journal-remote.c revision dad29dff1925a114e20d4eb7b47fca23c4f25fd7
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering This file is part of systemd.
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering Copyright 2012 Zbigniew Jędrzejewski-Szmek
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering systemd is free software; you can redistribute it and/or modify it
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering under the terms of the GNU Lesser General Public License as published by
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering the Free Software Foundation; either version 2.1 of the License, or
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering (at your option) any later version.
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering systemd is distributed in the hope that it will be useful, but
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering WITHOUT ANY WARRANTY; without even the implied warranty of
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering Lesser General Public License for more details.
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering You should have received a copy of the GNU Lesser General Public License
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering along with systemd; If not, see <http://www.gnu.org/licenses/>.
4e945a6f7971fd7d1f6b2c62ee3afdaff3c95ce4Lennart Poettering#define REMOTE_JOURNAL_PATH "/var/log/journal/remote"
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering#define PRIV_KEY_FILE CERTIFICATE_ROOT "/private/journal-remote.pem"
eed857b71702f8551b46b66b31fa0d08583cf23cLennart Poettering#define CERT_FILE CERTIFICATE_ROOT "/certs/journal-remote.pem"
eed857b71702f8551b46b66b31fa0d08583cf23cLennart Poettering#define TRUST_FILE CERTIFICATE_ROOT "/ca/trusted.pem"
eed857b71702f8551b46b66b31fa0d08583cf23cLennart Poetteringstatic int arg_compress = true;
eed857b71702f8551b46b66b31fa0d08583cf23cLennart Poetteringstatic int arg_seal = false;
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poetteringstatic int http_socket = -1, https_socket = -1;
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poetteringstatic JournalWriteSplitMode arg_split_mode = JOURNAL_WRITE_SPLIT_HOST;
d74fb368b18f0fbd9a4fe6f15691bbea7f3c4a01Tom Gundersenstatic bool arg_trust_all = false;
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering/**********************************************************************
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering **********************************************************************
9df3ba6c6cb65eecec06f39dfe85a3596cedac4eTom Gundersen **********************************************************************/
0b58db658b5c3f586ac3a837427f1f7fec2abb2eLennart Poetteringstatic int spawn_child(const char* child, char** argv) {
0b58db658b5c3f586ac3a837427f1f7fec2abb2eLennart Poettering log_error("Failed to create pager pipe: %m");
0b58db658b5c3f586ac3a837427f1f7fec2abb2eLennart Poettering /* In the child */
4e945a6f7971fd7d1f6b2c62ee3afdaff3c95ce4Lennart Poettering log_error("Failed to dup pipe to stdout: %m");
3e684349c2cead2e6fd2f816c34eb17daba23a49Lennart Poettering /* Make sure the child goes away when the parent dies */
4e945a6f7971fd7d1f6b2c62ee3afdaff3c95ce4Lennart Poettering if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0)
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering /* Check whether our parent died before we were able
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering * to set the death signal */
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering log_error("Failed to exec child %s: %m", child);
91b14d6ff362b938a72db17b095ee9903d07381bTom Gundersen log_warning("Failed to close write end of pipe: %m");
0eac462399c8e87bcce252cf058eba9f2678f2bdLennart Poettering "--show-error",
0eac462399c8e87bcce252cf058eba9f2678f2bdLennart Poetteringstatic int spawn_getter(const char *getter, const char *url) {
0eac462399c8e87bcce252cf058eba9f2678f2bdLennart Poettering log_error("Failed to split getter option: %s", strerror(-r));
eed857b71702f8551b46b66b31fa0d08583cf23cLennart Poettering log_error("Failed to create command line: %s", strerror(-r));
0eac462399c8e87bcce252cf058eba9f2678f2bdLennart Poettering log_error("Failed to spawn getter %s: %m", getter);
eed857b71702f8551b46b66b31fa0d08583cf23cLennart Poettering#define filename_escape(s) xescape((s), "/ ")
eed857b71702f8551b46b66b31fa0d08583cf23cLennart Poetteringstatic int open_output(Writer *w, const char* host) {
0eac462399c8e87bcce252cf058eba9f2678f2bdLennart Poettering output = arg_output ?: REMOTE_JOURNAL_PATH "/remote.journal";
0b58db658b5c3f586ac3a837427f1f7fec2abb2eLennart Poettering r = asprintf(&_output, "%s/remote-%s.journal",
0b58db658b5c3f586ac3a837427f1f7fec2abb2eLennart Poettering log_error("Failed to open output journal %s: %s",
0b58db658b5c3f586ac3a837427f1f7fec2abb2eLennart Poettering log_info("Opened output file %s", w->journal->path);
0b58db658b5c3f586ac3a837427f1f7fec2abb2eLennart Poettering/**********************************************************************
0b58db658b5c3f586ac3a837427f1f7fec2abb2eLennart Poettering **********************************************************************
0b58db658b5c3f586ac3a837427f1f7fec2abb2eLennart Poettering **********************************************************************/
0b58db658b5c3f586ac3a837427f1f7fec2abb2eLennart Poetteringstatic int init_writer_hashmap(RemoteServer *s) {
0b58db658b5c3f586ac3a837427f1f7fec2abb2eLennart Poettering static const struct {
0b58db658b5c3f586ac3a837427f1f7fec2abb2eLennart Poettering [JOURNAL_WRITE_SPLIT_NONE] = {trivial_hash_func,
9df3ba6c6cb65eecec06f39dfe85a3596cedac4eTom Gundersen [JOURNAL_WRITE_SPLIT_HOST] = {string_hash_func,
b652d4a2099d1c167584dcc1d179d47c58dc38a2Lennart Poettering assert(arg_split_mode >= 0 && arg_split_mode < (int) ELEMENTSOF(functions));
de54e62b4bd7856fb897c9a2ee93cc228adb2135Lennart Poettering s->writers = hashmap_new(functions[arg_split_mode].hash_func,
6bb2c08597c999c429e889cd2403b2fef5f3e1a0Lennart Poetteringstatic int get_writer(RemoteServer *s, const char *host,
6bb2c08597c999c429e889cd2403b2fef5f3e1a0Lennart Poettering if (arg_split_mode == JOURNAL_WRITE_SPLIT_HOST) {
be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen r = hashmap_put(s->writers, w->hashmap_key ?: key, w);
6bb2c08597c999c429e889cd2403b2fef5f3e1a0Lennart Poettering/**********************************************************************
6bb2c08597c999c429e889cd2403b2fef5f3e1a0Lennart Poettering **********************************************************************
6bb2c08597c999c429e889cd2403b2fef5f3e1a0Lennart Poettering **********************************************************************/
6bb2c08597c999c429e889cd2403b2fef5f3e1a0Lennart Poettering/* This should go away as soon as µhttpd allows state to be passed around. */
84129d46cd6e95e142973da93aede4c7433c9600Lennart Poetteringstatic int dispatch_raw_source_event(sd_event_source *event,
9df3ba6c6cb65eecec06f39dfe85a3596cedac4eTom Gundersenstatic int dispatch_raw_connection_event(sd_event_source *event,
4e0b8b17a7465653f4e7b819dad5f8e30d64c0c4Tom Gundersenstatic int dispatch_http_event(sd_event_source *event,
6bb2c08597c999c429e889cd2403b2fef5f3e1a0Lennart Poettering int fd, char *name, RemoteSource **source) {
6bb2c08597c999c429e889cd2403b2fef5f3e1a0Lennart Poettering if (!GREEDY_REALLOC0(s->sources, s->sources_size, fd + 1))
4e0b8b17a7465653f4e7b819dad5f8e30d64c0c4Tom Gundersen log_warning("Failed to get writer for source %s: %s",
de54e62b4bd7856fb897c9a2ee93cc228adb2135Lennart Poettering s->sources[fd] = source_new(fd, false, name, writer);
de54e62b4bd7856fb897c9a2ee93cc228adb2135Lennart Poetteringstatic int remove_source(RemoteServer *s, int fd) {
b64513580ce627578351b76a502455e7bc62cae4Lennart Poettering assert(fd >= 0 && fd < (ssize_t) s->sources_size);
b652d4a2099d1c167584dcc1d179d47c58dc38a2Lennart Poettering /* this closes fd too */
be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersenstatic int add_source(RemoteServer *s, int fd, char* name, bool own_name) {
011842775f750711833526d5bba1b818713947f5Lennart Poettering r = get_source_for_fd(s, fd, name, &source);
011842775f750711833526d5bba1b818713947f5Lennart Poettering log_error("Failed to create source for fd:%d (%s): %s",
cc450722a02ab9c59bca1d9a5b5012f356336a8cLennart Poettering r = sd_event_add_io(s->events, &source->event,
cc450722a02ab9c59bca1d9a5b5012f356336a8cLennart Poettering log_error("Failed to register event source for fd:%d: %s",
f4461e5641d53f27d6e76e0607bdaa9c0c58c1f6Lennart Poetteringstatic int add_raw_socket(RemoteServer *s, int fd) {
011842775f750711833526d5bba1b818713947f5Lennart Poettering r = sd_event_add_io(s->events, &s->listen_event,
be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersenstatic int setup_raw_socket(RemoteServer *s, const char *address) {
6a1a5eec43892dee3ff6e208bceb1931c25c782eLennart Poettering fd = make_socket_fd(LOG_INFO, address, SOCK_STREAM | SOCK_CLOEXEC);
de54e62b4bd7856fb897c9a2ee93cc228adb2135Lennart Poettering/**********************************************************************
de54e62b4bd7856fb897c9a2ee93cc228adb2135Lennart Poettering **********************************************************************
de54e62b4bd7856fb897c9a2ee93cc228adb2135Lennart Poettering **********************************************************************/
de54e62b4bd7856fb897c9a2ee93cc228adb2135Lennart Poetteringstatic RemoteSource *request_meta(void **connection_cls, int fd, char *hostname) {
de54e62b4bd7856fb897c9a2ee93cc228adb2135Lennart Poettering r = get_writer(server, hostname, &writer);
de54e62b4bd7856fb897c9a2ee93cc228adb2135Lennart Poettering log_warning("Failed to get writer for source %s: %s",
de54e62b4bd7856fb897c9a2ee93cc228adb2135Lennart Poettering source = source_new(fd, true, hostname, writer);
de54e62b4bd7856fb897c9a2ee93cc228adb2135Lennart Poettering log_debug("Added RemoteSource as connection metadata %p", source);
de54e62b4bd7856fb897c9a2ee93cc228adb2135Lennart Poettering log_debug("Cleaning up connection metadata %p", s);
6bb2c08597c999c429e889cd2403b2fef5f3e1a0Lennart Poettering log_debug("request_handler_upload: connection %p, %zu bytes",
6bb2c08597c999c429e889cd2403b2fef5f3e1a0Lennart Poettering log_debug("Received %zu bytes", *upload_data_size);
be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen r = push_data(source, upload_data, *upload_data_size);
519ef04651b07a547f010d6462603669d7fde4e5Lennart Poettering while (true) {
519ef04651b07a547f010d6462603669d7fde4e5Lennart Poettering r = process_source(source, arg_compress, arg_seal);
519ef04651b07a547f010d6462603669d7fde4e5Lennart Poettering else if (r < 0) {
519ef04651b07a547f010d6462603669d7fde4e5Lennart Poettering log_warning("Failed to process data for connection %p", connection);
519ef04651b07a547f010d6462603669d7fde4e5Lennart Poettering "Entry is too large, maximum is %u bytes.\n",
519ef04651b07a547f010d6462603669d7fde4e5Lennart Poettering /* The upload is finished */
6cb08a8930bdaca950b152b1e8b82466ed59511cLennart Poettering log_warning("Premature EOFbyte. %zu bytes lost.", remaining);
6cb08a8930bdaca950b152b1e8b82466ed59511cLennart Poettering return mhd_respondf(connection, MHD_HTTP_EXPECTATION_FAILED,
6cb08a8930bdaca950b152b1e8b82466ed59511cLennart Poettering "Premature EOF. %zu bytes of trailing data not processed.",
6cb08a8930bdaca950b152b1e8b82466ed59511cLennart Poettering return mhd_respond(connection, MHD_HTTP_ACCEPTED, "OK.\n");
92ec902aad1ade7acbe50efd7b8ef87fbdc63af3Lennart Poettering log_debug("Handling a connection %s %s %s", method, url, version);
1e02e182f1e06fcbe389474175de228103be39cbLennart Poettering return mhd_respond(connection, MHD_HTTP_METHOD_NOT_ACCEPTABLE,
1e02e182f1e06fcbe389474175de228103be39cbLennart Poettering "Unsupported method.\n");
1e02e182f1e06fcbe389474175de228103be39cbLennart Poettering return mhd_respond(connection, MHD_HTTP_NOT_FOUND,
1e02e182f1e06fcbe389474175de228103be39cbLennart Poettering "Not found.\n");
1e02e182f1e06fcbe389474175de228103be39cbLennart Poettering header = MHD_lookup_connection_value(connection,
b826ab586c9e0a9c0d438a75c28cf3a8ab485929Tom Gundersen if (!header || !streq(header, "application/vnd.fdo.journal"))
87f5a19343acf8ba697acc5a62bdb1a2b8c9eda3Lennart Poettering return mhd_respond(connection, MHD_HTTP_UNSUPPORTED_MEDIA_TYPE,
87f5a19343acf8ba697acc5a62bdb1a2b8c9eda3Lennart Poettering "Content-Type: application/vnd.fdo.journal"
b826ab586c9e0a9c0d438a75c28cf3a8ab485929Tom Gundersen " is required.\n");
87f5a19343acf8ba697acc5a62bdb1a2b8c9eda3Lennart Poettering log_error("MHD_get_connection_info failed: cannot get remote fd");
87f5a19343acf8ba697acc5a62bdb1a2b8c9eda3Lennart Poettering return mhd_respond(connection, MHD_HTTP_INTERNAL_SERVER_ERROR,
87f5a19343acf8ba697acc5a62bdb1a2b8c9eda3Lennart Poettering "Cannot check remote address");
d5099efc47d4e6ac60816b5381a5f607ab03f06eMichal Schmidt r = check_permissions(connection, &code, &hostname);
4b95f1798f22c1bb75295f448188560cb6ec9eceLennart Poettering return mhd_respond(connection, MHD_HTTP_INTERNAL_SERVER_ERROR,
4b95f1798f22c1bb75295f448188560cb6ec9eceLennart Poettering "Cannot check remote hostname");
0eac462399c8e87bcce252cf058eba9f2678f2bdLennart Poettering if (!request_meta(connection_cls, fd, hostname))
4b95f1798f22c1bb75295f448188560cb6ec9eceLennart Poetteringstatic int setup_microhttpd_server(RemoteServer *s,
4b95f1798f22c1bb75295f448188560cb6ec9eceLennart Poettering const char *trust) {
636e813dc98ea40c58c6c85bc5e7e3c9f0904ea2Lennart Poettering { MHD_OPTION_NOTIFY_COMPLETED, (intptr_t) request_meta_free},
4b95f1798f22c1bb75295f448188560cb6ec9eceLennart Poettering { MHD_OPTION_EXTERNAL_LOGGER, (intptr_t) microhttpd_logger},
4b95f1798f22c1bb75295f448188560cb6ec9eceLennart Poettering log_error("Failed to make fd:%d nonblocking: %s", fd, strerror(-r));
f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart Poettering opts[opts_pos++] = (struct MHD_OptionItem)
4b95f1798f22c1bb75295f448188560cb6ec9eceLennart Poettering {MHD_OPTION_HTTPS_MEM_KEY, 0, (char*) key};
4b95f1798f22c1bb75295f448188560cb6ec9eceLennart Poettering opts[opts_pos++] = (struct MHD_OptionItem)
4b95f1798f22c1bb75295f448188560cb6ec9eceLennart Poettering {MHD_OPTION_HTTPS_MEM_CERT, 0, (char*) cert};
f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart Poettering opts[opts_pos++] = (struct MHD_OptionItem)
f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart Poettering {MHD_OPTION_HTTPS_MEM_TRUST, 0, (char*) trust};
f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart Poettering log_error("Failed to start µhttp daemon");
f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart Poettering log_debug("Started MHD %s daemon on fd:%d (wrapper @ %p)",
f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart Poettering info = MHD_get_daemon_info(d->daemon, MHD_DAEMON_INFO_EPOLL_FD_LINUX_ONLY);
f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart Poettering log_error("µhttp returned NULL daemon info");
f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart Poettering r = sd_event_add_io(s->events, &d->event,
f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart Poettering log_error("Failed to add event callback: %s", strerror(-r));
f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart Poettering r = hashmap_ensure_allocated(&s->daemons, uint64_hash_func, uint64_compare_func);
f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart Poettering log_error("Failed to add daemon to hashmap: %s", strerror(-r));
f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart Poetteringstatic int setup_microhttpd_socket(RemoteServer *s,
be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen const char *trust) {
be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen fd = make_socket_fd(LOG_INFO, address, SOCK_STREAM | SOCK_CLOEXEC);
be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen return setup_microhttpd_server(s, fd, key, cert, trust);
int fd,
void *userdata) {
assert(d);
if (r == MHD_NO) {
return -EINVAL;
void *userdata) {
assert(s);
assert(s);
int fd, r;
if (fd < 0)
return -EINVAL;
return fd;
const char* key,
const char* cert,
const char* trust) {
int r, n, fd;
char **file;
assert(s);
return -EINVAL;
setup_signals(s);
server = s;
n = sd_listen_fds(true);
strerror(-n));
return -EBADFD;
char *hostname;
return -EINVAL;
if (arg_url) {
if (arg_getter) {
if (fd < 0)
return fd;
hostname =
if (arg_listen_raw) {
if (arg_listen_http) {
if (arg_listen_https) {
const char *output_name;
if (fd < 0) {
return -errno;
if (s->active == 0) {
return -EINVAL;
r = init_writer_hashmap(s);
size_t i;
MHDDaemonWrapper *d;
free(d);
for (i = 0; i < s->sources_size; i++)
remove_source(s, i);
int fd,
void *userdata) {
if (remaining > 0)
} else if (r == -E2BIG) {
} else if (r == -EAGAIN) {
int fd2, r;
if (fd2 < 0) {
return -errno;
case AF_INET:
case AF_INET6: {
type,
*hostname = b;
return fd2;
return -EINVAL;
int fd,
void *userdata) {
int fd2, r;
char *hostname;
if (fd2 < 0)
return fd2;
static int parse_config(void) {
false, false, true, NULL);
static void help(void) {
help();
case ARG_VERSION:
case ARG_URL:
if (arg_url) {
return -EINVAL;
case ARG_GETTER:
if (arg_getter) {
return -EINVAL;
case ARG_LISTEN_RAW:
if (arg_listen_raw) {
return -EINVAL;
case ARG_LISTEN_HTTP:
return -EINVAL;
http_socket = r;
case ARG_LISTEN_HTTPS:
return -EINVAL;
https_socket = r;
case ARG_KEY:
if (arg_key) {
return -EINVAL;
if (!arg_key)
return log_oom();
case ARG_CERT:
if (arg_cert) {
return -EINVAL;
if (!arg_cert)
return log_oom();
case ARG_TRUST:
return -EINVAL;
arg_trust_all = true;
#ifdef HAVE_GNUTLS
if (!arg_trust)
return log_oom();
return -EINVAL;
if (arg_output) {
return -EINVAL;
case ARG_SPLIT_MODE:
return -EINVAL;
case ARG_COMPRESS:
if (optarg) {
return -EINVAL;
arg_compress = !!r;
arg_compress = true;
case ARG_SEAL:
if (optarg) {
return -EINVAL;
arg_seal = !!r;
arg_seal = true;
case ARG_GNUTLS_LOG: {
#ifdef HAVE_GNUTLS
char *cat;
if (!cat)
return log_oom();
return log_oom();
return -EINVAL;
return -EINVAL;
|| sd_listen_fds(false) > 0;
return -EINVAL;
if (type_a) {
if (!arg_output) {
return -EINVAL;
return -EINVAL;
return -EINVAL;
if (arg_trust_all)
#ifdef HAVE_GNUTLS
char **cat;
if (categories)
RemoteServer s = {};
log_show_color(true);
r = parse_config();
return EXIT_FAILURE;
return EXIT_FAILURE;
return EXIT_FAILURE;
return EXIT_FAILURE;
sd_notify(false,
while (s.active) {
if (r == SD_EVENT_FINISHED)
server_destroy(&s);