2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 1983, 1988, 1993, 1994
5 * The Regents of the University of California. All rights reserved.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the University nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
34 * Copyright (c) 2018 Prodrive Technologies, https://prodrive-technologies.com/
35 * Author: Ed Schouten <ed@FreeBSD.org>
37 * Redistribution and use in source and binary forms, with or without
38 * modification, are permitted provided that the following conditions
40 * 1. Redistributions of source code must retain the above copyright
41 * notice, this list of conditions and the following disclaimer.
42 * 2. Redistributions in binary form must reproduce the above copyright
43 * notice, this list of conditions and the following disclaimer in the
44 * documentation and/or other materials provided with the distribution.
46 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
47 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
48 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
49 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
50 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
51 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
52 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
53 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
54 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
55 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
60 static const char copyright[] =
61 "@(#) Copyright (c) 1983, 1988, 1993, 1994\n\
62 The Regents of the University of California. All rights reserved.\n";
67 static char sccsid[] = "@(#)syslogd.c 8.3 (Berkeley) 4/4/94";
71 #include <sys/cdefs.h>
72 __FBSDID("$FreeBSD$");
75 * syslogd -- log system messages
77 * This program implements a system log. It takes a series of lines.
78 * Each line may have a priority, signified as "<n>" as
79 * the first characters of the line. If this is
80 * not present, a default priority is used.
82 * To kill syslogd, send a signal 15 (terminate). A signal 1 (hup) will
83 * cause it to reread its configuration file.
87 * MAXLINE -- the maximum line length that can be handled.
88 * DEFUPRI -- the default priority for user messages
89 * DEFSPRI -- the default priority for kernel messages
92 * extensive changes by Ralph Campbell
93 * more extensive changes by Eric Allman (again)
94 * Extension to log by program name as well as facility and priority
96 * -u and -v by Harlan Stenn.
97 * Priority comparison code by Harlan Stenn.
100 /* Maximum number of characters in time of last occurrence */
101 #define MAXLINE 2048 /* maximum line length */
102 #define MAXSVLINE MAXLINE /* maximum saved line length */
103 #define DEFUPRI (LOG_USER|LOG_NOTICE)
104 #define DEFSPRI (LOG_KERN|LOG_CRIT)
105 #define TIMERINTVL 30 /* interval for checking flush, mark */
106 #define TTYMSGTIME 1 /* timeout passed to ttymsg */
107 #define RCVBUF_MINSIZE (80 * 1024) /* minimum size of dgram rcv buffer */
109 #include <sys/param.h>
110 #include <sys/ioctl.h>
111 #include <sys/mman.h>
112 #include <sys/queue.h>
113 #include <sys/resource.h>
114 #include <sys/socket.h>
115 #include <sys/stat.h>
116 #include <sys/syslimits.h>
117 #include <sys/time.h>
120 #include <sys/wait.h>
122 #if defined(INET) || defined(INET6)
123 #include <netinet/in.h>
124 #include <arpa/inet.h>
142 #include <sysexits.h>
146 #include "pathnames.h"
150 #include <sys/syslog.h>
152 static const char *ConfFile = _PATH_LOGCONF;
153 static const char *PidFile = _PATH_LOGPID;
154 static const char ctty[] = _PATH_CONSOLE;
155 static const char include_str[] = "include";
156 static const char include_ext[] = ".conf";
158 #define dprintf if (Debug) printf
160 #define MAXUNAMES 20 /* maximum number of user names */
162 #define sstosa(ss) ((struct sockaddr *)(ss))
164 #define sstosin(ss) ((struct sockaddr_in *)(void *)(ss))
165 #define satosin(sa) ((struct sockaddr_in *)(void *)(sa))
168 #define sstosin6(ss) ((struct sockaddr_in6 *)(void *)(ss))
169 #define satosin6(sa) ((struct sockaddr_in6 *)(void *)(sa))
170 #define s6_addr32 __u6_addr.__u6_addr32
171 #define IN6_ARE_MASKED_ADDR_EQUAL(d, a, m) ( \
172 (((d)->s6_addr32[0] ^ (a)->s6_addr32[0]) & (m)->s6_addr32[0]) == 0 && \
173 (((d)->s6_addr32[1] ^ (a)->s6_addr32[1]) & (m)->s6_addr32[1]) == 0 && \
174 (((d)->s6_addr32[2] ^ (a)->s6_addr32[2]) & (m)->s6_addr32[2]) == 0 && \
175 (((d)->s6_addr32[3] ^ (a)->s6_addr32[3]) & (m)->s6_addr32[3]) == 0 )
178 * List of peers and sockets for binding.
184 STAILQ_ENTRY(peer) next;
186 static STAILQ_HEAD(, peer) pqueue = STAILQ_HEAD_INITIALIZER(pqueue);
189 struct sockaddr_storage sl_ss;
191 struct peer *sl_peer;
192 int (*sl_recv)(struct socklist *);
193 STAILQ_ENTRY(socklist) next;
195 static STAILQ_HEAD(, socklist) shead = STAILQ_HEAD_INITIALIZER(shead);
201 #define IGN_CONS 0x001 /* don't print on console */
202 #define SYNC_FILE 0x002 /* do fsync on file after printing */
203 #define MARK 0x008 /* this message is a mark */
205 /* Timestamps of log entries. */
211 /* Traditional syslog timestamp format. */
212 #define RFC3164_DATELEN 15
213 #define RFC3164_DATEFMT "%b %e %H:%M:%S"
216 * This structure represents the files that will have log
218 * We require f_file to be valid if f_type is F_FILE, F_CONSOLE, F_TTY
219 * or if f_type is F_PIPE and f_pid > 0.
223 STAILQ_ENTRY(filed) next; /* next in linked list */
224 short f_type; /* entry type, see below */
225 short f_file; /* file descriptor */
226 time_t f_time; /* time this was last written */
227 char *f_host; /* host from which to recd. */
228 u_char f_pmask[LOG_NFACILITIES+1]; /* priority mask */
229 u_char f_pcmp[LOG_NFACILITIES+1]; /* compare priority */
233 char *f_program; /* program this applies to */
235 char f_uname[MAXUNAMES][MAXLOGNAME];
237 char f_hname[MAXHOSTNAMELEN];
238 struct addrinfo *f_addr;
240 } f_forw; /* forwarding address */
241 char f_fname[MAXPATHLEN];
243 char f_pname[MAXPATHLEN];
247 #define fu_uname f_un.f_uname
248 #define fu_forw_hname f_un.f_forw.f_hname
249 #define fu_forw_addr f_un.f_forw.f_addr
250 #define fu_fname f_un.f_fname
251 #define fu_pipe_pname f_un.f_pipe.f_pname
252 #define fu_pipe_pid f_un.f_pipe.f_pid
253 char f_prevline[MAXSVLINE]; /* last message logged */
254 struct logtime f_lasttime; /* time of last occurrence */
255 char f_prevhost[MAXHOSTNAMELEN]; /* host from which recd. */
256 int f_prevpri; /* pri of f_prevline */
257 size_t f_prevlen; /* length of f_prevline */
258 int f_prevcount; /* repetition cnt of prevline */
259 u_int f_repeatcount; /* number of "repeated" msgs */
260 int f_flags; /* file-specific flags */
261 #define FFLAG_SYNC 0x01
262 #define FFLAG_NEEDSYNC 0x02
266 * Queue of about-to-be dead processes we should watch out for.
271 TAILQ_ENTRY(deadq_entry) dq_entries;
273 static TAILQ_HEAD(, deadq_entry) deadq_head =
274 TAILQ_HEAD_INITIALIZER(deadq_head);
277 * The timeout to apply to processes waiting on the dead queue. Unit
278 * of measure is `mark intervals', i.e. 20 minutes by default.
279 * Processes on the dead queue will be terminated after that time.
282 #define DQ_TIMO_INIT 2
285 * Struct to hold records of network addresses that are allowed to log
293 struct sockaddr_storage addr;
294 struct sockaddr_storage mask;
298 #define a_addr u.numeric.addr
299 #define a_mask u.numeric.mask
300 #define a_name u.name
301 STAILQ_ENTRY(allowedpeer) next;
303 static STAILQ_HEAD(, allowedpeer) aphead = STAILQ_HEAD_INITIALIZER(aphead);
307 * Intervals at which we flush out "message repeated" messages,
308 * in seconds after previous message is logged. After each flush,
309 * we move to the next interval until we reach the largest.
311 static int repeatinterval[] = { 30, 120, 600 }; /* # of secs before flush */
312 #define MAXREPEAT (nitems(repeatinterval) - 1)
313 #define REPEATTIME(f) ((f)->f_time + repeatinterval[(f)->f_repeatcount])
314 #define BACKOFF(f) do { \
315 if (++(f)->f_repeatcount > MAXREPEAT) \
316 (f)->f_repeatcount = MAXREPEAT; \
319 /* values for f_type */
320 #define F_UNUSED 0 /* unused entry */
321 #define F_FILE 1 /* regular file */
322 #define F_TTY 2 /* terminal */
323 #define F_CONSOLE 3 /* console terminal */
324 #define F_FORW 4 /* remote machine */
325 #define F_USERS 5 /* list of users */
326 #define F_WALL 6 /* everyone logged on */
327 #define F_PIPE 7 /* pipe to program */
329 static const char *TypeNames[] = {
330 "UNUSED", "FILE", "TTY", "CONSOLE",
331 "FORW", "USERS", "WALL", "PIPE"
334 static STAILQ_HEAD(, filed) fhead =
335 STAILQ_HEAD_INITIALIZER(fhead); /* Log files that we write to */
336 static struct filed consfile; /* Console */
338 static int Debug; /* debug flag */
339 static int Foreground = 0; /* Run in foreground, instead of daemonizing */
340 static int resolve = 1; /* resolve hostname */
341 static char LocalHostName[MAXHOSTNAMELEN]; /* our hostname */
342 static const char *LocalDomain; /* our local domain name */
343 static int Initialized; /* set when we have initialized ourselves */
344 static int MarkInterval = 20 * 60; /* interval between marks in seconds */
345 static int MarkSeq; /* mark sequence number */
346 static int NoBind; /* don't bind() as suggested by RFC 3164 */
347 static int SecureMode; /* when true, receive only unix domain socks */
349 static int family = PF_UNSPEC; /* protocol family (IPv4, IPv6 or both) */
351 static int family = PF_INET; /* protocol family (IPv4 only) */
353 static int mask_C1 = 1; /* mask characters from 0x80 - 0x9F */
354 static int send_to_all; /* send message to all IPv4/IPv6 addresses */
355 static int use_bootfile; /* log entire bootfile for every kern msg */
356 static int no_compress; /* don't compress messages (1=pipes, 2=all) */
357 static int logflags = O_WRONLY|O_APPEND; /* flags used to open log files */
359 static char bootfile[MAXLINE+1]; /* booted kernel file */
361 static int RemoteAddDate; /* Always set the date on remote messages */
362 static int RemoteHostname; /* Log remote hostname from the message */
364 static int UniquePriority; /* Only log specified priority? */
365 static int LogFacPri; /* Put facility and priority in log message: */
366 /* 0=no, 1=numeric, 2=names */
367 static int KeepKernFac; /* Keep remotely logged kernel facility */
368 static int needdofsync = 0; /* Are any file(s) waiting to be fsynced? */
369 static struct pidfh *pfh;
370 static int sigpipe[2]; /* Pipe to catch a signal during select(). */
372 static volatile sig_atomic_t MarkSet, WantDie, WantInitialize, WantReapchild;
374 static int allowaddr(char *);
375 static int addfile(struct filed *);
376 static int addpeer(struct peer *);
377 static int addsock(struct sockaddr *, socklen_t, struct socklist *);
378 static struct filed *cfline(const char *, const char *, const char *);
379 static const char *cvthname(struct sockaddr *);
380 static void deadq_enter(pid_t, const char *);
381 static int deadq_remove(struct deadq_entry *);
382 static int deadq_removebypid(pid_t);
383 static int decode(const char *, const CODE *);
384 static void die(int) __dead2;
385 static void dodie(int);
386 static void dofsync(void);
387 static void domark(int);
388 static void fprintlog(struct filed *, int, const char *);
389 static void init(int);
390 static void logerror(const char *);
391 static void logmsg(int, const struct logtime *, const char *, const char *,
392 const char *, const char *, const char *, const char *, int);
393 static void log_deadchild(pid_t, int, const char *);
394 static void markit(void);
395 static int socksetup(struct peer *);
396 static int socklist_recv_file(struct socklist *);
397 static int socklist_recv_sock(struct socklist *);
398 static int socklist_recv_signal(struct socklist *);
399 static void sighandler(int);
400 static int skip_message(const char *, const char *, int);
401 static void parsemsg(const char *, char *);
402 static void printsys(char *);
403 static int p_open(const char *, pid_t *);
404 static void reapchild(int);
405 static const char *ttymsg_check(struct iovec *, int, char *, int);
406 static void usage(void);
407 static int validate(struct sockaddr *, const char *);
408 static void unmapped(struct sockaddr *);
409 static void wallmsg(struct filed *, struct iovec *, const int iovlen);
410 static int waitdaemon(int);
411 static void timedout(int);
412 static void increase_rcvbuf(int);
415 close_filed(struct filed *f)
418 if (f == NULL || f->f_file == -1)
423 if (f->f_un.f_forw.f_addr) {
424 freeaddrinfo(f->f_un.f_forw.f_addr);
425 f->f_un.f_forw.f_addr = NULL;
432 f->f_type = F_UNUSED;
438 (void)close(f->f_file);
443 addfile(struct filed *f0)
447 f = calloc(1, sizeof(*f));
449 err(1, "malloc failed");
451 STAILQ_INSERT_TAIL(&fhead, f, next);
457 addpeer(struct peer *pe0)
461 pe = calloc(1, sizeof(*pe));
463 err(1, "malloc failed");
465 STAILQ_INSERT_TAIL(&pqueue, pe, next);
471 addsock(struct sockaddr *sa, socklen_t sa_len, struct socklist *sl0)
475 sl = calloc(1, sizeof(*sl));
477 err(1, "malloc failed");
479 if (sa != NULL && sa_len > 0)
480 memcpy(&sl->sl_ss, sa, sa_len);
481 STAILQ_INSERT_TAIL(&shead, sl, next);
487 main(int argc, char *argv[])
489 int ch, i, s, fdsrmax = 0, bflag = 0, pflag = 0, Sflag = 0;
491 struct timeval tv, *tvp;
494 pid_t ppid = 1, spid;
497 if (madvise(NULL, 0, MADV_PROTECT) != 0)
498 dprintf("madvise() failed: %s\n", strerror(errno));
500 while ((ch = getopt(argc, argv, "468Aa:b:cCdf:FHkl:m:nNop:P:sS:Tuv"))
519 case 'a': /* allow specific network addresses only */
520 if (allowaddr(optarg) == -1)
525 p = strchr(optarg, ']');
527 p = strchr(p + 1, ':');
529 p = strchr(optarg, ':');
530 if (p != NULL && strchr(p + 1, ':') != NULL)
531 p = NULL; /* backward compatibility */
534 /* A hostname or filename only. */
535 addpeer(&(struct peer){
540 /* The case of "name:service". */
542 addpeer(&(struct peer){
544 .pe_name = (strlen(optarg) == 0) ?
555 case 'd': /* debug */
558 case 'f': /* configuration file */
561 case 'F': /* run in foreground instead of daemon */
567 case 'k': /* keep remote kern fac */
580 else if (ch == 'p') {
583 } else if (ch == 'S') {
584 mode = S_IRUSR | S_IWUSR;
587 if (optarg[0] == '/')
589 else if ((name = strchr(optarg, ':')) != NULL) {
592 errx(1, "socket name must be absolute "
594 if (isdigit(*optarg)) {
595 perml = strtol(optarg, &ep, 8);
596 if (*ep || perml < 0 ||
597 perml & ~(S_IRWXU|S_IRWXG|S_IRWXO))
598 errx(1, "invalid mode %s, exiting",
600 mode = (mode_t )perml;
602 errx(1, "invalid mode %s, exiting",
605 errx(1, "invalid filename %s, exiting",
607 addpeer(&(struct peer){
613 case 'm': /* mark interval */
614 MarkInterval = atoi(optarg) * 60;
626 case 'P': /* path for alt. PID */
629 case 's': /* no network mode */
635 case 'u': /* only log specified priority */
638 case 'v': /* log facility and priority */
644 if ((argc -= optind) != 0)
647 /* Pipe to catch a signal during select(). */
648 s = pipe2(sigpipe, O_CLOEXEC);
650 err(1, "cannot open a pipe for signals");
652 addsock(NULL, 0, &(struct socklist){
653 .sl_socket = sigpipe[0],
654 .sl_recv = socklist_recv_signal
658 /* Listen by default: /dev/klog. */
659 s = open(_PATH_KLOG, O_RDONLY | O_NONBLOCK | O_CLOEXEC, 0);
661 dprintf("can't open %s (%d)\n", _PATH_KLOG, errno);
663 addsock(NULL, 0, &(struct socklist){
665 .sl_recv = socklist_recv_file,
668 /* Listen by default: *:514 if no -b flag. */
670 addpeer(&(struct peer){
673 /* Listen by default: /var/run/log if no -p flag. */
675 addpeer(&(struct peer){
676 .pe_name = _PATH_LOG,
677 .pe_mode = DEFFILEMODE,
679 /* Listen by default: /var/run/logpriv if no -S flag. */
681 addpeer(&(struct peer){
682 .pe_name = _PATH_LOG_PRIV,
683 .pe_mode = S_IRUSR | S_IWUSR,
685 STAILQ_FOREACH(pe, &pqueue, next)
688 pfh = pidfile_open(PidFile, 0600, &spid);
691 errx(1, "syslogd already running, pid: %d", spid);
692 warn("cannot open pid file");
695 if ((!Foreground) && (!Debug)) {
696 ppid = waitdaemon(30);
698 warn("could not become daemon");
705 consfile.f_type = F_CONSOLE;
706 (void)strlcpy(consfile.fu_fname, ctty + sizeof _PATH_DEV - 1,
707 sizeof(consfile.fu_fname));
708 (void)strlcpy(bootfile, getbootfile(), sizeof(bootfile));
709 (void)signal(SIGTERM, dodie);
710 (void)signal(SIGINT, Debug ? dodie : SIG_IGN);
711 (void)signal(SIGQUIT, Debug ? dodie : SIG_IGN);
712 (void)signal(SIGHUP, sighandler);
713 (void)signal(SIGCHLD, sighandler);
714 (void)signal(SIGALRM, domark);
715 (void)signal(SIGPIPE, SIG_IGN); /* We'll catch EPIPE instead. */
716 (void)alarm(TIMERINTVL);
718 /* tuck my process id away */
721 dprintf("off & running....\n");
724 tv.tv_sec = tv.tv_usec = 0;
726 STAILQ_FOREACH(sl, &shead, next) {
727 if (sl->sl_socket > fdsrmax)
728 fdsrmax = sl->sl_socket;
730 fdsr = (fd_set *)calloc(howmany(fdsrmax+1, NFDBITS),
733 errx(1, "calloc fd_set");
736 if (Initialized == 0)
738 else if (WantInitialize)
739 init(WantInitialize);
741 reapchild(WantReapchild);
749 bzero(fdsr, howmany(fdsrmax+1, NFDBITS) *
752 STAILQ_FOREACH(sl, &shead, next) {
753 if (sl->sl_socket != -1 && sl->sl_recv != NULL)
754 FD_SET(sl->sl_socket, fdsr);
756 i = select(fdsrmax + 1, fdsr, NULL, NULL,
757 needdofsync ? &tv : tvp);
773 STAILQ_FOREACH(sl, &shead, next) {
774 if (FD_ISSET(sl->sl_socket, fdsr))
782 socklist_recv_signal(struct socklist *sl __unused)
787 if (ioctl(sigpipe[0], FIONREAD, &i) != 0) {
788 logerror("ioctl(FIONREAD)");
789 err(1, "signal pipe read failed");
791 nsig = i / sizeof(signo);
792 dprintf("# of received signals = %d\n", nsig);
793 for (i = 0; i < nsig; i++) {
794 len = read(sigpipe[0], &signo, sizeof(signo));
795 if (len != sizeof(signo)) {
796 logerror("signal pipe read failed");
797 err(1, "signal pipe read failed");
799 dprintf("Received signal: %d from fd=%d\n", signo,
814 socklist_recv_sock(struct socklist *sl)
816 struct sockaddr_storage ss;
817 struct sockaddr *sa = (struct sockaddr *)&ss;
820 char line[MAXLINE + 1];
824 len = recvfrom(sl->sl_socket, line, sizeof(line) - 1, 0, sa, &sslen);
825 dprintf("received sa_len = %d\n", sslen);
830 logerror("recvfrom");
833 /* Received valid data. */
835 if (sl->sl_ss.ss_family == AF_LOCAL)
836 hname = LocalHostName;
838 hname = cvthname(sa);
840 if (validate(sa, hname) == 0) {
841 dprintf("Message from %s was ignored.", hname);
845 parsemsg(hname, line);
851 unmapped(struct sockaddr *sa)
853 #if defined(INET) && defined(INET6)
854 struct sockaddr_in6 *sin6;
855 struct sockaddr_in sin;
858 sa->sa_family != AF_INET6 ||
859 sa->sa_len != sizeof(*sin6))
862 if (!IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr))
864 sin = (struct sockaddr_in){
865 .sin_family = AF_INET,
866 .sin_len = sizeof(sin),
867 .sin_port = sin6->sin6_port
869 memcpy(&sin.sin_addr, &sin6->sin6_addr.s6_addr[12],
870 sizeof(sin.sin_addr));
871 memcpy(sa, &sin, sizeof(sin));
882 fprintf(stderr, "%s\n%s\n%s\n%s\n%s\n",
883 "usage: syslogd [-468ACcdFHknosTuv] [-a allowed_peer]",
884 " [-b bind_address] [-f config_file]",
885 " [-l [mode:]path] [-m mark_interval]",
886 " [-P pid_file] [-p log_socket]",
887 " [-S logpriv_socket]");
892 * Removes characters from log messages that are unsafe to display.
893 * TODO: Permit UTF-8 strings that include a BOM per RFC 5424?
896 parsemsg_remove_unsafe_characters(const char *in, char *out, size_t outlen)
902 while ((c = (unsigned char)*in++) != '\0' && q < out + outlen - 4) {
903 if (mask_C1 && (c & 0x80) && c < 0xA0) {
908 if (isascii(c) && iscntrl(c)) {
911 } else if (c == '\t') {
925 * Parses a syslog message according to RFC 5424, assuming that PRI and
926 * VERSION (i.e., "<%d>1 ") have already been parsed by parsemsg(). The
927 * parsed result is passed to logmsg().
930 parsemsg_rfc5424(const char *from, int pri, char *msg)
932 const struct logtime *timestamp;
933 struct logtime timestamp_remote = { 0 };
934 const char *omsg, *hostname, *app_name, *procid, *msgid,
936 char line[MAXLINE + 1];
938 #define FAIL_IF(field, expr) do { \
940 dprintf("Failed to parse " field " from %s: %s\n", \
945 #define PARSE_CHAR(field, sep) do { \
946 FAIL_IF(field, *msg != sep); \
949 #define IF_NOT_NILVALUE(var) \
950 if (msg[0] == '-' && msg[1] == ' ') { \
953 } else if (msg[0] == '-' && msg[1] == '\0') { \
959 IF_NOT_NILVALUE(timestamp) {
960 /* Parse RFC 3339-like timestamp. */
961 #define PARSE_NUMBER(dest, length, min, max) do { \
965 for (i = 0; i < length; ++i) { \
966 FAIL_IF("TIMESTAMP", *msg < '0' || *msg > '9'); \
967 v = v * 10 + *msg++ - '0'; \
969 FAIL_IF("TIMESTAMP", v < min || v > max); \
973 PARSE_NUMBER(timestamp_remote.tm.tm_year, 4, 0, 9999);
974 timestamp_remote.tm.tm_year -= 1900;
975 PARSE_CHAR("TIMESTAMP", '-');
976 PARSE_NUMBER(timestamp_remote.tm.tm_mon, 2, 1, 12);
977 --timestamp_remote.tm.tm_mon;
978 PARSE_CHAR("TIMESTAMP", '-');
979 PARSE_NUMBER(timestamp_remote.tm.tm_mday, 2, 1, 31);
980 PARSE_CHAR("TIMESTAMP", 'T');
981 PARSE_NUMBER(timestamp_remote.tm.tm_hour, 2, 0, 23);
982 PARSE_CHAR("TIMESTAMP", ':');
983 PARSE_NUMBER(timestamp_remote.tm.tm_min, 2, 0, 59);
984 PARSE_CHAR("TIMESTAMP", ':');
985 PARSE_NUMBER(timestamp_remote.tm.tm_sec, 2, 0, 59);
986 /* Perform normalization. */
987 timegm(×tamp_remote.tm);
988 /* Optional: fractional seconds. */
989 if (msg[0] == '.' && msg[1] >= '0' && msg[1] <= '9') {
993 for (i = 100000; i != 0; i /= 10) {
994 if (*msg < '0' || *msg > '9')
996 timestamp_remote.usec += (*msg++ - '0') * i;
1004 int sign, tz_hour, tz_min;
1006 /* Local time zone offset. */
1007 FAIL_IF("TIMESTAMP", *msg != '-' && *msg != '+');
1008 sign = *msg++ == '-' ? -1 : 1;
1009 PARSE_NUMBER(tz_hour, 2, 0, 23);
1010 PARSE_CHAR("TIMESTAMP", ':');
1011 PARSE_NUMBER(tz_min, 2, 0, 59);
1012 timestamp_remote.tm.tm_gmtoff =
1013 sign * (tz_hour * 3600 + tz_min * 60);
1016 PARSE_CHAR("TIMESTAMP", ' ');
1017 timestamp = RemoteAddDate ? NULL : ×tamp_remote;
1020 /* String fields part of the HEADER. */
1021 #define PARSE_STRING(field, var) \
1022 IF_NOT_NILVALUE(var) { \
1024 while (*msg >= '!' && *msg <= '~') \
1026 FAIL_IF(field, var == msg); \
1027 PARSE_CHAR(field, ' '); \
1030 PARSE_STRING("HOSTNAME", hostname);
1031 if (hostname == NULL || !RemoteHostname)
1033 PARSE_STRING("APP-NAME", app_name);
1034 PARSE_STRING("PROCID", procid);
1035 PARSE_STRING("MSGID", msgid);
1038 /* Structured data. */
1039 #define PARSE_SD_NAME() do { \
1040 const char *start; \
1043 while (*msg >= '!' && *msg <= '~' && *msg != '=' && \
1044 *msg != ']' && *msg != '"') \
1046 FAIL_IF("STRUCTURED-NAME", start == msg); \
1048 IF_NOT_NILVALUE(structured_data) {
1050 while (*msg == '[') {
1055 while (*msg == ' ') {
1059 PARSE_CHAR("STRUCTURED-NAME", '=');
1060 PARSE_CHAR("STRUCTURED-NAME", '"');
1061 while (*msg != '"') {
1062 FAIL_IF("STRUCTURED-NAME",
1064 if (*msg++ == '\\') {
1065 FAIL_IF("STRUCTURED-NAME",
1072 PARSE_CHAR("STRUCTURED-NAME", ']');
1074 PARSE_CHAR("STRUCTURED-NAME", ' ');
1077 #undef PARSE_SD_NAME
1081 #undef IF_NOT_NILVALUE
1083 parsemsg_remove_unsafe_characters(msg, line, sizeof(line));
1084 logmsg(pri, timestamp, hostname, app_name, procid, msgid,
1085 structured_data, line, 0);
1089 * Trims the application name ("TAG" in RFC 3164 terminology) and
1090 * process ID from a message if present.
1093 parsemsg_rfc3164_app_name_procid(char **msg, const char **app_name,
1094 const char **procid) {
1095 char *m, *app_name_begin, *procid_begin;
1096 size_t app_name_length, procid_length;
1100 /* Application name. */
1102 app_name_length = strspn(m,
1103 "abcdefghijklmnopqrstuvwxyz"
1104 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
1107 if (app_name_length == 0)
1109 m += app_name_length;
1111 /* Process identifier (optional). */
1114 procid_length = strspn(m, "0123456789");
1115 if (procid_length == 0)
1121 procid_begin = NULL;
1126 if (m[0] != ':' || m[1] != ' ')
1129 /* Split strings from input. */
1130 app_name_begin[app_name_length] = '\0';
1131 if (procid_begin != 0)
1132 procid_begin[procid_length] = '\0';
1135 *app_name = app_name_begin;
1136 *procid = procid_begin;
1144 * Parses a syslog message according to RFC 3164, assuming that PRI
1145 * (i.e., "<%d>") has already been parsed by parsemsg(). The parsed
1146 * result is passed to logmsg().
1149 parsemsg_rfc3164(const char *from, int pri, char *msg)
1151 struct tm tm_parsed;
1152 const struct logtime *timestamp;
1153 struct logtime timestamp_remote = { 0 };
1154 const char *app_name, *procid;
1156 char line[MAXLINE + 1];
1158 /* Parse the timestamp provided by the remote side. */
1159 if (strptime(msg, RFC3164_DATEFMT, &tm_parsed) !=
1160 msg + RFC3164_DATELEN || msg[RFC3164_DATELEN] != ' ') {
1161 dprintf("Failed to parse TIMESTAMP from %s: %s\n", from, msg);
1164 msg += RFC3164_DATELEN + 1;
1166 if (!RemoteAddDate) {
1172 * As the timestamp does not contain the year number,
1173 * daylight saving time information, nor a time zone,
1174 * attempt to infer it. Due to clock skews, the
1175 * timestamp may even be part of the next year. Use the
1176 * last year for which the timestamp is at most one week
1179 * This loop can only run for at most three iterations
1180 * before terminating.
1183 localtime_r(&t_now, &tm_now);
1184 for (year = tm_now.tm_year + 1;; --year) {
1185 assert(year >= tm_now.tm_year - 1);
1186 timestamp_remote.tm = tm_parsed;
1187 timestamp_remote.tm.tm_year = year;
1188 timestamp_remote.tm.tm_isdst = -1;
1189 if (mktime(×tamp_remote.tm) <
1190 t_now + 7 * 24 * 60 * 60)
1193 timestamp = ×tamp_remote;
1198 * A single space character MUST also follow the HOSTNAME field.
1200 msglen = strlen(msg);
1201 for (i = 0; i < MIN(MAXHOSTNAMELEN, msglen); i++) {
1202 if (msg[i] == ' ') {
1203 if (RemoteHostname) {
1211 * Support non RFC compliant messages, without hostname.
1216 if (i == MIN(MAXHOSTNAMELEN, msglen)) {
1217 dprintf("Invalid HOSTNAME from %s: %s\n", from, msg);
1221 /* Remove the TAG, if present. */
1222 parsemsg_rfc3164_app_name_procid(&msg, &app_name, &procid);
1223 parsemsg_remove_unsafe_characters(msg, line, sizeof(line));
1224 logmsg(pri, timestamp, from, app_name, procid, NULL, NULL, line, 0);
1228 * Takes a raw input line, extracts PRI and determines whether the
1229 * message is formatted according to RFC 3164 or RFC 5424. Continues
1230 * parsing of addition fields in the message according to those
1231 * standards and prints the message on the appropriate log files.
1234 parsemsg(const char *from, char *msg)
1242 if (msg[0] != '<' || !isdigit(msg[1])) {
1243 dprintf("Invalid PRI from %s\n", from);
1246 for (i = 2; i <= 4; i++) {
1249 if (!isdigit(msg[i])) {
1250 dprintf("Invalid PRI header from %s\n", from);
1254 if (msg[i] != '>') {
1255 dprintf("Invalid PRI header from %s\n", from);
1259 n = strtol(msg + 1, &q, 10);
1260 if (errno != 0 || *q != msg[i] || n < 0 || n >= INT_MAX) {
1261 dprintf("Invalid PRI %ld from %s: %s\n",
1262 n, from, strerror(errno));
1266 if (pri &~ (LOG_FACMASK|LOG_PRIMASK))
1270 * Don't allow users to log kernel messages.
1271 * NOTE: since LOG_KERN == 0 this will also match
1272 * messages with no facility specified.
1274 if ((pri & LOG_FACMASK) == LOG_KERN && !KeepKernFac)
1275 pri = LOG_MAKEPRI(LOG_USER, LOG_PRI(pri));
1277 /* Parse VERSION. */
1279 if (msg[0] == '1' && msg[1] == ' ')
1280 parsemsg_rfc5424(from, pri, msg + 2);
1282 parsemsg_rfc3164(from, pri, msg);
1286 * Read /dev/klog while data are available, split into lines.
1289 socklist_recv_file(struct socklist *sl)
1291 char *p, *q, line[MAXLINE + 1];
1296 i = read(sl->sl_socket, line + len, MAXLINE - 1 - len);
1298 line[i + len] = '\0';
1300 if (i < 0 && errno != EINTR && errno != EAGAIN) {
1302 close(sl->sl_socket);
1308 for (p = line; (q = strchr(p, '\n')) != NULL; p = q + 1) {
1313 if (len >= MAXLINE - 1) {
1318 memmove(line, p, len + 1);
1327 * Take a raw input line from /dev/klog, format similar to syslog().
1334 int flags, isprintf, pri;
1336 flags = SYNC_FILE; /* fsync after write */
1342 n = strtol(p + 1, &q, 10);
1343 if (*q == '>' && n >= 0 && n < INT_MAX && errno == 0) {
1350 * Kernel printf's and LOG_CONSOLE messages have been displayed
1351 * on the console already.
1353 if (isprintf || (pri & LOG_FACMASK) == LOG_CONSOLE)
1355 if (pri &~ (LOG_FACMASK|LOG_PRIMASK))
1357 logmsg(pri, NULL, LocalHostName, "kernel", NULL, NULL, NULL, p, flags);
1363 * Match a program or host name against a specification.
1364 * Return a non-0 value if the message must be ignored
1365 * based on the specification.
1368 skip_message(const char *name, const char *spec, int checkcase)
1373 /* Behaviour on explicit match */
1388 s = strstr (spec, name);
1390 s = strcasestr (spec, name);
1393 prev = (s == spec ? ',' : *(s - 1));
1394 next = *(s + strlen (name));
1396 if (prev == ',' && (next == '\0' || next == ','))
1397 /* Explicit match: skip iff the spec is an
1402 /* No explicit match for this name: skip the message iff
1403 the spec is an inclusive one. */
1408 * Logs a message to the appropriate log files, users, etc. based on the
1409 * priority. Log messages are always formatted according to RFC 3164,
1410 * even if they were in RFC 5424 format originally, The MSGID and
1411 * STRUCTURED-DATA fields are thus discarded for the time being.
1414 logmsg(int pri, const struct logtime *timestamp, const char *from,
1415 const char *app_name, const char *procid, const char *msgid __unused,
1416 const char *structured_data __unused, const char *msg, int flags)
1419 struct logtime timestamp_now;
1423 char buf[MAXLINE+1];
1425 dprintf("logmsg: pri %o, flags %x, from %s, msg %s\n",
1426 pri, flags, from, msg);
1428 (void)gettimeofday(&tv, NULL);
1430 if (timestamp == NULL) {
1431 localtime_r(&now, ×tamp_now.tm);
1432 timestamp_now.usec = tv.tv_usec;
1433 timestamp = ×tamp_now;
1436 /* extract facility and priority level */
1438 fac = LOG_NFACILITIES;
1442 /* Check maximum facility number. */
1443 if (fac > LOG_NFACILITIES)
1446 prilev = LOG_PRI(pri);
1448 /* Prepend the application name to the message if provided. */
1449 if (app_name != NULL) {
1451 msglen = snprintf(buf, sizeof(buf), "%s[%s]: %s",
1452 app_name, procid, msg);
1454 msglen = snprintf(buf, sizeof(buf), "%s: %s",
1458 msglen = strlen(msg);
1460 /* log the message to the particular outputs */
1464 * Open in non-blocking mode to avoid hangs during open
1465 * and close(waiting for the port to drain).
1467 f->f_file = open(ctty, O_WRONLY | O_NONBLOCK, 0);
1469 if (f->f_file >= 0) {
1470 f->f_lasttime = *timestamp;
1471 fprintlog(f, flags, msg);
1477 STAILQ_FOREACH(f, &fhead, next) {
1478 /* skip messages that are incorrect priority */
1479 if (!(((f->f_pcmp[fac] & PRI_EQ) && (f->f_pmask[fac] == prilev))
1480 ||((f->f_pcmp[fac] & PRI_LT) && (f->f_pmask[fac] < prilev))
1481 ||((f->f_pcmp[fac] & PRI_GT) && (f->f_pmask[fac] > prilev))
1483 || f->f_pmask[fac] == INTERNAL_NOPRI)
1486 /* skip messages with the incorrect hostname */
1487 if (skip_message(from, f->f_host, 0))
1490 /* skip messages with the incorrect program name */
1491 if (skip_message(app_name == NULL ? "" : app_name,
1495 /* skip message to console if it has already been printed */
1496 if (f->f_type == F_CONSOLE && (flags & IGN_CONS))
1499 /* don't output marks to recently written files */
1500 if ((flags & MARK) && (now - f->f_time) < MarkInterval / 2)
1504 * suppress duplicate lines to this file
1506 if (no_compress - (f->f_type != F_PIPE) < 1 &&
1507 (flags & MARK) == 0 && msglen == f->f_prevlen &&
1508 !strcmp(msg, f->f_prevline) &&
1509 !strcasecmp(from, f->f_prevhost)) {
1510 f->f_lasttime = *timestamp;
1512 dprintf("msg repeated %d times, %ld sec of %d\n",
1513 f->f_prevcount, (long)(now - f->f_time),
1514 repeatinterval[f->f_repeatcount]);
1516 * If domark would have logged this by now,
1517 * flush it now (so we don't hold isolated messages),
1518 * but back off so we'll flush less often
1521 if (now > REPEATTIME(f)) {
1522 fprintlog(f, flags, (char *)NULL);
1526 /* new line, save it */
1528 fprintlog(f, 0, (char *)NULL);
1529 f->f_repeatcount = 0;
1531 f->f_lasttime = *timestamp;
1532 (void)strlcpy(f->f_prevhost, from,
1533 sizeof(f->f_prevhost));
1534 if (msglen < MAXSVLINE) {
1535 f->f_prevlen = msglen;
1536 (void)strlcpy(f->f_prevline, msg, sizeof(f->f_prevline));
1537 fprintlog(f, flags, (char *)NULL);
1539 f->f_prevline[0] = 0;
1541 fprintlog(f, flags, msg);
1552 STAILQ_FOREACH(f, &fhead, next) {
1553 if ((f->f_type == F_FILE) &&
1554 (f->f_flags & FFLAG_NEEDSYNC)) {
1555 f->f_flags &= ~FFLAG_NEEDSYNC;
1556 (void)fsync(f->f_file);
1563 fprintlog(struct filed *f, int flags, const char *msg)
1565 struct iovec iov[IOV_SIZE];
1568 char line[MAXLINE + 1], repbuf[80], greetings[200], *wmsg = NULL;
1569 char nul[] = "", space[] = " ", lf[] = "\n", crlf[] = "\r\n";
1570 char timebuf[RFC3164_DATELEN + 1];
1573 if (strftime(timebuf, sizeof(timebuf), RFC3164_DATEFMT,
1574 &f->f_lasttime.tm) == 0)
1576 if (f->f_type == F_WALL) {
1577 /* The time displayed is not synchornized with the other log
1578 * destinations (like messages). Following fragment was using
1579 * ctime(&now), which was updating the time every 30 sec.
1580 * With f_lasttime, time is synchronized correctly.
1582 iov[0] = (struct iovec){
1583 .iov_base = greetings,
1584 .iov_len = snprintf(greetings, sizeof(greetings),
1585 "\r\n\7Message from syslogd@%s "
1587 f->f_prevhost, timebuf)
1589 if (iov[0].iov_len >= sizeof(greetings))
1590 iov[0].iov_len = sizeof(greetings) - 1;
1591 iov[1] = (struct iovec){
1596 iov[0] = (struct iovec){
1597 .iov_base = timebuf,
1598 .iov_len = strlen(timebuf)
1600 iov[1] = (struct iovec){
1607 static char fp_buf[30]; /* Hollow laugh */
1608 int fac = f->f_prevpri & LOG_FACMASK;
1609 int pri = LOG_PRI(f->f_prevpri);
1610 const char *f_s = NULL;
1611 char f_n[5]; /* Hollow laugh */
1612 const char *p_s = NULL;
1613 char p_n[5]; /* Hollow laugh */
1615 if (LogFacPri > 1) {
1618 for (c = facilitynames; c->c_name; c++) {
1619 if (c->c_val == fac) {
1624 for (c = prioritynames; c->c_name; c++) {
1625 if (c->c_val == pri) {
1632 snprintf(f_n, sizeof f_n, "%d", LOG_FAC(fac));
1636 snprintf(p_n, sizeof p_n, "%d", pri);
1639 snprintf(fp_buf, sizeof fp_buf, "<%s.%s> ", f_s, p_s);
1640 iov[2] = (struct iovec){
1642 .iov_len = strlen(fp_buf)
1645 iov[2] = (struct iovec){
1650 iov[3] = (struct iovec){
1651 .iov_base = f->f_prevhost,
1652 .iov_len = strlen(f->f_prevhost)
1654 iov[4] = (struct iovec){
1659 wmsg = strdup(msg); /* XXX iov_base needs a `const' sibling. */
1664 iov[5] = (struct iovec){
1666 .iov_len = strlen(msg)
1668 } else if (f->f_prevcount > 1) {
1669 iov[5] = (struct iovec){
1671 .iov_len = snprintf(repbuf, sizeof(repbuf),
1672 "last message repeated %d times", f->f_prevcount)
1675 iov[5] = (struct iovec){
1676 .iov_base = f->f_prevline,
1677 .iov_len = f->f_prevlen
1680 dprintf("Logging to %s", TypeNames[f->f_type]);
1683 switch (f->f_type) {
1689 dprintf(" %s", f->fu_forw_hname);
1690 switch (f->fu_forw_addr->ai_addr->sa_family) {
1694 ntohs(satosin(f->fu_forw_addr->ai_addr)->sin_port));
1700 ntohs(satosin6(f->fu_forw_addr->ai_addr)->sin6_port));
1706 /* check for local vs remote messages */
1707 if (strcasecmp(f->f_prevhost, LocalHostName))
1708 l = snprintf(line, sizeof line - 1,
1709 "<%d>%.15s Forwarded from %s: %s",
1710 f->f_prevpri, (char *)iov[0].iov_base,
1711 f->f_prevhost, (char *)iov[5].iov_base);
1713 l = snprintf(line, sizeof line - 1, "<%d>%.15s %s",
1714 f->f_prevpri, (char *)iov[0].iov_base,
1715 (char *)iov[5].iov_base);
1718 else if (l > MAXLINE)
1721 for (r = f->fu_forw_addr; r; r = r->ai_next) {
1722 struct socklist *sl;
1724 STAILQ_FOREACH(sl, &shead, next) {
1725 if (sl->sl_ss.ss_family == AF_LOCAL ||
1726 sl->sl_ss.ss_family == AF_UNSPEC ||
1729 lsent = sendto(sl->sl_socket, line, l, 0,
1730 r->ai_addr, r->ai_addrlen);
1734 if (lsent == l && !send_to_all)
1737 dprintf("lsent/l: %d/%d\n", lsent, l);
1752 /* case ENOTSOCK: */
1754 /* case EMSGSIZE: */
1757 /* case ECONNREFUSED: */
1759 dprintf("removing entry: errno=%d\n", e);
1760 f->f_type = F_UNUSED;
1767 dprintf(" %s\n", f->fu_fname);
1768 iov[6] = (struct iovec){
1772 if (writev(f->f_file, iov, nitems(iov)) < 0) {
1774 * If writev(2) fails for potentially transient errors
1775 * like the filesystem being full, ignore it.
1776 * Otherwise remove this logfile from the list.
1778 if (errno != ENOSPC) {
1782 logerror(f->fu_fname);
1784 } else if ((flags & SYNC_FILE) && (f->f_flags & FFLAG_SYNC)) {
1785 f->f_flags |= FFLAG_NEEDSYNC;
1791 dprintf(" %s\n", f->fu_pipe_pname);
1792 iov[6] = (struct iovec){
1796 if (f->fu_pipe_pid == 0) {
1797 if ((f->f_file = p_open(f->fu_pipe_pname,
1798 &f->fu_pipe_pid)) < 0) {
1799 logerror(f->fu_pipe_pname);
1803 if (writev(f->f_file, iov, nitems(iov)) < 0) {
1806 deadq_enter(f->fu_pipe_pid, f->fu_pipe_pname);
1809 logerror(f->fu_pipe_pname);
1814 if (flags & IGN_CONS) {
1815 dprintf(" (ignored)\n");
1821 dprintf(" %s%s\n", _PATH_DEV, f->fu_fname);
1822 iov[6] = (struct iovec){
1826 errno = 0; /* ttymsg() only sometimes returns an errno */
1827 if ((msgret = ttymsg(iov, nitems(iov), f->fu_fname, 10))) {
1828 f->f_type = F_UNUSED;
1836 iov[6] = (struct iovec){
1840 wallmsg(f, iov, nitems(iov));
1848 * WALLMSG -- Write a message to the world at large
1850 * Write the specified message to either the entire
1851 * world, or a list of approved users.
1854 wallmsg(struct filed *f, struct iovec *iov, const int iovlen)
1856 static int reenter; /* avoid calling ourselves */
1865 while ((ut = getutxent()) != NULL) {
1866 if (ut->ut_type != USER_PROCESS)
1868 if (f->f_type == F_WALL) {
1869 if ((p = ttymsg(iov, iovlen, ut->ut_line,
1870 TTYMSGTIME)) != NULL) {
1871 errno = 0; /* already in msg */
1876 /* should we send the message to this user? */
1877 for (i = 0; i < MAXUNAMES; i++) {
1878 if (!f->fu_uname[i][0])
1880 if (!strcmp(f->fu_uname[i], ut->ut_user)) {
1881 if ((p = ttymsg_check(iov, iovlen, ut->ut_line,
1882 TTYMSGTIME)) != NULL) {
1883 errno = 0; /* already in msg */
1895 * Wrapper routine for ttymsg() that checks the terminal for messages enabled.
1898 ttymsg_check(struct iovec *iov, int iovcnt, char *line, int tmout)
1900 static char device[1024];
1901 static char errbuf[1024];
1904 (void) snprintf(device, sizeof(device), "%s%s", _PATH_DEV, line);
1906 if (stat(device, &sb) < 0) {
1907 (void) snprintf(errbuf, sizeof(errbuf),
1908 "%s: %s", device, strerror(errno));
1911 if ((sb.st_mode & S_IWGRP) == 0)
1912 /* Messages disabled. */
1914 return ttymsg(iov, iovcnt, line, tmout);
1918 reapchild(int signo __unused)
1924 while ((pid = wait3(&status, WNOHANG, (struct rusage *)NULL)) > 0) {
1925 /* First, look if it's a process from the dead queue. */
1926 if (deadq_removebypid(pid))
1929 /* Now, look in list of active processes. */
1930 STAILQ_FOREACH(f, &fhead, next) {
1931 if (f->f_type == F_PIPE &&
1932 f->fu_pipe_pid == pid) {
1934 log_deadchild(pid, status, f->fu_pipe_pname);
1943 * Return a printable representation of a host address.
1946 cvthname(struct sockaddr *f)
1949 static char hname[NI_MAXHOST], ip[NI_MAXHOST];
1951 dprintf("cvthname(%d) len = %d\n", f->sa_family, f->sa_len);
1952 error = getnameinfo(f, f->sa_len, ip, sizeof(ip), NULL, 0,
1955 dprintf("Malformed from address %s\n", gai_strerror(error));
1958 dprintf("cvthname(%s)\n", ip);
1963 error = getnameinfo(f, f->sa_len, hname, sizeof(hname),
1964 NULL, 0, NI_NAMEREQD);
1966 dprintf("Host name for your address (%s) unknown\n", ip);
1970 if (hl > 0 && hname[hl-1] == '.')
1972 trimdomain(hname, hl);
1984 domark(int signo __unused)
1991 * Print syslogd errors some place.
1994 logerror(const char *type)
1997 static int recursed = 0;
1999 /* If there's an error while trying to log an error, give up. */
2005 sizeof buf, "syslogd: %s: %s", type, strerror(errno));
2007 (void)snprintf(buf, sizeof buf, "syslogd: %s", type);
2009 dprintf("%s\n", buf);
2010 logmsg(LOG_SYSLOG|LOG_ERR, NULL, LocalHostName, NULL, NULL, NULL,
2019 struct socklist *sl;
2022 STAILQ_FOREACH(f, &fhead, next) {
2023 /* flush any pending output */
2025 fprintlog(f, 0, (char *)NULL);
2026 if (f->f_type == F_PIPE && f->fu_pipe_pid > 0)
2030 dprintf("syslogd: exiting on signal %d\n", signo);
2031 (void)snprintf(buf, sizeof(buf), "exiting on signal %d", signo);
2035 STAILQ_FOREACH(sl, &shead, next) {
2036 if (sl->sl_ss.ss_family == AF_LOCAL)
2037 unlink(sl->sl_peer->pe_name);
2039 pidfile_remove(pfh);
2045 configfiles(const struct dirent *dp)
2050 if (dp->d_name[0] == '.')
2053 ext_len = sizeof(include_ext) -1;
2055 if (dp->d_namlen <= ext_len)
2058 p = &dp->d_name[dp->d_namlen - ext_len];
2059 if (strcmp(p, include_ext) != 0)
2066 readconfigfile(FILE *cf, int allow_includes)
2070 struct dirent **ent;
2071 char cline[LINE_MAX];
2072 char host[MAXHOSTNAMELEN];
2073 char prog[LINE_MAX];
2074 char file[MAXPATHLEN];
2080 * Foreach line in the conf table, open that file.
2082 include_len = sizeof(include_str) -1;
2083 (void)strlcpy(host, "*", sizeof(host));
2084 (void)strlcpy(prog, "*", sizeof(prog));
2085 while (fgets(cline, sizeof(cline), cf) != NULL) {
2087 * check for end-of-section, comments, strip off trailing
2088 * spaces and newline character. #!prog is treated specially:
2089 * following lines apply only to that program.
2091 for (p = cline; isspace(*p); ++p)
2095 if (allow_includes &&
2096 strncmp(p, include_str, include_len) == 0 &&
2097 isspace(p[include_len])) {
2102 while (*tmp != '\0' && !isspace(*tmp))
2105 dprintf("Trying to include files in '%s'\n", p);
2106 nents = scandir(p, &ent, configfiles, alphasort);
2108 dprintf("Unable to open '%s': %s\n", p,
2112 for (i = 0; i < nents; i++) {
2113 if (snprintf(file, sizeof(file), "%s/%s", p,
2114 ent[i]->d_name) >= (int)sizeof(file)) {
2115 dprintf("ignoring path too long: "
2116 "'%s/%s'\n", p, ent[i]->d_name);
2121 cf2 = fopen(file, "r");
2124 dprintf("reading %s\n", file);
2125 readconfigfile(cf2, 0);
2133 if (*p != '!' && *p != '+' && *p != '-')
2136 if (*p == '+' || *p == '-') {
2140 if ((!*p) || (*p == '*')) {
2141 (void)strlcpy(host, "*", sizeof(host));
2146 for (i = 1; i < MAXHOSTNAMELEN - 1; i++) {
2147 if (!isalnum(*p) && *p != '.' && *p != '-'
2148 && *p != ',' && *p != ':' && *p != '%')
2157 while (isspace(*p)) p++;
2158 if ((!*p) || (*p == '*')) {
2159 (void)strlcpy(prog, "*", sizeof(prog));
2162 for (i = 0; i < LINE_MAX - 1; i++) {
2163 if (!isprint(p[i]) || isspace(p[i]))
2170 for (p = cline + 1; *p != '\0'; p++) {
2173 if (*(p - 1) == '\\') {
2181 for (i = strlen(cline) - 1; i >= 0 && isspace(cline[i]); i--)
2183 f = cfline(cline, prog, host);
2191 sighandler(int signo)
2194 /* Send an wake-up signal to the select() loop. */
2195 write(sigpipe[1], &signo, sizeof(signo));
2199 * INIT -- Initialize syslogd from configuration table
2208 char oldLocalHostName[MAXHOSTNAMELEN];
2209 char hostMsg[2*MAXHOSTNAMELEN+40];
2210 char bootfileMsg[LINE_MAX];
2216 * Load hostname (may have changed).
2219 (void)strlcpy(oldLocalHostName, LocalHostName,
2220 sizeof(oldLocalHostName));
2221 if (gethostname(LocalHostName, sizeof(LocalHostName)))
2222 err(EX_OSERR, "gethostname() failed");
2223 if ((p = strchr(LocalHostName, '.')) != NULL) {
2231 * Load / reload timezone data (in case it changed).
2233 * Just calling tzset() again does not work, the timezone code
2234 * caches the result. However, by setting the TZ variable, one
2235 * can defeat the caching and have the timezone code really
2236 * reload the timezone data. Respect any initial setting of
2237 * TZ, in case the system is configured specially.
2239 dprintf("loading timezone data via tzset()\n");
2243 setenv("TZ", ":/etc/localtime", 1);
2249 * Close all open log files.
2252 STAILQ_FOREACH(f, &fhead, next) {
2253 /* flush any pending output */
2255 fprintlog(f, 0, (char *)NULL);
2257 switch (f->f_type) {
2265 deadq_enter(f->fu_pipe_pid, f->fu_pipe_pname);
2270 while(!STAILQ_EMPTY(&fhead)) {
2271 f = STAILQ_FIRST(&fhead);
2272 STAILQ_REMOVE_HEAD(&fhead, next);
2278 /* open the configuration file */
2279 if ((cf = fopen(ConfFile, "r")) == NULL) {
2280 dprintf("cannot open %s\n", ConfFile);
2281 f = cfline("*.ERR\t/dev/console", "*", "*");
2285 f = cfline("*.PANIC\t*", "*", "*");
2294 readconfigfile(cf, 1);
2296 /* close the configuration file */
2303 STAILQ_FOREACH(f, &fhead, next) {
2304 for (i = 0; i <= LOG_NFACILITIES; i++)
2305 if (f->f_pmask[i] == INTERNAL_NOPRI)
2308 printf("%d ", f->f_pmask[i]);
2309 printf("%s: ", TypeNames[f->f_type]);
2310 switch (f->f_type) {
2312 printf("%s", f->fu_fname);
2317 printf("%s%s", _PATH_DEV, f->fu_fname);
2321 switch (f->fu_forw_addr->ai_addr->sa_family) {
2324 port = ntohs(satosin(f->fu_forw_addr->ai_addr)->sin_port);
2329 port = ntohs(satosin6(f->fu_forw_addr->ai_addr)->sin6_port);
2337 f->fu_forw_hname, port);
2339 printf("%s", f->fu_forw_hname);
2344 printf("%s", f->fu_pipe_pname);
2348 for (i = 0; i < MAXUNAMES && *f->fu_uname[i]; i++)
2349 printf("%s, ", f->fu_uname[i]);
2353 printf(" (%s)", f->f_program);
2358 logmsg(LOG_SYSLOG|LOG_INFO, NULL, LocalHostName, NULL, NULL, NULL,
2359 NULL, "syslogd: restart", 0);
2360 dprintf("syslogd: restarted\n");
2362 * Log a change in hostname, but only on a restart.
2364 if (signo != 0 && strcmp(oldLocalHostName, LocalHostName) != 0) {
2365 (void)snprintf(hostMsg, sizeof(hostMsg),
2366 "syslogd: hostname changed, \"%s\" to \"%s\"",
2367 oldLocalHostName, LocalHostName);
2368 logmsg(LOG_SYSLOG|LOG_INFO, NULL, LocalHostName, NULL, NULL,
2369 NULL, NULL, hostMsg, 0);
2370 dprintf("%s\n", hostMsg);
2373 * Log the kernel boot file if we aren't going to use it as
2374 * the prefix, and if this is *not* a restart.
2376 if (signo == 0 && !use_bootfile) {
2377 (void)snprintf(bootfileMsg, sizeof(bootfileMsg),
2378 "syslogd: kernel boot file is %s", bootfile);
2379 logmsg(LOG_KERN|LOG_INFO, NULL, LocalHostName, NULL, NULL,
2380 NULL, NULL, bootfileMsg, 0);
2381 dprintf("%s\n", bootfileMsg);
2386 * Crack a configuration file line
2388 static struct filed *
2389 cfline(const char *line, const char *prog, const char *host)
2392 struct addrinfo hints, *res;
2393 int error, i, pri, syncfile;
2396 char buf[MAXLINE], ebuf[100];
2398 dprintf("cfline(\"%s\", f, \"%s\", \"%s\")\n", line, prog, host);
2400 f = calloc(1, sizeof(*f));
2405 errno = 0; /* keep strerror() stuff out of logerror messages */
2407 for (i = 0; i <= LOG_NFACILITIES; i++)
2408 f->f_pmask[i] = INTERNAL_NOPRI;
2410 /* save hostname if any */
2411 if (host && *host == '*')
2416 f->f_host = strdup(host);
2417 if (f->f_host == NULL) {
2421 hl = strlen(f->f_host);
2422 if (hl > 0 && f->f_host[hl-1] == '.')
2423 f->f_host[--hl] = '\0';
2424 trimdomain(f->f_host, hl);
2427 /* save program name if any */
2428 if (prog && *prog == '*')
2431 f->f_program = strdup(prog);
2432 if (f->f_program == NULL) {
2438 /* scan through the list of selectors */
2439 for (p = line; *p && *p != '\t' && *p != ' ';) {
2444 /* find the end of this facility name list */
2445 for (q = p; *q && *q != '\t' && *q != ' ' && *q++ != '.'; )
2448 /* get the priority comparison */
2476 /* collect priority name */
2477 for (bp = buf; *q && !strchr("\t,; ", *q); )
2482 while (strchr(",;", *q))
2485 /* decode priority name */
2488 pri_cmp = PRI_LT | PRI_EQ | PRI_GT;
2490 /* Ignore trailing spaces. */
2491 for (i = strlen(buf) - 1; i >= 0 && buf[i] == ' '; i--)
2494 pri = decode(buf, prioritynames);
2497 (void)snprintf(ebuf, sizeof ebuf,
2498 "unknown priority name \"%s\"", buf);
2505 pri_cmp = (UniquePriority)
2510 pri_cmp ^= PRI_LT | PRI_EQ | PRI_GT;
2512 /* scan facilities */
2513 while (*p && !strchr("\t.; ", *p)) {
2514 for (bp = buf; *p && !strchr("\t,;. ", *p); )
2519 for (i = 0; i < LOG_NFACILITIES; i++) {
2520 f->f_pmask[i] = pri;
2521 f->f_pcmp[i] = pri_cmp;
2524 i = decode(buf, facilitynames);
2527 (void)snprintf(ebuf, sizeof ebuf,
2528 "unknown facility name \"%s\"",
2534 f->f_pmask[i >> 3] = pri;
2535 f->f_pcmp[i >> 3] = pri_cmp;
2537 while (*p == ',' || *p == ' ')
2544 /* skip to action part */
2545 while (*p == '\t' || *p == ' ')
2560 * scan forward to see if there is a port defined.
2561 * so we can't use strlcpy..
2563 i = sizeof(f->fu_forw_hname);
2564 tp = f->fu_forw_hname;
2568 * an ipv6 address should start with a '[' in that case
2569 * we should scan for a ']'
2575 while (*p && (*p != endkey) && (i-- > 0)) {
2578 if (endkey == ']' && *p == endkey)
2582 /* See if we copied a domain and have a port */
2588 hints = (struct addrinfo){
2589 .ai_family = family,
2590 .ai_socktype = SOCK_DGRAM
2592 error = getaddrinfo(f->fu_forw_hname,
2593 p ? p : "syslog", &hints, &res);
2595 logerror(gai_strerror(error));
2598 f->fu_forw_addr = res;
2603 if ((f->f_file = open(p, logflags, 0600)) < 0) {
2604 f->f_type = F_UNUSED;
2609 f->f_flags |= FFLAG_SYNC;
2610 if (isatty(f->f_file)) {
2611 if (strcmp(p, ctty) == 0)
2612 f->f_type = F_CONSOLE;
2615 (void)strlcpy(f->fu_fname, p + sizeof(_PATH_DEV) - 1,
2616 sizeof(f->fu_fname));
2618 (void)strlcpy(f->fu_fname, p, sizeof(f->fu_fname));
2625 (void)strlcpy(f->fu_pipe_pname, p + 1,
2626 sizeof(f->fu_pipe_pname));
2635 for (i = 0; i < MAXUNAMES && *p; i++) {
2636 for (q = p; *q && *q != ','; )
2638 (void)strncpy(f->fu_uname[i], p, MAXLOGNAME - 1);
2639 if ((q - p) >= MAXLOGNAME)
2640 f->fu_uname[i][MAXLOGNAME - 1] = '\0';
2642 f->fu_uname[i][q - p] = '\0';
2643 while (*q == ',' || *q == ' ')
2647 f->f_type = F_USERS;
2655 * Decode a symbolic name to a numeric value
2658 decode(const char *name, const CODE *codetab)
2664 return (atoi(name));
2666 for (p = buf; *name && p < &buf[sizeof(buf) - 1]; p++, name++) {
2668 *p = tolower(*name);
2673 for (c = codetab; c->c_name; c++)
2674 if (!strcmp(buf, c->c_name))
2684 struct deadq_entry *dq, *dq0;
2686 now = time((time_t *)NULL);
2687 MarkSeq += TIMERINTVL;
2688 if (MarkSeq >= MarkInterval) {
2689 logmsg(LOG_INFO, NULL, LocalHostName, NULL, NULL, NULL, NULL,
2690 "-- MARK --", MARK);
2694 STAILQ_FOREACH(f, &fhead, next) {
2695 if (f->f_prevcount && now >= REPEATTIME(f)) {
2696 dprintf("flush %s: repeated %d times, %d sec.\n",
2697 TypeNames[f->f_type], f->f_prevcount,
2698 repeatinterval[f->f_repeatcount]);
2699 fprintlog(f, 0, (char *)NULL);
2704 /* Walk the dead queue, and see if we should signal somebody. */
2705 TAILQ_FOREACH_SAFE(dq, &deadq_head, dq_entries, dq0) {
2706 switch (dq->dq_timeout) {
2708 /* Already signalled once, try harder now. */
2709 if (kill(dq->dq_pid, SIGKILL) != 0)
2710 (void)deadq_remove(dq);
2715 * Timed out on dead queue, send terminate
2716 * signal. Note that we leave the removal
2717 * from the dead queue to reapchild(), which
2718 * will also log the event (unless the process
2719 * didn't even really exist, in case we simply
2720 * drop it from the dead queue).
2722 if (kill(dq->dq_pid, SIGTERM) != 0)
2723 (void)deadq_remove(dq);
2732 (void)alarm(TIMERINTVL);
2736 * fork off and become a daemon, but wait for the child to come online
2737 * before returning to the parent, or we get disk thrashing at boot etc.
2738 * Set a timer so we don't hang forever if it wedges.
2741 waitdaemon(int maxwait)
2745 pid_t pid, childpid;
2747 switch (childpid = fork()) {
2753 signal(SIGALRM, timedout);
2755 while ((pid = wait3(&status, 0, NULL)) != -1) {
2756 if (WIFEXITED(status))
2757 errx(1, "child pid %d exited with return code %d",
2758 pid, WEXITSTATUS(status));
2759 if (WIFSIGNALED(status))
2760 errx(1, "child pid %d exited on signal %d%s",
2761 pid, WTERMSIG(status),
2762 WCOREDUMP(status) ? " (core dumped)" :
2764 if (pid == childpid) /* it's gone... */
2774 if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
2775 (void)dup2(fd, STDIN_FILENO);
2776 (void)dup2(fd, STDOUT_FILENO);
2777 (void)dup2(fd, STDERR_FILENO);
2778 if (fd > STDERR_FILENO)
2785 * We get a SIGALRM from the child when it's running and finished doing it's
2786 * fsync()'s or O_SYNC writes for all the boot messages.
2788 * We also get a signal from the kernel if the timer expires, so check to
2789 * see what happened.
2792 timedout(int sig __unused)
2796 signal(SIGALRM, SIG_DFL);
2798 errx(1, "timed out waiting for child");
2804 * Add `s' to the list of allowable peer addresses to accept messages
2807 * `s' is a string in the form:
2809 * [*]domainname[:{servicename|portnumber|*}]
2813 * netaddr/maskbits[:{servicename|portnumber|*}]
2815 * Returns -1 on error, 0 if the argument was valid.
2820 #if defined(INET) || defined(INET6)
2822 struct allowedpeer *ap;
2825 struct addrinfo hints, *res = NULL;
2827 in_addr_t *addrp, *maskp;
2830 uint32_t *addr6p, *mask6p;
2832 char ip[NI_MAXHOST];
2834 ap = calloc(1, sizeof(*ap));
2836 err(1, "malloc failed");
2839 if (*s != '[' || (cp1 = strchr(s + 1, ']')) == NULL)
2842 if ((cp1 = strrchr(cp1, ':'))) {
2843 /* service/port provided */
2845 if (strlen(cp1) == 1 && *cp1 == '*')
2846 /* any port allowed */
2848 else if ((se = getservbyname(cp1, "udp"))) {
2849 ap->port = ntohs(se->s_port);
2851 ap->port = strtol(cp1, &cp2, 0);
2852 /* port not numeric */
2857 if ((se = getservbyname("syslog", "udp")))
2858 ap->port = ntohs(se->s_port);
2860 /* sanity, should not happen */
2864 if ((cp1 = strchr(s, '/')) != NULL &&
2865 strspn(cp1 + 1, "0123456789") == strlen(cp1 + 1)) {
2867 if ((masklen = atoi(cp1 + 1)) < 0)
2872 cp2 = s + strlen(s) - 1;
2883 hints = (struct addrinfo){
2884 .ai_family = PF_UNSPEC,
2885 .ai_socktype = SOCK_DGRAM,
2886 .ai_flags = AI_PASSIVE | AI_NUMERICHOST
2888 if (getaddrinfo(s, NULL, &hints, &res) == 0) {
2890 memcpy(&ap->a_addr, res->ai_addr, res->ai_addrlen);
2891 ap->a_mask = (struct sockaddr_storage){
2892 .ss_family = res->ai_family,
2893 .ss_len = res->ai_addrlen
2895 switch (res->ai_family) {
2898 maskp = &sstosin(&ap->a_mask)->sin_addr.s_addr;
2899 addrp = &sstosin(&ap->a_addr)->sin_addr.s_addr;
2901 /* use default netmask */
2902 if (IN_CLASSA(ntohl(*addrp)))
2903 *maskp = htonl(IN_CLASSA_NET);
2904 else if (IN_CLASSB(ntohl(*addrp)))
2905 *maskp = htonl(IN_CLASSB_NET);
2907 *maskp = htonl(IN_CLASSC_NET);
2908 } else if (masklen == 0) {
2910 } else if (masklen <= 32) {
2911 /* convert masklen to netmask */
2912 *maskp = htonl(~((1 << (32 - masklen)) - 1));
2916 /* Lose any host bits in the network number. */
2927 mask6p = (uint32_t *)&sstosin6(&ap->a_mask)->sin6_addr.s6_addr32[0];
2928 addr6p = (uint32_t *)&sstosin6(&ap->a_addr)->sin6_addr.s6_addr32[0];
2929 /* convert masklen to netmask */
2930 while (masklen > 0) {
2933 htonl(~(0xffffffff >> masklen));
2937 *mask6p++ = 0xffffffff;
2949 /* arg `s' is domain name */
2961 STAILQ_INSERT_TAIL(&aphead, ap, next);
2964 printf("allowaddr: rule ");
2965 if (ap->isnumeric) {
2966 printf("numeric, ");
2967 getnameinfo(sstosa(&ap->a_addr),
2968 (sstosa(&ap->a_addr))->sa_len,
2969 ip, sizeof ip, NULL, 0, NI_NUMERICHOST);
2970 printf("addr = %s, ", ip);
2971 getnameinfo(sstosa(&ap->a_mask),
2972 (sstosa(&ap->a_mask))->sa_len,
2973 ip, sizeof ip, NULL, 0, NI_NUMERICHOST);
2974 printf("mask = %s; ", ip);
2976 printf("domainname = %s; ", ap->a_name);
2978 printf("port = %d\n", ap->port);
2991 * Validate that the remote peer has permission to log to us.
2994 validate(struct sockaddr *sa, const char *hname)
2997 char name[NI_MAXHOST], ip[NI_MAXHOST], port[NI_MAXSERV];
2998 struct allowedpeer *ap;
3000 struct sockaddr_in *sin4, *a4p = NULL, *m4p = NULL;
3003 struct sockaddr_in6 *sin6, *a6p = NULL, *m6p = NULL;
3005 struct addrinfo hints, *res;
3009 STAILQ_FOREACH(ap, &aphead, next) {
3012 dprintf("# of validation rule: %d\n", num);
3014 /* traditional behaviour, allow everything */
3017 (void)strlcpy(name, hname, sizeof(name));
3018 hints = (struct addrinfo){
3019 .ai_family = PF_UNSPEC,
3020 .ai_socktype = SOCK_DGRAM,
3021 .ai_flags = AI_PASSIVE | AI_NUMERICHOST
3023 if (getaddrinfo(name, NULL, &hints, &res) == 0)
3025 else if (strchr(name, '.') == NULL) {
3026 strlcat(name, ".", sizeof name);
3027 strlcat(name, LocalDomain, sizeof name);
3029 if (getnameinfo(sa, sa->sa_len, ip, sizeof(ip), port, sizeof(port),
3030 NI_NUMERICHOST | NI_NUMERICSERV) != 0)
3031 return (0); /* for safety, should not occur */
3032 dprintf("validate: dgram from IP %s, port %s, name %s;\n",
3036 /* now, walk down the list */
3038 STAILQ_FOREACH(ap, &aphead, next) {
3040 if (ap->port != 0 && ap->port != sport) {
3041 dprintf("rejected in rule %d due to port mismatch.\n",
3046 if (ap->isnumeric) {
3047 if (ap->a_addr.ss_family != sa->sa_family) {
3048 dprintf("rejected in rule %d due to address family mismatch.\n", i);
3052 else if (ap->a_addr.ss_family == AF_INET) {
3054 a4p = satosin(&ap->a_addr);
3055 m4p = satosin(&ap->a_mask);
3056 if ((sin4->sin_addr.s_addr & m4p->sin_addr.s_addr)
3057 != a4p->sin_addr.s_addr) {
3058 dprintf("rejected in rule %d due to IP mismatch.\n", i);
3064 else if (ap->a_addr.ss_family == AF_INET6) {
3065 sin6 = satosin6(sa);
3066 a6p = satosin6(&ap->a_addr);
3067 m6p = satosin6(&ap->a_mask);
3068 if (a6p->sin6_scope_id != 0 &&
3069 sin6->sin6_scope_id != a6p->sin6_scope_id) {
3070 dprintf("rejected in rule %d due to scope mismatch.\n", i);
3073 if (IN6_ARE_MASKED_ADDR_EQUAL(&sin6->sin6_addr,
3074 &a6p->sin6_addr, &m6p->sin6_addr) != 0) {
3075 dprintf("rejected in rule %d due to IP mismatch.\n", i);
3083 if (fnmatch(ap->a_name, name, FNM_NOESCAPE) ==
3085 dprintf("rejected in rule %d due to name "
3090 dprintf("accepted in rule %d.\n", i);
3091 return (1); /* hooray! */
3097 * Fairly similar to popen(3), but returns an open descriptor, as
3098 * opposed to a FILE *.
3101 p_open(const char *prog, pid_t *rpid)
3103 int pfd[2], nulldesc;
3105 char *argv[4]; /* sh -c cmd NULL */
3108 if (pipe(pfd) == -1)
3110 if ((nulldesc = open(_PATH_DEVNULL, O_RDWR)) == -1)
3111 /* we are royally screwed anyway */
3114 switch ((pid = fork())) {
3120 (void)setsid(); /* Avoid catching SIGHUPs. */
3121 argv[0] = strdup("sh");
3122 argv[1] = strdup("-c");
3123 argv[2] = strdup(prog);
3125 if (argv[0] == NULL || argv[1] == NULL || argv[2] == NULL) {
3132 /* Restore signals marked as SIG_IGN. */
3133 (void)signal(SIGINT, SIG_DFL);
3134 (void)signal(SIGQUIT, SIG_DFL);
3135 (void)signal(SIGPIPE, SIG_DFL);
3137 dup2(pfd[0], STDIN_FILENO);
3138 dup2(nulldesc, STDOUT_FILENO);
3139 dup2(nulldesc, STDERR_FILENO);
3140 closefrom(STDERR_FILENO + 1);
3142 (void)execvp(_PATH_BSHELL, argv);
3148 * Avoid blocking on a hung pipe. With O_NONBLOCK, we are
3149 * supposed to get an EWOULDBLOCK on writev(2), which is
3150 * caught by the logic above anyway, which will in turn close
3151 * the pipe, and fork a new logging subprocess if necessary.
3152 * The stale subprocess will be killed some time later unless
3153 * it terminated itself due to closing its input pipe (so we
3154 * get rid of really dead puppies).
3156 if (fcntl(pfd[1], F_SETFL, O_NONBLOCK) == -1) {
3158 (void)snprintf(errmsg, sizeof errmsg,
3159 "Warning: cannot change pipe to PID %d to "
3160 "non-blocking behaviour.",
3169 deadq_enter(pid_t pid, const char *name)
3171 struct deadq_entry *dq;
3177 * Be paranoid, if we can't signal the process, don't enter it
3178 * into the dead queue (perhaps it's already dead). If possible,
3179 * we try to fetch and log the child's status.
3181 if (kill(pid, 0) != 0) {
3182 if (waitpid(pid, &status, WNOHANG) > 0)
3183 log_deadchild(pid, status, name);
3187 dq = malloc(sizeof(*dq));
3192 *dq = (struct deadq_entry){
3194 .dq_timeout = DQ_TIMO_INIT
3196 TAILQ_INSERT_TAIL(&deadq_head, dq, dq_entries);
3200 deadq_remove(struct deadq_entry *dq)
3203 TAILQ_REMOVE(&deadq_head, dq, dq_entries);
3212 deadq_removebypid(pid_t pid)
3214 struct deadq_entry *dq;
3216 TAILQ_FOREACH(dq, &deadq_head, dq_entries) {
3217 if (dq->dq_pid == pid)
3220 return (deadq_remove(dq));
3224 log_deadchild(pid_t pid, int status, const char *name)
3230 errno = 0; /* Keep strerror() stuff out of logerror messages. */
3231 if (WIFSIGNALED(status)) {
3232 reason = "due to signal";
3233 code = WTERMSIG(status);
3235 reason = "with status";
3236 code = WEXITSTATUS(status);
3240 (void)snprintf(buf, sizeof buf,
3241 "Logging subprocess %d (%s) exited %s %d.",
3242 pid, name, reason, code);
3247 socksetup(struct peer *pe)
3249 struct addrinfo hints, *res, *res0;
3252 int (*sl_recv)(struct socklist *);
3254 * We have to handle this case for backwards compatibility:
3255 * If there are two (or more) colons but no '[' and ']',
3256 * assume this is an inet6 address without a service.
3258 if (pe->pe_name != NULL) {
3260 if (pe->pe_name[0] == '[' &&
3261 (cp = strchr(pe->pe_name + 1, ']')) != NULL) {
3262 pe->pe_name = &pe->pe_name[1];
3264 if (cp[1] == ':' && cp[2] != '\0')
3265 pe->pe_serv = cp + 2;
3268 cp = strchr(pe->pe_name, ':');
3269 if (cp != NULL && strchr(cp + 1, ':') == NULL) {
3272 pe->pe_serv = cp + 1;
3273 if (cp == pe->pe_name)
3280 hints = (struct addrinfo){
3281 .ai_family = AF_UNSPEC,
3282 .ai_socktype = SOCK_DGRAM,
3283 .ai_flags = AI_PASSIVE
3285 if (pe->pe_name != NULL)
3286 dprintf("Trying peer: %s\n", pe->pe_name);
3287 if (pe->pe_serv == NULL)
3288 pe->pe_serv = "syslog";
3289 error = getaddrinfo(pe->pe_name, pe->pe_serv, &hints, &res0);
3293 asprintf(&msgbuf, "getaddrinfo failed for %s%s: %s",
3294 pe->pe_name == NULL ? "" : pe->pe_name, pe->pe_serv,
3295 gai_strerror(error));
3298 logerror(gai_strerror(error));
3304 for (res = res0; res != NULL; res = res->ai_next) {
3307 if (res->ai_family != AF_LOCAL &&
3309 /* Only AF_LOCAL in secure mode. */
3312 if (family != AF_UNSPEC &&
3313 res->ai_family != AF_LOCAL && res->ai_family != family)
3316 s = socket(res->ai_family, res->ai_socktype,
3324 if (res->ai_family == AF_INET6) {
3325 if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
3326 &(int){1}, sizeof(int)) < 0) {
3327 logerror("setsockopt(IPV6_V6ONLY)");
3334 if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
3335 &(int){1}, sizeof(int)) < 0) {
3336 logerror("setsockopt(SO_REUSEADDR)");
3343 * Bind INET and UNIX-domain sockets.
3345 * A UNIX-domain socket is always bound to a pathname
3346 * regardless of -N flag.
3348 * For INET sockets, RFC 3164 recommends that client
3349 * side message should come from the privileged syslogd port.
3351 * If the system administrator chooses not to obey
3352 * this, we can skip the bind() step so that the
3353 * system will choose a port for us.
3355 if (res->ai_family == AF_LOCAL)
3356 unlink(pe->pe_name);
3357 if (res->ai_family == AF_LOCAL ||
3358 NoBind == 0 || pe->pe_name != NULL) {
3359 if (bind(s, res->ai_addr, res->ai_addrlen) < 0) {
3365 if (res->ai_family == AF_LOCAL ||
3369 if (res->ai_family == AF_LOCAL &&
3370 chmod(pe->pe_name, pe->pe_mode) < 0) {
3371 dprintf("chmod %s: %s\n", pe->pe_name,
3377 dprintf("new socket fd is %d\n", s);
3378 if (res->ai_socktype != SOCK_DGRAM) {
3381 sl_recv = socklist_recv_sock;
3382 #if defined(INET) || defined(INET6)
3383 if (SecureMode && (res->ai_family == AF_INET ||
3384 res->ai_family == AF_INET6)) {
3385 dprintf("shutdown\n");
3386 /* Forbid communication in secure mode. */
3387 if (shutdown(s, SHUT_RD) < 0 &&
3388 errno != ENOTCONN) {
3389 logerror("shutdown");
3396 dprintf("listening on socket\n");
3397 dprintf("sending on socket\n");
3398 addsock(res->ai_addr, res->ai_addrlen,
3411 increase_rcvbuf(int fd)
3415 if (getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &len,
3416 &(socklen_t){sizeof(len)}) == 0) {
3417 if (len < RCVBUF_MINSIZE) {
3418 len = RCVBUF_MINSIZE;
3419 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &len, sizeof(len));