From 504f02992ace82a5520bc0ca43d9562c077a06e4 Mon Sep 17 00:00:00 2001 From: Thibault "bui" Koechlin Date: Sat, 31 Aug 2019 15:32:36 +0200 Subject: Support direct syslog logging Add the possibility to log directly into the syslog, instead of using php's log system.--- src/php_snuffleupagus.h | 1 + src/sp_config.c | 1 + src/sp_config.h | 4 ++++ src/sp_config_keywords.c | 19 +++++++++++++++++++ src/sp_config_keywords.h | 1 + src/sp_utils.c | 19 ++++++++++++++++++- .../broken_conf_invalid_log_media.phpt | 14 ++++++++++++++ .../config/broken_conf_invalid_log_media.ini | 1 + 8 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 src/tests/broken_configuration/broken_conf_invalid_log_media.phpt create mode 100644 src/tests/broken_configuration/config/broken_conf_invalid_log_media.ini (limited to 'src') diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index 43131fe..1c45653 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h @@ -22,6 +22,7 @@ #include #include #include +#include #include "SAPI.h" #include "ext/session/php_session.h" diff --git a/src/sp_config.c b/src/sp_config.c index 25223f2..69730e3 100644 --- a/src/sp_config.c +++ b/src/sp_config.c @@ -9,6 +9,7 @@ size_t sp_line_no; sp_config_tokens const sp_func[] = { {.func = parse_unserialize, .token = SP_TOKEN_UNSERIALIZE_HMAC}, {.func = parse_random, .token = SP_TOKEN_HARDEN_RANDOM}, + {.func = parse_log_media, .token = SP_TOKEN_LOG_MEDIA}, {.func = parse_disabled_functions, .token = SP_TOKEN_DISABLE_FUNC}, {.func = parse_readonly_exec, .token = SP_TOKEN_READONLY_EXEC}, {.func = parse_global_strict, .token = SP_TOKEN_GLOBAL_STRICT}, diff --git a/src/sp_config.h b/src/sp_config.h index 9d58359..b06e8be 100644 --- a/src/sp_config.h +++ b/src/sp_config.h @@ -28,6 +28,8 @@ typedef enum { SP_PHP_TYPE_REFERENCE = IS_REFERENCE } sp_php_type; +typedef enum { SP_ZEND = 0, SP_SYSLOG = 1 } sp_log_media; + typedef struct { int ip_version; union { @@ -175,6 +177,7 @@ typedef struct { sp_config_wrapper *config_wrapper; sp_config_session *config_session; bool hook_execute; + char log_media; HashTable *config_disabled_functions; HashTable *config_disabled_functions_hooked; @@ -260,6 +263,7 @@ typedef struct { // Global configuration options #define SP_TOKEN_ENCRYPTION_KEY ".secret_key(" #define SP_TOKEN_ENV_VAR ".cookie_env_var(" +#define SP_TOKEN_LOG_MEDIA ".log_media(" // upload_validator #define SP_TOKEN_UPLOAD_SCRIPT ".script(" diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index abb3110..aebe45c 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c @@ -83,6 +83,25 @@ int parse_random(char *line) { NULL); } +int parse_log_media(char *line) { + size_t consumed = 0; + zend_string *value = + get_param(&consumed, line, SP_TYPE_STR, SP_TOKEN_LOG_MEDIA); + + if (value) { + if (!strcmp(ZSTR_VAL(value), "php")) { + SNUFFLEUPAGUS_G(config).log_media = SP_ZEND; + return 0; + } else if (!strcmp(ZSTR_VAL(value), "syslog")) { + SNUFFLEUPAGUS_G(config).log_media = SP_SYSLOG; + return 0; + } + } + sp_log_err("config", "%s) only supports 'syslog' or 'php', on line %zu", + SP_TOKEN_LOG_MEDIA, sp_line_no); + return -1; +} + int parse_sloppy_comparison(char *line) { return parse_enable(line, &(SNUFFLEUPAGUS_G(config).config_sloppy->enable), NULL); diff --git a/src/sp_config_keywords.h b/src/sp_config_keywords.h index ab58456..a279cc9 100644 --- a/src/sp_config_keywords.h +++ b/src/sp_config_keywords.h @@ -17,5 +17,6 @@ int parse_eval_whitelist(char *line); int parse_session(char *line); int parse_sloppy_comparison(char *line); int parse_wrapper_whitelist(char *line); +int parse_log_media(char *line); #endif // __SP_CONFIG_KEYWORDS_H diff --git a/src/sp_utils.c b/src/sp_utils.c index 7641808..5ddf0b9 100644 --- a/src/sp_utils.c +++ b/src/sp_utils.c @@ -15,7 +15,24 @@ void sp_log_msg(char const* feature, int type, const char* fmt, ...) { vspprintf(&msg, 0, fmt, args); va_end(args); - zend_error(type, "[snuffleupagus][%s] %s", feature, msg); + switch (SNUFFLEUPAGUS_G(config).log_media) { + case SP_SYSLOG: + openlog(PHP_SNUFFLEUPAGUS_EXTNAME, LOG_PID, LOG_AUTH); + const char* error_filename = zend_get_executed_filename(); + int syslog_level = SP_LOG_DROP ? LOG_ERR : LOG_INFO; + int error_lineno = zend_get_executed_lineno(TSRMLS_C); + syslog(syslog_level, "[%s] %s in %s on line %d", feature, msg, + error_filename, error_lineno); + closelog(); + if (type == SP_LOG_DROP) { + zend_bailout(); + } + break; + case SP_ZEND: + default: + zend_error(type, "[snuffleupagus][%s] %s", feature, msg); + break; + } } int compute_hash(const char* const filename, char* file_hash) { diff --git a/src/tests/broken_configuration/broken_conf_invalid_log_media.phpt b/src/tests/broken_configuration/broken_conf_invalid_log_media.phpt new file mode 100644 index 0000000..bcf7c01 --- /dev/null +++ b/src/tests/broken_configuration/broken_conf_invalid_log_media.phpt @@ -0,0 +1,14 @@ +--TEST-- +Broken configuration filename with improper log media +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/broken_conf_invalid_log_media.ini +--FILE-- +--EXPECTF-- +PHP Fatal error: [snuffleupagus][config] .log_media() only supports 'syslog' or 'php', on line 1 in Unknown on line 0 + +Fatal error: [snuffleupagus][config] .log_media() only supports 'syslog' or 'php', on line 1 in Unknown on line 0 + +Fatal error: [snuffleupagus][config] Invalid configuration file in Unknown on line 0 +Could not startup. diff --git a/src/tests/broken_configuration/config/broken_conf_invalid_log_media.ini b/src/tests/broken_configuration/config/broken_conf_invalid_log_media.ini new file mode 100644 index 0000000..9e7cea0 --- /dev/null +++ b/src/tests/broken_configuration/config/broken_conf_invalid_log_media.ini @@ -0,0 +1 @@ +sp.log_media("pouet"); -- cgit v1.3