/*	$OpenBSD: syslogd.c,v 1.253 2017/10/23 17:16:35 bluhm Exp $	*/

/*

 * Copyright (c) 2014-2017 Alexander Bluhm <bluhm@genua.de>

 *

 * Permission to use, copy, modify, and distribute this software for any

 * purpose with or without fee is hereby granted, provided that the above

 * copyright notice and this permission notice appear in all copies.

 *

 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

 */

/*

 * Copyright (c) 1983, 1988, 1993, 1994

 *	The Regents of the University of California.  All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 * 1. Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in the

 *    documentation and/or other materials provided with the distribution.

 * 3. Neither the name of the University nor the names of its contributors

 *    may be used to endorse or promote products derived from this software

 *    without specific prior written permission.

 *

 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND

 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE

 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

 * SUCH DAMAGE.

 */

/*

 *  syslogd -- log system messages

 *

 * This program implements a system log. It takes a series of lines.

 * Each line may have a priority, signified as "<n>" as

 * the first characters of the line.  If this is

 * not present, a default priority is used.

 *

 * To kill syslogd, send a signal 15 (terminate).  A signal 1 (hup) will

 * cause it to reread its configuration file.

 *

 * Defined Constants:

 *

 * MAXLINE -- the maximum line length that can be handled.

 * DEFUPRI -- the default priority for user messages

 * DEFSPRI -- the default priority for kernel messages

 *

 * Author: Eric Allman

 * extensive changes by Ralph Campbell

 * more extensive changes by Eric Allman (again)

 * memory buffer logging by Damien Miller

 * IPv6, libevent, syslog over TCP and TLS by Alexander Bluhm

 */

#define MAX_UDPMSG	1180		/* maximum UDP send size */

#define MIN_MEMBUF	(LOG_MAXLINE * 4) /* Minimum memory buffer size */

#define MAX_MEMBUF	(256 * 1024)	/* Maximum memory buffer size */

#define MAX_MEMBUF_NAME	64		/* Max length of membuf log name */

#define MAX_TCPBUF	(256 * 1024)	/* Maximum tcp event buffer size */

#define	MAXSVLINE	120		/* maximum saved line length */

#define FD_RESERVE	5		/* file descriptors not accepted */

#define DEFUPRI		(LOG_USER|LOG_NOTICE)

#define DEFSPRI		(LOG_KERN|LOG_CRIT)

#define TIMERINTVL	30		/* interval for checking flush, mark */

#include <sys/ioctl.h>

#include <sys/stat.h>

#include <sys/msgbuf.h>

#include <sys/queue.h>

#include <sys/sysctl.h>

#include <sys/un.h>

#include <sys/time.h>

#include <sys/resource.h>

#include <netinet/in.h>

#include <netdb.h>

#include <arpa/inet.h>

#include <ctype.h>

#include <err.h>

#include <errno.h>

#include <event.h>

#include <fcntl.h>

#include <limits.h>

#include <paths.h>

#include <signal.h>

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

#include <tls.h>

#include <unistd.h>

#include <utmp.h>

#include <vis.h>

#define MAXIMUM(a, b)	(((a) > (b)) ? (a) : (b))

#define MINIMUM(a, b)	(((a) < (b)) ? (a) : (b))

#define SYSLOG_NAMES

#include <sys/syslog.h>

#include "log.h"

#include "syslogd.h"

#include "evbuffer_tls.h"

char *ConfFile = _PATH_LOGCONF;

const char ctty[] = _PATH_CONSOLE;

#define MAXUNAMES	20	/* maximum number of user names */

/*

 * Flags to logline().

 */

#define IGN_CONS	0x001	/* don't print on console */

#define SYNC_FILE	0x002	/* do fsync on file after printing */

#define ADDDATE		0x004	/* add a date to the message */

#define MARK		0x008	/* this message is a mark */

/*

 * This structure represents the files that will have log

 * copies printed.

 */

struct filed {

	SIMPLEQ_ENTRY(filed) f_next;	/* next in linked list */

	int	f_type;			/* entry type, see below */

	int	f_file;			/* file descriptor */

	time_t	f_time;			/* time this was last written */

	u_char	f_pmask[LOG_NFACILITIES+1];	/* priority mask */

	char	*f_program;		/* program this applies to */

	char	*f_hostname;		/* host this applies to */

	union {

		char	f_uname[MAXUNAMES][UT_NAMESIZE+1];

		struct {

			char	f_loghost[1+4+3+1+NI_MAXHOST+1+NI_MAXSERV];

				/* @proto46://[hostname]:servname\0 */

			struct sockaddr_storage	 f_addr;

			struct buffertls	 f_buftls;

			struct bufferevent	*f_bufev;

			struct tls		*f_ctx;

			char			*f_host;

			int			 f_reconnectwait;

		} f_forw;		/* forwarding address */

		char	f_fname[PATH_MAX];

		struct {

			char	f_mname[MAX_MEMBUF_NAME];

			struct ringbuf *f_rb;

			int	f_overflow;

			int	f_attached;

			size_t	f_len;

		} f_mb;		/* Memory buffer */

	} f_un;

	char	f_prevline[MAXSVLINE];		/* last message logged */

	char	f_lasttime[33];			/* time of last occurrence */

	char	f_prevhost[HOST_NAME_MAX+1];	/* host from which recd. */

	int	f_prevpri;			/* pri of f_prevline */

	int	f_prevlen;			/* length of f_prevline */

	int	f_prevcount;			/* repetition cnt of prevline */

	unsigned int f_repeatcount;		/* number of "repeated" msgs */

	int	f_quick;			/* abort when matched */

	int	f_dropped;			/* warn, dropped message */

	time_t	f_lasterrtime;			/* last error was reported */

};

/*

 * Intervals at which we flush out "message repeated" messages,

 * in seconds after previous message is logged.  After each flush,

 * we move to the next interval until we reach the largest.

 */

int	repeatinterval[] = { 30, 120, 600 };	/* # of secs before flush */

#define	MAXREPEAT ((sizeof(repeatinterval) / sizeof(repeatinterval[0])) - 1)

#define	REPEATTIME(f)	((f)->f_time + repeatinterval[(f)->f_repeatcount])

#define	BACKOFF(f)	{ if (++(f)->f_repeatcount > MAXREPEAT) \

				(f)->f_repeatcount = MAXREPEAT; \

			}

/* values for f_type */

#define F_UNUSED	0		/* unused entry */

#define F_FILE		1		/* regular file */

#define F_TTY		2		/* terminal */

#define F_CONSOLE	3		/* console terminal */

#define F_FORWUDP	4		/* remote machine via UDP */

#define F_USERS		5		/* list of users */

#define F_WALL		6		/* everyone logged on */

#define F_MEMBUF	7		/* memory buffer */

#define F_PIPE		8		/* pipe to external program */

#define F_FORWTCP	9		/* remote machine via TCP */

#define F_FORWTLS	10		/* remote machine via TLS */

char	*TypeNames[] = {

	"UNUSED",	"FILE",		"TTY",		"CONSOLE",

	"FORWUDP",	"USERS",	"WALL",		"MEMBUF",

	"PIPE",		"FORWTCP",	"FORWTLS",

};

SIMPLEQ_HEAD(filed_list, filed) Files;

struct	filed consfile;

int	nunix;			/* Number of Unix domain sockets requested */

char	**path_unix;		/* Paths to Unix domain sockets */

int	Debug;			/* debug flag */

int	Foreground;		/* run in foreground, instead of daemonizing */

char	LocalHostName[HOST_NAME_MAX+1];	/* our hostname */

char	*LocalDomain;		/* our local domain name */

int	Started = 0;		/* set after privsep */

int	Initialized = 0;	/* set when we have initialized ourselves */

int	MarkInterval = 20 * 60;	/* interval between marks in seconds */

int	MarkSeq = 0;		/* mark sequence number */

int	PrivChild = 0;		/* Exec the privileged parent process */

int	Repeat = 0;		/* 0 msg repeated, 1 in files only, 2 never */

int	SecureMode = 1;		/* when true, speak only unix domain socks */

int	NoDNS = 0;		/* when true, refrain from doing DNS lookups */

int	ZuluTime = 0;		/* display date and time in UTC ISO format */

int	IncludeHostname = 0;	/* include RFC 3164 hostnames when forwarding */

int	Family = PF_UNSPEC;	/* protocol family, may disable IPv4 or IPv6 */

char	*path_ctlsock = NULL;	/* Path to control socket */

struct	tls *server_ctx;

struct	tls_config *client_config, *server_config;

const char *CAfile = "/etc/ssl/cert.pem"; /* file containing CA certificates */

int	NoVerify = 0;		/* do not verify TLS server x509 certificate */

const char *ClientCertfile = NULL;

const char *ClientKeyfile = NULL;

const char *ServerCAfile = NULL;

int	tcpbuf_dropped = 0;	/* count messages dropped from TCP or TLS */

int	file_dropped = 0;	/* messages dropped due to file system full */

int	init_dropped = 0;	/* messages dropped during initialization */

#define CTL_READING_CMD		1

#define CTL_WRITING_REPLY	2

#define CTL_WRITING_CONT_REPLY	3

int	ctl_state = 0;		/* What the control socket is up to */

int	membuf_drop = 0;	/* logs dropped in continuous membuf read */

/*

 * Client protocol NB. all numeric fields in network byte order

 */

#define CTL_VERSION		2

/* Request */

struct	{

	u_int32_t	version;

#define CMD_READ	1	/* Read out log */

#define CMD_READ_CLEAR	2	/* Read and clear log */

#define CMD_CLEAR	3	/* Clear log */

#define CMD_LIST	4	/* List available logs */

#define CMD_FLAGS	5	/* Query flags only */

#define CMD_READ_CONT	6	/* Read out log continuously */

	u_int32_t	cmd;

	u_int32_t	lines;

	char		logname[MAX_MEMBUF_NAME];

}	ctl_cmd;

size_t	ctl_cmd_bytes = 0;	/* number of bytes of ctl_cmd read */

/* Reply */

struct ctl_reply_hdr {

	u_int32_t	version;

#define CTL_HDR_FLAG_OVERFLOW	0x01

	u_int32_t	flags;

	/* Reply text follows, up to MAX_MEMBUF long */

};

#define CTL_HDR_LEN		(sizeof(struct ctl_reply_hdr))

#define CTL_REPLY_MAXSIZE	(CTL_HDR_LEN + MAX_MEMBUF)

#define CTL_REPLY_SIZE		(strlen(reply_text) + CTL_HDR_LEN)

char	*ctl_reply = NULL;	/* Buffer for control connection reply */

char	*reply_text;		/* Start of reply text in buffer */

size_t	ctl_reply_size = 0;	/* Number of bytes used in reply */

size_t	ctl_reply_offset = 0;	/* Number of bytes of reply written so far */

char	*linebuf;

int	 linesize;

int		 fd_ctlconn, fd_udp, fd_udp6, send_udp, send_udp6;

struct event	*ev_ctlaccept, *ev_ctlread, *ev_ctlwrite;

struct peer {

	struct buffertls	 p_buftls;

	struct bufferevent	*p_bufev;

	struct tls		*p_ctx;

	char			*p_peername;

	char			*p_hostname;

	int			 p_fd;

};

char hostname_unknown[] = "???";

void	 klog_readcb(int, short, void *);

void	 udp_readcb(int, short, void *);

void	 unix_readcb(int, short, void *);

int	 reserve_accept4(int, int, struct event *,

    void (*)(int, short, void *), struct sockaddr *, socklen_t *, int);

void	 tcp_acceptcb(int, short, void *);

void	 tls_acceptcb(int, short, void *);

void	 acceptcb(int, short, void *, int);

int	 octet_counting(struct evbuffer *, char **, int);

int	 non_transparent_framing(struct evbuffer *, char **);

void	 tcp_readcb(struct bufferevent *, void *);

void	 tcp_closecb(struct bufferevent *, short, void *);

int	 tcp_socket(struct filed *);

void	 tcp_dropcb(struct bufferevent *, void *);

void	 tcp_writecb(struct bufferevent *, void *);

void	 tcp_errorcb(struct bufferevent *, short, void *);

void	 tcp_connectcb(int, short, void *);

void	 tcp_connect_retry(struct bufferevent *, struct filed *);

int	 tcpbuf_countmsg(struct bufferevent *bufev);

void	 die_signalcb(int, short, void *);

void	 mark_timercb(int, short, void *);

void	 init_signalcb(int, short, void *);

void	 ctlsock_acceptcb(int, short, void *);

void	 ctlconn_readcb(int, short, void *);

void	 ctlconn_writecb(int, short, void *);

void	 ctlconn_logto(char *);

void	 ctlconn_cleanup(void);

struct filed *cfline(char *, char *, char *);

void	cvthname(struct sockaddr *, char *, size_t);

int	decode(const char *, const CODE *);

void	markit(void);

void	fprintlog(struct filed *, int, char *);

void	dropped_warn(int *, const char *);

void	init(void);

void	logevent(int, const char *);

void	logline(int, int, char *, char *);

struct filed *find_dup(struct filed *);

size_t	parsepriority(const char *, int *);

void	printline(char *, char *);

void	printsys(char *);

void	usage(void);

void	wallmsg(struct filed *, struct iovec *);

int	loghost_parse(char *, char **, char **, char **);

int	getmsgbufsize(void);

void	address_alloc(const char *, const char *, char ***, char ***, int *);

int	socket_bind(const char *, const char *, const char *, int,

    int *, int *);

int	unix_socket(char *, int, mode_t);

void	double_sockbuf(int, int);

void	set_sockbuf(int);

void	tailify_replytext(char *, int);

int

main(int argc, char *argv[])

{

	struct event	*ev_klog, *ev_sendsys, *ev_udp, *ev_udp6,

			*ev_bind, *ev_listen, *ev_tls, *ev_unix,

			*ev_hup, *ev_int, *ev_quit, *ev_term, *ev_mark;

	int		 ch, i;

	int		 fd_ctlsock, fd_klog, fd_sendsys, *fd_bind, *fd_listen;

	/* block signal until handler is set up */

	tls_hostport = NULL;

		case '4':		/* disable IPv6 */

		case '6':		/* disable IPv4 */

		case 'a':

		case 'C':		/* file containing CA certificates */

		case 'c':		/* file containing client certificate */

		case 'd':		/* debug */

		case 'F':		/* foreground */

		case 'f':		/* configuration file */

		case 'h':		/* RFC 3164 hostnames */

		case 'K':		/* verify client with CA file */

		case 'k':		/* file containing client key */

		case 'm':		/* mark interval */

		case 'n':		/* don't do DNS lookups */

		case 'P':		/* used internally, exec the parent */

			break;

		case 'p':		/* path */

		case 'r':

		case 'S':		/* allow tls and listen on address */

			    &ntls);

		case 's':

		case 'T':		/* allow tcp and listen on address */

			    &listen_port, &nlisten);

		case 'U':		/* allow udp only from address */

			    &nbind);

		case 'u':		/* allow udp input port */

		case 'V':		/* do not verify certificates */

		case 'Z':		/* time stamps in UTC ISO format */

		default:

		}

	}

	}

	    sizeof(consfile.f_un.f_fname));

		LocalDomain = "";

	/* Reserve space for kernel message buffer plus buffer full message. */

		linesize = LOG_MAXLINE;

	}

	}

	}

			continue;

		}

	}

		fd_sendsys = -1;

	}

				fd_ctlsock = -1;

			}

		}

	}

		/* Use /dev/klog to register sendsyslog(2) receiver. */

	}

				fd_tls = NULL;

			}

		}

	}

				/* avoid reading default certs in chroot */

		}

			else

			else

		}

	}

				continue;

			}

				continue;

			}

		}

				/* avoid reading default certs in chroot */

		}

			fd_tls = NULL;

		}

	}

		case -1:

		case 0:

			break;

		default:

		}

	}

	/* tuck my process id away */

		FILE *fp;

		}

	}

	/* Privilege separation begins here */

	/* Process is now unprivileged and inside a chroot */

	    ev_sendsys);

	/* Allocate ctl socket reply buffer if we have a ctl socket */

	}

	/*

	 * Signal to the priv process that the initial config parsing is done

	 * so that it will reject any future attempts to open more files

	 */

	} else {

		/*

		 * If generic UDP file descriptors are used neither

		 * for receiving nor for sending, close them.  Then

		 * there is no useless *.514 in netstat.

		 */

		}

		}

	}

	}

	/* NOTREACHED */

}

void

address_alloc(const char *name, const char *address, char ***host,

    char ***port, int *num)

{

	char *p;

	/* do not care about memory leak, argv has to be preserved */

int

socket_bind(const char *proto, const char *host, const char *port,

    int shutread, int *fd, int *fd6)

{

		hints.ai_socktype = SOCK_DGRAM;

		hints.ai_protocol = IPPROTO_UDP;

	} else {

		hints.ai_socktype = SOCK_STREAM;

		hints.ai_protocol = IPPROTO_TCP;

	}

	}

		case AF_INET:

			fdp = fd;

		case AF_INET6:

			fdp = fd6;

		default:

			continue;

		}

			continue;

			continue;

		}

			    "protocol %d, address %s, portnum %s",