summaryrefslogtreecommitdiff
path: root/log.c
diff options
context:
space:
mode:
authorBen Fuhrmannek2016-02-18 13:35:20 +0100
committerBen Fuhrmannek2016-02-18 13:35:20 +0100
commiteebffdb4e6fb1d62d64f3de96cfee62f39f8448e (patch)
treebdf99f0996528f9266d3a5b84c19ee961bdfeb4a /log.c
parent416f24c6164f6d147fae0d271936292b0ba89ed9 (diff)
(some) logging
Diffstat (limited to 'log.c')
-rw-r--r--log.c439
1 files changed, 439 insertions, 0 deletions
diff --git a/log.c b/log.c
new file mode 100644
index 0000000..5e18fac
--- /dev/null
+++ b/log.c
@@ -0,0 +1,439 @@
1/*
2 +----------------------------------------------------------------------+
3 | Suhosin Version 1 |
4 +----------------------------------------------------------------------+
5 | Copyright (c) 2006-2007 The Hardened-PHP Project |
6 | Copyright (c) 2007-2015 SektionEins GmbH |
7 +----------------------------------------------------------------------+
8 | This source file is subject to version 3.01 of the PHP license, |
9 | that is bundled with this package in the file LICENSE, and is |
10 | available through the world-wide-web at the following url: |
11 | http://www.php.net/license/3_01.txt |
12 | If you did not receive a copy of the PHP license and are unable to |
13 | obtain it through the world-wide-web, please send a note to |
14 | license@php.net so we can mail you a copy immediately. |
15 +----------------------------------------------------------------------+
16 | Author: Stefan Esser <sesser@sektioneins.de> |
17 +----------------------------------------------------------------------+
18*/
19/*
20 $Id: log.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $
21*/
22
23#ifdef HAVE_CONFIG_H
24#include "config.h"
25#endif
26
27#include "php.h"
28#include "php_ini.h"
29#include "php_suhosin7.h"
30#include <fcntl.h>
31#include "SAPI.h"
32#include "ext/standard/datetime.h"
33#include "ext/standard/flock_compat.h"
34
35#ifdef HAVE_SYS_SOCKET_H
36#include <sys/socket.h>
37#endif
38
39#ifdef HAVE_SYS_TIME_H
40#include <sys/time.h>
41#elif defined(PHP_WIN32)
42#include "win32/time.h"
43#endif
44
45#if defined(PHP_WIN32) || defined(__riscos__) || defined(NETWARE)
46#undef AF_UNIX
47#endif
48
49#if defined(AF_UNIX)
50#include <sys/un.h>
51#endif
52
53#define SYSLOG_PATH "/dev/log"
54
55#include "snprintf.h"
56
57#ifdef PHP_WIN32
58static HANDLE log_source = 0;
59#endif
60
61
62static char *loglevel2string(int loglevel)
63{
64 switch (loglevel) {
65 case S_FILES:
66 return "FILES";
67 case S_INCLUDE:
68 return "INCLUDE";
69 case S_MEMORY:
70 return "MEMORY";
71 case S_MISC:
72 return "MISC";
73 case S_MAIL:
74 return "MAIL";
75 case S_SESSION:
76 return "SESSION";
77 case S_SQL:
78 return "SQL";
79 case S_EXECUTOR:
80 return "EXECUTOR";
81 case S_VARS:
82 return "VARS";
83 default:
84 return "UNKNOWN";
85 }
86}
87
88static char *month_names[] = {
89 "Jan", "Feb", "Mar", "Apr", "May", "Jun",
90 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
91};
92
93PHP_SUHOSIN7_API void suhosin_log(int loglevel, char *fmt, ...)
94{
95 int s, r, i=0, fd;
96 long written, towrite;
97 int getcaller=0;
98 char *wbuf;
99 struct timeval tv;
100 time_t now;
101 struct tm tm;
102#if defined(AF_UNIX)
103 struct sockaddr_un saun;
104#endif
105#ifdef PHP_WIN32
106 LPTSTR strs[2];
107 unsigned short etype;
108 DWORD evid;
109#endif
110 char buf[5000];
111 char error[5000];
112 char *ip_address;
113 char *fname;
114 char *alertstring;
115 int lineno = 0;
116 va_list ap;
117 // TSRMLS_FETCH();
118
119 getcaller = (loglevel & S_GETCALLER) == S_GETCALLER;
120
121 /* remove the S_GETCALLER flag */
122 loglevel = loglevel & ~S_GETCALLER;
123
124 // SDEBUG("(suhosin_log) loglevel: %d log_syslog: %ld - log_sapi: %ld - log_script: %ld", loglevel, SUHOSIN7_G(log_syslog), SUHOSIN7_G(log_sapi), SUHOSIN7_G(log_script));
125 SDEBUG("(suhosin_log) loglevel: %d - log_sapi: %ld - log_stdout: %ld", loglevel, SUHOSIN7_G(log_sapi), SUHOSIN7_G(log_stdout));
126
127 /* dump core if wanted */
128 if (SUHOSIN7_G(coredump) && loglevel == S_MEMORY) {
129 volatile unsigned int *x = 0;
130 volatile int y = *x;
131 }
132
133 if (SUHOSIN7_G(log_use_x_forwarded_for)) {
134 ip_address = suhosin_getenv("HTTP_X_FORWARDED_FOR", 20);
135 if (ip_address == NULL) {
136 ip_address = "X-FORWARDED-FOR not set";
137 }
138 } else {
139 ip_address = suhosin_getenv("REMOTE_ADDR", 11);
140 if (ip_address == NULL) {
141 ip_address = "REMOTE_ADDR not set";
142 }
143 }
144
145
146 va_start(ap, fmt);
147 ap_php_vsnprintf(error, sizeof(error), fmt, ap);
148 va_end(ap);
149 while (error[i]) {
150 if (error[i] < 32) error[i] = '.';
151 i++;
152 }
153
154 if (SUHOSIN7_G(simulation)) {
155 alertstring = "ALERT-SIMULATION";
156 } else {
157 alertstring = "ALERT";
158 }
159
160 if (zend_is_executing(TSRMLS_C)) {
161 zend_execute_data *exdata = EG(current_execute_data);
162 if (exdata) {
163 if (getcaller && exdata->prev_execute_data && exdata->prev_execute_data->opline && exdata->prev_execute_data->func) {
164 lineno = exdata->prev_execute_data->opline->lineno;
165 fname = (char *)ZSTR_VAL(exdata->prev_execute_data->func->op_array.filename);
166 } else if (exdata->opline && exdata->func) {
167 lineno = exdata->opline->lineno;
168 fname = (char *)ZSTR_VAL(exdata->func->op_array.filename);
169 } else {
170 lineno = 0;
171 fname = "[unknown filename]";
172 }
173 } else {
174 lineno = zend_get_executed_lineno(TSRMLS_C);
175 fname = (char *)zend_get_executed_filename(TSRMLS_C);
176 }
177 ap_php_snprintf(buf, sizeof(buf), "%s - %s (attacker '%s', file '%s', line %u)", alertstring, error, ip_address, fname, lineno);
178 } else {
179 fname = suhosin_getenv("SCRIPT_FILENAME", 15);
180 if (fname==NULL) {
181 fname = "unknown";
182 }
183 ap_php_snprintf(buf, sizeof(buf), "%s - %s (attacker '%s', file '%s')", alertstring, error, ip_address, fname);
184 }
185
186 /* Syslog-Logging disabled? */
187// if (((SUHOSIN7_G(log_syslog)|S_INTERNAL) & loglevel)==0) {
188// goto log_file;
189// }
190//
191// #if defined(AF_UNIX)
192// ap_php_snprintf(error, sizeof(error), "<%u>suhosin[%u]: %s\n", (unsigned int)(SUHOSIN7_G(log_syslog_facility)|SUHOSIN7_G(log_syslog_priority)),getpid(),buf);
193//
194// s = socket(AF_UNIX, SOCK_DGRAM, 0);
195// if (s == -1) {
196// goto log_file;
197// }
198//
199// memset(&saun, 0, sizeof(saun));
200// saun.sun_family = AF_UNIX;
201// strcpy(saun.sun_path, SYSLOG_PATH);
202// /*saun.sun_len = sizeof(saun);*/
203//
204// r = connect(s, (struct sockaddr *)&saun, sizeof(saun));
205// if (r) {
206// close(s);
207// s = socket(AF_UNIX, SOCK_STREAM, 0);
208// if (s == -1) {
209// goto log_file;
210// }
211//
212// memset(&saun, 0, sizeof(saun));
213// saun.sun_family = AF_UNIX;
214// strcpy(saun.sun_path, SYSLOG_PATH);
215// /*saun.sun_len = sizeof(saun);*/
216//
217// r = connect(s, (struct sockaddr *)&saun, sizeof(saun));
218// if (r) {
219// close(s);
220// goto log_file;
221// }
222// }
223// send(s, error, strlen(error), 0);
224//
225// close(s);
226// #endif
227// #ifdef PHP_WIN32
228// ap_php_snprintf(error, sizeof(error), "suhosin[%u]: %s", getpid(),buf);
229//
230// switch (SUHOSIN7_G(log_syslog_priority)) { /* translate UNIX type into NT type */
231// case 1: /*LOG_ALERT:*/
232// etype = EVENTLOG_ERROR_TYPE;
233// break;
234// case 6: /*LOG_INFO:*/
235// etype = EVENTLOG_INFORMATION_TYPE;
236// break;
237// default:
238// etype = EVENTLOG_WARNING_TYPE;
239// }
240// evid = loglevel;
241// strs[0] = error;
242// /* report the event */
243// if (log_source == NULL) {
244// log_source = RegisterEventSource(NULL, "Suhosin-" SUHOSIN_EXT_VERSION);
245// }
246// ReportEvent(log_source, etype, (unsigned short) SUHOSIN7_G(log_syslog_priority), evid, NULL, 1, 0, strs, NULL);
247//
248// #endif
249log_file:
250 /* File-Logging disabled? */
251 if ((SUHOSIN7_G(log_file) & loglevel)==0) {
252 goto log_sapi;
253 }
254
255 if (!SUHOSIN7_G(log_filename) || !SUHOSIN7_G(log_filename)[0]) {
256 goto log_sapi;
257 }
258 fd = open(SUHOSIN7_G(log_filename), O_CREAT|O_APPEND|O_WRONLY, 0640);
259 if (fd == -1) {
260 suhosin_log(S_INTERNAL, "Unable to open logfile: %s", SUHOSIN7_G(log_filename));
261 return;
262 }
263
264 if (SUHOSIN7_G(log_file_time)) {
265 gettimeofday(&tv, NULL);
266 now = tv.tv_sec;
267 php_localtime_r(&now, &tm);
268 ap_php_snprintf(error, sizeof(error), "%s %2d %02d:%02d:%02d [%u] %s\n", month_names[tm.tm_mon], tm.tm_mday, tm.tm_hour, tm.tm_min, tm.tm_sec, getpid(),buf);
269 } else {
270 ap_php_snprintf(error, sizeof(error), "%s\n", buf);
271 }
272 towrite = strlen(error);
273 wbuf = error;
274 php_flock(fd, LOCK_EX);
275 while (towrite > 0) {
276 written = write(fd, wbuf, towrite);
277 if (written < 0) {
278 break;
279 }
280 towrite -= written;
281 wbuf += written;
282 }
283 php_flock(fd, LOCK_UN);
284 close(fd);
285
286log_sapi:
287 /* SAPI Logging activated? */
288 // SDEBUG("(suhosin_log) log_syslog: %ld - log_sapi: %ld - log_script: %ld - log_phpscript: %ld", SUHOSIN7_G(log_syslog), SUHOSIN7_G(log_sapi), SUHOSIN7_G(log_script), SUHOSIN7_G(log_phpscript));
289 if (sapi_module.log_message && ((SUHOSIN7_G(log_sapi)|S_INTERNAL) & loglevel)!=0) {
290 sapi_module.log_message(buf TSRMLS_CC);
291 }
292 if ((SUHOSIN7_G(log_stdout) & loglevel)!=0) {
293 fprintf(stdout, "%s\n", buf);
294 }
295
296/*log_script:*/
297 /* script logging activated? */
298// if (((SUHOSIN7_G(log_script) & loglevel)!=0) && SUHOSIN7_G(log_scriptname)!=NULL) {
299// char cmd[8192], *cmdpos, *bufpos;
300// FILE *in;
301// int space;
302// struct stat st;
303//
304// char *sname = SUHOSIN7_G(log_scriptname);
305// while (isspace(*sname)) ++sname;
306// if (*sname == 0) goto log_phpscript;
307//
308// if (VCWD_STAT(sname, &st) < 0) {
309// suhosin_log(S_INTERNAL, "unable to find logging shell script %s - file dropped", sname);
310// goto log_phpscript;
311// }
312// if (access(sname, X_OK|R_OK) < 0) {
313// suhosin_log(S_INTERNAL, "logging shell script %s is not executable - file dropped", sname);
314// goto log_phpscript;
315// }
316//
317// /* TODO: clean up this code to calculate size of output dynamically */
318// ap_php_snprintf(cmd, sizeof(cmd) - 20, "%s %s \'", sname, loglevel2string(loglevel));
319// space = sizeof(cmd) - strlen(cmd) - 20;
320// cmdpos = cmd + strlen(cmd);
321// bufpos = buf;
322// if (space <= 1) return;
323// while (space > 2 && *bufpos) {
324// if (*bufpos == '\'') {
325// if (space<=5) break;
326// *cmdpos++ = '\'';
327// *cmdpos++ = '\\';
328// *cmdpos++ = '\'';
329// *cmdpos++ = '\'';
330// bufpos++;
331// space-=4;
332// } else {
333// *cmdpos++ = *bufpos++;
334// space--;
335// }
336// }
337// *cmdpos++ = '\'';
338// *cmdpos++ = ' ';
339// *cmdpos++ = '2';
340// *cmdpos++ = '>';
341// *cmdpos++ = '&';
342// *cmdpos++ = '1';
343// *cmdpos = 0;
344//
345// if ((in=VCWD_POPEN(cmd, "r"))==NULL) {
346// suhosin_log(S_INTERNAL, "Unable to execute logging shell script: %s", sname);
347// goto log_phpscript;
348// }
349// /* read and forget the result */
350// while (1) {
351// int readbytes = fread(cmd, 1, sizeof(cmd), in);
352// if (readbytes<=0) {
353// break;
354// }
355// if (strncmp(cmd, "sh: ", 4) == 0) {
356// /* assume this is an error */
357// suhosin_log(S_INTERNAL, "Error while executing logging shell script: %s", sname);
358// pclose(in);
359// goto log_phpscript;
360// }
361// }
362// pclose(in);
363// }
364// log_phpscript:
365// if ((SUHOSIN7_G(log_phpscript) & loglevel)!=0 && EG(in_execution) && SUHOSIN7_G(log_phpscriptname) && SUHOSIN7_G(log_phpscriptname)[0]) {
366// zend_file_handle file_handle;
367// zend_op_array *new_op_array;
368// zval *result = NULL;
369//
370// long orig_execution_depth = SUHOSIN7_G(execution_depth);
371// char *orig_basedir = PG(open_basedir);
372//
373// char *phpscript = SUHOSIN7_G(log_phpscriptname);
374// SDEBUG("scriptname %s", SUHOSIN7_G(log_phpscriptname));
375// if (zend_stream_open(phpscript, &file_handle TSRMLS_CC) == SUCCESS) {
376// if (!file_handle.opened_path) {
377// file_handle.opened_path = estrndup(phpscript, strlen(phpscript));
378// }
379// new_op_array = zend_compile_file(&file_handle, ZEND_REQUIRE TSRMLS_CC);
380// zend_destroy_file_handle(&file_handle TSRMLS_CC);
381// if (new_op_array) {
382// HashTable *active_symbol_table = EG(active_symbol_table);
383// zval *zerror, *zerror_class;
384//
385// if (active_symbol_table == NULL) {
386// active_symbol_table = &EG(symbol_table);
387// }
388// EG(return_value_ptr_ptr) = &result;
389// EG(active_op_array) = new_op_array;
390//
391// MAKE_STD_ZVAL(zerror);
392// MAKE_STD_ZVAL(zerror_class);
393// ZVAL_STRING(zerror, buf, 1);
394// ZVAL_LONG(zerror_class, loglevel);
395//
396// zend_hash_update(active_symbol_table, "SUHOSIN_ERROR", sizeof("SUHOSIN_ERROR"), (void **)&zerror, sizeof(zval *), NULL);
397// zend_hash_update(active_symbol_table, "SUHOSIN_ERRORCLASS", sizeof("SUHOSIN_ERRORCLASS"), (void **)&zerror_class, sizeof(zval *), NULL);
398//
399// SUHOSIN7_G(execution_depth) = 0;
400// if (SUHOSIN7_G(log_phpscript_is_safe)) {
401// PG(open_basedir) = NULL;
402// }
403//
404// zend_execute(new_op_array TSRMLS_CC);
405//
406// SUHOSIN7_G(execution_depth) = orig_execution_depth;
407// PG(open_basedir) = orig_basedir;
408//
409// destroy_op_array(new_op_array TSRMLS_CC);
410// efree(new_op_array);
411//
412// if (!EG(exception))
413// {
414// if (EG(return_value_ptr_ptr)) {
415// zval_ptr_dtor(EG(return_value_ptr_ptr));
416// EG(return_value_ptr_ptr) = NULL;
417// }
418// }
419// } else {
420// suhosin_log(S_INTERNAL, "Unable to execute logging PHP script: %s", SUHOSIN7_G(log_phpscriptname));
421// return;
422// }
423// } else {
424// suhosin_log(S_INTERNAL, "Unable to execute logging PHP script: %s", SUHOSIN7_G(log_phpscriptname));
425// return;
426// }
427// }
428//
429}
430
431
432/*
433 * Local variables:
434 * tab-width: 4
435 * c-basic-offset: 4
436 * End:
437 * vim600: noet sw=4 ts=4 fdm=marker
438 * vim<600: noet sw=4 ts=4
439 */