summaryrefslogtreecommitdiffstats
path: root/usr.sbin/syslogd (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Start to replace the home grown syslogd(8) internal debug and loggingbluhm2017-03-165-8/+285
| | | | | | | | | | functions with a more common log.c implementation. Of course openlog(3) cannot be used, so adapt the log.[ch] initially copied from ospfd(8) to syslogd's special needs. As the messages are limited to ERRBUFSIZE anyway, malloc(3) in the error logging code can be avoided. Changing all log calls to the new API will be done in a separate step. OK millert@
* Convert the global variable fd_tls to a local one. Use separatebluhm2017-03-161-5/+19
| | | | | | callbacks for TCP and TLS accept(2) instead of looking at the value of the listen file descriptor. OK millert@
* There was a file descripotor leak in the syslogd(8) ttymsg() errorbluhm2017-03-161-4/+5
| | | | | | path. Before returning early with an error, close the newly opened file descriptor. OK deraadt@
* KNF spacing is more important than long linesderaadt2017-03-141-4/+4
|
* Internally libssl uses 16k buffer, the libevent TLS wrapper usesbluhm2017-03-031-2/+2
| | | | | | 4k read buffer. This can hang ldapd(8). Setting both to 16k improves the situation. report Seiya Kawashima; feedback Robert Klein; test and OK gsoares@
* Syslogd accepted network input only for either IPv4 or IPv6. Tobluhm2017-01-022-44/+75
| | | | | | overcome this limitation, allow to specify more than one listen address for UDP and TCP. input jmc@; OK deraadt@ millert@
* When syslogd received a SIGHUP during startup, it died instead ofbluhm2016-12-302-2/+22
| | | | | | | reloading its config. This could happen when multiple signals were sent during a short interval. So block SIGHUP until signal handlers are installed. OK deraadt@ jca@
* If syslogd was started with a relative path, the program could notbluhm2016-12-272-8/+14
| | | | | | | | re-exec itself. This exec is done during startup of the privsep parent or when syslogd restarts after a SIGHUP. Convert a relative path in argv[0] to an absolute one with realpath(3) before chdir(2). Do all the path handling in priv_init(). suggested by millert@; OK jca@
* When the kernel message buffer overflows, a message is printed bybluhm2016-12-231-2/+3
| | | | | | | | | syslogd(8) and the buffer is overwritten. But after a complete message buffer was read, we got a split line. This happened as syslogd did a partial read which ended within a line. To avoid the latter, syslogd has to reserve space for the kernel message buffer plus 64 chars for the buffer full message. OK millert@
* Wrap lines earlier on tls_config_set_protocols(3)mestre2016-11-301-5/+5
| | | | Feedback and OK jsing@
* Check return value of tls_config_set_protocols(3) and log if it failsmestre2016-11-211-3/+9
| | | | OK bluhm@
* Remove the artificial maximum number of unix domain sockets inbluhm2016-10-173-12/+18
| | | | | | syslogd(8). Just malloc(3) them dynamically which also gives a more random address space layout. OK deraadt@
* Fix trailing whitespace and shorten long lines.bluhm2016-10-163-12/+15
| | | | No binary change.
* Use closefrom(4) in privsep parent and avoid some global filebluhm2016-10-163-31/+10
| | | | | descriptor variables in syslogd(8) this way. OK rzalamena@
* Do an exec on itself in the privileged syslogd(8) parent processbluhm2016-10-063-93/+119
| | | | | to reshuffle its memory layout. Input rzalamena@; OK deraadt@
* Syslog RFC 5424 says you should add 1 to 6 digits with fractionsbluhm2016-10-061-16/+25
| | | | | | of a second to each syslog timestamp. As we do not measure the time in syslog(3), use only 3 digits with millisecond precision. OK dlg@
* When doing global remote logging and archiving, it is inconvenientbluhm2016-10-042-24/+97
| | | | | | | | | that the syslog timestamp does not contain the year and the timezone, but has local time with daylight saving time. Now with -Z syslogd(8) switches to RFC 5424 ISO format for timestamps. Then all logging is also done in UTC. Default is to keep local time and BSD syslog RFC 3164 format. BIG BIG BIG OK for the feature ajacoutot@; OK deraadt@
* sort FILES;jmc2016-09-241-6/+6
|
* improve DESCRIPTION;jmc2016-09-241-5/+7
| | | | from bluhm and myself
* Revert a wording change. Requested by jmc@bluhm2016-09-231-2/+2
|
* Add some more improvements from jmc@ to syslogd(8).bluhm2016-09-231-5/+6
|
* Document certificate handling in syslogd(8) man page.bluhm2016-09-232-30/+49
| | | | Written together with jmc@
* With the new large socket buffer sizes, syslogd could use more mbufsbluhm2016-09-231-3/+18
| | | | | | | | for TCP or TLS connections than before. It makes no sense to buffer messages in kernel, the dynamic limit there makes testing the dropped message statistics unreliable. Syslog has no high performance requirements, so limit all TCP socket buffers to 64 KB. OK henning@ deraadt@
* Improve syslogd(8) man page.bluhm2016-09-231-37/+31
| | | | Written together with jmc@
* tweak previous;jmc2016-09-211-10/+9
|
* Add an option to give syslogd a server CA that is used to validatebluhm2016-09-212-10/+38
| | | | | | client certificates. This prevent that malicious clients can send fake messages. OK deraadt@
* Add more information to syslogd tls config error messages.bluhm2016-08-291-9/+23
| | | | OK millert@
* By using the new tls_config_load_file() feature, syslogd(8) certificatebluhm2016-08-171-111/+38
| | | | | and key loading can be simplified. OK jsing@
* stop including sys/param.h for nitems. define locally as needed.tedu2016-08-161-2/+5
| | | | ok natano reyk
* Adjust existing tls_config_set_cipher() callers for TLS cipher groupjsing2016-07-131-2/+2
| | | | | | | changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release. Discussed with beck@
* Document that the syslogd options -c and -k must be used together.bluhm2016-07-121-1/+3
| | | | OK jmc@
* Add support for TLS client certificates in syslogd. This allows abluhm2016-07-122-7/+54
| | | | | | remote server to verify that the log messages from our syslogd are authentic. From Kapetanakis Giannis; man page input jmc@; OK jung@ deraadt@
* Allow space-deliminated fields in syslog.conf in addition tomillert2016-07-062-11/+15
| | | | | traditional tabs-deliminated fields. This is consistent with what FreeBSD, NetBSD and Linux do. Adapted from FreeBSD.
* Avoid printing f->f_lasttime and/or f->f_prevhost if they are empty.millert2016-07-011-8/+24
| | | | | | This fixes a long-standing issue where syslogd would print 15 NUL bytes followed by two blank spaces before the log message for warnings generated while parsing syslog.conf. OK bluhm@
* Include errno string in log message when we fail to open a file.millert2016-07-011-5/+5
| | | | | The privileged process sends the errno value back when it cannot open a file. OK gilles@
* whitespace nitjca2016-06-281-2/+2
|
* Eliminate superfluous 3rd params in fcntl(F_GETFL) calls.krw2016-04-023-9/+10
| | | | | | | | | | | | ttymsg.c doesn't need to include fcntl.h. Tweak standard fd sanitising to be more like the sanitise_stdfd() used elsewhere, though other uses of 'nullfd' make importing sanitise_stdfd() itself unappetizing. Add a die(0) if dup2() fails. suggestions & ok bluhm@
* Don't use .Aq for syntax elements that require ASCII "<>".schwarze2016-03-311-3/+3
| | | | | Patch from Christian Heckendorf <mbie at ulmus dot me>. OK jmc@ bentley@
* Prevent an integer overflow in syslogd when parsing the priority.bluhm2016-02-171-15/+34
| | | | From Michael Savage; input and OK mmcc@
* When running syslogd in debug mode, use a callback to print thebluhm2015-12-291-1/+10
| | | | | | libevent messages. Before the code was removed from libevent, the library itself printed that to stderr. OK nicm@
* Adding mark messages to log files was broken since OpenBSD 5.7.bluhm2015-12-161-1/+8
| | | | | | The mark timeout event is not persistent, add the timer intervall everytime it fires. Bug report, analysis and fix from Einfach Jemand rru.142 at gmail.com
* If loading the CA certificates at startup had failed, the syslogdbluhm2015-10-241-2/+7
| | | | | | | | child tried to load the default CA file when it was connecting to a TLS server. The latter has never worked as the child is chrooted to /var/empty. Set the CA storage to an empty string to avoid this behavior. As a benefit pledge "rpath" can be removed. OK benno@
* If writing to a tty blocks, syslogd forked and tried to write againbluhm2015-10-233-35/+78
| | | | | | | | in a background process. A potential fork(2) at every message is bad, so replace this with an event. As a bonus the syslogd child process does not need to pledge "proc" anymore. Also limit the number of delayed write events. OK deraadt@
* Do some cleanup in syslogd ttymsg(). Add a debug message when thebluhm2015-10-213-37/+39
| | | | | syslogd child calls fork(2) to delay blocked output. OK benno@
* After pledge "dns" has been refactored and setsockopt(SO_RCVBUF)bluhm2015-10-201-2/+2
| | | | | | has been added to it, the syslogd privsep parent does not need pledge "inet" anymore. discussed with deraadt@
* Add "id" pledge to syslogd privsep process. Needed for logging to pipe.bluhm2015-10-181-2/+2
| | | | OK deraadt@
* Pledge the syslogd privsep process with "stdio rpath wpath cpathbluhm2015-10-161-1/+5
| | | | | inet dns getpw sendfd proc exec". OK deraadt@
* In syslogd replace the dprintf() macro with a logdebug() functionbluhm2015-10-153-85/+97
| | | | | as dprintf(3) is in libc now and does something different. OK guenther@
* Pass unsigned char to isdigit(3).bluhm2015-10-111-3/+3
| | | | From Michael McConville; OK guenther@
* Userspace doesn't need to use SUN_LEN(): connect() and bind() must acceptguenther2015-10-111-5/+2
| | | | | | | sizeof(struct sockaddr_un), so do the simple, portable thing. Also convert some strncpy() to strlcpy() ok deraadt@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.