Bracket calls to syslog with an openlog() and closelog() since some
authentication methods (like PAM) may do their own logging via syslog. Since we don't use syslog much (usually just once per session) this doesn't really incur a performance penalty. It also Fixes a SEGV with pam_kafs.
This commit is contained in:
Todd C. Miller
10
defaults.c
10
defaults.c
@@ -669,19 +669,13 @@ store_syslogfac(val, def, op)
|
||||
return(FALSE); /* not found */
|
||||
|
||||
/* Store both name and number. */
|
||||
if (def->sd_un.str) {
|
||||
if (def->sd_un.str)
|
||||
free(def->sd_un.str);
|
||||
closelog();
|
||||
}
|
||||
openlog(Argv[0], 0, fac->num);
|
||||
def->sd_un.str = estrdup(fac->name);
|
||||
sudo_defs_table[I_LOGFAC].sd_un.ival = fac->num;
|
||||
#else
|
||||
if (def->sd_un.str) {
|
||||
if (def->sd_un.str)
|
||||
free(def->sd_un.str);
|
||||
closelog();
|
||||
}
|
||||
openlog(Argv[0], 0);
|
||||
def->sd_un.str = estrdup("default");
|
||||
#endif /* LOG_NFACILITIES */
|
||||
return(TRUE);
|
||||
|
||||
57
logging.c
57
logging.c
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1994-1996,1998-1999 Todd C. Miller <Todd.Miller@courtesan.com>
|
||||
* Copyright (c) 1994-1996,1998-2000 Todd C. Miller <Todd.Miller@courtesan.com>
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
@@ -67,33 +67,56 @@ static void do_logfile __P((char *));
|
||||
static void send_mail __P((char *));
|
||||
static void mail_auth __P((int, char *));
|
||||
static char *get_timestr __P((void));
|
||||
static void mysyslog __P((int, const char *, ...));
|
||||
|
||||
#ifdef BROKEN_SYSLOG
|
||||
# define MAXSYSLOGTRIES 16 /* num of retries for broken syslogs */
|
||||
# define SYSLOG syslog_wrapper
|
||||
|
||||
static void syslog_wrapper __P((int, char *, char *, char *));
|
||||
#define MAXSYSLOGTRIES 16 /* num of retries for broken syslogs */
|
||||
|
||||
/*
|
||||
* Some versions of syslog(3) don't guarantee success and return
|
||||
* an int (notably HP-UX < 10.0). So, if at first we don't succeed,
|
||||
* try, try again...
|
||||
* We do an openlog(3)/closelog(3) for each message because some
|
||||
* authentication methods (notably PAM) use syslog(3) for their
|
||||
* own nefarious purposes and may call openlog(3) and closelog(3).
|
||||
* Sadly this is a maze of #ifdefs.
|
||||
*/
|
||||
static void
|
||||
syslog_wrapper(pri, fmt, ap)
|
||||
#ifdef __STDC__
|
||||
mysyslog(int pri, const char *fmt, ...)
|
||||
#else
|
||||
mysyslog(pri, fmt, ap)
|
||||
int pri;
|
||||
const char *fmt;
|
||||
va_list ap;
|
||||
va_dcl
|
||||
#endif
|
||||
{
|
||||
#ifdef BROKEN_SYSLOG
|
||||
int i;
|
||||
#endif
|
||||
va_list ap;
|
||||
|
||||
#ifdef __STDC__
|
||||
va_start(ap, fmt);
|
||||
#else
|
||||
va_start(ap);
|
||||
#endif
|
||||
#ifdef LOG_NFACILITIES
|
||||
openlog(Argv[0], 0, def_ival(I_LOGFAC));
|
||||
#else
|
||||
openlog(Argv[0], 0);
|
||||
#endif
|
||||
#ifdef BROKEN_SYSLOG
|
||||
/*
|
||||
* Some versions of syslog(3) don't guarantee success and return
|
||||
* an int (notably HP-UX < 10.0). So, if at first we don't succeed,
|
||||
* try, try again...
|
||||
*/
|
||||
for (i = 0; i < MAXSYSLOGTRIES; i++)
|
||||
if (vsyslog(pri, fmt, ap) == 0)
|
||||
break;
|
||||
}
|
||||
#else
|
||||
# define SYSLOG syslog
|
||||
vsyslog(pri, fmt, ap);
|
||||
#endif /* BROKEN_SYSLOG */
|
||||
va_end(ap);
|
||||
closelog();
|
||||
}
|
||||
|
||||
/*
|
||||
* Log a message to syslog, pre-pending the username and splitting the
|
||||
@@ -128,9 +151,9 @@ do_syslog(pri, msg)
|
||||
*tmp = '\0';
|
||||
|
||||
if (count == 0)
|
||||
SYSLOG(pri, "%8.8s : %s", user_name, p);
|
||||
mysyslog(pri, "%8.8s : %s", user_name, p);
|
||||
else
|
||||
SYSLOG(pri, "%8.8s : (command continued) %s", user_name, p);
|
||||
mysyslog(pri, "%8.8s : (command continued) %s", user_name, p);
|
||||
|
||||
*tmp = save; /* restore saved character */
|
||||
|
||||
@@ -139,9 +162,9 @@ do_syslog(pri, msg)
|
||||
;
|
||||
} else {
|
||||
if (count == 0)
|
||||
SYSLOG(pri, "%8.8s : %s", user_name, p);
|
||||
mysyslog(pri, "%8.8s : %s", user_name, p);
|
||||
else
|
||||
SYSLOG(pri, "%8.8s : (command continued) %s", user_name, p);
|
||||
mysyslog(pri, "%8.8s : (command continued) %s", user_name, p);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
5
sudo.c
5
sudo.c
@@ -345,14 +345,11 @@ main(argc, argv)
|
||||
/* This *must* have been set if we got a match but... */
|
||||
if (safe_cmnd == NULL) {
|
||||
log_error(MSG_ONLY,
|
||||
"internal error, cmnd_safe never got set for %s; %s",
|
||||
"internal error, safe_cmnd never got set for %s; %s",
|
||||
user_cmnd,
|
||||
"please report this error at http://courtesan.com/sudo/bugs/");
|
||||
}
|
||||
|
||||
if (def_ival(I_LOGFACSTR))
|
||||
closelog();
|
||||
|
||||
/* Reset signal mask before we exec. */
|
||||
#ifdef POSIX_SIGNALS
|
||||
(void) sigprocmask(SIG_SETMASK, &oset, NULL);
|
||||
|
||||
Reference in New Issue
Block a user