src - OpenBSD base system

diff options


context:
space:
mode:

author	Theo de Raadt <deraadt@cvs.openbsd.org>	1998-02-11 02:28:35 +0000
committer	Theo de Raadt <deraadt@cvs.openbsd.org>	1998-02-11 02:28:35 +0000
commit	b6943ba60e2778111412d36e23a780a2d29a5414 (patch)
tree	af6f4dfa36e624ea3160aba92a63f56bf896a22d
parent	6d277db87ac6e7207cdfd04bd5fe1b1d0ed391f7 (diff)

syslogd gets a new -a argument: specify additional AF_UNIX log devices

syslogd should create & listen to. As in "syslogd -a /chroot/dev/log", I'm sure you get the idea.

Diffstat

-rw-r--r--

etc/rc

-rw-r--r--

etc/rc.conf

-rw-r--r--

usr.sbin/syslogd/syslogd.8

-rw-r--r--

usr.sbin/syslogd/syslogd.c

121

4 files changed, 96 insertions, 52 deletions

diff --git a/etc/rc b/etc/rc
index 5414f13689c..ea5a384ce08 100644
--- a/etc/rc
+++ b/etc/rc

@@ -1,4 +1,4 @@

-# $OpenBSD: rc,v 1.63 1998/02/07 21:17:37 beck Exp $

+# $OpenBSD: rc,v 1.64 1998/02/11 02:28:10 deraadt Exp $

# System startup script run by init on autoboot

# or after single-user.

@@ -85,7 +85,7 @@ rm -f /var/spool/uucp/STST/*

echo 'starting system logger'

rm -f /dev/log

-syslogd

+syslogd {$syslogd_flags}

# $named_flags is imported from /etc/rc.conf;

# if $named_flags != NO, named is run.

diff --git a/etc/rc.conf b/etc/rc.conf
index 2becc64afca..2fdf0c51a69 100644
--- a/etc/rc.conf
+++ b/etc/rc.conf

@@ -1,6 +1,6 @@

#!/bin/sh -

-# $OpenBSD: rc.conf,v 1.12 1998/02/07 21:17:37 beck Exp $

+# $OpenBSD: rc.conf,v 1.13 1998/02/11 02:28:11 deraadt Exp $

# set these to "NO" to turn them off. otherwise, they're used as flags

routed_flags=NO # for 'normal' use: routed_flags="-q"

@@ -42,3 +42,4 @@ amd_master=/etc/amd/master # AMD 'master' map

ipfilter_rules=/etc/ipf.rules # Rules for IP packet filtering

nat_rules=/etc/nat.rules # Rules for Network Address Translation

ipmon_flags=-s # To disable logging, use ipmon_flags=NO

+syslogd_flags= # add more flags, ie. -u -a /chroot/dev/log

diff --git a/usr.sbin/syslogd/syslogd.8 b/usr.sbin/syslogd/syslogd.8
index e19cdca4a73..8a54ba1f491 100644
--- a/usr.sbin/syslogd/syslogd.8
+++ b/usr.sbin/syslogd/syslogd.8

@@ -40,11 +40,11 @@

.Nd log systems messages

.Sh SYNOPSIS

.Nm syslogd

-.Op Fl d

+.Op Fl du

.Op Fl f Ar config_file

.Op Fl m Ar mark_interval

+.Op Fl a Ar path

.Op Fl p Ar log_socket

-.Op Fl u

.Sh DESCRIPTION

.Nm Syslogd

reads and logs messages to the system console, log files, other

@@ -54,11 +54,11 @@ The options are as follows:

.It Fl d

Enable debugging to the standard output,

and do not disassociate from the controlling terminal.

-.It Fl f

+.It Fl f Ar config_file

Specify the pathname of an alternate configuration file;

the default is

.Pa /etc/syslog.conf .

-.It Fl m

+.It Fl m Ar mark_interval

Select the number of minutes between ``mark'' messages;

the default is 20 minutes.

.It Fl u

@@ -66,10 +66,18 @@ Select the historical ``insecure'' mode, in which syslogd will

accept input from the UDP port.

Some software wants this, but you can be subjected to a variety of

attacks over the network, including attackers remotely filling logs.

-.It Fl p

-Specify the pathname of an alternate log socket;

+.It Fl p Ar log_socket

+Specify the pathname of an alternate log socket to be used instead;

the default is

.Pa /dev/log .

+.It Fl a Pa path

+Specify a location where

+.Nm syslogd

+should place an additional log socket.

+Up to about 20 additional logging sockets can be specified.

+The primary use for this is to place additional log sockets in

+.Pa /dev/log

+of various chroot filespaces.

.El

.Pp

.Nm Syslogd

diff --git a/usr.sbin/syslogd/syslogd.c b/usr.sbin/syslogd/syslogd.c
index 33cc524752e..a01e6ca3036 100644
--- a/usr.sbin/syslogd/syslogd.c
+++ b/usr.sbin/syslogd/syslogd.c

@@ -101,13 +101,10 @@ static char rcsid[] = "$NetBSD: syslogd.c,v 1.5 1996/01/02 17:48:41 perry Exp $"

#define SYSLOG_NAMES

#include <sys/syslog.h>

-char *LogName = _PATH_LOG;

char *ConfFile = _PATH_LOGCONF;

char *PidFile = _PATH_LOGPID;

char ctty[] = _PATH_CONSOLE;

-#define FDMASK(fd) (1 << (fd))

#define dprintf if (Debug) printf

#define MAXUNAMES 20 /* maximum number of user names */

@@ -206,18 +203,24 @@ char *ttymsg __P((struct iovec *, int, char *, int));

void usage __P((void));

void wallmsg __P((struct filed *, struct iovec *));

+#define MAXFUNIX 20

+int nfunix = 1;

+char *funixn[MAXFUNIX] = { _PATH_LOG };

+int funix[MAXFUNIX];

int

main(argc, argv)

int argc;

char *argv[];

{

- int ch, funix, i, inetm = 0, fklog, klogm, len;

+ int ch, i, fklog, len;

struct sockaddr_un sunx, fromunix;

struct sockaddr_in sin, frominet;

FILE *fp;

char *p, line[MSG_BSIZE + 1];

- while ((ch = getopt(argc, argv, "duf:m:p:")) != -1)

+ while ((ch = getopt(argc, argv, "duf:m:p:a:")) != -1)

switch (ch) {

case 'd': /* debug */

Debug++;

@@ -229,11 +232,19 @@ main(argc, argv)

MarkInterval = atoi(optarg) * 60;

break;

case 'p': /* path */

- LogName = optarg;

+ funixn[0] = optarg;

break;

case 'u': /* allow udp input port */

SecureMode = 0;

break;

+ case 'a':

+ if (nfunix < MAXFUNIX)

+ funixn[nfunix++] = optarg;

+ else

+ fprintf(stderr,

+ "syslogd: out of descriptors, ignoring %s\n",

+ optarg);

+ break;

case '?':

default:

usage();

@@ -260,22 +271,27 @@ main(argc, argv)

(void)signal(SIGCHLD, reapchild);

(void)signal(SIGALRM, domark);

(void)alarm(TIMERINTVL);

- (void)unlink(LogName);

#ifndef SUN_LEN

#define SUN_LEN(unp) (strlen((unp)->sun_path) + 2)

#endif

- memset(&sunx, 0, sizeof(sunx));

- sunx.sun_family = AF_UNIX;

- (void)strncpy(sunx.sun_path, LogName, sizeof(sunx.sun_path));

- funix = socket(AF_UNIX, SOCK_DGRAM, 0);

- if (funix < 0 ||

- bind(funix, (struct sockaddr *)&sunx, SUN_LEN(&sunx)) < 0 ||

- chmod(LogName, 0666) < 0) {

- (void) snprintf(line, sizeof line, "cannot create %s", LogName);

- logerror(line);

- dprintf("cannot create %s (%d)\n", LogName, errno);

- die(0);

+ for (i = 0; i < nfunix; i++) {

+ (void)unlink(funixn[i]);

+ memset(&sunx, 0, sizeof(sunx));

+ sunx.sun_family = AF_UNIX;

+ (void)strncpy(sunx.sun_path, funixn[i], sizeof(sunx.sun_path));

+ funix[i] = socket(AF_UNIX, SOCK_DGRAM, 0);

+ if (funix[i] < 0 ||

+ bind(funix[i], (struct sockaddr *)&sunx, SUN_LEN(&sunx)) < 0 ||

+ chmod(funixn[i], 0666) < 0) {

+ (void) snprintf(line, sizeof line, "cannot create %s",

+ funixn[i]);

+ logerror(line);

+ dprintf("cannot create %s (%d)\n", funixn[i], errno);

+ if (i == 0)

+ die(0);

+ }

}

finet = socket(AF_INET, SOCK_DGRAM, 0);

if (finet >= 0) {

@@ -296,16 +312,11 @@ main(argc, argv)

if (!Debug)

die(0);

} else {

- inetm = FDMASK(finet);

InetInuse = 1;

}

- if ((fklog = open(_PATH_KLOG, O_RDONLY, 0)) >= 0)

- klogm = FDMASK(fklog);

- else {

+ if ((fklog = open(_PATH_KLOG, O_RDONLY, 0)) < 0)

dprintf("can't open %s (%d)\n", _PATH_KLOG, errno);

- klogm = 0;

- }

/* tuck my process id away */

if (!Debug) {

@@ -322,10 +333,30 @@ main(argc, argv)

(void)signal(SIGHUP, init);

for (;;) {

- int nfds, readfds = FDMASK(funix) | inetm | klogm;

+ fd_set readfds;

+ int nfds = 0;

+ FD_ZERO(&readfds);

+ if (fklog != -1) {

+ FD_SET(fklog, &readfds);

+ if (fklog > nfds)

+ nfds = fklog;

+ }

+ if (finet != -1) {

+ FD_SET(finet, &readfds);

+ if (finet > nfds)

+ nfds = finet;

+ }

+ for (i = 0; i < nfunix; i++) {

+ if (funix[i] != -1) {

+ FD_SET(funix[i], &readfds);

+ if (funix[i] > nfds)

+ nfds = funix[i];

+ }

- dprintf("readfds = %#x\n", readfds);

- nfds = select(20, (fd_set *)&readfds, (fd_set *)NULL,

+ /*dprintf("readfds = %#x\n", readfds);*/

+ nfds = select(nfds, &readfds, (fd_set *)NULL,

(fd_set *)NULL, (struct timeval *)NULL);

if (nfds == 0)

continue;

@@ -334,8 +365,8 @@ main(argc, argv)

logerror("select");

continue;

}

- dprintf("got a message (%d, %#x)\n", nfds, readfds);

- if (readfds & klogm) {

+ /*dprintf("got a message (%d, %#x)\n", nfds, readfds);*/

+ if (fklog != -1 && FD_ISSET(fklog, &readfds)) {

i = read(fklog, line, sizeof(line) - 1);

if (i > 0) {

line[i] = '\0';

@@ -343,20 +374,9 @@ main(argc, argv)

} else if (i < 0 && errno != EINTR) {

logerror("klog");

fklog = -1;

- klogm = 0;

}

- if (readfds & FDMASK(funix)) {

- len = sizeof(fromunix);

- i = recvfrom(funix, line, MAXLINE, 0,

- (struct sockaddr *)&fromunix, &len);

- if (i > 0) {

- line[i] = '\0';

- printline(LocalHostName, line);

- } else if (i < 0 && errno != EINTR)

- logerror("recvfrom unix");

- }

- if (readfds & inetm) {

+ if (finet != -1 && FD_ISSET(finet, &readfds)) {

len = sizeof(frominet);

i = recvfrom(finet, line, MAXLINE, 0,

(struct sockaddr *)&frominet, &len);

@@ -370,6 +390,18 @@ main(argc, argv)

logerror("recvfrom inet");

}

+ for (i = 0; i < nfunix; i++) {

+ if (funix[i] != -1 && FD_ISSET(funix[i], &readfds)) {

+ len = sizeof(fromunix);

+ i = recvfrom(funix[i], line, MAXLINE, 0,

+ (struct sockaddr *)&fromunix, &len);

+ if (i > 0) {

+ line[i] = '\0';

+ printline(LocalHostName, line);

+ } else if (i < 0 && errno != EINTR)

+ logerror("recvfrom unix");

+ }

}

@@ -378,7 +410,7 @@ usage()

{

(void)fprintf(stderr,

- "usage: syslogd [-u] [-f conffile] [-m markinterval] [-p logpath]\n");

+ "usage: syslogd [-u] [-f conffile] [-m markinterval] [-p logpath] [-a logpath]\n");

exit(1);

}

@@ -874,6 +906,7 @@ die(signo)

struct filed *f;

int was_initialized = Initialized;

char buf[100];

+ int i;

Initialized = 0; /* Don't log SIGCHLDs */

for (f = Files; f != NULL; f = f->f_next) {

@@ -888,7 +921,9 @@ die(signo)

errno = 0;

logerror(buf);

}

- (void)unlink(LogName);

+ for (i = 0; i < nfunix; i++)

+ if (funixn[i] && funix[i] != -1)

+ (void)unlink(funixn[i]);

exit(0);

}