Call daemon(3) later, to catch errors from getpwnam and others.

Also set up syslog logging earlier, so that error messages don't end on
stderr which has been closed by daemon(3).  One additional s/errx/lerrx/
for consistency.

Inspired by a proposal from ajacoutot@, ok ajacoutot@ sthen@

1 files changed, 11 insertions, 17 deletions

diff --git a/usr.sbin/tftp-proxy/tftp-proxy.c b/usr.sbin/tftp-proxy/tftp-proxy.c
index 30fea627d98..7bfc36572c3 100644
--- a/usr.sbin/tftp-proxy/tftp-proxy.c
+++ b/usr.sbin/tftp-proxy/tftp-proxy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tftp-proxy.c,v 1.16 2015/12/01 07:32:20 deraadt Exp $
+/* $OpenBSD: tftp-proxy.c,v 1.17 2016/02/12 12:24:27 jca Exp $
  *
  * Copyright (c) 2005 DLS Internet Services
  * Copyright (c) 2004, 2005 Camiel Dobbelaar, <cd@sentia.nl>
@@ -241,10 +241,7 @@ main(int argc, char *argv[])
 	}
 
 	if (geteuid() != 0)
-		errx(1, "need root privileges");
-
-	if (!debug && daemon(1, 0) == -1)
-		err(1, "daemon");
+		lerrx(1, "need root privileges");
 
 	if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, PF_UNSPEC, pair)
 	    == -1)
@@ -262,6 +259,15 @@ main(int argc, char *argv[])
 				free(saddr);
 			}
 
+	if (!debug) {
+		if (daemon(1, 0) == -1)
+			lerr(1, "daemon");
+
+		openlog(__progname, LOG_PID|LOG_NDELAY, LOG_DAEMON);
+		tzset();
+		logger = &syslogger;
+	}
+
 	switch (fork()) {
 	case -1:
 		lerr(1, "fork");
@@ -289,12 +295,6 @@ main(int argc, char *argv[])
 	TAILQ_INIT(&child->fdrequests);
 	TAILQ_INIT(&child->tmrequests);
 
-	if (!debug) {
-		openlog(__progname, LOG_PID|LOG_NDELAY, LOG_DAEMON);
-		tzset();
-		logger = &syslogger;
-	}
-
 	proxy_listen(addr, port, family);
 
 	/* open /dev/pf */
@@ -358,12 +358,6 @@ proxy_privproc(int s, struct passwd *pw)
 	extern char *__progname;
 	struct privproc p;
 
-	if (!debug) {
-		openlog(__progname, LOG_PID|LOG_NDELAY, LOG_DAEMON);
-		tzset();
-		logger = &syslogger;
-	}
-
 	if (chroot(CHROOT_DIR) == -1)
 		lerr(1, "chroot to %s", CHROOT_DIR);