#include <microhttpd.h>
+#ifdef HAVE_GNUTLS
+#include <gnutls/gnutls.h>
+#endif
+
#include "log.h"
#include "util.h"
#include "sd-journal.h"
#include "sd-daemon.h"
#include "sd-bus.h"
-#include "bus-message.h"
-#include "bus-internal.h"
+#include "bus-util.h"
#include "logs-show.h"
#include "microhttpd-util.h"
#include "build.h"
#include "fileio.h"
+static char *key_pem = NULL;
+static char *cert_pem = NULL;
+static char *trust_pem = NULL;
+
typedef struct RequestMeta {
sd_journal *journal;
static RequestMeta *request_meta(void **connection_cls) {
RequestMeta *m;
+ assert(connection_cls);
if (*connection_cls)
return *connection_cls;
if (m->journal)
return 0;
- return sd_journal_open(&m->journal, SD_JOURNAL_LOCAL_ONLY|SD_JOURNAL_SYSTEM_ONLY);
-}
-
-static int respond_oom_internal(struct MHD_Connection *connection) {
- struct MHD_Response *response;
- const char m[] = "Out of memory.\n";
- int ret;
-
- assert(connection);
-
- response = MHD_create_response_from_buffer(sizeof(m)-1, (char*) m, MHD_RESPMEM_PERSISTENT);
- if (!response)
- return MHD_NO;
-
- MHD_add_response_header(response, "Content-Type", "text/plain");
- ret = MHD_queue_response(connection, MHD_HTTP_SERVICE_UNAVAILABLE, response);
- MHD_destroy_response(response);
-
- return ret;
-}
-
-#define respond_oom(connection) log_oom(), respond_oom_internal(connection)
-
-static int respond_error(
- struct MHD_Connection *connection,
- unsigned code,
- const char *format, ...) {
-
- struct MHD_Response *response;
- char *m;
- int r;
- va_list ap;
-
- assert(connection);
- assert(format);
-
- va_start(ap, format);
- r = vasprintf(&m, format, ap);
- va_end(ap);
-
- if (r < 0)
- return respond_oom(connection);
-
- response = MHD_create_response_from_buffer(strlen(m), m, MHD_RESPMEM_MUST_FREE);
- if (!response) {
- free(m);
- return respond_oom(connection);
- }
-
- MHD_add_response_header(response, "Content-Type", "text/plain");
- r = MHD_queue_response(connection, code, response);
- MHD_destroy_response(response);
-
- return r;
+ return sd_journal_open(&m->journal, SD_JOURNAL_LOCAL_ONLY|SD_JOURNAL_SYSTEM);
}
static ssize_t request_reader_entries(
}
}
- r = output_journal(m->tmp, m->journal, m->mode, 0, OUTPUT_FULL_WIDTH);
+ r = output_journal(m->tmp, m->journal, m->mode, 0, OUTPUT_FULL_WIDTH, NULL);
if (r < 0) {
log_error("Failed to serialize item: %s", strerror(-r));
return MHD_CONTENT_READER_END_WITH_ERROR;
colon2 = strchr(colon + 1, ':');
if (colon2) {
- char _cleanup_free_ *t;
+ _cleanup_free_ char *t;
t = strndup(colon + 1, colon2 - colon - 1);
if (!t)
}
static int get_virtualization(char **v) {
- _cleanup_bus_message_unref_ sd_bus_message *m = NULL, *reply = NULL;
_cleanup_bus_unref_ sd_bus *bus = NULL;
- const char *t;
- char *b;
+ char *b = NULL;
int r;
- r = sd_bus_open_system(&bus);
+ r = sd_bus_default_system(&bus);
if (r < 0)
return r;
- r = sd_bus_message_new_method_call(
+ r = sd_bus_get_property_string(
bus,
"org.freedesktop.systemd1",
"/org/freedesktop/systemd1",
- "org.freedesktop.DBus.Properties",
- "Get",
- &m);
+ "org.freedesktop.systemd1.Manager",
+ "Virtualization",
+ NULL,
+ &b);
if (r < 0)
return r;
- r = sd_bus_message_append(m, "ss", "org.freedesktop.systemd1.Manager", "Virtualization");
- if (r < 0)
- return r;
-
- r = sd_bus_send_with_reply_and_block(bus, m, 0, NULL, &reply);
- if (r < 0)
- return r;
-
- r = sd_bus_message_read(reply, "v", "s", &t);
- if (r < 0)
- return r;
-
- if (isempty(t)) {
+ if (isempty(b)) {
+ free(b);
*v = NULL;
return 0;
}
- b = strdup(t);
- if (!b)
- return -ENOMEM;
-
*v = b;
return 1;
}
RequestMeta *m = connection_cls;
int r;
_cleanup_free_ char* hostname = NULL, *os_name = NULL;
- uint64_t cutoff_from, cutoff_to, usage;
+ uint64_t cutoff_from = 0, cutoff_to = 0, usage;
char *json;
sd_id128_t mid, bid;
_cleanup_free_ char *v = NULL;
"\"hostname\" : \"%s\","
"\"os_pretty_name\" : \"%s\","
"\"virtualization\" : \"%s\","
- "\"usage\" : \"%llu\","
- "\"cutoff_from_realtime\" : \"%llu\","
- "\"cutoff_to_realtime\" : \"%llu\" }\n",
+ "\"usage\" : \"%"PRIu64"\","
+ "\"cutoff_from_realtime\" : \"%"PRIu64"\","
+ "\"cutoff_to_realtime\" : \"%"PRIu64"\" }\n",
SD_ID128_FORMAT_VAL(mid),
SD_ID128_FORMAT_VAL(bid),
- hostname_cleanup(hostname),
+ hostname_cleanup(hostname, false),
os_name ? os_name : "Linux",
v ? v : "bare",
- (unsigned long long) usage,
- (unsigned long long) cutoff_from,
- (unsigned long long) cutoff_to);
+ usage,
+ cutoff_from,
+ cutoff_to);
if (r < 0)
return respond_oom(connection);
const char *upload_data,
size_t *upload_data_size,
void **connection_cls) {
+ int r, code;
assert(connection);
assert(connection_cls);
return MHD_YES;
}
+ if (trust_pem) {
+ r = check_permissions(connection, &code);
+ if (r < 0)
+ return code;
+ }
+
if (streq(url, "/"))
return request_handler_redirect(connection, "/browse");
"HTTP server for journal events.\n\n"
" -h --help Show this help\n"
" --version Show package version\n"
- " --cert=CERT.PEM Specify server certificate in PEM format\n"
- " --key=KEY.PEM Specify server key in PEM format\n",
+ " --cert=CERT.PEM Server certificate in PEM format\n"
+ " --key=KEY.PEM Server key in PEM format\n"
+ " --trust=CERT.PEM Certificat authority certificate in PEM format\n",
program_invocation_short_name);
return 0;
}
-static char *key_pem = NULL;
-static char *cert_pem = NULL;
-
static int parse_argv(int argc, char *argv[]) {
enum {
ARG_VERSION = 0x100,
ARG_KEY,
ARG_CERT,
+ ARG_TRUST,
};
int r, c;
{ "version", no_argument, NULL, ARG_VERSION },
{ "key", required_argument, NULL, ARG_KEY },
{ "cert", required_argument, NULL, ARG_CERT },
- { NULL, 0, NULL, 0 }
+ { "trust", required_argument, NULL, ARG_TRUST },
+ {}
};
assert(argc >= 0);
assert(argv);
while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
+
switch(c) {
+
+ case 'h':
+ return help();
+
case ARG_VERSION:
puts(PACKAGE_STRING);
puts(SYSTEMD_FEATURES);
return 0;
- case 'h':
- return help();
-
case ARG_KEY:
if (key_pem) {
log_error("Key file specified twice");
assert(cert_pem);
break;
+ case ARG_TRUST:
+#ifdef HAVE_GNUTLS
+ if (trust_pem) {
+ log_error("CA certificate file specified twice");
+ return -EINVAL;
+ }
+ r = read_full_file(optarg, &trust_pem, NULL);
+ if (r < 0) {
+ log_error("Failed to read CA certificate file: %s", strerror(-r));
+ return r;
+ }
+ assert(trust_pem);
+ break;
+#else
+ log_error("Option --trust is not available.");
+#endif
+
case '?':
return -EINVAL;
default:
- log_error("Unknown option code %c", c);
- return -EINVAL;
+ assert_not_reached("Unhandled option");
}
if (optind < argc) {
return -EINVAL;
}
+ if (trust_pem && !key_pem) {
+ log_error("CA certificate can only be used with certificate file");
+ return -EINVAL;
+ }
+
return 1;
}
if (r == 0)
return EXIT_SUCCESS;
+#ifdef HAVE_GNUTLS
+ gnutls_global_set_log_function(log_func_gnutls);
+ gnutls_global_set_log_level(GNUTLS_LOG_LEVEL);
+#endif
+
n = sd_listen_fds(1);
if (n < 0) {
log_error("Failed to determine passed sockets: %s", strerror(-n));
{ MHD_OPTION_END, 0, NULL },
{ MHD_OPTION_END, 0, NULL },
{ MHD_OPTION_END, 0, NULL },
+ { MHD_OPTION_END, 0, NULL },
{ MHD_OPTION_END, 0, NULL }};
int opts_pos = 2;
int flags = MHD_USE_THREAD_PER_CONNECTION|MHD_USE_POLL|MHD_USE_DEBUG;
{MHD_OPTION_HTTPS_MEM_CERT, 0, cert_pem};
flags |= MHD_USE_SSL;
}
+ if (trust_pem) {
+ assert(flags & MHD_USE_SSL);
+ opts[opts_pos++] = (struct MHD_OptionItem)
+ {MHD_OPTION_HTTPS_MEM_TRUST, 0, trust_pem};
+ }
d = MHD_start_daemon(flags, 19531,
NULL, NULL,
~ianmdlvl / elogind.git / blobdiff