summaryrefslogtreecommitdiffstats
path: root/usr.sbin/syslogd/syslogd.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Add the possiblity to store all syslog messages received from abluhm2015-06-291-33/+71
| | | | | | | specific host into a single log file. For programs this is already implemented for !prog blocks. So do the same with +host for hostnames. Based on a diff from Gregory Edigarov; OK jung@ sthen@
* Implement a -F switch, that tells syslogd to stay in foreground.bluhm2015-06-151-4/+8
| | | | OK benno@; input millert@; no objections deraadt@
* Close the lock pipe before dupping /dev/null to stdio.bluhm2015-06-121-2/+2
| | | | | This works even if the file descriptor is 0 or 1 or 2. input and OK millert@
* If fork fails, print an error message before exit.bluhm2015-06-121-2/+2
| | | | OK doug@ djm@
* Use getline instead of fgets to allow arbitrary line length intobias2015-03-301-4/+11
| | | | | | | configuration file. Also make sure that we fully parsed it. If not, avoid to start a half-baked syslogd. with input by and ok bluhm@
* Explain in a comment that atoi() is safe here.bluhm2015-02-241-1/+2
| | | | OK deraadt@
* Rename tls_config_insecure_noverifyhost() tojsing2015-02-221-2/+2
| | | | | | | tls_config_insecure_noverifyname(), so that it is more accurate and keeps inline with the distinction between DNS hostname and server name. Requested by tedu@ during s2k15.
* Set the TLS ciphers to "compat" mode, restoring the previous behaviour.jsing2015-02-221-2/+5
|
* When syslogd is writing over TLS, the error "SSL3_WRITE_PENDING:badbluhm2015-02-201-2/+16
| | | | | | | | | | | | | | | write retry" may occur. Unfortunately libtls tls_write() has inherited the strange semantics regarding partial writes and buffer movement from SSL_write(). This will be investigated after unlock, the goal is to have the behavior of write(2) in libtls. For now add a workaround in syslogd. If tls_write() indicates that it needs a read or write again, stop modifying the output buffer. Instead drop and count the syslog messages. After writing over TLS was successful, continue to queue the messages. This solution has minimum inpact and will be improved after 5.7 release. discussed with tedu@ reyk@ jsing@; OK tedu@
* Call tls_config_set_protocols(TLS_PROTOCOLS_ALL) also if the hostnamebluhm2015-02-141-4/+4
| | | | | and certificate are not verified. OK jsing@
* When too many -a requests on the syslogd command line cannot bebluhm2015-02-131-6/+3
| | | | | | fulfilled, it is better to fail hard. Then the user can adjust rc.conf.local or the #define MAXUNIX. OK millert@
* Change TLS_PROTOCOLS_DEFAULT to be TLSv1.2 only. Add a TLS_PROTOCOLS_ALLjsing2015-02-121-1/+3
| | | | | | | | that includes all currently supported protocols (TLSv1.0, TLSv1.1 and TLSv1.2). Change all users of libtls to use TLS_PROTOCOLS_ALL so that they maintain existing behaviour. Discussed with tedu@ and reyk@.
* Make error check consistent in all recvfrom(2) callbacks.bluhm2015-02-101-2/+2
| | | | OK henning@
* Fix format string of -m error message.bluhm2015-02-091-2/+2
| | | | OK deraadt@
* Implement octet counting for sending syslog over TCP and TLS streams.bluhm2015-02-081-9/+46
| | | | | For TCP the standard recommends it, but TLS must use this framing. OK henning@
* Use ebuf[ERRBUFSIZE] instead of ebuf[256] everywhere.reyk2015-02-081-9/+10
| | | | OK bluhm@
* use strtonum() instead of atoi(); ok bluhmderaadt2015-02-071-2/+6
|
* To get reliable TCP and TLS logging, report when messages get lost.bluhm2015-02-061-7/+67
| | | | | | | | If the log server refuses to receive messages and the buffer gets full, count the dropped messages. Log the counter when the server accepts messages again. If there are messages in the buffer when a signal is received, count and log them. tested sthen@; OK henning@
* As a result of the recommendations in RFC 5424, 5425, 5426 set thebluhm2015-02-021-10/+17
| | | | | | | | | | | | maximum syslog message size to 8192 octets. Restrict UDP sending to 1180 octets payload to avoid fragmentation. This is more than the 1024 we supported before. Also truncate the line in printline() to exactly 8192 bytes regardless of visual encoding. That is a more predictable behavior and makes testing easier. Although syslog(3) does not support long messages yet, make sure that /dev/log can receive them. OK deraadt@
* The error buffer in syslogd might be too small for the TLS errors.bluhm2015-01-311-22/+22
| | | | | Increase it to 256 bytes and call it ebuf everywhere. OK sthen@
* If not explicitly disabled, syslogd verifies the x509 certificatebluhm2015-01-281-30/+60
| | | | | | and hostname of the TLS server before sending any messages to it. Per default /etc/ssl/cert.pem is used as CA file. OK deraadt@
* Replace HOST_NAME_MAX+1 with NI_MAXHOST when the hostname is usedbluhm2015-01-191-6/+6
| | | | | | with getaddrinfo() or getnameinfo(), but keep HOST_NAME_MAX+1 when the hostname comes from gethostname(). No binary change; OK deraadt@
* Implement sending syslog messages over TLS.bluhm2015-01-181-16/+115
| | | | OK reyk@
* Replace <sys/param.h> with <limits.h> and other less dirty headers wherederaadt2015-01-161-9/+11
| | | | | | | | | possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
* When the connection to a TCP syslog server fails or the TCP connectionbluhm2015-01-151-19/+75
| | | | | terminates, try to reconnect after an increasing timeout. test and OK jasper@
* Use the field f_file also for the forwarding file descriptor. Removebluhm2015-01-081-17/+13
| | | | | the special f_fd field. Also remove an useless F_FORWUDP case. test and OK jasper@
* Use SIMPLEQ for syslogd filed list instead of manual list operations.bluhm2015-01-021-32/+32
| | | | OK dlg@
* When syslogd was sending via TCP, there was file descriptor leakbluhm2015-01-021-2/+6
| | | | | | and a use after free if it received a SIGHUP. Call bufferevent_free() to deactivate the callbacks and close the TCP socket. OK jasper@ deraadt@
* Implement sending syslog messages over TCP streams.bluhm2014-12-311-24/+149
| | | | test and OK jasper@ jca@
* If default file descriptors (0, 1, 2) have to be assigned to /dev/null,tobias2014-12-101-3/+3
| | | | | | don't accidentally assign 3, too. ok millert, with input by and ok bluhm
* File descriptors are of type int, not short. While at it, adjust remainingtobias2014-12-101-3/+3
| | | | | | short to int too -- there are no space savings anymore, as stated by millert. ok bluhm, millert
* Fix regression for priority "none" (spotted by doug) of last commit by nottobias2014-12-071-6/+3
| | | | | | | parsing numbers at all -- syslog.conf(5) explicitly states that keywords have to be used. ok millert
* Verify that facility and priority numbers are in valid ranges.tobias2014-12-061-3/+3
| | | | ok bluhm
* Fix off by one in check for socket path too long. From Nicolas Bedos.millert2014-12-031-2/+2
|
* Prefer setvbuf() to setlinebuf() for portability; ok deraadt@millert2014-11-261-2/+2
|
* Replace the combination of strlen(), calloc(), strlen(), strlcpy()bluhm2014-11-011-6/+3
| | | | | with a simple strdup(). Found by brad@ with LLVM; OK doug@
* As libevent provides safe signal callbacks instead of signal handlers,bluhm2014-10-061-9/+1
| | | | | the sigprocmask(2) protection is not necessary and can be removed. OK nicm@ deraadt@
* Switch syslogd from using poll(2) to libevent.bluhm2014-10-051-172/+169
| | | | test and OK nicm@; OK henning@
* Cleanup the reporting socket code in syslogd.bluhm2014-10-031-33/+36
| | | | | | | | | - Name variable path_ctlsock consistently. - Name function ctlconn_logto() consistently. - Replace the nested if/else logic in ctlconn_write_handler() with if/return. - Call ctlconn_cleanup() only if there is a control connection. OK doug@
* Map out-of-range facility values to LOG_USER to avoid array over-read.guenther2014-10-011-2/+5
| | | | | | | Prompted by similar rsyslog issue fixed by Rainer Gerhards (rgerhards (at) adiscon.com) ok deraadt@ blambert@ sthen@ millert@
* Also in debug mode, close nullfd when it is not needed anymore.bluhm2014-09-271-3/+3
| | | | OK doug@
* Remove redundant null check and rename vars consistently in syslogddoug2014-09-101-10/+10
| | | | | | Merge in more functionality from bluhm's patch. ok bluhm@
* Fix a syslogd regression when specifying all 20 additional log pathsdoug2014-09-081-4/+5
| | | | | | | bluhm@ found and fixed this bug. This is a modified version of his patch which makes the intention a little clearer. ok bluhm@
* Move the handlers for the poll events into separate functions. Theybluhm2014-09-041-50/+67
| | | | | will become the libevent callbacks later. input and OK doug@
* The reapchild() signal handler collects all children. This can bebluhm2014-08-311-15/+2
| | | | | done easier by ignoring SIGCHLD. OK guenther@
* Do not call free() on an array in the data section. Fortunatelybluhm2014-08-311-2/+1
| | | | | the code was not reached. No binary change. OK miod@ guenther@
* Allow to restrict syslogd to a protocol family with -4 and -6 commandbluhm2014-08-251-10/+58
| | | | | | | line switches. If the log server is an FQDN, DNS chooses wether to take the IPv4 or IPv6 route. Allow to prefix the log host with udp4:// or udp6:// to choose a protocol. OK henning@
* Fix the gcc compiler warnings "comparison between signed andbluhm2014-08-251-10/+11
| | | | | | unsigned". Some checks got stricter. The (size_t) cast is only done, if the argument is not negative. OK henning@
* Instead of getting a nasty error message from privsepbluhm2014-08-221-3/+16
| | | | | | "syslogd: priv_getaddrinfo: overflow attempt in hostname" check the host and port length when parsing the config. OK henning@
* Send and receive UDP syslog packets on the IPv6 socket.bluhm2014-08-211-19/+40
| | | | OK henning@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.