]> git.saurik.com Git - apple/syslog.git/blob - syslogd.tproj/daemon.c
projects / apple / syslog.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
syslog-377.60.2.tar.gz
[apple/syslog.git] / syslogd.tproj / daemon.c
1 /*
2 * Copyright (c) 2004-2012 Apple Inc. All rights reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 #include <TargetConditionals.h>
25 #include <sys/types.h>
26 #include <sys/socket.h>
27 #include <sys/un.h>
28 #include <sys/ucred.h>
29 #include <stdio.h>
30 #include <stdlib.h>
31 #include <string.h>
32 #include <unistd.h>
33 #include <netinet/in.h>
34 #include <arpa/inet.h>
35 #define SYSLOG_NAMES
36 #include <syslog.h>
37 #include <sys/fslog.h>
38 #include <pthread.h>
39 #include <mach/mach.h>
40 #include <libkern/OSAtomic.h>
41 #include <libproc.h>
42 #include <uuid/uuid.h>
43 #include <asl_private.h>
44 #include <os/transaction_private.h>
45 #include "daemon.h"
46
47 #define LIST_SIZE_DELTA 256
48 #define STATS_TABLE_SIZE 256
49
50 #define forever for(;;)
51
52 #define ASL_MSG_TYPE_MASK 0x0000000f
53 #define ASL_TYPE_ERROR 2
54
55 #define ASL_KEY_FACILITY "Facility"
56
57 #define FACILITY_USER "user"
58 #define FACILITY_CONSOLE "com.apple.console"
59 #define SYSTEM_RESERVED "com.apple.system"
60 #define SYSTEM_RESERVED_LEN 16
61
62 #define VERIFY_STATUS_OK 0
63 #define VERIFY_STATUS_INVALID_MESSAGE 1
64 #define VERIFY_STATUS_EXCEEDED_QUOTA 2
65
66 extern void disaster_message(asl_msg_t *m);
67 extern int asl_action_reset(void);
68 extern int asl_action_control_set_param(const char *s);
69
70 static char myname[MAXHOSTNAMELEN + 1] = {0};
71 static int name_change_token = -1;
72
73 static OSSpinLock count_lock = 0;
74
75 #if !TARGET_OS_EMBEDDED
76 static os_transaction_t main_transaction;
77 #endif
78
79 #define DEFAULT_MEMORY_MAX SYSLOGD_WORK_QUEUE_MEMORY
80
81 #define QUOTA_KERN_EXCEEDED_MESSAGE "*** kernel exceeded %d log message per second limit - remaining messages this second discarded ***"
82
83 #define DEFAULT_DB_FILE_MAX 25600000
84 #define DEFAULT_DB_MEMORY_MAX 256
85 #define DEFAULT_DB_MEMORY_STR_MAX 1024000
86 #define DEFAULT_MPS_LIMIT 500
87 #define DEFAULT_REMOTE_DELAY 5000
88 #define DEFAULT_BSD_MAX_DUP_SEC 30
89 #define DEFAULT_MARK_SEC 0
90 #define DEFAULT_UTMP_TTL_SEC 31622400
91 #define DEFAULT_STATS_INTERVAL 600
92
93 #define ASL_STATS_LEVEL 5
94
95 static time_t quota_time = 0;
96 static int32_t kern_quota;
97 static int32_t kern_level;
98
99 static const char *kern_notify_key[] =
100 {
101 "com.apple.system.log.kernel.emergency",
102 "com.apple.system.log.kernel.alert",
103 "com.apple.system.log.kernel.critical",
104 "com.apple.system.log.kernel.error",
105 "com.apple.system.log.kernel.warning",
106 "com.apple.system.log.kernel.notice",
107 "com.apple.system.log.kernel.info",
108 "com.apple.system.log.kernel.debug"
109 };
110
111 static int kern_notify_token[8] = {-1, -1, -1, -1, -1, -1, -1, -1};
112
113 static stats_table_t *
114 stats_table_new()
115 {
116 stats_table_t *t = (stats_table_t *)malloc(sizeof(stats_table_t));
117 if (t == NULL) return NULL;
118
119 t->bucket_count = STATS_TABLE_SIZE;
120 t->bucket = (sender_stats_t **)calloc(t->bucket_count, sizeof(sender_stats_t *));
121 if (t->bucket == NULL)
122 {
123 free(t);
124 return NULL;
125 }
126
127 t->mcount = 0;
128 t->shim_count = 0;
129
130 return t;
131 }
132
133 static asl_msg_t *
134 stats_table_final(stats_table_t *t)
135 {
136 uint32_t i;
137 asl_msg_t *msg;
138 char val[64];
139
140 if (t == NULL) return NULL;
141
142 msg = asl_msg_new(ASL_TYPE_MSG);
143 if (msg == NULL) return NULL;
144
145 asl_msg_set_key_val(msg, ASL_KEY_MSG, "ASL Sender Statistics");
146 asl_msg_set_key_val(msg, ASL_KEY_SENDER, "syslogd");
147 asl_msg_set_key_val(msg, ASL_KEY_FACILITY, "com.apple.asl.statistics");
148 snprintf(val, sizeof(val), "%d", global.pid);
149 asl_msg_set_key_val(msg, ASL_KEY_PID, val);
150 snprintf(val, sizeof(val), "%d", ASL_STATS_LEVEL);
151 asl_msg_set_key_val(msg, ASL_KEY_LEVEL, val);
152 snprintf(val, sizeof(val), "%u", t->mcount);
153 asl_msg_set_key_val(msg, "MsgCount", val);
154 snprintf(val, sizeof(val), "%u", t->shim_count);
155 asl_msg_set_key_val(msg, "ShimCount", val);
156
157 for (i = 0; i < t->bucket_count; i++)
158 {
159 sender_stats_t *s;
160 s = t->bucket[i];
161 while (s != NULL)
162 {
163 char val[64], *key = NULL;
164 sender_stats_t *n = s->next;
165
166 snprintf(val, sizeof(val), "%llu %llu", s->count, s->size);
167 asprintf(&key, "*%s", s->sender);
168 if (key != NULL) asl_msg_set_key_val(msg, key, val);
169 free(key);
170 free(s->sender);
171 free(s);
172 s = n;
173 }
174 }
175
176 free(t->bucket);
177 free(t);
178
179 return msg;
180 }
181
182 static void
183 stats_table_update(stats_table_t *t, const char *sender, uint64_t msg_size)
184 {
185 uint32_t i;
186 sender_stats_t *s;
187 uint8_t *p;
188
189 if (t == NULL) return;
190 if (sender == NULL) return;
191
192 /* hash */
193 i = 0;
194 for (p = (uint8_t *)sender; *p != '\0'; p++) i = (i << 1) ^ (i ^ *p);
195 i %= STATS_TABLE_SIZE;
196
197 for (s = t->bucket[i]; s != NULL; s = s->next)
198 {
199 if ((s->sender != NULL) && (strcmp(sender, s->sender) == 0))
200 {
201 s->count++;
202 s->size += msg_size;
203 return;
204 }
205 }
206
207 s = (sender_stats_t *)malloc(sizeof(sender_stats_t));
208 s->sender = strdup(sender);
209 if (s->sender == NULL)
210 {
211 free(s);
212 return;
213 }
214
215 s->count = 1;
216 s->size = msg_size;
217 s->next = t->bucket[i];
218 t->bucket[i] = s;
219 }
220
221 static uint32_t
222 kern_quota_check(time_t now, asl_msg_t *msg, uint32_t level)
223 {
224 char *str, lstr[2];
225
226 if (msg == NULL) return VERIFY_STATUS_INVALID_MESSAGE;
227 if (global.mps_limit == 0) return VERIFY_STATUS_OK;
228
229 if (quota_time != now)
230 {
231 kern_quota = global.mps_limit;
232 kern_level = 7;
233 quota_time = now;
234 }
235
236 if (level < kern_level) kern_level = level;
237 if (kern_quota > 0) kern_quota--;
238
239 if (kern_quota > 0) return VERIFY_STATUS_OK;
240 if (kern_quota < 0) return VERIFY_STATUS_EXCEEDED_QUOTA;
241
242 kern_quota = -1;
243
244 str = NULL;
245 asprintf(&str, QUOTA_KERN_EXCEEDED_MESSAGE, global.mps_limit);
246 if (str != NULL)
247 {
248 asl_msg_set_key_val(msg, ASL_KEY_MSG, str);
249 free(str);
250 lstr[0] = kern_level + '0';
251 lstr[1] = 0;
252 asl_msg_set_key_val(msg, ASL_KEY_LEVEL, lstr);
253 }
254
255 return VERIFY_STATUS_OK;
256 }
257
258 static void
259 stats_msg(const char *sender, time_t now, asl_msg_t *msg)
260 {
261 asl_msg_t *x;
262 uint64_t msize = 0;
263
264 /* flush stats after N seconds */
265 if ((global.stats_interval != 0) && ((now - global.stats_last) >= global.stats_interval) && (global.stats != NULL))
266 {
267 asl_msg_t *msg = stats_table_final(global.stats);
268 process_message(msg, SOURCE_INTERNAL);
269 global.stats = NULL;
270 global.stats_last = now;
271 }
272
273 if (global.stats == NULL) global.stats = stats_table_new();
274
275 for (x = msg; x != NULL; x = x->next) msize += x->mem_size;
276
277 const char *shim_vers = asl_msg_get_val_for_key(msg, "ASLSHIM");
278 global.stats->mcount++;
279 if (shim_vers != NULL) global.stats->shim_count++;
280
281 /* update count and total size - total and for this sender */
282 stats_table_update(global.stats, "*", msize);
283 stats_table_update(global.stats, sender, msize);
284 }
285
286 static const char *
287 whatsmyhostname()
288 {
289 static dispatch_once_t once;
290 int check, status;
291
292 if (global.hostname != NULL) return global.hostname;
293
294 dispatch_once(&once, ^{
295 snprintf(myname, sizeof(myname), "%s", "localhost");
296 notify_register_check(kNotifySCHostNameChange, &name_change_token);
297 });
298
299 check = 1;
300 status = 0;
301
302 if (name_change_token >= 0) status = notify_check(name_change_token, &check);
303
304 if ((status == 0) && (check == 0)) return (const char *)myname;
305
306 if (gethostname(myname, MAXHOSTNAMELEN) < 0)
307 {
308 snprintf(myname, sizeof(myname), "%s", "localhost");
309 }
310 else
311 {
312 char *dot;
313 dot = strchr(myname, '.');
314 if (dot != NULL) *dot = '\0';
315 }
316
317 return (const char *)myname;
318 }
319
320 void
321 asl_client_count_increment()
322 {
323 OSSpinLockLock(&count_lock);
324
325 #if !TARGET_OS_EMBEDDED
326 if (global.client_count == 0) main_transaction = os_transaction_create("com.apple.syslogd");
327 #endif
328 global.client_count++;
329
330 OSSpinLockUnlock(&count_lock);
331 }
332
333 void
334 asl_client_count_decrement()
335 {
336 OSSpinLockLock(&count_lock);
337
338 if (global.client_count > 0) global.client_count--;
339 #if !TARGET_OS_EMBEDDED
340 if (global.client_count == 0) os_release(main_transaction);
341 #endif
342
343 OSSpinLockUnlock(&count_lock);
344 }
345
346 /*
347 * Checks message content and sets attributes as required
348 *
349 * SOURCE_INTERNAL log messages sent by syslogd itself
350 * SOURCE_ASL_SOCKET legacy asl(3) TCP socket
351 * SOURCE_BSD_SOCKET legacy syslog(3) UDP socket
352 * SOURCE_UDP_SOCKET from the network
353 * SOURCE_KERN from the kernel
354 * SOURCE_ASL_MESSAGE mach messages sent from Libc by asl(3) and syslog(3)
355 * SOURCE_LAUNCHD forwarded from launchd
356 */
357
358 static uint32_t
359 aslmsg_verify(asl_msg_t *msg, uint32_t source, int32_t *kern_post_level, uid_t *uid_out)
360 {
361 const char *val, *fac, *ruval, *rgval, *sval = NULL;
362 char buf[64];
363 time_t tick, now;
364 uid_t uid;
365 gid_t gid;
366 uint32_t status, level, fnum;
367 pid_t pid;
368 uuid_string_t ustr;
369 struct proc_uniqidentifierinfo pinfo;
370
371 if (msg == NULL) return VERIFY_STATUS_INVALID_MESSAGE;
372
373 /* Time */
374 now = time(NULL);
375
376 if (kern_post_level != NULL) *kern_post_level = -1;
377 if (uid_out != NULL) *uid_out = -2;
378
379 /* PID */
380 pid = 0;
381
382 val = asl_msg_get_val_for_key(msg, ASL_KEY_PID);
383 if (val == NULL) asl_msg_set_key_val(msg, ASL_KEY_PID, "0");
384 else pid = (pid_t)atoi(val);
385
386 /* if PID is 1 (launchd), use the RefPID and RefProc provided */
387 if (pid == 1)
388 {
389 val = asl_msg_get_val_for_key(msg, ASL_KEY_REF_PID);
390 if (val != NULL) pid = (pid_t)atoi(val);
391
392 sval = asl_msg_get_val_for_key(msg, ASL_KEY_REF_PROC);
393 }
394
395 /* Level */
396 val = asl_msg_get_val_for_key(msg, ASL_KEY_LEVEL);
397 level = ASL_LEVEL_DEBUG;
398 if (source == SOURCE_KERN) level = ASL_LEVEL_NOTICE;
399
400 if ((val != NULL) && (val[1] == '\0') && (val[0] >= '0') && (val[0] <= '7')) level = val[0] - '0';
401 snprintf(buf, sizeof(buf), "%d", level);
402 asl_msg_set_key_val(msg, ASL_KEY_LEVEL, buf);
403
404
405 /* check kernel quota if enabled and no processes are watching */
406 if ((pid == 0) && (global.mps_limit > 0) && (global.watchers_active == 0))
407 {
408 status = kern_quota_check(now, msg, level);
409 if (status != VERIFY_STATUS_OK) return status;
410 }
411
412 if (pid != 0)
413 {
414 /* set Sender_Mach_UUID */
415 uuid_clear(pinfo.p_uuid);
416 if (proc_pidinfo(pid, PROC_PIDUNIQIDENTIFIERINFO, 1, &pinfo, sizeof(pinfo)) == sizeof(pinfo))
417 {
418 uuid_unparse(pinfo.p_uuid, ustr);
419 asl_msg_set_key_val(msg, ASL_KEY_SENDER_MACH_UUID, ustr);
420 }
421 }
422
423 tick = 0;
424 val = asl_msg_get_val_for_key(msg, ASL_KEY_TIME);
425 if (val != NULL) tick = asl_core_parse_time(val, NULL);
426
427 /* Set time to now if it is unset or from the future (not allowed!) */
428 if ((tick == 0) || (tick > now)) tick = now;
429
430 /* Canonical form: seconds since the epoch */
431 snprintf(buf, sizeof(buf) - 1, "%llu", (unsigned long long) tick);
432 asl_msg_set_key_val(msg, ASL_KEY_TIME, buf);
433
434 /* Host */
435 val = asl_msg_get_val_for_key(msg, ASL_KEY_HOST);
436 if (val == NULL) asl_msg_set_key_val(msg, ASL_KEY_HOST, whatsmyhostname());
437
438 /* UID & GID */
439 uid = -2;
440 val = asl_msg_get_val_for_key(msg, ASL_KEY_UID);
441 if (val == NULL)
442 {
443 asl_msg_set_key_val(msg, ASL_KEY_UID, "-2");
444 }
445 else
446 {
447 uid = atoi(val);
448 if ((uid == 0) && strcmp(val, "0"))
449 {
450 uid = -2;
451 asl_msg_set_key_val(msg, ASL_KEY_UID, "-2");
452 }
453 }
454
455 gid = -2;
456 val = asl_msg_get_val_for_key(msg, ASL_KEY_GID);
457 if (val == NULL)
458 {
459 asl_msg_set_key_val(msg, ASL_KEY_GID, "-2");
460 }
461 else
462 {
463 gid = atoi(val);
464 if ((gid == 0) && strcmp(val, "0"))
465 {
466 gid = -2;
467 asl_msg_set_key_val(msg, ASL_KEY_GID, "-2");
468 }
469 }
470
471 switch (source)
472 {
473 case SOURCE_KERN:
474 case SOURCE_INTERNAL:
475 {
476 uid = 0;
477 asl_msg_set_key_val(msg, ASL_KEY_UID, "0");
478
479 gid = 0;
480 asl_msg_set_key_val(msg, ASL_KEY_GID, "0");
481
482 break;
483 }
484 case SOURCE_ASL_MESSAGE:
485 case SOURCE_LAUNCHD:
486 {
487 break;
488 }
489 default:
490 {
491 /* do not trust the UID 0 or GID 0 or 80 in SOURCE_BSD_SOCKET or SOURCE_UNKNOWN */
492 if (uid == 0)
493 {
494 uid = -2;
495 asl_msg_set_key_val(msg, ASL_KEY_UID, "-2");
496 }
497
498 if ((gid == 0) || (gid == 80))
499 {
500 gid = -2;
501 asl_msg_set_key_val(msg, ASL_KEY_GID, "-2");
502 }
503 }
504 }
505
506 if (uid_out != NULL) *uid_out = uid;
507
508 /* Sender */
509 if (sval == NULL) sval = asl_msg_get_val_for_key(msg, ASL_KEY_SENDER);
510 if (sval == NULL)
511 {
512 switch (source)
513 {
514 case SOURCE_KERN:
515 {
516 sval = "kernel";
517 asl_msg_set_key_val(msg, ASL_KEY_SENDER, sval);
518 break;
519 }
520 case SOURCE_INTERNAL:
521 {
522 sval = "syslogd";
523 asl_msg_set_key_val(msg, ASL_KEY_SENDER, sval);
524 break;
525 }
526 default:
527 {
528 asl_msg_set_key_val(msg, ASL_KEY_SENDER, "Unknown");
529 }
530 }
531 }
532 else if ((source != SOURCE_KERN) && (uid != 0) && (!strcmp(sval, "kernel")))
533 {
534 /* allow UID 0 to send messages with "Sender kernel", but nobody else */
535 asl_msg_set_key_val(msg, ASL_KEY_SENDER, "Unknown");
536 sval = NULL;
537 }
538
539 /* Facility */
540 fac = asl_msg_get_val_for_key(msg, ASL_KEY_FACILITY);
541 if (fac == NULL)
542 {
543 if (source == SOURCE_KERN) fac = "kern";
544 else fac = "user";
545 asl_msg_set_key_val(msg, ASL_KEY_FACILITY, fac);
546 }
547 else if (fac[0] == '#')
548 {
549 fnum = LOG_USER;
550 if ((fac[1] >= '0') && (fac[1] <= '9'))
551 {
552 fnum = atoi(fac + 1) << 3;
553 if ((fnum == 0) && (strcmp(fac + 1, "0"))) fnum = LOG_USER;
554 }
555
556 fac = asl_syslog_faciliy_num_to_name(fnum);
557 asl_msg_set_key_val(msg, ASL_KEY_FACILITY, fac);
558 }
559 else if (!strncmp(fac, SYSTEM_RESERVED, SYSTEM_RESERVED_LEN))
560 {
561 /* only UID 0 may use "com.apple.system" */
562 if (uid != 0) asl_msg_set_key_val(msg, ASL_KEY_FACILITY, FACILITY_USER);
563 }
564
565 /*
566 * kernel messages are only readable by root and admin group.
567 * all other messages are admin-only readable unless they already
568 * have specific read access controls set.
569 */
570 if (source == SOURCE_KERN)
571 {
572 asl_msg_set_key_val(msg, ASL_KEY_READ_UID, "0");
573 asl_msg_set_key_val(msg, ASL_KEY_READ_GID, "80");
574 }
575 else
576 {
577 ruval = asl_msg_get_val_for_key(msg, ASL_KEY_READ_UID);
578 rgval = asl_msg_get_val_for_key(msg, ASL_KEY_READ_GID);
579
580 if ((ruval == NULL) && (rgval == NULL))
581 {
582 asl_msg_set_key_val(msg, ASL_KEY_READ_GID, "80");
583 }
584 }
585
586 /* Set DB Expire Time for com.apple.system.utmpx and lastlog */
587 if ((!strcmp(fac, "com.apple.system.utmpx")) || (!strcmp(fac, "com.apple.system.lastlog")))
588 {
589 snprintf(buf, sizeof(buf), "%llu", (unsigned long long) tick + global.utmp_ttl);
590 asl_msg_set_key_val(msg, ASL_KEY_EXPIRE_TIME, buf);
591 }
592
593 /*
594 * special case handling of kernel disaster messages
595 */
596 if ((source == SOURCE_KERN) && (level <= KERN_DISASTER_LEVEL))
597 {
598 if (kern_post_level != NULL) *kern_post_level = level;
599 disaster_message(msg);
600 }
601
602 /*
603 * gather sender stats
604 */
605 if (source != SOURCE_INTERNAL) stats_msg(sval, now, msg);
606
607 return VERIFY_STATUS_OK;
608 }
609
610 void
611 list_append_msg(asl_msg_list_t *list, asl_msg_t *msg)
612 {
613 if (list == NULL) return;
614 if (msg == NULL) return;
615
616 /*
617 * NB: curr is the list size
618 * grow list if necessary
619 */
620 if (list->count == list->curr)
621 {
622 if (list->curr == 0)
623 {
624 list->msg = (asl_msg_t **)calloc(LIST_SIZE_DELTA, sizeof(asl_msg_t *));
625 }
626 else
627 {
628 list->msg = (asl_msg_t **)reallocf(list->msg, (list->curr + LIST_SIZE_DELTA) * sizeof(asl_msg_t *));
629 }
630
631 if (list->msg == NULL)
632 {
633 list->curr = 0;
634 list->count = 0;
635 return;
636 }
637
638 list->curr += LIST_SIZE_DELTA;
639 }
640
641 list->msg[list->count] = (asl_msg_t *)msg;
642 list->count++;
643 }
644
645 void
646 init_globals(void)
647 {
648 asl_out_rule_t *r;
649
650 OSSpinLockLock(&global.lock);
651
652 global.pid = getpid();
653 global.debug = 0;
654 free(global.debug_file);
655 global.debug_file = NULL;
656 global.launchd_enabled = 1;
657
658 #if TARGET_OS_EMBEDDED
659 global.dbtype = DB_TYPE_MEMORY;
660 #else
661 global.dbtype = DB_TYPE_FILE;
662 #endif
663 global.db_file_max = DEFAULT_DB_FILE_MAX;
664 global.db_memory_max = DEFAULT_DB_MEMORY_MAX;
665 global.db_memory_str_max = DEFAULT_DB_MEMORY_STR_MAX;
666 global.mps_limit = DEFAULT_MPS_LIMIT;
667 global.remote_delay_time = DEFAULT_REMOTE_DELAY;
668 global.bsd_max_dup_time = DEFAULT_BSD_MAX_DUP_SEC;
669 global.mark_time = DEFAULT_MARK_SEC;
670 global.utmp_ttl = DEFAULT_UTMP_TTL_SEC;
671 global.memory_max = DEFAULT_MEMORY_MAX;
672 global.stats_interval = DEFAULT_STATS_INTERVAL;
673
674 global.asl_out_module = asl_out_module_init();
675 OSSpinLockUnlock(&global.lock);
676
677 if (global.asl_out_module != NULL)
678 {
679 for (r = global.asl_out_module->ruleset; r != NULL; r = r->next)
680 {
681 if ((r->action == ACTION_SET_PARAM) && (r->query == NULL) && (!strncmp(r->options, "debug", 5))) control_set_param(r->options, true);
682 }
683 }
684 }
685
686 /*
687 * Used to set config parameters.
688 * Line format "= name value"
689 */
690 int
691 control_set_param(const char *s, bool eval)
692 {
693 char **l;
694 uint32_t intval, count, v32a, v32b, v32c;
695
696 if (s == NULL) return -1;
697 if (s[0] == '\0') return 0;
698
699 /* skip '=' and whitespace */
700 if (*s == '=') s++;
701 while ((*s == ' ') || (*s == '\t')) s++;
702
703 l = explode(s, " \t");
704 if (l == NULL) return -1;
705
706 for (count = 0; l[count] != NULL; count++);
707
708 /* name is required */
709 if (count == 0)
710 {
711 free_string_list(l);
712 return -1;
713 }
714
715 /* Check variables that allow 0 or 1 / boolean */
716 if (!strcasecmp(l[0], "debug"))
717 {
718 /* = debug [0|1] [file] */
719 if (count == 1)
720 {
721 intval = (eval) ? 1 : 0;
722 config_debug(intval, NULL);
723 }
724 else if (!strcmp(l[1], "0"))
725 {
726 config_debug(0, l[2]);
727 }
728 else if (!strcmp(l[1], "1"))
729 {
730 config_debug(1, l[2]);
731 }
732 else
733 {
734 intval = (eval) ? 1 : 0;
735 config_debug(intval, l[1]);
736 }
737
738 free_string_list(l);
739 return 0;
740 }
741
742 /* value is required */
743 if (count == 1)
744 {
745 free_string_list(l);
746 return -1;
747 }
748
749 if (!strcasecmp(l[0], "hostname"))
750 {
751 /* = hostname name */
752 OSSpinLockLock(&global.lock);
753 if (eval)
754 {
755 global.hostname = strdup(l[1]);
756 }
757 else
758 {
759 free(global.hostname);
760 global.hostname = NULL;
761 }
762 OSSpinLockUnlock(&global.lock);
763 }
764 else if (!strcasecmp(l[0], "mark_time"))
765 {
766 /* = mark_time seconds */
767 OSSpinLockLock(&global.lock);
768 if (eval) global.mark_time = atoll(l[1]);
769 else global.mark_time = 0;
770 OSSpinLockUnlock(&global.lock);
771 }
772 else if (!strcasecmp(l[0], "dup_delay"))
773 {
774 /* = bsd_max_dup_time seconds */
775 OSSpinLockLock(&global.lock);
776 if (eval) global.bsd_max_dup_time = atoll(l[1]);
777 else global.bsd_max_dup_time = DEFAULT_BSD_MAX_DUP_SEC;
778 OSSpinLockUnlock(&global.lock);
779 }
780 else if (!strcasecmp(l[0], "remote_delay"))
781 {
782 /* = remote_delay microseconds */
783 OSSpinLockLock(&global.lock);
784 if (eval) global.remote_delay_time = atol(l[1]);
785 else global.remote_delay_time = DEFAULT_REMOTE_DELAY;
786 OSSpinLockUnlock(&global.lock);
787 }
788 else if (!strcasecmp(l[0], "utmp_ttl"))
789 {
790 /* = utmp_ttl seconds */
791 OSSpinLockLock(&global.lock);
792 if (eval) global.utmp_ttl = (time_t)atoll(l[1]);
793 else global.utmp_ttl = DEFAULT_UTMP_TTL_SEC;
794 OSSpinLockUnlock(&global.lock);
795 }
796 else if (!strcasecmp(l[0], "mps_limit"))
797 {
798 /* = mps_limit number */
799 OSSpinLockLock(&global.lock);
800 if (eval) global.mps_limit = (uint32_t)atol(l[1]);
801 else global.mps_limit = DEFAULT_MPS_LIMIT;
802 OSSpinLockUnlock(&global.lock);
803 }
804 else if (!strcasecmp(l[0], "memory_max"))
805 {
806 /* = memory_max number */
807 OSSpinLockLock(&global.lock);
808 if (eval) global.memory_max = (int64_t)atoll(l[1]);
809 else global.memory_max = DEFAULT_MEMORY_MAX;
810 OSSpinLockUnlock(&global.lock);
811 }
812 else if (!strcasecmp(l[0], "stats_interval"))
813 {
814 /* = stats_interval number */
815 OSSpinLockLock(&global.lock);
816 if (eval) global.stats_interval = (time_t)atoll(l[1]);
817 else global.stats_interval = DEFAULT_STATS_INTERVAL;
818 OSSpinLockUnlock(&global.lock);
819 }
820 else if (!strcasecmp(l[0], "max_file_size"))
821 {
822 /* = max_file_size bytes */
823 pthread_mutex_lock(global.db_lock);
824
825 if (global.dbtype & DB_TYPE_FILE)
826 {
827 asl_store_close(global.file_db);
828 global.file_db = NULL;
829 if (eval) global.db_file_max = atoi(l[1]);
830 else global.db_file_max = DEFAULT_DB_FILE_MAX;
831 }
832
833 pthread_mutex_unlock(global.db_lock);
834 }
835 else if ((!strcasecmp(l[0], "db")) || (!strcasecmp(l[0], "database")) || (!strcasecmp(l[0], "datastore")))
836 {
837 /* NB this is private / unpublished */
838 /* = db type [max]... */
839 if (eval)
840 {
841 v32a = 0;
842 v32b = 0;
843 v32c = 0;
844
845 if ((l[1][0] >= '0') && (l[1][0] <= '9'))
846 {
847 intval = atoi(l[1]);
848 if ((count >= 3) && (strcmp(l[2], "-"))) v32a = atoi(l[2]);
849 if ((count >= 4) && (strcmp(l[3], "-"))) v32b = atoi(l[3]);
850 if ((count >= 5) && (strcmp(l[4], "-"))) v32c = atoi(l[4]);
851 }
852 else if (!strcasecmp(l[1], "file"))
853 {
854 intval = DB_TYPE_FILE;
855 if ((count >= 3) && (strcmp(l[2], "-"))) v32a = atoi(l[2]);
856 }
857 else if (!strncasecmp(l[1], "mem", 3))
858 {
859 intval = DB_TYPE_MEMORY;
860 if ((count >= 3) && (strcmp(l[2], "-"))) v32b = atoi(l[2]);
861 }
862 else
863 {
864 free_string_list(l);
865 return -1;
866 }
867
868 if (v32a == 0) v32a = global.db_file_max;
869 if (v32b == 0) v32b = global.db_memory_max;
870 if (v32c == 0) v32c = global.db_memory_str_max;
871
872 config_data_store(intval, v32a, v32b, v32c);
873 }
874 else
875 {
876 #if TARGET_OS_EMBEDDED
877 intval = DB_TYPE_MEMORY;
878 #else
879 intval = DB_TYPE_FILE;
880 #endif
881 config_data_store(intval, DEFAULT_DB_FILE_MAX, DEFAULT_DB_MEMORY_MAX, DEFAULT_DB_MEMORY_STR_MAX);
882 }
883 }
884
885 free_string_list(l);
886 return 0;
887 }
888
889 static int
890 control_message(asl_msg_t *msg)
891 {
892 const char *str = asl_msg_get_val_for_key(msg, ASL_KEY_MSG);
893
894 if (str == NULL) return 0;
895
896 if (!strncmp(str, "= reset", 7))
897 {
898 init_globals();
899 return asl_action_reset();
900 }
901 else if (!strncmp(str, "= crash", 7))
902 {
903 abort();
904 }
905 else if (!strncmp(str, "@ ", 2))
906 {
907 return asl_action_control_set_param(str);
908 }
909 else if (!strncmp(str, "= ", 2))
910 {
911 return control_set_param(str, true);
912 }
913
914 return 0;
915 }
916
917 void
918 process_message(asl_msg_t *msg, uint32_t source)
919 {
920 int64_t msize = 0;
921 static bool wq_draining = false;
922 bool is_control = false;
923 asl_msg_t *x;
924
925 if (msg == NULL) return;
926
927 is_control = asl_check_option(msg, ASL_OPT_CONTROL) != 0;
928
929 if ((!is_control) && wq_draining)
930 {
931 if (global.memory_size >= (global.memory_max / 2))
932 {
933 asldebug("Work queue draining: dropped message.\n");
934 asl_msg_release(msg);
935 return;
936 }
937 else
938 {
939 asldebug("Work queue re-enabled at 1/2 max. size %lld max %lld\n", global.memory_size, global.memory_max);
940 wq_draining = false;
941 }
942 }
943
944 os_transaction_t transaction = os_transaction_create("com.apple.syslogd.message");
945
946 for (x = msg; x != NULL; x = x->next) msize += x->mem_size;
947
948 if ((global.memory_size + msize) >= global.memory_max)
949 {
950 char str[256];
951
952 wq_draining = true;
953 asl_msg_release(msg);
954
955 asldebug("Work queue disabled. msize %lld size %lld max %lld\n", msize, global.memory_size + msize, global.memory_max);
956 snprintf(str, sizeof(str), "[Sender syslogd] [Level 2] [PID %u] [Message Internal memory size limit %lld exceeded - dropping messages] [UID 0] [UID 0] [Facility syslog]", global.pid, global.memory_max);
957 msg = asl_msg_from_string(str);
958 }
959
960 OSAtomicAdd64(msize, &global.memory_size);
961 OSAtomicIncrement32(&global.work_queue_count);
962
963 dispatch_async(global.work_queue, ^{
964 int32_t kplevel;
965 uint32_t status;
966 uid_t uid;
967
968 kplevel = -1;
969 uid = -2;
970
971 status = aslmsg_verify(msg, source, &kplevel, &uid);
972 if (status == VERIFY_STATUS_OK)
973 {
974 if ((source == SOURCE_KERN) && (kplevel >= 0))
975 {
976 if (kplevel > 7) kplevel = 7;
977 if (kern_notify_token[kplevel] < 0)
978 {
979 status = notify_register_plain(kern_notify_key[kplevel], &(kern_notify_token[kplevel]));
980 if (status != 0) asldebug("notify_register_plain(%s) failed status %u\n", status);
981 }
982
983 notify_post(kern_notify_key[kplevel]);
984 }
985
986 if ((uid == 0) && is_control) control_message(msg);
987
988 /*
989 * Send message to output module chain (asl is first).
990 * The last module in the chain will decrement global.memory_size.
991 */
992 asl_out_message(msg, msize);
993 }
994 else
995 {
996 OSAtomicAdd64(-1ll * msize, &global.memory_size);
997 }
998
999 asl_msg_release(msg);
1000
1001 OSAtomicDecrement32(&global.work_queue_count);
1002 os_release(transaction);
1003 });
1004 }
1005
1006 int
1007 internal_log_message(const char *str)
1008 {
1009 asl_msg_t *msg;
1010
1011 if (str == NULL) return 1;
1012
1013 msg = asl_msg_from_string(str);
1014 if (msg == NULL) return 1;
1015
1016 process_message(msg, SOURCE_INTERNAL);
1017
1018 return 0;
1019 }
1020
1021 int
1022 asldebug(const char *str, ...)
1023 {
1024 va_list v;
1025 FILE *dfp = NULL;
1026
1027 if (global.debug == 0) return 0;
1028
1029 if (global.debug_file == NULL) dfp = fopen(_PATH_SYSLOGD_LOG, "a");
1030 else dfp = fopen(global.debug_file, "a");
1031 if (dfp == NULL) return 0;
1032
1033 va_start(v, str);
1034 fprintf(dfp, "W %d %llu", global.work_queue_count, global.memory_size);
1035 if (global.memory_db != NULL) fprintf(dfp, " M %u %u %lu", global.memory_db->record_count, global.memory_db->string_count, global.memory_db->curr_string_mem);
1036 fprintf(dfp, " ; ");
1037 vfprintf(dfp, str, v);
1038 va_end(v);
1039
1040 fclose(dfp);
1041
1042 return 0;
1043 }
1044
1045 void
1046 asl_mark(void)
1047 {
1048 char *str = NULL;
1049
1050 asprintf(&str, "[Sender syslogd] [Level 6] [PID %u] [Message -- MARK --] [UID 0] [UID 0] [Facility syslog]", global.pid);
1051 internal_log_message(str);
1052 free(str);
1053 }
1054
1055 asl_msg_t *
1056 asl_syslog_input_convert(const char *in, int len, char *rhost, uint32_t source)
1057 {
1058 int pf, pri, index, n;
1059 char *p, *colon, *brace, *space, *tmp, *tval, *hval, *sval, *pval, *mval;
1060 char prival[8];
1061 const char *fval;
1062 asl_msg_t *msg;
1063 struct tm time;
1064 time_t tick;
1065
1066 if (in == NULL) return NULL;
1067 if (len <= 0) return NULL;
1068
1069 pri = LOG_DEBUG;
1070 if (source == SOURCE_KERN) pri = LOG_NOTICE;
1071
1072 tval = NULL;
1073 hval = NULL;
1074 sval = NULL;
1075 pval = NULL;
1076 mval = NULL;
1077 fval = NULL;
1078
1079 index = 0;
1080 p = (char *)in;
1081
1082 /* skip leading whitespace */
1083 while ((index < len) && ((*p == ' ') || (*p == '\t')))
1084 {
1085 p++;
1086 index++;
1087 }
1088
1089 if (index >= len) return NULL;
1090
1091 /* parse "<NN>" priority (level and facility) */
1092 if (*p == '<')
1093 {
1094 p++;
1095 index++;
1096
1097 n = sscanf(p, "%d", &pf);
1098 if (n == 1)
1099 {
1100 pri = pf & 0x7;
1101 if (pf > 0x7) fval = asl_syslog_faciliy_num_to_name(pf & LOG_FACMASK);
1102 }
1103
1104 while ((index < len) && (*p != '>'))
1105 {
1106 p++;
1107 index++;
1108 }
1109
1110 if (index < len)
1111 {
1112 p++;
1113 index++;
1114 }
1115 }
1116
1117 snprintf(prival, sizeof(prival), "%d", pri);
1118
1119 /* check if a timestamp is included */
1120 if (((len - index) > 15) && (p[9] == ':') && (p[12] == ':') && (p[15] == ' '))
1121 {
1122 tmp = malloc(16);
1123 if (tmp == NULL) return NULL;
1124
1125 memcpy(tmp, p, 15);
1126 tmp[15] = '\0';
1127
1128 tick = asl_core_parse_time(tmp, NULL);
1129 if (tick == (time_t)-1)
1130 {
1131 tval = tmp;
1132 }
1133 else
1134 {
1135 free(tmp);
1136 gmtime_r(&tick, &time);
1137 asprintf(&tval, "%d.%02d.%02d %02d:%02d:%02d UTC", time.tm_year + 1900, time.tm_mon + 1, time.tm_mday, time.tm_hour, time.tm_min, time.tm_sec);
1138 }
1139
1140 p += 16;
1141 index += 16;
1142 }
1143
1144 /* stop here for kernel messages */
1145 if (source == SOURCE_KERN)
1146 {
1147 msg = asl_msg_new(ASL_TYPE_MSG);
1148 if (msg == NULL) return NULL;
1149
1150 asl_msg_set_key_val(msg, ASL_KEY_MSG, p);
1151 asl_msg_set_key_val(msg, ASL_KEY_LEVEL, prival);
1152 asl_msg_set_key_val(msg, ASL_KEY_PID, "0");
1153
1154 return msg;
1155 }
1156
1157 /* if message is from a network socket, hostname follows */
1158 if (source == SOURCE_UDP_SOCKET)
1159 {
1160 space = strchr(p, ' ');
1161 if (space != NULL)
1162 {
1163 n = space - p;
1164 hval = malloc(n + 1);
1165 if (hval == NULL) return NULL;
1166
1167 memcpy(hval, p, n);
1168 hval[n] = '\0';
1169
1170 p = space + 1;
1171 index += (n + 1);
1172 }
1173 }
1174
1175 colon = strchr(p, ':');
1176 brace = strchr(p, '[');
1177
1178 /* check for "sender:" or sender[pid]:" */
1179 if (colon != NULL)
1180 {
1181 if ((brace != NULL) && (brace < colon))
1182 {
1183 n = brace - p;
1184 sval = malloc(n + 1);
1185 if (sval == NULL) return NULL;
1186
1187 memcpy(sval, p, n);
1188 sval[n] = '\0';
1189
1190 n = colon - (brace + 1) - 1;
1191 pval = malloc(n + 1);
1192 if (pval == NULL) return NULL;
1193
1194 memcpy(pval, (brace + 1), n);
1195 pval[n] = '\0';
1196 }
1197 else
1198 {
1199 n = colon - p;
1200 sval = malloc(n + 1);
1201 if (sval == NULL) return NULL;
1202
1203 memcpy(sval, p, n);
1204 sval[n] = '\0';
1205 }
1206
1207 n = colon - p;
1208 p = colon + 1;
1209 index += (n + 1);
1210 }
1211
1212 if (*p == ' ')
1213 {
1214 p++;
1215 index++;
1216 }
1217
1218 n = len - index;
1219 if (n > 0)
1220 {
1221 mval = malloc(n + 1);
1222 if (mval == NULL) return NULL;
1223
1224 memcpy(mval, p, n);
1225 mval[n] = '\0';
1226 }
1227
1228 if (fval == NULL) fval = asl_syslog_faciliy_num_to_name(LOG_USER);
1229
1230 msg = asl_msg_new(ASL_TYPE_MSG);
1231 if (msg == NULL) return NULL;
1232
1233 if (tval != NULL)
1234 {
1235 asl_msg_set_key_val(msg, ASL_KEY_TIME, tval);
1236 free(tval);
1237 }
1238
1239 if (fval != NULL) asl_msg_set_key_val(msg, "Facility", fval);
1240 else asl_msg_set_key_val(msg, "Facility", "user");
1241
1242 if (sval != NULL)
1243 {
1244 asl_msg_set_key_val(msg, ASL_KEY_SENDER, sval);
1245 free(sval);
1246 }
1247
1248 if (pval != NULL)
1249 {
1250 asl_msg_set_key_val(msg, ASL_KEY_PID, pval);
1251 free(pval);
1252 }
1253 else
1254 {
1255 asl_msg_set_key_val(msg, ASL_KEY_PID, "-1");
1256 }
1257
1258 if (mval != NULL)
1259 {
1260 asl_msg_set_key_val(msg, ASL_KEY_MSG, mval);
1261 free(mval);
1262 }
1263
1264 asl_msg_set_key_val(msg, ASL_KEY_LEVEL, prival);
1265 asl_msg_set_key_val(msg, ASL_KEY_UID, "-2");
1266 asl_msg_set_key_val(msg, ASL_KEY_GID, "-2");
1267
1268 if (hval != NULL)
1269 {
1270 asl_msg_set_key_val(msg, ASL_KEY_HOST, hval);
1271 free(hval);
1272 }
1273 else if (rhost != NULL)
1274 {
1275 asl_msg_set_key_val(msg, ASL_KEY_HOST, rhost);
1276 }
1277
1278 return msg;
1279 }
1280
1281 asl_msg_t *
1282 asl_input_parse(const char *in, int len, char *rhost, uint32_t source)
1283 {
1284 asl_msg_t *msg;
1285 int status, x, legacy, off;
1286
1287 asldebug("asl_input_parse: %s\n", (in == NULL) ? "NULL" : in);
1288
1289 if (in == NULL) return NULL;
1290
1291 legacy = 1;
1292 msg = NULL;
1293
1294 /* calculate length if not provided */
1295 if (len == 0) len = strlen(in);
1296
1297 /*
1298 * Determine if the input is "old" syslog format or new ASL format.
1299 * Old format lines should start with "<", but they can just be straight text.
1300 * ASL input may start with a length (10 bytes) followed by a space and a '['.
1301 * The length is optional, so ASL messages may also just start with '['.
1302 */
1303 if ((in[0] != '<') && (len > 11))
1304 {
1305 status = sscanf(in, "%d ", &x);
1306 if ((status == 1) && (in[10] == ' ') && (in[11] == '[')) legacy = 0;
1307 }
1308
1309 if (legacy == 1) return asl_syslog_input_convert(in, len, rhost, source);
1310
1311 off = 11;
1312 if (in[0] == '[') off = 0;
1313
1314 msg = asl_msg_from_string(in + off);
1315 if (msg == NULL) return NULL;
1316
1317 if (rhost != NULL) asl_msg_set_key_val(msg, ASL_KEY_HOST, rhost);
1318
1319 return msg;
1320 }
1321
1322 #if !TARGET_OS_SIMULATOR
1323 void
1324 launchd_callback(struct timeval *when, pid_t from_pid, pid_t about_pid, uid_t sender_uid, gid_t sender_gid, int priority, const char *from_name, const char *about_name, const char *session_name, const char *msg)
1325 {
1326 asl_msg_t *m;
1327 char str[256];
1328 time_t now;
1329
1330 if (global.launchd_enabled == 0) return;
1331
1332 /*
1333 asldebug("launchd_callback Time %lu %lu PID %u RefPID %u UID %d GID %d PRI %d Sender %s Ref %s Session %s Message %s\n",
1334 when->tv_sec, when->tv_usec, from_pid, about_pid, sender_uid, sender_gid, priority, from_name, about_name, session_name, msg);
1335 */
1336
1337 m = asl_msg_new(ASL_TYPE_MSG);
1338 if (m == NULL) return;
1339
1340 /* Level */
1341 if (priority < ASL_LEVEL_EMERG) priority = ASL_LEVEL_EMERG;
1342 if (priority > ASL_LEVEL_DEBUG) priority = ASL_LEVEL_DEBUG;
1343 snprintf(str, sizeof(str), "%d", priority);
1344
1345 asl_msg_set_key_val(m, ASL_KEY_LEVEL, str);
1346
1347 /* Time */
1348 if (when != NULL)
1349 {
1350 snprintf(str, sizeof(str), "%llu", (unsigned long long) when->tv_sec);
1351 asl_msg_set_key_val(m, ASL_KEY_TIME, str);
1352
1353 snprintf(str, sizeof(str), "%lu", 1000 * (unsigned long int)when->tv_usec);
1354 asl_msg_set_key_val(m, ASL_KEY_TIME_NSEC, str);
1355 }
1356 else
1357 {
1358 now = time(NULL);
1359 snprintf(str, sizeof(str), "%llu", (unsigned long long) now);
1360 asl_msg_set_key_val(m, ASL_KEY_TIME, str);
1361 }
1362
1363 /* Facility */
1364 asl_msg_set_key_val(m, ASL_KEY_FACILITY, FACILITY_CONSOLE);
1365
1366 /* UID */
1367 snprintf(str, sizeof(str), "%u", (unsigned int)sender_uid);
1368 asl_msg_set_key_val(m, ASL_KEY_UID, str);
1369
1370 /* GID */
1371 snprintf(str, sizeof(str), "%u", (unsigned int)sender_gid);
1372 asl_msg_set_key_val(m, ASL_KEY_GID, str);
1373
1374 /* PID */
1375 if (from_pid != 0)
1376 {
1377 snprintf(str, sizeof(str), "%u", (unsigned int)from_pid);
1378 asl_msg_set_key_val(m, ASL_KEY_PID, str);
1379 }
1380
1381 /* Reference PID */
1382 if ((about_pid > 0) && (about_pid != from_pid))
1383 {
1384 snprintf(str, sizeof(str), "%u", (unsigned int)about_pid);
1385 asl_msg_set_key_val(m, ASL_KEY_REF_PID, str);
1386 }
1387
1388 /* Sender */
1389 if (from_name != NULL)
1390 {
1391 asl_msg_set_key_val(m, ASL_KEY_SENDER, from_name);
1392 }
1393
1394 /* ReadUID */
1395 if (sender_uid != 0)
1396 {
1397 snprintf(str, sizeof(str), "%d", (int)sender_uid);
1398 asl_msg_set_key_val(m, ASL_KEY_READ_UID, str);
1399 }
1400
1401 /* Reference Process */
1402 if (about_name != NULL)
1403 {
1404 if ((from_name != NULL) && (strcmp(from_name, about_name) != 0))
1405 {
1406 asl_msg_set_key_val(m, ASL_KEY_REF_PROC, about_name);
1407 }
1408 }
1409
1410 /* Session */
1411 if (session_name != NULL)
1412 {
1413 asl_msg_set_key_val(m, ASL_KEY_SESSION, session_name);
1414 }
1415
1416 /* Message */
1417 if (msg != NULL)
1418 {
1419 asl_msg_set_key_val(m, ASL_KEY_MSG, msg);
1420 }
1421
1422 process_message(m, SOURCE_LAUNCHD);
1423 }
1424
1425 #endif
mirror of syslog