- Copy stable/10@296371 to releng/10.3 in preparation for 10.3-RC1
builds.
- Update newvers.sh to reflect RC1.
- Update __FreeBSD_version to reflect 10.3.
- Update default pkg(8) configuration to use the quarterly branch.

Approved by: re (implicit)

MFC r279567, r279568: Add and document an option to cause syslogd to run
in the foreground.

This allows a separate process to monitor when and how syslogd exits. That
process can then restart syslogd if needed.

Approved by: jhb
Sponsored by: Panasas, Inc.

MFC r286304:

Set f_file to -1/F_UNUSED when after closing when possible

This will help ensure we don't trash file descriptors that get used later on
in the daemon

Found via internal Coverity scan

Discussed with: cem, ed, markj
Differential Revision: https://reviews.freebsd.org/D3081
Submitted by: Miles Ohlrich <miles.ohlrich@isilon.com>
Sponsored by: EMC / Isilon Storage Division

MFC r279016:

Make syslogd work in case shutdown() is POSIX-ly correct.

On POSIX conformant systems, shutdown() should return ENOTCONN when not
connected. We attempted to fix this once (kern/84761), but this change
got backed out because it 'breaks code' (r150155).

I just reapplied the patch and indeed, syslogd fails on startup. Make it
easier to re-enable this change in the future by paching up syslogd to
do the right thing.

Sponsored by: Nuxi

MFC r278297:

Fix two clang 3.6.0 warnings in usr.sbin/syslogd:

usr.sbin/syslogd/syslogd.c:1023:10: error: address of array 'f->f_prevline' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion]
f->f_prevline && !strcmp(msg, f->f_prevline) &&
~~~^~~~~~~~~~
usr.sbin/syslogd/syslogd.c:1178:16: error: address of array 'f->f_prevline' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion]
} else if (f->f_prevline) {
~~ ~~~^~~~~~~~~~

In both cases, the f_prevline field of struct filed is a char array, so
it can never be null. Remove the checks.

Reviewed by: jilles
Differential Revision: https://reviews.freebsd.org/D1716

MFC r275729:
Increase the buffer size to keep the list of programm names when
parsing programm specification. It is safe to not check out of bounds
access, because !isprint(p[i]) check will stop reading, when '\0'
character will be read from the input string.

Sponsored by: Yandex LLC

MFC r258076, r258077:

This fixes 3 problems in syslogd related to sizing receive buffers...

- A call was misplaced at the wrong level of nested if blocks, so that
the buffers for unix domain sockets (/dev/log, /dev/klog) were never
increased at all; they remained at a way-too-small default size of 4096.

- The function that was supposed to double the size of the buffer
sometimes did nothing, and sometimes installed a wildly-wrong buffer
size (either too large or too small) due to an unitialized 'slen'
variable passed to getsockopt(). Most often it doubled the UDP buffers
from 40k to 80k because accidentally there would be harmless stack
garbage in the unitialized variables.

- The whole concept of blindly doubling a socket's buffer size without
knowing what size it started at is a design flaw that has to be called a
bug. If the double_rbuf() function had worked at all (I.E., if the
other two bugs didn't exist) this would lead to UDP sockets having an
80k buffer while unix dgram sockets get an 8k buffer. There's nothing
about the problem being solved that requires larger buffers for UDP than
for unix dgram sockets -- the buffering requirements are the same
regardless of socket type.

This change renames the double_rbuf() function to increase_rbuf() and
increases the buffer size on all types of sockets to 80k. 80k was
chosen only because it appears to be the size the original change was
shooting for, and it certainly seems to be reasonably large (I might
have picked 64k in the absence of any historical guidance).

Add ENETUNREACH and EADDRNOTAVAIL to the list of errors that are potentially
transient and shouldn't result in closing the socket and giving up forever.

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

syslogd: Use closefrom() instead of getdtablesize()/close() loop.

When syslogd forks a process for '|' destinations, it closes all file
descriptors greater than 2.

Use closefrom() for this instead of a getdtablesize()/close() loop because
it is both faster and avoids leaving file descriptors open because the limit
was lowered after they were opened.

MFC after: 1 week

- Make sure that errno isn't modified before calling logerror() in error
conditions.
- Don't check for AF_INET6 when compiled without INET6 support.

PR: bin/173930
Submitted by: Garrett Cooper <yanegomi@gmail.com>
Approved by: rstone (co-mentor)
MFC after: 1 week

Add missing const keywords.

Add support for ipv6 addresses as destination

PR: bin/150530
Submitted by: andy white <andywhite@gmail.com>
Tested by: Olivier Cochard-Labbe <olivier@cochard.me>
MFC after: 1 month

Add a new option, -N to disable the default and recommended syslogd(8)
behavior, which binds to the well known UDP port.

This option implies -s.

MFC after: 2 months

Here v->iov_len has been assigned the return value from snprintf.
Checking if it is > 0 doesn't make sense, because snprintf returns
how much space is needed if the buffer is too small. Instead, check
if the return value was greater than the buffer size, and truncate
the message if it was too long.

It isn't clear if snprintf can return a negative value in the case
of an error - I don't believe it can. If it can, then testing
v->iov_len won't help 'cos it is a size_t, not an ssize_t.

Also, as clang points out, we must always increment v here, because
later code depends on the message being in iov[5].

syslogd(8) already supports *sending* log messages to non-
standard ports, but it can't *receive* them (port 514 is
hardcoded). This commit adds that missing feature.

(NB: I actually needed this feature for a server farm where
multiple jails run with shared IP addresses, and every jail
should have its own syslogd process.)

As a side effect, syslogd now compiles with WARNS=6.

Approved by: des (mentor)
MFC after: 3 weeks

Port all applications in usr.sbin/ from libulog to utmpx.

Let syslogd use utmpx.

Because strings are guaranteed to be null terminated, there is no need
for excessive copying of strings, such as the line name.

Avoid sshd, cron, syslogd and inetd to be killed under high-pressure swap
environments.
Please note that this can't be done while such processes run in jails.

Note: in future it would be interesting to find a way to do that
selectively for any desired proccess (choosen by user himself), probabilly
via a ptrace interface or whatever.

Obtained from: Sandvine Incorporated
Reviewed by: emaste, arch@
Sponsored by: Sandvine Incorporated
MFC: 1 month

Constify 'name' field in struct funix. This commit makes syslogd(8)
WARNS?=6 on amd64 but I have not tested under universe so keep WARNS?=
level as-is for now.

Fixing !INET6 builds after bumping WARNS to 3.

Use passed parameter rather than the #define.
(more accurate extraction of Juniper Networks change)

Rather than hardcode the 'struct iovec iov' array size, use a #define.
While I'm here bump WARNS to 3.

Obtained from: Juniper Networks

Add a flag, -T, that tells syslogd to always replace the timestamp on
messages from the network. We already replace malformatted timestamps
and this option lets us replace timestamps that are correctly formatted
but wrong.

PR: 120891
Submitted by: Thomas Vogt <thomas@bsdunix.ch>
MFC after: 1 week

Remove extraneous NULL pointer check - the pointer is guaranteed to be non-NULL.

Allow comment to be placed at the end of a configuration line.

MFC after: 2 weeks

Add a -8 switch to syslogd to prevent it from mangling 8-bit data.

Two no-op fixes to improve corretness of syslogd code:

1) Use [AP]F_LOCAL rather than [AP]F_UNIX.
2) When copying a pipe's name, use f->f_un.f_pipe.f_pname, not f->f_un.f_fname.

PR: 20889
Submitted by: Damieon Stark
PR: 116642
Submitted by: Jim Pirzyk
Reviewed by: md5

+ Open ctty in non-blocking mode to avoid hangs during open and close(waiting
for the port to drain).
+ Handle "*" as a priority properly.
+ Test what is free'ed.
+ Dynamically determine length vs. hardcoding it.
+ Free the previous message buffer (f_prevline) only after logging all the
messages and just before the process exit. Also check f_prevline for NULL
before using it.
+ The time displayed is not synchornized with the other log destinations.
+ Fix a comment.

Obtained from: Juniper Networks

style(9)

Sync usage() with manpage's SYNOPSIS.

Add the ability to log to an arbitrary udp port as well as the
standard syslog port. This allows syslog to easily export lines of interest to
an external logging system.

Currently, if writing out a log entry fails, we unlink that log entry from our
internal list of logfiles. So if writev(2) fails for potentially transient
errors like ENOSPC, syslogd requires a restart, even if the filesystem has
purged.

This change allows syslogd to ignore ENOSPC space errors, so that when the
filesystem is cleaned up, syslogd will automatically start logging again
without requiring the reset. This makes syslogd(8) a bit more reliable.

MFC after: 1 week

By default (for security reasons) syslogd(8) doesn't create log files
when they don't exist, but sometimes its quite useful (eg. we use
non-standard log files and memory backed /var/, which is populated on
boot).

Add -C option which tells syslogd(8) to create log files if they don't
exist.

Glanced at by: phk
MFC after: 3 days

style(9) nitlet:

foo() {
}

to

foo()
{
}

setsockopt() will return -1 on error, not 0.

Pointy hat to: Jeremie Le Hen

Use SO_REUSEADDR on the socket, to make the use of syslogd in jails easier.

Submitted by: Jeremie Le Hen <jeremie le-hen org>

Use pidfile(3) in syslogd(8).

Add cases for ENOBUFS and ENETDOWN. We need to make sure that we
catch all transient errors. This fixes situations where transient
error conditions such as network interfaces losing carrier signals
or the system running out of mbufs would result in the permanent
removal of forwarding syslog messages.

MFC after: 1 week

NI_WITHSCOPEID cleanup. Neither RFC 2553 nor RFC 3493 defines
NI_WITHSCOPEID, and our getaddrinfo(3) does nothing special
for it, now.

Add -S option which allows to change the pathname of the privileged
socket /var/run/logpriv.

Reviewed by: glebius and kensmith
MFC after: 2 days

Check that supplied facility is not bigger than LOG_NFACILITIES.

PR: bin/79260
Submitted by: Shuichi KITAGUCHI

Allow ':' and '%' in hostname specifications so that we can specify IPv6
addresses and scope IDs.

MFC after: 3 weeks

Some syslog messages delimit the program tag with whitespace rather
than a colon, so don't allow whitespace in program names. To be
consistent with hostnames, don't allow whitespace in the program
name specifiers in syslog.conf either.

(The first change is by Markus from the PR, the second is mine.)

PR: 68691
Submitted by: Markus Oestreicher <m.oe@x-trader.de>
MFC after: 3 weeks

Fix a minor comment typo: priveleged = privileged.

Really revert the whitespace change to usage().

Change TABs back to spaces in usage string constants.

Requested by: ru

Whitespace.

Approved by: cvs diff -b

Double receive buffer size on sockets.

PR: bin/72366
Ok'd by: dwmalone
Approved by: julian (mentor)
Obtained from: OpenBSD
MFC after: 1 month

Protect against local flooder of /var/run/log. Do not loop forever in
syslog(3) if we are a priveleged program (sshd, su, etc.).

- Make syslogd open an additional socket /var/run/logpriv, with 0600
permissions.
- In libc, try to use this socket.
- Do not loop forever if we are using this socket (partial backout of 1.31)

Reviewed by: dwmalone, Andrea Campi <andrea webcom it>
Approved by: julian (mentor)
MFC after: 1 month

- Use stailqueue for sockets instead of socket buffer. Thus
remove limit for 20 sockets.
- Add possibility to specify file mode for sockets created with '-l'.
- Check that socket name in '-l' is absolute.

Reviewed by: dwmalone, Andrea Campi <andrea webcom it>
Approved by: julian (mentor)

Per letter dated July 22, 1999 remove 3rd clause of Berkeley derived software
(with permission of addtional copyright holders where appropriate)

Fix dofsync() declaration.

Pointed out by: dwmalone

Where syslogd would have fsync()ed a file in the past, instead set a flag
FFLAG_NEEDSYNC and fsync the file when select() next returns zero. This
dramatically speeds up the process of logging large amounts of data, while
leaving the essential semantics (that data can be expected to be on disk
if we crash) unchanged.

In my tests, this speeds up the rc phase of booting by 18-20%. [1]

YES PLEASE! by: phk [1]

Also terminate program names if we hit a '/' - this is to be slightly
more friendly to postfix log messages.

PR: 50912
Submitted by: Stanislav Lapshansky <slapsh@slapsh.pp.ru>

A log file name may now be prefixed by a '-' if it should not be
explicitly fsynced after kernel messages are logged. This option
should be syntax compatible with a similar option in Linux syslogd.

I've made some small changes to Pekka's patch, hoepfully I haven't
goofed anything.

PR: 66790
Submitted by: Pekka Savola <pekkas@netcore.fi>
Obtained from: Martin Schulze's syslogd
MFC after: 1 month

Try to be more careful about using using the file descriptor f_file.
Syslogd should ensure that f_file is a valid file descriptor when
f_type is FILE, CONSOLE, TTY and for a PIPE where f_pid > 0. If the
descriptor is closed/invalid then the type should be set to UNUSED
or the pid should be set to 0.

To this end:
1) Don't close(f->f_file) if we can't send a message to a remote
host because the file descriptor used for remote logging is
stored in finet, not in f->f_file. f->f_file is probably
uninitialised, so I guess we usually end up closing fd 0.
2) Don't close PIPE file descriptors if they are invalid.
3) If the call to p_open fails, don't set the pid.

The OpenBSD patches in this area set f_file to -1 after the fd is
closed and then avoids calling close if f_file < 0. I haven't done
this, but it might be a good idea too.

Inspired by: PR 67139/OpenBSD

Some string fixes.
1) Use strncpy on strings out of utmp.
2) Avoid running off the start of one string while removing white space.
(I've used slightly different code to OpenBSD here.)
3) Ignore trailing spaces in the priority.

PR: 67139
Submitted by: Xin LI <delphij@FreeBSD.org.cn>
Obtained from: OpenBSD

Exit with a warning if the path to one of the logging sockets is
too long, rather than silently truncating them.

PR: 67139
Inspired by: OpenBSD

Fix some bugs that don't manifest themselves in practice.

1) Don't check for getopt returning '?', we have a default case.
2) Check if the priority is LOG_KERN correctly - in practice
LOG_KERN is 0, so it makes no difference. OpenBSD fixed a
different nearby bug that we don't have 'cos our definition
of LOG_MAKEPRI is different to OpenBSD's.

Copy a comment from OpenBSD, observing that LOG_KERN is 0.

Inspired by PR: 67139

Update a couple of comments.

PR: 67139
Submitted by: Xin LI <[3]delphij@FreeBSD.org.cn>
Obtained from: OpenBSD

Silence some constness and printf type warnings. Most of the
const fixes are ugly 'cos the types in an iovec aren't quite
right for a writev.

Use strtol to parse the <%d> tags in printline() and printsys().
Sort local variables declarations in these functions.

Submitted by: bde

Be much more strict about parsing tagged log messages from /dev/klog;
if the line doesn't match ^<%d>, then treat it as a regular kernel
printf line. Previously if a kernel printf message started with "<"
it would be interpreted as a log message, often with LOG_EMERG
level. This was triggered by some printfs in sys/dev/aic7xxx/, and
can also happen with the partial lines that result if syslogd cannot
keep up with the rate of arrival of kernel messages.

Reviewed by: dwmalone
MFC after: 1 week

logerror is used in syslogd to log errors from syslogd itself. It
is possible for an error to occur while trying to log an error, and
this can result in infinite recursion (or at least until we run out
of stack).

Rather than this, we ignore requests to log an error while logging an
error.

PR: 51253
MFC after: 2 weeks

Remove an argument to printf that is unused.

Avoid a corrupt timestamp on the console

PR: 51587
Submitted by: Dmitry Sivachenko <mitya@cavia.pp.ru>
Approved by: re (rwatson)
MFC after: 3 days

Avoid code duplication by using libutil's trimdomain() instead of
an incorrect re-implementation.

PR: 52223, 52342
Submitted by: Dan Nelson <dnelson@allantgroup.com>
Approved by: re (bmah/rwatson)
MFC after: 2 days

Cleanup hostname matching in syslogd:

1. Hostnames were not treated case insensitively in all cases.

2. The method for stripping hostnames when reading the syslog.conf
differed from that when finding the hostname of an incoming request.
This lead to a broken match check. In my case, it meant I had to
have '@scooter.smi.example.com.example.com' to have 'logger.example.com'
properly save messages from 'scooter.smi.sendmail.com'.

3. Add paranoia to cfline() such that it doesn't try to access memory
outside of the bounds of the f_host string.

4. While I am here, get rid of an outdated comment, argv[{0,1,2}] are now
checked for NULL after the strdup() calls.

Reviewed by: dwmalone
MFC after: 1 week

Hostname specifications must allow commas in the value. They are
used to separate multiple host names.

Noted by: Dan Nelson <dnelson@allantgroup.com>
Reviewed by: roberto

Allow multiple hosts or programs to be named in program
or host specifications, eg:

!foo,bar
*.* /var/log/only_foo_or_bar.log

!-foo,bar
*.* /var/log/all_except_foo_or_bar.log

Reviewed by: roberto
Not objected to by: arch@

Factor out the code that determines whether a message must be skipped
as a consequence of a host or program name specification into a common
function, skip_pmessage.

Reviewed by: roberto

Add used #include <limits.h>.

Sync usage() with reality and sort it alphabetically.

PR: 42620
Submitted by: Jeff Ito
MFC after: 1 month

Avoid referencing a removed (and freed) queue entry. This partially reverts
revision 1.101 (which did not introduce the bug but made it harder to fix)

PR: misc/40363
Submitted by: David Dunham <dwdunham@isilon.com>
MFC after: 2 weeks

Introduce to the !program specification a capability similar to the one
that already exists for hosts: being able to specify a section that applies
to every program *except* the one in question.

The normal syntax for program specification is still valid. For the new
capability, one uses:

!-program

Since there is no way to specify a program beginning with a dash in the old
syntax, as it would be interpreted as the case above, the following
alternative syntax to the original capability is provided:

!+program

This shouldn't introduce incompatibilities with any syslogd configuration
in production because -stable's syslogd does not support a dash anywhere in
the program specification.

MFC after: 2 weeks

Make syslogd -u treat "*" as all levels by explictly setting pri_cmp
for it.

While I'm here, add a the ability to say "!level" in a way which
should be compatible with Linux's syslogd.

PR: 28935
No objections: audit
MFC after: 2 weeks

Don't give up on a remote log host when we get a EHOSTUNREACH or
EHOSTDOWN. These are often transient errors (when the remote host
reboots, temporary network problems, etc.), and we'd rather err on the
side of caution and keep trying send messages that never arrive than
just give up.

Note that this is not an implementation of the "back-off" methods
given in the PR. Those just seem too complicated. Why not just keep
trying each time? Trying and failing doesn't really consume
significantly more resources than if we were successful for each
message.

PR: bin/31029
MFC after: 1 week

When parsing the program name from the incoming log message
from a client, accept all printable characters as being part
of the program name, except ':' and '[', because each is a
possible delimiter.

When reading a program name from the syslog configuration file,
do not stop copying it into a buffer when encountering a
non-alphanumerical character. Only stop at unprintable characters.
This makes syslogd work correctly with executables like `interp.bin',
`httpd_old', etc.

PR: misc/40941
MFC after: 1 week

use IPV6_V6ONLY instead of non standard IPV6_BINDV6ONLY.

MFC after: 1 week

Remove spaces between (void) and function calls. Use TAILQ_FOREACH
instead of hand-rolled equivalent. Add curly braces for symmetry
around else.

Parenthesize return values and pull an orphaned { back into the fold.

__FBSDID, ANSIfy function definitions, staticize functions and globals,
don't initialize globals to 0, some reindentation of declarations, some
comments added or reworded.

Un-__P().

Remove unnecessary setjmp.h.

Reviewed by: ru
Approved by: ru
Obtained from: OpenBSD
MFC after: 1 week

Unlink all log sockets at startup.

PR: misc/34839
Reviewed by: ru
Approved by: ru
Obtained from: OpenBSD
MFC after: 2 weeks

Initialze a stack variable with NULL to unbreak buildworld with -Wall.
I don't know about anyone else, but the compiler was always aborting
on this stupid warning, and has been doing so for weeks.

Add a new flag '-c' to disable repeated line compression when the output
is a pipe to another program, or, if specified twice, in all cases.

PR: bin/32420

Make the default kernel prefix "kernel:" instead of the boot file,
with the old behavior available via the -o option (it might still be
useful if one has many kernels and cares which messages came from
which). If the boot file is not used as the prefix, it is still
logged once at startup.

This change is prompted by the fact that the boot file is now much
longer ("/boot/kernel/kernel" vs. "/kernel"), which significanlty
bloats the syslogd output.

Reviewed by: peter

If the mask length is zero, there is no need to convert it to a
netmask.

PR: 31947
Submitted by: Aaron Scarisbrick <aaronsca@hotmail.com>
MFC after: 1 week

Check the return values from calls to malloc(), calloc(), strdup() etc.

Submitted by: Philippe Charnier <charnier@xp11.frmug.org>
MFC after: 2 weeks

Add a strcasecmp() call I forgot in my hurry to commit the previous fix.
Without this call, the hostname check would in some cases yield false
positives.

Pointed out by: ru

The previous commit appeared to just shove the bug under the carpet rather
than really solve it. This approach (inspired by Ruslan's patch) solves
the real problem by stripping the local domain off the host name in the
config line structure.

Also mark a bunch of code sections that either do not check the return value
of a strdup(), malloc() or calloc() call, or do not properly handle a NULL
return.

Fix logging from remote hosts, which has been broken since (at least) revision
1.64, i.e. July of last year. Also fix a minor style bug in the same code.

PR: bin/28634
Pointy hat to: dwmalone
Pointed out by: my buggy DSL router's remote logging facility

Fixed the free(3) panic overlooked due to the -Wno-uninitialized.

- Silence warnings: apply `const' generously, mark some variables
__unused, and change local variables named `sin' (struct
sockaddr_in) to `sin4'. (`sin' conflicts with the definition of
sin(3), which gcc assumes to be defined even if math.h isn't
included (it's a builtin). This is probably a bug in gcc.)

- Apply WARNS=1. WARNS=2 was not used because this program assigns
string literals to (struct iovec).iov_base for writing, and the only
clean way to silence -Wwrite-strings in that case would be to
strdup() and consequently free() those literals, which I considered
too disruptive.

Reviewed by: bde (partially)

Correct a last minute sizeof() bogon in my previous commit.

Introduce a -b option that allows the user to specify which address to
bind to. This is useful for hosts running jails that need syslog to
maintain an open socket to log to a remote host.

Reviewed by: sheldonh

Fix some unsafe signal handlers, and be careful not to overflow on fd_set.
Fix some string buffer operations.

Based on: OpenBSD
Reviewed by: audit
MFC after: 2 weeks

Gives syslogd(8) the ability to refresh its idea of the hostname of
the system on which it is running. The hostname is reloaded when
'HUPped' and a log message generated to note a change (before anyone
points it out, this is not an added security feature).

PR: bin/24444
Reviewed by: freebsd-audit
Approved by: ru
MFC after: 2 weeks

Handle snprintf() returning -1.

MFC after: 2 weeks

- `-a' option for IPv6 was not working correctly.
- Lose any stray host bits that a user may have entered when providing
a network number and netmask to the `-a' option for IPv6. This is
corresponding to 1.79 that is for IPv4 only.

MFC after: 1 week

Lose any stray host bits that a user may have entered when providing
a network number and netmask to the '-a' option.

Approved by: ru
MFC after: 1 week

Fix constness warning introduced in syslog.h 1.21.

Add the ability to specify alternate PID file for syslogd.

PR: 25784
Submitted by: Jon Villarreal <jonv@ivmg.net>
Reviewed by: iedowse

MAXHOSTNAMELEN includes the NUL

This seems to stop syslog console messages looping. The problem
is that LOG_FAC doesn't do quite what you think it does.

PR: 24704

IPv6 support for syslogd.

Reviewed by: freebsd-current
Obtained from: NetBSD

Add the "LOG_CONSOLE" facility and tell syslogd to not log it on
console devices.

Syslogd normally converts messages of facility kern to facility
user unless they come directly from the kernel. Document this and
add a flag to syslogd which prevents this conversion.

Sort getopt args while I'm at it.

PR: 21788
Submitted by: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>

Fix unexploitable off by one error as mentioned on Bugtraq.

Update the usage string to reflect -n as an option.

Actually make syslogd understand the new -n option by putting it
in getopt.

Submitted by: Clive Lin <clive@CirX.ORG>

Sort cases in getopt switch statement.
Remove extra parens from my host selection commit.
Add white space after if, while, for and switch.
Get rid of braces around a single statement if.

There should be no functional changes in this commit.

Reviewed by: sheldonh

Replace two calls to strlen+calloc+strcpy with strdup.

Reviewed by: sheldonh

Change option -r to -n inline with conventions we use elsewhere.
I guess it serves me right for using a patch directly from Jan
Koum. :)

Requested by: many

Add option 'r' to syslogd which will disable dns queries for every
request. This is useful when you have a large site pointed at a
single syslog server.

Submitted by: Jan Koum <jkb@yahoo-inc.com>

Allow syslogd to select messages based on the originating host in
a similar way to the way it can select messages from a given program.

Lines beginning with "+hostname" or "#+hostname" select messaes
from that hostname and lines beginning with "-hostname" or "#-hostname"
match messages not from that hostname.

There are some significant style issues left in the original program
selection code and the man page. This should be cleared up in some
later commits.

Reviewed by: sheldonh
Based on an original patch by: Bernd Walter <ticso@cicely8.cicely.de>
Man page stylist: sheldonh

Prevent a non-exploitable remote buffer overflow.

Reported by: twitch <twitch@vicar.org>
Submitted by: Guido van Rooij <guido@gvr.org>
Reviewed by: security-officer

Back out the previous change to the queue(3) interface.
It was not discussed and should probably not happen.

Requested by: msmith and others

Change the way that the queue(3) structures are declared; don't assume that
the type argument to *_HEAD and *_ENTRY is a struct.

Suggested by: phk
Reviewed by: phk
Approved by: mdodd

Enable 8bit chars excepting high controls

Fix a nit in my previous commit: make SIGHUP and SIGCHLD restartable
as they ought to be. The description of SA_RESTART was a little
unobvious to me in the man page, so i missed it. Thanks to Bruce for
spotting this.

Submitted by: bde

Fix a serious bug in syslogd regarding the handling of pipes. The bug
would cause syslogd to eventually kill innocent processes in the
system over time (note: not `could' but `would'). Many thanks to my
colleague Mirko for digging into the kernel structures and providing
me with the debugging framework to find out about the nature of this
bug (and to isolate that syslogd was the culprit) in a rather large
set of distributed machines at client sites where this happened
occasionally.

Whenever a child process was no longer responsive, or when syslogd
receives a SIGHUP so it closes all its logging file descriptors, for
any descriptor that refers to a pipe syslogd enters the data about the
old logging child process into a `dead queue', where it is being
removed from (and the status of the dead kitten being fetched) upon
receipt of a SIGCHLD. However, there's a high probability that the
SIGCHLD already arrives before the child's data are actually entered
into the dead queue inside the SIGHUP handler, so the SIGCHLD handler
has nothing to fetch and remove and simply continues. Whenever this
happens, the process'es data remain on the dead queue forever, and
since domark() tried to get rid of totally unresponsive children by
first sending a SIGTERM and later a SIGKILL, it was only a matter of
time until the system had recycled enough PIDs so an innocent process
got shot to death.

Fix the race by masking SIGHUP and SIGCHLD from both handlers mutually.

Add additional bandaids ``just in case'', i. e. don't enter a process
into the dead queue if we can't signal it (this should only happen in
case it is already dead by that time so we can fetch the status
immediately instead of deferring this to the SIGCHLD handler); for the
kill(2) inside domark(), check for an error status (/* Can't happen */
:) and remove it from the dead queue in this case (which if it would
have been there in the first place would have reduced the problem to a
statistically minimal likelihood so i certainly would never have
noticed the bug at all :).

Mirko also reviewed the fix in priciple (mutual blocking of both
signals inside the handlers), but not the actual code.

Reviewed by: Mirko Kaffka <mirko@interface-business.de>
Approved by: jkh

Add section number to .Xr. Use .Pa for filenames.
fprintf -> warnx.

Do this the Right Way (tm), i.e. use shutdown() instead of fooling around
with the size of the receive buffer.

Pointed out by: ru

Slight change of secure mode semantics: instead of reading (and counting)
vogons, set the size of the receive buffer to 1 and rely on the kernel to
simply drop incoming packets. The logging code was buggy anyway.

Use socklen_t instead of int for the length argument to recvfrom.

Add a 'continue' at the end of a loop for ANSI conformance.

Fix page fault in -vv mode.

PR: 16098
Submitted by: Alan.Judge@indigo.ie
Reviewed by: ru

$Id$ -> $FreeBSD$

Make hostname comparisons case insensitive

readklog(): rename variable 'l' to 'len', to avoid possible confusion with 'i'
and '1'.

Requested by: mckay

Is there a limit to how stupid I can get?

Little fix in previous: watch NUL-termination.

Fight with false newlines in kernel message logs. Output a line into log only
after we read a newline, or we have nothing to read from /dev/klog. Read
/dev/klog in non-blocking mode.

Implement fascist mode (do not open a datagram socket at all).

Ensure a terminating null when processing hostname strings from
arbitrary sources.
Obtained from: OpenBSD

Accept "!*" as a valid all-programs tag line as documented.
PR: 8447
Submitted by: Gaspar Chilingarov <nightmar@lemming.acc.am>

Block SIGHUP during call to gethostbyaddr().
PR: 5548
Reviewed by: Matthew Dillon <dillon@apollo.backplane.com>
Obtained from: OpenBSD

Allow either tabs or spaces in configuration files.

PR: 8762
Submitted by: Igor Roshchin <str@giganda.komkon.org>

When warning about discarding packets in secure mode, include the IP
address of the most recent offender.

Submitted by: archie@whistle.com

quieten cc -Wall

Harlan.Stenn@pfcs.com added two (very interesting) options to syslogd for
-current (Thanks Harald). However, on my attempt to try this on -STABLE,
I found that when forwarding to another host the actual messages gets lost.
This is due to a wrong index because when the -v option was added, the
indexes shifted one place.

PR: 7407
Submitted by: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>

Add -u, -v and -vv options to syslogd, this improves the control and
logging verbosity about facility & priority levels.
PR: 7278
Reviewed by: phk
Submitted by: Harlan Stenn <Harlan.Stenn@pfcs.com>

Fixed printf format errors.

Fix off by 1 error.

Note in log file if messages are being forwarded from a
remote machine.

PR: 7055
Submitted by: Edwin Groothus <edwin@nwm.wan.philips.com>

Implement new argument -l (OpenBSD has -a but we already use that).
This allows one to specify additional sockets in the unix domain
that syslogd listens to. Its primary use is to create log sockets in
chroot environments.
Obtained from:OpenBSD (with a bug fixed d

Reviewed by: guido@mouse.gvr.org
Submitted by: Archie@whistle.com
redo the last patch to allow differentiated kernel logging in
a much better way.

Allow syslogd to separate out kernel log messages with a known
category.
e.g. separate out ipfw entries to a separate file.

Reviewed by: (briefly) phk
Submitted by: archie@whistle.com
Obtained from: Whistle source tree

Remove a bogus dependency on the size of the inkernel msgbuf.
This change is likely to introduce a few linebreaks in the boot
messages, but that is not easy to solve without breaking syslogd
semantics. Maybe the right fix is to return an integral number
of lines from the kernel driver.

Noticed by: dg

Make syslogd function in non-secure mode.
Log the correct ^2 packet as per the last commit comment.

Augment the last change after some deliberation with rgrimes & peter.
It is important that we keep the ability to send packets to a remote
server and that the packets come from our well-known port, also in
that case.

Reviewed by: peter, rgrimes.

Even with '-s', syslogd still creates an AF_INET socket, although
it is not bind(2)ed.

PR: 6366
Reviewed by: phk
Submitted by: Soren S. Jorvang <soren@dt.dk>

Don't assume sigset_t and int are equivalent. Also, get
sigprocmask arguments the right way round.

Cosmetic in usage string.

Use snprintf() instead of sprintf() most of the time.
Obtained from: OpenBSD

Make usage() consistent with man page.

Nobody ever seemed to be interested in reviewing these changes, and i
found that my syslogd is now running them for several months...

Add an option to syslogd to restrict the IP addresses that are allowed
to log to this syslogd. It's too late to develop the inter-syslogd
communications protocol mentioned in the BUGS section, some 10 years
too late. Thus, restricting the IP address range is about the most
effective change we can do if we want to allow incoming syslog
messages at all.

IMHO, we should encourage the system administrators to use this option,
and thus provide a knob in /etc/rc.* for it, defaulting to -a 127.0.0.1/32
(just as a hint about the usage).

Please state opinions about whether to merge this change into 2.2 or
not (i've got it running on RELENG_2_2 anyway).

Whoops -- code inspection showed I forgot to clean up getopt string

Secure mode (-s) incorrectly disabled both sending and receiving of syslog
packets over UDP. Secure boxes should still be able to send packets.

compare return value from getopt against -1 rather than EOF, per the final
posix standard on the topic.

Save and restore the state of the variable Initialized inside die().
Otherwise, the shutdown message will print out with 15 NUL bytes in
front, due to a missing timestamp.

Revert $FreeBSD$ to $Id$

The "burn-in" phase has finished: this set of patches seems to run
stable now at a customer's site.

Finally add the ability to syslogd to pipe particular messages through
an arbitrary filtering command. Idea stolen from IRIX.

This code is courtesy of the interface business GmbH, Dresden.

Comment about whether to also merge this into 2.2 or not, please.

Reviewed by: (long ago) peter

Make the long-awaited change from $Id$ to $FreeBSD$

This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.

Unlink LogName before attempting to open it. Since we now have a lovely
bug in syslogd which causes it to die after random amounts of time (widely
reported), this at least allows the administrator to easily restart it
without wondering why it simply exits again each time.

Revert part of the previous change. syslogd (when logging to ttys)
has always held an open file descriptor. This allowed logging to
spare virtual consoles and being able to switch to them.

My previous change removed this since all writes were done with ttymsg()
which opens it's own fd, and hence syslogd didn't need it's own fd to
send messages on... but this caused an unexpected behavior change.

This should close PR#2176

Don't close f->f_file on F_TTY types on error returns from ttymsg() since
it wasn't open in the first place..

Make the handling of the /dev/ prefix for tty names more consistant.
ttymsg() insists on them not being there.

Also, since ttymsg() opens the tty "on demand", don't keep an fd open
ourselves. This would interfere with HUPCL etc.

This should close PR#2103 from <xaa@stack.nl>

put on my flame resistant suit and tempt fate by attempting to fix some of
the races in my previous commits here, and fix some other problems with
syslogd as well.

- if the child process exited early (eg: could not bind to the socket),
the boot process would hang for 30 seconds. The parent was not noticing
that the child had exited. (my fault)
- when writing to tty devices, instead of treating them like files that
need \r\n instead of \n, actually use ttymsg() which has specific code
intended to write to potentially blocking ttys safely. I had a machine
lock up last night because /dev/console on a serial port got flow control
blocked. Setting comcontrol drainwait fixed everything but syslogd which
was going into a spin trying to write to the console and completely
ignoreing everything else.
- fix a couple of nonsensical bits of code while here.. eg: wait3 takes
a pointer to an int. There is no sense in declaring it as 'union wait',
then casting the pointer to (int *), then forgetting about it.

Back out the entire change from rev 1.11 of syslogd.c. It was bogus.
Correct the man page to reflect the new reality.

Reviewed by: various (mailing list feedback)
Submitted by: whistle communications

move the socket from /dev to /var/run by default
TRANSITIONALLY make syslog add a symlink..
I PROMISE I'll remove that as soon as I have the makefiles etc fixed as well.

syslogd has always bugged me with it's async startup at boot time.
For me, more often than not, the backgrounded syslogd daemon is not
yet ready to process log messages before other things (such as named)
want to log a heap of them. It seems that it's the O_SYNC writes of
the stuff coming in from /dev/klog that's the slowdown.

Anyway, instead of using the libc daemon, roll a modified version. This
one has a timeout. The child will wait for either the timeout to expire
or the child process to signal it to let it know that it's "ready" and
the /dev/log socket is set up and active, so it's safe to continue the
boot. It adds a small fraction of a second pause to the boot time, but on
the other hand the overall boot time is *quicker* since the disk is not
being thrashed while the log messages are getting written out synchronously
one by one while other daemons are loading in parallel.

The timeout is in case the child segfaults or something before becoming
fully operational.

Bring in some fixes from NetBSD and re-hack our syslogd to be option-compatible
with theirs (change the -I option to -s (but leave -I in for backwards compat.)
Also eliminate an make sane some magic numbers, and fix a small bug where we'd
send to an unopened socket.

Reviewed by: wollman
Obtained from: NetBSD

With the recent 'make install' change in the kernel build makefiles, an
`interesting' feature of syslogd turned up. It calls getbootfile() for each
log entry. Since the kernel makefile now changes kern.bootfile when doing
a 'make install', it's quite startling to see the syslog lines change.

This change makes it call getbootfile() once at startup and cache it,
saving a syscall per loop, and keeping something a little more asthetically
pleasing in /var/log/messages...

Add a command-line option `-I' to disable logging from UDP.
Document `-d' and `-I'. Add a BUGS section noting that
logging from UDP is an unauthenticated remote disk-filling service,
and probably should be disabled by default in the absence of some sort
of authentication.

Remove unconditional unlink at startup and conditionalised the unlink at exit
so that it only unlinks the file if syslogd knows it created it.

If the path specified for the socket already exists then syslogd
will now exit with an "address already in use" error which is more
sensible than blindly unlinking the existing filename. This stops
syslogd -d foo/bar from unlinking foo/bar if it's a real file.

Fix up warning about const being lost.

Remove trailing whitespace.

Extend syslogd to allow selection of log destinations by program.
Use getbootfile() to determine the kernel name.

Submitted by: Peter da Silva

Converted 'vmunix' to 'kernel'.

This commit was generated by cvs2svn to compensate for changes in r1553,
which included commits to RCS files with non-trunk default branches.

BSD 4.4 Lite usr.sbin Sources