chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
resolved: when there's already somebody listening on the LLMNR ports, simple disable...
[elogind.git]
/
src
/
journal
/
journald-native.c
diff --git
a/src/journal/journald-native.c
b/src/journal/journald-native.c
index 0f9af378cfd072dc7f8f87498cf920674c13e12d..6bc5df725e504357363fe5a2c21a7b7c39c7289a 100644
(file)
--- a/
src/journal/journald-native.c
+++ b/
src/journal/journald-native.c
@@
-25,18
+25,15
@@
#include "socket-util.h"
#include "path-util.h"
#include "socket-util.h"
#include "path-util.h"
+#include "selinux-util.h"
#include "journald-server.h"
#include "journald-native.h"
#include "journald-kmsg.h"
#include "journald-console.h"
#include "journald-syslog.h"
#include "journald-server.h"
#include "journald-native.h"
#include "journald-kmsg.h"
#include "journald-console.h"
#include "journald-syslog.h"
+#include "journald-wall.h"
-/* Make sure not to make this smaller than the maximum coredump
- * size. See COREDUMP_MAX in coredump.c */
-#define ENTRY_SIZE_MAX (1024*1024*768)
-#define DATA_SIZE_MAX (1024*1024*768)
-
-static bool valid_user_field(const char *p, size_t l) {
+bool valid_user_field(const char *p, size_t l, bool allow_protected) {
const char *a;
/* We kinda enforce POSIX syntax recommendations for
const char *a;
/* We kinda enforce POSIX syntax recommendations for
@@
-54,7
+51,7
@@
static bool valid_user_field(const char *p, size_t l) {
return false;
/* Variables starting with an underscore are protected */
return false;
/* Variables starting with an underscore are protected */
- if (p[0] == '_')
+ if (
!allow_protected &&
p[0] == '_')
return false;
/* Don't allow digits as first character */
return false;
/* Don't allow digits as first character */
@@
-63,9
+60,9
@@
static bool valid_user_field(const char *p, size_t l) {
/* Only allow A-Z0-9 and '_' */
for (a = p; a < p + l; a++)
/* Only allow A-Z0-9 and '_' */
for (a = p; a < p + l; a++)
- if (
!((*a >= 'A' && *a <= 'Z') ||
- (*a >= '0' && *a <= '9') ||
-
*a == '_')
)
+ if (
(*a < 'A' || *a > 'Z') &&
+ (*a < '0' || *a > '9') &&
+
*a != '_'
)
return false;
return true;
return false;
return true;
@@
-85,7
+82,7
@@
void server_process_native_message(
struct iovec *iovec = NULL;
unsigned n = 0, j, tn = (unsigned) -1;
const char *p;
struct iovec *iovec = NULL;
unsigned n = 0, j, tn = (unsigned) -1;
const char *p;
- size_t remaining, m = 0;
+ size_t remaining, m = 0
, entry_size = 0
;
int priority = LOG_INFO;
char *identifier = NULL, *message = NULL;
pid_t object_pid = 0;
int priority = LOG_INFO;
char *identifier = NULL, *message = NULL;
pid_t object_pid = 0;
@@
-109,9
+106,17
@@
void server_process_native_message(
if (e == p) {
/* Entry separator */
if (e == p) {
/* Entry separator */
+
+ if (entry_size + n + 1 > ENTRY_SIZE_MAX) { /* data + separators + trailer */
+ log_debug("Entry is too big with %u properties and %zu bytes, ignoring.",
+ n, entry_size);
+ continue;
+ }
+
server_dispatch_message(s, iovec, n, m, ucred, tv, label, label_len, NULL, priority, object_pid);
n = 0;
priority = LOG_INFO;
server_dispatch_message(s, iovec, n, m, ucred, tv, label, label_len, NULL, priority, object_pid);
n = 0;
priority = LOG_INFO;
+ entry_size = 0;
p++;
remaining--;
p++;
remaining--;
@@
-137,7
+142,7
@@
void server_process_native_message(
q = memchr(p, '=', e - p);
if (q) {
q = memchr(p, '=', e - p);
if (q) {
- if (valid_user_field(p, q - p)) {
+ if (valid_user_field(p, q - p
, false
)) {
size_t l;
l = e - p;
size_t l;
l = e - p;
@@
-149,28
+154,29
@@
void server_process_native_message(
iovec[n].iov_base = (char*) p;
iovec[n].iov_len = l;
n++;
iovec[n].iov_base = (char*) p;
iovec[n].iov_len = l;
n++;
+ entry_size += iovec[n].iov_len;
/* We need to determine the priority
* of this entry for the rate limiting
* logic */
if (l == 10 &&
/* We need to determine the priority
* of this entry for the rate limiting
* logic */
if (l == 10 &&
-
hasprefix
(p, "PRIORITY=") &&
+
startswith
(p, "PRIORITY=") &&
p[9] >= '0' && p[9] <= '9')
priority = (priority & LOG_FACMASK) | (p[9] - '0');
else if (l == 17 &&
p[9] >= '0' && p[9] <= '9')
priority = (priority & LOG_FACMASK) | (p[9] - '0');
else if (l == 17 &&
-
hasprefix
(p, "SYSLOG_FACILITY=") &&
+
startswith
(p, "SYSLOG_FACILITY=") &&
p[16] >= '0' && p[16] <= '9')
priority = (priority & LOG_PRIMASK) | ((p[16] - '0') << 3);
else if (l == 18 &&
p[16] >= '0' && p[16] <= '9')
priority = (priority & LOG_PRIMASK) | ((p[16] - '0') << 3);
else if (l == 18 &&
-
hasprefix
(p, "SYSLOG_FACILITY=") &&
+
startswith
(p, "SYSLOG_FACILITY=") &&
p[16] >= '0' && p[16] <= '9' &&
p[17] >= '0' && p[17] <= '9')
priority = (priority & LOG_PRIMASK) | (((p[16] - '0')*10 + (p[17] - '0')) << 3);
else if (l >= 19 &&
p[16] >= '0' && p[16] <= '9' &&
p[17] >= '0' && p[17] <= '9')
priority = (priority & LOG_PRIMASK) | (((p[16] - '0')*10 + (p[17] - '0')) << 3);
else if (l >= 19 &&
-
hasprefix
(p, "SYSLOG_IDENTIFIER=")) {
+
startswith
(p, "SYSLOG_IDENTIFIER=")) {
char *t;
t = strndup(p + 18, l - 18);
char *t;
t = strndup(p + 18, l - 18);
@@
-179,7
+185,7
@@
void server_process_native_message(
identifier = t;
}
} else if (l >= 8 &&
identifier = t;
}
} else if (l >= 8 &&
-
hasprefix
(p, "MESSAGE=")) {
+
startswith
(p, "MESSAGE=")) {
char *t;
t = strndup(p + 8, l - 8);
char *t;
t = strndup(p + 8, l - 8);
@@
-189,7
+195,7
@@
void server_process_native_message(
}
} else if (l > strlen("OBJECT_PID=") &&
l < strlen("OBJECT_PID=") + DECIMAL_STR_MAX(pid_t) &&
}
} else if (l > strlen("OBJECT_PID=") &&
l < strlen("OBJECT_PID=") + DECIMAL_STR_MAX(pid_t) &&
-
hasprefix
(p, "OBJECT_PID=") &&
+
startswith
(p, "OBJECT_PID=") &&
allow_object_pid(ucred)) {
char buf[DECIMAL_STR_MAX(pid_t)];
memcpy(buf, p + strlen("OBJECT_PID="), l - strlen("OBJECT_PID="));
allow_object_pid(ucred)) {
char buf[DECIMAL_STR_MAX(pid_t)];
memcpy(buf, p + strlen("OBJECT_PID="), l - strlen("OBJECT_PID="));
@@
-217,7
+223,7
@@
void server_process_native_message(
l = le64toh(l_le);
if (l > DATA_SIZE_MAX) {
l = le64toh(l_le);
if (l > DATA_SIZE_MAX) {
- log_debug("Received binary data block
too large, ignoring."
);
+ log_debug("Received binary data block
of %"PRIu64" bytes is too large, ignoring.", l
);
break;
}
break;
}
@@
-237,10
+243,11
@@
void server_process_native_message(
k[e - p] = '=';
memcpy(k + (e - p) + 1, e + 1 + sizeof(uint64_t), l);
k[e - p] = '=';
memcpy(k + (e - p) + 1, e + 1 + sizeof(uint64_t), l);
- if (valid_user_field(p, e - p)) {
+ if (valid_user_field(p, e - p
, false
)) {
iovec[n].iov_base = k;
iovec[n].iov_len = (e - p) + 1 + l;
n++;
iovec[n].iov_base = k;
iovec[n].iov_len = (e - p) + 1 + l;
n++;
+ entry_size += iovec[n].iov_len;
} else
free(k);
} else
free(k);
@@
-254,6
+261,13
@@
void server_process_native_message(
tn = n++;
IOVEC_SET_STRING(iovec[tn], "_TRANSPORT=journal");
tn = n++;
IOVEC_SET_STRING(iovec[tn], "_TRANSPORT=journal");
+ entry_size += strlen("_TRANSPORT=journal");
+
+ if (entry_size + n + 1 > ENTRY_SIZE_MAX) { /* data + separators + trailer */
+ log_debug("Entry is too big with %u properties and %zu bytes, ignoring.",
+ n, entry_size);
+ goto finish;
+ }
if (message) {
if (s->forward_to_syslog)
if (message) {
if (s->forward_to_syslog)
@@
-264,6
+278,9
@@
void server_process_native_message(
if (s->forward_to_console)
server_forward_console(s, priority, identifier, message, ucred);
if (s->forward_to_console)
server_forward_console(s, priority, identifier, message, ucred);
+
+ if (s->forward_to_wall)
+ server_forward_wall(s, priority, identifier, message, ucred);
}
server_dispatch_message(s, iovec, n, m, ucred, tv, label, label_len, NULL, priority, object_pid);
}
server_dispatch_message(s, iovec, n, m, ucred, tv, label, label_len, NULL, priority, object_pid);
@@
-366,13
+383,15
@@
void server_process_native_file(
}
int server_open_native_socket(Server*s) {
}
int server_open_native_socket(Server*s) {
- union sockaddr_union sa;
int one, r;
int one, r;
- struct epoll_event ev;
assert(s);
if (s->native_fd < 0) {
assert(s);
if (s->native_fd < 0) {
+ union sockaddr_union sa = {
+ .un.sun_family = AF_UNIX,
+ .un.sun_path = "/run/systemd/journal/socket",
+ };
s->native_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
if (s->native_fd < 0) {
s->native_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
if (s->native_fd < 0) {
@@
-380,15
+399,11
@@
int server_open_native_socket(Server*s) {
return -errno;
}
return -errno;
}
- zero(sa);
- sa.un.sun_family = AF_UNIX;
- strncpy(sa.un.sun_path, "/run/systemd/journal/socket", sizeof(sa.un.sun_path));
-
unlink(sa.un.sun_path);
r = bind(s->native_fd, &sa.sa, offsetof(union sockaddr_union, un.sun_path) + strlen(sa.un.sun_path));
if (r < 0) {
unlink(sa.un.sun_path);
r = bind(s->native_fd, &sa.sa, offsetof(union sockaddr_union, un.sun_path) + strlen(sa.un.sun_path));
if (r < 0) {
- log_error("bind(
) failed: %m"
);
+ log_error("bind(
%s) failed: %m", sa.un.sun_path
);
return -errno;
}
return -errno;
}
@@
-404,10
+419,12
@@
int server_open_native_socket(Server*s) {
}
#ifdef HAVE_SELINUX
}
#ifdef HAVE_SELINUX
- one = 1;
- r = setsockopt(s->native_fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one));
- if (r < 0)
- log_warning("SO_PASSSEC failed: %m");
+ if (use_selinux()) {
+ one = 1;
+ r = setsockopt(s->native_fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one));
+ if (r < 0)
+ log_warning("SO_PASSSEC failed: %m");
+ }
#endif
one = 1;
#endif
one = 1;
@@
-417,12
+434,10
@@
int server_open_native_socket(Server*s) {
return -errno;
}
return -errno;
}
- zero(ev);
- ev.events = EPOLLIN;
- ev.data.fd = s->native_fd;
- if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, s->native_fd, &ev) < 0) {
- log_error("Failed to add native server fd to epoll object: %m");
- return -errno;
+ r = sd_event_add_io(s->event, &s->native_event_source, s->native_fd, EPOLLIN, process_datagram, s);
+ if (r < 0) {
+ log_error("Failed to add native server fd to event loop: %s", strerror(-r));
+ return r;
}
return 0;
}
return 0;