#include "acl-util.h"
#include "cgroup-util.h"
+#define USER_JOURNALS_MAX 1024
+
typedef struct Server {
int epoll_fd;
int signal_fd;
char *buffer;
size_t buffer_size;
+
+ JournalMetrics metrics;
+ uint64_t max_use;
+ bool compress;
} Server;
static void fix_perms(JournalFile *f, uid_t uid) {
if (asprintf(&p, "/var/log/journal/%s/user-%lu.journal", sd_id128_to_string(machine, ids), (unsigned long) uid) < 0)
return s->system_journal;
+ while (hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
+ /* Too many open? Then let's close one */
+ f = hashmap_steal_first(s->user_journals);
+ assert(f);
+ journal_file_close(f);
+ }
+
r = journal_file_open(p, O_RDWR|O_CREAT, 0640, s->system_journal, &f);
free(p);
return s->system_journal;
fix_perms(f, uid);
+ f->metrics = s->metrics;
+ f->compress = s->compress;
r = hashmap_put(s->user_journals, UINT32_TO_PTR(uid), f);
if (r < 0) {
return f;
}
+static void server_vacuum(Server *s) {
+ Iterator i;
+ void *k;
+ char *p;
+ char ids[33];
+ sd_id128_t machine;
+ int r;
+ JournalFile *f;
+
+ log_info("Rotating...");
+
+ if (s->runtime_journal) {
+ r = journal_file_rotate(&s->runtime_journal);
+ if (r < 0)
+ log_error("Failed to rotate %s: %s", s->runtime_journal->path, strerror(-r));
+ }
+
+ if (s->system_journal) {
+ r = journal_file_rotate(&s->system_journal);
+ if (r < 0)
+ log_error("Failed to rotate %s: %s", s->system_journal->path, strerror(-r));
+ }
+
+ HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
+ r = journal_file_rotate(&f);
+ if (r < 0)
+ log_error("Failed to rotate %s: %s", f->path, strerror(-r));
+ else
+ hashmap_replace(s->user_journals, k, f);
+ }
+
+ log_info("Vacuuming...");
+
+ r = sd_id128_get_machine(&machine);
+ if (r < 0) {
+ log_error("Failed to get machine ID: %s", strerror(-r));
+ return;
+ }
+
+ if (asprintf(&p, "/var/log/journal/%s", sd_id128_to_string(machine, ids)) < 0) {
+ log_error("Out of memory.");
+ return;
+ }
+
+ r = journal_directory_vacuum(p, s->max_use, s->metrics.keep_free);
+ if (r < 0 && r != -ENOENT)
+ log_error("Failed to vacuum %s: %s", p, strerror(-r));
+ free(p);
+
+ if (asprintf(&p, "/run/log/journal/%s", ids) < 0) {
+ log_error("Out of memory.");
+ return;
+ }
+
+ r = journal_directory_vacuum(p, s->max_use, s->metrics.keep_free);
+ if (r < 0 && r != -ENOENT)
+ log_error("Failed to vacuum %s: %s", p, strerror(-r));
+ free(p);
+}
+
static void dispatch_message(Server *s, struct iovec *iovec, unsigned n, unsigned m, struct ucred *ucred, struct timeval *tv) {
char *pid = NULL, *uid = NULL, *gid = NULL,
*source_time = NULL, *boot_id = NULL, *machine_id = NULL,
char *t;
uid_t loginuid = 0, realuid = 0;
JournalFile *f;
+ bool vacuumed = false;
assert(s);
assert(iovec || n == 0);
assert(n <= m);
+retry:
f = find_journal(s, realuid == 0 ? 0 : loginuid);
if (!f)
log_warning("Dropping message, as we can't find a place to store the data.");
else {
r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
+ if (r == -E2BIG && !vacuumed) {
+ log_info("Allocation limit reached.");
+
+ server_vacuum(s);
+ vacuumed = true;
+
+ log_info("Retrying write.");
+ goto retry;
+ }
+
if (r < 0)
log_error("Failed to write entry, ignoring: %s", strerror(-r));
}
free(syslog_priority);
}
+static bool valid_user_field(const char *p, size_t l) {
+ const char *a;
+
+ /* We kinda enforce POSIX syntax recommendations for
+ environment variables here, but make a couple of additional
+ requirements.
+
+ http://pubs.opengroup.org/onlinepubs/000095399/basedefs/xbd_chap08.html */
+
+ /* No empty field names */
+ if (l <= 0)
+ return false;
+
+ /* Don't allow names longer than 64 chars */
+ if (l > 64)
+ return false;
+
+ /* Variables starting with an underscore are protected */
+ if (p[0] == '_')
+ return false;
+
+ /* Don't allow digits as first character */
+ if (p[0] >= '0' && p[0] <= '9')
+ return false;
+
+ /* Only allow A-Z0-9 and '_' */
+ for (a = p; a < p + l; a++)
+ if (!((*a >= 'A' && *a <= 'Z') ||
+ (*a >= '0' && *a <= '9') ||
+ *a == '_'))
+ return false;
+
+ return true;
+}
+
static void process_native_message(Server *s, const void *buffer, size_t buffer_size, struct ucred *ucred, struct timeval *tv) {
struct iovec *iovec = NULL;
unsigned n = 0, m = 0, j;
continue;
}
- if (*p == '.') {
- /* Control command, ignore for now */
+ if (*p == '.' || *p == '#') {
+ /* Ignore control commands for now, and
+ * comments too. */
remaining -= (e - p) + 1;
p = e + 1;
continue;
q = memchr(p, '=', e - p);
if (q) {
- iovec[n].iov_base = (char*) p;
- iovec[n].iov_len = e - p;
- n++;
+ if (valid_user_field(p, q - p)) {
+ /* If the field name starts with an
+ * underscore, skip the variable,
+ * since that indidates a trusted
+ * field */
+ iovec[n].iov_base = (char*) p;
+ iovec[n].iov_len = e - p;
+ n++;
+ }
remaining -= (e - p) + 1;
p = e + 1;
k[e - p] = '=';
memcpy(k + (e - p) + 1, e + 1 + sizeof(uint64_t), l);
- iovec[n].iov_base = k;
- iovec[n].iov_len = (e - p) + 1 + l;
- n++;
+ if (valid_user_field(p, e - p)) {
+ iovec[n].iov_base = k;
+ iovec[n].iov_len = (e - p) + 1 + l;
+ n++;
+ } else
+ free(k);
remaining -= (e - p) + 1 + sizeof(uint64_t) + l + 1;
p = e + 1 + sizeof(uint64_t) + l + 1;
free(fn);
if (r >= 0) {
+ s->system_journal->metrics = s->metrics;
+ s->system_journal->compress = s->compress;
+
fix_perms(s->system_journal, 0);
return r;
}
return r;
}
+ s->runtime_journal->metrics = s->metrics;
+ s->runtime_journal->compress = s->compress;
+
fix_perms(s->runtime_journal, 0);
return r;
}
zero(*s);
s->syslog_fd = s->native_fd = s->signal_fd = -1;
+ s->metrics.max_size = DEFAULT_MAX_SIZE;
+ s->metrics.min_size = DEFAULT_MIN_SIZE;
+ s->metrics.keep_free = DEFAULT_KEEP_FREE;
+ s->max_use = DEFAULT_MAX_USE;
+ s->compress = true;
s->epoll_fd = epoll_create1(EPOLL_CLOEXEC);
if (s->epoll_fd < 0) {
}
log_set_target(LOG_TARGET_CONSOLE);
+ log_set_max_level(LOG_DEBUG);
log_parse_environment();
log_open();
sd_notify(false,
"READY=1\n"
"STATUS=Processing messages...");
-#
+
for (;;) {
struct epoll_event event;