[syslog-ng] [PATCH (3.4)] system-source: Introduce a new system() generator.
Gergely Nagy
algernon at balabit.hu
Mon Aug 27 16:14:04 CEST 2012
This patch replaces the old confgen-based system() generator, that
relied on a script (generate-system-source.sh) to generate the block
system() expands into. While that was flexible and easy to modify, it
has had the disadvantage of running an external script at startup,
which is undesirable in many situations, including when using a strict
AppArmor profile.
However, a generated system() is useful in a lot of situations,
ranging from creating portable, system-agnostic configuration files to
supporting sysvinit and systemd with the same config.
For these reasons, this patch implements a built-in system()
generator, that does not rely on the generate-system-source.sh script
at all, but does everything itself, from C.
It is loaded by the default scl.conf, but can be loaded separately
with:
@module system-source
The system() generator this patch implements results in the exact same
expansion the old script generated. The old script-based solution is
also deprecated (and thus, removed), in order to not duplicate code:
we only wish to maintain one implementation.
Signed-off-by: Gergely Nagy <algernon at balabit.hu>
---
configure.in | 1 +
modules/Makefile.am | 2 +-
modules/system-source/Makefile.am | 9 ++
modules/system-source/system-source.c | 196 +++++++++++++++++++++++++++++++++
scl/system/generate-system-source.sh | 110 ------------------
scl/system/plugin.conf | 27 +----
6 files changed, 211 insertions(+), 134 deletions(-)
create mode 100644 modules/system-source/Makefile.am
create mode 100644 modules/system-source/system-source.c
delete mode 100755 scl/system/generate-system-source.sh
diff --git a/configure.in b/configure.in
index 294066a..5c00e0f 100644
--- a/configure.in
+++ b/configure.in
@@ -1184,6 +1184,7 @@ AC_OUTPUT(dist.conf
modules/csvparser/Makefile
modules/csvparser/tests/Makefile
modules/confgen/Makefile
+ modules/system-source/Makefile
modules/syslogformat/Makefile
modules/pacctformat/Makefile
modules/basicfuncs/Makefile
diff --git a/modules/Makefile.am b/modules/Makefile.am
index fd557e1..eb9548d 100644
--- a/modules/Makefile.am
+++ b/modules/Makefile.am
@@ -1 +1 @@
-SUBDIRS = afsocket afsql afstreams affile afprog afuser afmongodb afsmtp csvparser confgen syslogformat pacctformat basicfuncs cryptofuncs dbparser tfjson jsonparser
+SUBDIRS = afsocket afsql afstreams affile afprog afuser afmongodb afsmtp csvparser confgen system-source syslogformat pacctformat basicfuncs cryptofuncs dbparser tfjson jsonparser
diff --git a/modules/system-source/Makefile.am b/modules/system-source/Makefile.am
new file mode 100644
index 0000000..3bf0bf4
--- /dev/null
+++ b/modules/system-source/Makefile.am
@@ -0,0 +1,9 @@
+moduledir = @moduledir@
+AM_CPPFLAGS = -I$(top_srcdir)/lib -I../../lib
+export top_srcdir
+
+module_LTLIBRARIES := libsystem-source.la
+libsystem_source_la_SOURCES = system-source.c
+libsystem_source_la_CPPFLAGS = $(AM_CPPFLAGS)
+libsystem_source_la_LIBADD = $(MODULE_DEPS_LIBS)
+libsystem_source_la_LDFLAGS = $(MODULE_LDFLAGS)
diff --git a/modules/system-source/system-source.c b/modules/system-source/system-source.c
new file mode 100644
index 0000000..9ba0480
--- /dev/null
+++ b/modules/system-source/system-source.c
@@ -0,0 +1,196 @@
+/*
+ * Copyright (c) 2012 BalaBit IT Ltd, Budapest, Hungary
+ * Copyright (c) 2012 Gergely Nagy <algernon at balabit.hu>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 as published
+ * by the Free Software Foundation, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ * As an additional exemption you are allowed to compile & link against the
+ * OpenSSL libraries as published by the OpenSSL project. See the file
+ * COPYING for details.
+ *
+ */
+
+#include "cfg.h"
+#include "cfg-lexer.h"
+#include "cfg-grammar.h"
+#include "messages.h"
+#include "plugin.h"
+
+#include <sys/utsname.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+
+static void
+system_sysblock_add_unix_dgram(GString *sysblock, const gchar *path,
+ const gchar *perms)
+{
+ g_string_append_printf(sysblock, "unix-dgram(\"%s\"", path);
+ if (perms)
+ g_string_append_printf(sysblock, " perms(%s)", perms);
+ g_string_append(sysblock, ");\n");
+}
+
+static void
+system_sysblock_add_file(GString *sysblock, const gchar *path,
+ gint follow_freq, const gchar *prg_override,
+ const gchar *flags)
+{
+ g_string_append_printf(sysblock, "file(\"%s\"", path);
+ if (follow_freq >= 0)
+ g_string_append_printf(sysblock, " follow-freq(%d)", follow_freq);
+ if (prg_override)
+ g_string_append_printf(sysblock, " program-override(\"%s\")", prg_override);
+ if (flags)
+ g_string_append_printf(sysblock, " flags(%s)", flags);
+ g_string_append(sysblock, ");\n");
+}
+
+static void
+system_sysblock_add_module(GString *sysblock, const gchar *mod)
+{
+ g_string_append_printf(sysblock, "@module %s\n", mod);
+}
+
+static void
+system_sysblock_add_sun_streams(GString *sysblock, const gchar *path,
+ const gchar *door)
+{
+ g_string_append_printf(sysblock, "sun-streams(\"%s\"", path);
+ if (door)
+ g_string_append_printf(sysblock, " door(\"%s\")", door);
+ g_string_append(sysblock, ");\n");
+}
+
+static void
+system_sysblock_add_pipe(GString *sysblock, const gchar *path, gint pad_size)
+{
+ g_string_append_printf(sysblock, "pipe(\"%s\"", path);
+ if (pad_size >= 0)
+ g_string_append_printf(sysblock, " pad_size(%d)", pad_size);
+ g_string_append(sysblock, ");\n");
+}
+
+gboolean
+system_generate_system(CfgLexer *lexer, gint type, const gchar *name,
+ CfgArgs *args, gpointer user_data)
+{
+ gchar buf[256];
+ GString *sysblock;
+ struct utsname u;
+
+ g_snprintf(buf, sizeof(buf), "source confgen system");
+
+ sysblock = g_string_sized_new(1024);
+
+ if (uname(&u) != 0)
+ {
+ msg_error("system(): Cannot get information about the running kernel",
+ evt_tag_errno("error", errno),
+ NULL);
+ return FALSE;
+ }
+
+ if (strcmp(u.sysname, "Linux") == 0)
+ {
+ char *log = "/dev/log";
+
+ if (getenv("LISTEN_FDS") != NULL)
+ {
+ struct stat sbuf;
+
+ if (stat("/run/systemd/journal/syslog", &sbuf) == 0)
+ {
+ if (S_ISSOCK(sbuf.st_mode))
+ log = "/run/systemd/journal/syslog";
+ }
+ }
+
+ system_sysblock_add_unix_dgram(sysblock, log, NULL);
+ system_sysblock_add_file(sysblock, "/proc/kmsg", -1, "kernel", "kernel");
+ }
+ else if (strcmp(u.sysname, "SunOS") == 0)
+ {
+ system_sysblock_add_module(sysblock, "afstreams");
+
+ if (strcmp(u.release, "5.8") == 0)
+ system_sysblock_add_sun_streams(sysblock, "/dev/log", NULL);
+ else if (strcmp(u.release, "5.9") == 0)
+ system_sysblock_add_sun_streams(sysblock, "/dev/log", "/etc/.syslog_door");
+ else
+ system_sysblock_add_sun_streams(sysblock, "/dev/log", "/var/run/syslog_door");
+ }
+ else if (strcmp(u.sysname, "FreeBSD") == 0)
+ {
+ system_sysblock_add_unix_dgram(sysblock, "/var/run/log", NULL);
+ system_sysblock_add_unix_dgram(sysblock, "/var/run/logpriv", "0600");
+ system_sysblock_add_file(sysblock, "/dev/klog", 0, "kernel", "no-parse");
+ }
+ else if (strcmp(u.sysname, "GNU/kFreeBSD") == 0)
+ {
+ system_sysblock_add_unix_dgram(sysblock, "/var/run/log", NULL);
+ system_sysblock_add_file(sysblock, "/dev/klog", 0, "kernel", NULL);
+ }
+ else if (strcmp(u.sysname, "HP-UX") == 0)
+ {
+ system_sysblock_add_pipe(sysblock, "/dev/pipe", 2048);
+ }
+ else if (strcmp(u.sysname, "AIX") == 0 ||
+ strcmp(u.sysname, "OSF1") == 0 ||
+ strncmp(u.sysname, "CYGWIN", 6) == 0)
+ {
+ system_sysblock_add_unix_dgram(sysblock, "/dev/log", NULL);
+ }
+ else
+ {
+ msg_error("system(): Error detecting platform, unable to define the system() source. "
+ "Please send your system information to the developers!",
+ evt_tag_str("sysname", u.sysname),
+ evt_tag_str("release", u.release),
+ NULL);
+ return FALSE;
+ }
+
+ if (!cfg_lexer_include_buffer(lexer, buf, sysblock->str, sysblock->len))
+ {
+ g_string_free(sysblock, TRUE);
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+gboolean
+system_source_module_init(GlobalConfig *cfg, CfgArgs *args)
+{
+ cfg_lexer_register_block_generator(cfg->lexer,
+ cfg_lexer_lookup_context_type_by_name("source"),
+ "system", system_generate_system,
+ NULL, NULL);
+
+ return TRUE;
+}
+
+const ModuleInfo module_info =
+{
+ .canonical_name = "system-source",
+ .version = VERSION,
+ .description = "The system-source module provides support for determining the system log sources at run time.",
+ .core_revision = SOURCE_REVISION,
+ .plugins = NULL,
+ .plugins_len = 0,
+};
diff --git a/scl/system/generate-system-source.sh b/scl/system/generate-system-source.sh
deleted file mode 100755
index 708a7a4..0000000
--- a/scl/system/generate-system-source.sh
+++ /dev/null
@@ -1,110 +0,0 @@
-#!/bin/sh
-#############################################################################
-# Copyright (c) 2010 BalaBit IT Ltd, Budapest, Hungary
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 as published
-# by the Free Software Foundation, or (at your option) any later version.
-#
-# As an additional exemption you are allowed to compile & link against the
-# OpenSSL libraries as published by the OpenSSL project. See the file
-# COPYING for details.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
-#
-#############################################################################
-
-# NOTE: the reason to set PATH and LD_LIBRARY_PATH/LIBPATH explicitly
-# is that some OSes (notably AIX) can have multiple uname binaries,
-# and the one on the PATH used by syslog-ng may depend on libraries
-# that syslog-ng itself is distributing. However the one distributed
-# by the syslog-ng binary is binary incompatible with the one required
-# by the alternative uname, causing uname execution to fail.
-#
-# The alternative, better solution would be to patch syslog-ng to
-# remove its own changes from LD_LIBRARY_PATH before executing user
-# supplied scripts, but that was more involved than this simple change
-# here.
-
-PATH=/bin:/usr/bin:$PATH
-LIBPATH=
-LD_LIBRARY_PATH=
-export PATH LIBPATH LD_LIBRARY_PATH
-
-os=${UNAME_S:-`uname -s`}
-osversion=${UNAME_R:-`uname -r`}
-
-case $os in
- Linux)
- DEVLOG="/dev/log"
- if [ ! -z "$LISTEN_FDS" ] && [ -S "/run/systemd/journal/syslog" ]; then
- DEVLOG="/run/systemd/journal/syslog"
- fi
- cat <<EOF
-unix-dgram("${DEVLOG}");
-file("/proc/kmsg" program-override("kernel") flags(kernel));
-EOF
- ;;
- SunOS)
- if [ "$osversion" = "5.8" ]; then
- cat <<EOF
- at module afstreams
-sun-streams("/dev/log");
-EOF
- elif [ "$osversion" = "5.9" ]; then
- cat <<EOF
- at module afstreams
-sun-streams("/dev/log" door("/etc/.syslog_door"));
-EOF
- else
- cat <<EOF
- at module afstreams
-sun-streams("/dev/log" door("/var/run/syslog_door"));
-EOF
- fi
- ;;
- FreeBSD)
- cat <<EOF
-unix-dgram("/var/run/log");
-unix-dgram("/var/run/logpriv" perm(0600));
-file("/dev/klog" follow-freq(0) program-override("kernel") flags(no-parse));
-EOF
- ;;
- GNU/kFreeBSD)
- cat <<EOF
-unix-dgram("/var/run/log");
-file("/dev/klog" follow-freq(0) program-override("kernel"));
-EOF
- ;;
- HP-UX)
- cat <<EOF
-pipe("/dev/log" pad_size(2048));
-EOF
- ;;
- AIX|OSF1|CYGWIN*)
- cat <<EOF
-unix-dgram("/dev/log");
-EOF
- ;;
- *)
- # need to notify the user that something went terribly wrong...
- (echo "system(): Error detecting platform, unable to define the system() source.";
- echo "";
- echo "The script generating the syslog-ng configuration for the system() source failed.";
- echo "It is caused either by an unsupported OS or the fact that the script could not";
- echo "execute uname(1).";
- echo "";
- echo " OS=${os}";
- echo " OS_VERSION=${osversion}";
- echo " SCRIPT=$0") >&2
-
- exit 1
- ;;
-esac
diff --git a/scl/system/plugin.conf b/scl/system/plugin.conf
index 5ba652e..494815a 100644
--- a/scl/system/plugin.conf
+++ b/scl/system/plugin.conf
@@ -1,23 +1,4 @@
-#############################################################################
-# Copyright (c) 2010 BalaBit IT Ltd, Budapest, Hungary
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 as published
-# by the Free Software Foundation, or (at your option) any later version.
-#
-# As an additional exemption you are allowed to compile & link against the
-# OpenSSL libraries as published by the OpenSSL project. See the file
-# COPYING for details.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
-#
-#############################################################################
-
- at module confgen context(source) name(system) exec("`scl-root`/system/generate-system-source.sh")
+# This loads the system-source module, which defines the system() block.
+# If you'd like to define it yourself, comment out the following line,
+# or don't include this file (via scl.conf) in your config.
+ at module system-source
--
1.7.10.4
More information about the syslog-ng
mailing list