Bracket calls to syslog with an openlog() and closelog() since some

authentication methods (like PAM) may do their own logging via
syslog.  Since we don't use syslog much (usually just once per
session) this doesn't really incur a performance penalty.
It also Fixes a SEGV with pam_kafs.

diff --git a/defaults.c b/defaults.c
index e7d8238cbf1b72e858bfd4f970e5f410eb3d0aa8..c179275beaf3f7d72d1d2e48514f83ff77524eee 100644 (file)
--- a/defaults.c
+++ b/defaults.c
@@ -669,19 +669,13 @@ store_syslogfac(val, def, op)
        return(FALSE);                          /* not found */
 
     /* Store both name and number. */
-    if (def->sd_un.str) {
+    if (def->sd_un.str)
        free(def->sd_un.str);
-       closelog();
-    }
-    openlog(Argv[0], 0, fac->num);
     def->sd_un.str = estrdup(fac->name);
     sudo_defs_table[I_LOGFAC].sd_un.ival = fac->num;
 #else
-    if (def->sd_un.str) {
+    if (def->sd_un.str)
        free(def->sd_un.str);
-       closelog();
-    }
-    openlog(Argv[0], 0);
     def->sd_un.str = estrdup("default");
 #endif /* LOG_NFACILITIES */
     return(TRUE);

diff --git a/logging.c b/logging.c
index 18d080f03e9a659b4f6e508c5c9ad8385a43f57a..ff140275ba851bc05755dacc5e479d0ecb3b8a53 100644 (file)
--- a/logging.c
+++ b/logging.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1994-1996,1998-1999 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1994-1996,1998-2000 Todd C. Miller <Todd.Miller@courtesan.com>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -67,33 +67,56 @@ static void do_logfile              __P((char *));
 static void send_mail          __P((char *));
 static void mail_auth          __P((int, char *));
 static char *get_timestr       __P((void));
+static void mysyslog           __P((int, const char *, ...));
 
-#ifdef BROKEN_SYSLOG
-# define MAXSYSLOGTRIES        16      /* num of retries for broken syslogs */
-# define SYSLOG                syslog_wrapper
-
-static void syslog_wrapper     __P((int, char *, char *, char *));
+#define MAXSYSLOGTRIES 16      /* num of retries for broken syslogs */
 
 /*
- * Some versions of syslog(3) don't guarantee success and return
- * an int (notably HP-UX < 10.0).  So, if at first we don't succeed,
- * try, try again...
+ * We do an openlog(3)/closelog(3) for each message because some
+ * authentication methods (notably PAM) use syslog(3) for their
+ * own nefarious purposes and may call openlog(3) and closelog(3).
+ * Sadly this is a maze of #ifdefs.
  */
 static void
-syslog_wrapper(pri, fmt, ap)
+#ifdef __STDC__
+mysyslog(int pri, const char *fmt, ...)
+#else
+mysyslog(pri, fmt, ap)
     int pri;
     const char *fmt;
-    va_list ap;
+    va_dcl
+#endif
 {
+#ifdef BROKEN_SYSLOG
     int i;
+#endif
+    va_list ap;
 
+#ifdef __STDC__
+    va_start(ap, fmt);
+#else
+    va_start(ap);
+#endif
+#ifdef LOG_NFACILITIES
+    openlog(Argv[0], 0, def_ival(I_LOGFAC));
+#else
+    openlog(Argv[0], 0);
+#endif
+#ifdef BROKEN_SYSLOG
+    /*
+     * Some versions of syslog(3) don't guarantee success and return
+     * an int (notably HP-UX < 10.0).  So, if at first we don't succeed,
+     * try, try again...
+     */
     for (i = 0; i < MAXSYSLOGTRIES; i++)
        if (vsyslog(pri, fmt, ap) == 0)
            break;
-}
 #else
-# define SYSLOG                syslog
+    vsyslog(pri, fmt, ap);
 #endif /* BROKEN_SYSLOG */
+    va_end(ap);
+    closelog();
+}
 
 /*
  * Log a message to syslog, pre-pending the username and splitting the
@@ -128,9 +151,9 @@ do_syslog(pri, msg)
            *tmp = '\0';
 
            if (count == 0)
-               SYSLOG(pri, "%8.8s : %s", user_name, p);
+               mysyslog(pri, "%8.8s : %s", user_name, p);
            else
-               SYSLOG(pri, "%8.8s : (command continued) %s", user_name, p);
+               mysyslog(pri, "%8.8s : (command continued) %s", user_name, p);
 
            *tmp = save;                        /* restore saved character */
 
@@ -139,9 +162,9 @@ do_syslog(pri, msg)
                ;
        } else {
            if (count == 0)
-               SYSLOG(pri, "%8.8s : %s", user_name, p);
+               mysyslog(pri, "%8.8s : %s", user_name, p);
            else
-               SYSLOG(pri, "%8.8s : (command continued) %s", user_name, p);
+               mysyslog(pri, "%8.8s : (command continued) %s", user_name, p);
        }
     }
 }

diff --git a/sudo.c b/sudo.c
index f36656f174788d0c861bdaa59e7bd154755a6dd8..db4e4b68419797065a9369972450ff61292a84a2 100644 (file)
--- a/sudo.c
+++ b/sudo.c
@@ -345,14 +345,11 @@ main(argc, argv)
        /* This *must* have been set if we got a match but... */
        if (safe_cmnd == NULL) {
            log_error(MSG_ONLY,
-               "internal error, cmnd_safe never got set for %s; %s",
+               "internal error, safe_cmnd never got set for %s; %s",
                user_cmnd,
                "please report this error at http://courtesan.com/sudo/bugs/");
        }
 
-       if (def_ival(I_LOGFACSTR))
-           closelog();
-
        /* Reset signal mask before we exec. */
 #ifdef POSIX_SIGNALS
        (void) sigprocmask(SIG_SETMASK, &oset, NULL);