"", 2965 buf); 2966 logerror(ebuf); 2967 free(f); 2968 return (NULL); 2969 } 2970 f->f_pmask[i >> 3] = pri; 2971 f->f_pcmp[i >> 3] = pri_cmp; 2972 } 2973 while (*p == ',' || *p == ' ') 2974 p++; 2975 } 2976 return (q); 2977 } 2978 2979 static void 2980 parse_action(const char *p, struct filed *f) 2981 { 2982 struct addrinfo hints, *res; 2983 int error, i; 2984 const char *q; 2985 bool syncfile; 2986 2987 if (*p == '-') { 2988 syncfile = false; 2989 p++; 2990 } else 2991 syncfile = true; 2992 2993 switch (*p) { 2994 case '@': 2995 { 2996 char *tp; 2997 char endkey = ':'; 2998 /* 2999 * scan forward to see if there is a port defined. 3000 * so we can't use strlcpy.. 3001 */ 3002 i = sizeof(f->fu_forw_hname); 3003 tp = f->fu_forw_hname; 3004 p++; 3005 3006 /* 3007 * an ipv6 address should start with a '[' in that case 3008 * we should scan for a ']' 3009 */ 3010 if (*p == '[') { 3011 p++; 3012 endkey = ']'; 3013 } 3014 while (*p && (*p != endkey) && (i-- > 0)) { 3015 *tp++ = *p++; 3016 } 3017 if (endkey == ']' && *p == endkey) 3018 p++; 3019 *tp = '\0'; 3020 } 3021 /* See if we copied a domain and have a port */ 3022 if (*p == ':') 3023 p++; 3024 else 3025 p = NULL; 3026 3027 hints = (struct addrinfo){ 3028 .ai_family = family, 3029 .ai_socktype = SOCK_DGRAM 3030 }; 3031 error = getaddrinfo(f->fu_forw_hname, 3032 p ? p : "syslog", &hints, &res); 3033 if (error) { 3034 logerror(gai_strerror(error)); 3035 break; 3036 } 3037 f->fu_forw_addr = res; 3038 f->f_type = F_FORW; 3039 break; 3040 3041 case '/': 3042 if ((f->f_file = open(p, logflags, 0600)) < 0) { 3043 f->f_type = F_UNUSED; 3044 logerror(p); 3045 break; 3046 } 3047 if (syncfile) 3048 f->f_flags |= FFLAG_SYNC; 3049 if (isatty(f->f_file)) { 3050 if (strcmp(p, _PATH_CONSOLE) == 0) 3051 f->f_type = F_CONSOLE; 3052 else 3053 f->f_type = F_TTY; 3054 (void)strlcpy(f->fu_fname, p + sizeof(_PATH_DEV) - 1, 3055 sizeof(f->fu_fname)); 3056 /* This will be reopened by ttymsg(). */ 3057 close(f->f_file); 3058 f->f_file = -1; 3059 } else { 3060 (void)strlcpy(f->fu_fname, p, sizeof(f->fu_fname)); 3061 f->f_type = F_FILE; 3062 } 3063 break; 3064 3065 case '|': 3066 f->fu_pipe_pd = -1; 3067 (void)strlcpy(f->fu_pipe_pname, p + 1, 3068 sizeof(f->fu_pipe_pname)); 3069 f->f_type = F_PIPE; 3070 break; 3071 3072 case '*': 3073 f->f_type = F_WALL; 3074 break; 3075 3076 default: 3077 for (i = 0; i < MAXUNAMES && *p; i++) { 3078 for (q = p; *q && *q != ','; ) 3079 q++; 3080 (void)strncpy(f->fu_uname[i], p, MAXLOGNAME - 1); 3081 if ((q - p) >= MAXLOGNAME) 3082 f->fu_uname[i][MAXLOGNAME - 1] = '\0'; 3083 else 3084 f->fu_uname[i][q - p] = '\0'; 3085 while (*q == ',' || *q == ' ') 3086 q++; 3087 p = q; 3088 } 3089 f->f_type = F_USERS; 3090 break; 3091 } 3092 } 3093 3094 /* 3095 * Crack a configuration file line 3096 */ 3097 static void 3098 cfline(const char *line, const char *prog, const char *host, 3099 const char *pfilter) 3100 { 3101 struct filed *f; 3102 const char *p; 3103 3104 dprintf("cfline(\"%s\", f, \"%s\", \"%s\", \"%s\")\n", line, prog, 3105 host, pfilter); 3106 3107 f = calloc(1, sizeof(*f)); 3108 if (f == NULL) { 3109 logerror("malloc"); 3110 exit(1); 3111 } 3112 errno = 0; /* keep strerror() stuff out of logerror messages */ 3113 3114 for (int i = 0; i <= LOG_NFACILITIES; i++) 3115 f->f_pmask[i] = INTERNAL_NOPRI; 3116 3117 /* save hostname if any */ 3118 if (host && *host == '*') 3119 host = NULL; 3120 if (host) { 3121 int hl; 3122 3123 f->f_host = strdup(host); 3124 if (f->f_host == NULL) { 3125 logerror("strdup"); 3126 exit(1); 3127 } 3128 hl = strlen(f->f_host); 3129 if (hl > 0 && f->f_host[hl-1] == '.') 3130 f->f_host[--hl] = '\0'; 3131 /* RFC 5424 prefers logging FQDNs. */ 3132 if (RFC3164OutputFormat) 3133 trimdomain(f->f_host, hl); 3134 } 3135 3136 /* save program name if any */ 3137 if (prog && *prog == '*') 3138 prog = NULL; 3139 if (prog) { 3140 f->f_program = strdup(prog); 3141 if (f->f_program == NULL) { 3142 logerror("strdup"); 3143 exit(1); 3144 } 3145 } 3146 3147 if (pfilter) { 3148 f->f_prop_filter = prop_filter_compile(pfilter); 3149 if (f->f_prop_filter == NULL) { 3150 logerror("filter compile error"); 3151 exit(1); 3152 } 3153 } 3154 3155 /* scan through the list of selectors */ 3156 for (p = line; *p != '\0' && *p != '\t' && *p != ' ';) 3157 p = parse_selector(p, f); 3158 3159 /* skip to action part */ 3160 while (*p == '\t' || *p == ' ') 3161 p++; 3162 parse_action(p, f); 3163 3164 STAILQ_INSERT_TAIL(&fhead, f, next); 3165 } 3166 3167 /* 3168 * Decode a symbolic name to a numeric value 3169 */ 3170 static int 3171 decode(const char *name, const CODE *codetab) 3172 { 3173 const CODE *c; 3174 char *p, buf[40]; 3175 3176 if (isdigit(*name)) 3177 return (atoi(name)); 3178 3179 for (p = buf; *name && p < &buf[sizeof(buf) - 1]; p++, name++) { 3180 if (isupper(*name)) 3181 *p = tolower(*name); 3182 else 3183 *p = *name; 3184 } 3185 *p = '\0'; 3186 for (c = codetab; c->c_name; c++) 3187 if (!strcmp(buf, c->c_name)) 3188 return (c->c_val); 3189 3190 return (-1); 3191 } 3192 3193 static void 3194 markit(void) 3195 { 3196 struct filed *f; 3197 struct deadq_entry *dq, *dq0; 3198 3199 now = time((time_t *)NULL); 3200 MarkSeq += TIMERINTVL; 3201 if (MarkSeq >= MarkInterval) { 3202 logmsg(LOG_INFO, NULL, LocalHostName, NULL, NULL, NULL, NULL, 3203 "-- MARK --", MARK); 3204 MarkSeq = 0; 3205 } 3206 3207 STAILQ_FOREACH(f, &fhead, next) { 3208 if (f->f_prevcount && now >= REPEATTIME(f)) { 3209 dprintf("flush %s: repeated %d times, %d sec.\n", 3210 TypeNames[f->f_type], f->f_prevcount, 3211 repeatinterval[f->f_repeatcount]); 3212 fprintlog_successive(f, 0); 3213 BACKOFF(f); 3214 } 3215 } 3216 3217 /* Walk the dead queue, and see if we should signal somebody. */ 3218 TAILQ_FOREACH_SAFE(dq, &deadq_head, dq_entries, dq0) { 3219 switch (dq->dq_timeout) { 3220 case 0: 3221 /* Already signalled once, try harder now. */ 3222 (void)pdkill(dq->dq_procdesc, SIGKILL); 3223 (void)deadq_remove(dq); 3224 break; 3225 3226 case 1: 3227 if (pdkill(dq->dq_procdesc, SIGTERM) != 0) 3228 (void)deadq_remove(dq); 3229 else 3230 dq->dq_timeout--; 3231 break; 3232 default: 3233 dq->dq_timeout--; 3234 } 3235 } 3236 (void)alarm(TIMERINTVL); 3237 } 3238 3239 /* 3240 * fork off and become a daemon, but wait for the child to come online 3241 * before returning to the parent, or we get disk thrashing at boot etc. 3242 */ 3243 static int 3244 waitdaemon(int maxwait) 3245 { 3246 struct pollfd pollfd; 3247 int events, pipefd[2], status; 3248 pid_t pid; 3249 3250 if (pipe(pipefd) == -1) { 3251 warn("failed to daemonize, pipe"); 3252 die(0); 3253 } 3254 pid = fork(); 3255 if (pid == -1) { 3256 warn("failed to daemonize, fork"); 3257 die(0); 3258 } else if (pid > 0) { 3259 close(pipefd[1]); 3260 pollfd.fd = pipefd[0]; 3261 pollfd.events = POLLHUP; 3262 events = poll(&pollfd, 1, maxwait * 1000); 3263 if (events == -1) 3264 err(1, "failed to daemonize, poll"); 3265 else if (events == 0) 3266 errx(1, "timed out waiting for child"); 3267 if (waitpid(pid, &status, WNOHANG) > 0) { 3268 if (WIFEXITED(status)) 3269 errx(1, "child pid %d exited with return code %d", 3270 pid, WEXITSTATUS(status)); 3271 if (WIFSIGNALED(status)) 3272 errx(1, "child pid %d exited on signal %d%s", 3273 pid, WTERMSIG(status), 3274 WCOREDUMP(status) ? " (core dumped)" : ""); 3275 } 3276 exit(0); 3277 } 3278 close(pipefd[0]); 3279 if (setsid() == -1) { 3280 warn("failed to daemonize, setsid"); 3281 die(0); 3282 } 3283 (void)chdir("/"); 3284 (void)dup2(nulldesc, STDIN_FILENO); 3285 (void)dup2(nulldesc, STDOUT_FILENO); 3286 (void)dup2(nulldesc, STDERR_FILENO); 3287 return (pipefd[1]); 3288 } 3289 3290 /* 3291 * Add `s' to the list of allowable peer addresses to accept messages 3292 * from. 3293 * 3294 * `s' is a string in the form: 3295 * 3296 * [*]domainname[:{servicename|portnumber|*}] 3297 * 3298 * or 3299 * 3300 * netaddr/maskbits[:{servicename|portnumber|*}] 3301 * 3302 * Returns false on error, true if the argument was valid. 3303 */ 3304 static bool 3305 #if defined(INET) || defined(INET6) 3306 allowaddr(char *s) 3307 #else 3308 allowaddr(char *s __unused) 3309 #endif 3310 { 3311 #if defined(INET) || defined(INET6) 3312 char *cp1, *cp2; 3313 struct allowedpeer *ap; 3314 struct servent *se; 3315 int masklen = -1; 3316 struct addrinfo hints, *res = NULL; 3317 #ifdef INET 3318 in_addr_t *addrp, *maskp; 3319 #endif 3320 #ifdef INET6 3321 uint32_t *addr6p, *mask6p; 3322 #endif 3323 char ip[NI_MAXHOST]; 3324 3325 ap = calloc(1, sizeof(*ap)); 3326 if (ap == NULL) 3327 err(1, "malloc failed"); 3328 3329 #ifdef INET6 3330 if (*s != '[' || (cp1 = strchr(s + 1, ']')) == NULL) 3331 #endif 3332 cp1 = s; 3333 if ((cp1 = strrchr(cp1, ':'))) { 3334 /* service/port provided */ 3335 *cp1++ = '\0'; 3336 if (strlen(cp1) == 1 && *cp1 == '*') 3337 /* any port allowed */ 3338 ap->port = 0; 3339 else if ((se = getservbyname(cp1, "udp"))) { 3340 ap->port = ntohs(se->s_port); 3341 } else { 3342 ap->port = strtol(cp1, &cp2, 0); 3343 /* port not numeric */ 3344 if (*cp2 != '\0') 3345 goto err; 3346 } 3347 } else { 3348 if ((se = getservbyname("syslog", "udp"))) 3349 ap->port = ntohs(se->s_port); 3350 else 3351 /* sanity, should not happen */ 3352 ap->port = 514; 3353 } 3354 3355 if ((cp1 = strchr(s, '/')) != NULL && 3356 strspn(cp1 + 1, "0123456789") == strlen(cp1 + 1)) { 3357 *cp1 = '\0'; 3358 if ((masklen = atoi(cp1 + 1)) < 0) 3359 goto err; 3360 } 3361 #ifdef INET6 3362 if (*s == '[') { 3363 cp2 = s + strlen(s) - 1; 3364 if (*cp2 == ']') { 3365 ++s; 3366 *cp2 = '\0'; 3367 } else { 3368 cp2 = NULL; 3369 } 3370 } else { 3371 cp2 = NULL; 3372 } 3373 #endif 3374 hints = (struct addrinfo){ 3375 .ai_family = PF_UNSPEC, 3376 .ai_socktype = SOCK_DGRAM, 3377 .ai_flags = AI_PASSIVE | AI_NUMERICHOST 3378 }; 3379 if (getaddrinfo(s, NULL, &hints, &res) == 0) { 3380 ap->isnumeric = true; 3381 memcpy(&ap->a_addr, res->ai_addr, res->ai_addrlen); 3382 ap->a_mask = (struct sockaddr_storage){ 3383 .ss_family = res->ai_family, 3384 .ss_len = res->ai_addrlen 3385 }; 3386 switch (res->ai_family) { 3387 #ifdef INET 3388 case AF_INET: 3389 maskp = &sstosin(&ap->a_mask)->sin_addr.s_addr; 3390 addrp = &sstosin(&ap->a_addr)->sin_addr.s_addr; 3391 if (masklen < 0) { 3392 /* use default netmask */ 3393 if (IN_CLASSA(ntohl(*addrp))) 3394 *maskp = htonl(IN_CLASSA_NET); 3395 else if (IN_CLASSB(ntohl(*addrp))) 3396 *maskp = htonl(IN_CLASSB_NET); 3397 else 3398 *maskp = htonl(IN_CLASSC_NET); 3399 } else if (masklen == 0) { 3400 *maskp = 0; 3401 } else if (masklen <= 32) { 3402 /* convert masklen to netmask */ 3403 *maskp = htonl(~((1 << (32 - masklen)) - 1)); 3404 } else { 3405 goto err; 3406 } 3407 /* Lose any host bits in the network number. */ 3408 *addrp &= *maskp; 3409 break; 3410 #endif 3411 #ifdef INET6 3412 case AF_INET6: 3413 if (masklen > 128) 3414 goto err; 3415 3416 if (masklen < 0) 3417 masklen = 128; 3418 mask6p = (uint32_t *)&sstosin6(&ap->a_mask)->sin6_addr.s6_addr32[0]; 3419 addr6p = (uint32_t *)&sstosin6(&ap->a_addr)->sin6_addr.s6_addr32[0]; 3420 /* convert masklen to netmask */ 3421 while (masklen > 0) { 3422 if (masklen < 32) { 3423 *mask6p = 3424 htonl(~(0xffffffff >> masklen)); 3425 *addr6p &= *mask6p; 3426 break; 3427 } else { 3428 *mask6p++ = 0xffffffff; 3429 addr6p++; 3430 masklen -= 32; 3431 } 3432 } 3433 break; 3434 #endif 3435 default: 3436 goto err; 3437 } 3438 freeaddrinfo(res); 3439 } else { 3440 /* arg `s' is domain name */ 3441 ap->isnumeric = false; 3442 ap->a_name = s; 3443 if (cp1) 3444 *cp1 = '/'; 3445 #ifdef INET6 3446 if (cp2) { 3447 *cp2 = ']'; 3448 --s; 3449 } 3450 #endif 3451 } 3452 STAILQ_INSERT_TAIL(&aphead, ap, next); 3453 3454 if (Debug) { 3455 printf("allowaddr: rule "); 3456 if (ap->isnumeric) { 3457 printf("numeric, "); 3458 getnameinfo(sstosa(&ap->a_addr), 3459 (sstosa(&ap->a_addr))->sa_len, 3460 ip, sizeof(ip), NULL, 0, NI_NUMERICHOST); 3461 printf("addr = %s, ", ip); 3462 getnameinfo(sstosa(&ap->a_mask), 3463 (sstosa(&ap->a_mask))->sa_len, 3464 ip, sizeof(ip), NULL, 0, NI_NUMERICHOST); 3465 printf("mask = %s; ", ip); 3466 } else { 3467 printf("domainname = %s; ", ap->a_name); 3468 } 3469 printf("port = %d\n", ap->port); 3470 } 3471 3472 return (true); 3473 err: 3474 if (res != NULL) 3475 freeaddrinfo(res); 3476 free(ap); 3477 #endif 3478 return (false); 3479 } 3480 3481 /* 3482 * Validate that the remote peer has permission to log to us. 3483 */ 3484 static bool 3485 validate(struct sockaddr *sa, const char *hname) 3486 { 3487 int i; 3488 char name[NI_MAXHOST], ip[NI_MAXHOST], port[NI_MAXSERV]; 3489 struct allowedpeer *ap; 3490 #ifdef INET 3491 struct sockaddr_in *sin4, *a4p = NULL, *m4p = NULL; 3492 #endif 3493 #ifdef INET6 3494 struct sockaddr_in6 *sin6, *a6p = NULL, *m6p = NULL; 3495 #endif 3496 struct addrinfo hints, *res; 3497 u_short sport; 3498 3499 /* traditional behaviour, allow everything */ 3500 if (STAILQ_EMPTY(&aphead)) 3501 return (true); 3502 3503 (void)strlcpy(name, hname, sizeof(name)); 3504 hints = (struct addrinfo){ 3505 .ai_family = PF_UNSPEC, 3506 .ai_socktype = SOCK_DGRAM, 3507 .ai_flags = AI_PASSIVE | AI_NUMERICHOST 3508 }; 3509 if (getaddrinfo(name, NULL, &hints, &res) == 0) 3510 freeaddrinfo(res); 3511 else if (strchr(name, '.') == NULL) { 3512 strlcat(name, ".", sizeof(name)); 3513 strlcat(name, LocalDomain, sizeof(name)); 3514 } 3515 if (getnameinfo(sa, sa->sa_len, ip, sizeof(ip), port, sizeof(port), 3516 NI_NUMERICHOST | NI_NUMERICSERV) != 0) 3517 return (false); /* for safety, should not occur */ 3518 dprintf("validate: dgram from IP %s, port %s, name %s;\n", 3519 ip, port, name); 3520 sport = atoi(port); 3521 3522 /* now, walk down the list */ 3523 i = 0; 3524 STAILQ_FOREACH(ap, &aphead, next) { 3525 i++; 3526 if (ap->port != 0 && ap->port != sport) { 3527 dprintf("rejected in rule %d due to port mismatch.\n", 3528 i); 3529 continue; 3530 } 3531 3532 if (ap->isnumeric) { 3533 if (ap->a_addr.ss_family != sa->sa_family) { 3534 dprintf("rejected in rule %d due to address family mismatch.\n", i); 3535 continue; 3536 } 3537 #ifdef INET 3538 else if (ap->a_addr.ss_family == AF_INET) { 3539 sin4 = satosin(sa); 3540 a4p = satosin(&ap->a_addr); 3541 m4p = satosin(&ap->a_mask); 3542 if ((sin4->sin_addr.s_addr & m4p->sin_addr.s_addr) 3543 != a4p->sin_addr.s_addr) { 3544 dprintf("rejected in rule %d due to IP mismatch.\n", i); 3545 continue; 3546 } 3547 } 3548 #endif 3549 #ifdef INET6 3550 else if (ap->a_addr.ss_family == AF_INET6) { 3551 sin6 = satosin6(sa); 3552 a6p = satosin6(&ap->a_addr); 3553 m6p = satosin6(&ap->a_mask); 3554 if (a6p->sin6_scope_id != 0 && 3555 sin6->sin6_scope_id != a6p->sin6_scope_id) { 3556 dprintf("rejected in rule %d due to scope mismatch.\n", i); 3557 continue; 3558 } 3559 if (!IN6_ARE_MASKED_ADDR_EQUAL(&sin6->sin6_addr, 3560 &a6p->sin6_addr, &m6p->sin6_addr)) { 3561 dprintf("rejected in rule %d due to IP mismatch.\n", i); 3562 continue; 3563 } 3564 } 3565 #endif 3566 else 3567 continue; 3568 } else { 3569 if (fnmatch(ap->a_name, name, FNM_NOESCAPE) == 3570 FNM_NOMATCH) { 3571 dprintf("rejected in rule %d due to name " 3572 "mismatch.\n", i); 3573 continue; 3574 } 3575 } 3576 dprintf("accepted in rule %d.\n", i); 3577 return (true); /* hooray! */ 3578 } 3579 return (false); 3580 } 3581 3582 /* 3583 * Fairly similar to popen(3), but returns an open descriptor, as 3584 * opposed to a FILE *. 3585 */ 3586 static int 3587 p_open(const char *prog, int *rpd) 3588 { 3589 struct sigaction act = { }; 3590 int pfd[2], pd; 3591 pid_t pid; 3592 char *argv[4]; /* sh -c cmd NULL */ 3593 char errmsg[200]; 3594 3595 if (pipe(pfd) == -1) 3596 return (-1); 3597 3598 switch ((pid = pdfork(&pd, PD_CLOEXEC))) { 3599 case -1: 3600 return (-1); 3601 3602 case 0: 3603 (void)setsid(); /* Avoid catching SIGHUPs. */ 3604 argv[0] = strdup("sh"); 3605 argv[1] = strdup("-c"); 3606 argv[2] = strdup(prog); 3607 argv[3] = NULL; 3608 if (argv[0] == NULL || argv[1] == NULL || argv[2] == NULL) { 3609 logerror("strdup"); 3610 exit(1); 3611 } 3612 3613 alarm(0); 3614 act.sa_handler = SIG_DFL; 3615 for (size_t i = 0; i < nitems(sigcatch); ++i) { 3616 if (sigaction(sigcatch[i], &act, NULL) == -1) { 3617 logerror("sigaction"); 3618 exit(1); 3619 } 3620 } 3621 3622 dup2(pfd[0], STDIN_FILENO); 3623 dup2(nulldesc, STDOUT_FILENO); 3624 dup2(nulldesc, STDERR_FILENO); 3625 closefrom(STDERR_FILENO + 1); 3626 3627 (void)execvp(_PATH_BSHELL, argv); 3628 _exit(255); 3629 } 3630 close(pfd[0]); 3631 /* 3632 * Avoid blocking on a hung pipe. With O_NONBLOCK, we are 3633 * supposed to get an EWOULDBLOCK on writev(2), which is 3634 * caught by the logic above anyway, which will in turn close 3635 * the pipe, and fork a new logging subprocess if necessary. 3636 * The stale subprocess will be killed some time later unless 3637 * it terminated itself due to closing its input pipe (so we 3638 * get rid of really dead puppies). 3639 */ 3640 if (fcntl(pfd[1], F_SETFL, O_NONBLOCK) == -1) { 3641 /* This is bad. */ 3642 (void)snprintf(errmsg, sizeof(errmsg), 3643 "Warning: cannot change pipe to PID %d to " 3644 "non-blocking behaviour.", 3645 (int)pid); 3646 logerror(errmsg); 3647 } 3648 *rpd = pd; 3649 return (pfd[1]); 3650 } 3651 3652 static void 3653 deadq_enter(int pd) 3654 { 3655 struct deadq_entry *dq; 3656 3657 if (pd == -1) 3658 return; 3659 3660 dq = malloc(sizeof(*dq)); 3661 if (dq == NULL) { 3662 logerror("malloc"); 3663 exit(1); 3664 } 3665 3666 dq->dq_procdesc = pd; 3667 dq->dq_timeout = DQ_TIMO_INIT; 3668 TAILQ_INSERT_TAIL(&deadq_head, dq, dq_entries); 3669 } 3670 3671 static void 3672 deadq_remove(struct deadq_entry *dq) 3673 { 3674 TAILQ_REMOVE(&deadq_head, dq, dq_entries); 3675 close(dq->dq_procdesc); 3676 free(dq); 3677 } 3678 3679 static struct socklist * 3680 socksetup(struct addrinfo *ai, const char *name, mode_t mode) 3681 { 3682 struct socklist *sl; 3683 int (*sl_recv)(struct socklist *); 3684 int s, optval = 1; 3685 3686 if (ai->ai_family != AF_LOCAL && SecureMode > 1) { 3687 /* Only AF_LOCAL in secure mode. */ 3688 return (NULL); 3689 } 3690 if (family != AF_UNSPEC && ai->ai_family != AF_LOCAL && 3691 ai->ai_family != family) 3692 return (NULL); 3693 3694 s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 3695 if (s < 0) { 3696 logerror("socket"); 3697 return (NULL); 3698 } 3699 #ifdef INET6 3700 if (ai->ai_family == AF_INET6) { 3701 if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &optval, 3702 sizeof(int)) < 0) { 3703 logerror("setsockopt(IPV6_V6ONLY)"); 3704 close(s); 3705 return (NULL); 3706 } 3707 } 3708 #endif 3709 if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &optval, 3710 sizeof(int)) < 0) { 3711 logerror("setsockopt(SO_REUSEADDR)"); 3712 close(s); 3713 return (NULL); 3714 } 3715 3716 /* 3717 * Bind INET and UNIX-domain sockets. 3718 * 3719 * A UNIX-domain socket is always bound to a pathname 3720 * regardless of -N flag. 3721 * 3722 * For INET sockets, RFC 3164 recommends that client 3723 * side message should come from the privileged syslogd port. 3724 * 3725 * If the system administrator chooses not to obey 3726 * this, we can skip the bind() step so that the 3727 * system will choose a port for us. 3728 */ 3729 if (ai->ai_family == AF_LOCAL) 3730 unlink(name); 3731 if (ai->ai_family == AF_LOCAL || NoBind == 0 || name != NULL) { 3732 if (bind(s, ai->ai_addr, ai->ai_addrlen) < 0) { 3733 logerror("bind"); 3734 close(s); 3735 return (NULL); 3736 } 3737 if (ai->ai_family == AF_LOCAL || SecureMode == 0) 3738 increase_rcvbuf(s); 3739 } 3740 if (ai->ai_family == AF_LOCAL && chmod(name, mode) < 0) { 3741 dprintf("chmod %s: %s\n", name, strerror(errno)); 3742 close(s); 3743 return (NULL); 3744 } 3745 dprintf("new socket fd is %d\n", s); 3746 sl_recv = socklist_recv_sock; 3747 #if defined(INET) || defined(INET6) 3748 if (SecureMode && (ai->ai_family == AF_INET || 3749 ai->ai_family == AF_INET6)) { 3750 dprintf("shutdown\n"); 3751 /* Forbid communication in secure mode. */ 3752 if (shutdown(s, SHUT_RD) < 0 && errno != ENOTCONN) { 3753 logerror("shutdown"); 3754 if (!Debug) 3755 die(0); 3756 } 3757 sl_recv = NULL; 3758 } else 3759 #endif 3760 dprintf("listening on socket\n"); 3761 dprintf("sending on socket\n"); 3762 /* Copy *ai->ai_addr to the tail of struct socklist if any. */ 3763 sl = calloc(1, sizeof(*sl) + ai->ai_addrlen); 3764 if (sl == NULL) 3765 err(1, "malloc failed"); 3766 sl->sl_socket = s; 3767 if (ai->ai_family == AF_LOCAL) { 3768 char *name2 = strdup(name); 3769 if (name2 == NULL) 3770 err(1, "strdup failed"); 3771 sl->sl_name = strdup(basename(name2)); 3772 sl->sl_dirfd = open(dirname(name2), O_DIRECTORY); 3773 if (sl->sl_name == NULL || sl->sl_dirfd == -1) 3774 err(1, "failed to save dir info for %s", name); 3775 free(name2); 3776 } 3777 sl->sl_recv = sl_recv; 3778 (void)memcpy(&sl->sl_ai, ai, sizeof(*ai)); 3779 if (ai->ai_addrlen > 0) { 3780 (void)memcpy((sl + 1), ai->ai_addr, ai->ai_addrlen); 3781 sl->sl_sa = (struct sockaddr *)(sl + 1); 3782 } else { 3783 sl->sl_sa = NULL; 3784 } 3785 return (sl); 3786 } 3787 3788 static void 3789 increase_rcvbuf(int fd) 3790 { 3791 socklen_t len; 3792 3793 if (getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &len, 3794 &(socklen_t){sizeof(len)}) == 0) { 3795 if (len < RCVBUF_MINSIZE) { 3796 len = RCVBUF_MINSIZE; 3797 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &len, sizeof(len)); 3798 } 3799 } 3800 } 3801