| Age | Commit message (Collapse) | Author |
|---|
|
than passing the magic number 6 around and checking at runtime
whether its fits.
OK deraadt@ martijn@ mvs@
|
|
As per the manual and lib/libtls/tls.c revision 1.79 from 2018
"Automatically handle library initialisation for libtls." initialisation
is handled automatically by other tls_*(3) functions.
Remove explicit tls_init() calls from base to not give the impression of
it being needed.
Feedback tb
OK Tests mestre
|
|
fails to report the path that the failure occured on. Suggested by
deraadt@ after some tech discussion.
Work done and verified by Ashton Fagg <ashton@fagg.id.au>
ok deraadt@ semarie@ claudio@
|
|
are started before syslogd(8). This resulted in ugly sendsyslog(2)
dropped logs and the real message was lost.
Create a temporary stash for log messages within the kernel. It
has a limited size of 100 messages, and each message is truncated
to 8192 bytes. When the stash is exhausted, the well-known dropped
message is generated with a counter. After syslogd(8) has setup
everything, it sends a debug line through libc to flush the kernel
stash. Then syslogd receives all messages from the kernel before
the usual logs.
OK deraadt@ visa@
|
|
OK bluhm@
|
|
if a client aborted the connection silently. As syslogd does not
write anything into incoming connections, it will not recognize
failure. Setting TCP keep alive on the listen socket does prevent
that for accecpted sockets. Note that outgoing connections do not
need it as syslogd will write data into them.
noticed by dhill@; OK millert@ beck@ deraadt@
|
|
UDP sockets for sending messages. Keep the sockets open if the
config allows to send UDP. Then they can be used to send if DNS
is working during the next SIGHUP.
bug reported and fix tested by sven falempin; OK millert@
|
|
did not work anymore. unveil(2) prevented removal. Cleaning the
UNIX domain sockets is not necessary. They are harmless and unlinked
before a new bind. So delete that functionality and convert global
to local variables. Providing /var/run/syslog.pid is a common
feature that should be kept. A stale pid file is confusing. So
add a constant path to unveil(2) to allow pid file removal.
OK deraadt@
|
|
fail. Log the message without formating, that is the best syslogd(8)
can do.
OK deraadt@
|
|
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
|
|
bursts it is possible that syslogd(8) cannot process messages fast
enough. The larger kernel buffer allows to work them off in more
time. Then fewer dropped messages are reported.
problem found by millert@; OK claudio@ deraadt@
|
|
in order to select syslog.conf(5) line blocks
|
|
program names containing period ('.') and underscore ('_') ASCII characters.
Missing feature reported by and patch tested by
Kawashima underscore James at yahoo dot co dot jp.
"Makes sense." deraadt@
|
|
Allows stopping `syslogd -F' with ^C.
OK bluhm
|
|
input jmc@; OK sthen@
|
|
mention the PID file. While there, use .Nm consistently.
wording from schwarze@; deraadt@ cheloha@ millert@ agree
|
|
when we had real signal handlers. But now we use libevent, so
remove the old logic.
OK deraadt@ millert@
|
|
include config file "r", utmp "r", /dev "rw", /bin/sh "x" for running
piped commands, and the syslogd binary "x" itself for HUP re-exec upon
config loads with changes. Also unveiled in the privsep process are
the specific log files being written to.
If a config file reload changes no files, the existing privsep process
keeps running with unveil's to the relevant files (therefore it can
cope with newsyslogd taking files away). If a new config file is loaded
which changes the output files, the privsep process is restarted with
fork+exec, and installs new unveils as needed. The safety we gain from
unveil is that we've pigeonholed the privsep file-writer to exactly the
files required.
Help from bluhm for some edge cases.
|
|
the C API in section 3.
OK millert jmc nicm, "the right idea" deraadt
|
|
fnmatch(3); ok sthen@ bluhm@
|
|
used for opening the pipe process. Move the getpwnam() lookup out
of the privsep parent loop, so it does not need "getpw" pledge
anymore.
OK deraadt@
|
|
AF_UNIX is both the historical _and_ standard name, so prefer and recommend
it in the headers, manpages, and kernel.
ok miller@ deraadt@ schwarze@
|
|
|
|
specific logfile.
ok sthen@ millert@
|
|
|
|
Syslogd continued logging messages to a file that had an EIO error.
This could slow down the whole system. File system errors may cause
huge delays at every access. This prevented debugging the issue.
Now syslogd will log a warning and shut down logging to this file
until restart or SIGHUP.
OK deraadt@ espie@ millert@
|
|
to files located there. It did this permanently, so cleaning /var
without SIGHUP to syslogd did not help. Better retry, write an
error message to other log hosts, and write a summary of dropped
messages after it works again.
OK millert@ friehm@
|
|
never appear in any log file. After initialization, write a summary
into log files and to remote log host. So the problem shows up,
when someone is looking at the persistent messages.
Print the "dropped message" warning in a common function.
OK sthen@ millert@
|
|
Add my copyright explicitly.
|
|
to UDP loghost fails. Otherwise syslogd(8) would no longer send
to this destination after the error occured once.
tested by Rivo Nurges; OK millert@ benno@ deraadt@
|
|
to receive sendsyslog(2) messages.
discussed with martijn@; OK jmc@ deraadt@
|
|
initialized. For every message it did reopen the console with file
descriptor passing from the privsep parent. Now preopen the console,
so writing the message out works in more cases. If the console has
been revoked, a reopen via privsep and write again is tried anyway.
OK brynet@ deraadt@ jca@
|
|
it has closed the file descriptor before checking the errno. So
f_file contained a bad file descriptor that could be reused at the
next open. Keep the file open if errno is EAGAIN. Move the close(2)
down where the old file descriptor in f_file is overwritten in all
cases.
OK deraadt@ jca@
|
|
open. These sockets are used for sending UDP packets if there is
a UDP loghost in syslog.conf(5). If syslogd is started with -u,
they can receive packets, otherwise they are disabled with
shutdown(SHUT_RD). In case syslogd does neither send nor receive,
close the sockets after reading the configuration file. This gives
us a cleaner netstat output, and the ports are not reported by port
scanners. This has no security implication.
OK benno@ jca@ sthen@ deraadt@
|
|
truncate the length of a syslog message to 8192 bytes. Use one
global define LOG_MAXLINE for all of them.
OK deraadt@ millert@
|
|
- Fix TLS s/server/client/
- Use 'remote loghost' consistently, even if it's not clear to which
endpoint this correspond.
- Replace 'forwarding' by 'sending' to remove the ambiguity about the
inserted hostname.
- Do not use the word 'server' with 'socket' to avoid confusion with
a TLS server.
- Prefer 'senders' than 'clients' when it comes to spoofing, to reduce
one usage of the word 'client.
ok jmc@, bluhm@
|
|
has already read the buffer from kernel to user land. I have blindly
copied this code from libevent for syslogd(8) TLS, remove it together
with the bug. It caused hangs in ldapd(8).
report, analysis, testing, OK Seiya Kawashima, Robert Klein, gsoares@
|
|
get lost. Remove log_setdebug() as it adds too much abstraction,
use the global variable Started instead. Set the Started value
before the init() function. Then errors during config file processing
will be logged to the console as Initialize is still 0. This is
better than stderr as the latter may be redirected to /dev/null.
Print the timestamp and hostname also for direct messages to console,
so that they look like all others.
bug report jung@; OK benno@
|
|
connections. This expands the feature from UDP and TCP to syslog
over TLS.
input jmc@; OK millert@
|
|
remote loghost as they are most commonly used for automated log
processing. With -rr the "last message repeated" feature can be
disabled completely.
OK sthen@ deraadt@ jmc@
|
|
A log client reconnects at every SIGHUP. Write these accept and
close messages with debug priority, then they can be turned on in
syslog.conf. Default is off.
While there, move a debug message and set the priority of the exit
message explicitly to error.
OK mpf@ millert@
|
|
OK millert@
|
|
The functionality has moved into log_setdebug().
OK millert@
|
|
the error string. Log the message when the error happens and make
the function void.
OK millert@
|
|
process incoming messages. Split this functionality into log_info()
and logline(). Sort the parameters like they appear in the syslog
line.
OK millert@
|
|
Make messages a bit more consistent. Note that the new function
supports format strings. Replace some log_debug() with log_warn().
OK millert@
|
|
Internally syslogd's fatal() calls die() to do cleanup if necessary.
Also replace all err(3) after log_init() with fatal().
OK millert@
|
|
log_debugadd() to construct debug message incrementally.
OK deraadt@
|
|
cannot happen and there is nothing that could be done about it.
OK deraadt@
|
|
ok bluhm@ deraadt@
|
