1 files changed, 549 insertions, 0 deletions
diff --git a/plugins/imklog/imklog.c b/plugins/imklog/imklog.c
new file mode 100644
index 0000000..3935026
--- /dev/null
+++ b/plugins/imklog/imklog.c
@@ -0,0 +1,549 @@
+/* The kernel log module.
+ *
+ * This is an abstracted module. As Linux and BSD kernel log is conceptually the
+ * same, we do not do different input plugins for them but use
+ * imklog in both cases, just with different "backend drivers" for
+ * the different platforms. This also enables a rsyslog.conf to
+ * be used on multiple platforms without the need to take care of
+ * what the kernel log is coming from.
+ *
+ * See platform-specific files (e.g. linux.c, bsd.c) in the plugin's
+ * working directory. For other systems with similar kernel logging
+ * functionality, no new input plugin shall be written but rather a
+ * driver be developed for imklog. Please note that imklog itself is
+ * mostly concerned with handling the interface. Any real action happens
+ * in the drivers, as things may be pretty different on different
+ * platforms.
+ *
+ * Please note that this file replaces the klogd daemon that was
+ * also present in pre-v3 versions of rsyslog.
+ *
+ * To test under Linux:
+ * echo test1 > /dev/kmsg
+ *
+ * Copyright (C) 2008-2020 Adiscon GmbH
+ *
+ * This file is part of rsyslog.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *       -or-
+ *       see COPYING.ASL20 in the source distribution
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "config.h"
+#include "rsyslog.h"
+#include <stdio.h>
+#include <assert.h>
+#include <string.h>
+#include <stdarg.h>
+#include <ctype.h>
+#include <stdlib.h>
+#include <sys/socket.h>
+
+#include "dirty.h"
+#include "cfsysline.h"
+#include "parserif.h"
+#include "obj.h"
+#include "msg.h"
+#include "module-template.h"
+#include "datetime.h"
+#include "imklog.h"
+#include "net.h"
+#include "glbl.h"
+#include "prop.h"
+#include "errmsg.h"
+#include "unicode-helper.h"
+#include "ruleset.h"
+
+
+MODULE_TYPE_INPUT
+MODULE_TYPE_NOKEEP
+MODULE_CNFNAME("imklog")
+
+/* Module static data */
+DEF_IMOD_STATIC_DATA
+DEFobjCurrIf(datetime)
+DEFobjCurrIf(ruleset)
+DEFobjCurrIf(glbl)
+DEFobjCurrIf(prop)
+DEFobjCurrIf(net)
+
+/* config settings */
+typedef struct configSettings_s {
+	int bPermitNonKernel; /* permit logging of messages not having LOG_KERN facility */
+	int bParseKernelStamp; /* if try to parse kernel timestamps for message time */
+	int bKeepKernelStamp; /* keep the kernel timestamp in the message */
+	int iFacilIntMsg; /* the facility to use for internal messages (set by driver) */
+	uchar *pszPath;
+	int console_log_level; /* still used for BSD */
+	unsigned int ratelimitInterval;
+	unsigned int ratelimitBurst;
+} configSettings_t;
+static configSettings_t cs;
+
+static modConfData_t *loadModConf = NULL;/* modConf ptr to use for the current load process */
+static modConfData_t *runModConf = NULL;/* modConf ptr to use for the current load process */
+static int bLegacyCnfModGlobalsPermitted;/* are legacy module-global config parameters permitted? */
+
+/* module-global parameters */
+static struct cnfparamdescr modpdescr[] = {
+	{ "ruleset", eCmdHdlrString, 0 },
+	{ "logpath", eCmdHdlrGetWord, 0 },
+	{ "permitnonkernelfacility", eCmdHdlrBinary, 0 },
+	{ "consoleloglevel", eCmdHdlrInt, 0 },
+	{ "parsekerneltimestamp", eCmdHdlrBinary, 0 },
+	{ "keepkerneltimestamp", eCmdHdlrBinary, 0 },
+	{ "internalmsgfacility", eCmdHdlrFacility, 0 },
+	{ "ratelimitinterval", eCmdHdlrInt, 0 },
+	{ "ratelimitburst", eCmdHdlrInt, 0 }
+};
+static struct cnfparamblk modpblk =
+	{ CNFPARAMBLK_VERSION,
+	  sizeof(modpdescr)/sizeof(struct cnfparamdescr),
+	  modpdescr
+	};
+
+static prop_t *pInputName = NULL;
+/* there is only one global inputName for all messages generated by this module */
+static prop_t *pLocalHostIP = NULL;
+
+/** POTENTIAL COMMON CODE FOR RULESET CHECK **/
+static inline void std_mod_checkRuleset_genErrMsg(const modConfData_t *const modConf);
+static inline rsRetVal
+std_mod_checkRuleset(modConfData_t *const modConf)
+{
+	ruleset_t *pRuleset;
+	rsRetVal localRet;
+	DEFiRet;
+
+	modConf->pBindRuleset = NULL;	/* assume default ruleset */
+
+	if(modConf->pszBindRuleset == NULL)
+		FINALIZE;
+
+	localRet = ruleset.GetRuleset(modConf->pConf, &pRuleset, modConf->pszBindRuleset);
+	if(localRet == RS_RET_NOT_FOUND) {
+		std_mod_checkRuleset_genErrMsg(modConf);
+	}
+	CHKiRet(localRet);
+	modConf->pBindRuleset = pRuleset;
+
+finalize_it:
+	RETiRet;
+}
+/** END POTENTIAL COMMON CODE FOR RULESET CHECK **/
+static inline void
+std_mod_checkRuleset_genErrMsg(const modConfData_t *const modConf)
+{
+	LogError(0, NO_ERRCODE, "imklog: ruleset '%s' not found - "
+			"using default ruleset instead", modConf->pszBindRuleset);
+}
+
+static void
+initConfigSettings(void)
+{
+	cs.bPermitNonKernel = 0;
+	cs.bParseKernelStamp = 0;
+	cs.bKeepKernelStamp = 0;
+	cs.console_log_level = -1;
+	cs.pszPath = NULL;
+	cs.iFacilIntMsg = klogFacilIntMsg();
+}
+
+
+/* enqueue the the kernel message into the message queue.
+ * The provided msg string is not freed - thus must be done
+ * by the caller.
+ * rgerhards, 2008-04-12
+ */
+static rsRetVal
+enqMsg(uchar *const __restrict__ msg,
+	uchar* pszTag,
+	const syslog_pri_t pri,
+	struct timeval *tp,
+	ratelimit_t *ratelimiter)
+{
+	struct syslogTime st;
+	smsg_t *pMsg;
+	DEFiRet;
+
+	assert(msg != NULL);
+	assert(pszTag != NULL);
+
+	if(tp == NULL) {
+		CHKiRet(msgConstruct(&pMsg));
+	} else {
+		datetime.timeval2syslogTime(tp, &st, TIME_IN_LOCALTIME);
+		CHKiRet(msgConstructWithTime(&pMsg, &st, tp->tv_sec));
+	}
+	MsgSetFlowControlType(pMsg, eFLOWCTL_LIGHT_DELAY);
+	MsgSetInputName(pMsg, pInputName);
+	MsgSetRawMsgWOSize(pMsg, (char*)msg);
+	MsgSetRuleset(pMsg, runModConf->pBindRuleset);
+	MsgSetMSGoffs(pMsg, 0);	/* we do not have a header... */
+	MsgSetRcvFrom(pMsg, glbl.GetLocalHostNameProp());
+	MsgSetRcvFromIP(pMsg, pLocalHostIP);
+	MsgSetHOSTNAME(pMsg, glbl.GetLocalHostName(), ustrlen(glbl.GetLocalHostName()));
+	MsgSetTAG(pMsg, pszTag, ustrlen(pszTag));
+	msgSetPRI(pMsg, pri);
+	ratelimitAddMsg(ratelimiter, NULL, pMsg);
+finalize_it:
+	RETiRet;
+}
+
+/* parse the PRI from a kernel message. At least BSD seems to have
+ * non-kernel messages inside the kernel log...
+ * Expected format: "<pri>". piPri is only valid if the function
+ * successfully returns. If there was a proper pri ppSz is advanced to the
+ * position right after ">".
+ * rgerhards, 2008-04-14
+ */
+static rsRetVal
+parsePRI(uchar **ppSz, syslog_pri_t *piPri)
+{
+	DEFiRet;
+	syslog_pri_t i;
+	uchar *pSz;
+
+	assert(ppSz != NULL);
+	pSz = *ppSz;
+	assert(pSz != NULL);
+	assert(piPri != NULL);
+
+	if(*pSz != '<' || !isdigit(*(pSz+1)))
+		ABORT_FINALIZE(RS_RET_INVALID_PRI);
+
+	++pSz;
+	i = 0;
+	while(isdigit(*pSz) && i <= LOG_MAXPRI) {
+		i = i * 10 + *pSz++ - '0';
+	}
+
+	if(*pSz != '>' || i > LOG_MAXPRI)
+		ABORT_FINALIZE(RS_RET_INVALID_PRI);
+
+	/* OK, we have a valid PRI */
+	*piPri = i;
+	*ppSz = pSz + 1; /* update msg ptr to position after PRI */
+
+finalize_it:
+	RETiRet;
+}
+
+
+/* log an imklog-internal message
+ * rgerhards, 2008-04-14
+ */
+rsRetVal imklogLogIntMsg(syslog_pri_t priority, const char *fmt, ...)
+{
+	DEFiRet;
+	va_list ap;
+	uchar msgBuf[2048]; /* we use the same size as sysklogd to remain compatible */
+
+	va_start(ap, fmt);
+	vsnprintf((char*)msgBuf, sizeof(msgBuf), fmt, ap);
+	va_end(ap);
+
+	logmsgInternal(NO_ERRCODE, priority, msgBuf, 0);
+
+	RETiRet;
+}
+
+
+/* log a kernel message. If tp is non-NULL, it contains the message creation
+ * time to use.
+ * rgerhards, 2008-04-14
+ */
+rsRetVal Syslog(modConfData_t *pModConf, syslog_pri_t priority, uchar *pMsg, struct timeval *tp)
+{
+	syslog_pri_t pri;
+	int bPRISet = 0;
+	rsRetVal localRet;
+	DEFiRet;
+
+	/* then check if we have two PRIs. This can happen in case of systemd,
+	 * in which case the second PRI is the right one.
+	 */
+	if(pMsg[3] == '<' || (pMsg[3] == ' ' && pMsg[4] == '<')) { /* could be a pri... */
+		uchar *pMsgTmp = pMsg + ((pMsg[3] == '<') ? 3 : 4);
+		localRet = parsePRI(&pMsgTmp, &pri);
+		if(localRet == RS_RET_OK && pri >= 8 && pri <= LOG_MAXPRI) {
+			/* *this* is our PRI */
+			DBGPRINTF("imklog detected secondary PRI(%d) in klog msg\n", pri);
+			pMsg = pMsgTmp;
+			priority = pri;
+			bPRISet = 1;
+		}
+	}
+	if(!bPRISet) {
+		localRet = parsePRI(&pMsg, &priority);
+		if(localRet != RS_RET_INVALID_PRI && localRet != RS_RET_OK)
+			FINALIZE;
+	}
+	/* if we don't get the pri, we use whatever we were supplied */
+
+	/* ignore non-kernel messages if not permitted */
+	if(pModConf->bPermitNonKernel == 0 && pri2fac(priority) != LOG_KERN)
+		FINALIZE; /* silently ignore */
+	iRet = enqMsg((uchar*)pMsg, (uchar*) "kernel:", priority, tp, pModConf->ratelimiter);
+
+finalize_it:
+	RETiRet;
+}
+
+
+/* helper for some klog drivers which need to know the MaxLine global setting. They can
+ * not obtain it themselfs, because they are no modules and can not query the object hander.
+ * It would probably be a good idea to extend the interface to support it, but so far
+ * we create a (sufficiently valid) work-around. -- rgerhards, 2008-11-24
+ */
+int klog_getMaxLine(void)
+{
+	return glbl.GetMaxLine(runConf);
+}
+
+
+BEGINrunInput
+CODESTARTrunInput
+	/* this is an endless loop - it is terminated when the thread is
+	 * signalled to do so. This, however, is handled by the framework,
+	 * right into the sleep below.
+	 */
+	while(!pThrd->bShallStop) {
+		/* klogLogKMsg() waits for the next kernel message, obtains it
+		 * and then submits it to the rsyslog main queue.
+	   	 * rgerhards, 2008-04-09
+	   	 */
+		CHKiRet(klogLogKMsg(runModConf));
+	}
+finalize_it:
+ENDrunInput
+
+
+BEGINbeginCnfLoad
+CODESTARTbeginCnfLoad
+	loadModConf = pModConf;
+	pModConf->pConf = pConf;
+	/* init our settings */
+	pModConf->pszPath = NULL;
+	pModConf->bPermitNonKernel = 0;
+	pModConf->bParseKernelStamp = 0;
+	pModConf->bKeepKernelStamp = 0;
+	pModConf->console_log_level = -1;
+	pModConf->bKeepKernelStamp = 0;
+	pModConf->iFacilIntMsg = klogFacilIntMsg();
+	loadModConf->configSetViaV2Method = 0;
+	pModConf->ratelimiter = NULL;
+	pModConf->ratelimitBurst = 10000; /* arbitrary high limit */
+	pModConf->ratelimitInterval = 0; /* off */
+	bLegacyCnfModGlobalsPermitted = 1;
+	/* init legacy config vars */
+	initConfigSettings();
+ENDbeginCnfLoad
+
+
+BEGINsetModCnf
+	struct cnfparamvals *pvals = NULL;
+	int i;
+CODESTARTsetModCnf
+	pvals = nvlstGetParams(lst, &modpblk, NULL);
+	if(pvals == NULL) {
+		LogError(0, RS_RET_MISSING_CNFPARAMS, "error processing module "
+				"config parameters [module(...)]");
+		ABORT_FINALIZE(RS_RET_MISSING_CNFPARAMS);
+	}
+
+	if(Debug) {
+		dbgprintf("module (global) param blk for imklog:\n");
+		cnfparamsPrint(&modpblk, pvals);
+	}
+
+	for(i = 0 ; i < modpblk.nParams ; ++i) {
+		if(!pvals[i].bUsed)
+			continue;
+		if(!strcmp(modpblk.descr[i].name, "logpath")) {
+			loadModConf->pszPath = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+		} else if(!strcmp(modpblk.descr[i].name, "permitnonkernelfacility")) {
+			loadModConf->bPermitNonKernel = (int) pvals[i].val.d.n;
+		} else if(!strcmp(modpblk.descr[i].name, "parsekerneltimestamp")) {
+			loadModConf->bParseKernelStamp = (int) pvals[i].val.d.n;
+		} else if(!strcmp(modpblk.descr[i].name, "keepkerneltimestamp")) {
+			loadModConf->bKeepKernelStamp = (int) pvals[i].val.d.n;
+		} else if(!strcmp(modpblk.descr[i].name, "consoleloglevel")) {
+			loadModConf->console_log_level= (int) pvals[i].val.d.n;
+		} else if(!strcmp(modpblk.descr[i].name, "internalmsgfacility")) {
+			loadModConf->iFacilIntMsg = (int) pvals[i].val.d.n;
+		} else if(!strcmp(modpblk.descr[i].name, "ratelimitburst")) {
+			loadModConf->ratelimitBurst = (unsigned int) pvals[i].val.d.n;
+		} else if(!strcmp(modpblk.descr[i].name, "ratelimitinterval")) {
+			loadModConf->ratelimitInterval = (unsigned int) pvals[i].val.d.n;
+		} else if(!strcmp(modpblk.descr[i].name, "ruleset")) {
+			loadModConf->pszBindRuleset = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+		} else {
+			LogMsg(0, RS_RET_INTERNAL_ERROR, LOG_WARNING,
+				"imklog: RSYSLOG BUG, non-handled param '%s' in "
+				"beginCnfLoad\n", modpblk.descr[i].name);
+		}
+	}
+
+	/* disable legacy module-global config directives */
+	bLegacyCnfModGlobalsPermitted = 0;
+	loadModConf->configSetViaV2Method = 1;
+
+finalize_it:
+	if(pvals != NULL)
+		cnfparamvalsDestruct(pvals, &modpblk);
+ENDsetModCnf
+
+
+BEGINendCnfLoad
+CODESTARTendCnfLoad
+	if(!loadModConf->configSetViaV2Method) {
+		/* persist module-specific settings from legacy config system */
+		loadModConf->bPermitNonKernel = cs.bPermitNonKernel;
+		loadModConf->bParseKernelStamp = cs.bParseKernelStamp;
+		loadModConf->bKeepKernelStamp = cs.bKeepKernelStamp;
+		loadModConf->iFacilIntMsg = cs.iFacilIntMsg;
+		loadModConf->console_log_level = cs.console_log_level;
+		if((cs.pszPath == NULL) || (cs.pszPath[0] == '\0')) {
+			loadModConf->pszPath = NULL;
+			if(cs.pszPath != NULL)
+				free(cs.pszPath);
+		} else {
+			loadModConf->pszPath = cs.pszPath;
+		}
+		cs.pszPath = NULL;
+	}
+
+	loadModConf = NULL; /* done loading */
+ENDendCnfLoad
+
+
+BEGINcheckCnf
+CODESTARTcheckCnf
+	std_mod_checkRuleset(pModConf);
+ENDcheckCnf
+
+
+BEGINactivateCnfPrePrivDrop
+CODESTARTactivateCnfPrePrivDrop
+	runModConf = pModConf;
+	iRet = klogWillRunPrePrivDrop(runModConf);
+ENDactivateCnfPrePrivDrop
+
+
+BEGINactivateCnf
+CODESTARTactivateCnf
+	CHKiRet(ratelimitNew(&runModConf->ratelimiter, "imklog", NULL));
+	ratelimitSetLinuxLike(runModConf->ratelimiter,
+			      runModConf->ratelimitInterval,
+			      runModConf->ratelimitBurst);
+finalize_it:
+ENDactivateCnf
+
+
+BEGINfreeCnf
+CODESTARTfreeCnf
+	free(pModConf->pszBindRuleset);
+ENDfreeCnf
+
+
+BEGINwillRun
+CODESTARTwillRun
+	pLocalHostIP = glbl.GetLocalHostIP();
+	iRet = klogWillRunPostPrivDrop(runModConf);
+ENDwillRun
+
+
+BEGINafterRun
+CODESTARTafterRun
+	ratelimitDestruct(runModConf->ratelimiter);
+	iRet = klogAfterRun(runModConf);
+ENDafterRun
+
+
+BEGINmodExit
+CODESTARTmodExit
+	if(pInputName != NULL)
+		prop.Destruct(&pInputName);
+
+	/* release objects we used */
+	objRelease(glbl, CORE_COMPONENT);
+	objRelease(net, CORE_COMPONENT);
+	objRelease(datetime, CORE_COMPONENT);
+	objRelease(ruleset, CORE_COMPONENT);
+	objRelease(prop, CORE_COMPONENT);
+ENDmodExit
+
+
+BEGINqueryEtryPt
+CODESTARTqueryEtryPt
+CODEqueryEtryPt_STD_IMOD_QUERIES
+CODEqueryEtryPt_STD_CONF2_QUERIES
+CODEqueryEtryPt_STD_CONF2_setModCnf_QUERIES
+CODEqueryEtryPt_STD_CONF2_PREPRIVDROP_QUERIES
+ENDqueryEtryPt
+
+static rsRetVal resetConfigVariables(uchar __attribute__((unused)) *pp, void __attribute__((unused)) *pVal)
+{
+	cs.bPermitNonKernel = 0;
+	cs.bParseKernelStamp = 0;
+	cs.bKeepKernelStamp = 0;
+	if(cs.pszPath != NULL) {
+		free(cs.pszPath);
+		cs.pszPath = NULL;
+	}
+	cs.iFacilIntMsg = klogFacilIntMsg();
+	return RS_RET_OK;
+}
+
+BEGINmodInit()
+CODESTARTmodInit
+	*ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */
+CODEmodInit_QueryRegCFSLineHdlr
+	CHKiRet(objUse(datetime, CORE_COMPONENT));
+	CHKiRet(objUse(glbl, CORE_COMPONENT));
+	CHKiRet(objUse(prop, CORE_COMPONENT));
+	CHKiRet(objUse(ruleset, CORE_COMPONENT));
+	CHKiRet(objUse(net, CORE_COMPONENT));
+
+	/* we need to create the inputName property (only once during our lifetime) */
+	CHKiRet(prop.CreateStringProp(&pInputName, UCHAR_CONSTANT("imklog"), sizeof("imklog") - 1));
+
+	/* init legacy config settings */
+	initConfigSettings();
+
+	CHKiRet(omsdRegCFSLineHdlr((uchar *)"klogLocalipif", 0, eCmdHdlrGoneAway,
+			NULL, NULL, STD_LOADABLE_MODULE_ID));
+	CHKiRet(omsdRegCFSLineHdlr((uchar *)"debugprintkernelsymbols", 0, eCmdHdlrGoneAway,
+			NULL, NULL, STD_LOADABLE_MODULE_ID));
+	CHKiRet(regCfSysLineHdlr2((uchar *)"klogpath", 0, eCmdHdlrGetWord,
+			NULL, &cs.pszPath, STD_LOADABLE_MODULE_ID, &bLegacyCnfModGlobalsPermitted));
+	CHKiRet(omsdRegCFSLineHdlr((uchar *)"klogsymbollookup", 0, eCmdHdlrGoneAway,
+			NULL, NULL, STD_LOADABLE_MODULE_ID));
+	CHKiRet(omsdRegCFSLineHdlr((uchar *)"klogsymbolstwice", 0, eCmdHdlrGoneAway,
+			NULL, NULL, STD_LOADABLE_MODULE_ID));
+	CHKiRet(omsdRegCFSLineHdlr((uchar *)"klogusesyscallinterface", 0, eCmdHdlrGoneAway,
+			NULL, NULL, STD_LOADABLE_MODULE_ID));
+	CHKiRet(regCfSysLineHdlr2((uchar *)"klogpermitnonkernelfacility", 0, eCmdHdlrBinary,
+			NULL, &cs.bPermitNonKernel, STD_LOADABLE_MODULE_ID, &bLegacyCnfModGlobalsPermitted));
+	CHKiRet(regCfSysLineHdlr2((uchar *)"klogconsoleloglevel", 0, eCmdHdlrInt,
+			NULL, &cs.console_log_level, STD_LOADABLE_MODULE_ID, &bLegacyCnfModGlobalsPermitted));
+	CHKiRet(regCfSysLineHdlr2((uchar *)"kloginternalmsgfacility", 0, eCmdHdlrFacility,
+			NULL, &cs.iFacilIntMsg, STD_LOADABLE_MODULE_ID, &bLegacyCnfModGlobalsPermitted));
+	CHKiRet(regCfSysLineHdlr2((uchar *)"klogparsekerneltimestamp", 0, eCmdHdlrBinary,
+			NULL, &cs.bParseKernelStamp, STD_LOADABLE_MODULE_ID, &bLegacyCnfModGlobalsPermitted));
+	CHKiRet(regCfSysLineHdlr2((uchar *)"klogkeepkerneltimestamp", 0, eCmdHdlrBinary,
+			NULL, &cs.bKeepKernelStamp, STD_LOADABLE_MODULE_ID, &bLegacyCnfModGlobalsPermitted));
+	CHKiRet(omsdRegCFSLineHdlr((uchar *)"resetconfigvariables", 1, eCmdHdlrCustomHandler,
+			resetConfigVariables, NULL, STD_LOADABLE_MODULE_ID));
+ENDmodInit