klogd.c

制作2.6内核的CLFS时 sysklogd-1.5.tar.gz包

/*
    klogd.c - main program for Linux kernel log daemon.
    Copyright (c) 1995  Dr. G.W. Wettstein <greg@wind.rmcc.com>

    This file is part of the sysklogd package, a kernel and system log daemon.

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/

/*
 * Steve Lord (lord@cray.com) 7th Nov 92
 *
 * Modified to check for kernel info by Dr. G.W. Wettstein 02/17/93.
 *
 * Fri Mar 12 16:53:56 CST 1993:  Dr. Wettstein
 * 	Modified LogLine to use a newline as the line separator in
 *	the kernel message buffer.
 *
 *	Added debugging code to dump the contents of the kernel message
 *	buffer at the start of the LogLine function.
 *
 * Thu Jul 29 11:40:32 CDT 1993:  Dr. Wettstein
 *	Added syscalls to turn off logging of kernel messages to the
 *	console when klogd becomes responsible for kernel messages.
 *
 *	klogd now catches SIGTERM and SIGKILL signals.  Receipt of these
 *	signals cases the clean_up function to be called which shuts down
 *	kernel logging and re-enables logging of messages to the console.
 *
 * Sat Dec 11 11:54:22 CST 1993:  Dr. Wettstein
 *	Added fixes to allow compilation with no complaints with -Wall.
 *
 *      When the daemon catches a fatal signal (SIGTERM, SIGKILL) a 
 *	message is output to the logfile advising that the daemon is
 *	going to terminate.
 *
 * Thu Jan  6 11:54:10 CST 1994:  Dr. Wettstein
 *	Major re-write/re-organization of the code.
 *
 *	Klogd now assigns kernel messages to priority levels when output
 *	to the syslog facility is requested.  The priority level is
 *	determined by decoding the prioritization sequence which is
 *	tagged onto the start of the kernel messages.
 *
 *	Added the following program options: -f arg -c arg -s -o -d
 *
 *		The -f switch can be used to specify that output should
 *		be written to the named file.
 *
 *		The -c switch is used to specify the level of kernel
 *		messages which are to be directed to the console.
 *
 *		The -s switch causes the program to use the syscall
 *		interface to the kernel message facility.  This can be
 *		used to override the presence of the /proc filesystem.
 *
 *		The -o switch causes the program to operate in 'one-shot'
 *		mode.  A single call will be made to read the complete
 *		kernel buffer.  The contents of the buffer will be
 *		output and the program will terminate.
 *
 *		The -d switch causes 'debug' mode to be activated.  This
 *		will cause the daemon to generate LOTS of output to stderr.
 *
 *	The buffer decomposition function (LogLine) was re-written to
 *	squash a bug which was causing only partial kernel messages to
 *	be written to the syslog facility.
 *
 *	The signal handling code was modified to properly differentiate
 *	between the STOP and TSTP signals.
 *
 *	Added pid saving when the daemon detaches into the background.  Thank
 *	you to Juha Virtanen (jiivee@hut.fi) for providing this patch.
 *
 * Mon Feb  6 07:31:29 CST 1995:  Dr. Wettstein
 *	Significant re-organization of the signal handling code.  The
 *	signal handlers now only set variables.  Not earth shaking by any
 *	means but aesthetically pleasing to the code purists in the group.
 *
 *	Patch to make things more compliant with the file system standards.
 *	Thanks to Chris Metcalf for prompting this helpful change.
 *
 *	The routines responsible for reading the kernel log sources now
 *	initialize the buffers before reading.  I think that this will
 *	solve problems with non-terminated kernel messages producing
 *	output of the form:  new old old old
 *
 *	This may also help influence the occassional reports of klogd
 *	failing under significant load.  I think that the jury may still
 *	be out on this one though.  My thanks to Joerg Ahrens for initially
 *	tipping me off to the source of this problem.  Also thanks to
 *	Michael O'Reilly for tipping me off to the best fix for this problem.
 *	And last but not least Mark Lord for prompting me to try this as
 *	a means of attacking the stability problem.
 *
 *	Specifying a - as the arguement to the -f switch will cause output
 *	to be directed to stdout rather than a filename of -.  Thanks to
 *	Randy Appleton for a patch which prompted me to do this.
 *
 * Wed Feb 22 15:37:37 CST 1995:  Dr. Wettstein
 *	Added version information to logging startup messages.
 *
 * Wed Jul 26 18:57:23 MET DST 1995: Martin Schulze
 *	Added an commandline argument "-n" to avoid forking. This obsoletes
 *	the compiler define NO_FORK. It's more useful to have this as an
 *	argument as there are many binary versions and one doesn't need to
 *	recompile the daemon.
 *
 * Thu Aug 10 19:01:08 MET DST 1995: Martin Schulze
 *	Added my pidfile.[ch] to it to perform a better handling with pidfiles.
 *	Now both, syslogd and klogd, can only be started once. They check the
 *	pidfile.
 *
 * Fri Nov 17 15:05:43 CST 1995:  Dr. Wettstein
 *	Added support for kernel address translation.  This required moving
 *	some definitions and includes to the new klogd.h file.  Some small
 *	code cleanups and modifications.
 *
 * Mon Nov 20 10:03:39 MET 1995
 *	Added -v option to print the version and exit.
 *
 * Thu Jan 18 11:19:46 CST 1996:  Dr. Wettstein
 *	Added suggested patches from beta-testers.  These address two
 *	two problems.  The first is segmentation faults which occur with
 *	the ELF libraries.  This was caused by passing a null pointer to
 *	the strcmp function.
 *
 *	Added a second patch to remove the pidfile as part of the
 *	termination cleanup sequence.  This minimizes the potential for
 *	conflicting pidfiles causing immediate termination at boot time.
 *	
 * Wed Aug 21 09:13:03 CDT 1996:  Dr. Wettstein
 *	Added ability to reload static symbols and kernel module symbols
 *      under control of SIGUSR1 and SIGUSR2 signals.
 *
 *	Added -p switch to select 'paranoid' behavior with respect to the
 *	loading of kernel module symbols.
 *
 *	Informative line now printed whenever a state change occurs due
 *	to signal reception by the daemon.
 *
 *	Added the -i and -I command line switches to signal the currently
 *	executing daemon.
 *
 * Tue Nov 19 10:15:36 PST 1996: Leland Olds <olds@eskimo.com>
 *	Corrected vulnerability to buffer overruns by rewriting LogLine
 *	routine.  Obscenely long kernel messages will now be broken up
 *	into lines no longer than LOG_LINE_LENGTH.
 *
 *	The last version of LogLine was vulnerable to buffer overruns:
 *	- Kernel messages longer than LOG_LINE_LENGTH caused a buffer
 *	  overrun.
 *	- If a line was determined to be shorter than LOG_LINE_LENGTH,
 *	  the routine "ExpandKadds" could cause the line grow by
 *	  an unknown amount and overrun a buffer.
 *	I turned these routines into a little parsing state machine that
 *	should not have these problems.
 *
 * Sun Jun 15 16:23:29 MET DST 1997: Michael Alan Dorman
 *	Some more glibc patches made by <mdorman@debian.org>.
 *
 * Thu Aug 21 12:11:27 MET DST 1997: Martin Schulze <joey@infodrom.north.de>
 *	Fixed little mistake which prevented klogd from accepting a
 *	console log 
 *
 * Fri Jan  9 00:39:52 CET 1998: Martin Schulze <joey@infodrom.north.de>
 *	Changed the behaviour of klogd when receiving a terminate
 *	signal.  Now the program terminates immediately instead of
 *	completing the receipt of a kernel message, i.e the read()
 *	call.  The old behaveiour could result in klogd being
 *	recognized as being undead, because it'll only die after a
 *	message has been received.
 *
 * Fri Jan  9 11:03:48 CET 1998: Martin Schulze <joey@infodrom.north.de>
 *	Corrected some code that caused klogd to dump core when
 *	receiving messages containing '%', some of them exist in
 *	2.1.78.  Thanks to Chu-yeon Park <kokids@doit.ajou.ac.kr> for
 *	informing me.
 *
 * Fri Jan  9 23:38:19 CET 1998: Florian La Roche <florian@knorke.saar.de>
 *	Added -x switch to omit EIP translation and System.map evaluation.
 *
 * Sun Jan 25 20:47:46 CET 1998: Martin Schulze <joey@infodrom.north.de>
 *	As the bug covering the %'s introduced a problem with
 *	unevaluated priorities I've worked out a real fix that strips
 *	%'s to an even number which is harmless for printf.
 *
 * Sat Oct 10 20:01:48 CEST 1998: Martin Schulze <joey@infodrom.north.de>
 *	Added support for TESTING define which will turn klogd into
 *	stdio-mode used for debugging.
 *
 * Mon Apr 13 18:18:45 CEST 1998: Martin Schulze <joey@infodrom.north.de>
 *	Modified System.map read function to try all possible map
 *	files until a file with matching version is found.  Added support for
 *	Debian release.
 *
 * Mon Oct 12 13:01:27 MET DST 1998: Martin Schulze <joey@infodrom.north.de>
 *	Used unsigned long and strtoul() to resolve kernel oops symbols.
 *
 * Sun Jan  3 18:38:03 CET 1999: Martin Schulze <joey@infodrom.north.de>
 *	Shortened LOG_LINE_LENGTH in order to get long lines splitted
 *	up earlier and syslogd has a better chance concatenating them
 *	together again.
 *
 * Sat Aug 21 12:27:02 CEST 1999: Martin Schulze <joey@infodrom.north.de>
 *	Skip newline when reading in messages.
 *
 * Tue Sep 12 22:14:33 CEST 2000: Martin Schulze <joey@infodrom.ffis.de>
 *	Don't feed a buffer directly to a printf-type routine, use
 *	"%s" as format string instead.  Thanks to Jouko Pynn鰊en
 *	<jouko@solutions.fi> for pointing this out.
 *
 * Tue Sep 12 22:44:57 CEST 2000: Martin Schulze <joey@infodrom.ffis.de>
 *      Commandline option `-2': When symbols are expanded, print the
 *	line twice.  Once with addresses converted to symbols, once with the
 *	raw text.  Allows external programs such as ksymoops do their own
 *	processing on the original data.  Thanks to Keith Owens
 *	<kaos@ocs.com.au> for the patch.
 *
 * Mon Sep 18 09:32:27 CEST 2000: Martin Schulze <joey@infodrom.ffis.de>
 *	Added patch to fix priority decoding after moving kernel
 *	messgages into "%s".  Thanks to Solar Designer
 *	<solar@false.com> for the patch.
 *
 * Sun Mar 11 20:23:44 CET 2001: Martin Schulze <joey@infodrom.ffis.de>
 *	Stop LogLine() from being called with wrong argument when a
 *	former calculation failed already.  Thanks to Thomas Roessler
 *	<roessler@does-not-exist.org> for providing a patch.
 *
 *	Ignore zero bytes, no busy loop is entered anymore.  Several
 *	people have submitted patches: Troels Walsted Hansen
 *	<troels@thule.no>, Wolfgang Oertl <Wolfgang.Oertl@uibk.ac.at>
 *	and Thomas Roessler.
 *
 * Thu Apr 29 15:24:07 2004: Solar Designer <solar@openwall.com>
 *	Prevent potential buffer overflow in reading messages from the
 *	kernel log rinbuffer.
 *
 * Sat May 26 16:33:18 2007: Martin Schulze <joey@infodrom.org>
 *	Improved daemonise routine to stabilise startup.
 *
 * Mon May 28 18:07:59 CEST 2007: Matthew Fischer <futhark@vzavenue.net>
 *	Remove special treatment of the percent sign.
 */


/* Includes. */
#include <unistd.h>
#include <signal.h>
#include <errno.h>
#include <sys/fcntl.h>
#include <sys/stat.h>
#if !defined(__GLIBC__)
#include <linux/time.h>
#endif /* __GLIBC__ */
#include <stdarg.h>
#include <paths.h>
#include <stdlib.h>
#include "klogd.h"
#include "ksyms.h"
#ifndef TESTING
#include "pidfile.h"
#endif
#include "version.h"

#define __LIBRARY__
#include <linux/unistd.h>
#if !defined(__GLIBC__)
# define __NR_ksyslog __NR_syslog
_syscall3(int,ksyslog,int, type, char *, buf, int, len);
#else
#include <sys/klog.h>
#define ksyslog klogctl
#endif

#define LOG_BUFFER_SIZE 4096
#define LOG_LINE_LENGTH 1000

#ifndef TESTING
#if defined(FSSTND)
static char	*PidFile = _PATH_VARRUN "klogd.pid";
#else
static char	*PidFile = "/etc/klogd.pid";
#endif
#endif

static int	kmsg,
		change_state = 0,
		terminate = 0,
		caught_TSTP = 0,
		reload_symbols = 0,
		console_log_level = -1;

static int	use_syscall = 0,
		one_shot = 0,
		symbol_lookup = 1,
		no_fork = 0;	/* don't fork - don't run in daemon mode */

static char	*symfile = (char *) 0,
		log_buffer[LOG_BUFFER_SIZE];

static FILE *output_file = (FILE *) 0;

static enum LOGSRC {none, proc, kernel} logsrc;

int debugging = 0;
int symbols_twice = 0;


/* Function prototypes. */
extern int ksyslog(int type, char *buf, int len);
static void CloseLogSrc(void);
extern void restart(int sig);
extern void stop_logging(int sig);
extern void stop_daemon(int sig);
extern void reload_daemon(int sig);
static void Terminate(void);
static void SignalDaemon(int);
static void ReloadSymbols(void);
static void ChangeLogging(void);
static enum LOGSRC GetKernelLogSrc(void);
static void LogLine(char *ptr, int len);
static void LogKernelLine(void);
static void LogProcLine(void);
extern int main(int argc, char *argv[]);


static void CloseLogSrc()

{
        /* Shutdown the log sources. */
	switch ( logsrc )
	{
	    case kernel:
		ksyslog(0, 0, 0);
		Syslog(LOG_INFO, "Kernel logging (ksyslog) stopped.");
		break;
            case proc:
		close(kmsg);
		Syslog(LOG_INFO, "Kernel logging (proc) stopped.");
		break;
	    case none:
		break;
	}

	if ( output_file != (FILE *) 0 )
		fflush(output_file);
	return;
}


/*
 * Signal handler to terminate the parent process.
 */
#ifndef TESTING
void doexit(sig)

	int sig;

{
	exit (0);
}
#endif

void restart(sig)
	
	int sig;

{
	signal(SIGCONT, restart);
	change_state = 1;
	caught_TSTP = 0;
	return;
}


void stop_logging(sig)

	int sig;
	
{
	signal(SIGTSTP, stop_logging);
	change_state = 1;
	caught_TSTP = 1;
	return;
}


void stop_daemon(sig)