Support direct syslog logging

Add the possibility to log directly into the syslog, instead of using php's log system.
nbs-system · Aug 31, 2019 · 504f029 · 504f029
1 parent f7e25b2
commit 504f029
Show file tree

Hide file tree

Showing 9 changed files with 77 additions and 1 deletion.
diff --git a/doc/source/config.rst b/doc/source/config.rst
@@ -81,6 +81,24 @@ This configuration variable contains parameters that are used by multiple featur
 - ``cookie_env_var``: A environment variable used as part of cookies encryption.
   See the :ref:`relevant documentation <config_cookie-encryption>`
 
+log_media
+^^^^^^^^^
+
+This configuration variable allows to specify how logs should be written,
+either via ``php`` or ``syslog``.
+
+::
+
+  sp.log_media("php");
+  sp.log_media("syslog");
+
+The default value for ``sp.log_media`` is ``php``, to respect the `principle of
+least astonishment
+<https://en.wikipedia.org/wiki/Principle_of_least_astonishment>`__. But since
+it's `possible to modify php's logging system via php
+<https://www.php.net/manual/en/errorfunc.configuration.php>`__, it's
+heavily recommended to use the ``syslog`` option instead.
+
 
 Bugclass-killer features
 ------------------------

diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h
@@ -22,6 +22,7 @@
 #include <sys/socket.h>
 #include <sys/types.h>
 #include <sys/wait.h>
+#include <sys/syslog.h>
 
 #include "SAPI.h"
 #include "ext/session/php_session.h"

diff --git a/src/sp_config.c b/src/sp_config.c
@@ -9,6 +9,7 @@ size_t sp_line_no;
 sp_config_tokens const sp_func[] = {
     {.func = parse_unserialize, .token = SP_TOKEN_UNSERIALIZE_HMAC},
     {.func = parse_random, .token = SP_TOKEN_HARDEN_RANDOM},
+    {.func = parse_log_media, .token = SP_TOKEN_LOG_MEDIA},
     {.func = parse_disabled_functions, .token = SP_TOKEN_DISABLE_FUNC},
     {.func = parse_readonly_exec, .token = SP_TOKEN_READONLY_EXEC},
     {.func = parse_global_strict, .token = SP_TOKEN_GLOBAL_STRICT},

diff --git a/src/sp_config.h b/src/sp_config.h
@@ -28,6 +28,8 @@ typedef enum {
   SP_PHP_TYPE_REFERENCE = IS_REFERENCE
 } sp_php_type;
 
+typedef enum { SP_ZEND = 0, SP_SYSLOG = 1 } sp_log_media;
+
 typedef struct {
   int ip_version;
   union {
@@ -175,6 +177,7 @@ typedef struct {
   sp_config_wrapper *config_wrapper;
   sp_config_session *config_session;
   bool hook_execute;
+  char log_media;
 
   HashTable *config_disabled_functions;
   HashTable *config_disabled_functions_hooked;
@@ -260,6 +263,7 @@ typedef struct {
 // Global configuration options
 #define SP_TOKEN_ENCRYPTION_KEY ".secret_key("
 #define SP_TOKEN_ENV_VAR ".cookie_env_var("
+#define SP_TOKEN_LOG_MEDIA ".log_media("
 
 // upload_validator
 #define SP_TOKEN_UPLOAD_SCRIPT ".script("

diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c
@@ -83,6 +83,25 @@ int parse_random(char *line) {
                       NULL);
 }
 
+int parse_log_media(char *line) {
+  size_t consumed = 0;
+  zend_string *value =
+      get_param(&consumed, line, SP_TYPE_STR, SP_TOKEN_LOG_MEDIA);
+
+  if (value) {
+    if (!strcmp(ZSTR_VAL(value), "php")) {
+      SNUFFLEUPAGUS_G(config).log_media = SP_ZEND;
+      return 0;
+    } else if (!strcmp(ZSTR_VAL(value), "syslog")) {
+      SNUFFLEUPAGUS_G(config).log_media = SP_SYSLOG;
+      return 0;
+    }
+  }
+  sp_log_err("config", "%s) only supports 'syslog' or 'php', on line %zu",
+             SP_TOKEN_LOG_MEDIA, sp_line_no);
+  return -1;
+}
+
 int parse_sloppy_comparison(char *line) {
   return parse_enable(line, &(SNUFFLEUPAGUS_G(config).config_sloppy->enable),
                       NULL);

diff --git a/src/sp_config_keywords.h b/src/sp_config_keywords.h
@@ -17,5 +17,6 @@ int parse_eval_whitelist(char *line);
 int parse_session(char *line);
 int parse_sloppy_comparison(char *line);
 int parse_wrapper_whitelist(char *line);
+int parse_log_media(char *line);
 
 #endif  // __SP_CONFIG_KEYWORDS_H
diff --git a/src/sp_utils.c b/src/sp_utils.c
@@ -15,7 +15,24 @@ void sp_log_msg(char const* feature, int type, const char* fmt, ...) {
   vspprintf(&msg, 0, fmt, args);
   va_end(args);
 
-  zend_error(type, "[snuffleupagus][%s] %s", feature, msg);
+  switch (SNUFFLEUPAGUS_G(config).log_media) {
+    case SP_SYSLOG:
+      openlog(PHP_SNUFFLEUPAGUS_EXTNAME, LOG_PID, LOG_AUTH);
+      const char* error_filename = zend_get_executed_filename();
+      int syslog_level = SP_LOG_DROP ? LOG_ERR : LOG_INFO;
+      int error_lineno = zend_get_executed_lineno(TSRMLS_C);
+      syslog(syslog_level, "[%s] %s in %s on line %d", feature, msg,
+             error_filename, error_lineno);
+      closelog();
+      if (type == SP_LOG_DROP) {
+        zend_bailout();
+      }
+      break;
+    case SP_ZEND:
+    default:
+      zend_error(type, "[snuffleupagus][%s] %s", feature, msg);
+      break;
+  }
 }
 
 int compute_hash(const char* const filename, char* file_hash) {

diff --git a/src/tests/broken_configuration/broken_conf_invalid_log_media.phpt b/src/tests/broken_configuration/broken_conf_invalid_log_media.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Broken configuration filename with improper log media
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf_invalid_log_media.ini
+--FILE--
+--EXPECTF--
+PHP Fatal error:  [snuffleupagus][config] .log_media() only supports 'syslog' or 'php', on line 1 in Unknown on line 0
+
+Fatal error: [snuffleupagus][config] .log_media() only supports 'syslog' or 'php', on line 1 in Unknown on line 0
+
+Fatal error: [snuffleupagus][config] Invalid configuration file in Unknown on line 0
+Could not startup.
diff --git a/src/tests/broken_configuration/config/broken_conf_invalid_log_media.ini b/src/tests/broken_configuration/config/broken_conf_invalid_log_media.ini
@@ -0,0 +1 @@
+sp.log_media("pouet");