2 * Copyright (c) 1983, 1988, 1993, 1994
3 * The Regents of the University of California. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of the University nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 static const char copyright[] =
32 "@(#) Copyright (c) 1983, 1988, 1993, 1994\n\
33 The Regents of the University of California. All rights reserved.\n";
38 static char sccsid[] = "@(#)syslogd.c 8.3 (Berkeley) 4/4/94";
42 #include <sys/cdefs.h>
43 __FBSDID("$FreeBSD$");
46 * syslogd -- log system messages
48 * This program implements a system log. It takes a series of lines.
49 * Each line may have a priority, signified as "<n>" as
50 * the first characters of the line. If this is
51 * not present, a default priority is used.
53 * To kill syslogd, send a signal 15 (terminate). A signal 1 (hup) will
54 * cause it to reread its configuration file.
58 * MAXLINE -- the maximum line length that can be handled.
59 * DEFUPRI -- the default priority for user messages
60 * DEFSPRI -- the default priority for kernel messages
63 * extensive changes by Ralph Campbell
64 * more extensive changes by Eric Allman (again)
65 * Extension to log by program name as well as facility and priority
67 * -u and -v by Harlan Stenn.
68 * Priority comparison code by Harlan Stenn.
71 /* Maximum number of characters in time of last occurrence */
73 #define MAXLINE 1024 /* maximum line length */
74 #define MAXSVLINE MAXLINE /* maximum saved line length */
75 #define DEFUPRI (LOG_USER|LOG_NOTICE)
76 #define DEFSPRI (LOG_KERN|LOG_CRIT)
77 #define TIMERINTVL 30 /* interval for checking flush, mark */
78 #define TTYMSGTIME 1 /* timeout passed to ttymsg */
79 #define RCVBUF_MINSIZE (80 * 1024) /* minimum size of dgram rcv buffer */
81 #include <sys/param.h>
82 #include <sys/ioctl.h>
84 #include <sys/queue.h>
85 #include <sys/resource.h>
86 #include <sys/socket.h>
88 #include <sys/syslimits.h>
94 #if defined(INET) || defined(INET6)
95 #include <netinet/in.h>
96 #include <arpa/inet.h>
113 #include <sysexits.h>
117 #include "pathnames.h"
121 #include <sys/syslog.h>
123 static const char *ConfFile = _PATH_LOGCONF;
124 static const char *PidFile = _PATH_LOGPID;
125 static const char ctty[] = _PATH_CONSOLE;
126 static const char include_str[] = "include";
127 static const char include_ext[] = ".conf";
129 #define dprintf if (Debug) printf
131 #define MAXUNAMES 20 /* maximum number of user names */
133 #define sstosa(ss) ((struct sockaddr *)(ss))
135 #define sstosin(ss) ((struct sockaddr_in *)(void *)(ss))
136 #define satosin(sa) ((struct sockaddr_in *)(void *)(sa))
139 #define sstosin6(ss) ((struct sockaddr_in6 *)(void *)(ss))
140 #define satosin6(sa) ((struct sockaddr_in6 *)(void *)(sa))
141 #define s6_addr32 __u6_addr.__u6_addr32
142 #define IN6_ARE_MASKED_ADDR_EQUAL(d, a, m) ( \
143 (((d)->s6_addr32[0] ^ (a)->s6_addr32[0]) & (m)->s6_addr32[0]) == 0 && \
144 (((d)->s6_addr32[1] ^ (a)->s6_addr32[1]) & (m)->s6_addr32[1]) == 0 && \
145 (((d)->s6_addr32[2] ^ (a)->s6_addr32[2]) & (m)->s6_addr32[2]) == 0 && \
146 (((d)->s6_addr32[3] ^ (a)->s6_addr32[3]) & (m)->s6_addr32[3]) == 0 )
149 * List of peers and sockets for binding.
155 STAILQ_ENTRY(peer) next;
157 static STAILQ_HEAD(, peer) pqueue = STAILQ_HEAD_INITIALIZER(pqueue);
160 struct sockaddr_storage sl_ss;
162 struct peer *sl_peer;
163 int (*sl_recv)(struct socklist *);
164 STAILQ_ENTRY(socklist) next;
166 static STAILQ_HEAD(, socklist) shead = STAILQ_HEAD_INITIALIZER(shead);
172 #define IGN_CONS 0x001 /* don't print on console */
173 #define SYNC_FILE 0x002 /* do fsync on file after printing */
174 #define ADDDATE 0x004 /* add a date to the message */
175 #define MARK 0x008 /* this message is a mark */
176 #define ISKERNEL 0x010 /* kernel generated message */
179 * This structure represents the files that will have log
181 * We require f_file to be valid if f_type is F_FILE, F_CONSOLE, F_TTY
182 * or if f_type if F_PIPE and f_pid > 0.
186 STAILQ_ENTRY(filed) next; /* next in linked list */
187 short f_type; /* entry type, see below */
188 short f_file; /* file descriptor */
189 time_t f_time; /* time this was last written */
190 char *f_host; /* host from which to recd. */
191 u_char f_pmask[LOG_NFACILITIES+1]; /* priority mask */
192 u_char f_pcmp[LOG_NFACILITIES+1]; /* compare priority */
196 char *f_program; /* program this applies to */
198 char f_uname[MAXUNAMES][MAXLOGNAME];
200 char f_hname[MAXHOSTNAMELEN];
201 struct addrinfo *f_addr;
203 } f_forw; /* forwarding address */
204 char f_fname[MAXPATHLEN];
206 char f_pname[MAXPATHLEN];
210 #define fu_uname f_un.f_uname
211 #define fu_forw_hname f_un.f_forw.f_hname
212 #define fu_forw_addr f_un.f_forw.f_addr
213 #define fu_fname f_un.f_fname
214 #define fu_pipe_pname f_un.f_pipe.f_pname
215 #define fu_pipe_pid f_un.f_pipe.f_pid
216 char f_prevline[MAXSVLINE]; /* last message logged */
217 char f_lasttime[MAXDATELEN]; /* time of last occurrence */
218 char f_prevhost[MAXHOSTNAMELEN]; /* host from which recd. */
219 int f_prevpri; /* pri of f_prevline */
220 int f_prevlen; /* length of f_prevline */
221 int f_prevcount; /* repetition cnt of prevline */
222 u_int f_repeatcount; /* number of "repeated" msgs */
223 int f_flags; /* file-specific flags */
224 #define FFLAG_SYNC 0x01
225 #define FFLAG_NEEDSYNC 0x02
229 * Queue of about-to-be dead processes we should watch out for.
234 TAILQ_ENTRY(deadq_entry) dq_entries;
236 static TAILQ_HEAD(, deadq_entry) deadq_head =
237 TAILQ_HEAD_INITIALIZER(deadq_head);
240 * The timeout to apply to processes waiting on the dead queue. Unit
241 * of measure is `mark intervals', i.e. 20 minutes by default.
242 * Processes on the dead queue will be terminated after that time.
245 #define DQ_TIMO_INIT 2
248 * Struct to hold records of network addresses that are allowed to log
256 struct sockaddr_storage addr;
257 struct sockaddr_storage mask;
261 #define a_addr u.numeric.addr
262 #define a_mask u.numeric.mask
263 #define a_name u.name
264 STAILQ_ENTRY(allowedpeer) next;
266 static STAILQ_HEAD(, allowedpeer) aphead = STAILQ_HEAD_INITIALIZER(aphead);
270 * Intervals at which we flush out "message repeated" messages,
271 * in seconds after previous message is logged. After each flush,
272 * we move to the next interval until we reach the largest.
274 static int repeatinterval[] = { 30, 120, 600 }; /* # of secs before flush */
275 #define MAXREPEAT (nitems(repeatinterval) - 1)
276 #define REPEATTIME(f) ((f)->f_time + repeatinterval[(f)->f_repeatcount])
277 #define BACKOFF(f) do { \
278 if (++(f)->f_repeatcount > MAXREPEAT) \
279 (f)->f_repeatcount = MAXREPEAT; \
282 /* values for f_type */
283 #define F_UNUSED 0 /* unused entry */
284 #define F_FILE 1 /* regular file */
285 #define F_TTY 2 /* terminal */
286 #define F_CONSOLE 3 /* console terminal */
287 #define F_FORW 4 /* remote machine */
288 #define F_USERS 5 /* list of users */
289 #define F_WALL 6 /* everyone logged on */
290 #define F_PIPE 7 /* pipe to program */
292 static const char *TypeNames[] = {
293 "UNUSED", "FILE", "TTY", "CONSOLE",
294 "FORW", "USERS", "WALL", "PIPE"
297 static STAILQ_HEAD(, filed) fhead =
298 STAILQ_HEAD_INITIALIZER(fhead); /* Log files that we write to */
299 static struct filed consfile; /* Console */
301 static int Debug; /* debug flag */
302 static int Foreground = 0; /* Run in foreground, instead of daemonizing */
303 static int resolve = 1; /* resolve hostname */
304 static char LocalHostName[MAXHOSTNAMELEN]; /* our hostname */
305 static const char *LocalDomain; /* our local domain name */
306 static int Initialized; /* set when we have initialized ourselves */
307 static int MarkInterval = 20 * 60; /* interval between marks in seconds */
308 static int MarkSeq; /* mark sequence number */
309 static int NoBind; /* don't bind() as suggested by RFC 3164 */
310 static int SecureMode; /* when true, receive only unix domain socks */
312 static int family = PF_UNSPEC; /* protocol family (IPv4, IPv6 or both) */
314 static int family = PF_INET; /* protocol family (IPv4 only) */
316 static int mask_C1 = 1; /* mask characters from 0x80 - 0x9F */
317 static int send_to_all; /* send message to all IPv4/IPv6 addresses */
318 static int use_bootfile; /* log entire bootfile for every kern msg */
319 static int no_compress; /* don't compress messages (1=pipes, 2=all) */
320 static int logflags = O_WRONLY|O_APPEND; /* flags used to open log files */
322 static char bootfile[MAXLINE+1]; /* booted kernel file */
324 static int RemoteAddDate; /* Always set the date on remote messages */
326 static int UniquePriority; /* Only log specified priority? */
327 static int LogFacPri; /* Put facility and priority in log message: */
328 /* 0=no, 1=numeric, 2=names */
329 static int KeepKernFac; /* Keep remotely logged kernel facility */
330 static int needdofsync = 0; /* Are any file(s) waiting to be fsynced? */
331 static struct pidfh *pfh;
332 static int sigpipe[2]; /* Pipe to catch a signal during select(). */
334 static volatile sig_atomic_t MarkSet, WantDie, WantInitialize, WantReapchild;
336 static int allowaddr(char *);
337 static int addfile(struct filed *);
338 static int addpeer(struct peer *);
339 static int addsock(struct sockaddr *, socklen_t, struct socklist *);
340 static struct filed *cfline(const char *, const char *, const char *);
341 static const char *cvthname(struct sockaddr *);
342 static void deadq_enter(pid_t, const char *);
343 static int deadq_remove(struct deadq_entry *);
344 static int deadq_removebypid(pid_t);
345 static int decode(const char *, const CODE *);
346 static void die(int) __dead2;
347 static void dodie(int);
348 static void dofsync(void);
349 static void domark(int);
350 static void fprintlog(struct filed *, int, const char *);
351 static void init(int);
352 static void logerror(const char *);
353 static void logmsg(int, const char *, const char *, int);
354 static void log_deadchild(pid_t, int, const char *);
355 static void markit(void);
356 static int socksetup(struct peer *);
357 static int socklist_recv_file(struct socklist *);
358 static int socklist_recv_sock(struct socklist *);
359 static int socklist_recv_signal(struct socklist *);
360 static void sighandler(int);
361 static int skip_message(const char *, const char *, int);
362 static void printline(const char *, char *, int);
363 static void printsys(char *);
364 static int p_open(const char *, pid_t *);
365 static void reapchild(int);
366 static const char *ttymsg_check(struct iovec *, int, char *, int);
367 static void usage(void);
368 static int validate(struct sockaddr *, const char *);
369 static void unmapped(struct sockaddr *);
370 static void wallmsg(struct filed *, struct iovec *, const int iovlen);
371 static int waitdaemon(int);
372 static void timedout(int);
373 static void increase_rcvbuf(int);
376 close_filed(struct filed *f)
379 if (f == NULL || f->f_file == -1)
387 f->f_type = F_UNUSED;
393 (void)close(f->f_file);
398 addfile(struct filed *f0)
402 f = calloc(1, sizeof(*f));
404 err(1, "malloc failed");
406 STAILQ_INSERT_TAIL(&fhead, f, next);
412 addpeer(struct peer *pe0)
416 pe = calloc(1, sizeof(*pe));
418 err(1, "malloc failed");
420 STAILQ_INSERT_TAIL(&pqueue, pe, next);
426 addsock(struct sockaddr *sa, socklen_t sa_len, struct socklist *sl0)
430 sl = calloc(1, sizeof(*sl));
432 err(1, "malloc failed");
434 if (sa != NULL && sa_len > 0)
435 memcpy(&sl->sl_ss, sa, sa_len);
436 STAILQ_INSERT_TAIL(&shead, sl, next);
442 main(int argc, char *argv[])
444 int ch, i, s, fdsrmax = 0, bflag = 0, pflag = 0, Sflag = 0;
446 struct timeval tv, *tvp;
449 pid_t ppid = 1, spid;
452 if (madvise(NULL, 0, MADV_PROTECT) != 0)
453 dprintf("madvise() failed: %s\n", strerror(errno));
455 while ((ch = getopt(argc, argv, "468Aa:b:cCdf:Fkl:m:nNop:P:sS:Tuv"))
474 case 'a': /* allow specific network addresses only */
475 if (allowaddr(optarg) == -1)
480 p = strchr(optarg, ']');
482 p = strchr(p + 1, ':');
484 p = strchr(optarg, ':');
485 if (p != NULL && strchr(p + 1, ':') != NULL)
486 p = NULL; /* backward compatibility */
489 /* A hostname or filename only. */
490 addpeer(&(struct peer){
495 /* The case of "name:service". */
497 addpeer(&(struct peer){
499 .pe_name = (strlen(optarg) == 0) ?
510 case 'd': /* debug */
513 case 'f': /* configuration file */
516 case 'F': /* run in foreground instead of daemon */
519 case 'k': /* keep remote kern fac */
532 else if (ch == 'p') {
535 } else if (ch == 'S') {
536 mode = S_IRUSR | S_IWUSR;
539 if (optarg[0] == '/')
541 else if ((name = strchr(optarg, ':')) != NULL) {
544 errx(1, "socket name must be absolute "
546 if (isdigit(*optarg)) {
547 perml = strtol(optarg, &ep, 8);
548 if (*ep || perml < 0 ||
549 perml & ~(S_IRWXU|S_IRWXG|S_IRWXO))
550 errx(1, "invalid mode %s, exiting",
552 mode = (mode_t )perml;
554 errx(1, "invalid mode %s, exiting",
557 errx(1, "invalid filename %s, exiting",
559 addpeer(&(struct peer){
565 case 'm': /* mark interval */
566 MarkInterval = atoi(optarg) * 60;
578 case 'P': /* path for alt. PID */
581 case 's': /* no network mode */
587 case 'u': /* only log specified priority */
590 case 'v': /* log facility and priority */
596 if ((argc -= optind) != 0)
599 /* Pipe to catch a signal during select(). */
600 s = pipe2(sigpipe, O_CLOEXEC);
602 err(1, "cannot open a pipe for signals");
604 addsock(NULL, 0, &(struct socklist){
605 .sl_socket = sigpipe[0],
606 .sl_recv = socklist_recv_signal
610 /* Listen by default: /dev/klog. */
611 s = open(_PATH_KLOG, O_RDONLY | O_NONBLOCK | O_CLOEXEC, 0);
613 dprintf("can't open %s (%d)\n", _PATH_KLOG, errno);
615 addsock(NULL, 0, &(struct socklist){
617 .sl_recv = socklist_recv_file,
620 /* Listen by default: *:514 if no -b flag. */
622 addpeer(&(struct peer){
625 /* Listen by default: /var/run/log if no -p flag. */
627 addpeer(&(struct peer){
628 .pe_name = _PATH_LOG,
629 .pe_mode = DEFFILEMODE,
631 /* Listen by default: /var/run/logpriv if no -S flag. */
633 addpeer(&(struct peer){
634 .pe_name = _PATH_LOG_PRIV,
635 .pe_mode = S_IRUSR | S_IWUSR,
637 STAILQ_FOREACH(pe, &pqueue, next)
640 pfh = pidfile_open(PidFile, 0600, &spid);
643 errx(1, "syslogd already running, pid: %d", spid);
644 warn("cannot open pid file");
647 if ((!Foreground) && (!Debug)) {
648 ppid = waitdaemon(30);
650 warn("could not become daemon");
657 consfile.f_type = F_CONSOLE;
658 (void)strlcpy(consfile.fu_fname, ctty + sizeof _PATH_DEV - 1,
659 sizeof(consfile.fu_fname));
660 (void)strlcpy(bootfile, getbootfile(), sizeof(bootfile));
661 (void)signal(SIGTERM, dodie);
662 (void)signal(SIGINT, Debug ? dodie : SIG_IGN);
663 (void)signal(SIGQUIT, Debug ? dodie : SIG_IGN);
664 (void)signal(SIGHUP, sighandler);
665 (void)signal(SIGCHLD, sighandler);
666 (void)signal(SIGALRM, domark);
667 (void)signal(SIGPIPE, SIG_IGN); /* We'll catch EPIPE instead. */
668 (void)alarm(TIMERINTVL);
670 /* tuck my process id away */
673 dprintf("off & running....\n");
676 tv.tv_sec = tv.tv_usec = 0;
678 STAILQ_FOREACH(sl, &shead, next) {
679 if (sl->sl_socket > fdsrmax)
680 fdsrmax = sl->sl_socket;
682 fdsr = (fd_set *)calloc(howmany(fdsrmax+1, NFDBITS),
685 errx(1, "calloc fd_set");
688 if (Initialized == 0)
690 else if (WantInitialize)
691 init(WantInitialize);
693 reapchild(WantReapchild);
701 bzero(fdsr, howmany(fdsrmax+1, NFDBITS) *
704 STAILQ_FOREACH(sl, &shead, next) {
705 if (sl->sl_socket != -1 && sl->sl_recv != NULL)
706 FD_SET(sl->sl_socket, fdsr);
708 i = select(fdsrmax + 1, fdsr, NULL, NULL,
709 needdofsync ? &tv : tvp);
725 STAILQ_FOREACH(sl, &shead, next) {
726 if (FD_ISSET(sl->sl_socket, fdsr))
734 socklist_recv_signal(struct socklist *sl __unused)
739 if (ioctl(sigpipe[0], FIONREAD, &i) != 0) {
740 logerror("ioctl(FIONREAD)");
741 err(1, "signal pipe read failed");
743 nsig = i / sizeof(signo);
744 dprintf("# of received signals = %d\n", nsig);
745 for (i = 0; i < nsig; i++) {
746 len = read(sigpipe[0], &signo, sizeof(signo));
747 if (len != sizeof(signo)) {
748 logerror("signal pipe read failed");
749 err(1, "signal pipe read failed");
751 dprintf("Received signal: %d from fd=%d\n", signo,
766 socklist_recv_sock(struct socklist *sl)
768 struct sockaddr_storage ss;
769 struct sockaddr *sa = (struct sockaddr *)&ss;
772 char line[MAXLINE + 1];
776 len = recvfrom(sl->sl_socket, line, sizeof(line) - 1, 0, sa, &sslen);
777 dprintf("received sa_len = %d\n", sslen);
782 logerror("recvfrom");
785 /* Received valid data. */
787 if (sl->sl_ss.ss_family == AF_LOCAL) {
788 hname = LocalHostName;
791 hname = cvthname(sa);
793 if (validate(sa, hname) == 0)
795 date = RemoteAddDate ? ADDDATE : 0;
798 printline(hname, line, date);
800 dprintf("Invalid msg from %s was ignored.", hname);
806 unmapped(struct sockaddr *sa)
808 #if defined(INET) && defined(INET6)
809 struct sockaddr_in6 *sin6;
810 struct sockaddr_in sin;
813 sa->sa_family != AF_INET6 ||
814 sa->sa_len != sizeof(*sin6))
817 if (!IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr))
819 sin = (struct sockaddr_in){
820 .sin_family = AF_INET,
821 .sin_len = sizeof(sin),
822 .sin_port = sin6->sin6_port
824 memcpy(&sin.sin_addr, &sin6->sin6_addr.s6_addr[12],
825 sizeof(sin.sin_addr));
826 memcpy(sa, &sin, sizeof(sin));
837 fprintf(stderr, "%s\n%s\n%s\n%s\n%s\n",
838 "usage: syslogd [-468ACcdFknosTuv] [-a allowed_peer]",
839 " [-b bind_address] [-f config_file]",
840 " [-l [mode:]path] [-m mark_interval]",
841 " [-P pid_file] [-p log_socket]",
842 " [-S logpriv_socket]");
847 * Take a raw input line, decode the message, and print the message
848 * on the appropriate log files.
851 printline(const char *hname, char *msg, int flags)
856 char line[MAXLINE + 1];
858 /* test for special codes */
863 n = strtol(p + 1, &q, 10);
864 if (*q == '>' && n >= 0 && n < INT_MAX && errno == 0) {
869 if (pri &~ (LOG_FACMASK|LOG_PRIMASK))
873 * Don't allow users to log kernel messages.
874 * NOTE: since LOG_KERN == 0 this will also match
875 * messages with no facility specified.
877 if ((pri & LOG_FACMASK) == LOG_KERN && !KeepKernFac)
878 pri = LOG_MAKEPRI(LOG_USER, LOG_PRI(pri));
882 while ((c = (unsigned char)*p++) != '\0' &&
883 q < &line[sizeof(line) - 4]) {
884 if (mask_C1 && (c & 0x80) && c < 0xA0) {
889 if (isascii(c) && iscntrl(c)) {
892 } else if (c == '\t') {
904 logmsg(pri, line, hname, flags);
908 * Read /dev/klog while data are available, split into lines.
911 socklist_recv_file(struct socklist *sl)
913 char *p, *q, line[MAXLINE + 1];
918 i = read(sl->sl_socket, line + len, MAXLINE - 1 - len);
920 line[i + len] = '\0';
922 if (i < 0 && errno != EINTR && errno != EAGAIN) {
924 close(sl->sl_socket);
930 for (p = line; (q = strchr(p, '\n')) != NULL; p = q + 1) {
935 if (len >= MAXLINE - 1) {
940 memmove(line, p, len + 1);
949 * Take a raw input line from /dev/klog, format similar to syslog().
956 int flags, isprintf, pri;
958 flags = ISKERNEL | SYNC_FILE | ADDDATE; /* fsync after write */
964 n = strtol(p + 1, &q, 10);
965 if (*q == '>' && n >= 0 && n < INT_MAX && errno == 0) {
972 * Kernel printf's and LOG_CONSOLE messages have been displayed
973 * on the console already.
975 if (isprintf || (pri & LOG_FACMASK) == LOG_CONSOLE)
977 if (pri &~ (LOG_FACMASK|LOG_PRIMASK))
979 logmsg(pri, p, LocalHostName, flags);
985 * Match a program or host name against a specification.
986 * Return a non-0 value if the message must be ignored
987 * based on the specification.
990 skip_message(const char *name, const char *spec, int checkcase)
995 /* Behaviour on explicit match */
1010 s = strstr (spec, name);
1012 s = strcasestr (spec, name);
1015 prev = (s == spec ? ',' : *(s - 1));
1016 next = *(s + strlen (name));
1018 if (prev == ',' && (next == '\0' || next == ','))
1019 /* Explicit match: skip iff the spec is an
1024 /* No explicit match for this name: skip the message iff
1025 the spec is an inclusive one. */
1030 * Log a message to the appropriate log files, users, etc. based on
1034 logmsg(int pri, const char *msg, const char *from, int flags)
1037 int i, j, fac, msglen, prilev;
1038 const char *timestamp;
1039 char prog[NAME_MAX+1];
1040 char buf[MAXLINE+1];
1042 dprintf("logmsg: pri %o, flags %x, from %s, msg %s\n",
1043 pri, flags, from, msg);
1046 * Check to see if msg looks non-standard.
1048 msglen = strlen(msg);
1049 if (msglen < MAXDATELEN || msg[3] != ' ' || msg[6] != ' ' ||
1050 msg[9] != ':' || msg[12] != ':' || msg[15] != ' ')
1054 if (flags & ADDDATE) {
1055 timestamp = ctime(&now) + 4;
1059 msglen -= MAXDATELEN;
1062 /* skip leading blanks */
1063 while (isspace(*msg)) {
1068 /* extract facility and priority level */
1070 fac = LOG_NFACILITIES;
1074 /* Check maximum facility number. */
1075 if (fac > LOG_NFACILITIES)
1078 prilev = LOG_PRI(pri);
1080 /* skip hostname, see RFC 3164 */
1081 for (i = 0, j = 0; i < NAME_MAX; i++) {
1082 if (isspace(msg[i])) {
1093 /* extract program name */
1094 for (i = 0; i < NAME_MAX; i++) {
1095 if (!isprint(msg[i]) || msg[i] == ':' || msg[i] == '[' ||
1096 msg[i] == '/' || isspace(msg[i]))
1102 /* add kernel prefix for kernel messages */
1103 if (flags & ISKERNEL) {
1104 snprintf(buf, sizeof(buf), "%s: %s",
1105 use_bootfile ? bootfile : "kernel", msg);
1107 msglen = strlen(buf);
1110 /* log the message to the particular outputs */
1114 * Open in non-blocking mode to avoid hangs during open
1115 * and close(waiting for the port to drain).
1117 f->f_file = open(ctty, O_WRONLY | O_NONBLOCK, 0);
1119 if (f->f_file >= 0) {
1120 (void)strlcpy(f->f_lasttime, timestamp,
1121 sizeof(f->f_lasttime));
1122 fprintlog(f, flags, msg);
1128 STAILQ_FOREACH(f, &fhead, next) {
1129 /* skip messages that are incorrect priority */
1130 if (!(((f->f_pcmp[fac] & PRI_EQ) && (f->f_pmask[fac] == prilev))
1131 ||((f->f_pcmp[fac] & PRI_LT) && (f->f_pmask[fac] < prilev))
1132 ||((f->f_pcmp[fac] & PRI_GT) && (f->f_pmask[fac] > prilev))
1134 || f->f_pmask[fac] == INTERNAL_NOPRI)
1137 /* skip messages with the incorrect hostname */
1138 if (skip_message(from, f->f_host, 0))
1141 /* skip messages with the incorrect program name */
1142 if (skip_message(prog, f->f_program, 1))
1145 /* skip message to console if it has already been printed */
1146 if (f->f_type == F_CONSOLE && (flags & IGN_CONS))
1149 /* don't output marks to recently written files */
1150 if ((flags & MARK) && (now - f->f_time) < MarkInterval / 2)
1154 * suppress duplicate lines to this file
1156 if (no_compress - (f->f_type != F_PIPE) < 1 &&
1157 (flags & MARK) == 0 && msglen == f->f_prevlen &&
1158 !strcmp(msg, f->f_prevline) &&
1159 !strcasecmp(from, f->f_prevhost)) {
1160 (void)strlcpy(f->f_lasttime, timestamp,
1161 sizeof(f->f_lasttime));
1163 dprintf("msg repeated %d times, %ld sec of %d\n",
1164 f->f_prevcount, (long)(now - f->f_time),
1165 repeatinterval[f->f_repeatcount]);
1167 * If domark would have logged this by now,
1168 * flush it now (so we don't hold isolated messages),
1169 * but back off so we'll flush less often
1172 if (now > REPEATTIME(f)) {
1173 fprintlog(f, flags, (char *)NULL);
1177 /* new line, save it */
1179 fprintlog(f, 0, (char *)NULL);
1180 f->f_repeatcount = 0;
1182 (void)strlcpy(f->f_lasttime, timestamp,
1183 sizeof(f->f_lasttime));
1184 (void)strlcpy(f->f_prevhost, from,
1185 sizeof(f->f_prevhost));
1186 if (msglen < MAXSVLINE) {
1187 f->f_prevlen = msglen;
1188 (void)strlcpy(f->f_prevline, msg, sizeof(f->f_prevline));
1189 fprintlog(f, flags, (char *)NULL);
1191 f->f_prevline[0] = 0;
1193 fprintlog(f, flags, msg);
1204 STAILQ_FOREACH(f, &fhead, next) {
1205 if ((f->f_type == F_FILE) &&
1206 (f->f_flags & FFLAG_NEEDSYNC)) {
1207 f->f_flags &= ~FFLAG_NEEDSYNC;
1208 (void)fsync(f->f_file);
1215 fprintlog(struct filed *f, int flags, const char *msg)
1217 struct iovec iov[IOV_SIZE];
1220 char line[MAXLINE + 1], repbuf[80], greetings[200], *wmsg = NULL;
1221 char nul[] = "", space[] = " ", lf[] = "\n", crlf[] = "\r\n";
1224 if (f->f_type == F_WALL) {
1225 /* The time displayed is not synchornized with the other log
1226 * destinations (like messages). Following fragment was using
1227 * ctime(&now), which was updating the time every 30 sec.
1228 * With f_lasttime, time is synchronized correctly.
1230 iov[0] = (struct iovec){
1231 .iov_base = greetings,
1232 .iov_len = snprintf(greetings, sizeof(greetings),
1233 "\r\n\7Message from syslogd@%s "
1235 f->f_prevhost, f->f_lasttime)
1237 if (iov[0].iov_len >= sizeof(greetings))
1238 iov[0].iov_len = sizeof(greetings) - 1;
1239 iov[1] = (struct iovec){
1244 iov[0] = (struct iovec){
1245 .iov_base = f->f_lasttime,
1246 .iov_len = strlen(f->f_lasttime)
1248 iov[1] = (struct iovec){
1255 static char fp_buf[30]; /* Hollow laugh */
1256 int fac = f->f_prevpri & LOG_FACMASK;
1257 int pri = LOG_PRI(f->f_prevpri);
1258 const char *f_s = NULL;
1259 char f_n[5]; /* Hollow laugh */
1260 const char *p_s = NULL;
1261 char p_n[5]; /* Hollow laugh */
1263 if (LogFacPri > 1) {
1266 for (c = facilitynames; c->c_name; c++) {
1267 if (c->c_val == fac) {
1272 for (c = prioritynames; c->c_name; c++) {
1273 if (c->c_val == pri) {
1280 snprintf(f_n, sizeof f_n, "%d", LOG_FAC(fac));
1284 snprintf(p_n, sizeof p_n, "%d", pri);
1287 snprintf(fp_buf, sizeof fp_buf, "<%s.%s> ", f_s, p_s);
1288 iov[2] = (struct iovec){
1290 .iov_len = strlen(fp_buf)
1293 iov[2] = (struct iovec){
1298 iov[3] = (struct iovec){
1299 .iov_base = f->f_prevhost,
1300 .iov_len = strlen(f->f_prevhost)
1302 iov[4] = (struct iovec){
1307 wmsg = strdup(msg); /* XXX iov_base needs a `const' sibling. */
1312 iov[5] = (struct iovec){
1314 .iov_len = strlen(msg)
1316 } else if (f->f_prevcount > 1) {
1317 iov[5] = (struct iovec){
1319 .iov_len = snprintf(repbuf, sizeof(repbuf),
1320 "last message repeated %d times", f->f_prevcount)
1323 iov[5] = (struct iovec){
1324 .iov_base = f->f_prevline,
1325 .iov_len = f->f_prevlen
1328 dprintf("Logging to %s", TypeNames[f->f_type]);
1331 switch (f->f_type) {
1337 dprintf(" %s", f->fu_forw_hname);
1338 switch (f->fu_forw_addr->ai_addr->sa_family) {
1342 ntohs(satosin(f->fu_forw_addr->ai_addr)->sin_port));
1348 ntohs(satosin6(f->fu_forw_addr->ai_addr)->sin6_port));
1354 /* check for local vs remote messages */
1355 if (strcasecmp(f->f_prevhost, LocalHostName))
1356 l = snprintf(line, sizeof line - 1,
1357 "<%d>%.15s Forwarded from %s: %s",
1358 f->f_prevpri, (char *)iov[0].iov_base,
1359 f->f_prevhost, (char *)iov[5].iov_base);
1361 l = snprintf(line, sizeof line - 1, "<%d>%.15s %s",
1362 f->f_prevpri, (char *)iov[0].iov_base,
1363 (char *)iov[5].iov_base);
1366 else if (l > MAXLINE)
1369 for (r = f->fu_forw_addr; r; r = r->ai_next) {
1370 struct socklist *sl;
1372 STAILQ_FOREACH(sl, &shead, next) {
1373 if (sl->sl_ss.ss_family == AF_LOCAL ||
1374 sl->sl_ss.ss_family == AF_UNSPEC ||
1377 lsent = sendto(sl->sl_socket, line, l, 0,
1378 r->ai_addr, r->ai_addrlen);
1382 if (lsent == l && !send_to_all)
1385 dprintf("lsent/l: %d/%d\n", lsent, l);
1400 /* case ENOTSOCK: */
1402 /* case EMSGSIZE: */
1405 /* case ECONNREFUSED: */
1407 dprintf("removing entry: errno=%d\n", e);
1408 f->f_type = F_UNUSED;
1415 dprintf(" %s\n", f->fu_fname);
1416 iov[6] = (struct iovec){
1420 if (writev(f->f_file, iov, nitems(iov)) < 0) {
1422 * If writev(2) fails for potentially transient errors
1423 * like the filesystem being full, ignore it.
1424 * Otherwise remove this logfile from the list.
1426 if (errno != ENOSPC) {
1430 logerror(f->fu_fname);
1432 } else if ((flags & SYNC_FILE) && (f->f_flags & FFLAG_SYNC)) {
1433 f->f_flags |= FFLAG_NEEDSYNC;
1439 dprintf(" %s\n", f->fu_pipe_pname);
1440 iov[6] = (struct iovec){
1444 if (f->fu_pipe_pid == 0) {
1445 if ((f->f_file = p_open(f->fu_pipe_pname,
1446 &f->fu_pipe_pid)) < 0) {
1447 logerror(f->fu_pipe_pname);
1451 if (writev(f->f_file, iov, nitems(iov)) < 0) {
1454 deadq_enter(f->fu_pipe_pid, f->fu_pipe_pname);
1457 logerror(f->fu_pipe_pname);
1462 if (flags & IGN_CONS) {
1463 dprintf(" (ignored)\n");
1469 dprintf(" %s%s\n", _PATH_DEV, f->fu_fname);
1470 iov[6] = (struct iovec){
1474 errno = 0; /* ttymsg() only sometimes returns an errno */
1475 if ((msgret = ttymsg(iov, nitems(iov), f->fu_fname, 10))) {
1476 f->f_type = F_UNUSED;
1484 iov[6] = (struct iovec){
1488 wallmsg(f, iov, nitems(iov));
1496 * WALLMSG -- Write a message to the world at large
1498 * Write the specified message to either the entire
1499 * world, or a list of approved users.
1502 wallmsg(struct filed *f, struct iovec *iov, const int iovlen)
1504 static int reenter; /* avoid calling ourselves */
1513 while ((ut = getutxent()) != NULL) {
1514 if (ut->ut_type != USER_PROCESS)
1516 if (f->f_type == F_WALL) {
1517 if ((p = ttymsg(iov, iovlen, ut->ut_line,
1518 TTYMSGTIME)) != NULL) {
1519 errno = 0; /* already in msg */
1524 /* should we send the message to this user? */
1525 for (i = 0; i < MAXUNAMES; i++) {
1526 if (!f->fu_uname[i][0])
1528 if (!strcmp(f->fu_uname[i], ut->ut_user)) {
1529 if ((p = ttymsg_check(iov, iovlen, ut->ut_line,
1530 TTYMSGTIME)) != NULL) {
1531 errno = 0; /* already in msg */
1543 * Wrapper routine for ttymsg() that checks the terminal for messages enabled.
1546 ttymsg_check(struct iovec *iov, int iovcnt, char *line, int tmout)
1548 static char device[1024];
1549 static char errbuf[1024];
1552 (void) snprintf(device, sizeof(device), "%s%s", _PATH_DEV, line);
1554 if (stat(device, &sb) < 0) {
1555 (void) snprintf(errbuf, sizeof(errbuf),
1556 "%s: %s", device, strerror(errno));
1559 if ((sb.st_mode & S_IWGRP) == 0)
1560 /* Messages disabled. */
1562 return ttymsg(iov, iovcnt, line, tmout);
1566 reapchild(int signo __unused)
1572 while ((pid = wait3(&status, WNOHANG, (struct rusage *)NULL)) > 0) {
1573 /* First, look if it's a process from the dead queue. */
1574 if (deadq_removebypid(pid))
1577 /* Now, look in list of active processes. */
1578 STAILQ_FOREACH(f, &fhead, next) {
1579 if (f->f_type == F_PIPE &&
1580 f->fu_pipe_pid == pid) {
1582 log_deadchild(pid, status, f->fu_pipe_pname);
1591 * Return a printable representation of a host address.
1594 cvthname(struct sockaddr *f)
1597 static char hname[NI_MAXHOST], ip[NI_MAXHOST];
1599 dprintf("cvthname(%d) len = %d\n", f->sa_family, f->sa_len);
1600 error = getnameinfo(f, f->sa_len, ip, sizeof(ip), NULL, 0,
1603 dprintf("Malformed from address %s\n", gai_strerror(error));
1606 dprintf("cvthname(%s)\n", ip);
1611 error = getnameinfo(f, f->sa_len, hname, sizeof(hname),
1612 NULL, 0, NI_NAMEREQD);
1614 dprintf("Host name for your address (%s) unknown\n", ip);
1618 if (hl > 0 && hname[hl-1] == '.')
1620 trimdomain(hname, hl);
1632 domark(int signo __unused)
1639 * Print syslogd errors some place.
1642 logerror(const char *type)
1645 static int recursed = 0;
1647 /* If there's an error while trying to log an error, give up. */
1653 sizeof buf, "syslogd: %s: %s", type, strerror(errno));
1655 (void)snprintf(buf, sizeof buf, "syslogd: %s", type);
1657 dprintf("%s\n", buf);
1658 logmsg(LOG_SYSLOG|LOG_ERR, buf, LocalHostName, ADDDATE);
1666 struct socklist *sl;
1669 STAILQ_FOREACH(f, &fhead, next) {
1670 /* flush any pending output */
1672 fprintlog(f, 0, (char *)NULL);
1673 if (f->f_type == F_PIPE && f->fu_pipe_pid > 0)
1677 dprintf("syslogd: exiting on signal %d\n", signo);
1678 (void)snprintf(buf, sizeof(buf), "exiting on signal %d", signo);
1682 STAILQ_FOREACH(sl, &shead, next) {
1683 if (sl->sl_ss.ss_family == AF_LOCAL)
1684 unlink(sl->sl_peer->pe_name);
1686 pidfile_remove(pfh);
1692 configfiles(const struct dirent *dp)
1697 if (dp->d_name[0] == '.')
1700 ext_len = sizeof(include_ext) -1;
1702 if (dp->d_namlen <= ext_len)
1705 p = &dp->d_name[dp->d_namlen - ext_len];
1706 if (strcmp(p, include_ext) != 0)
1713 readconfigfile(FILE *cf, int allow_includes)
1717 struct dirent **ent;
1718 char cline[LINE_MAX];
1719 char host[MAXHOSTNAMELEN];
1720 char prog[LINE_MAX];
1721 char file[MAXPATHLEN];
1727 * Foreach line in the conf table, open that file.
1729 include_len = sizeof(include_str) -1;
1730 (void)strlcpy(host, "*", sizeof(host));
1731 (void)strlcpy(prog, "*", sizeof(prog));
1732 while (fgets(cline, sizeof(cline), cf) != NULL) {
1734 * check for end-of-section, comments, strip off trailing
1735 * spaces and newline character. #!prog is treated specially:
1736 * following lines apply only to that program.
1738 for (p = cline; isspace(*p); ++p)
1742 if (allow_includes &&
1743 strncmp(p, include_str, include_len) == 0 &&
1744 isspace(p[include_len])) {
1749 while (*tmp != '\0' && !isspace(*tmp))
1752 dprintf("Trying to include files in '%s'\n", p);
1753 nents = scandir(p, &ent, configfiles, alphasort);
1755 dprintf("Unable to open '%s': %s\n", p,
1759 for (i = 0; i < nents; i++) {
1760 if (snprintf(file, sizeof(file), "%s/%s", p,
1761 ent[i]->d_name) >= (int)sizeof(file)) {
1762 dprintf("ignoring path too long: "
1763 "'%s/%s'\n", p, ent[i]->d_name);
1768 cf2 = fopen(file, "r");
1771 dprintf("reading %s\n", file);
1772 readconfigfile(cf2, 0);
1780 if (*p != '!' && *p != '+' && *p != '-')
1783 if (*p == '+' || *p == '-') {
1787 if ((!*p) || (*p == '*')) {
1788 (void)strlcpy(host, "*", sizeof(host));
1793 for (i = 1; i < MAXHOSTNAMELEN - 1; i++) {
1794 if (!isalnum(*p) && *p != '.' && *p != '-'
1795 && *p != ',' && *p != ':' && *p != '%')
1804 while (isspace(*p)) p++;
1805 if ((!*p) || (*p == '*')) {
1806 (void)strlcpy(prog, "*", sizeof(prog));
1809 for (i = 0; i < LINE_MAX - 1; i++) {
1810 if (!isprint(p[i]) || isspace(p[i]))
1817 for (p = cline + 1; *p != '\0'; p++) {
1820 if (*(p - 1) == '\\') {
1828 for (i = strlen(cline) - 1; i >= 0 && isspace(cline[i]); i--)
1830 f = cfline(cline, prog, host);
1837 sighandler(int signo)
1840 /* Send an wake-up signal to the select() loop. */
1841 write(sigpipe[1], &signo, sizeof(signo));
1845 * INIT -- Initialize syslogd from configuration table
1854 char oldLocalHostName[MAXHOSTNAMELEN];
1855 char hostMsg[2*MAXHOSTNAMELEN+40];
1856 char bootfileMsg[LINE_MAX];
1862 * Load hostname (may have changed).
1865 (void)strlcpy(oldLocalHostName, LocalHostName,
1866 sizeof(oldLocalHostName));
1867 if (gethostname(LocalHostName, sizeof(LocalHostName)))
1868 err(EX_OSERR, "gethostname() failed");
1869 if ((p = strchr(LocalHostName, '.')) != NULL) {
1877 * Load / reload timezone data (in case it changed).
1879 * Just calling tzset() again does not work, the timezone code
1880 * caches the result. However, by setting the TZ variable, one
1881 * can defeat the caching and have the timezone code really
1882 * reload the timezone data. Respect any initial setting of
1883 * TZ, in case the system is configured specially.
1885 dprintf("loading timezone data via tzset()\n");
1889 setenv("TZ", ":/etc/localtime", 1);
1895 * Close all open log files.
1898 STAILQ_FOREACH(f, &fhead, next) {
1899 /* flush any pending output */
1901 fprintlog(f, 0, (char *)NULL);
1903 switch (f->f_type) {
1911 deadq_enter(f->fu_pipe_pid, f->fu_pipe_pname);
1916 while(!STAILQ_EMPTY(&fhead)) {
1917 f = STAILQ_FIRST(&fhead);
1918 STAILQ_REMOVE_HEAD(&fhead, next);
1924 /* open the configuration file */
1925 if ((cf = fopen(ConfFile, "r")) == NULL) {
1926 dprintf("cannot open %s\n", ConfFile);
1927 f = cfline("*.ERR\t/dev/console", "*", "*");
1930 f = cfline("*.PANIC\t*", "*", "*");
1938 readconfigfile(cf, 1);
1940 /* close the configuration file */
1947 STAILQ_FOREACH(f, &fhead, next) {
1948 for (i = 0; i <= LOG_NFACILITIES; i++)
1949 if (f->f_pmask[i] == INTERNAL_NOPRI)
1952 printf("%d ", f->f_pmask[i]);
1953 printf("%s: ", TypeNames[f->f_type]);
1954 switch (f->f_type) {
1956 printf("%s", f->fu_fname);
1961 printf("%s%s", _PATH_DEV, f->fu_fname);
1965 switch (f->fu_forw_addr->ai_addr->sa_family) {
1968 port = ntohs(satosin(f->fu_forw_addr->ai_addr)->sin_port);
1973 port = ntohs(satosin6(f->fu_forw_addr->ai_addr)->sin6_port);
1981 f->fu_forw_hname, port);
1983 printf("%s", f->fu_forw_hname);
1988 printf("%s", f->fu_pipe_pname);
1992 for (i = 0; i < MAXUNAMES && *f->fu_uname[i]; i++)
1993 printf("%s, ", f->fu_uname[i]);
1997 printf(" (%s)", f->f_program);
2002 logmsg(LOG_SYSLOG|LOG_INFO, "syslogd: restart", LocalHostName, ADDDATE);
2003 dprintf("syslogd: restarted\n");
2005 * Log a change in hostname, but only on a restart.
2007 if (signo != 0 && strcmp(oldLocalHostName, LocalHostName) != 0) {
2008 (void)snprintf(hostMsg, sizeof(hostMsg),
2009 "syslogd: hostname changed, \"%s\" to \"%s\"",
2010 oldLocalHostName, LocalHostName);
2011 logmsg(LOG_SYSLOG|LOG_INFO, hostMsg, LocalHostName, ADDDATE);
2012 dprintf("%s\n", hostMsg);
2015 * Log the kernel boot file if we aren't going to use it as
2016 * the prefix, and if this is *not* a restart.
2018 if (signo == 0 && !use_bootfile) {
2019 (void)snprintf(bootfileMsg, sizeof(bootfileMsg),
2020 "syslogd: kernel boot file is %s", bootfile);
2021 logmsg(LOG_KERN|LOG_INFO, bootfileMsg, LocalHostName, ADDDATE);
2022 dprintf("%s\n", bootfileMsg);
2027 * Crack a configuration file line
2029 static struct filed *
2030 cfline(const char *line, const char *prog, const char *host)
2033 struct addrinfo hints, *res;
2034 int error, i, pri, syncfile;
2037 char buf[MAXLINE], ebuf[100];
2039 dprintf("cfline(\"%s\", f, \"%s\", \"%s\")\n", line, prog, host);
2041 f = calloc(1, sizeof(*f));
2046 errno = 0; /* keep strerror() stuff out of logerror messages */
2048 for (i = 0; i <= LOG_NFACILITIES; i++)
2049 f->f_pmask[i] = INTERNAL_NOPRI;
2051 /* save hostname if any */
2052 if (host && *host == '*')
2057 f->f_host = strdup(host);
2058 if (f->f_host == NULL) {
2062 hl = strlen(f->f_host);
2063 if (hl > 0 && f->f_host[hl-1] == '.')
2064 f->f_host[--hl] = '\0';
2065 trimdomain(f->f_host, hl);
2068 /* save program name if any */
2069 if (prog && *prog == '*')
2072 f->f_program = strdup(prog);
2073 if (f->f_program == NULL) {
2079 /* scan through the list of selectors */
2080 for (p = line; *p && *p != '\t' && *p != ' ';) {
2085 /* find the end of this facility name list */
2086 for (q = p; *q && *q != '\t' && *q != ' ' && *q++ != '.'; )
2089 /* get the priority comparison */
2117 /* collect priority name */
2118 for (bp = buf; *q && !strchr("\t,; ", *q); )
2123 while (strchr(",;", *q))
2126 /* decode priority name */
2129 pri_cmp = PRI_LT | PRI_EQ | PRI_GT;
2131 /* Ignore trailing spaces. */
2132 for (i = strlen(buf) - 1; i >= 0 && buf[i] == ' '; i--)
2135 pri = decode(buf, prioritynames);
2138 (void)snprintf(ebuf, sizeof ebuf,
2139 "unknown priority name \"%s\"", buf);
2146 pri_cmp = (UniquePriority)
2151 pri_cmp ^= PRI_LT | PRI_EQ | PRI_GT;
2153 /* scan facilities */
2154 while (*p && !strchr("\t.; ", *p)) {
2155 for (bp = buf; *p && !strchr("\t,;. ", *p); )
2160 for (i = 0; i < LOG_NFACILITIES; i++) {
2161 f->f_pmask[i] = pri;
2162 f->f_pcmp[i] = pri_cmp;
2165 i = decode(buf, facilitynames);
2168 (void)snprintf(ebuf, sizeof ebuf,
2169 "unknown facility name \"%s\"",
2175 f->f_pmask[i >> 3] = pri;
2176 f->f_pcmp[i >> 3] = pri_cmp;
2178 while (*p == ',' || *p == ' ')
2185 /* skip to action part */
2186 while (*p == '\t' || *p == ' ')
2201 * scan forward to see if there is a port defined.
2202 * so we can't use strlcpy..
2204 i = sizeof(f->fu_forw_hname);
2205 tp = f->fu_forw_hname;
2209 * an ipv6 address should start with a '[' in that case
2210 * we should scan for a ']'
2216 while (*p && (*p != endkey) && (i-- > 0)) {
2219 if (endkey == ']' && *p == endkey)
2223 /* See if we copied a domain and have a port */
2229 hints = (struct addrinfo){
2230 .ai_family = family,
2231 .ai_socktype = SOCK_DGRAM
2233 error = getaddrinfo(f->fu_forw_hname,
2234 p ? p : "syslog", &hints, &res);
2236 logerror(gai_strerror(error));
2239 f->fu_forw_addr = res;
2244 if ((f->f_file = open(p, logflags, 0600)) < 0) {
2245 f->f_type = F_UNUSED;
2250 f->f_flags |= FFLAG_SYNC;
2251 if (isatty(f->f_file)) {
2252 if (strcmp(p, ctty) == 0)
2253 f->f_type = F_CONSOLE;
2256 (void)strlcpy(f->fu_fname, p + sizeof(_PATH_DEV) - 1,
2257 sizeof(f->fu_fname));
2259 (void)strlcpy(f->fu_fname, p, sizeof(f->fu_fname));
2266 (void)strlcpy(f->fu_pipe_pname, p + 1,
2267 sizeof(f->fu_pipe_pname));
2276 for (i = 0; i < MAXUNAMES && *p; i++) {
2277 for (q = p; *q && *q != ','; )
2279 (void)strncpy(f->fu_uname[i], p, MAXLOGNAME - 1);
2280 if ((q - p) >= MAXLOGNAME)
2281 f->fu_uname[i][MAXLOGNAME - 1] = '\0';
2283 f->fu_uname[i][q - p] = '\0';
2284 while (*q == ',' || *q == ' ')
2288 f->f_type = F_USERS;
2296 * Decode a symbolic name to a numeric value
2299 decode(const char *name, const CODE *codetab)
2305 return (atoi(name));
2307 for (p = buf; *name && p < &buf[sizeof(buf) - 1]; p++, name++) {
2309 *p = tolower(*name);
2314 for (c = codetab; c->c_name; c++)
2315 if (!strcmp(buf, c->c_name))
2325 struct deadq_entry *dq, *dq0;
2327 now = time((time_t *)NULL);
2328 MarkSeq += TIMERINTVL;
2329 if (MarkSeq >= MarkInterval) {
2330 logmsg(LOG_INFO, "-- MARK --",
2331 LocalHostName, ADDDATE|MARK);
2335 STAILQ_FOREACH(f, &fhead, next) {
2336 if (f->f_prevcount && now >= REPEATTIME(f)) {
2337 dprintf("flush %s: repeated %d times, %d sec.\n",
2338 TypeNames[f->f_type], f->f_prevcount,
2339 repeatinterval[f->f_repeatcount]);
2340 fprintlog(f, 0, (char *)NULL);
2345 /* Walk the dead queue, and see if we should signal somebody. */
2346 TAILQ_FOREACH_SAFE(dq, &deadq_head, dq_entries, dq0) {
2347 switch (dq->dq_timeout) {
2349 /* Already signalled once, try harder now. */
2350 if (kill(dq->dq_pid, SIGKILL) != 0)
2351 (void)deadq_remove(dq);
2356 * Timed out on dead queue, send terminate
2357 * signal. Note that we leave the removal
2358 * from the dead queue to reapchild(), which
2359 * will also log the event (unless the process
2360 * didn't even really exist, in case we simply
2361 * drop it from the dead queue).
2363 if (kill(dq->dq_pid, SIGTERM) != 0)
2364 (void)deadq_remove(dq);
2373 (void)alarm(TIMERINTVL);
2377 * fork off and become a daemon, but wait for the child to come online
2378 * before returning to the parent, or we get disk thrashing at boot etc.
2379 * Set a timer so we don't hang forever if it wedges.
2382 waitdaemon(int maxwait)
2386 pid_t pid, childpid;
2388 switch (childpid = fork()) {
2394 signal(SIGALRM, timedout);
2396 while ((pid = wait3(&status, 0, NULL)) != -1) {
2397 if (WIFEXITED(status))
2398 errx(1, "child pid %d exited with return code %d",
2399 pid, WEXITSTATUS(status));
2400 if (WIFSIGNALED(status))
2401 errx(1, "child pid %d exited on signal %d%s",
2402 pid, WTERMSIG(status),
2403 WCOREDUMP(status) ? " (core dumped)" :
2405 if (pid == childpid) /* it's gone... */
2415 if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
2416 (void)dup2(fd, STDIN_FILENO);
2417 (void)dup2(fd, STDOUT_FILENO);
2418 (void)dup2(fd, STDERR_FILENO);
2419 if (fd > STDERR_FILENO)
2426 * We get a SIGALRM from the child when it's running and finished doing it's
2427 * fsync()'s or O_SYNC writes for all the boot messages.
2429 * We also get a signal from the kernel if the timer expires, so check to
2430 * see what happened.
2433 timedout(int sig __unused)
2437 signal(SIGALRM, SIG_DFL);
2439 errx(1, "timed out waiting for child");
2445 * Add `s' to the list of allowable peer addresses to accept messages
2448 * `s' is a string in the form:
2450 * [*]domainname[:{servicename|portnumber|*}]
2454 * netaddr/maskbits[:{servicename|portnumber|*}]
2456 * Returns -1 on error, 0 if the argument was valid.
2461 #if defined(INET) || defined(INET6)
2463 struct allowedpeer *ap;
2466 struct addrinfo hints, *res = NULL;
2468 in_addr_t *addrp, *maskp;
2471 uint32_t *addr6p, *mask6p;
2473 char ip[NI_MAXHOST];
2475 ap = calloc(1, sizeof(*ap));
2477 err(1, "malloc failed");
2480 if (*s != '[' || (cp1 = strchr(s + 1, ']')) == NULL)
2483 if ((cp1 = strrchr(cp1, ':'))) {
2484 /* service/port provided */
2486 if (strlen(cp1) == 1 && *cp1 == '*')
2487 /* any port allowed */
2489 else if ((se = getservbyname(cp1, "udp"))) {
2490 ap->port = ntohs(se->s_port);
2492 ap->port = strtol(cp1, &cp2, 0);
2493 /* port not numeric */
2498 if ((se = getservbyname("syslog", "udp")))
2499 ap->port = ntohs(se->s_port);
2501 /* sanity, should not happen */
2505 if ((cp1 = strchr(s, '/')) != NULL &&
2506 strspn(cp1 + 1, "0123456789") == strlen(cp1 + 1)) {
2508 if ((masklen = atoi(cp1 + 1)) < 0)
2513 cp2 = s + strlen(s) - 1;
2524 hints = (struct addrinfo){
2525 .ai_family = PF_UNSPEC,
2526 .ai_socktype = SOCK_DGRAM,
2527 .ai_flags = AI_PASSIVE | AI_NUMERICHOST
2529 if (getaddrinfo(s, NULL, &hints, &res) == 0) {
2531 memcpy(&ap->a_addr, res->ai_addr, res->ai_addrlen);
2532 ap->a_mask = (struct sockaddr_storage){
2533 .ss_family = res->ai_family,
2534 .ss_len = res->ai_addrlen
2536 switch (res->ai_family) {
2539 maskp = &sstosin(&ap->a_mask)->sin_addr.s_addr;
2540 addrp = &sstosin(&ap->a_addr)->sin_addr.s_addr;
2542 /* use default netmask */
2543 if (IN_CLASSA(ntohl(*addrp)))
2544 *maskp = htonl(IN_CLASSA_NET);
2545 else if (IN_CLASSB(ntohl(*addrp)))
2546 *maskp = htonl(IN_CLASSB_NET);
2548 *maskp = htonl(IN_CLASSC_NET);
2549 } else if (masklen == 0) {
2551 } else if (masklen <= 32) {
2552 /* convert masklen to netmask */
2553 *maskp = htonl(~((1 << (32 - masklen)) - 1));
2557 /* Lose any host bits in the network number. */
2568 mask6p = (uint32_t *)&sstosin6(&ap->a_mask)->sin6_addr.s6_addr32[0];
2569 addr6p = (uint32_t *)&sstosin6(&ap->a_addr)->sin6_addr.s6_addr32[0];
2570 /* convert masklen to netmask */
2571 while (masklen > 0) {
2574 htonl(~(0xffffffff >> masklen));
2578 *mask6p++ = 0xffffffff;
2590 /* arg `s' is domain name */
2602 STAILQ_INSERT_TAIL(&aphead, ap, next);
2605 printf("allowaddr: rule ");
2606 if (ap->isnumeric) {
2607 printf("numeric, ");
2608 getnameinfo(sstosa(&ap->a_addr),
2609 (sstosa(&ap->a_addr))->sa_len,
2610 ip, sizeof ip, NULL, 0, NI_NUMERICHOST);
2611 printf("addr = %s, ", ip);
2612 getnameinfo(sstosa(&ap->a_mask),
2613 (sstosa(&ap->a_mask))->sa_len,
2614 ip, sizeof ip, NULL, 0, NI_NUMERICHOST);
2615 printf("mask = %s; ", ip);
2617 printf("domainname = %s; ", ap->a_name);
2619 printf("port = %d\n", ap->port);
2632 * Validate that the remote peer has permission to log to us.
2635 validate(struct sockaddr *sa, const char *hname)
2638 char name[NI_MAXHOST], ip[NI_MAXHOST], port[NI_MAXSERV];
2639 struct allowedpeer *ap;
2641 struct sockaddr_in *sin4, *a4p = NULL, *m4p = NULL;
2644 struct sockaddr_in6 *sin6, *a6p = NULL, *m6p = NULL;
2646 struct addrinfo hints, *res;
2650 STAILQ_FOREACH(ap, &aphead, next) {
2653 dprintf("# of validation rule: %d\n", num);
2655 /* traditional behaviour, allow everything */
2658 (void)strlcpy(name, hname, sizeof(name));
2659 hints = (struct addrinfo){
2660 .ai_family = PF_UNSPEC,
2661 .ai_socktype = SOCK_DGRAM,
2662 .ai_flags = AI_PASSIVE | AI_NUMERICHOST
2664 if (getaddrinfo(name, NULL, &hints, &res) == 0)
2666 else if (strchr(name, '.') == NULL) {
2667 strlcat(name, ".", sizeof name);
2668 strlcat(name, LocalDomain, sizeof name);
2670 if (getnameinfo(sa, sa->sa_len, ip, sizeof(ip), port, sizeof(port),
2671 NI_NUMERICHOST | NI_NUMERICSERV) != 0)
2672 return (0); /* for safety, should not occur */
2673 dprintf("validate: dgram from IP %s, port %s, name %s;\n",
2677 /* now, walk down the list */
2679 STAILQ_FOREACH(ap, &aphead, next) {
2681 if (ap->port != 0 && ap->port != sport) {
2682 dprintf("rejected in rule %d due to port mismatch.\n",
2687 if (ap->isnumeric) {
2688 if (ap->a_addr.ss_family != sa->sa_family) {
2689 dprintf("rejected in rule %d due to address family mismatch.\n", i);
2693 else if (ap->a_addr.ss_family == AF_INET) {
2695 a4p = satosin(&ap->a_addr);
2696 m4p = satosin(&ap->a_mask);
2697 if ((sin4->sin_addr.s_addr & m4p->sin_addr.s_addr)
2698 != a4p->sin_addr.s_addr) {
2699 dprintf("rejected in rule %d due to IP mismatch.\n", i);
2705 else if (ap->a_addr.ss_family == AF_INET6) {
2706 sin6 = satosin6(sa);
2707 a6p = satosin6(&ap->a_addr);
2708 m6p = satosin6(&ap->a_mask);
2709 if (a6p->sin6_scope_id != 0 &&
2710 sin6->sin6_scope_id != a6p->sin6_scope_id) {
2711 dprintf("rejected in rule %d due to scope mismatch.\n", i);
2714 if (IN6_ARE_MASKED_ADDR_EQUAL(&sin6->sin6_addr,
2715 &a6p->sin6_addr, &m6p->sin6_addr) != 0) {
2716 dprintf("rejected in rule %d due to IP mismatch.\n", i);
2724 if (fnmatch(ap->a_name, name, FNM_NOESCAPE) ==
2726 dprintf("rejected in rule %d due to name "
2731 dprintf("accepted in rule %d.\n", i);
2732 return (1); /* hooray! */
2738 * Fairly similar to popen(3), but returns an open descriptor, as
2739 * opposed to a FILE *.
2742 p_open(const char *prog, pid_t *rpid)
2744 int pfd[2], nulldesc;
2746 char *argv[4]; /* sh -c cmd NULL */
2749 if (pipe(pfd) == -1)
2751 if ((nulldesc = open(_PATH_DEVNULL, O_RDWR)) == -1)
2752 /* we are royally screwed anyway */
2755 switch ((pid = fork())) {
2761 (void)setsid(); /* Avoid catching SIGHUPs. */
2762 argv[0] = strdup("sh");
2763 argv[1] = strdup("-c");
2764 argv[2] = strdup(prog);
2766 if (argv[0] == NULL || argv[1] == NULL || argv[2] == NULL) {
2773 /* Restore signals marked as SIG_IGN. */
2774 (void)signal(SIGINT, SIG_DFL);
2775 (void)signal(SIGQUIT, SIG_DFL);
2776 (void)signal(SIGPIPE, SIG_DFL);
2778 dup2(pfd[0], STDIN_FILENO);
2779 dup2(nulldesc, STDOUT_FILENO);
2780 dup2(nulldesc, STDERR_FILENO);
2781 closefrom(STDERR_FILENO + 1);
2783 (void)execvp(_PATH_BSHELL, argv);
2789 * Avoid blocking on a hung pipe. With O_NONBLOCK, we are
2790 * supposed to get an EWOULDBLOCK on writev(2), which is
2791 * caught by the logic above anyway, which will in turn close
2792 * the pipe, and fork a new logging subprocess if necessary.
2793 * The stale subprocess will be killed some time later unless
2794 * it terminated itself due to closing its input pipe (so we
2795 * get rid of really dead puppies).
2797 if (fcntl(pfd[1], F_SETFL, O_NONBLOCK) == -1) {
2799 (void)snprintf(errmsg, sizeof errmsg,
2800 "Warning: cannot change pipe to PID %d to "
2801 "non-blocking behaviour.",
2810 deadq_enter(pid_t pid, const char *name)
2812 struct deadq_entry *dq;
2818 * Be paranoid, if we can't signal the process, don't enter it
2819 * into the dead queue (perhaps it's already dead). If possible,
2820 * we try to fetch and log the child's status.
2822 if (kill(pid, 0) != 0) {
2823 if (waitpid(pid, &status, WNOHANG) > 0)
2824 log_deadchild(pid, status, name);
2828 dq = malloc(sizeof(*dq));
2833 *dq = (struct deadq_entry){
2835 .dq_timeout = DQ_TIMO_INIT
2837 TAILQ_INSERT_TAIL(&deadq_head, dq, dq_entries);
2841 deadq_remove(struct deadq_entry *dq)
2844 TAILQ_REMOVE(&deadq_head, dq, dq_entries);
2853 deadq_removebypid(pid_t pid)
2855 struct deadq_entry *dq;
2857 TAILQ_FOREACH(dq, &deadq_head, dq_entries) {
2858 if (dq->dq_pid == pid)
2861 return (deadq_remove(dq));
2865 log_deadchild(pid_t pid, int status, const char *name)
2871 errno = 0; /* Keep strerror() stuff out of logerror messages. */
2872 if (WIFSIGNALED(status)) {
2873 reason = "due to signal";
2874 code = WTERMSIG(status);
2876 reason = "with status";
2877 code = WEXITSTATUS(status);
2881 (void)snprintf(buf, sizeof buf,
2882 "Logging subprocess %d (%s) exited %s %d.",
2883 pid, name, reason, code);
2888 socksetup(struct peer *pe)
2890 struct addrinfo hints, *res, *res0;
2893 int (*sl_recv)(struct socklist *);
2895 * We have to handle this case for backwards compatibility:
2896 * If there are two (or more) colons but no '[' and ']',
2897 * assume this is an inet6 address without a service.
2899 if (pe->pe_name != NULL) {
2901 if (pe->pe_name[0] == '[' &&
2902 (cp = strchr(pe->pe_name + 1, ']')) != NULL) {
2903 pe->pe_name = &pe->pe_name[1];
2905 if (cp[1] == ':' && cp[2] != '\0')
2906 pe->pe_serv = cp + 2;
2909 cp = strchr(pe->pe_name, ':');
2910 if (cp != NULL && strchr(cp + 1, ':') == NULL) {
2913 pe->pe_serv = cp + 1;
2914 if (cp == pe->pe_name)
2921 hints = (struct addrinfo){
2922 .ai_family = AF_UNSPEC,
2923 .ai_socktype = SOCK_DGRAM,
2924 .ai_flags = AI_PASSIVE
2926 if (pe->pe_name != NULL)
2927 dprintf("Trying peer: %s\n", pe->pe_name);
2928 if (pe->pe_serv == NULL)
2929 pe->pe_serv = "syslog";
2930 error = getaddrinfo(pe->pe_name, pe->pe_serv, &hints, &res0);
2934 asprintf(&msgbuf, "getaddrinfo failed for %s%s: %s",
2935 pe->pe_name == NULL ? "" : pe->pe_name, pe->pe_serv,
2936 gai_strerror(error));
2939 logerror(gai_strerror(error));
2945 for (res = res0; res != NULL; res = res->ai_next) {
2948 if (res->ai_family != AF_LOCAL &&
2950 /* Only AF_LOCAL in secure mode. */
2953 if (family != AF_UNSPEC &&
2954 res->ai_family != AF_LOCAL && res->ai_family != family)
2957 s = socket(res->ai_family, res->ai_socktype,
2965 if (res->ai_family == AF_INET6) {
2966 if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
2967 &(int){1}, sizeof(int)) < 0) {
2968 logerror("setsockopt(IPV6_V6ONLY)");
2975 if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
2976 &(int){1}, sizeof(int)) < 0) {
2977 logerror("setsockopt(SO_REUSEADDR)");
2984 * Bind INET and UNIX-domain sockets.
2986 * A UNIX-domain socket is always bound to a pathname
2987 * regardless of -N flag.
2989 * For INET sockets, RFC 3164 recommends that client
2990 * side message should come from the privileged syslogd port.
2992 * If the system administrator chooses not to obey
2993 * this, we can skip the bind() step so that the
2994 * system will choose a port for us.
2996 if (res->ai_family == AF_LOCAL)
2997 unlink(pe->pe_name);
2998 if (res->ai_family == AF_LOCAL ||
2999 NoBind == 0 || pe->pe_name != NULL) {
3000 if (bind(s, res->ai_addr, res->ai_addrlen) < 0) {
3006 if (res->ai_family == AF_LOCAL ||
3010 if (res->ai_family == AF_LOCAL &&
3011 chmod(pe->pe_name, pe->pe_mode) < 0) {
3012 dprintf("chmod %s: %s\n", pe->pe_name,
3018 dprintf("new socket fd is %d\n", s);
3019 if (res->ai_socktype != SOCK_DGRAM) {
3022 sl_recv = socklist_recv_sock;
3023 #if defined(INET) || defined(INET6)
3024 if (SecureMode && (res->ai_family == AF_INET ||
3025 res->ai_family == AF_INET6)) {
3026 dprintf("shutdown\n");
3027 /* Forbid communication in secure mode. */
3028 if (shutdown(s, SHUT_RD) < 0 &&
3029 errno != ENOTCONN) {
3030 logerror("shutdown");
3037 dprintf("listening on socket\n");
3038 dprintf("sending on socket\n");
3039 addsock(res->ai_addr, res->ai_addrlen,
3052 increase_rcvbuf(int fd)
3056 if (getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &len,
3057 &(socklen_t){sizeof(len)}) == 0) {
3058 if (len < RCVBUF_MINSIZE) {
3059 len = RCVBUF_MINSIZE;
3060 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &len, sizeof(len));