X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fjournal%2Fjournal-gatewayd.c;h=d47b27ef7fdbbcde15acff423c26690a0c40cee8;hp=6922ebcf9c1c154f83cee9b24ca448e79e8a1bbb;hb=fdfccdbc985944a57017a25f44dd6acc1a937bab;hpb=858634ff0e158757dfd630f4da72e790a42e60dd diff --git a/src/journal/journal-gatewayd.c b/src/journal/journal-gatewayd.c index 6922ebcf9..d47b27ef7 100644 --- a/src/journal/journal-gatewayd.c +++ b/src/journal/journal-gatewayd.c @@ -27,13 +27,24 @@ #include +#ifdef HAVE_GNUTLS +#include +#endif + #include "log.h" #include "util.h" #include "sd-journal.h" #include "sd-daemon.h" +#include "sd-bus.h" +#include "bus-util.h" #include "logs-show.h" -#include "virt.h" +#include "microhttpd-util.h" #include "build.h" +#include "fileio.h" + +static char *key_pem = NULL; +static char *cert_pem = NULL; +static char *trust_pem = NULL; typedef struct RequestMeta { sd_journal *journal; @@ -67,6 +78,7 @@ static const char* const mime_types[_OUTPUT_MODE_MAX] = { static RequestMeta *request_meta(void **connection_cls) { RequestMeta *m; + assert(connection_cls); if (*connection_cls) return *connection_cls; @@ -105,59 +117,7 @@ static int open_journal(RequestMeta *m) { if (m->journal) return 0; - return sd_journal_open(&m->journal, SD_JOURNAL_LOCAL_ONLY|SD_JOURNAL_SYSTEM_ONLY); -} - - -static int respond_oom(struct MHD_Connection *connection) { - struct MHD_Response *response; - const char m[] = "Out of memory.\n"; - int ret; - - assert(connection); - - response = MHD_create_response_from_buffer(sizeof(m)-1, (char*) m, MHD_RESPMEM_PERSISTENT); - if (!response) - return MHD_NO; - - MHD_add_response_header(response, "Content-Type", "text/plain"); - ret = MHD_queue_response(connection, MHD_HTTP_SERVICE_UNAVAILABLE, response); - MHD_destroy_response(response); - - return ret; -} - -static int respond_error( - struct MHD_Connection *connection, - unsigned code, - const char *format, ...) { - - struct MHD_Response *response; - char *m; - int r; - va_list ap; - - assert(connection); - assert(format); - - va_start(ap, format); - r = vasprintf(&m, format, ap); - va_end(ap); - - if (r < 0) - return respond_oom(connection); - - response = MHD_create_response_from_buffer(strlen(m), m, MHD_RESPMEM_MUST_FREE); - if (!response) { - free(m); - return respond_oom(connection); - } - - MHD_add_response_header(response, "Content-Type", "text/plain"); - r = MHD_queue_response(connection, code, response); - MHD_destroy_response(response); - - return r; + return sd_journal_open(&m->journal, SD_JOURNAL_LOCAL_ONLY|SD_JOURNAL_SYSTEM); } static ssize_t request_reader_entries( @@ -243,7 +203,7 @@ static ssize_t request_reader_entries( } } - r = output_journal(m->tmp, m->journal, m->mode, 0, OUTPUT_FULL_WIDTH); + r = output_journal(m->tmp, m->journal, m->mode, 0, OUTPUT_FULL_WIDTH, NULL); if (r < 0) { log_error("Failed to serialize item: %s", strerror(-r)); return MHD_CONTENT_READER_END_WITH_ERROR; @@ -330,7 +290,7 @@ static int request_parse_range( colon2 = strchr(colon + 1, ':'); if (colon2) { - char _cleanup_free_ *t; + _cleanup_free_ char *t; t = strndup(colon + 1, colon2 - colon - 1); if (!t) @@ -479,18 +439,14 @@ static int request_parse_arguments( static int request_handler_entries( struct MHD_Connection *connection, - void **connection_cls) { + void *connection_cls) { struct MHD_Response *response; - RequestMeta *m; + RequestMeta *m = connection_cls; int r; assert(connection); - assert(connection_cls); - - m = request_meta(connection_cls); - if (!m) - return respond_oom(connection); + assert(m); r = open_journal(m); if (r < 0) @@ -648,15 +604,11 @@ static int request_handler_fields( void *connection_cls) { struct MHD_Response *response; - RequestMeta *m; + RequestMeta *m = connection_cls; int r; assert(connection); - assert(connection_cls); - - m = request_meta(connection_cls); - if (!m) - return respond_oom(connection); + assert(m); r = open_journal(m); if (r < 0) @@ -745,24 +697,51 @@ static int request_handler_file( return ret; } +static int get_virtualization(char **v) { + _cleanup_bus_unref_ sd_bus *bus = NULL; + char *b = NULL; + int r; + + r = sd_bus_default_system(&bus); + if (r < 0) + return r; + + r = sd_bus_get_property_string( + bus, + "org.freedesktop.systemd1", + "/org/freedesktop/systemd1", + "org.freedesktop.systemd1.Manager", + "Virtualization", + NULL, + &b); + if (r < 0) + return r; + + if (isempty(b)) { + free(b); + *v = NULL; + return 0; + } + + *v = b; + return 1; +} + static int request_handler_machine( struct MHD_Connection *connection, - void **connection_cls) { + void *connection_cls) { struct MHD_Response *response; - RequestMeta *m; + RequestMeta *m = connection_cls; int r; _cleanup_free_ char* hostname = NULL, *os_name = NULL; - uint64_t cutoff_from, cutoff_to, usage; + uint64_t cutoff_from = 0, cutoff_to = 0, usage; char *json; sd_id128_t mid, bid; - const char *v = "bare"; + _cleanup_free_ char *v = NULL; assert(connection); - - m = request_meta(connection_cls); - if (!m) - return respond_oom(connection); + assert(m); r = open_journal(m); if (r < 0) @@ -790,7 +769,7 @@ static int request_handler_machine( parse_env_file("/etc/os-release", NEWLINE, "PRETTY_NAME", &os_name, NULL); - detect_virtualization(&v); + get_virtualization(&v); r = asprintf(&json, "{ \"machine_id\" : \"" SD_ID128_FORMAT_STR "\"," @@ -798,17 +777,17 @@ static int request_handler_machine( "\"hostname\" : \"%s\"," "\"os_pretty_name\" : \"%s\"," "\"virtualization\" : \"%s\"," - "\"usage\" : \"%llu\"," - "\"cutoff_from_realtime\" : \"%llu\"," - "\"cutoff_to_realtime\" : \"%llu\" }\n", + "\"usage\" : \"%"PRIu64"\"," + "\"cutoff_from_realtime\" : \"%"PRIu64"\"," + "\"cutoff_to_realtime\" : \"%"PRIu64"\" }\n", SD_ID128_FORMAT_VAL(mid), SD_ID128_FORMAT_VAL(bid), - hostname_cleanup(hostname), + hostname_cleanup(hostname, false), os_name ? os_name : "Linux", - v, - (unsigned long long) usage, - (unsigned long long) cutoff_from, - (unsigned long long) cutoff_to); + v ? v : "bare", + usage, + cutoff_from, + cutoff_to); if (r < 0) return respond_oom(connection); @@ -835,56 +814,91 @@ static int request_handler( const char *upload_data, size_t *upload_data_size, void **connection_cls) { + int r, code; assert(connection); + assert(connection_cls); assert(url); assert(method); if (!streq(method, "GET")) - return MHD_NO; + return respond_error(connection, MHD_HTTP_METHOD_NOT_ACCEPTABLE, + "Unsupported method.\n"); + + + if (!*connection_cls) { + if (!request_meta(connection_cls)) + return respond_oom(connection); + return MHD_YES; + } + + if (trust_pem) { + r = check_permissions(connection, &code); + if (r < 0) + return code; + } if (streq(url, "/")) return request_handler_redirect(connection, "/browse"); if (streq(url, "/entries")) - return request_handler_entries(connection, connection_cls); + return request_handler_entries(connection, *connection_cls); if (startswith(url, "/fields/")) - return request_handler_fields(connection, url + 8, connection_cls); + return request_handler_fields(connection, url + 8, *connection_cls); if (streq(url, "/browse")) return request_handler_file(connection, DOCUMENT_ROOT "/browse.html", "text/html"); if (streq(url, "/machine")) - return request_handler_machine(connection, connection_cls); + return request_handler_machine(connection, *connection_cls); return respond_error(connection, MHD_HTTP_NOT_FOUND, "Not found.\n"); } -static char *key_pem = NULL; -static char *cert_pem = NULL; +static int help(void) { + + printf("%s [OPTIONS...] ...\n\n" + "HTTP server for journal events.\n\n" + " -h --help Show this help\n" + " --version Show package version\n" + " --cert=CERT.PEM Server certificate in PEM format\n" + " --key=KEY.PEM Server key in PEM format\n" + " --trust=CERT.PEM Certificat authority certificate in PEM format\n", + program_invocation_short_name); + + return 0; +} static int parse_argv(int argc, char *argv[]) { enum { ARG_VERSION = 0x100, ARG_KEY, ARG_CERT, + ARG_TRUST, }; int r, c; static const struct option options[] = { + { "help", no_argument, NULL, 'h' }, { "version", no_argument, NULL, ARG_VERSION }, { "key", required_argument, NULL, ARG_KEY }, { "cert", required_argument, NULL, ARG_CERT }, - { NULL, 0, NULL, 0 } + { "trust", required_argument, NULL, ARG_TRUST }, + {} }; assert(argc >= 0); assert(argv); - while ((c = getopt_long(argc, argv, "", options, NULL)) >= 0) + while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0) + switch(c) { + + case 'h': + return help(); + case ARG_VERSION: puts(PACKAGE_STRING); puts(SYSTEMD_FEATURES); @@ -916,12 +930,28 @@ static int parse_argv(int argc, char *argv[]) { assert(cert_pem); break; + case ARG_TRUST: +#ifdef HAVE_GNUTLS + if (trust_pem) { + log_error("CA certificate file specified twice"); + return -EINVAL; + } + r = read_full_file(optarg, &trust_pem, NULL); + if (r < 0) { + log_error("Failed to read CA certificate file: %s", strerror(-r)); + return r; + } + assert(trust_pem); + break; +#else + log_error("Option --trust is not available."); +#endif + case '?': return -EINVAL; default: - log_error("Unknown option code %c", c); - return -EINVAL; + assert_not_reached("Unhandled option"); } if (optind < argc) { @@ -934,6 +964,11 @@ static int parse_argv(int argc, char *argv[]) { return -EINVAL; } + if (trust_pem && !key_pem) { + log_error("CA certificate can only be used with certificate file"); + return -EINVAL; + } + return 1; } @@ -951,6 +986,11 @@ int main(int argc, char *argv[]) { if (r == 0) return EXIT_SUCCESS; +#ifdef HAVE_GNUTLS + gnutls_global_set_log_function(log_func_gnutls); + gnutls_global_set_log_level(GNUTLS_LOG_LEVEL); +#endif + n = sd_listen_fds(1); if (n < 0) { log_error("Failed to determine passed sockets: %s", strerror(-n)); @@ -962,11 +1002,14 @@ int main(int argc, char *argv[]) { struct MHD_OptionItem opts[] = { { MHD_OPTION_NOTIFY_COMPLETED, (intptr_t) request_meta_free, NULL }, + { MHD_OPTION_EXTERNAL_LOGGER, + (intptr_t) microhttpd_logger, NULL }, + { MHD_OPTION_END, 0, NULL }, { MHD_OPTION_END, 0, NULL }, { MHD_OPTION_END, 0, NULL }, { MHD_OPTION_END, 0, NULL }, { MHD_OPTION_END, 0, NULL }}; - int opts_pos = 1; + int opts_pos = 2; int flags = MHD_USE_THREAD_PER_CONNECTION|MHD_USE_POLL|MHD_USE_DEBUG; if (n > 0) @@ -980,6 +1023,11 @@ int main(int argc, char *argv[]) { {MHD_OPTION_HTTPS_MEM_CERT, 0, cert_pem}; flags |= MHD_USE_SSL; } + if (trust_pem) { + assert(flags & MHD_USE_SSL); + opts[opts_pos++] = (struct MHD_OptionItem) + {MHD_OPTION_HTTPS_MEM_TRUST, 0, trust_pem}; + } d = MHD_start_daemon(flags, 19531, NULL, NULL,