commit 226f13ece0b309abeee0ae8a4d8c9f049fe896a7 from: Omar Polo date: Mon Jul 24 08:50:49 2023 UTC add ability to log to files with log access commit - 3826d7de43d3b9078c5e18e0074799a3a9ee682e commit + 226f13ece0b309abeee0ae8a4d8c9f049fe896a7 blob - d939839f11b24c07652588fa75b81db20025b4d3 blob + 753bb7267b7a86e0c7c8568d4f0cc2c0892f5a9e --- config.c +++ config.c @@ -69,6 +69,7 @@ config_purge(struct conf *conf) ps = conf->ps; use_privsep_crypto = conf->use_privsep_crypto; + free(conf->log_access); free_mime(&conf->mime); TAILQ_FOREACH_SAFE(f, &conf->fcgi, fcgi, tf) { TAILQ_REMOVE(&conf->fcgi, f, fcgi); blob - 663de426bfd7c13107510938e06c320df759965f blob + 6a7132c19fdb68aaecf8d099ef114d99e1c5b41c --- gmid.c +++ gmid.c @@ -320,6 +320,16 @@ static int main_configure(struct conf *conf) { struct privsep *ps = conf->ps; + int fd = -1; + + if (!debug) { + if (conf->log_access && (fd = open(conf->log_access, + O_WRONLY|O_CREAT|O_APPEND, 0600)) == -1) + log_warn("can't open %s", conf->log_access); + if (proc_compose_imsg(ps, PROC_LOGGER, -1, IMSG_LOG_TYPE, + -1, fd, NULL, 0) == -1) + return -1; + } conf->reload = conf->prefork + 1; /* servers, crypto */ blob - 0a1c175d0479b48648a7f6a79797e380d23d79a1 blob + dda781cdcdaf9f808a06c94e2e1e810d9f0790c6 --- gmid.conf.5 +++ gmid.conf.5 @@ -129,6 +129,18 @@ paths. Defaults to the .Ic user home directory, if provided. +.It Ic log Ar options +Specify logging options. +Multiple options may be provided within curly braces. +The available options are as follows: +.Bl -tag -width Ds +.It Ic syslog +Log to syslog. +This is the default behaviour. +.It Ic access Ar file +Log the requests to +.Ar file . +.El .It Ic prefork Ar number Run the specified number of server processes. This increases the performance and prevents delays when connecting to blob - fbeeecbd11131d3f6ed77d79cf22e6e926f7cb8d blob + 734ad54ee4b25530727537e969aaeb313b944ca2 --- gmid.h +++ gmid.h @@ -241,6 +241,7 @@ struct conf { char user[LOGIN_NAME_MAX]; int prefork; int reload; + char *log_access; int use_privsep_crypto; struct fcgihead fcgi; blob - 479c094fcd564cd9c1d5a60a456c3cd20fb51160 blob + 674437b99bf55b57b54204be396b4a192fc14197 --- parse.y +++ parse.y @@ -122,7 +122,7 @@ typedef struct { /* for bison: */ /* %define parse.error verbose */ -%token ALIAS AUTO +%token ACCESS ALIAS AUTO %token BLOCK %token CA CERT CHROOT CLIENT %token DEFAULT @@ -133,7 +133,7 @@ typedef struct { %token OCSP OFF ON %token PARAM PORT PREFORK PROTO PROTOCOLS PROXY %token RELAY_TO REQUIRE RETURN ROOT -%token SERVER SNI SOCKET STRIP +%token SERVER SNI SOCKET STRIP SYSLOG %token TCP TOEXT TYPE TYPES %token USE_TLS USER %token VERIFYNAME @@ -232,6 +232,7 @@ option : CHROOT string { else default_host = "0.0.0.0"; } + | log | PORT NUM { yywarn("option `port' is deprecated," " please use `listen on'"); @@ -249,8 +250,26 @@ option : CHROOT string { yyerror("user name too long"); free($2); } + ; + +log : LOG '{' optnl logopts '}' + | LOG logopt ; +logopts : /* empty */ + | logopts logopt optnl + ; + +logopt : SYSLOG { + free(conf->log_access); + conf->log_access = NULL; + } + | ACCESS string { + free(conf->log_access); + conf->log_access = $2; + } + ; + vhost : SERVER string { host = new_vhost(); TAILQ_INSERT_HEAD(&conf->hosts, host, vhosts); @@ -576,6 +595,7 @@ static const struct keyword { int token; } keywords[] = { /* these MUST be sorted */ + {"access", ACCESS}, {"alias", ALIAS}, {"auto", AUTO}, {"block", BLOCK}, @@ -611,6 +631,7 @@ static const struct keyword { {"sni", SNI}, {"socket", SOCKET}, {"strip", STRIP}, + {"syslog", SYSLOG}, {"tcp", TCP}, {"to-ext", TOEXT}, {"type", TYPE}, blob - 57ed6d856157cdc4192ca340f8b103f32bf8eff2 blob + 0e7e4ada9d08a1068809c56aa8cfb75d00b8f3e1 --- sandbox.c +++ sandbox.c @@ -24,7 +24,7 @@ void sandbox_main_process(void) { - if (pledge("stdio rpath inet dns sendfd", NULL) == -1) + if (pledge("stdio rpath wpath cpath inet dns sendfd", NULL) == -1) fatal("pledge"); }