diff options
| author |   bluhm <bluhm@openbsd.org> | 2015-09-11 21:33:16 +0000 |
|---|---|---|
| committer | bluhm <bluhm@openbsd.org> | 2015-09-11 21:33:16 +0000 |
| commit | 7d3d693bbaf75fa8169fd06c92227fa7c5e0f77d (patch) | |
| tree | a293289a616a570234811a3c37d8840a9e64a282 | |
| parent | Now that the port tree is clean, RTF_XRESOLVE disapear. (diff) | |
| download | wireguard-openbsd-7d3d693bbaf75fa8169fd06c92227fa7c5e0f77d.tar.xz wireguard-openbsd-7d3d693bbaf75fa8169fd06c92227fa7c5e0f77d.zip | |
Instead of printing errno strings here and there, add a logerrorx()
to syslogd that does not do that. Use it for anything that does
not look like a system call or library call around it.
Also add logerrorctx() that prints the TLS error instead.
Reduce the maximum CAfile limit to 50MB, requested by Bob.
OK beck@
| -rw-r--r-- | usr.sbin/syslogd/syslogd.c | 118 |
1 files changed, 66 insertions, 52 deletions
diff --git a/usr.sbin/syslogd/syslogd.c b/usr.sbin/syslogd/syslogd.c index 2e7f81654a6..ddf58107fc2 100644 --- a/usr.sbin/syslogd/syslogd.c +++ b/usr.sbin/syslogd/syslogd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: syslogd.c,v 1.187 2015/09/11 12:42:12 bluhm Exp $ */ +/* $OpenBSD: syslogd.c,v 1.188 2015/09/11 21:33:16 bluhm Exp $ */ /* * Copyright (c) 1983, 1988, 1993, 1994 @@ -319,6 +319,9 @@ void markit(void); void fprintlog(struct filed *, int, char *); void init(void); void logerror(const char *); +void logerrorx(const char *); +void logerrorctx(const char *, struct tls *); +void logerror_reason(const char *, const char *); void logmsg(int, char *, char *, int); struct filed *find_dup(struct filed *); void printline(char *, char *); @@ -450,7 +453,7 @@ main(int argc, char *argv[]) if (socket_bind("udp", NULL, "syslog", SecureMode, &fd_udp, &fd_udp6) == -1) { errno = 0; - logerror("socket bind *"); + logerrorx("socket bind *"); if (!Debug) die(0); } @@ -458,7 +461,7 @@ main(int argc, char *argv[]) if (bind_host && socket_bind("udp", bind_host, bind_port, 0, &fd_bind, &fd_bind) == -1) { errno = 0; - logerror("socket bind udp"); + logerrorx("socket bind udp"); if (!Debug) die(0); } @@ -466,7 +469,7 @@ main(int argc, char *argv[]) if (listen_host && socket_bind("tcp", listen_host, listen_port, 0, &fd_listen, &fd_listen) == -1) { errno = 0; - logerror("socket listen tcp"); + logerrorx("socket listen tcp"); if (!Debug) die(0); } @@ -517,7 +520,7 @@ main(int argc, char *argv[]) close(pair[1]); if (tls_init() == -1) { - logerror("tls_init"); + logerrorx("tls_init"); } else if ((tlsconfig = tls_config_new()) == NULL) { logerror("tls_config_new"); } else if (NoVerify) { @@ -533,15 +536,15 @@ main(int argc, char *argv[]) logerror("open CAfile"); } else if (fstat(fd, &sb) == -1) { logerror("fstat CAfile"); - } else if (sb.st_size > 1024*1024*1024) { - logerror("CAfile larger than 1GB"); + } else if (sb.st_size > 50*1024*1024) { + logerrorx("CAfile larger than 50MB"); } else if ((p = calloc(sb.st_size, 1)) == NULL) { logerror("calloc CAfile"); } else if (read(fd, p, sb.st_size) != sb.st_size) { logerror("read CAfile"); } else if (tls_config_set_ca_mem(tlsconfig, p, sb.st_size) == -1) { - logerror("tls_config_set_ca_mem"); + logerrorx("tls_config_set_ca_mem"); } else { dprintf("CAfile %s, size %lld\n", CAfile, sb.st_size); } @@ -740,7 +743,7 @@ socket_bind(const char *proto, const char *host, const char *port, snprintf(ebuf, sizeof(ebuf), "getaddrinfo " "proto %s, host %s, port %s: %s", proto, host ? host : "*", port, gai_strerror(error)); - logerror(ebuf); + logerrorx(ebuf); die(0); } @@ -1261,20 +1264,21 @@ tcp_connectcb(int fd, short event, void *arg) if ((f->f_un.f_forw.f_ctx = tls_client()) == NULL) { snprintf(ebuf, sizeof(ebuf), "tls_client \"%s\"", f->f_un.f_forw.f_loghost); + logerror(ebuf); goto error; } if (tlsconfig && tls_configure(f->f_un.f_forw.f_ctx, tlsconfig) == -1) { - snprintf(ebuf, sizeof(ebuf), "tls_configure " - "\"%s\": %s", f->f_un.f_forw.f_loghost, - tls_error(f->f_un.f_forw.f_ctx)); + snprintf(ebuf, sizeof(ebuf), "tls_configure \"%s\"", + f->f_un.f_forw.f_loghost); + logerrorctx(ebuf, f->f_un.f_forw.f_ctx); goto error; } if (tls_connect_socket(f->f_un.f_forw.f_ctx, s, f->f_un.f_forw.f_host) == -1) { snprintf(ebuf, sizeof(ebuf), "tls_connect_socket " - "\"%s\": %s", f->f_un.f_forw.f_loghost, - tls_error(f->f_un.f_forw.f_ctx)); + "\"%s\"", f->f_un.f_forw.f_loghost); + logerrorctx(ebuf, f->f_un.f_forw.f_ctx); goto error; } dprintf("tcp connect callback: tls context success\n"); @@ -1287,7 +1291,6 @@ tcp_connectcb(int fd, short event, void *arg) return; error: - logerror(ebuf); if (f->f_un.f_forw.f_ctx) { tls_free(f->f_un.f_forw.f_ctx); f->f_un.f_forw.f_ctx = NULL; @@ -1734,7 +1737,7 @@ fprintlog(struct filed *f, int flags, char *msg) retryonce = 1; if (f->f_file < 0) { f->f_type = F_UNUSED; - logerror(f->f_un.f_fname); + logerrorx(f->f_un.f_fname); } else goto again; } else if ((e == EPIPE || e == EBADF) && @@ -1743,7 +1746,7 @@ fprintlog(struct filed *f, int flags, char *msg) retryonce = 1; if (f->f_file < 0) { f->f_type = F_UNUSED; - logerror(f->f_un.f_fname); + logerrorx(f->f_un.f_fname); } else goto again; } else { @@ -1796,7 +1799,7 @@ wallmsg(struct filed *f, struct iovec *iov) if (reenter++) return; if ((uf = priv_open_utmp()) == NULL) { - logerror(_PATH_UTMP); + logerrorx(_PATH_UTMP); reenter = 0; return; } @@ -1808,10 +1811,8 @@ wallmsg(struct filed *f, struct iovec *iov) strncpy(line, ut.ut_line, sizeof(line) - 1); line[sizeof(line) - 1] = '\0'; if (f->f_type == F_WALL) { - if ((p = ttymsg(iov, 6, line, TTYMSGTIME)) != NULL) { - errno = 0; /* already in msg */ - logerror(p); - } + if ((p = ttymsg(iov, 6, line, TTYMSGTIME)) != NULL) + logerrorx(p); continue; } /* should we send the message to this user? */ @@ -1821,10 +1822,8 @@ wallmsg(struct filed *f, struct iovec *iov) if (!strncmp(f->f_un.f_uname[i], ut.ut_name, UT_NAMESIZE)) { if ((p = ttymsg(iov, 6, line, TTYMSGTIME)) - != NULL) { - errno = 0; /* already in msg */ - logerror(p); - } + != NULL) + logerrorx(p); break; } } @@ -1889,15 +1888,33 @@ init_signalcb(int signum, short event, void *arg) * Print syslogd errors some place. */ void -logerror(const char *type) +logerror(const char *message) +{ + logerror_reason(message, errno ? strerror(errno) : NULL); +} + +void +logerrorx(const char *message) +{ + logerror_reason(message, NULL); +} + +void +logerrorctx(const char *message, struct tls *ctx) +{ + logerror_reason(message, ctx ? tls_error(ctx) : NULL); +} + +void +logerror_reason(const char *message, const char *reason) { char ebuf[ERRBUFSIZE]; - if (errno) + if (reason) (void)snprintf(ebuf, sizeof(ebuf), "syslogd: %s: %s", - type, strerror(errno)); + message, reason); else - (void)snprintf(ebuf, sizeof(ebuf), "syslogd: %s", type); + (void)snprintf(ebuf, sizeof(ebuf), "syslogd: %s", message); errno = 0; dprintf("%s\n", ebuf); if (Startup) @@ -1938,8 +1955,7 @@ die(int signo) dprintf("syslogd: exiting on signal %d\n", signo); (void)snprintf(ebuf, sizeof(ebuf), "exiting on signal %d", signo); - errno = 0; - logerror(ebuf); + logerrorx(ebuf); } dprintf("[unpriv] syslogd child about to exit\n"); exit(0); @@ -2107,7 +2123,7 @@ init(void) m = SIMPLEQ_FIRST(&mb); SIMPLEQ_REMOVE_HEAD(&mb, f_next); if (m->f_un.f_mb.f_rb != NULL) { - logerror("Mismatched membuf"); + logerrorx("Mismatched membuf"); ringbuf_free(m->f_un.f_mb.f_rb); } dprintf("Freeing membuf %p\n", m); @@ -2218,8 +2234,6 @@ cfline(char *line, char *progblock, char *hostblock) dprintf("cfline(\"%s\", f, \"%s\", \"%s\")\n", line, progblock, hostblock); - errno = 0; /* keep strerror() stuff out of logerror messages */ - if ((f = calloc(1, sizeof(*f))) == NULL) { logerror("Couldn't allocate struct filed"); die(0); @@ -2271,7 +2285,7 @@ cfline(char *line, char *progblock, char *hostblock) if (pri < 0) { (void)snprintf(ebuf, sizeof ebuf, "unknown priority name \"%s\"", buf); - logerror(ebuf); + logerrorx(ebuf); free(f); return (NULL); } @@ -2291,7 +2305,7 @@ cfline(char *line, char *progblock, char *hostblock) (void)snprintf(ebuf, sizeof(ebuf), "unknown facility name \"%s\"", buf); - logerror(ebuf); + logerrorx(ebuf); free(f); return (NULL); } @@ -2315,13 +2329,13 @@ cfline(char *line, char *progblock, char *hostblock) sizeof(f->f_un.f_forw.f_loghost))) { snprintf(ebuf, sizeof(ebuf), "loghost too long \"%s\"", p); - logerror(ebuf); + logerrorx(ebuf); break; } if (loghost_parse(++p, &proto, &host, &port) == -1) { snprintf(ebuf, sizeof(ebuf), "bad loghost \"%s\"", f->f_un.f_forw.f_loghost); - logerror(ebuf); + logerrorx(ebuf); break; } if (proto == NULL) @@ -2337,14 +2351,14 @@ cfline(char *line, char *progblock, char *hostblock) if (fd_udp == -1) { snprintf(ebuf, sizeof(ebuf), "no udp4 \"%s\"", f->f_un.f_forw.f_loghost); - logerror(ebuf); + logerrorx(ebuf); break; } } else if (strcmp(proto, "udp6") == 0) { if (fd_udp6 == -1) { snprintf(ebuf, sizeof(ebuf), "no udp6 \"%s\"", f->f_un.f_forw.f_loghost); - logerror(ebuf); + logerrorx(ebuf); break; } } else if (strcmp(proto, "tcp") == 0 || @@ -2359,13 +2373,13 @@ cfline(char *line, char *progblock, char *hostblock) } else { snprintf(ebuf, sizeof(ebuf), "bad protocol \"%s\"", f->f_un.f_forw.f_loghost); - logerror(ebuf); + logerrorx(ebuf); break; } if (strlen(host) >= NI_MAXHOST) { snprintf(ebuf, sizeof(ebuf), "host too long \"%s\"", f->f_un.f_forw.f_loghost); - logerror(ebuf); + logerrorx(ebuf); break; } if (port == NULL) @@ -2374,7 +2388,7 @@ cfline(char *line, char *progblock, char *hostblock) if (strlen(port) >= NI_MAXSERV) { snprintf(ebuf, sizeof(ebuf), "port too long \"%s\"", f->f_un.f_forw.f_loghost); - logerror(ebuf); + logerrorx(ebuf); break; } if (priv_getaddrinfo(ipproto, host, port, @@ -2382,7 +2396,7 @@ cfline(char *line, char *progblock, char *hostblock) sizeof(f->f_un.f_forw.f_addr)) != 0) { snprintf(ebuf, sizeof(ebuf), "bad hostname \"%s\"", f->f_un.f_forw.f_loghost); - logerror(ebuf); + logerrorx(ebuf); break; } f->f_file = -1; @@ -2443,7 +2457,7 @@ cfline(char *line, char *progblock, char *hostblock) f->f_file = priv_open_log(p); if (f->f_file < 0) { f->f_type = F_UNUSED; - logerror(p); + logerrorx(p); break; } if (isatty(f->f_file)) { @@ -2498,7 +2512,7 @@ cfline(char *line, char *progblock, char *hostblock) /* Error on missing or non-unique name, or bad buffer length */ if (i == 0 || rb_len > MAX_MEMBUF || xf != NULL) { f->f_type = F_UNUSED; - logerror(p); + logerrorx(p); break; } @@ -2641,7 +2655,7 @@ unix_socket(char *path, int type, mode_t mode) if (strlcpy(s_un.sun_path, path, sizeof(s_un.sun_path)) >= sizeof(s_un.sun_path)) { snprintf(ebuf, sizeof(ebuf), "socket path too long: %s", path); - logerror(ebuf); + logerrorx(ebuf); die(0); } @@ -2810,14 +2824,14 @@ ctlconn_readcb(int fd, short event, void *arg) return; if (ntohl(ctl_cmd.version) != CTL_VERSION) { - logerror("Unknown client protocol version"); + logerrorx("Unknown client protocol version"); ctlconn_cleanup(); return; } /* Ensure that logname is \0 terminated */ if (memchr(ctl_cmd.logname, '\0', sizeof(ctl_cmd.logname)) == NULL) { - logerror("Corrupt ctlsock command"); + logerrorx("Corrupt ctlsock command"); ctlconn_cleanup(); return; } @@ -2885,7 +2899,7 @@ ctlconn_readcb(int fd, short event, void *arg) strlcat(reply_text, "\n", MAX_MEMBUF); break; default: - logerror("Unsupported ctlsock command"); + logerrorx("Unsupported ctlsock command"); ctlconn_cleanup(); return; } @@ -2915,7 +2929,7 @@ ctlconn_writecb(int fd, short event, void *arg) if (!(ctl_state == CTL_WRITING_REPLY || ctl_state == CTL_WRITING_CONT_REPLY)) { /* Shouldn't be here! */ - logerror("ctlconn_write with bad ctl_state"); + logerrorx("ctlconn_write with bad ctl_state"); ctlconn_cleanup(); return; } |