add ability to log to files with log access <path>

2023-07-24 08:50:49 +00:00 · 2023-07-24 08:50:49 +00:00 · 226f13ece0
parent 3826d7de43
commit 226f13ece0
6 changed files with 48 additions and 3 deletions
--- a/config.c
+++ b/config.c
@ -69,6 +69,7 @@ config_purge(struct conf *conf)
 	ps = conf->ps;
 	use_privsep_crypto = conf->use_privsep_crypto;

+	free(conf->log_access);
 	free_mime(&conf->mime);
 	TAILQ_FOREACH_SAFE(f, &conf->fcgi, fcgi, tf) {
 		TAILQ_REMOVE(&conf->fcgi, f, fcgi);
--- a/gmid.c
+++ b/gmid.c
@ -320,6 +320,16 @@ static int
 main_configure(struct conf *conf)
 {
 	struct privsep	*ps = conf->ps;
+	int fd = -1;
+
+	if (!debug) {
+		if (conf->log_access && (fd = open(conf->log_access,
+		    O_WRONLY|O_CREAT|O_APPEND, 0600)) == -1)
+			log_warn("can't open %s", conf->log_access);
+		if (proc_compose_imsg(ps, PROC_LOGGER, -1, IMSG_LOG_TYPE,
+		    -1, fd, NULL, 0) == -1)
+			return -1;
+	}

 	conf->reload = conf->prefork + 1; /* servers, crypto */

--- a/gmid.conf.5
+++ b/gmid.conf.5
@ -129,6 +129,18 @@ paths.
 Defaults to the
 .Ic user
 home directory, if provided.
+.It Ic log Ar options
+Specify logging options.
+Multiple options may be provided within curly braces.
+The available options are as follows:
+.Bl -tag -width Ds
+.It Ic syslog
+Log to syslog.
+This is the default behaviour.
+.It Ic access Ar file
+Log the requests to
+.Ar file .
+.El
 .It Ic prefork Ar number
 Run the specified number of server processes.
 This increases the performance and prevents delays when connecting to
--- a/gmid.h
+++ b/gmid.h
@ -241,6 +241,7 @@ struct conf {
 	char		 user[LOGIN_NAME_MAX];
 	int		 prefork;
 	int		 reload;
+	char		*log_access;
 	int		 use_privsep_crypto;

 	struct fcgihead	 fcgi;
--- a/parse.y
+++ b/parse.y
@ -122,7 +122,7 @@ typedef struct {
 /* for bison: */
 /* %define parse.error verbose */

-%token	ALIAS AUTO
+%token	ACCESS ALIAS AUTO
 %token	BLOCK
 %token	CA CERT CHROOT CLIENT
 %token	DEFAULT
@ -133,7 +133,7 @@ typedef struct {
 %token	OCSP OFF ON
 %token	PARAM PORT PREFORK PROTO PROTOCOLS PROXY
 %token	RELAY_TO REQUIRE RETURN ROOT
-%token	SERVER SNI SOCKET STRIP
+%token	SERVER SNI SOCKET STRIP SYSLOG
 %token	TCP TOEXT TYPE TYPES
 %token	USE_TLS USER
 %token	VERIFYNAME
@ -232,6 +232,7 @@ option		: CHROOT string	{
 			else
 				default_host = "0.0.0.0";
 		}
+		| log
 		| PORT NUM {
 			yywarn("option `port' is deprecated,"
 			    " please use `listen on'");
@ -251,6 +252,24 @@ option		: CHROOT string	{
 		}
 		;

+log		: LOG '{' optnl logopts '}'
+		| LOG logopt
+		;
+
+logopts		: /* empty */
+		| logopts logopt optnl
+		;
+
+logopt		: SYSLOG		{
+			free(conf->log_access);
+			conf->log_access = NULL;
+		}
+		| ACCESS string		{
+			free(conf->log_access);
+			conf->log_access = $2;
+		}
+		;
+
 vhost		: SERVER string {
 			host = new_vhost();
 			TAILQ_INSERT_HEAD(&conf->hosts, host, vhosts);
@ -576,6 +595,7 @@ static const struct keyword {
 	int token;
 } keywords[] = {
 	/* these MUST be sorted */
+	{"access", ACCESS},
 	{"alias", ALIAS},
 	{"auto", AUTO},
 	{"block", BLOCK},
@ -611,6 +631,7 @@ static const struct keyword {
 	{"sni", SNI},
 	{"socket", SOCKET},
 	{"strip", STRIP},
+	{"syslog", SYSLOG},
 	{"tcp", TCP},
 	{"to-ext", TOEXT},
 	{"type", TYPE},
--- a/sandbox.c
+++ b/sandbox.c
@ -24,7 +24,7 @@
 void
 sandbox_main_process(void)
 {
-	if (pledge("stdio rpath inet dns sendfd", NULL) == -1)
+	if (pledge("stdio rpath wpath cpath inet dns sendfd", NULL) == -1)
 		fatal("pledge");
 }