Age | Commit message (Collapse) | Author |
|
OK millert@
|
|
and key loading can be simplified.
OK jsing@
|
|
ok natano reyk
|
|
changes - map the previous configuration to the equivalent in the new
groups. This will be revisited post release.
Discussed with beck@
|
|
OK jmc@
|
|
remote server to verify that the log messages from our syslogd are
authentic.
From Kapetanakis Giannis; man page input jmc@; OK jung@ deraadt@
|
|
traditional tabs-deliminated fields. This is consistent with what
FreeBSD, NetBSD and Linux do. Adapted from FreeBSD.
|
|
This fixes a long-standing issue where syslogd would print 15 NUL
bytes followed by two blank spaces before the log message for
warnings generated while parsing syslog.conf. OK bluhm@
|
|
The privileged process sends the errno value back when it cannot
open a file. OK gilles@
|
|
|
|
ttymsg.c doesn't need to include fcntl.h.
Tweak standard fd sanitising to be more like the sanitise_stdfd()
used elsewhere, though other uses of 'nullfd' make importing
sanitise_stdfd() itself unappetizing.
Add a die(0) if dup2() fails.
suggestions & ok bluhm@
|
|
Patch from Christian Heckendorf <mbie at ulmus dot me>.
OK jmc@ bentley@
|
|
From Michael Savage; input and OK mmcc@
|
|
libevent messages. Before the code was removed from libevent, the
library itself printed that to stderr.
OK nicm@
|
|
The mark timeout event is not persistent, add the timer intervall
everytime it fires.
Bug report, analysis and fix from Einfach Jemand rru.142 at gmail.com
|
|
child tried to load the default CA file when it was connecting to
a TLS server. The latter has never worked as the child is chrooted
to /var/empty. Set the CA storage to an empty string to avoid this
behavior. As a benefit pledge "rpath" can be removed.
OK benno@
|
|
in a background process. A potential fork(2) at every message is
bad, so replace this with an event. As a bonus the syslogd child
process does not need to pledge "proc" anymore. Also limit the
number of delayed write events.
OK deraadt@
|
|
syslogd child calls fork(2) to delay blocked output.
OK benno@
|
|
has been added to it, the syslogd privsep parent does not need
pledge "inet" anymore.
discussed with deraadt@
|
|
OK deraadt@
|
|
inet dns getpw sendfd proc exec".
OK deraadt@
|
|
as dprintf(3) is in libc now and does something different.
OK guenther@
|
|
From Michael McConville; OK guenther@
|
|
sizeof(struct sockaddr_un), so do the simple, portable thing.
Also convert some strncpy() to strlcpy()
ok deraadt@
|
|
|
|
encrypted messages. The server certificates are taken from /etc/ssl
like relayd does.
OK benno@ beck@ deraadt@
|
|
encrypted messages. The server certificates are taken from /etc/ssl
like relayd does.
OK benno@ beck@ deraadt@
|
|
blocks. Fix the potential syslogd's death, add "proc" to pledge.
OK deraadt@
|
|
|
|
With and OK deraadt@
|
|
ok millert@
|
|
event loss in syslogd. The ev_read and ev_write event structures
were used for both EV_READ and EV_WRITE events intermixedly. The
correct way is to use each event for its read and write purpose and
instead switch the handler. Then libevent is no longer confused.
When doing TLS read and a TLS_WANT_POLLOUT occures, call event_set()
for the write event to change the callback to read. As there might
be an event scheduled on the event, call event_del() before
event_set(). After a successful TLS read, change back the write
event. Add analog code for TLS write and handshake.
OK beck@
|
|
Spotted by jung@
|
|
to syslogd that does not do that. Use it for anything that does
not look like a system call or library call around it.
Also add logerrorctx() that prints the TLS error instead.
Reduce the maximum CAfile limit to 50MB, requested by Bob.
OK beck@
|
|
everything.
OK benno@
|
|
allocate them with malloc. This makes the address space layout
more random.
OK deraadt@ benno@
|
|
can go away as the callback does not need the hostname anymore.
Call tls_handshake() until successful. Remove the function
tls_socket() as it has a bad prefix. Just call tls_client(),
tls_configure() and tls_connect_socket() after the TCP socket has
been created. There is no need to wait until TCP connect has
finished.
OK beck@ jsing@
|
|
|
|
new tls_read() and tls_write() calling semantics, adapt to
TLS_WANT_POLLIN and TLS_WANT_POLLOUT renaming.
OK beck@
|
|
checks the send buffer size. So double both buffer sizes.
Moreover the default for sending is 2048 and for receiving is 4096.
This makes the existing double buffer algorithm inconsistent. It
is better to make the buffers large enough to hold 8 full length
messages. Just make sure that it does not shrink.
Keep the approach that doubles the buffer sizes. When we are low
on buffers and cannot reach the full size, increase it as much as
possible.
While there, add consistent error messages.
OK benno@
|
|
of syslogd(8) should be alike. syslogd: dropped 1 message
OK lteo@ millert@
|
|
use the global linebuf like the other libevent read callbacks.
OK jung@
|
|
conflicts with other processes bound to a specific address with the
same port. Syslogd uses this socket basically for outgoing traffic
to remote UDP log servers, so increase the chance that it works.
OK jung@ benno@
|
|
specific programm or host. It does not make sense to truncate the
string from the config at some character from a list. Just take
whatever the user specified as progname or hostname. If it contains
funky charactes it will not match and the action is not taken. This
fixes matching with IP addresses if syslogd is started with -n.
OK semarie@
|
|
itself. For this it uses the original arguments of main(). The
function loghost_parse() modifies the optarg memory it is operating
on. To prevent that the exec arguments have been tampered, pass a
copy of optarg to loghost_parse().
OK deraadt@
|
|
it is behind the size limit. As msg is not NUL-terminated in this
case, it depended on memory content wether syslogd will crash. So
using memcpy() and setting the NUL explicitly is the correct way.
OK deraadt@
|
|
case the receiver closes the connection, wait for a second to give
him a chance to recover.
OK benno@
|
|
limit. Instead disable the listen event and wait for a second.
Keep a reserve of 5 file descriptors.
OK benno@
|
|
octet counting or non transparent framing.
OK benno@
|
|
syslogd had to drop messages after tls_write() returned
TLS_{READ,WRITE}_AGAIN. Now after libtls has been fixed, remove
the workaround. Messages are stored in the libevent write buffer
as we can safely do a realloc(3) now.
OK reyk@
|