op public repos

Commit Diff

Commit:: d278a0c3c50146c703b675ca4dac1d58ef286585
From:: Omar Polo <op@omarpolo.com>
Date:: Tue Feb 23 12:40:59 2021 UTC
Message:: moving logging to its own process
Actions:: Patch | Tree
commit - c39b26d308ed63a537de88b963935c2acfe33405
commit + d278a0c3c50146c703b675ca4dac1d58ef286585
blob - 14dd66e2fb9c6261ad6c5289aeee5d0930fbf5d8
blob + 68835e57d6abaad4c0e2f478572ff9104197ede4
--- configure
+++ configure
@@ -38,7 +38,7 @@ CC=`printf "all:\\n\\t@echo \\\$(CC)\\n" | make ${MAKE
 CFLAGS=`printf "all:\\n\\t@echo \\\$(CFLAGS)\\n" | make ${MAKE_FLAGS} -sf -`
 CFLAGS="${CFLAGS} -g -W -Wall -Wextra -Wmissing-prototypes -Wstrict-prototypes"
 CFLAGS="${CFLAGS} -Wwrite-strings -Wno-unused-parameter"
-LDFLAGS="-ltls -levent"
+LDFLAGS="-ltls -levent -lutil"
 YACC=yacc
 LEX=lex
 STATIC=
blob - b17fb4fd9ae9e71c72760aaebfce18ec8af2310f
blob + 0d0247e5a8d267f9cc2fd7407490b29fe25b3fe5
--- gmid.c
+++ gmid.c
@@ -477,16 +477,18 @@ main(int argc, char **argv)
 
 	if (!conf.foreground && !configless) {
 		if (daemon(1, 1) == -1)
-			fatal("daemon: %s", strerror(errno));
+			err(1, "daemon");
 	}
 
 	if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC,
 	    PF_UNSPEC, p) == -1)
-		fatal("socketpair: %s", strerror(errno));
+		err(1, "socketpair");
 
 	if (config_path != NULL)
 		parse_conf(config_path);
 
+	logger_init();
+
 	sock4 = make_socket(conf.port, AF_INET);
 	sock6 = -1;
 	if (conf.ipv6)
blob - a8fd595731dc2f7a058b304f745ab7499134ce1a
blob + 2a5b6be551b6d1272f9c77f3e18b6e156faa7f43
--- gmid.h
+++ gmid.h
@@ -218,6 +218,7 @@ void		 log_notice(struct client*, const char*, ...)	LO
 void		 log_info(struct client*, const char*, ...)	LOG_ATTR_FMT;
 void		 log_debug(struct client*, const char*, ...)	LOG_ATTR_FMT;
 void		 log_request(struct client*, char*, size_t);
+void		 logger_init(void);
 
 /* mime.c */
 void		 init_mime(struct mime*);
blob - 7f2d5557679b5efcdf3805191a9eafa100a25c2a
blob + 6ae603be7575a5283c27435b0b958b784ecb4260
--- log.c
+++ log.c
@@ -16,13 +16,26 @@
 
 #include "gmid.h"
 
+#include <sys/types.h>
+#include <sys/queue.h>
+#include <sys/uio.h>
+
 #include <errno.h>
+#include <event.h>
+#include <imsg.h>
 #include <netdb.h>
 #include <stdarg.h>
 #include <stdio.h>
 #include <string.h>
 #include <syslog.h>
 
+struct imsgbuf parent_ibuf, child_ibuf;
+struct event sigusr2, inlog;
+int logfd;
+
+static void handle_log(int, short, void*);
+static int logger_main(int, struct imsgbuf*);
+
 void
 fatal(const char *fmt, ...)
 {
@@ -59,8 +72,16 @@ should_log(int priority)
 	}
 }
 
-static void
-do_log(int priority, struct client *c,
+static inline void
+send_log(const char *msg, size_t len)
+{
+	imsg_compose(&parent_ibuf, 0, 0, 0, -1, msg, len);
+	/* XXX: use event_once() */
+	imsg_flush(&parent_ibuf);
+}
+
+static inline void
+vlog(int priority, struct client *c,
     const char *fmt, va_list ap)
 {
 	char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];
@@ -71,10 +92,7 @@ do_log(int priority, struct client *c,
 	if (!should_log(priority))
 		return;
 
-	if (c == NULL) {
-		strncpy(hbuf, "<internal>", sizeof(hbuf));
-		sbuf[0] = '\0';
-	} else {
+	if (c != NULL) {
 		len = sizeof(c->addr);
 		ec = getnameinfo((struct sockaddr*)&c->addr, len,
 		    hbuf, sizeof(hbuf),
@@ -87,16 +105,18 @@ do_log(int priority, struct client *c,
 	if (vasprintf(&fmted, fmt, ap) == -1)
 		fatal("vasprintf: %s", strerror(errno));
 
-	if (conf.foreground)
-		fprintf(stderr, "%s:%s %s\n", hbuf, sbuf, fmted);
-	else {
-		if (asprintf(&s, "%s:%s %s", hbuf, sbuf, fmted) == -1)
-			fatal("asprintf: %s", strerror(errno));
-		syslog(priority | LOG_DAEMON, "%s", s);
-		free(s);
-	}
+        if (c == NULL)
+		ec = asprintf(&s, "internal: %s", fmted);
+	else
+		ec = asprintf(&s, "%s:%s %s", hbuf, sbuf, fmted);
 
+	if (ec < 0)
+		fatal("asprintf: %s", strerror(errno));
+
+	send_log(s, ec+1);
+
 	free(fmted);
+	free(s);
 }
 
 void
@@ -105,7 +125,7 @@ log_err(struct client *c, const char *fmt, ...)
 	va_list ap;
 
 	va_start(ap, fmt);
-	do_log(LOG_ERR, c, fmt, ap);
+	vlog(LOG_ERR, c, fmt, ap);
 	va_end(ap);
 }
 
@@ -115,7 +135,7 @@ log_warn(struct client *c, const char *fmt, ...)
 	va_list ap;
 
 	va_start(ap, fmt);
-	do_log(LOG_WARNING, c, fmt, ap);
+	vlog(LOG_WARNING, c, fmt, ap);
 	va_end(ap);
 }
 
@@ -125,7 +145,7 @@ log_notice(struct client *c, const char *fmt, ...)
 	va_list ap;
 
 	va_start(ap, fmt);
-	do_log(LOG_NOTICE, c, fmt, ap);
+	vlog(LOG_NOTICE, c, fmt, ap);
 	va_end(ap);
 }
 
@@ -135,7 +155,7 @@ log_info(struct client *c, const char *fmt, ...)
 	va_list ap;
 
 	va_start(ap, fmt);
-	do_log(LOG_INFO, c, fmt, ap);
+	vlog(LOG_INFO, c, fmt, ap);
 	va_end(ap);
 }
 
@@ -145,7 +165,7 @@ log_debug(struct client *c, const char *fmt, ...)
 	va_list ap;
 
 	va_start(ap, fmt);
-	do_log(LOG_DEBUG, c, fmt, ap);
+	vlog(LOG_DEBUG, c, fmt, ap);
 	va_end(ap);
 }
 
@@ -165,7 +185,7 @@ void
 log_request(struct client *c, char *meta, size_t l)
 {
 	char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV], b[GEMINI_URL_LEN];
-	char *t;
+	char *t, *fmted;
 	size_t len;
 	int ec;
 
@@ -202,10 +222,92 @@ log_request(struct client *c, char *meta, size_t l)
 	if ((t = gmid_strnchr(meta, '\r', l)) == NULL)
 		t = meta + len;
 
-	if (conf.foreground)
-		fprintf(stderr, "%s:%s GET %s %.*s\n", hbuf, sbuf, b,
-		    (int)(t - meta), meta);
-	else
-		syslog(LOG_INFO | LOG_DAEMON, "%s:%s GET %s %.*s",
-		    hbuf, sbuf, b, (int)(t - meta), meta);
+	ec = asprintf(&fmted, "%s:%s GET %s %.*s", hbuf, sbuf, b,
+	    (int)(t-meta), meta);
+	if (ec < 0)
+		err(1, "asprintf");
+	send_log(fmted, ec+1);
+	free(fmted);
+}
+
+
+
+static void
+handle_log(int fd, short ev, void *d)
+{
+	struct imsgbuf	*ibuf = d;
+	struct imsg	 imsg;
+	ssize_t		 n, datalen;
+	char		*msg;
+
+	if ((n = imsg_read(ibuf)) == -1) {
+		if (errno == EAGAIN || errno == EWOULDBLOCK)
+			return;
+                err(1, "imsg_read");
+	}
+	if (n == 0)
+		errx(1, "connection lost?");
+
+	for (;;) {
+		if ((n = imsg_get(ibuf, &imsg)) == -1)
+			err(1, "read error");
+		if (n == 0)
+			return;
+
+		datalen = imsg.hdr.len - IMSG_HEADER_SIZE;
+		msg = imsg.data;
+		msg[datalen] = '\0';
+
+		/* ignore imsg.hdr.type for now */
+		if (conf.foreground)
+			fprintf(stderr, "%s\n", msg);
+		else
+			syslog(LOG_DAEMON, "%s", msg);
+
+		imsg_free(&imsg);
+	}
 }
+
+static int
+logger_main(int fd, struct imsgbuf *ibuf)
+{
+	event_init();
+
+	event_set(&inlog, fd, EV_READ | EV_PERSIST, &handle_log, ibuf);
+	event_add(&inlog, NULL);
+
+#ifdef __OpenBSD__
+	if (pledge("stdio", NULL) == -1)
+		err(1, "pledge");
+#endif
+
+	event_dispatch();
+
+	return 0;
+}
+
+void
+logger_init(void)
+{
+	int p[2];
+
+	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, p) == -1)
+		err(1, "socketpair");
+
+	switch (fork()) {
+	case -1:
+		err(1, "fork");
+	case 0:
+		logfd = p[1];
+		close(p[0]);
+		setproctitle("logger");
+		imsg_init(&child_ibuf, p[1]);
+		drop_priv();
+		_exit(logger_main(p[1], &child_ibuf));
+	default:
+		logfd = p[0];
+		close(p[1]);
+		imsg_init(&parent_ibuf, p[0]);
+		return;
+	}
+}
blob - 9baec82cc53c0a2ae54f60e6d4bd5a0c40607167
blob + f7ec9499364460768e71df7e672ae1240bbfbecc
--- sandbox.c
+++ sandbox.c
@@ -190,12 +190,6 @@ sandbox()
 
 		SC_ALLOW(exit),
 		SC_ALLOW(exit_group),
-
-		/* stuff used by syslog.  revisit once we move
-		 * logging in its own process */
-		SC_ALLOW(socket),
-		SC_ALLOW(sendto),
-		SC_ALLOW(connect),
 
 		/* allow only F_GETFL, F_SETFL & F_SETFD fcntl */
 		BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, __NR_fcntl, 0, 8),