| Age | Commit message (Collapse) | Author |
|---|
|
the priority of userland messages with kernel or unspecified facility.
broken in previous commit; fix from markus@
|
|
side terminates the TLS connection. It results in a proper shutdown
and the TLS peer has a chance to detect errors. This is expecially
important for the client side. Due to the reduced TLS 1.3 handshake,
errors might be undetected and log messages dropped silently. By
doing a matching TLS shutdown on his side, the client can receive
the error.
Instead of checking socket writability and calling tls_close()
repeatedly, syslogd calls it only once. As the other side has
closed the connection anyway it is our turn to write the shutdown
message. Do not care about errors here and avoid complexity.
OK tb@
|
|
This should make it more manageable.
No functional change intended, debugging output slightly changed.
help from and OK bluhm@
|
|
macro-build a replacement for sccsid, and was done without any concern
for namespace damage. Unfortunately this practice started infecting
other code as others were unaware they didn't need the file.
ok millert guenther
|
|
instead of copying the strings with snprintf(3).
OK martijn@
|
|
3rd (variadic) mode_t parameter is irrelevant. Many developers in the past
have passed mode_t (0, 044, 0644, or such), which might lead future people
to copy this broken idiom, and perhaps even believe this parameter has some
meaning or implication or application. Delete them all.
This comes out of a conversation where tb@ noticed that a strange (but
intentional) pledge behaviour is to always knock-out high-bits from
mode_t on a number of system calls as a safety factor, and his bewilderment
that this appeared to be happening against valid modes (at least visually),
but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef.
ok millert
|
|
Use RFC 5424 NILVALUE as fallback for LocalHostName.
OK millert@ mvs@
|
|
everything into an iov and do some sprintf() formating later. Better
put everything into the iov upfront based on what the output methods
need. Then either the full iov is written or a line is created by
concatenating.
OK martijn@
|
|
There was a corner case with a very long message received over TCP
or TLS where this was not clear. Force a '\0' where this line is
truncated.
OK martijn@ deraadt@
|
|
than passing the magic number 6 around and checking at runtime
whether its fits.
OK deraadt@ martijn@ mvs@
|
|
As per the manual and lib/libtls/tls.c revision 1.79 from 2018
"Automatically handle library initialisation for libtls." initialisation
is handled automatically by other tls_*(3) functions.
Remove explicit tls_init() calls from base to not give the impression of
it being needed.
Feedback tb
OK Tests mestre
|
|
fails to report the path that the failure occured on. Suggested by
deraadt@ after some tech discussion.
Work done and verified by Ashton Fagg <ashton@fagg.id.au>
ok deraadt@ semarie@ claudio@
|
|
are started before syslogd(8). This resulted in ugly sendsyslog(2)
dropped logs and the real message was lost.
Create a temporary stash for log messages within the kernel. It
has a limited size of 100 messages, and each message is truncated
to 8192 bytes. When the stash is exhausted, the well-known dropped
message is generated with a counter. After syslogd(8) has setup
everything, it sends a debug line through libc to flush the kernel
stash. Then syslogd receives all messages from the kernel before
the usual logs.
OK deraadt@ visa@
|
|
OK bluhm@
|
|
if a client aborted the connection silently. As syslogd does not
write anything into incoming connections, it will not recognize
failure. Setting TCP keep alive on the listen socket does prevent
that for accecpted sockets. Note that outgoing connections do not
need it as syslogd will write data into them.
noticed by dhill@; OK millert@ beck@ deraadt@
|
|
UDP sockets for sending messages. Keep the sockets open if the
config allows to send UDP. Then they can be used to send if DNS
is working during the next SIGHUP.
bug reported and fix tested by sven falempin; OK millert@
|
|
did not work anymore. unveil(2) prevented removal. Cleaning the
UNIX domain sockets is not necessary. They are harmless and unlinked
before a new bind. So delete that functionality and convert global
to local variables. Providing /var/run/syslog.pid is a common
feature that should be kept. A stale pid file is confusing. So
add a constant path to unveil(2) to allow pid file removal.
OK deraadt@
|
|
fail. Log the message without formating, that is the best syslogd(8)
can do.
OK deraadt@
|
|
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
|
|
bursts it is possible that syslogd(8) cannot process messages fast
enough. The larger kernel buffer allows to work them off in more
time. Then fewer dropped messages are reported.
problem found by millert@; OK claudio@ deraadt@
|
|
in order to select syslog.conf(5) line blocks
|
|
program names containing period ('.') and underscore ('_') ASCII characters.
Missing feature reported by and patch tested by
Kawashima underscore James at yahoo dot co dot jp.
"Makes sense." deraadt@
|
|
Allows stopping `syslogd -F' with ^C.
OK bluhm
|
|
input jmc@; OK sthen@
|
|
mention the PID file. While there, use .Nm consistently.
wording from schwarze@; deraadt@ cheloha@ millert@ agree
|
|
when we had real signal handlers. But now we use libevent, so
remove the old logic.
OK deraadt@ millert@
|
|
include config file "r", utmp "r", /dev "rw", /bin/sh "x" for running
piped commands, and the syslogd binary "x" itself for HUP re-exec upon
config loads with changes. Also unveiled in the privsep process are
the specific log files being written to.
If a config file reload changes no files, the existing privsep process
keeps running with unveil's to the relevant files (therefore it can
cope with newsyslogd taking files away). If a new config file is loaded
which changes the output files, the privsep process is restarted with
fork+exec, and installs new unveils as needed. The safety we gain from
unveil is that we've pigeonholed the privsep file-writer to exactly the
files required.
Help from bluhm for some edge cases.
|
|
the C API in section 3.
OK millert jmc nicm, "the right idea" deraadt
|
|
fnmatch(3); ok sthen@ bluhm@
|
|
used for opening the pipe process. Move the getpwnam() lookup out
of the privsep parent loop, so it does not need "getpw" pledge
anymore.
OK deraadt@
|
|
AF_UNIX is both the historical _and_ standard name, so prefer and recommend
it in the headers, manpages, and kernel.
ok miller@ deraadt@ schwarze@
|
|
|
|
specific logfile.
ok sthen@ millert@
|
|
|
|
Syslogd continued logging messages to a file that had an EIO error.
This could slow down the whole system. File system errors may cause
huge delays at every access. This prevented debugging the issue.
Now syslogd will log a warning and shut down logging to this file
until restart or SIGHUP.
OK deraadt@ espie@ millert@
|
|
to files located there. It did this permanently, so cleaning /var
without SIGHUP to syslogd did not help. Better retry, write an
error message to other log hosts, and write a summary of dropped
messages after it works again.
OK millert@ friehm@
|
|
never appear in any log file. After initialization, write a summary
into log files and to remote log host. So the problem shows up,
when someone is looking at the persistent messages.
Print the "dropped message" warning in a common function.
OK sthen@ millert@
|
|
Add my copyright explicitly.
|
|
to UDP loghost fails. Otherwise syslogd(8) would no longer send
to this destination after the error occured once.
tested by Rivo Nurges; OK millert@ benno@ deraadt@
|
|
to receive sendsyslog(2) messages.
discussed with martijn@; OK jmc@ deraadt@
|
|
initialized. For every message it did reopen the console with file
descriptor passing from the privsep parent. Now preopen the console,
so writing the message out works in more cases. If the console has
been revoked, a reopen via privsep and write again is tried anyway.
OK brynet@ deraadt@ jca@
|
|
it has closed the file descriptor before checking the errno. So
f_file contained a bad file descriptor that could be reused at the
next open. Keep the file open if errno is EAGAIN. Move the close(2)
down where the old file descriptor in f_file is overwritten in all
cases.
OK deraadt@ jca@
|
|
open. These sockets are used for sending UDP packets if there is
a UDP loghost in syslog.conf(5). If syslogd is started with -u,
they can receive packets, otherwise they are disabled with
shutdown(SHUT_RD). In case syslogd does neither send nor receive,
close the sockets after reading the configuration file. This gives
us a cleaner netstat output, and the ports are not reported by port
scanners. This has no security implication.
OK benno@ jca@ sthen@ deraadt@
|
|
truncate the length of a syslog message to 8192 bytes. Use one
global define LOG_MAXLINE for all of them.
OK deraadt@ millert@
|
|
- Fix TLS s/server/client/
- Use 'remote loghost' consistently, even if it's not clear to which
endpoint this correspond.
- Replace 'forwarding' by 'sending' to remove the ambiguity about the
inserted hostname.
- Do not use the word 'server' with 'socket' to avoid confusion with
a TLS server.
- Prefer 'senders' than 'clients' when it comes to spoofing, to reduce
one usage of the word 'client.
ok jmc@, bluhm@
|
|
has already read the buffer from kernel to user land. I have blindly
copied this code from libevent for syslogd(8) TLS, remove it together
with the bug. It caused hangs in ldapd(8).
report, analysis, testing, OK Seiya Kawashima, Robert Klein, gsoares@
|
|
get lost. Remove log_setdebug() as it adds too much abstraction,
use the global variable Started instead. Set the Started value
before the init() function. Then errors during config file processing
will be logged to the console as Initialize is still 0. This is
better than stderr as the latter may be redirected to /dev/null.
Print the timestamp and hostname also for direct messages to console,
so that they look like all others.
bug report jung@; OK benno@
|
|
connections. This expands the feature from UDP and TCP to syslog
over TLS.
input jmc@; OK millert@
|
|
remote loghost as they are most commonly used for automated log
processing. With -rr the "last message repeated" feature can be
disabled completely.
OK sthen@ deraadt@ jmc@
|
|
A log client reconnects at every SIGHUP. Write these accept and
close messages with debug priority, then they can be turned on in
syslog.conf. Default is off.
While there, move a debug message and set the priority of the exit
message explicitly to error.
OK mpf@ millert@
|
