1
0
mirror of https://github.com/openbsd/src.git synced 2024-12-22 16:42:56 -08:00
Commit Graph

77 Commits

Author SHA1 Message Date
bluhm
c1f8818c70 Retry DNS lookup for remote loghost.
If DNS lookup for a remote loghost configured in syslog.conf did
not work at startup, the entry was ignored.  Better retry the lookup
in intervals until it succeeds.  Improve debug output to print IP
address after resolution.  Unify retry code that resolves DNS for
UDP and connects to TCP server.

testing and feedback from Paul de Weerd; OK deraadt@
2023-10-12 22:36:54 +00:00
guenther
79b5458953 Replace use of the old BSD st_*timespec members in struct stat with
the POSIX-standard st_*tim members.

ok millert@
2023-08-11 04:45:05 +00:00
guenther
5b133f3f27 Delete obsolete /* ARGSUSED */ lint comments.
ok miod@ millert@
2023-03-08 04:43:04 +00:00
deraadt
b7041c0781 For open/openat, if the flags parameter does not contain O_CREAT, the
3rd (variadic) mode_t parameter is irrelevant.  Many developers in the past
have passed mode_t (0, 044, 0644, or such), which might lead future people
to copy this broken idiom, and perhaps even believe this parameter has some
meaning or implication or application. Delete them all.
This comes out of a conversation where tb@ noticed that a strange (but
intentional) pledge behaviour is to always knock-out high-bits from
mode_t on a number of system calls as a safety factor, and his bewilderment
that this appeared to be happening against valid modes (at least visually),
but no sorry, they are all irrelevant junk.  They could all be 0xdeafbeef.
ok millert
2021-10-24 21:24:15 +00:00
beck
bc5a8259a4 Change the error reporting pattern throughout the tree when unveil
fails to report the path that the failure occured on. Suggested by
deraadt@ after some tech discussion.

Work done and verified by Ashton Fagg <ashton@fagg.id.au>

ok deraadt@ semarie@ claudio@
2021-07-12 15:09:18 +00:00
martijn
2338eccd22 close all fds > STDERR_FILENO before executing the pipe program.
OK bluhm@
2020-09-16 11:03:36 +00:00
bluhm
1a7ae0c4ad When syslogd(8) parent process terminates, the file cleanup code
did not work anymore.  unveil(2) prevented removal.  Cleaning the
UNIX domain sockets is not necessary.  They are harmless and unlinked
before a new bind.  So delete that functionality and convert global
to local variables.  Providing /var/run/syslog.pid is a common
feature that should be kept.  A stale pid file is confusing.  So
add a constant path to unveil(2) to allow pid file removal.
OK deraadt@
2019-07-05 13:23:27 +00:00
deraadt
df69c215c7 When system calls indicate an error they return -1, not some arbitrary
value < 0.  errno is only updated in this case.  Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
2019-06-28 13:32:41 +00:00
deraadt
8d92522dc6 Unveil fits nicely into the syslogd privsep model. Unveiled files
include config file "r", utmp "r", /dev "rw", /bin/sh "x" for running
piped commands, and the syslogd binary "x" itself for HUP re-exec upon
config loads with changes.  Also unveiled in the privsep process are
the specific log files being written to.

If a config file reload changes no files, the existing privsep process
keeps running with unveil's to the relevant files (therefore it can
cope with newsyslogd taking files away).  If a new config file is loaded
which changes the output files, the privsep process is restarted with
fork+exec, and installs new unveils as needed.  The safety we gain from
unveil is that we've pigeonholed the privsep file-writer to exactly the
files required.

Help from bluhm for some edge cases.
2018-08-07 18:36:49 +00:00
bluhm
f22826eafd Globally remember the passwd entry for _syslogd. The user id is
used for opening the pipe process.  Move the getpwnam() lookup out
of the privsep parent loop, so it does not need "getpw" pledge
anymore.
OK deraadt@
2018-04-26 13:40:09 +00:00
bluhm
ed00ae787f Replace logdebug() with generic log_debug() from log.c. Implement
log_debugadd() to construct debug message incrementally.
OK deraadt@
2017-04-05 11:31:45 +00:00
bluhm
e733ee1753 When syslogd received a SIGHUP during startup, it died instead of
reloading its config.  This could happen when multiple signals were
sent during a short interval.  So block SIGHUP until signal handlers
are installed.
OK deraadt@ jca@
2016-12-30 23:21:26 +00:00
bluhm
36b99be9ac If syslogd was started with a relative path, the program could not
re-exec itself.  This exec is done during startup of the privsep
parent or when syslogd restarts after a SIGHUP.  Convert a relative
path in argv[0] to an absolute one with realpath(3) before chdir(2).
Do all the path handling in priv_init().
suggested by millert@; OK jca@
2016-12-27 19:16:24 +00:00
bluhm
c572cfa710 Fix trailing whitespace and shorten long lines.
No binary change.
2016-10-16 22:12:50 +00:00
bluhm
f379a153d3 Use closefrom(4) in privsep parent and avoid some global file
descriptor variables in syslogd(8) this way.
OK rzalamena@
2016-10-16 22:00:14 +00:00
bluhm
ece520b1dd Do an exec on itself in the privileged syslogd(8) parent process
to reshuffle its memory layout.
Input rzalamena@; OK deraadt@
2016-10-06 13:03:47 +00:00
jca
27fbb483ac whitespace nit 2016-06-28 18:22:50 +00:00
krw
7bb95e134a Eliminate superfluous 3rd params in fcntl(F_GETFL) calls.
ttymsg.c doesn't need to include fcntl.h.

Tweak standard fd sanitising to be more like the sanitise_stdfd()
used elsewhere, though other uses of 'nullfd' make importing
sanitise_stdfd() itself unappetizing.

Add a die(0) if dup2() fails.

suggestions & ok bluhm@
2016-04-02 19:55:10 +00:00
bluhm
c9e5e266b3 After pledge "dns" has been refactored and setsockopt(SO_RCVBUF)
has been added to it, the syslogd privsep parent does not need
pledge "inet" anymore.
discussed with deraadt@
2015-10-20 12:40:19 +00:00
bluhm
9532a95439 Add "id" pledge to syslogd privsep process. Needed for logging to pipe.
OK deraadt@
2015-10-18 16:35:06 +00:00
bluhm
c9ec0abe94 Pledge the syslogd privsep process with "stdio rpath wpath cpath
inet dns getpw sendfd proc exec".
OK deraadt@
2015-10-16 16:10:10 +00:00
bluhm
c7d9b63c38 In syslogd replace the dprintf() macro with a logdebug() function
as dprintf(3) is in libc now and does something different.
OK guenther@
2015-10-15 20:26:47 +00:00
bluhm
1cfd376a1d If syslogd is started with -S, it accepts TLS connections to receive
encrypted messages.  The server certificates are taken from /etc/ssl
like relayd does.
OK benno@ beck@ deraadt@
2015-10-09 16:58:25 +00:00
bluhm
f59ab5649b When syslogd is invoked with -T listen_address, it creates a TCP
socket and accepts incomming messages.  At the moment, only RFC
6587 3.4.2. Non-Transparent-Framing format with new-line separator
is supprted for incomming messsages.  Outgoing messages are encoded
as 3.4.1. Octet Counting.  Autodetection of incomming format will
be implemented later.
OK deraadt@ jmc@ millert@
2015-07-07 17:53:04 +00:00
millert
d4d4d7d206 Remove some unneeded includes. OK deraadt@ 2015-07-06 16:12:16 +00:00
bluhm
6f6291352d Add a -U command line switch for syslogd to specify an explict bind
address to receive UDP packets.  One advantge over -u and the *
sockets is that you can bind to localhost and divert the packets
with pf.  It is also possible to use a non standard port.
OK jung@ jmc@
2015-06-30 12:03:32 +00:00
bluhm
38bc45fc22 Replace HOST_NAME_MAX+1 with NI_MAXHOST when the hostname is used
with getaddrinfo() or getnameinfo(), but keep HOST_NAME_MAX+1 when
the hostname comes from gethostname().
No binary change;  OK deraadt@
2015-01-19 16:40:49 +00:00
deraadt
b9fc9a728f Replace <sys/param.h> with <limits.h> and other less dirty headers where
possible.  Annotate <sys/param.h> lines with their current reasons.  Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc.  Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution.  These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)
2015-01-16 06:39:28 +00:00
bluhm
cb08fbc72d Implement sending syslog messages over TCP streams.
test and OK jasper@ jca@
2014-12-31 13:55:57 +00:00
bluhm
80dbc22322 Switch syslogd from using poll(2) to libevent.
test and OK nicm@; OK henning@
2014-10-05 18:14:01 +00:00
bluhm
86c61d05d6 Cleanup the reporting socket code in syslogd.
- Name variable path_ctlsock consistently.
- Name function ctlconn_logto() consistently.
- Replace the nested if/else logic in ctlconn_write_handler()
  with if/return.
- Call ctlconn_cleanup() only if there is a control connection.
OK doug@
2014-10-03 21:55:22 +00:00
bluhm
d484791fd4 Also in debug mode, close nullfd when it is not needed anymore.
OK doug@
2014-09-27 11:28:37 +00:00
doug
54def46922 Remove redundant null check and rename vars consistently in syslogd
Merge in more functionality from bluhm's patch.

ok bluhm@
2014-09-10 13:16:20 +00:00
doug
35cc0c37f6 Fix a syslogd regression when specifying all 20 additional log paths
bluhm@ found and fixed this bug.  This is a modified version of his
patch which makes the intention a little clearer.

ok bluhm@
2014-09-08 00:43:42 +00:00
bluhm
05b66061c1 Call check_tty_name() and check_log_name() with the string size and
don't access memory beyond.  Make sure that the complete string
"/dev/null" can be copied.
OK henning@
2014-08-25 20:19:14 +00:00
bluhm
ad087aa9ef Allow to restrict syslogd to a protocol family with -4 and -6 command
line switches.  If the log server is an FQDN, DNS chooses wether
to take the IPv4 or IPv6 route.  Allow to prefix the log host with
udp4:// or udp6:// to choose a protocol.
OK henning@
2014-08-25 18:19:18 +00:00
bluhm
97e72a5119 Fix the gcc compiler warnings "comparison between signed and
unsigned".  Some checks got stricter.  The (size_t) cast is only
done, if the argument is not negative.
OK henning@
2014-08-25 18:05:30 +00:00
bluhm
e470716cac Send and receive UDP syslog packets on the IPv6 socket.
OK henning@
2014-08-21 17:00:34 +00:00
bluhm
b7fcadfe62 Parse loghost in a separate function. Allow [] around hostname,
needed for IPv6 addresses.  Print full loghost specifier in case
of error or debug.  Make string sizes more precise.
input henning@; input and OK deraadt@
2014-08-21 00:04:58 +00:00
bluhm
bd6df50781 Replace gethostbyaddr(3) with getnameinfo(3). Remove the sigprocmask()
that was necessary for gethostbyaddr() because the latter is not
signal safe.  Change the return code semantics of priv_getnameinfo()
to match getnameinfo(3).
input and OK jca@
2014-08-20 20:10:17 +00:00
bluhm
2fa726a750 Rename priv_gethostserv() to priv_getaddrinfo() as this is what the
function does.  Change the return code semantics to match getaddrinfo(3).
OK deraadt@
2014-08-20 19:16:27 +00:00
bluhm
b2be3b7ac6 The _exit codes in syslogd privsep.c were the wrong way around.
Fatal errors should exit with 1, and regular shutdown should result
in exit with 0.
OK deraadt@
2014-08-19 00:53:01 +00:00
bluhm
52c0045b60 Replace manually written function names with __func__.
OK sthen@
2014-08-19 00:28:48 +00:00
brad
bb85efea2a Remove some whitespace. 2008-11-23 04:29:42 +00:00
deraadt
3b557aed2e do not close a random file descriptor in debug mode, PR 5938 from mickey 2008-09-29 18:41:56 +00:00
deraadt
3d48063680 avoid errno trashing, ok mpf henning 2008-03-16 16:55:29 +00:00
mpf
14aef417a7 syslogd leaves zombies around if multiple |/pathto/mylogprog
children died in a row.
Do waitpid(2) in a loop until there's nothing left.
OK henning@, millert@
2008-03-16 15:44:18 +00:00
djm
19f1151807 use warnx and not logerror in monitor, logerror is for the slave;
ok henning@ while in lock
2007-03-15 05:18:32 +00:00
henning
47607485d9 implement logging to other program's stdin.
if the target is like "| /path/to/program", syslogd forks and execs program
and sends the selected log messages to program's stdin.
uses a socketpair, grows the receive buffer on the reader side and has the
socket nonblocking on syslog'd side to prevent syslogd blocking.
I'm using that here to feed logsurfer from ports for automated log analysis,
werks beautifully.
lots of input & help mpf, ok mpf djm "no objections" millert
2007-02-20 11:24:32 +00:00
millert
d70435bafa Use sigaction() instead of signal() in the parent and use the
SA_NOCLDSTOP flag for the SIGCHLD handler so the kernel does not
notify us when the child has been stopped, only when it exits.
Fixes a problem where if you suspended the child process the
parent would exit.  OK otto@
2006-07-09 14:42:27 +00:00