summaryrefslogtreecommitdiffstats
path: root/usr.sbin/syslogd (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Check return value of tls_config_set_protocols(3) and log if it failsmestre2016-11-211-3/+9
| | | | OK bluhm@
* Remove the artificial maximum number of unix domain sockets inbluhm2016-10-173-12/+18
| | | | | | syslogd(8). Just malloc(3) them dynamically which also gives a more random address space layout. OK deraadt@
* Fix trailing whitespace and shorten long lines.bluhm2016-10-163-12/+15
| | | | No binary change.
* Use closefrom(4) in privsep parent and avoid some global filebluhm2016-10-163-31/+10
| | | | | descriptor variables in syslogd(8) this way. OK rzalamena@
* Do an exec on itself in the privileged syslogd(8) parent processbluhm2016-10-063-93/+119
| | | | | to reshuffle its memory layout. Input rzalamena@; OK deraadt@
* Syslog RFC 5424 says you should add 1 to 6 digits with fractionsbluhm2016-10-061-16/+25
| | | | | | of a second to each syslog timestamp. As we do not measure the time in syslog(3), use only 3 digits with millisecond precision. OK dlg@
* When doing global remote logging and archiving, it is inconvenientbluhm2016-10-042-24/+97
| | | | | | | | | that the syslog timestamp does not contain the year and the timezone, but has local time with daylight saving time. Now with -Z syslogd(8) switches to RFC 5424 ISO format for timestamps. Then all logging is also done in UTC. Default is to keep local time and BSD syslog RFC 3164 format. BIG BIG BIG OK for the feature ajacoutot@; OK deraadt@
* sort FILES;jmc2016-09-241-6/+6
|
* improve DESCRIPTION;jmc2016-09-241-5/+7
| | | | from bluhm and myself
* Revert a wording change. Requested by jmc@bluhm2016-09-231-2/+2
|
* Add some more improvements from jmc@ to syslogd(8).bluhm2016-09-231-5/+6
|
* Document certificate handling in syslogd(8) man page.bluhm2016-09-232-30/+49
| | | | Written together with jmc@
* With the new large socket buffer sizes, syslogd could use more mbufsbluhm2016-09-231-3/+18
| | | | | | | | for TCP or TLS connections than before. It makes no sense to buffer messages in kernel, the dynamic limit there makes testing the dropped message statistics unreliable. Syslog has no high performance requirements, so limit all TCP socket buffers to 64 KB. OK henning@ deraadt@
* Improve syslogd(8) man page.bluhm2016-09-231-37/+31
| | | | Written together with jmc@
* tweak previous;jmc2016-09-211-10/+9
|
* Add an option to give syslogd a server CA that is used to validatebluhm2016-09-212-10/+38
| | | | | | client certificates. This prevent that malicious clients can send fake messages. OK deraadt@
* Add more information to syslogd tls config error messages.bluhm2016-08-291-9/+23
| | | | OK millert@
* By using the new tls_config_load_file() feature, syslogd(8) certificatebluhm2016-08-171-111/+38
| | | | | and key loading can be simplified. OK jsing@
* stop including sys/param.h for nitems. define locally as needed.tedu2016-08-161-2/+5
| | | | ok natano reyk
* Adjust existing tls_config_set_cipher() callers for TLS cipher groupjsing2016-07-131-2/+2
| | | | | | | changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release. Discussed with beck@
* Document that the syslogd options -c and -k must be used together.bluhm2016-07-121-1/+3
| | | | OK jmc@
* Add support for TLS client certificates in syslogd. This allows abluhm2016-07-122-7/+54
| | | | | | remote server to verify that the log messages from our syslogd are authentic. From Kapetanakis Giannis; man page input jmc@; OK jung@ deraadt@
* Allow space-deliminated fields in syslog.conf in addition tomillert2016-07-062-11/+15
| | | | | traditional tabs-deliminated fields. This is consistent with what FreeBSD, NetBSD and Linux do. Adapted from FreeBSD.
* Avoid printing f->f_lasttime and/or f->f_prevhost if they are empty.millert2016-07-011-8/+24
| | | | | | This fixes a long-standing issue where syslogd would print 15 NUL bytes followed by two blank spaces before the log message for warnings generated while parsing syslog.conf. OK bluhm@
* Include errno string in log message when we fail to open a file.millert2016-07-011-5/+5
| | | | | The privileged process sends the errno value back when it cannot open a file. OK gilles@
* whitespace nitjca2016-06-281-2/+2
|
* Eliminate superfluous 3rd params in fcntl(F_GETFL) calls.krw2016-04-023-9/+10
| | | | | | | | | | | | ttymsg.c doesn't need to include fcntl.h. Tweak standard fd sanitising to be more like the sanitise_stdfd() used elsewhere, though other uses of 'nullfd' make importing sanitise_stdfd() itself unappetizing. Add a die(0) if dup2() fails. suggestions & ok bluhm@
* Don't use .Aq for syntax elements that require ASCII "<>".schwarze2016-03-311-3/+3
| | | | | Patch from Christian Heckendorf <mbie at ulmus dot me>. OK jmc@ bentley@
* Prevent an integer overflow in syslogd when parsing the priority.bluhm2016-02-171-15/+34
| | | | From Michael Savage; input and OK mmcc@
* When running syslogd in debug mode, use a callback to print thebluhm2015-12-291-1/+10
| | | | | | libevent messages. Before the code was removed from libevent, the library itself printed that to stderr. OK nicm@
* Adding mark messages to log files was broken since OpenBSD 5.7.bluhm2015-12-161-1/+8
| | | | | | The mark timeout event is not persistent, add the timer intervall everytime it fires. Bug report, analysis and fix from Einfach Jemand rru.142 at gmail.com
* If loading the CA certificates at startup had failed, the syslogdbluhm2015-10-241-2/+7
| | | | | | | | child tried to load the default CA file when it was connecting to a TLS server. The latter has never worked as the child is chrooted to /var/empty. Set the CA storage to an empty string to avoid this behavior. As a benefit pledge "rpath" can be removed. OK benno@
* If writing to a tty blocks, syslogd forked and tried to write againbluhm2015-10-233-35/+78
| | | | | | | | in a background process. A potential fork(2) at every message is bad, so replace this with an event. As a bonus the syslogd child process does not need to pledge "proc" anymore. Also limit the number of delayed write events. OK deraadt@
* Do some cleanup in syslogd ttymsg(). Add a debug message when thebluhm2015-10-213-37/+39
| | | | | syslogd child calls fork(2) to delay blocked output. OK benno@
* After pledge "dns" has been refactored and setsockopt(SO_RCVBUF)bluhm2015-10-201-2/+2
| | | | | | has been added to it, the syslogd privsep parent does not need pledge "inet" anymore. discussed with deraadt@
* Add "id" pledge to syslogd privsep process. Needed for logging to pipe.bluhm2015-10-181-2/+2
| | | | OK deraadt@
* Pledge the syslogd privsep process with "stdio rpath wpath cpathbluhm2015-10-161-1/+5
| | | | | inet dns getpw sendfd proc exec". OK deraadt@
* In syslogd replace the dprintf() macro with a logdebug() functionbluhm2015-10-153-85/+97
| | | | | as dprintf(3) is in libc now and does something different. OK guenther@
* Pass unsigned char to isdigit(3).bluhm2015-10-111-3/+3
| | | | From Michael McConville; OK guenther@
* Userspace doesn't need to use SUN_LEN(): connect() and bind() must acceptguenther2015-10-111-5/+2
| | | | | | | sizeof(struct sockaddr_un), so do the simple, portable thing. Also convert some strncpy() to strlcpy() ok deraadt@
* normalize a few more tame request orderings, to help reviewderaadt2015-10-101-2/+2
|
* If syslogd is started with -S, it accepts TLS connections to receivebluhm2015-10-096-50/+224
| | | | | | encrypted messages. The server certificates are taken from /etc/ssl like relayd does. OK benno@ beck@ deraadt@
* A fork(2) is used in ttymsg() to delay the message to a tty if itbluhm2015-10-091-2/+2
| | | | | blocks. Fix the potential syslogd's death, add "proc" to pledge. OK deraadt@
* catch up to tame() -> pledge() renamederaadt2015-10-091-3/+3
|
* Tame syslogd privsep child with "stdio rpath unix inet recvfd".bluhm2015-10-091-1/+4
| | | | With and OK deraadt@
* Delete the final, inscrutable NOSTRICT and VARARGS lint commentsguenther2015-09-291-3/+2
| | | | ok millert@
* Misuse of libevent in TLS read and write might have caused strangebluhm2015-09-201-56/+39
| | | | | | | | | | | | | | | event loss in syslogd. The ev_read and ev_write event structures were used for both EV_READ and EV_WRITE events intermixedly. The correct way is to use each event for its read and write purpose and instead switch the handler. Then libevent is no longer confused. When doing TLS read and a TLS_WANT_POLLOUT occures, call event_set() for the write event to change the callback to read. As there might be an event scheduled on the event, call event_del() before event_set(). After a successful TLS read, change back the write event. Add analog code for TLS write and handshake. OK beck@
* It is not necessary to reset errno to 0 since we use logerrorx().bluhm2015-09-121-5/+1
| | | | Spotted by jung@
* Instead of printing errno strings here and there, add a logerrorx()bluhm2015-09-111-52/+66
| | | | | | | | to syslogd that does not do that. Use it for anything that does not look like a system call or library call around it. Also add logerrorctx() that prints the TLS error instead. Reduce the maximum CAfile limit to 50MB, requested by Bob. OK beck@
* Syslog does not need the global list of TCP clients, libevent handlesbluhm2015-09-111-8/+1
| | | | | everything. OK benno@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.