X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fjournal-remote%2Fjournal-upload.c;h=36c0241d029bb8b999b90f8f3badb5cefa4ade66;hp=76855373d36351d505dcdcb3eb507c996a47b328;hb=0a1beeb64207eaa88ab9236787b1cbc2f704ae14;hpb=722b6795655149a68277b3cffeba711e1d440e5a diff --git a/src/journal-remote/journal-upload.c b/src/journal-remote/journal-upload.c index 76855373d..36c0241d0 100644 --- a/src/journal-remote/journal-upload.c +++ b/src/journal-remote/journal-upload.c @@ -31,8 +31,15 @@ #include "util.h" #include "build.h" #include "fileio.h" +#include "mkdir.h" +#include "conf-parser.h" #include "journal-upload.h" +#define PRIV_KEY_FILE CERTIFICATE_ROOT "/private/journal-upload.pem" +#define CERT_FILE CERTIFICATE_ROOT "/certs/journal-upload.pem" +#define TRUST_FILE CERTIFICATE_ROOT "/ca/trusted.pem" +#define DEFAULT_PORT 19532 + static const char* arg_url; static void close_fd_input(Uploader *u); @@ -56,7 +63,7 @@ static const char *arg_save_state = NULL; #define STATE_FILE "/var/lib/systemd/journal-upload/state" #define easy_setopt(curl, opt, value, level, cmd) \ - { \ + do { \ code = curl_easy_setopt(curl, opt, value); \ if (code) { \ log_full(level, \ @@ -64,7 +71,7 @@ static const char *arg_save_state = NULL; curl_easy_strerror(code)); \ cmd; \ } \ - } + } while(0) static size_t output_callback(char *buf, size_t size, @@ -87,6 +94,32 @@ static size_t output_callback(char *buf, return size * nmemb; } +static int check_cursor_updating(Uploader *u) { + _cleanup_free_ char *temp_path = NULL; + _cleanup_fclose_ FILE *f = NULL; + int r; + + if (!u->state_file) + return 0; + + r = mkdir_parents(u->state_file, 0755); + if (r < 0) { + log_error("Cannot create parent directory of state file %s: %s", + u->state_file, strerror(-r)); + return r; + } + + r = fopen_temporary(u->state_file, &f, &temp_path); + if (r < 0) { + log_error("Cannot save state to %s: %s", + u->state_file, strerror(-r)); + return r; + } + unlink(temp_path); + + return 0; +} + static int update_cursor_state(Uploader *u) { _cleanup_free_ char *temp_path = NULL; _cleanup_fclose_ FILE *f = NULL; @@ -114,7 +147,7 @@ static int update_cursor_state(Uploader *u) { finish: if (r < 0) - log_error("Failed to save state %s: %s", u->state_file, strerror(-r)); + log_error_errno(-r, "Failed to save state %s: %m", u->state_file); return r; } @@ -129,11 +162,14 @@ static int load_cursor_state(Uploader *u) { "LAST_CURSOR", &u->last_cursor, NULL); - if (r < 0 && r != -ENOENT) { + if (r == -ENOENT) + log_debug("State file %s is not present.", u->state_file); + else if (r < 0) { log_error("Failed to read state file %s: %s", u->state_file, strerror(-r)); return r; - } + } else + log_debug("Last cursor was %s", u->last_cursor); return 0; } @@ -186,7 +222,7 @@ int start_upload(Uploader *u, easy_setopt(curl, CURLOPT_POST, 1L, LOG_ERR, return -EXFULL); - easy_setopt(curl, CURLOPT_ERRORBUFFER, &u->error, + easy_setopt(curl, CURLOPT_ERRORBUFFER, u->error, LOG_ERR, return -EXFULL); /* set where to write to */ @@ -214,17 +250,18 @@ int start_upload(Uploader *u, "systemd-journal-upload " PACKAGE_STRING, LOG_WARNING, ); - if (arg_key) { - assert(arg_cert); - - easy_setopt(curl, CURLOPT_SSLKEY, arg_key, + if (arg_key || startswith(u->url, "https://")) { + easy_setopt(curl, CURLOPT_SSLKEY, arg_key ?: PRIV_KEY_FILE, LOG_ERR, return -EXFULL); - easy_setopt(curl, CURLOPT_SSLCERT, arg_cert, + easy_setopt(curl, CURLOPT_SSLCERT, arg_cert ?: CERT_FILE, LOG_ERR, return -EXFULL); } - if (arg_trust) - easy_setopt(curl, CURLOPT_CAINFO, arg_trust, + if (streq_ptr(arg_trust, "all")) + easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0, + LOG_ERR, return -EUCLEAN); + else if (arg_trust || startswith(u->url, "https://")) + easy_setopt(curl, CURLOPT_CAINFO, arg_trust ?: TRUST_FILE, LOG_ERR, return -EXFULL); if (arg_key || arg_trust) @@ -297,9 +334,19 @@ static int dispatch_fd_input(sd_event_source *event, Uploader *u = userp; assert(u); - assert(revents & EPOLLIN); assert(fd >= 0); + if (revents & EPOLLHUP) { + log_debug("Received HUP"); + close_fd_input(u); + return 0; + } + + if (!(revents & EPOLLIN)) { + log_warning("Unexpected poll event %"PRIu32".", revents); + return -EINVAL; + } + if (u->uploading) { log_warning("dispatch_fd_input called when uploading, ignoring."); return 0; @@ -309,7 +356,7 @@ static int dispatch_fd_input(sd_event_source *event, } static int open_file_for_upload(Uploader *u, const char *filename) { - int fd, r; + int fd, r = 0; if (streq(filename, "-")) fd = STDIN_FILENO; @@ -328,7 +375,7 @@ static int open_file_for_upload(Uploader *u, const char *filename) { fd, EPOLLIN, dispatch_fd_input, u); if (r < 0) { if (r != -EPERM || arg_follow > 0) { - log_error("Failed to register input event: %s", strerror(-r)); + log_error_errno(-r, "Failed to register input event: %m"); return r; } @@ -340,8 +387,46 @@ static int open_file_for_upload(Uploader *u, const char *filename) { return r; } +static int dispatch_sigterm(sd_event_source *event, + const struct signalfd_siginfo *si, + void *userdata) { + Uploader *u = userdata; + + assert(u); + + log_received_signal(LOG_INFO, si); + + close_fd_input(u); + close_journal_input(u); + + sd_event_exit(u->events, 0); + return 0; +} + +static int setup_signals(Uploader *u) { + sigset_t mask; + int r; + + assert(u); + + assert_se(sigemptyset(&mask) == 0); + sigset_add_many(&mask, SIGINT, SIGTERM, -1); + assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) == 0); + + r = sd_event_add_signal(u->events, &u->sigterm_event, SIGTERM, dispatch_sigterm, u); + if (r < 0) + return r; + + r = sd_event_add_signal(u->events, &u->sigint_event, SIGINT, dispatch_sigterm, u); + if (r < 0) + return r; + + return 0; +} + static int setup_uploader(Uploader *u, const char *url, const char *state_file) { int r; + const char *host, *proto = ""; assert(u); assert(url); @@ -349,12 +434,38 @@ static int setup_uploader(Uploader *u, const char *url, const char *state_file) memzero(u, sizeof(Uploader)); u->input = -1; - u->url = url; + if (!(host = startswith(url, "http://")) && !(host = startswith(url, "https://"))) { + host = url; + proto = "https://"; + } + + if (strchr(host, ':')) + u->url = strjoin(proto, url, "/upload", NULL); + else { + char *t; + size_t x; + + t = strdupa(url); + x = strlen(t); + while (x > 0 && t[x - 1] == '/') + t[x - 1] = '\0'; + + u->url = strjoin(proto, t, ":" STRINGIFY(DEFAULT_PORT), "/upload", NULL); + } + if (!u->url) + return log_oom(); + u->state_file = state_file; r = sd_event_default(&u->events); if (r < 0) { - log_error("sd_event_default failed: %s", strerror(-r)); + log_error_errno(-r, "sd_event_default failed: %m"); + return r; + } + + r = setup_signals(u); + if (r < 0) { + log_error_errno(-r, "Failed to set up signals: %m"); return r; } @@ -371,11 +482,15 @@ static void destroy_uploader(Uploader *u) { free(u->last_cursor); free(u->current_cursor); + free(u->url); + u->input_event = sd_event_source_unref(u->input_event); close_fd_input(u); close_journal_input(u); + sd_event_source_unref(u->sigterm_event); + sd_event_source_unref(u->sigint_event); sd_event_unref(u->events); } @@ -387,10 +502,12 @@ static int perform_upload(Uploader *u) { code = curl_easy_perform(u->easy); if (code) { - log_error("Upload to %s failed: %.*s", - u->url, - u->error[0] ? (int) sizeof(u->error) : INT_MAX, - u->error[0] ? u->error : curl_easy_strerror(code)); + if (u->error[0]) + log_error("Upload to %s failed: %.*s", + u->url, (int) sizeof(u->error), u->error); + else + log_error("Upload to %s failed: %s", + u->url, curl_easy_strerror(code)); return -EIO; } @@ -420,27 +537,46 @@ static int perform_upload(Uploader *u) { return update_cursor_state(u); } +static int parse_config(void) { + const ConfigTableItem items[] = { + { "Upload", "URL", config_parse_string, 0, &arg_url }, + { "Upload", "ServerKeyFile", config_parse_path, 0, &arg_key }, + { "Upload", "ServerCertificateFile", config_parse_path, 0, &arg_cert }, + { "Upload", "TrustedCertificateFile", config_parse_path, 0, &arg_trust }, + {}}; + + return config_parse(NULL, PKGSYSCONFDIR "/journal-upload.conf", NULL, + "Upload\0", + config_item_table_lookup, items, + false, false, true, NULL); +} + static void help(void) { printf("%s -u URL {FILE|-}...\n\n" "Upload journal events to a remote server.\n\n" - "Options:\n" - " --url=URL Upload to this address\n" - " --key=FILENAME Specify key in PEM format\n" - " --cert=FILENAME Specify certificate in PEM format\n" - " --trust=FILENAME Specify CA certificate in PEM format\n" - " --system Use the system journal\n" - " --user Use the user journal for the current user\n" - " -m --merge Use all available journals\n" - " -M --machine=CONTAINER Operate on local container\n" - " -D --directory=PATH Use journal files from directory\n" - " --file=PATH Use this journal file\n" - " --cursor=CURSOR Start at the specified cursor\n" - " --after-cursor=CURSOR Start after the specified cursor\n" - " --[no-]follow Do [not] wait for input\n" - " --save-state[=FILE] Save uploaded cursors (default \n" - " " STATE_FILE ")\n" - " -h --help Show this help and exit\n" - " --version Print version string and exit\n" + " -h --help Show this help\n" + " --version Show package version\n" + " -u --url=URL Upload to this address (default port " + STRINGIFY(DEFAULT_PORT) ")\n" + " --key=FILENAME Specify key in PEM format (default:\n" + " \"" PRIV_KEY_FILE "\")\n" + " --cert=FILENAME Specify certificate in PEM format (default:\n" + " \"" CERT_FILE "\")\n" + " --trust=FILENAME|all Specify CA certificate or disable checking (default:\n" + " \"" TRUST_FILE "\")\n" + " --system Use the system journal\n" + " --user Use the user journal for the current user\n" + " -m --merge Use all available journals\n" + " -M --machine=CONTAINER Operate on local container\n" + " -D --directory=PATH Use journal files from directory\n" + " --file=PATH Use this journal file\n" + " --cursor=CURSOR Start at the specified cursor\n" + " --after-cursor=CURSOR Start after the specified cursor\n" + " --follow[=BOOL] Do [not] wait for input\n" + " --save-state[=FILE] Save uploaded cursors (default \n" + " " STATE_FILE ")\n" + " -h --help Show this help and exit\n" + " --version Print version string and exit\n" , program_invocation_short_name); } @@ -456,7 +592,6 @@ static int parse_argv(int argc, char *argv[]) { ARG_CURSOR, ARG_AFTER_CURSOR, ARG_FOLLOW, - ARG_NO_FOLLOW, ARG_SAVE_STATE, }; @@ -475,8 +610,7 @@ static int parse_argv(int argc, char *argv[]) { { "file", required_argument, NULL, ARG_FILE }, { "cursor", required_argument, NULL, ARG_CURSOR }, { "after-cursor", required_argument, NULL, ARG_AFTER_CURSOR }, - { "follow", no_argument, NULL, ARG_FOLLOW }, - { "no-follow", no_argument, NULL, ARG_NO_FOLLOW }, + { "follow", optional_argument, NULL, ARG_FOLLOW }, { "save-state", optional_argument, NULL, ARG_SAVE_STATE }, {} }; @@ -568,7 +702,7 @@ static int parse_argv(int argc, char *argv[]) { case ARG_FILE: r = glob_extend(&arg_file, optarg); if (r < 0) { - log_error("Failed to add paths: %s", strerror(-r)); + log_error_errno(-r, "Failed to add paths: %m"); return r; }; break; @@ -593,11 +727,17 @@ static int parse_argv(int argc, char *argv[]) { break; case ARG_FOLLOW: - arg_follow = true; - break; + if (optarg) { + r = parse_boolean(optarg); + if (r < 0) { + log_error("Failed to parse --follow= parameter."); + return -EINVAL; + } + + arg_follow = !!r; + } else + arg_follow = true; - case ARG_NO_FOLLOW: - arg_follow = false; break; case ARG_SAVE_STATE: @@ -660,6 +800,10 @@ int main(int argc, char **argv) { log_show_color(true); log_parse_environment(); + r = parse_config(); + if (r < 0) + goto finish; + r = parse_argv(argc, argv); if (r <= 0) goto finish; @@ -668,6 +812,12 @@ int main(int argc, char **argv) { if (r < 0) goto cleanup; + sd_event_set_watchdog(u.events, true); + + r = check_cursor_updating(&u); + if (r < 0) + goto cleanup; + log_debug("%s running as pid "PID_FMT, program_invocation_short_name, getpid()); @@ -690,6 +840,12 @@ int main(int argc, char **argv) { "STATUS=Processing input..."); while (true) { + r = sd_event_get_state(u.events); + if (r < 0) + break; + if (r == SD_EVENT_FINISHED) + break; + if (use_journal) { if (!u.journal) break; @@ -705,12 +861,6 @@ int main(int argc, char **argv) { if (r < 0) goto cleanup; - r = sd_event_get_state(u.events); - if (r < 0) - break; - if (r == SD_EVENT_FINISHED) - break; - if (u.uploading) { r = perform_upload(&u); if (r < 0) @@ -719,15 +869,18 @@ int main(int argc, char **argv) { r = sd_event_run(u.events, u.timeout); if (r < 0) { - log_error("Failed to run event loop: %s", strerror(-r)); + log_error_errno(-r, "Failed to run event loop: %m"); break; } } cleanup: - sd_notify(false, "STATUS=Shutting down..."); + sd_notify(false, + "STOPPING=1\n" + "STATUS=Shutting down..."); + destroy_uploader(&u); finish: - return r == 0 ? EXIT_SUCCESS : EXIT_FAILURE; + return r >= 0 ? EXIT_SUCCESS : EXIT_FAILURE; }