X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fjournal%2Fjournald-server.c;h=e06242769e7acc2142b40cad4f7b068d336deac9;hp=52111f75a03ceb808084d0eb1ca2ccd1a3313d3e;hb=875c2e220e2611165e09051c4747971811f1de58;hpb=b1389b0d0805392570085acc7cb10eafcf885405 diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c index 52111f75a..e06242769 100644 --- a/src/journal/journald-server.c +++ b/src/journal/journald-server.c @@ -50,6 +50,7 @@ #include "journald-stream.h" #include "journald-console.h" #include "journald-native.h" +#include "journald-audit.h" #include "journald-server.h" #ifdef HAVE_ACL @@ -266,7 +267,7 @@ static JournalFile* find_journal(Server *s, uid_t uid) { if (r < 0) return s->system_journal; - f = hashmap_get(s->user_journals, UINT32_TO_PTR(uid)); + f = ordered_hashmap_get(s->user_journals, UINT32_TO_PTR(uid)); if (f) return f; @@ -274,9 +275,9 @@ static JournalFile* find_journal(Server *s, uid_t uid) { SD_ID128_FORMAT_VAL(machine), uid) < 0) return s->system_journal; - while (hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) { + while (ordered_hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) { /* Too many open? Then let's close one */ - f = hashmap_steal_first(s->user_journals); + f = ordered_hashmap_steal_first(s->user_journals); assert(f); journal_file_close(f); } @@ -287,7 +288,7 @@ static JournalFile* find_journal(Server *s, uid_t uid) { server_fix_perms(s, f, uid); - r = hashmap_put(s->user_journals, UINT32_TO_PTR(uid), f); + r = ordered_hashmap_put(s->user_journals, UINT32_TO_PTR(uid), f); if (r < 0) { journal_file_close(f); return s->system_journal; @@ -328,13 +329,13 @@ void server_rotate(Server *s) { do_rotate(s, &s->runtime_journal, "runtime", false, 0); do_rotate(s, &s->system_journal, "system", s->seal, 0); - HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) { + ORDERED_HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) { r = do_rotate(s, &f, "user", s->seal, PTR_TO_UINT32(k)); if (r >= 0) - hashmap_replace(s->user_journals, k, f); + ordered_hashmap_replace(s->user_journals, k, f); else if (!f) /* Old file has been closed and deallocated */ - hashmap_remove(s->user_journals, k); + ordered_hashmap_remove(s->user_journals, k); } } @@ -350,7 +351,7 @@ void server_sync(Server *s) { log_error("Failed to sync system journal: %s", strerror(-r)); } - HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) { + ORDERED_HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) { r = journal_file_set_offline(f); if (r < 0) log_error("Failed to sync user journal: %s", strerror(-r)); @@ -537,8 +538,8 @@ static void write_to_journal(Server *s, uid_t uid, struct iovec *iovec, unsigned static void dispatch_message_real( Server *s, struct iovec *iovec, unsigned n, unsigned m, - struct ucred *ucred, - struct timeval *tv, + const struct ucred *ucred, + const struct timeval *tv, const char *label, size_t label_len, const char *unit_id, int priority, @@ -680,7 +681,7 @@ static void dispatch_message_real( } #ifdef HAVE_SELINUX - if (use_selinux()) { + if (mac_selinux_use()) { if (label) { x = alloca(strlen("_SELINUX_CONTEXT=") + label_len + 1); @@ -855,8 +856,8 @@ void server_driver_message(Server *s, sd_id128_t message_id, const char *format, void server_dispatch_message( Server *s, struct iovec *iovec, unsigned n, unsigned m, - struct ucred *ucred, - struct timeval *tv, + const struct ucred *ucred, + const struct timeval *tv, const char *label, size_t label_len, const char *unit_id, int priority, @@ -919,7 +920,7 @@ finish: } -static int system_journal_open(Server *s) { +static int system_journal_open(Server *s, bool flush_requested) { int r; char *fn; sd_id128_t machine; @@ -935,7 +936,8 @@ static int system_journal_open(Server *s) { if (!s->system_journal && (s->storage == STORAGE_PERSISTENT || s->storage == STORAGE_AUTO) && - access("/run/systemd/journal/flushed", F_OK) >= 0) { + (flush_requested + || access("/run/systemd/journal/flushed", F_OK) >= 0)) { /* If in auto mode: first try to create the machine * path, but not the prefix. @@ -1029,7 +1031,7 @@ int server_flush_to_var(Server *s) { if (!s->runtime_journal) return 0; - system_journal_open(s); + system_journal_open(s, true); if (!s->system_journal) return 0; @@ -1111,7 +1113,7 @@ int process_datagram(sd_event_source *es, int fd, uint32_t revents, void *userda Server *s = userdata; assert(s); - assert(fd == s->native_fd || fd == s->syslog_fd); + assert(fd == s->native_fd || fd == s->syslog_fd || fd == s->audit_fd); if (revents != EPOLLIN) { log_error("Got invalid event from epoll for datagram fd: %"PRIx32, revents); @@ -1141,28 +1143,37 @@ int process_datagram(sd_event_source *es, int fd, uint32_t revents, void *userda CMSG_SPACE(sizeof(int)) + /* fd */ CMSG_SPACE(NAME_MAX)]; /* selinux label */ } control = {}; + union sockaddr_union sa = {}; struct msghdr msghdr = { .msg_iov = &iovec, .msg_iovlen = 1, .msg_control = &control, .msg_controllen = sizeof(control), + .msg_name = &sa, + .msg_namelen = sizeof(sa), }; ssize_t n; - int v; int *fds = NULL; unsigned n_fds = 0; + int v = 0; + size_t m; - if (ioctl(fd, SIOCINQ, &v) < 0) { - log_error("SIOCINQ failed: %m"); - return -errno; - } + /* Try to get the right size, if we can. (Not all + * sockets support SIOCINQ, hence we just try, but + * don't rely on it. */ + (void) ioctl(fd, SIOCINQ, &v); + + /* Fix it up, if it is too small. We use the same fixed value as auditd here. Awful!*/ + m = PAGE_ALIGN(MAX3((size_t) v + 1, + (size_t) LINE_MAX, + ALIGN(sizeof(struct nlmsghdr)) + ALIGN((size_t) MAX_AUDIT_MESSAGE_LENGTH)) + 1); - if (!GREEDY_REALLOC(s->buffer, s->buffer_size, LINE_MAX + (size_t) v)) + if (!GREEDY_REALLOC(s->buffer, s->buffer_size, m)) return log_oom(); iovec.iov_base = s->buffer; - iovec.iov_len = s->buffer_size; + iovec.iov_len = s->buffer_size - 1; /* Leave room for trailing NUL we add later */ n = recvmsg(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC); if (n < 0) { @@ -1194,20 +1205,30 @@ int process_datagram(sd_event_source *es, int fd, uint32_t revents, void *userda } } + /* And a trailing NUL, just in case */ + s->buffer[n] = 0; + if (fd == s->syslog_fd) { - if (n > 0 && n_fds == 0) { - s->buffer[n] = 0; + if (n > 0 && n_fds == 0) server_process_syslog_message(s, strstrip(s->buffer), ucred, tv, label, label_len); - } else if (n_fds > 0) + else if (n_fds > 0) log_warning("Got file descriptors via syslog socket. Ignoring."); - } else { + } else if (fd == s->native_fd) { if (n > 0 && n_fds == 0) server_process_native_message(s, s->buffer, n, ucred, tv, label, label_len); else if (n == 0 && n_fds == 1) server_process_native_file(s, fds[0], ucred, tv, label, label_len); else if (n_fds > 0) log_warning("Got too many file descriptors via native socket. Ignoring."); + + } else { + assert(fd == s->audit_fd); + + if (n > 0 && n_fds == 0) + server_process_audit_message(s, s->buffer, n, ucred, tv, &sa, msghdr.msg_namelen); + else if (n_fds > 0) + log_warning("Got file descriptors via audit socket. Ignoring."); } close_many(fds, n_fds); @@ -1221,9 +1242,11 @@ static int dispatch_sigusr1(sd_event_source *es, const struct signalfd_siginfo * log_info("Received request to flush runtime journal from PID %"PRIu32, si->ssi_pid); - touch("/run/systemd/journal/flushed"); server_flush_to_var(s); server_sync(s); + server_vacuum(s); + + touch("/run/systemd/journal/flushed"); return 0; } @@ -1449,7 +1472,7 @@ int server_init(Server *s) { assert(s); zero(*s); - s->syslog_fd = s->native_fd = s->stdout_fd = s->dev_kmsg_fd = s->hostname_fd = -1; + s->syslog_fd = s->native_fd = s->stdout_fd = s->dev_kmsg_fd = s->audit_fd = s->hostname_fd = -1; s->compress = true; s->seal = true; @@ -1482,7 +1505,7 @@ int server_init(Server *s) { mkdir_p("/run/systemd/journal", 0755); - s->user_journals = hashmap_new(NULL); + s->user_journals = ordered_hashmap_new(NULL); if (!s->user_journals) return log_oom(); @@ -1534,6 +1557,15 @@ int server_init(Server *s) { s->syslog_fd = fd; + } else if (sd_is_socket(fd, AF_NETLINK, SOCK_RAW, -1) > 0) { + + if (s->audit_fd >= 0) { + log_error("Too many audit sockets passed."); + return -EINVAL; + } + + s->audit_fd = fd; + } else { log_error("Unknown socket passed."); return -EINVAL; @@ -1556,6 +1588,10 @@ int server_init(Server *s) { if (r < 0) return r; + r = server_open_audit(s); + if (r < 0) + return r; + r = server_open_kernel_seqnum(s); if (r < 0) return r; @@ -1584,7 +1620,7 @@ int server_init(Server *s) { server_cache_boot_id(s); server_cache_machine_id(s); - r = system_journal_open(s); + r = system_journal_open(s, false); if (r < 0) return r; @@ -1602,7 +1638,7 @@ void server_maybe_append_tags(Server *s) { if (s->system_journal) journal_file_maybe_append_tag(s->system_journal, n); - HASHMAP_FOREACH(f, s->user_journals, i) + ORDERED_HASHMAP_FOREACH(f, s->user_journals, i) journal_file_maybe_append_tag(f, n); #endif } @@ -1620,15 +1656,16 @@ void server_done(Server *s) { if (s->runtime_journal) journal_file_close(s->runtime_journal); - while ((f = hashmap_steal_first(s->user_journals))) + while ((f = ordered_hashmap_steal_first(s->user_journals))) journal_file_close(f); - hashmap_free(s->user_journals); + ordered_hashmap_free(s->user_journals); sd_event_source_unref(s->syslog_event_source); sd_event_source_unref(s->native_event_source); sd_event_source_unref(s->stdout_event_source); sd_event_source_unref(s->dev_kmsg_event_source); + sd_event_source_unref(s->audit_event_source); sd_event_source_unref(s->sync_event_source); sd_event_source_unref(s->sigusr1_event_source); sd_event_source_unref(s->sigusr2_event_source); @@ -1641,6 +1678,7 @@ void server_done(Server *s) { safe_close(s->native_fd); safe_close(s->stdout_fd); safe_close(s->dev_kmsg_fd); + safe_close(s->audit_fd); safe_close(s->hostname_fd); if (s->rate_limit)