/* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** * \file log.c * \brief Functions to send messages to log files or the console. **/ #include "orconfig.h" #include #include #include #include #ifdef HAVE_SYS_TIME_H #include #endif #ifdef HAVE_TIME_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_FCNTL_H #include #endif #define LOG_PRIVATE #include "lib/log/log.h" #include "lib/log/log_sys.h" #include "lib/log/util_bug.h" #include "lib/version/git_revision.h" #include "lib/log/ratelim.h" #include "lib/lock/compat_mutex.h" #include "lib/smartlist_core/smartlist_core.h" #include "lib/smartlist_core/smartlist_foreach.h" #include "lib/smartlist_core/smartlist_split.h" #include "lib/err/torerr.h" #include "lib/intmath/bits.h" #include "lib/string/compat_string.h" #include "lib/string/printf.h" #include "lib/malloc/malloc.h" #include "lib/string/util_string.h" #include "lib/wallclock/tor_gettimeofday.h" #include "lib/wallclock/approx_time.h" #include "lib/wallclock/time_to_tm.h" #include "lib/fdio/fdio.h" #include "lib/cc/ctassert.h" /** @{ */ /** The string we stick at the end of a log message when it is too long, * and its length. */ #define TRUNCATED_STR "[...truncated]" #define TRUNCATED_STR_LEN 14 /** @} */ /** Defining compile-time constants for Tor log levels (used by the Rust * log wrapper at src/rust/tor_log) */ const int LOG_WARN_ = LOG_WARN; const int LOG_NOTICE_ = LOG_NOTICE; const log_domain_mask_t LD_GENERAL_ = LD_GENERAL; const log_domain_mask_t LD_NET_ = LD_NET; /** Information for a single logfile; only used in log.c */ typedef struct logfile_t { struct logfile_t *next; /**< Next logfile_t in the linked list. */ char *filename; /**< Filename to open. */ int fd; /**< fd to receive log messages, or -1 for none. */ int seems_dead; /**< Boolean: true if the stream seems to be kaput. */ int needs_close; /**< Boolean: true if the stream gets closed on shutdown. */ int is_temporary; /**< Boolean: close after initializing logging subsystem.*/ int is_syslog; /**< Boolean: send messages to syslog. */ log_callback callback; /**< If not NULL, send messages to this function. */ log_severity_list_t *severities; /**< Which severity of messages should we * log for each log domain? */ } logfile_t; static void log_free_(logfile_t *victim); #define log_free(lg) \ FREE_AND_NULL(logfile_t, log_free_, (lg)) /** Helper: map a log severity to descriptive string. */ static inline const char * sev_to_string(int severity) { switch (severity) { case LOG_DEBUG: return "debug"; case LOG_INFO: return "info"; case LOG_NOTICE: return "notice"; case LOG_WARN: return "warn"; case LOG_ERR: return "err"; default: /* Call raw_assert, not tor_assert, since tor_assert * calls log on failure. */ raw_assert_unreached(); return "UNKNOWN"; // LCOV_EXCL_LINE } } /** Helper: decide whether to include the function name in the log message. */ static inline int should_log_function_name(log_domain_mask_t domain, int severity) { switch (severity) { case LOG_DEBUG: case LOG_INFO: /* All debugging messages occur in interesting places. */ return (domain & LD_NOFUNCNAME) == 0; case LOG_NOTICE: case LOG_WARN: case LOG_ERR: /* We care about places where bugs occur. */ return (domain & (LD_BUG|LD_NOFUNCNAME)) == LD_BUG; default: /* Call raw_assert, not tor_assert, since tor_assert calls * log on failure. */ raw_assert(0); return 0; // LCOV_EXCL_LINE } } /** A mutex to guard changes to logfiles and logging. */ static tor_mutex_t log_mutex; /** True iff we have initialized log_mutex */ static int log_mutex_initialized = 0; /** Linked list of logfile_t. */ static logfile_t *logfiles = NULL; /** Boolean: do we report logging domains? */ static int log_domains_are_logged = 0; #ifdef HAVE_SYSLOG_H /** The number of open syslog log handlers that we have. When this reaches 0, * we can close our connection to the syslog facility. */ static int syslog_count = 0; #endif /** Represents a log message that we are going to send to callback-driven * loggers once we can do so in a non-reentrant way. */ typedef struct pending_log_message_t { int severity; /**< The severity of the message */ log_domain_mask_t domain; /**< The domain of the message */ char *fullmsg; /**< The message, with all decorations */ char *msg; /**< The content of the message */ } pending_log_message_t; /** Log messages waiting to be replayed onto callback-based logs */ static smartlist_t *pending_cb_messages = NULL; /** Callback to invoke when pending_cb_messages becomes nonempty. */ static pending_callback_callback pending_cb_cb = NULL; /** Log messages waiting to be replayed once the logging system is initialized. */ static smartlist_t *pending_startup_messages = NULL; /** Number of bytes of messages queued in pending_startup_messages. (This is * the length of the messages, not the number of bytes used to store * them.) */ static size_t pending_startup_messages_len; /** True iff we should store messages while waiting for the logs to get * configured. */ static int queue_startup_messages = 1; /** True iff __PRETTY_FUNCTION__ includes parenthesized arguments. */ static int pretty_fn_has_parens = 0; /** Don't store more than this many bytes of messages while waiting for the * logs to get configured. */ #define MAX_STARTUP_MSG_LEN (1<<16) /** Lock the log_mutex to prevent others from changing the logfile_t list */ #define LOCK_LOGS() STMT_BEGIN \ raw_assert(log_mutex_initialized); \ tor_mutex_acquire(&log_mutex); \ STMT_END /** Unlock the log_mutex */ #define UNLOCK_LOGS() STMT_BEGIN \ raw_assert(log_mutex_initialized); \ tor_mutex_release(&log_mutex); \ STMT_END /** What's the lowest log level anybody cares about? Checking this lets us * bail out early from log_debug if we aren't debugging. */ int log_global_min_severity_ = LOG_NOTICE; static void delete_log(logfile_t *victim); static void close_log(logfile_t *victim); static void close_log_sigsafe(logfile_t *victim); static char *domain_to_string(log_domain_mask_t domain, char *buf, size_t buflen); static inline char *format_msg(char *buf, size_t buf_len, log_domain_mask_t domain, int severity, const char *funcname, const char *suffix, const char *format, va_list ap, size_t *msg_len_out) CHECK_PRINTF(7,0); /** Name of the application: used to generate the message we write at the * start of each new log. */ static char *appname = NULL; /** Set the "application name" for the logs to name: we'll use this * name in the message we write when starting up, and at the start of each new * log. * * Tor uses this string to write the version number to the log file. */ void log_set_application_name(const char *name) { tor_free(appname); appname = name ? tor_strdup(name) : NULL; } /** Return true if some of the running logs might be interested in a log * message of the given severity in the given domains. If this function * returns true, the log message might be ignored anyway, but if it returns * false, it is definitely_ safe not to log the message. */ int log_message_is_interesting(int severity, log_domain_mask_t domain) { (void) domain; return (severity <= log_global_min_severity_); } /** * As tor_log, but takes an optional function name, and does not treat its * string as a printf format. * * For use by Rust integration. */ void tor_log_string(int severity, log_domain_mask_t domain, const char *function, const char *string) { log_fn_(severity, domain, function, "%s", string); } /** Log time granularity in milliseconds. */ static int log_time_granularity = 1; /** Define log time granularity for all logs to be granularity_msec * milliseconds. */ MOCK_IMPL(void, set_log_time_granularity,(int granularity_msec)) { log_time_granularity = granularity_msec; tor_log_sigsafe_err_set_granularity(granularity_msec); } /** Helper: Write the standard prefix for log lines to a * buf_len character buffer in buf. */ static inline size_t log_prefix_(char *buf, size_t buf_len, int severity) { time_t t; struct timeval now; struct tm tm; size_t n; int r, ms; tor_gettimeofday(&now); t = (time_t)now.tv_sec; ms = (int)now.tv_usec / 1000; if (log_time_granularity >= 1000) { t -= t % (log_time_granularity / 1000); ms = 0; } else { ms -= ((int)now.tv_usec / 1000) % log_time_granularity; } n = strftime(buf, buf_len, "%b %d %H:%M:%S", tor_localtime_r_msg(&t, &tm, NULL)); r = tor_snprintf(buf+n, buf_len-n, ".%.3i [%s] ", ms, sev_to_string(severity)); if (r<0) return buf_len-1; else return n+r; } /** If lf refers to an actual file that we have just opened, and the file * contains no data, log an "opening new logfile" message at the top. * * Return -1 if the log is broken and needs to be deleted, else return 0. */ static int log_tor_version(logfile_t *lf, int reset) { char buf[256]; size_t n; int is_new; if (!lf->needs_close) /* If it doesn't get closed, it isn't really a file. */ return 0; if (lf->is_temporary) /* If it's temporary, it isn't really a file. */ return 0; is_new = lf->fd >= 0 && tor_fd_getpos(lf->fd) == 0; if (reset && !is_new) /* We are resetting, but we aren't at the start of the file; no * need to log again. */ return 0; n = log_prefix_(buf, sizeof(buf), LOG_NOTICE); if (appname) { tor_snprintf(buf+n, sizeof(buf)-n, "%s opening %slog file.\n", appname, is_new?"new ":""); } else { tor_snprintf(buf+n, sizeof(buf)-n, "Tor %s opening %slog file.\n", VERSION, is_new?"new ":""); } if (write_all_to_fd_minimal(lf->fd, buf, strlen(buf)) < 0) /* error */ return -1; /* failed */ return 0; } /** Helper: Format a log message into a fixed-sized buffer. (This is * factored out of logv so that we never format a message more * than once.) Return a pointer to the first character of the message * portion of the formatted string. */ static inline char * format_msg(char *buf, size_t buf_len, log_domain_mask_t domain, int severity, const char *funcname, const char *suffix, const char *format, va_list ap, size_t *msg_len_out) { size_t n; int r; char *end_of_prefix; char *buf_end; raw_assert(buf_len >= 16); /* prevent integer underflow and stupidity */ buf_len -= 2; /* subtract 2 characters so we have room for \n\0 */ buf_end = buf+buf_len; /* point *after* the last char we can write to */ n = log_prefix_(buf, buf_len, severity); end_of_prefix = buf+n; if (log_domains_are_logged) { char *cp = buf+n; if (cp == buf_end) goto format_msg_no_room_for_domains; *cp++ = '{'; if (cp == buf_end) goto format_msg_no_room_for_domains; cp = domain_to_string(domain, cp, (buf+buf_len-cp)); if (cp == buf_end) goto format_msg_no_room_for_domains; *cp++ = '}'; if (cp == buf_end) goto format_msg_no_room_for_domains; *cp++ = ' '; if (cp == buf_end) goto format_msg_no_room_for_domains; end_of_prefix = cp; n = cp-buf; format_msg_no_room_for_domains: /* This will leave end_of_prefix and n unchanged, and thus cause * whatever log domain string we had written to be clobbered. */ ; } if (funcname && should_log_function_name(domain, severity)) { r = tor_snprintf(buf+n, buf_len-n, pretty_fn_has_parens ? "%s: " : "%s(): ", funcname); if (r<0) n = strlen(buf); else n += r; } if (domain == LD_BUG && buf_len-n > 6) { memcpy(buf+n, "Bug: ", 6); n += 5; } r = tor_vsnprintf(buf+n,buf_len-n,format,ap); if (r < 0) { /* The message was too long; overwrite the end of the buffer with * "[...truncated]" */ if (buf_len >= TRUNCATED_STR_LEN) { size_t offset = buf_len-TRUNCATED_STR_LEN; /* We have an extra 2 characters after buf_len to hold the \n\0, * so it's safe to add 1 to the size here. */ strlcpy(buf+offset, TRUNCATED_STR, buf_len-offset+1); } /* Set 'n' to the end of the buffer, where we'll be writing \n\0. * Since we already subtracted 2 from buf_len, this is safe.*/ n = buf_len; } else { n += r; if (suffix) { size_t suffix_len = strlen(suffix); if (buf_len-n >= suffix_len) { memcpy(buf+n, suffix, suffix_len); n += suffix_len; } } } if (domain == LD_BUG && buf_len - n > strlen(tor_bug_suffix)+1) { memcpy(buf+n, tor_bug_suffix, strlen(tor_bug_suffix)); n += strlen(tor_bug_suffix); } buf[n]='\n'; buf[n+1]='\0'; *msg_len_out = n+1; return end_of_prefix; } /* Create a new pending_log_message_t with appropriate values */ static pending_log_message_t * pending_log_message_new(int severity, log_domain_mask_t domain, const char *fullmsg, const char *shortmsg) { pending_log_message_t *m = tor_malloc(sizeof(pending_log_message_t)); m->severity = severity; m->domain = domain; m->fullmsg = fullmsg ? tor_strdup(fullmsg) : NULL; m->msg = tor_strdup(shortmsg); return m; } #define pending_log_message_free(msg) \ FREE_AND_NULL(pending_log_message_t, pending_log_message_free_, (msg)) /** Release all storage held by msg. */ static void pending_log_message_free_(pending_log_message_t *msg) { if (!msg) return; tor_free(msg->msg); tor_free(msg->fullmsg); tor_free(msg); } /** Helper function: returns true iff the log file, given in lf, is * handled externally via the system log API, or is an * external callback function. */ static inline int logfile_is_external(const logfile_t *lf) { raw_assert(lf); return lf->is_syslog || lf->callback; } /** Return true iff lf would like to receive a message with the * specified severity in the specified domain. */ static inline int logfile_wants_message(const logfile_t *lf, int severity, log_domain_mask_t domain) { if (! (lf->severities->masks[SEVERITY_MASK_IDX(severity)] & domain)) { return 0; } if (! (lf->fd >= 0 || logfile_is_external(lf))) { return 0; } if (lf->seems_dead) { return 0; } return 1; } /** Send a message to lf. The full message, with time prefix and * severity, is in buf. The message itself is in * msg_after_prefix. If callbacks_deferred points to true, then * we already deferred this message for pending callbacks and don't need to do * it again. Otherwise, if we need to do it, do it, and set * callbacks_deferred to 1. */ static inline void logfile_deliver(logfile_t *lf, const char *buf, size_t msg_len, const char *msg_after_prefix, log_domain_mask_t domain, int severity, int *callbacks_deferred) { if (lf->is_syslog) { #ifdef HAVE_SYSLOG_H #ifdef MAXLINE /* Some syslog implementations have limits on the length of what you can * pass them, and some very old ones do not detect overflow so well. * Regrettably, they call their maximum line length MAXLINE. */ #if MAXLINE < 64 #warning "MAXLINE is very low; it might not be from syslog.h." #endif char *m = msg_after_prefix; if (msg_len >= MAXLINE) m = tor_strndup(msg_after_prefix, MAXLINE-1); syslog(severity, "%s", m); if (m != msg_after_prefix) { tor_free(m); } #else /* !defined(MAXLINE) */ /* We have syslog but not MAXLINE. That's promising! */ syslog(severity, "%s", msg_after_prefix); #endif /* defined(MAXLINE) */ #endif /* defined(HAVE_SYSLOG_H) */ } else if (lf->callback) { if (domain & LD_NOCB) { if (!*callbacks_deferred && pending_cb_messages) { smartlist_add(pending_cb_messages, pending_log_message_new(severity,domain,NULL,msg_after_prefix)); *callbacks_deferred = 1; if (smartlist_len(pending_cb_messages) == 1 && pending_cb_cb) { pending_cb_cb(); } } } else { lf->callback(severity, domain, msg_after_prefix); } } else { if (write_all_to_fd_minimal(lf->fd, buf, msg_len) < 0) { /* error */ /* don't log the error! mark this log entry to be blown away, and * continue. */ lf->seems_dead = 1; } } } /** Helper: sends a message to the appropriate logfiles, at loglevel * severity. If provided, funcname is prepended to the * message. The actual message is derived as from tor_snprintf(format,ap). */ MOCK_IMPL(STATIC void, logv,(int severity, log_domain_mask_t domain, const char *funcname, const char *suffix, const char *format, va_list ap)) { char buf[10240]; size_t msg_len = 0; int formatted = 0; logfile_t *lf; char *end_of_prefix=NULL; int callbacks_deferred = 0; /* Call raw_assert, not tor_assert, since tor_assert calls log on failure. */ raw_assert(format); /* check that severity is sane. Overrunning the masks array leads to * interesting and hard to diagnose effects */ raw_assert(severity >= LOG_ERR && severity <= LOG_DEBUG); LOCK_LOGS(); if ((! (domain & LD_NOCB)) && pending_cb_messages && smartlist_len(pending_cb_messages)) flush_pending_log_callbacks(); if (queue_startup_messages && pending_startup_messages_len < MAX_STARTUP_MSG_LEN) { end_of_prefix = format_msg(buf, sizeof(buf), domain, severity, funcname, suffix, format, ap, &msg_len); formatted = 1; smartlist_add(pending_startup_messages, pending_log_message_new(severity,domain,buf,end_of_prefix)); pending_startup_messages_len += msg_len; } for (lf = logfiles; lf; lf = lf->next) { if (! logfile_wants_message(lf, severity, domain)) continue; if (!formatted) { end_of_prefix = format_msg(buf, sizeof(buf), domain, severity, funcname, suffix, format, ap, &msg_len); formatted = 1; } logfile_deliver(lf, buf, msg_len, end_of_prefix, domain, severity, &callbacks_deferred); } UNLOCK_LOGS(); } /** Output a message to the log. It gets logged to all logfiles that * care about messages with severity in domain. The content * is formatted printf-style based on format and extra arguments. * */ void tor_log(int severity, log_domain_mask_t domain, const char *format, ...) { va_list ap; /* check that domain is composed of known domains and flags */ raw_assert((domain & (LD_ALL_DOMAINS|LD_ALL_FLAGS)) == domain); if (severity > log_global_min_severity_) return; va_start(ap,format); #ifdef TOR_UNIT_TESTS if (domain & LD_NO_MOCK) logv__real(severity, domain, NULL, NULL, format, ap); else #endif logv(severity, domain, NULL, NULL, format, ap); va_end(ap); } /** Helper function; return true iff the n-element array array * contains item. */ static int int_array_contains(const int *array, int n, int item) { int j; for (j = 0; j < n; ++j) { if (array[j] == item) return 1; } return 0; } /** Function to call whenever the list of logs changes to get ready to log * from signal handlers. */ void tor_log_update_sigsafe_err_fds(void) { const logfile_t *lf; int found_real_stderr = 0; /* The fds are the file descriptors of tor's stdout, stderr, and file * logs. The log and err modules flush these fds during their shutdowns. */ int fds[TOR_SIGSAFE_LOG_MAX_FDS]; int n_fds; LOCK_LOGS(); /* Reserve the first one for stderr. This is safe because when we daemonize, * we dup2 /dev/null to stderr. */ fds[0] = STDERR_FILENO; n_fds = 1; for (lf = logfiles; lf; lf = lf->next) { /* Don't try callback to the control port, syslogs, or any * other non-file descriptor log: We can't call arbitrary functions from a * signal handler. */ if (lf->is_temporary || logfile_is_external(lf) || lf->seems_dead || lf->fd < 0) continue; if (lf->severities->masks[SEVERITY_MASK_IDX(LOG_ERR)] & (LD_BUG|LD_GENERAL)) { if (lf->fd == STDERR_FILENO) found_real_stderr = 1; /* Avoid duplicates by checking the log module fd against fds */ if (int_array_contains(fds, n_fds, lf->fd)) continue; /* Update fds using the log module's fd */ fds[n_fds] = lf->fd; n_fds++; if (n_fds == TOR_SIGSAFE_LOG_MAX_FDS) break; } } if (!found_real_stderr && int_array_contains(fds, n_fds, STDOUT_FILENO)) { /* Don't use a virtual stderr when we're also logging to stdout. * If we reached max_fds logs, we'll now have (max_fds - 1) logs. * That's ok, max_fds is large enough that most tor instances don't exceed * it. */ raw_assert(n_fds >= 2); /* Don't tor_assert inside log fns */ --n_fds; fds[0] = fds[n_fds]; } UNLOCK_LOGS(); tor_log_set_sigsafe_err_fds(fds, n_fds); } /** Add to out a copy of every currently configured log file name. Used * to enable access to these filenames with the sandbox code. */ void tor_log_get_logfile_names(smartlist_t *out) { logfile_t *lf; raw_assert(out); LOCK_LOGS(); for (lf = logfiles; lf; lf = lf->next) { if (lf->is_temporary || logfile_is_external(lf)) continue; if (lf->filename == NULL) continue; smartlist_add_strdup(out, lf->filename); } UNLOCK_LOGS(); } /** Implementation of the log_fn backend, used when we have * variadic macros. All arguments are as for log_fn, except for * fn, which is the name of the calling function. */ void log_fn_(int severity, log_domain_mask_t domain, const char *fn, const char *format, ...) { va_list ap; if (domain & LD_BUG) tor_bug_increment_count_(); if (severity > log_global_min_severity_) return; va_start(ap,format); logv(severity, domain, fn, NULL, format, ap); va_end(ap); } void log_fn_ratelim_(ratelim_t *ratelim, int severity, log_domain_mask_t domain, const char *fn, const char *format, ...) { va_list ap; char *m; if (domain & LD_BUG) tor_bug_increment_count_(); if (severity > log_global_min_severity_) return; m = rate_limit_log(ratelim, approx_time()); if (m == NULL) return; va_start(ap, format); logv(severity, domain, fn, m, format, ap); va_end(ap); tor_free(m); } /** Free all storage held by victim. */ static void log_free_(logfile_t *victim) { if (!victim) return; tor_free(victim->severities); tor_free(victim->filename); tor_free(victim); } /** Close all open log files, and free other static memory. */ void logs_free_all(void) { logfile_t *victim, *next; smartlist_t *messages, *messages2; LOCK_LOGS(); next = logfiles; logfiles = NULL; messages = pending_cb_messages; pending_cb_messages = NULL; pending_cb_cb = NULL; messages2 = pending_startup_messages; pending_startup_messages = NULL; UNLOCK_LOGS(); while (next) { victim = next; next = next->next; close_log(victim); log_free(victim); } tor_free(appname); SMARTLIST_FOREACH(messages, pending_log_message_t *, msg, { pending_log_message_free(msg); }); smartlist_free(messages); if (messages2) { SMARTLIST_FOREACH(messages2, pending_log_message_t *, msg, { pending_log_message_free(msg); }); smartlist_free(messages2); } /* We _could_ destroy the log mutex here, but that would screw up any logs * that happened between here and the end of execution. * If tor is re-initialized, log_mutex_initialized will still be 1. So we * won't trigger any undefined behaviour by trying to re-initialize the * log mutex. */ } /** Flush the signal-safe log files. * * This function is safe to call from a signal handler. It is currently called * by the BUG() macros, when terminating the process on an abnormal condition. */ void logs_flush_sigsafe(void) { /* If we don't have fsync() in unistd.h, we can't flush the logs. */ #ifdef HAVE_FSYNC logfile_t *victim, *next; /* We can't LOCK_LOGS() in a signal handler, because it may call * signal-unsafe functions. And we can't deallocate memory, either. */ next = logfiles; logfiles = NULL; while (next) { victim = next; next = next->next; if (victim->needs_close) { /* We can't do anything useful if the flush fails. */ (void)fsync(victim->fd); } } #endif /* defined(HAVE_FSYNC) */ } /** Remove and free the log entry victim from the linked-list * logfiles (it is probably present, but it might not be due to thread * racing issues). After this function is called, the caller shouldn't * refer to victim anymore. */ static void delete_log(logfile_t *victim) { logfile_t *tmpl; if (victim == logfiles) logfiles = victim->next; else { for (tmpl = logfiles; tmpl && tmpl->next != victim; tmpl=tmpl->next) ; // raw_assert(tmpl); // raw_assert(tmpl->next == victim); if (!tmpl) return; tmpl->next = victim->next; } log_free(victim); } /** Helper: release system resources (but not memory) held by a single * signal-safe logfile_t. If the log's resources can not be released in * a signal handler, does nothing. */ static void close_log_sigsafe(logfile_t *victim) { if (victim->needs_close && victim->fd >= 0) { /* We can't do anything useful here if close() fails: we're shutting * down logging, and the err module only does fatal errors. */ close(victim->fd); victim->fd = -1; } } /** Helper: release system resources (but not memory) held by a single * logfile_t. */ static void close_log(logfile_t *victim) { if (victim->needs_close) { close_log_sigsafe(victim); } else if (victim->is_syslog) { #ifdef HAVE_SYSLOG_H if (--syslog_count == 0) { /* There are no other syslogs; close the logging facility. */ closelog(); } #endif /* defined(HAVE_SYSLOG_H) */ } } /** Adjust a log severity configuration in severity_out to contain * every domain between loglevelMin and loglevelMax, inclusive. */ void set_log_severity_config(int loglevelMin, int loglevelMax, log_severity_list_t *severity_out) { int i; raw_assert(loglevelMin >= loglevelMax); raw_assert(loglevelMin >= LOG_ERR && loglevelMin <= LOG_DEBUG); raw_assert(loglevelMax >= LOG_ERR && loglevelMax <= LOG_DEBUG); memset(severity_out, 0, sizeof(log_severity_list_t)); for (i = loglevelMin; i >= loglevelMax; --i) { severity_out->masks[SEVERITY_MASK_IDX(i)] = LD_ALL_DOMAINS; } } /** Add a log handler named name to send all messages in severity * to fd. Copies severity. Helper: does no locking. */ MOCK_IMPL(STATIC void, add_stream_log_impl,(const log_severity_list_t *severity, const char *name, int fd)) { logfile_t *lf; lf = tor_malloc_zero(sizeof(logfile_t)); lf->fd = fd; lf->filename = tor_strdup(name); lf->severities = tor_memdup(severity, sizeof(log_severity_list_t)); lf->next = logfiles; logfiles = lf; log_global_min_severity_ = get_min_log_level(); } /** Add a log handler named name to send all messages in severity * to fd. Steals a reference to severity; the caller must * not use it after calling this function. */ void add_stream_log(const log_severity_list_t *severity, const char *name, int fd) { LOCK_LOGS(); add_stream_log_impl(severity, name, fd); UNLOCK_LOGS(); } /** Initialize the global logging facility */ void init_logging(int disable_startup_queue) { if (!log_mutex_initialized) { tor_mutex_init(&log_mutex); tor_bug_init_counter(); log_mutex_initialized = 1; } #ifdef __GNUC__ if (strchr(__PRETTY_FUNCTION__, '(')) { pretty_fn_has_parens = 1; } #endif if (pending_cb_messages == NULL) pending_cb_messages = smartlist_new(); if (disable_startup_queue) queue_startup_messages = 0; if (pending_startup_messages == NULL && queue_startup_messages) { pending_startup_messages = smartlist_new(); } } /** Set whether we report logging domains as a part of our log messages. */ void logs_set_domain_logging(int enabled) { LOCK_LOGS(); log_domains_are_logged = enabled; UNLOCK_LOGS(); } /** Add a log handler to accept messages when no other log is configured. */ void add_default_log(int min_severity) { log_severity_list_t *s = tor_malloc_zero(sizeof(log_severity_list_t)); set_log_severity_config(min_severity, LOG_ERR, s); LOCK_LOGS(); add_stream_log_impl(s, "", fileno(stdout)); tor_free(s); UNLOCK_LOGS(); } /** * Register "cb" as the callback to call when there are new pending log * callbacks to be flushed with flush_pending_log_callbacks(). * * Note that this callback, if present, can be invoked from any thread. * * This callback must not log. * * It is intentional that this function contains the name "callback" twice: it * sets a "callback" to be called on the condition that there is a "pending * callback". **/ void logs_set_pending_callback_callback(pending_callback_callback cb) { pending_cb_cb = cb; } /** * Add a log handler to send messages in severity * to the function cb. */ int add_callback_log(const log_severity_list_t *severity, log_callback cb) { logfile_t *lf; lf = tor_malloc_zero(sizeof(logfile_t)); lf->fd = -1; lf->severities = tor_memdup(severity, sizeof(log_severity_list_t)); lf->filename = tor_strdup(""); lf->callback = cb; lf->next = logfiles; LOCK_LOGS(); logfiles = lf; log_global_min_severity_ = get_min_log_level(); UNLOCK_LOGS(); return 0; } /** Adjust the configured severity of any logs whose callback function is * cb. */ void change_callback_log_severity(int loglevelMin, int loglevelMax, log_callback cb) { logfile_t *lf; log_severity_list_t severities; set_log_severity_config(loglevelMin, loglevelMax, &severities); LOCK_LOGS(); for (lf = logfiles; lf; lf = lf->next) { if (lf->callback == cb) { memcpy(lf->severities, &severities, sizeof(severities)); } } log_global_min_severity_ = get_min_log_level(); UNLOCK_LOGS(); } /** If there are any log messages that were generated with LD_NOCB waiting to * be sent to callback-based loggers, send them now. */ void flush_pending_log_callbacks(void) { logfile_t *lf; smartlist_t *messages, *messages_tmp; LOCK_LOGS(); if (!pending_cb_messages || 0 == smartlist_len(pending_cb_messages)) { UNLOCK_LOGS(); return; } messages = pending_cb_messages; pending_cb_messages = smartlist_new(); do { SMARTLIST_FOREACH_BEGIN(messages, pending_log_message_t *, msg) { const int severity = msg->severity; const log_domain_mask_t domain = msg->domain; for (lf = logfiles; lf; lf = lf->next) { if (! lf->callback || lf->seems_dead || ! (lf->severities->masks[SEVERITY_MASK_IDX(severity)] & domain)) { continue; } lf->callback(severity, domain, msg->msg); } pending_log_message_free(msg); } SMARTLIST_FOREACH_END(msg); smartlist_clear(messages); messages_tmp = pending_cb_messages; pending_cb_messages = messages; messages = messages_tmp; } while (smartlist_len(messages)); smartlist_free(messages); UNLOCK_LOGS(); } /** Flush all the messages we stored from startup while waiting for log * initialization. */ void flush_log_messages_from_startup(void) { logfile_t *lf; LOCK_LOGS(); queue_startup_messages = 0; pending_startup_messages_len = 0; if (! pending_startup_messages) goto out; SMARTLIST_FOREACH_BEGIN(pending_startup_messages, pending_log_message_t *, msg) { int callbacks_deferred = 0; for (lf = logfiles; lf; lf = lf->next) { if (! logfile_wants_message(lf, msg->severity, msg->domain)) continue; /* We configure a temporary startup log that goes to stdout, so we * shouldn't replay to stdout/stderr*/ if (lf->fd == STDOUT_FILENO || lf->fd == STDERR_FILENO) { continue; } logfile_deliver(lf, msg->fullmsg, strlen(msg->fullmsg), msg->msg, msg->domain, msg->severity, &callbacks_deferred); } pending_log_message_free(msg); } SMARTLIST_FOREACH_END(msg); smartlist_free(pending_startup_messages); pending_startup_messages = NULL; out: UNLOCK_LOGS(); } /** Close any log handlers marked by mark_logs_temp(). */ void close_temp_logs(void) { logfile_t *lf, **p; LOCK_LOGS(); for (p = &logfiles; *p; ) { if ((*p)->is_temporary) { lf = *p; /* we use *p here to handle the edge case of the head of the list */ *p = (*p)->next; close_log(lf); log_free(lf); } else { p = &((*p)->next); } } log_global_min_severity_ = get_min_log_level(); UNLOCK_LOGS(); } /** Make all currently temporary logs (set to be closed by close_temp_logs) * live again, and close all non-temporary logs. */ void rollback_log_changes(void) { logfile_t *lf; LOCK_LOGS(); for (lf = logfiles; lf; lf = lf->next) lf->is_temporary = ! lf->is_temporary; UNLOCK_LOGS(); close_temp_logs(); } /** Configure all log handles to be closed by close_temp_logs(). */ void mark_logs_temp(void) { logfile_t *lf; LOCK_LOGS(); for (lf = logfiles; lf; lf = lf->next) lf->is_temporary = 1; UNLOCK_LOGS(); } /** * Add a log handler to send messages to filename via fd. If * opening the logfile failed, -1 is returned and errno is set appropriately * (by open(2)). Takes ownership of fd. */ MOCK_IMPL(int, add_file_log,(const log_severity_list_t *severity, const char *filename, int fd)) { logfile_t *lf; if (fd<0) return -1; if (tor_fd_seekend(fd)<0) { close(fd); return -1; } LOCK_LOGS(); add_stream_log_impl(severity, filename, fd); logfiles->needs_close = 1; lf = logfiles; log_global_min_severity_ = get_min_log_level(); if (log_tor_version(lf, 0) < 0) { delete_log(lf); } UNLOCK_LOGS(); return 0; } #ifdef HAVE_SYSLOG_H /** * Add a log handler to send messages to they system log facility. * * If this is the first log handler, opens syslog with ident Tor or * Tor- if that is not NULL. */ int add_syslog_log(const log_severity_list_t *severity, const char* syslog_identity_tag) { logfile_t *lf; if (syslog_count++ == 0) { /* This is the first syslog. */ static char buf[256]; if (syslog_identity_tag) { tor_snprintf(buf, sizeof(buf), "Tor-%s", syslog_identity_tag); } else { tor_snprintf(buf, sizeof(buf), "Tor"); } openlog(buf, LOG_PID | LOG_NDELAY, LOGFACILITY); } lf = tor_malloc_zero(sizeof(logfile_t)); lf->fd = -1; lf->severities = tor_memdup(severity, sizeof(log_severity_list_t)); lf->filename = tor_strdup(""); lf->is_syslog = 1; LOCK_LOGS(); lf->next = logfiles; logfiles = lf; log_global_min_severity_ = get_min_log_level(); UNLOCK_LOGS(); return 0; } #endif /* defined(HAVE_SYSLOG_H) */ /** If level is a valid log severity, return the corresponding * numeric value. Otherwise, return -1. */ int parse_log_level(const char *level) { if (!strcasecmp(level, "err")) return LOG_ERR; if (!strcasecmp(level, "warn")) return LOG_WARN; if (!strcasecmp(level, "notice")) return LOG_NOTICE; if (!strcasecmp(level, "info")) return LOG_INFO; if (!strcasecmp(level, "debug")) return LOG_DEBUG; return -1; } /** Return the string equivalent of a given log level. */ const char * log_level_to_string(int level) { return sev_to_string(level); } /** NULL-terminated array of names for log domains such that domain_list[dom] * is a description of dom. * * Remember to update doc/man/tor.1.txt if you modify this list. * */ static const char *domain_list[] = { "GENERAL", "CRYPTO", "NET", "CONFIG", "FS", "PROTOCOL", "MM", "HTTP", "APP", "CONTROL", "CIRC", "REND", "BUG", "DIR", "DIRSERV", "OR", "EDGE", "ACCT", "HIST", "HANDSHAKE", "HEARTBEAT", "CHANNEL", "SCHED", "GUARD", "CONSDIFF", "DOS", "PROCESS", "PT", "BTRACK", "MESG", NULL }; CTASSERT(ARRAY_LENGTH(domain_list) == N_LOGGING_DOMAINS + 1); CTASSERT(HIGHEST_RESERVED_LD_DOMAIN_ < LD_ALL_DOMAINS); CTASSERT(LD_ALL_DOMAINS < LOWEST_RESERVED_LD_FLAG_); CTASSERT(LOWEST_RESERVED_LD_FLAG_ < LD_ALL_FLAGS); /** Return a bitmask for the log domain for which domain is the name, * or 0 if there is no such name. */ static log_domain_mask_t parse_log_domain(const char *domain) { int i; for (i=0; domain_list[i]; ++i) { if (!strcasecmp(domain, domain_list[i])) return (UINT64_C(1)<= ARRAY_LENGTH(domain_list)-1 || bit >= N_LOGGING_DOMAINS) { tor_snprintf(buf, buflen, "", (long)domain); return buf+strlen(buf); } d = domain_list[bit]; n = strlcpy(cp, d, eos-cp); if (n >= buflen) { tor_snprintf(buf, buflen, "", (long)domain); return buf+strlen(buf); } cp += n; domain &= ~(1<cfg_ptr. Advance cfg_ptr after * the end of the severityPattern. Set the value of severity_out to * the parsed pattern. Return 0 on success, -1 on failure. * * The syntax for a SeverityPattern is: *
 *   SeverityPattern = *(DomainSeverity SP)* DomainSeverity
 *   DomainSeverity = (DomainList SP)? SeverityRange
 *   SeverityRange = MinSeverity ("-" MaxSeverity )?
 *   DomainList = "[" (SP? DomainSpec SP? ",") SP? DomainSpec "]"
 *   DomainSpec = "*" | Domain | "~" Domain
 * 
* A missing MaxSeverity defaults to ERR. Severities and domains are * case-insensitive. "~" indicates negation for a domain; negation happens * last inside a DomainList. Only one SeverityRange without a DomainList is * allowed per line. */ int parse_log_severity_config(const char **cfg_ptr, log_severity_list_t *severity_out) { const char *cfg = *cfg_ptr; int got_anything = 0; int got_an_unqualified_range = 0; memset(severity_out, 0, sizeof(*severity_out)); cfg = eat_whitespace(cfg); while (*cfg) { const char *dash, *space; char *sev_lo, *sev_hi; int low, high, i; log_domain_mask_t domains = LD_ALL_DOMAINS; if (*cfg == '[') { int err = 0; char *domains_str; smartlist_t *domains_list; log_domain_mask_t neg_domains = 0; const char *closebracket = strchr(cfg, ']'); if (!closebracket) return -1; domains = 0; domains_str = tor_strndup(cfg+1, closebracket-cfg-1); domains_list = smartlist_new(); smartlist_split_string(domains_list, domains_str, ",", SPLIT_SKIP_SPACE, -1); tor_free(domains_str); SMARTLIST_FOREACH_BEGIN(domains_list, const char *, domain) { if (!strcmp(domain, "*")) { domains = LD_ALL_DOMAINS; } else { log_domain_mask_t d; int negate=0; if (*domain == '~') { negate = 1; ++domain; } d = parse_log_domain(domain); if (!d) { log_warn(LD_CONFIG, "No such logging domain as %s", domain); err = 1; } else { if (negate) neg_domains |= d; else domains |= d; } } } SMARTLIST_FOREACH_END(domain); SMARTLIST_FOREACH(domains_list, char *, d, tor_free(d)); smartlist_free(domains_list); if (err) return -1; if (domains == 0 && neg_domains) domains = ~neg_domains; else domains &= ~neg_domains; cfg = eat_whitespace(closebracket+1); } else { ++got_an_unqualified_range; } if (!strcasecmpstart(cfg, "file") || !strcasecmpstart(cfg, "stderr") || !strcasecmpstart(cfg, "stdout") || !strcasecmpstart(cfg, "syslog")) { goto done; } if (got_an_unqualified_range > 1) return -1; space = find_whitespace(cfg); dash = strchr(cfg, '-'); if (dash && dash < space) { sev_lo = tor_strndup(cfg, dash-cfg); sev_hi = tor_strndup(dash+1, space-(dash+1)); } else { sev_lo = tor_strndup(cfg, space-cfg); sev_hi = tor_strdup("ERR"); } low = parse_log_level(sev_lo); high = parse_log_level(sev_hi); tor_free(sev_lo); tor_free(sev_hi); if (low == -1) return -1; if (high == -1) return -1; got_anything = 1; for (i=low; i >= high; --i) severity_out->masks[SEVERITY_MASK_IDX(i)] |= domains; cfg = eat_whitespace(space); } done: *cfg_ptr = cfg; return got_anything ? 0 : -1; } /** Return the least severe log level that any current log is interested in. */ int get_min_log_level(void) { logfile_t *lf; int i; int min = LOG_ERR; for (lf = logfiles; lf; lf = lf->next) { for (i = LOG_DEBUG; i > min; --i) if (lf->severities->masks[SEVERITY_MASK_IDX(i)]) min = i; } return min; } /** Switch all logs to output at most verbose level. */ void switch_logs_debug(void) { logfile_t *lf; int i; LOCK_LOGS(); for (lf = logfiles; lf; lf=lf->next) { for (i = LOG_DEBUG; i >= LOG_ERR; --i) lf->severities->masks[SEVERITY_MASK_IDX(i)] = LD_ALL_DOMAINS; } log_global_min_severity_ = get_min_log_level(); UNLOCK_LOGS(); } /** Truncate all the log files. */ void truncate_logs(void) { logfile_t *lf; for (lf = logfiles; lf; lf = lf->next) { if (lf->fd >= 0) { tor_ftruncate(lf->fd); } } }