journald-native.c revision 73843b52585d42cc1a970a1c664818ece6942e9e
/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
/***
This file is part of systemd.
Copyright 2011 Lennart Poettering
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
#include <unistd.h>
#include <stddef.h>
#include "socket-util.h"
#include "path-util.h"
#include "selinux-util.h"
#include "journald-server.h"
#include "journald-native.h"
#include "journald-kmsg.h"
#include "journald-console.h"
#include "journald-syslog.h"
#include "journald-wall.h"
#include "memfd.h"
const char *a;
/* We kinda enforce POSIX syntax recommendations for
environment variables here, but make a couple of additional
requirements.
/* No empty field names */
if (l <= 0)
return false;
/* Don't allow names longer than 64 chars */
if (l > 64)
return false;
/* Variables starting with an underscore are protected */
if (!allow_protected && p[0] == '_')
return false;
/* Don't allow digits as first character */
if (p[0] >= '0' && p[0] <= '9')
return false;
/* Only allow A-Z0-9 and '_' */
for (a = p; a < p + l; a++)
if ((*a < 'A' || *a > 'Z') &&
(*a < '0' || *a > '9') &&
*a != '_')
return false;
return true;
}
}
Server *s,
unsigned n = 0, j, tn = (unsigned) -1;
const char *p;
pid_t object_pid = 0;
assert(s);
p = buffer;
while (remaining > 0) {
const char *e, *q;
if (!e) {
/* Trailing noise, let's ignore it, and flush what we collected */
log_debug("Received message with trailing noise, ignoring.");
break;
}
if (e == p) {
/* Entry separator */
continue;
}
n = 0;
entry_size = 0;
p++;
remaining--;
continue;
}
if (*p == '.' || *p == '#') {
/* Ignore control commands for now, and
* comments too. */
remaining -= (e - p) + 1;
p = e + 1;
continue;
}
/* A property follows */
/* n received properties, +1 for _TRANSPORT */
if (!GREEDY_REALLOC(iovec, m, n + 1 + N_IOVEC_META_FIELDS + !!object_pid * N_IOVEC_OBJECT_FIELDS)) {
log_oom();
break;
}
q = memchr(p, '=', e - p);
if (q) {
if (valid_user_field(p, q - p, false)) {
size_t l;
l = e - p;
/* If the field name starts with an
* underscore, skip the variable,
* since that indidates a trusted
* field */
n++;
/* We need to determine the priority
* of this entry for the rate limiting
* logic */
if (l == 10 &&
startswith(p, "PRIORITY=") &&
p[9] >= '0' && p[9] <= '9')
else if (l == 17 &&
startswith(p, "SYSLOG_FACILITY=") &&
p[16] >= '0' && p[16] <= '9')
else if (l == 18 &&
startswith(p, "SYSLOG_FACILITY=") &&
p[16] >= '0' && p[16] <= '9' &&
p[17] >= '0' && p[17] <= '9')
else if (l >= 19 &&
startswith(p, "SYSLOG_IDENTIFIER=")) {
char *t;
if (t) {
identifier = t;
}
} else if (l >= 8 &&
startswith(p, "MESSAGE=")) {
char *t;
if (t) {
message = t;
}
} else if (l > strlen("OBJECT_PID=") &&
startswith(p, "OBJECT_PID=") &&
/* ignore error */
}
}
remaining -= (e - p) + 1;
p = e + 1;
continue;
} else {
uint64_t l;
char *k;
log_debug("Failed to parse message, ignoring.");
break;
}
if (l > DATA_SIZE_MAX) {
break;
}
log_debug("Failed to parse message, ignoring.");
break;
}
k = malloc((e - p) + 1 + l);
if (!k) {
log_oom();
break;
}
memcpy(k, p, e - p);
k[e - p] = '=';
if (valid_user_field(p, e - p, false)) {
n++;
} else
free(k);
}
}
if (n <= 0)
goto finish;
tn = n++;
log_debug("Entry is too big with %u properties and %zu bytes, ignoring.",
n, entry_size);
goto finish;
}
if (message) {
if (s->forward_to_syslog)
if (s->forward_to_kmsg)
if (s->forward_to_console)
if (s->forward_to_wall)
}
for (j = 0; j < n; j++) {
if (j == tn)
continue;
}
}
Server *s,
int fd,
bool sealed;
int r;
/* Data is in the passed fd, since it didn't fit in a
* datagram. */
assert(s);
/* If it's a memfd, check if it is sealed. If so, we can just
* use map it and use it, and do not need to copy the data
* out. */
const char *e;
/* If this is not a sealed memfd, and the peer is unknown or
* unprivileged, then verify the path. */
log_oom();
return;
}
r = readlink_malloc(sl, &k);
if (r < 0) {
return;
}
e = path_startswith(k, "/dev/shm/");
if (!e)
e = path_startswith(k, "/tmp/");
if (!e)
e = path_startswith(k, "/var/tmp/");
if (!e) {
log_error("Received file outside of allowed directories. Refusing.");
return;
}
if (!filename_is_safe(e)) {
log_error("Received file in subdirectory of allowed directories. Refusing.");
return;
}
}
log_error("Failed to stat passed file, ignoring: %m");
return;
}
log_error("File passed is not regular. Ignoring.");
return;
}
return;
log_error("File passed too large. Ignoring.");
return;
}
if (sealed) {
void *p;
/* The file is sealed, we can just map it and use it. */
if (p == MAP_FAILED) {
log_error("Failed to map memfd, ignoring: %m");
return;
}
} else {
_cleanup_free_ void *p = NULL;
ssize_t n;
/* The file is not sealed, we can't map the file here, since
* clients might then truncate it and trigger a SIGBUS for
* us. So let's stupidly read it */
if (!p) {
log_oom();
return;
}
if (n < 0)
else if (n > 0)
}
}
int server_open_native_socket(Server*s) {
int one, r;
assert(s);
if (s->native_fd < 0) {
union sockaddr_union sa = {
};
if (s->native_fd < 0) {
log_error("socket() failed: %m");
return -errno;
}
r = bind(s->native_fd, &sa.sa, offsetof(union sockaddr_union, un.sun_path) + strlen(sa.un.sun_path));
if (r < 0) {
return -errno;
}
} else
one = 1;
if (r < 0) {
log_error("SO_PASSCRED failed: %m");
return -errno;
}
#ifdef HAVE_SELINUX
if (mac_selinux_use()) {
one = 1;
if (r < 0)
log_warning("SO_PASSSEC failed: %m");
}
#endif
one = 1;
if (r < 0) {
log_error("SO_TIMESTAMP failed: %m");
return -errno;
}
if (r < 0) {
return r;
}
return 0;
}