summaryrefslogtreecommitdiff
path: root/src/journal-remote
diff options
context:
space:
mode:
Diffstat (limited to 'src/journal-remote')
-rw-r--r--src/journal-remote/journal-gatewayd.c56
-rw-r--r--src/journal-remote/journal-remote-parse.c59
-rw-r--r--src/journal-remote/journal-remote-parse.h6
-rw-r--r--src/journal-remote/journal-remote-write.c2
-rw-r--r--src/journal-remote/journal-remote-write.h1
-rw-r--r--src/journal-remote/journal-remote.c150
-rw-r--r--src/journal-remote/journal-remote.h1
-rw-r--r--src/journal-remote/journal-upload.c2
-rw-r--r--src/journal-remote/microhttpd-util.c53
-rw-r--r--src/journal-remote/microhttpd-util.h16
10 files changed, 211 insertions, 135 deletions
diff --git a/src/journal-remote/journal-gatewayd.c b/src/journal-remote/journal-gatewayd.c
index 576f7cae7d..d9450ae8cd 100644
--- a/src/journal-remote/journal-gatewayd.c
+++ b/src/journal-remote/journal-gatewayd.c
@@ -42,6 +42,7 @@
#include "build.h"
#include "fileio.h"
#include "sigbus.h"
+#include "hostname-util.h"
static char *arg_key_pem = NULL;
static char *arg_cert_pem = NULL;
@@ -121,6 +122,26 @@ static int open_journal(RequestMeta *m) {
return sd_journal_open(&m->journal, SD_JOURNAL_LOCAL_ONLY|SD_JOURNAL_SYSTEM);
}
+static int request_meta_ensure_tmp(RequestMeta *m) {
+ if (m->tmp)
+ rewind(m->tmp);
+ else {
+ int fd;
+
+ fd = open_tmpfile("/tmp", O_RDWR|O_CLOEXEC);
+ if (fd < 0)
+ return fd;
+
+ m->tmp = fdopen(fd, "rw");
+ if (!m->tmp) {
+ safe_close(fd);
+ return -errno;
+ }
+ }
+
+ return 0;
+}
+
static ssize_t request_reader_entries(
void *cls,
uint64_t pos,
@@ -194,14 +215,10 @@ static ssize_t request_reader_entries(
m->n_skip = 0;
- if (m->tmp)
- rewind(m->tmp);
- else {
- m->tmp = tmpfile();
- if (!m->tmp) {
- log_error_errno(errno, "Failed to create temporary file: %m");
- return MHD_CONTENT_READER_END_WITH_ERROR;
- }
+ r = request_meta_ensure_tmp(m);
+ if (r < 0) {
+ log_error_errno(r, "Failed to create temporary file: %m");
+ return MHD_CONTENT_READER_END_WITH_ERROR;
}
r = output_journal(m->tmp, m->journal, m->mode, 0, OUTPUT_FULL_WIDTH, NULL);
@@ -555,14 +572,10 @@ static ssize_t request_reader_fields(
if (m->n_fields_set)
m->n_fields -= 1;
- if (m->tmp)
- rewind(m->tmp);
- else {
- m->tmp = tmpfile();
- if (!m->tmp) {
- log_error_errno(errno, "Failed to create temporary file: %m");
- return MHD_CONTENT_READER_END_WITH_ERROR;
- }
+ r = request_meta_ensure_tmp(m);
+ if (r < 0) {
+ log_error_errno(r, "Failed to create temporary file: %m");
+ return MHD_CONTENT_READER_END_WITH_ERROR;
}
r = output_field(m->tmp, m->mode, d, l);
@@ -736,7 +749,7 @@ static int request_handler_machine(
RequestMeta *m = connection_cls;
int r;
_cleanup_free_ char* hostname = NULL, *os_name = NULL;
- uint64_t cutoff_from = 0, cutoff_to = 0, usage;
+ uint64_t cutoff_from = 0, cutoff_to = 0, usage = 0;
char *json;
sd_id128_t mid, bid;
_cleanup_free_ char *v = NULL;
@@ -769,7 +782,7 @@ static int request_handler_machine(
return mhd_respondf(connection, MHD_HTTP_INTERNAL_SERVER_ERROR, "Failed to determine disk usage: %s\n", strerror(-r));
if (parse_env_file("/etc/os-release", NEWLINE, "PRETTY_NAME", &os_name, NULL) == -ENOENT)
- parse_env_file("/usr/lib/os-release", NEWLINE, "PRETTY_NAME", &os_name, NULL);
+ (void) parse_env_file("/usr/lib/os-release", NEWLINE, "PRETTY_NAME", &os_name, NULL);
get_virtualization(&v);
@@ -982,10 +995,9 @@ int main(int argc, char *argv[]) {
sigbus_install();
-#ifdef HAVE_GNUTLS
- gnutls_global_set_log_function(log_func_gnutls);
- log_reset_gnutls_level();
-#endif
+ r = setup_gnutls_logger(NULL);
+ if (r < 0)
+ return EXIT_FAILURE;
n = sd_listen_fds(1);
if (n < 0) {
diff --git a/src/journal-remote/journal-remote-parse.c b/src/journal-remote/journal-remote-parse.c
index d9dea8deb0..5ff05d3ad6 100644
--- a/src/journal-remote/journal-remote-parse.c
+++ b/src/journal-remote/journal-remote-parse.c
@@ -41,6 +41,7 @@ void source_free(RemoteSource *source) {
writer_unref(source->writer);
sd_event_source_unref(source->event);
+ sd_event_source_unref(source->buffer_event);
free(source);
}
@@ -111,21 +112,26 @@ static int get_line(RemoteSource *source, char **line, size_t *size) {
if (source->passive_fd)
/* we have to wait for some data to come to us */
- return -EWOULDBLOCK;
+ return -EAGAIN;
+ /* We know that source->filled is at most DATA_SIZE_MAX, so if
+ we reallocate it, we'll increase the size at least a bit. */
+ assert_cc(DATA_SIZE_MAX < ENTRY_SIZE_MAX);
if (source->size - source->filled < LINE_CHUNK &&
- !realloc_buffer(source,
- MIN(source->filled + LINE_CHUNK, ENTRY_SIZE_MAX)))
+ !realloc_buffer(source, MIN(source->filled + LINE_CHUNK, ENTRY_SIZE_MAX)))
return log_oom();
+ assert(source->buf);
assert(source->size - source->filled >= LINE_CHUNK ||
source->size == ENTRY_SIZE_MAX);
- n = read(source->fd, source->buf + source->filled,
+ n = read(source->fd,
+ source->buf + source->filled,
source->size - source->filled);
if (n < 0) {
- if (errno != EAGAIN && errno != EWOULDBLOCK)
- log_error_errno(errno, "read(%d, ..., %zu): %m", source->fd,
+ if (errno != EAGAIN)
+ log_error_errno(errno, "read(%d, ..., %zu): %m",
+ source->fd,
source->size - source->filled);
return -errno;
} else if (n == 0)
@@ -177,7 +183,7 @@ static int fill_fixed_size(RemoteSource *source, void **data, size_t size) {
if (source->passive_fd)
/* we have to wait for some data to come to us */
- return -EWOULDBLOCK;
+ return -EAGAIN;
if (!realloc_buffer(source, source->offset + size))
return log_oom();
@@ -185,7 +191,7 @@ static int fill_fixed_size(RemoteSource *source, void **data, size_t size) {
n = read(source->fd, source->buf + source->filled,
source->size - source->filled);
if (n < 0) {
- if (errno != EAGAIN && errno != EWOULDBLOCK)
+ if (errno != EAGAIN)
log_error_errno(errno, "read(%d, ..., %zu): %m", source->fd,
source->size - source->filled);
return -errno;
@@ -309,13 +315,13 @@ static int process_dunder(RemoteSource *source, char *line, size_t n) {
return 0;
}
-int process_data(RemoteSource *source) {
+static int process_data(RemoteSource *source) {
int r;
switch(source->state) {
case STATE_LINE: {
char *line, *sep;
- size_t n;
+ size_t n = 0;
assert(source->data_size == 0);
@@ -344,22 +350,25 @@ int process_data(RemoteSource *source) {
LLLLLLLL0011223344...\n
*/
sep = memchr(line, '=', n);
- if (sep)
+ if (sep) {
/* chomp newline */
n--;
- else
+
+ r = iovw_put(&source->iovw, line, n);
+ if (r < 0)
+ return r;
+ } else {
/* replace \n with = */
line[n-1] = '=';
- log_trace("Received: %.*s", (int) n, line);
- r = iovw_put(&source->iovw, line, n);
- if (r < 0) {
- log_error("Failed to put line in iovect");
- return r;
+ source->field_len = n;
+ source->state = STATE_DATA_START;
+
+ /* we cannot put the field in iovec until we have all data */
}
- if (!sep)
- source->state = STATE_DATA_START;
+ log_trace("Received: %.*s (%s)", (int) n, line, sep ? "text" : "binary");
+
return 0; /* continue */
}
@@ -382,6 +391,7 @@ int process_data(RemoteSource *source) {
case STATE_DATA: {
void *data;
+ char *field;
assert(source->data_size > 0);
@@ -396,11 +406,12 @@ int process_data(RemoteSource *source) {
assert(data);
- r = iovw_put(&source->iovw, data, source->data_size);
- if (r < 0) {
- log_error("failed to put binary buffer in iovect");
+ field = (char*) data - sizeof(uint64_t) - source->field_len;
+ memmove(field + sizeof(uint64_t), field, source->field_len);
+
+ r = iovw_put(&source->iovw, field + sizeof(uint64_t), source->field_len + source->data_size);
+ if (r < 0)
return r;
- }
source->state = STATE_DATA_FINISH;
@@ -438,7 +449,7 @@ int process_source(RemoteSource *source, bool compress, bool seal) {
return r;
/* We have a full event */
- log_trace("Received a full event from source@%p fd:%d (%s)",
+ log_trace("Received full event from source@%p fd:%d (%s)",
source, source->fd, source->name);
if (!source->iovw.count) {
diff --git a/src/journal-remote/journal-remote-parse.h b/src/journal-remote/journal-remote-parse.h
index 8499f4eb82..14bfadc132 100644
--- a/src/journal-remote/journal-remote-parse.h
+++ b/src/journal-remote/journal-remote-parse.h
@@ -42,7 +42,9 @@ typedef struct RemoteSource {
size_t offset; /* offset to the beginning of live data in the buffer */
size_t scanned; /* number of bytes since the beginning of data without a newline */
size_t filled; /* total number of bytes in the buffer */
- size_t data_size; /* size of the binary data chunk being processed */
+
+ size_t field_len; /* used for binary fields: the field name length */
+ size_t data_size; /* and the size of the binary data chunk being processed */
struct iovec_wrapper iovw;
@@ -52,6 +54,7 @@ typedef struct RemoteSource {
Writer *writer;
sd_event_source *event;
+ sd_event_source *buffer_event;
} RemoteSource;
RemoteSource* source_new(int fd, bool passive_fd, char *name, Writer *writer);
@@ -63,6 +66,5 @@ static inline size_t source_non_empty(RemoteSource *source) {
}
void source_free(RemoteSource *source);
-int process_data(RemoteSource *source);
int push_data(RemoteSource *source, const char *data, size_t size);
int process_source(RemoteSource *source, bool compress, bool seal);
diff --git a/src/journal-remote/journal-remote-write.c b/src/journal-remote/journal-remote-write.c
index df30049397..99820fa7b8 100644
--- a/src/journal-remote/journal-remote-write.c
+++ b/src/journal-remote/journal-remote-write.c
@@ -156,7 +156,7 @@ int writer_write(Writer *w,
if (r < 0)
return r;
else
- log_info("%s: Successfully rotated journal", w->journal->path);
+ log_debug("%s: Successfully rotated journal", w->journal->path);
log_debug("Retrying write.");
r = journal_file_append_entry(w->journal, ts, iovw->iovec, iovw->count,
diff --git a/src/journal-remote/journal-remote-write.h b/src/journal-remote/journal-remote-write.h
index aa381c661e..7f47f8b014 100644
--- a/src/journal-remote/journal-remote-write.h
+++ b/src/journal-remote/journal-remote-write.h
@@ -21,7 +21,6 @@
#pragma once
-#include <stdlib.h>
#include "journal-file.h"
diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c
index 8f32a9a988..911e2a178b 100644
--- a/src/journal-remote/journal-remote.c
+++ b/src/journal-remote/journal-remote.c
@@ -26,22 +26,19 @@
#include <string.h>
#include <sys/prctl.h>
#include <sys/socket.h>
-#include <sys/stat.h>
-#include <sys/types.h>
#include <unistd.h>
#include <getopt.h>
#include "sd-daemon.h"
+#include "signal-util.h"
#include "journal-file.h"
#include "journald-native.h"
#include "socket-util.h"
-#include "mkdir.h"
#include "build.h"
#include "macro.h"
#include "strv.h"
#include "fileio.h"
#include "conf-parser.h"
-#include "siphash24.h"
#ifdef HAVE_GNUTLS
#include <gnutls/gnutls.h>
@@ -147,7 +144,7 @@ static int spawn_getter(const char *getter, const char *url) {
_cleanup_strv_free_ char **words = NULL;
assert(getter);
- r = strv_split_quoted(&words, getter, false);
+ r = strv_split_quoted(&words, getter, 0);
if (r < 0)
return log_error_errno(r, "Failed to split getter option: %m");
@@ -207,7 +204,7 @@ static int open_output(Writer *w, const char* host) {
log_error_errno(r, "Failed to open output journal %s: %m",
output);
else
- log_info("Opened output file %s", w->journal->path);
+ log_debug("Opened output file %s", w->journal->path);
return r;
}
@@ -289,6 +286,8 @@ static int dispatch_raw_source_event(sd_event_source *event,
int fd,
uint32_t revents,
void *userdata);
+static int dispatch_raw_source_until_block(sd_event_source *event,
+ void *userdata);
static int dispatch_blocking_source_event(sd_event_source *event,
void *userdata);
static int dispatch_raw_connection_event(sd_event_source *event,
@@ -351,7 +350,7 @@ static int remove_source(RemoteServer *s, int fd) {
static int add_source(RemoteServer *s, int fd, char* name, bool own_name) {
- RemoteSource *source;
+ RemoteSource *source = NULL;
int r;
/* This takes ownership of name, even on failure, if own_name is true. */
@@ -376,8 +375,15 @@ static int add_source(RemoteServer *s, int fd, char* name, bool own_name) {
r = sd_event_add_io(s->events, &source->event,
fd, EPOLLIN|EPOLLRDHUP|EPOLLPRI,
- dispatch_raw_source_event, s);
- if (r == -EPERM) {
+ dispatch_raw_source_event, source);
+ if (r == 0) {
+ /* Add additional source for buffer processing. It will be
+ * enabled later. */
+ r = sd_event_add_defer(s->events, &source->buffer_event,
+ dispatch_raw_source_until_block, source);
+ if (r == 0)
+ sd_event_source_set_enabled(source->buffer_event, SD_EVENT_OFF);
+ } else if (r == -EPERM) {
log_debug("Falling back to sd_event_add_defer for fd:%d (%s)", fd, name);
r = sd_event_add_defer(s->events, &source->event,
dispatch_blocking_source_event, source);
@@ -511,7 +517,7 @@ static int process_http_upload(
while (true) {
r = process_source(source, arg_compress, arg_seal);
- if (r == -EAGAIN || r == -EWOULDBLOCK)
+ if (r == -EAGAIN)
break;
else if (r < 0) {
log_warning("Failed to process data for connection %p", connection);
@@ -693,7 +699,7 @@ static int setup_microhttpd_server(RemoteServer *s,
info = MHD_get_daemon_info(d->daemon, MHD_DAEMON_INFO_EPOLL_FD_LINUX_ONLY);
if (!info) {
log_error("µhttp returned NULL daemon info");
- r = -ENOTSUP;
+ r = -EOPNOTSUPP;
goto error;
}
@@ -747,7 +753,7 @@ static int setup_microhttpd_socket(RemoteServer *s,
const char *trust) {
int fd;
- fd = make_socket_fd(LOG_INFO, address, SOCK_STREAM | SOCK_CLOEXEC);
+ fd = make_socket_fd(LOG_DEBUG, address, SOCK_STREAM | SOCK_CLOEXEC);
if (fd < 0)
return fd;
@@ -844,7 +850,7 @@ static int remoteserver_init(RemoteServer *s,
if (n < 0)
return log_error_errno(n, "Failed to read listening file descriptors from environment: %m");
else
- log_info("Received %d descriptors", n);
+ log_debug("Received %d descriptors", n);
if (MAX(http_socket, https_socket) >= SD_LISTEN_FDS_START + n) {
log_error("Received fewer sockets than expected");
@@ -853,7 +859,7 @@ static int remoteserver_init(RemoteServer *s,
for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
if (sd_is_socket(fd, AF_UNSPEC, 0, true)) {
- log_info("Received a listening socket (fd:%d)", fd);
+ log_debug("Received a listening socket (fd:%d)", fd);
if (fd == http_socket)
r = setup_microhttpd_server(s, fd, NULL, NULL, NULL);
@@ -868,7 +874,7 @@ static int remoteserver_init(RemoteServer *s,
if (r < 0)
return log_error_errno(r, "Failed to retrieve remote name: %m");
- log_info("Received a connection socket (fd:%d) from %s", fd, hostname);
+ log_debug("Received a connection socket (fd:%d) from %s", fd, hostname);
r = add_source(s, fd, hostname, true);
} else {
@@ -908,7 +914,7 @@ static int remoteserver_init(RemoteServer *s,
}
if (arg_listen_raw) {
- log_info("Listening on a socket...");
+ log_debug("Listening on a socket...");
r = setup_raw_socket(s, arg_listen_raw);
if (r < 0)
return r;
@@ -930,12 +936,12 @@ static int remoteserver_init(RemoteServer *s,
const char *output_name;
if (streq(*file, "-")) {
- log_info("Using standard input as source.");
+ log_debug("Using standard input as source.");
fd = STDIN_FILENO;
output_name = "stdin";
} else {
- log_info("Reading file %s...", *file);
+ log_debug("Reading file %s...", *file);
fd = open(*file, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
if (fd < 0)
@@ -997,15 +1003,18 @@ static void server_destroy(RemoteServer *s) {
**********************************************************************
**********************************************************************/
-static int dispatch_raw_source_event(sd_event_source *event,
- int fd,
- uint32_t revents,
- void *userdata) {
+static int handle_raw_source(sd_event_source *event,
+ int fd,
+ uint32_t revents,
+ RemoteServer *s) {
- RemoteServer *s = userdata;
RemoteSource *source;
int r;
+ /* Returns 1 if there might be more data pending,
+ * 0 if data is currently exhausted, negative on error.
+ */
+
assert(fd >= 0 && fd < (ssize_t) s->sources_size);
source = s->sources[fd];
assert(source->fd == fd);
@@ -1014,33 +1023,70 @@ static int dispatch_raw_source_event(sd_event_source *event,
if (source->state == STATE_EOF) {
size_t remaining;
- log_info("EOF reached with source fd:%d (%s)",
- source->fd, source->name);
+ log_debug("EOF reached with source fd:%d (%s)",
+ source->fd, source->name);
remaining = source_non_empty(source);
if (remaining > 0)
- log_warning("Premature EOF. %zu bytes lost.", remaining);
+ log_notice("Premature EOF. %zu bytes lost.", remaining);
remove_source(s, source->fd);
- log_info("%zu active sources remaining", s->active);
+ log_debug("%zu active sources remaining", s->active);
return 0;
} else if (r == -E2BIG) {
- log_error("Entry too big, skipped");
+ log_notice_errno(E2BIG, "Entry too big, skipped");
return 1;
} else if (r == -EAGAIN) {
return 0;
} else if (r < 0) {
- log_info_errno(r, "Closing connection: %m");
+ log_debug_errno(r, "Closing connection: %m");
remove_source(server, fd);
return 0;
} else
return 1;
}
+static int dispatch_raw_source_until_block(sd_event_source *event,
+ void *userdata) {
+ RemoteSource *source = userdata;
+ int r;
+
+ /* Make sure event stays around even if source is destroyed */
+ sd_event_source_ref(event);
+
+ r = handle_raw_source(event, source->fd, EPOLLIN, server);
+ if (r != 1)
+ /* No more data for now */
+ sd_event_source_set_enabled(event, SD_EVENT_OFF);
+
+ sd_event_source_unref(event);
+
+ return r;
+}
+
+static int dispatch_raw_source_event(sd_event_source *event,
+ int fd,
+ uint32_t revents,
+ void *userdata) {
+ RemoteSource *source = userdata;
+ int r;
+
+ assert(source->event);
+ assert(source->buffer_event);
+
+ r = handle_raw_source(event, fd, EPOLLIN, server);
+ if (r == 1)
+ /* Might have more data. We need to rerun the handler
+ * until we are sure the buffer is exhausted. */
+ sd_event_source_set_enabled(source->buffer_event, SD_EVENT_ON);
+
+ return r;
+}
+
static int dispatch_blocking_source_event(sd_event_source *event,
void *userdata) {
RemoteSource *source = userdata;
- return dispatch_raw_source_event(event, source->fd, EPOLLIN, server);
+ return handle_raw_source(event, source->fd, EPOLLIN, server);
}
static int accept_connection(const char* type, int fd,
@@ -1071,10 +1117,10 @@ static int accept_connection(const char* type, int fd,
return r;
}
- log_info("Accepted %s %s connection from %s",
- type,
- socket_address_family(addr) == AF_INET ? "IP" : "IPv6",
- a);
+ log_debug("Accepted %s %s connection from %s",
+ type,
+ socket_address_family(addr) == AF_INET ? "IP" : "IPv6",
+ a);
*hostname = b;
@@ -1099,7 +1145,7 @@ static int dispatch_raw_connection_event(sd_event_source *event,
.size = sizeof(union sockaddr_union),
.type = SOCK_STREAM,
};
- char *hostname;
+ char *hostname = NULL;
fd2 = accept_connection("raw", fd, &addr, &hostname);
if (fd2 < 0)
@@ -1458,31 +1504,6 @@ static int load_certificates(char **key, char **cert, char **trust) {
return 0;
}
-static int setup_gnutls_logger(char **categories) {
- if (!arg_listen_http && !arg_listen_https)
- return 0;
-
-#ifdef HAVE_GNUTLS
- {
- char **cat;
- int r;
-
- gnutls_global_set_log_function(log_func_gnutls);
-
- if (categories) {
- STRV_FOREACH(cat, categories) {
- r = log_enable_gnutls_category(*cat);
- if (r < 0)
- return r;
- }
- } else
- log_reset_gnutls_level();
- }
-#endif
-
- return 0;
-}
-
int main(int argc, char **argv) {
RemoteServer s = {};
int r;
@@ -1499,9 +1520,12 @@ int main(int argc, char **argv) {
if (r <= 0)
return r == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
- r = setup_gnutls_logger(arg_gnutls_log);
- if (r < 0)
- return EXIT_FAILURE;
+
+ if (arg_listen_http || arg_listen_https) {
+ r = setup_gnutls_logger(arg_gnutls_log);
+ if (r < 0)
+ return EXIT_FAILURE;
+ }
if (arg_listen_https || https_socket >= 0)
if (load_certificates(&key, &cert, &trust) < 0)
diff --git a/src/journal-remote/journal-remote.h b/src/journal-remote/journal-remote.h
index 1cf22f6383..6c2ccb9735 100644
--- a/src/journal-remote/journal-remote.h
+++ b/src/journal-remote/journal-remote.h
@@ -21,7 +21,6 @@
#pragma once
-#include <inttypes.h>
#include "sd-event.h"
#include "hashmap.h"
diff --git a/src/journal-remote/journal-upload.c b/src/journal-remote/journal-upload.c
index 75bb434c08..ddb1ef0396 100644
--- a/src/journal-remote/journal-upload.c
+++ b/src/journal-remote/journal-upload.c
@@ -33,6 +33,8 @@
#include "mkdir.h"
#include "conf-parser.h"
#include "sigbus.h"
+#include "formats-util.h"
+#include "signal-util.h"
#include "journal-upload.h"
#define PRIV_KEY_FILE CERTIFICATE_ROOT "/private/journal-upload.pem"
diff --git a/src/journal-remote/microhttpd-util.c b/src/journal-remote/microhttpd-util.c
index 34d93379da..8a11fba044 100644
--- a/src/journal-remote/microhttpd-util.c
+++ b/src/journal-remote/microhttpd-util.c
@@ -121,7 +121,7 @@ static struct {
{ {"9", "enc", "int"}, LOG_DEBUG },
};
-void log_func_gnutls(int level, const char *message) {
+static void log_func_gnutls(int level, const char *message) {
assert_se(message);
if (0 <= level && level < (int) ELEMENTSOF(gnutls_log_map)) {
@@ -133,7 +133,18 @@ void log_func_gnutls(int level, const char *message) {
}
}
-int log_enable_gnutls_category(const char *cat) {
+static void log_reset_gnutls_level(void) {
+ int i;
+
+ for (i = ELEMENTSOF(gnutls_log_map) - 1; i >= 0; i--)
+ if (gnutls_log_map[i].enabled) {
+ log_debug("Setting gnutls log level to %d", i);
+ gnutls_global_set_log_level(i);
+ break;
+ }
+}
+
+static int log_enable_gnutls_category(const char *cat) {
unsigned i;
if (streq(cat, "all")) {
@@ -152,15 +163,22 @@ int log_enable_gnutls_category(const char *cat) {
return -EINVAL;
}
-void log_reset_gnutls_level(void) {
- int i;
+int setup_gnutls_logger(char **categories) {
+ char **cat;
+ int r;
- for (i = ELEMENTSOF(gnutls_log_map) - 1; i >= 0; i--)
- if (gnutls_log_map[i].enabled) {
- log_debug("Setting gnutls log level to %d", i);
- gnutls_global_set_log_level(i);
- break;
+ gnutls_global_set_log_function(log_func_gnutls);
+
+ if (categories) {
+ STRV_FOREACH(cat, categories) {
+ r = log_enable_gnutls_category(*cat);
+ if (r < 0)
+ return r;
}
+ } else
+ log_reset_gnutls_level();
+
+ return 0;
}
static int verify_cert_authorized(gnutls_session_t session) {
@@ -178,7 +196,8 @@ static int verify_cert_authorized(gnutls_session_t session) {
if (r < 0)
return log_error_errno(r, "gnutls_certificate_verification_status_print failed: %m");
- log_info("Certificate status: %s", out.data);
+ log_debug("Certificate status: %s", out.data);
+ gnutls_free(out.data);
return status == 0 ? 0 : -EPERM;
}
@@ -238,10 +257,14 @@ static int get_auth_dn(gnutls_x509_crt_t client_cert, char **buf) {
return 0;
}
+static inline void gnutls_x509_crt_deinitp(gnutls_x509_crt_t *p) {
+ gnutls_x509_crt_deinit(*p);
+}
+
int check_permissions(struct MHD_Connection *connection, int *code, char **hostname) {
const union MHD_ConnectionInfo *ci;
gnutls_session_t session;
- gnutls_x509_crt_t client_cert;
+ _cleanup_(gnutls_x509_crt_deinitp) gnutls_x509_crt_t client_cert = NULL;
_cleanup_free_ char *buf = NULL;
int r;
@@ -275,7 +298,7 @@ int check_permissions(struct MHD_Connection *connection, int *code, char **hostn
return -EPERM;
}
- log_info("Connection from %s", buf);
+ log_debug("Connection from %s", buf);
if (hostname) {
*hostname = buf;
@@ -295,4 +318,10 @@ int check_permissions(struct MHD_Connection *connection, int *code, char **hostn
int check_permissions(struct MHD_Connection *connection, int *code, char **hostname) {
return -EPERM;
}
+
+int setup_gnutls_logger(char **categories) {
+ if (categories)
+ log_notice("Ignoring specified gnutls logging categories — gnutls not available.");
+ return 0;
+}
#endif
diff --git a/src/journal-remote/microhttpd-util.h b/src/journal-remote/microhttpd-util.h
index c43d7f75a3..b2feb9180a 100644
--- a/src/journal-remote/microhttpd-util.h
+++ b/src/journal-remote/microhttpd-util.h
@@ -43,13 +43,11 @@ int mhd_respond_oom(struct MHD_Connection *connection);
int check_permissions(struct MHD_Connection *connection, int *code, char **hostname);
-#ifdef HAVE_GNUTLS
-void log_func_gnutls(int level, const char *message);
-int log_enable_gnutls_category(const char *cat);
-void log_reset_gnutls_level(void);
-
-/* This is additionally filtered by our internal log level, so it
- * should be set fairly high to capture all potentially interesting
- * events without overwhelming detail.
+/* Set gnutls internal logging function to a callback which uses our
+ * own logging framework.
+ *
+ * gnutls categories are additionally filtered by our internal log
+ * level, so it should be set fairly high to capture all potentially
+ * interesting events without overwhelming detail.
*/
-#endif
+int setup_gnutls_logger(char **categories);
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2025-01-06 22:45:20 +0000