|
Packit |
90a5c9 |
/* Licensed to the Apache Software Foundation (ASF) under one or more
|
|
Packit |
90a5c9 |
* contributor license agreements. See the NOTICE file distributed with
|
|
Packit |
90a5c9 |
* this work for additional information regarding copyright ownership.
|
|
Packit |
90a5c9 |
* The ASF licenses this file to You under the Apache License, Version 2.0
|
|
Packit |
90a5c9 |
* (the "License"); you may not use this file except in compliance with
|
|
Packit |
90a5c9 |
* the License. You may obtain a copy of the License at
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* http://www.apache.org/licenses/LICENSE-2.0
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* Unless required by applicable law or agreed to in writing, software
|
|
Packit |
90a5c9 |
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
Packit |
90a5c9 |
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
Packit |
90a5c9 |
* See the License for the specific language governing permissions and
|
|
Packit |
90a5c9 |
* limitations under the License.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* See also support/check_forensic.
|
|
Packit |
90a5c9 |
* Relate the forensic log to the transfer log by including
|
|
Packit |
90a5c9 |
* %{forensic-id}n in the custom log format, for example:
|
|
Packit |
90a5c9 |
* CustomLog logs/custom "%h %l %u %t \"%r\" %>s %b %{forensic-id}n"
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* Credit is due to Tina Bird <tbird precision-guesswork.com>, whose
|
|
Packit |
90a5c9 |
* idea this module was.
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* Ben Laurie 29/12/2003
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
#include "httpd.h"
|
|
Packit |
90a5c9 |
#include "http_config.h"
|
|
Packit |
90a5c9 |
#include "http_log.h"
|
|
Packit |
90a5c9 |
#include "apr_strings.h"
|
|
Packit |
90a5c9 |
#include "apr_atomic.h"
|
|
Packit |
90a5c9 |
#include "http_protocol.h"
|
|
Packit |
90a5c9 |
#include "test_char.h"
|
|
Packit |
90a5c9 |
#if APR_HAVE_UNISTD_H
|
|
Packit |
90a5c9 |
#include <unistd.h>
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
module AP_MODULE_DECLARE_DATA log_forensic_module;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
typedef struct fcfg {
|
|
Packit |
90a5c9 |
const char *logname;
|
|
Packit |
90a5c9 |
apr_file_t *fd;
|
|
Packit |
90a5c9 |
} fcfg;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static apr_uint32_t next_id;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static void *make_forensic_log_scfg(apr_pool_t *p, server_rec *s)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
fcfg *cfg = apr_pcalloc(p, sizeof *cfg);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
cfg->logname = NULL;
|
|
Packit |
90a5c9 |
cfg->fd = NULL;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return cfg;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static void *merge_forensic_log_scfg(apr_pool_t *p, void *parent, void *new)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
fcfg *cfg = apr_pcalloc(p, sizeof *cfg);
|
|
Packit |
90a5c9 |
fcfg *pc = parent;
|
|
Packit |
90a5c9 |
fcfg *nc = new;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
cfg->logname = apr_pstrdup(p, nc->logname ? nc->logname : pc->logname);
|
|
Packit |
90a5c9 |
cfg->fd = NULL;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return cfg;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static int open_log(server_rec *s, apr_pool_t *p)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
fcfg *cfg = ap_get_module_config(s->module_config, &log_forensic_module);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (!cfg->logname || cfg->fd)
|
|
Packit |
90a5c9 |
return 1;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (*cfg->logname == '|') {
|
|
Packit |
90a5c9 |
piped_log *pl;
|
|
Packit |
90a5c9 |
const char *pname = ap_server_root_relative(p, cfg->logname + 1);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
pl = ap_open_piped_log(p, pname);
|
|
Packit |
90a5c9 |
if (pl == NULL) {
|
|
Packit |
90a5c9 |
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(00650)
|
|
Packit |
90a5c9 |
"couldn't spawn forensic log pipe %s", cfg->logname);
|
|
Packit |
90a5c9 |
return 0;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
cfg->fd = ap_piped_log_write_fd(pl);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else {
|
|
Packit |
90a5c9 |
const char *fname = ap_server_root_relative(p, cfg->logname);
|
|
Packit |
90a5c9 |
apr_status_t rv;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if ((rv = apr_file_open(&cfg->fd, fname,
|
|
Packit |
90a5c9 |
APR_WRITE | APR_APPEND | APR_CREATE,
|
|
Packit |
90a5c9 |
APR_OS_DEFAULT, p)) != APR_SUCCESS) {
|
|
Packit |
90a5c9 |
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, APLOGNO(00651)
|
|
Packit |
90a5c9 |
"could not open forensic log file %s.", fname);
|
|
Packit |
90a5c9 |
return 0;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return 1;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static int log_init(apr_pool_t *pc, apr_pool_t *p, apr_pool_t *pt,
|
|
Packit |
90a5c9 |
server_rec *s)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
for ( ; s ; s = s->next) {
|
|
Packit |
90a5c9 |
if (!open_log(s, p)) {
|
|
Packit |
90a5c9 |
return HTTP_INTERNAL_SERVER_ERROR;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return OK;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* e is the first _invalid_ location in q
|
|
Packit |
90a5c9 |
N.B. returns the terminating NUL.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
static char *log_escape(char *q, const char *e, const char *p)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
for ( ; *p ; ++p) {
|
|
Packit |
90a5c9 |
ap_assert(q < e);
|
|
Packit |
90a5c9 |
if (test_char_table[*(unsigned char *)p]&T_ESCAPE_FORENSIC) {
|
|
Packit |
90a5c9 |
ap_assert(q+2 < e);
|
|
Packit |
90a5c9 |
*q++ = '%';
|
|
Packit |
90a5c9 |
ap_bin2hex(p, 1, q);
|
|
Packit |
90a5c9 |
q += 2;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else
|
|
Packit |
90a5c9 |
*q++ = *p;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
ap_assert(q < e);
|
|
Packit |
90a5c9 |
*q = '\0';
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return q;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
typedef struct hlog {
|
|
Packit |
90a5c9 |
char *log;
|
|
Packit |
90a5c9 |
char *pos;
|
|
Packit |
90a5c9 |
char *end;
|
|
Packit |
90a5c9 |
apr_pool_t *p;
|
|
Packit |
90a5c9 |
apr_size_t count;
|
|
Packit |
90a5c9 |
} hlog;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static int count_string(const char *p)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
int n;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
for (n = 0 ; *p ; ++p, ++n)
|
|
Packit |
90a5c9 |
if (test_char_table[*(unsigned char *)p]&T_ESCAPE_FORENSIC)
|
|
Packit |
90a5c9 |
n += 2;
|
|
Packit |
90a5c9 |
return n;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static int count_headers(void *h_, const char *key, const char *value)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
hlog *h = h_;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
h->count += count_string(key)+count_string(value)+2;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return 1;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static int log_headers(void *h_, const char *key, const char *value)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
hlog *h = h_;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* note that we don't have to check h->pos here, coz its been done
|
|
Packit |
90a5c9 |
for us by log_escape */
|
|
Packit |
90a5c9 |
*h->pos++ = '|';
|
|
Packit |
90a5c9 |
h->pos = log_escape(h->pos, h->end, key);
|
|
Packit |
90a5c9 |
*h->pos++ = ':';
|
|
Packit |
90a5c9 |
h->pos = log_escape(h->pos, h->end, value);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return 1;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static int log_before(request_rec *r)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
fcfg *cfg = ap_get_module_config(r->server->module_config,
|
|
Packit |
90a5c9 |
&log_forensic_module);
|
|
Packit |
90a5c9 |
const char *id;
|
|
Packit |
90a5c9 |
hlog h;
|
|
Packit |
90a5c9 |
apr_size_t n;
|
|
Packit |
90a5c9 |
apr_status_t rv;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (!cfg->fd || r->prev) {
|
|
Packit |
90a5c9 |
return DECLINED;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (!(id = apr_table_get(r->subprocess_env, "UNIQUE_ID"))) {
|
|
Packit |
90a5c9 |
/* we make the assumption that we can't go through all the PIDs in
|
|
Packit |
90a5c9 |
under 1 second */
|
|
Packit |
90a5c9 |
id = apr_psprintf(r->pool, "%" APR_PID_T_FMT ":%lx:%x", getpid(),
|
|
Packit |
90a5c9 |
time(NULL), apr_atomic_inc32(&next_id));
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
ap_set_module_config(r->request_config, &log_forensic_module, (char *)id);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
h.p = r->pool;
|
|
Packit |
90a5c9 |
h.count = 0;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
apr_table_do(count_headers, &h, r->headers_in, NULL);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
h.count += 1+strlen(id)+1+count_string(r->the_request)+1+1;
|
|
Packit |
90a5c9 |
h.log = apr_palloc(r->pool, h.count);
|
|
Packit |
90a5c9 |
h.pos = h.log;
|
|
Packit |
90a5c9 |
h.end = h.log+h.count;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
*h.pos++ = '+';
|
|
Packit |
90a5c9 |
strcpy(h.pos, id);
|
|
Packit |
90a5c9 |
h.pos += strlen(h.pos);
|
|
Packit |
90a5c9 |
*h.pos++ = '|';
|
|
Packit |
90a5c9 |
h.pos = log_escape(h.pos, h.end, r->the_request);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
apr_table_do(log_headers, &h, r->headers_in, NULL);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
ap_assert(h.pos < h.end);
|
|
Packit |
90a5c9 |
*h.pos++ = '\n';
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
n = h.count-1;
|
|
Packit |
90a5c9 |
rv = apr_file_write(cfg->fd, h.log, &n);
|
|
Packit |
90a5c9 |
ap_assert(rv == APR_SUCCESS && n == h.count-1);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
apr_table_setn(r->notes, "forensic-id", id);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return OK;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static int log_after(request_rec *r)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
fcfg *cfg = ap_get_module_config(r->server->module_config,
|
|
Packit |
90a5c9 |
&log_forensic_module);
|
|
Packit |
90a5c9 |
const char *id = ap_get_module_config(r->request_config,
|
|
Packit |
90a5c9 |
&log_forensic_module);
|
|
Packit |
90a5c9 |
char *s;
|
|
Packit |
90a5c9 |
apr_size_t l, n;
|
|
Packit |
90a5c9 |
apr_status_t rv;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (!cfg->fd || id == NULL) {
|
|
Packit |
90a5c9 |
return DECLINED;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
s = apr_pstrcat(r->pool, "-", id, "\n", NULL);
|
|
Packit |
90a5c9 |
l = n = strlen(s);
|
|
Packit |
90a5c9 |
rv = apr_file_write(cfg->fd, s, &n);
|
|
Packit |
90a5c9 |
ap_assert(rv == APR_SUCCESS && n == l);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return OK;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static const char *set_forensic_log(cmd_parms *cmd, void *dummy, const char *fn)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
fcfg *cfg = ap_get_module_config(cmd->server->module_config,
|
|
Packit |
90a5c9 |
&log_forensic_module);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
cfg->logname = fn;
|
|
Packit |
90a5c9 |
return NULL;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static const command_rec forensic_log_cmds[] =
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
AP_INIT_TAKE1("ForensicLog", set_forensic_log, NULL, RSRC_CONF,
|
|
Packit |
90a5c9 |
"the filename of the forensic log"),
|
|
Packit |
90a5c9 |
{ NULL }
|
|
Packit |
90a5c9 |
};
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static void register_hooks(apr_pool_t *p)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
static const char * const pre[] = { "mod_unique_id.c", NULL };
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
ap_hook_open_logs(log_init,NULL,NULL,APR_HOOK_MIDDLE);
|
|
Packit |
90a5c9 |
ap_hook_post_read_request(log_before,pre,NULL,APR_HOOK_REALLY_FIRST);
|
|
Packit |
90a5c9 |
ap_hook_log_transaction(log_after,NULL,NULL,APR_HOOK_REALLY_LAST);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
AP_DECLARE_MODULE(log_forensic) =
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
STANDARD20_MODULE_STUFF,
|
|
Packit |
90a5c9 |
NULL, /* create per-dir config */
|
|
Packit |
90a5c9 |
NULL, /* merge per-dir config */
|
|
Packit |
90a5c9 |
make_forensic_log_scfg, /* server config */
|
|
Packit |
90a5c9 |
merge_forensic_log_scfg, /* merge server config */
|
|
Packit |
90a5c9 |
forensic_log_cmds, /* command apr_table_t */
|
|
Packit |
90a5c9 |
register_hooks /* register hooks */
|
|
Packit |
90a5c9 |
};
|