void
set_cron_watched(int fd) {
- int ret1, ret2, ret3;
+ pid_t pid = getpid();
wd1 = inotify_add_watch(fd, CRONDIR, IN_MODIFY | IN_DELETE | IN_CREATE | IN_ATTRIB);
if (wd1 < 0)
- log_it("CRON",getpid(),"This directory can't be watched",strerror(errno));
+ log_it("CRON", pid, "This directory can't be watched", CRONDIR, errno);
wd2 = inotify_add_watch(fd, RH_CROND_DIR, IN_MODIFY | IN_DELETE | IN_CREATE | IN_ATTRIB);
if (wd2 < 0)
- log_it("CRON",getpid(),"This directory can't be watched",strerror(errno));
+ log_it("CRON", pid, "This directory can't be watched", RH_CROND_DIR, errno);
wd3 = inotify_add_watch(fd, SYSCRONTAB, IN_MODIFY | IN_DELETE | IN_CREATE | IN_ATTRIB);
if (wd3 < 0)
- log_it("CRON",getpid(),"This file can't be watched ",strerror(errno));
+ log_it("CRON", pid, "This file can't be watched", SYSCRONTAB, errno);
wd4 = inotify_add_watch(fd, "/var/spool/cron/", IN_MODIFY | IN_DELETE | IN_CREATE | IN_ATTRIB);
if (wd4 < 0)
- log_it("CRON",getpid(),"This file can't be watched ",strerror(errno));
+ log_it("CRON", pid, "This directory can't be watched", "/var/spool/cron", errno);
if (wd1 <0 || wd2<0 || wd3<0 || wd4<0) {
inotify_enabled = 0;
- syslog(LOG_INFO, "CRON (%s) ERROR: run without inotify support");
+ log_it("CRON", pid, "INFO", "running without inotify support", 0);
}
else
inotify_enabled = 1;
cron_db database;
int fd;
char *cs;
+ pid_t pid = getpid();
#if defined WITH_INOTIFY
int fildes;
fildes = inotify_init();
if (fildes < 0)
- syslog(LOG_ERR, "Inotify init failed %m");
+ log_it("CRON", pid, "INFO", "Inotify init failed", errno);
#endif
ProgramName = argv[0];
set_cron_cwd();
if (putenv("PATH="_PATH_DEFPATH) < 0) {
- log_it("CRON", getpid(), "DEATH", "can't malloc");
+ log_it("CRON", pid, "DEATH", "can't putenv PATH", errno);
exit(1);
}
} else if (NoFork == 0) {
switch (fork()) {
case -1:
- log_it("CRON",getpid(),"DEATH","can't fork");
+ log_it("CRON", pid, "DEATH", "can't fork", errno);
exit(0);
break;
case 0:
(void) close(fd);
}
if (inotify_enabled)
- log_it("CRON",getpid(),"STARTUP INOTIFY",PACKAGE_VERSION);
+ log_it("CRON", getpid(), "STARTUP INOTIFY", PACKAGE_VERSION, 0);
else
- log_it("CRON",getpid(),"STARTUP",PACKAGE_VERSION);
+ log_it("CRON", getpid(), "STARTUP", PACKAGE_VERSION, 0);
break;
default:
/* parent process should just die */
#if defined WITH_INOTIFY
set_cron_unwatched(fildes);
- int ret;
- ret = close(fildes);
- if (ret)
- syslog(LOG_ERR, "Inotify can't remove watches %m");
+ if (fildes >= 0 && close(fildes) < 0)
+ log_it("CRON", pid, "INFO", "Inotify can't remove watches", errno);
#endif
}
"You (%s) are not allowed to use this program (%s)\n",
User, ProgramName);
fprintf(stderr, "See crontab(1) for more information\n");
- log_it(RealUser, Pid, "AUTH", "crontab command not allowed");
+ log_it(RealUser, Pid, "AUTH", "crontab command not allowed", 0);
exit(ERROR_EXIT);
}
FILE *f;
int ch;
- log_it(RealUser, Pid, "LIST", User);
+ log_it(RealUser, Pid, "LIST", User, 0);
if (!glue_strings(n, sizeof n, SPOOL_DIR, User, '/')) {
fprintf(stderr, "path too long\n");
exit(ERROR_EXIT);
) exit(0);
}
- log_it(RealUser, Pid, "DELETE", User);
+ log_it(RealUser, Pid, "DELETE", User, 0);
if (!glue_strings(n, sizeof n, SPOOL_DIR, User, '/')) {
fprintf(stderr, "path too long\n");
exit(ERROR_EXIT);
PID_T pid, xpid;
int uid;
- log_it(RealUser, Pid, "BEGIN EDIT", User);
+ log_it(RealUser, Pid, "BEGIN EDIT", User, 0);
if (!glue_strings(n, sizeof n, SPOOL_DIR, User, '/')) {
fprintf(stderr, "path too long\n");
exit(ERROR_EXIT);
remove:
unlink(Filename);
done:
- log_it(RealUser, Pid, "END EDIT", User);
+ log_it(RealUser, Pid, "END EDIT", User, 0);
}
/* returns 0 on success
goto done;
}
TempFilename[0] = '\0';
- log_it(RealUser, Pid, "REPLACE", User);
+ log_it(RealUser, Pid, "REPLACE", User, 0);
poke_daemon();
struct passwd *pw) {
struct stat statbuf;
int crontab_fd;
+ pid_t pid = getpid();
if ((crontab_fd = open(tabname, O_RDONLY|O_NONBLOCK|O_NOFOLLOW, 0)) == -1) {
- log_it("CRON", getpid(), "CAN'T OPEN", tabname);
+ log_it(uname, pid, "CAN'T OPEN", tabname, errno);
return(-1);
}
if (PermitAnyCrontab == 0) {
if (fstat(crontab_fd, &statbuf) < OK) {
- log_it("CRON", getpid(), "STAT FAILED", tabname);
+ log_it(uname, pid, "STAT FAILED", tabname, errno);
close(crontab_fd);
return(-1);
}
if (!S_ISREG(statbuf.st_mode)) {
- syslog(LOG_INFO, "NOT REGULAR %s", tabname);
+ log_it(uname, pid, "NOT REGULAR", tabname, 0);
close(crontab_fd);
return(-1);
}
if ((statbuf.st_mode & 07533) != 0400) {
- log_it(fname, getpid(), "BAD FILE MODE", tabname);
+ log_it(uname, pid, "BAD FILE MODE", tabname, 0);
close(crontab_fd);
return(-1);
}
if (statbuf.st_uid != ROOT_UID && (pw == NULL ||
statbuf.st_uid != pw->pw_uid || strcmp(uname, pw->pw_name) != 0)) {
- log_it(fname, getpid(), "WRONG FILE OWNER", tabname);
+ log_it(uname, pid, "WRONG FILE OWNER", tabname, 0);
close(crontab_fd);
return(-1);
}
if (pw && statbuf.st_nlink != 1) {
- log_it(fname, getpid(), "BAD LINK COUNT", tabname);
+ log_it(uname, pid, "BAD LINK COUNT", tabname, 0);
close(crontab_fd);
return(-1);
}
} else if ((pw = getpwnam(uname)) == NULL) {
/* file doesn't have a user in passwd file.
*/
- log_it("CRON", getpid(), "ORPHAN", "no passwd entry");
+ log_it(uname, getpid(), "ORPHAN", "no passwd entry", 0);
goto next_crontab;
}
cron_db new_db;
DIR_T *dp;
DIR *dir;
+ pid_t pid = getpid();
new_db.head = new_db.tail = NULL;
process_inotify_crontab("root", NULL, SYSCRONTAB, &new_db, old_db, fd, RELOAD);
/* RH_CROND_DIR /etc/cron.d */
if (!(dir = opendir(RH_CROND_DIR))) {
- log_it("CRON", getpid(), "OPENDIR FAILED", RH_CROND_DIR);
+ log_it("CRON", pid, "OPENDIR FAILED", RH_CROND_DIR, errno);
(void) exit(ERROR_EXIT);
}
while (NULL != (dp = readdir(dir))) {
closedir(dir);
/* SPOOL_DIR */
if (!(dir = opendir(SPOOL_DIR))) {
- syslog(LOG_INFO, "CRON: OPENDIR FAILED %s", SPOOL_DIR);
+ log_it("CRON", pid, "OPENDIR FAILED", SPOOL_DIR, errno);
(void) exit(ERROR_EXIT);
}
fd_set rfds;
int retval = 0;
char buf[BUF_LEN];
+ pid_t pid = getpid();
time.tv_sec = 1;
time.tv_usec = 0;
retval = select(fd + 1, &rfds, NULL, NULL, &time);
if (retval == -1) {
- perror("select()");
- syslog(LOG_INFO, "CRON: select failed: %s", strerror(errno));
+ log_it("CRON", pid, "INOTIFY", "select failed", errno);
}
else if (FD_ISSET(fd, &rfds)) {
new_db.head = new_db.tail = NULL;
if (read(fd, buf, sizeof(buf)) == -1)
- log_it("CRON", getpid(), "reading problem",buf);
+ log_it("CRON", pid, "INOTIFY", "read failed", errno);
process_inotify_crontab("root", NULL, SYSCRONTAB, &new_db, old_db, fd, RELOAD);
if (!(dir = opendir(RH_CROND_DIR))) {
- log_it("CRON", getpid(), "OPENDIR FAILED", RH_CROND_DIR);
+ log_it("CRON", pid, "OPENDIR FAILED", RH_CROND_DIR, errno);
(void) exit(ERROR_EXIT);
}
while (NULL != (dp = readdir(dir))) {
closedir(dir);
if (!(dir = opendir(SPOOL_DIR))) {
- syslog(LOG_INFO, "CRON: OPENDIR FAILED %s", SPOOL_DIR);
+ log_it("CRON", pid, "OPENDIR FAILED", SPOOL_DIR, errno);
(void) exit(ERROR_EXIT);
}
while (NULL != (dp = readdir(dir))) {
new_db.head = new_db.tail = NULL;
process_inotify_crontab("root", NULL, SYSCRONTAB, &new_db, old_db, fd, !RELOAD);
if (!(dir = opendir(RH_CROND_DIR))) {
- log_it("CRON", getpid(), "OPENDIR FAILED", RH_CROND_DIR);
+ log_it("CRON", pid, "OPENDIR FAILED", RH_CROND_DIR, errno);
(void) exit(ERROR_EXIT);
}
closedir(dir);
if (!(dir = opendir(SPOOL_DIR))) {
- syslog(LOG_INFO, "CRON: OPENDIR FAILED %s", SPOOL_DIR);
+ log_it("CRON", pid, "OPENDIR FAILED", SPOOL_DIR, errno);
(void) exit(ERROR_EXIT);
}
DIR_T *dp;
DIR *dir;
user *u, *nu;
+ pid_t pid = getpid();
- Debug(DLOAD, ("[%ld] load_database()\n", (long)getpid()))
+ Debug(DLOAD, ("[%ld] load_database()\n", (long)pid))
/* before we start loading any data, do a stat on SPOOL_DIR
* so that if anything changes as of this moment (i.e., before we've
* cached any of the database), we'll see the changes next time.
*/
if (stat(SPOOL_DIR, &statbuf) < OK) {
- log_it("CRON", getpid(), "STAT FAILED", SPOOL_DIR);
+ log_it("CRON", pid, "STAT FAILED", SPOOL_DIR, errno);
(void) exit(ERROR_EXIT);
}
max_mtime(SPOOL_DIR, &statbuf);
if (stat(RH_CROND_DIR, &crond_stat) < OK) {
- log_it("CRON", getpid(), "STAT FAILED", RH_CROND_DIR);
+ log_it("CRON", pid, "STAT FAILED", RH_CROND_DIR, errno);
(void) exit(ERROR_EXIT);
}
TMAX(statbuf.st_mtime, syscron_stat.st_mtime))
){
Debug(DLOAD, ("[%ld] spool dir mtime unch, no load needed.\n",
- (long)getpid()))
+ (long)pid))
return;
}
&new_db, old_db);
if (!(dir = opendir(RH_CROND_DIR))) {
- log_it("CRON", getpid(), "OPENDIR FAILED", RH_CROND_DIR);
+ log_it("CRON", pid, "OPENDIR FAILED", RH_CROND_DIR, errno);
(void) exit(ERROR_EXIT);
}
*/
if (!(dir = opendir(SPOOL_DIR))) {
- log_it("CRON", getpid(), "OPENDIR FAILED", SPOOL_DIR);
+ log_it("CRON", pid, "OPENDIR FAILED", SPOOL_DIR, errno);
(void) exit(ERROR_EXIT);
}
int crontab_fd = OK - 1;
user *u;
int crond_crontab = (fname == NULL) && (strcmp(tabname, SYSCRONTAB) != 0);
+ pid_t pid = getpid();
if (fname == NULL) {
/* must be set to something for logging purposes.
} else if ((pw = getpwnam(uname)) == NULL) {
/* file doesn't have a user in passwd file.
*/
- log_it(fname, getpid(), "ORPHAN", "no passwd entry");
+ log_it(fname, pid, "ORPHAN", "no passwd entry", 0);
goto next_crontab;
}
if ((crontab_fd = open(tabname, O_RDONLY|O_NONBLOCK|O_NOFOLLOW, 0)) < OK) {
/* crontab not accessible?
*/
- log_it(fname, getpid(), "CAN'T OPEN", tabname);
+ log_it(fname, pid, "CAN'T OPEN", tabname, errno);
goto next_crontab;
}
if (fstat(crontab_fd, statbuf) < OK) {
- log_it(fname, getpid(), "FSTAT FAILED", tabname);
+ log_it(fname, pid, "FSTAT FAILED", tabname, errno);
goto next_crontab;
}
if ( PermitAnyCrontab == 0 )
{
if (!S_ISREG(statbuf->st_mode)) {
- log_it(fname, getpid(), "NOT REGULAR", tabname);
+ log_it(fname, pid, "NOT REGULAR", tabname, 0);
goto next_crontab;
}
if ((statbuf->st_mode & 07533) != 0400) {
- log_it(fname, getpid(), "BAD FILE MODE", tabname);
+ log_it(fname, pid, "BAD FILE MODE", tabname, 0);
goto next_crontab;
}
if (statbuf->st_uid != ROOT_UID && (pw == NULL ||
statbuf->st_uid != pw->pw_uid || strcmp(uname, pw->pw_name) != 0)) {
- log_it(fname, getpid(), "WRONG FILE OWNER", tabname);
+ log_it(fname, pid, "WRONG FILE OWNER", tabname, 0);
goto next_crontab;
}
if (pw && statbuf->st_nlink != 1) {
- log_it(fname, getpid(), "BAD LINK COUNT", tabname);
+ log_it(fname, pid, "BAD LINK COUNT", tabname, 0);
goto next_crontab;
}
}
Debug(DLOAD, (" [delete old data]"))
unlink_user(old_db, u);
free_user(u);
- log_it(fname, getpid(), "RELOAD", tabname);
+ log_it(fname, pid, "RELOAD", tabname, 0);
}
u = load_user(crontab_fd, pw, uname, fname, tabname);
if (u != NULL) {
DIR * dir;
DIR_T *dp;
struct stat st;
+ pid_t pid = getpid();
if (!(dir = opendir(dir_name))) {
- log_it("CRON", getpid(), "OPENDIR FAILED", dir_name);
+ log_it("CRON", pid, "OPENDIR FAILED", dir_name, errno);
(void) exit(ERROR_EXIT);
}
void
do_command(entry *e, user *u) {
+ pid_t pid = getpid();
+
Debug(DPROC, ("[%ld] do_command(%s, (%s,%ld,%ld))\n",
- (long)getpid(), e->cmd, u->name,
+ (long)pid, e->cmd, u->name,
(long)e->pwd->pw_uid, (long)e->pwd->pw_gid))
/* fork to become asynchronous -- parent process is done immediately,
*/
switch (fork()) {
case -1:
- log_it("CRON", getpid(), "error", "can't fork");
+ log_it("CRON", pid, "can't fork", "do_command", errno);
break;
case 0:
/* child process */
/* parent process */
break;
}
- Debug(DPROC, ("[%ld] main process returning to work\n",(long)getpid()))
+ Debug(DPROC, ("[%ld] main process returning to work\n",(long)pid))
}
static void
char *input_data, *usernm, *mailto;
int children = 0;
char **jobenv=0L;
+ pid_t pid = getpid();
/* Set up the Red Hat security context for both mail/minder and job processes:
*/
*/
if( pipe(stdin_pipe) == -1 ) /* child's stdin */
{
- log_it("CRON", getpid(), "pipe() failed:", strerror(errno));
+ log_it("CRON", pid, "pipe() failed", "stdin_pipe", errno);
return;
}
if( pipe(stdout_pipe) == -1 ) /* child's stdout */
{
- log_it("CRON", getpid(), "pipe() failed:", strerror(errno));
+ log_it("CRON", pid, "pipe() failed", "stdout_pipe", errno);
return;
}
*/
switch (fork()) {
case -1:
- log_it("CRON", getpid(), "error", "can't fork");
+ log_it("CRON", pid, "can't fork", "child_process", errno);
cron_close_pam();
exit(ERROR_EXIT);
/*NOTREACHED*/
if ((e->flags & DONT_LOG) == 0) {
char *x = mkprints((u_char *)e->cmd, strlen(e->cmd));
- log_it(usernm, getpid(), "CMD", x);
+ log_it(usernm, getpid(), "CMD", x, 0);
free(x);
}
"mailed %d byte%s of output but got status 0x%04x\n",
bytes, (bytes==1)?"":"s",
status);
- log_it(usernm, getpid(), "MAIL", buf);
+ log_it(usernm, getpid(), "MAIL", buf, 0);
}
} /*if data from grandchild*/
if (isascii(ch) && isprint(ch) &&
(isalnum(ch) || (!first && strchr(safe_delim, ch))))
continue;
- log_it(usernm, getpid(), "UNSAFE", s);
+ log_it(usernm, getpid(), "UNSAFE", s, 0);
return (FALSE);
}
return (TRUE);
}
e->envp = tenvp;
} else
- log_it("CRON", getpid(), "error", "can't set SHELL");
+ log_it("CRON", getpid(), "error", "can't set SHELL", 0);
}
if (!env_get("HOME", e->envp)) {
if (glue_strings(envstr, sizeof envstr, "HOME",
}
e->envp = tenvp;
} else
- log_it("CRON", getpid(), "error", "can't set HOME");
+ log_it("CRON", getpid(), "error", "can't set HOME", 0);
}
#ifndef LOGIN_CAP
/* If login.conf is in used we will get the default PATH later. */
}
e->envp = tenvp;
} else
- log_it("CRON", getpid(), "error", "can't set PATH");
+ log_it("CRON", getpid(), "error", "can't set PATH", 0);
}
#endif /* LOGIN_CAP */
if (glue_strings(envstr, sizeof envstr, "LOGNAME",
}
e->envp = tenvp;
} else
- log_it("CRON", getpid(), "error", "can't set LOGNAME");
+ log_it("CRON", getpid(), "error", "can't set LOGNAME", 0);
#if defined(BSD) || defined(__linux)
if (glue_strings(envstr, sizeof envstr, "USER",
pw->pw_name, '=')) {
}
e->envp = tenvp;
} else
- log_it("CRON", getpid(), "error", "can't set USER");
+ log_it("CRON", getpid(), "error", "can't set USER", 0);
#endif
Debug(DPARS, ("load_entry()...about to parse command\n"))
free_entry(entry *),
acquire_daemonlock(int),
skip_comments(FILE *),
- log_it(const char *, int, const char *, const char *),
+ log_it(const char *, int, const char *, const char *, int),
log_close(void);
#if defined WITH_INOTIFY
void load_inotify_database(cron_db *, int ),
char *ep;
long otherpid=-1;
ssize_t num, len;
+ pid_t pid = getpid();
if (closeflag) {
/* close stashed fd for child so we don't leak it. */
pidfile = _PATH_CRON_PID;
/* Initial mode is 0600 to prevent flock() race/DoS. */
if ((fd = open(pidfile, O_RDWR|O_CREAT, 0600)) == -1) {
- sprintf(buf, "can't open or create %s: %s",
- pidfile, strerror(errno));
- fprintf(stderr, "%s: %s\n", ProgramName, buf);
- log_it("CRON", getpid(), "DEATH", buf);
+ int save_errno = errno;
+ sprintf(buf, "can't open or create %s",
+ pidfile);
+ fprintf(stderr, "%s: %s: %s\n", ProgramName, buf, strerror(save_errno));
+ log_it("CRON", pid, "DEATH", buf, save_errno);
exit(ERROR_EXIT);
}
if ((num = read(fd, buf, sizeof(buf) - 1)) > 0 &&
(otherpid = strtol(buf, &ep, 10)) > 0 &&
ep != buf && *ep == '\n' && otherpid != LONG_MAX) {
- sprintf(buf,
- "can't lock %s, otherpid may be %ld: %s",
- pidfile, otherpid, strerror(save_errno));
+ snprintf(buf, sizeof(buf),
+ "can't lock %s, otherpid may be %ld",
+ pidfile, otherpid);
} else {
- sprintf(buf,
- "can't lock %s, otherpid unknown: %s",
- pidfile, strerror(save_errno));
+ snprintf(buf, sizeof(buf),
+ "can't lock %s, otherpid unknown",
+ pidfile);
}
- sprintf(buf, "can't lock %s, otherpid may be %ld: %s",
- pidfile, otherpid, strerror(save_errno));
- fprintf(stderr, "%s: %s\n", ProgramName, buf);
- log_it("CRON", getpid(), "DEATH", buf);
+ fprintf(stderr, "%s: %s: %s\n", ProgramName, buf, strerror(save_errno));
+ log_it("CRON", pid, "DEATH", buf, save_errno);
exit(ERROR_EXIT);
}
(void) fchmod(fd, 0644);
(void) fcntl(fd, F_SETFD, 1);
}
- sprintf(buf, "%ld\n", (long)getpid());
+ sprintf(buf, "%ld\n", (long)pid);
(void) lseek(fd, (off_t)0, SEEK_SET);
len = strlen(buf);
if( (num = write(fd, buf, len)) != len )
- log_it("CRON", getpid(), "write() failed:", strerror(errno));
+ log_it("CRON", pid, "ERROR", "write() failed", errno);
else
{
if( ftruncate(fd, num) == -1 )
- log_it("CRON", getpid(), "ftruncate() failed:", strerror(errno));
+ log_it("CRON", pid, "ERROR", "ftruncate() failed", errno);
}
/* abandon fd even though the file is open. we need to keep
if( ( getuid() == 0 ) && (!isallowed) )
{
snprintf(buf,sizeof(buf),"root used -u for user %s not in cron.allow",username);
- log_it("crontab",getpid(),"warning",buf);
+ log_it("crontab", getpid(), "warning", buf, 0);
isallowed = TRUE;
}
} else if ((fp = fopen(deny_file, "r")) != NULL) {
if( ( getuid() == 0 ) && (!isallowed) )
{
snprintf(buf,sizeof(buf),"root used -u for user %s in cron.deny",username);
- log_it("crontab",getpid(),"warning",buf);
+ log_it("crontab", getpid(), "warning", buf, 0);
isallowed = TRUE;
}
}
}
void
-log_it(const char *username, PID_T xpid, const char *event, const char *detail) {
+log_it(const char *username, PID_T xpid, const char *event, const char *detail, int err) {
#if defined(LOG_FILE) || DEBUGGING
PID_T pid = xpid;
#endif
* everything out in one chunk and this has to be atomically appended
* to the log file.
*/
- snprintf(msg, msg_size, "%s (%02d/%02d-%02d:%02d:%02d-%d) %s (%s)\n",
+ snprintf(msg, msg_size, "%s (%02d/%02d-%02d:%02d:%02d-%d) %s (%s)%s%s\n",
username,
t->tm_mon+1, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec, pid,
- event, detail);
+ event, detail,
+ err != 0 ? ": " : "",
+ err != 0 ? strerror(err) : "");
/* we have to run strlen() because sprintf() returns (char*) on old BSD
*/
syslog_open = TRUE; /* assume openlog success */
}
- syslog(LOG_INFO, "(%s) %s (%s)", username, event, detail);
+ syslog(err != 0 ? LOG_ERR : LOG_INFO,
+ "(%s) %s (%s)%s%s", username, event, detail,
+ err != 0 ? ": " : "",
+ err != 0 ? strerror(err) : "");
+
#endif /*SYSLOG*/
#if DEBUGGING
if (DebugFlags) {
- fprintf(stderr, "log_it: (%s %ld) %s (%s)\n",
- username, (long)pid, event, detail);
+ fprintf(stderr, "log_it: (%s %ld) %s (%s)%s%s\n",
+ username, (long)pid, event, detail,
+ err != 0 ? ": " : "",
+ err != 0 ? strerror(err) : "");
}
#endif
}
}
if (execvp(argv[0], argv) < 0) {
- syslog(LOG_ERR, "CRON: Exec of (%s) failed: (%s)", program, strerror(errno));
+ int save_errno = errno;
+
+ log_it("CRON", getpid(), "EXEC FAILED", program, save_errno);
if (*type != 'r') {
while (0 != (out = read(STDIN, buf, PIPE_BUF))) {
if ((out == -1) && (errno != EINTR))
int cron_set_job_security_context(entry *e, user *u, char ***jobenv) {
time_t minutely_time = 0;
+#ifdef WITH_PAM
+ int ret;
+#endif
if ((e->flags & MIN_STAR)==MIN_STAR) {
/* "minute-ly" job: Every minute for given hour/dow/month/dom.
}
#ifdef WITH_PAM
- if (cron_start_pam(e->pwd) != 0) {
- syslog(LOG_INFO, "CRON (%s): failed to open PAM security session: %s", e->pwd->pw_name, pam_strerror(pamh,cron_start_pam(e->pwd)));
+ if ((ret=cron_start_pam(e->pwd)) != 0) {
+ log_it(e->pwd->pw_name, getpid(), "FAILED to authorize user with PAM", pam_strerror(pamh, ret), 0);
return -1;
}
#endif
security_context_t ucontext=0;
if (cron_get_job_range(u, &ucontext, *jobenv) < OK) {
- syslog(LOG_ERR, "CRON (%s) ERROR: failed to get selinux context: %s",
- e->pwd->pw_name, strerror(errno));
+ log_it(e->pwd->pw_name, getpid(), "ERROR", "failed to get SELinux context", 0);
return -1;
}
if (cron_change_selinux_range(u, ucontext) != 0) {
- syslog(LOG_INFO,"CRON (%s) ERROR: failed to change SELinux context",
- e->pwd->pw_name);
+ log_it(e->pwd->pw_name, getpid(),"ERROR", "failed to change SELinux context", 0);
if ( ucontext )
freecon(ucontext);
return -1;
freecon(ucontext);
#endif
#ifdef WITH_PAM
- if (cron_open_pam_session(e->pwd) != 0) {
- syslog(LOG_INFO, "CRON (%s) ERROR: failed to open PAM security session: %s", e->pwd->pw_name, strerror(errno));
+ if ((ret=cron_open_pam_session(e->pwd)) != 0) {
+ log_it(e->pwd->pw_name, getpid(), "FAILED to open PAM security session", pam_strerror(pamh, ret), 0);
return -1;
}
#endif
if (cron_change_user(e->pwd, env_get("HOME", *jobenv)) != 0) {
- syslog(LOG_INFO, "CRON (%s) ERROR: failed to open change cron user: %s", e->pwd->pw_name, strerror(errno));
+ log_it(e->pwd->pw_name, getpid(), "ERROR", "failed to change user", 0);
return -1;
}
log_close();
- openlog(ProgramName, LOG_PID, LOG_CRON);
time_t job_run_time = time(0L);
* (eg. by network authentication method timeouts), skip it.
*/
struct tm tmS, tmN;
+ char buf[256];
+
localtime_r(&job_run_time, &tmN);
localtime_r(&minutely_time,&tmS);
- syslog(LOG_ERR,
- "(%s) error: Job execution of per-minute job scheduled for "
- "%.2u:%.2u delayed into subsequent minute %.2u:%.2u. Skipping job run.",
- e->pwd->pw_name, tmS.tm_hour, tmS.tm_min, tmN.tm_hour, tmN.tm_min);
+
+ snprintf(buf, sizeof(buf), "Job execution of per-minute job scheduled for "
+ "%.2u:%.2u delayed into subsequent minute %.2u:%.2u. Skipping job run.",
+ tmS.tm_hour, tmS.tm_min, tmN.tm_hour, tmN.tm_min);
+ log_it(e->pwd->pw_name, getpid(), "INFO", buf, 0);
return -1;
}
return 0;
}
int cron_change_user(struct passwd *pw, char *homedir) {
+ pid_t pid = getpid();
/* set our directory, uid and gid. Set gid first, since once
* we set uid, we've lost root privledges.
*/
if (setgid(pw->pw_gid) != 0) {
- log_it("CRON", getpid(), "setgid failed:", strerror(errno));
+ log_it("CRON", pid, "ERROR", "setgid failed", errno);
return -1;
}
if (initgroups(pw->pw_name, pw->pw_gid) != 0) {
- log_it("CRON", getpid(), "initgroups failed:", strerror(errno));
+ log_it("CRON", pid, "ERROR", "initgroups failed", errno);
return -1;
}
if (setuid( pw->pw_uid ) != 0) {
- log_it("CRON", getpid(), "setuid failed:", strerror(errno));
+ log_it("CRON", pid, "ERROR", "setuid failed", errno);
return -1;
}
if (chdir(homedir) == -1) {
- log_it("CRON", getpid(), "chdir(HOME) failed:", strerror(errno));
- log_it("CRON", getpid(), homedir, strerror(errno));
+ log_it("CRON", pid, "ERROR chdir failed", homedir, errno);
return -1;
}
return 0;
if (getfilecon( crontab, file_contextp ) == -1) {
if (security_getenforce() > 0) {
log_it(u->name, getpid(), "getfilecon FAILED for SELINUX_ROLE_TYPE",
- sroletype);
+ sroletype, 0);
return -1;
} else if (access( crontab, F_OK ) == 0)
log_it(u->name, getpid(),
"getfilecon FAILED but SELinux in permissive mode, continuing "
- "- SELINUX_ROLE_TYPE=", sroletype);
+ "- SELINUX_ROLE_TYPE", sroletype, 0);
}
}
#endif
if ((range = env_get("MLS_LEVEL",jobenv)) != 0L) {
context_t ccon;
if (!(ccon = context_new(u->scontext))) {
- log_it(u->name, getpid(), "context_new FAILED for MLS_LEVEL", range);
+ log_it(u->name, getpid(), "context_new FAILED for MLS_LEVEL", range, 0);
return -1;
}
if (context_range_set(ccon, range)) {
log_it(u->name, getpid(), "context_range_set FAILED for MLS_LEVEL",
- range);
+ range, 0);
return -1;
}
if (!(*ucontextp = context_str(ccon))) {
log_it(u->name, getpid(), "context_str FAILED for MLS_LEVEL",
- range);
+ range, 0);
return -1;
}
if (!(*ucontextp = strdup(*ucontextp))) {
log_it(u->name, getpid(), "strdup FAILED for MLS_LEVEL",
- range);
+ range, 0);
return -1;
}
context_free(ccon);
}
else if (!(*ucontextp = strdup(u->scontext))) {
log_it(u->name, getpid(), "strdup FAILED for MLS_LEVEL",
- range);
+ range, 0);
return -1;
}
#ifdef WITH_SELINUX
static int cron_change_selinux_range(user *u,security_context_t ucontext) {
+ char *msg = NULL;
+
if (is_selinux_enabled() <= 0)
return 0;
{
log_it( u->name, getpid(),
"NULL security context for user",
- "");
+ "", 0);
return -1;
}
else {
log_it( u->name, getpid(),
"NULL security context for user, "
"but SELinux in permissive mode, continuing",
- "");
+ "", 0);
return 0;
}
}
if (!cron_authorize_range( u->scontext, ucontext)) {
if (security_getenforce() > 0) {
#ifdef WITH_AUDIT
- char *msg = NULL;
if (asprintf(&msg, "cron: Unauthorized MLS range acct=%s new_scontext=%s old_scontext=%s",
u->name, (char*)ucontext, u->scontext) >= 0) {
int audit_fd = audit_open();
audit_log_user_message(audit_fd, AUDIT_USER_ROLE_CHANGE, msg, NULL, NULL, NULL, 0);
close(audit_fd);
+ free(msg);
}
- free(msg);
#endif
- syslog(LOG_ERR,
- "CRON (%s) ERROR:"
- "Unauthorized range %s in MLS_LEVEL for user %s",
- u->name, (char*)ucontext, u->scontext);
+ if (asprintf(&msg, "Unauthorized range in %s for user range in %s",
+ (char*)ucontext, u->scontext) >= 0) {
+ log_it(u->name, getpid(), "ERROR", msg, 0);
+ free(msg);
+ }
return -1;
}
else {
- syslog(LOG_INFO,
- "CRON (%s) WARNING:"
- "Unauthorized range %s in MLS_LEVEL for user %s,"
- " but SELinux in permissive mode, continuing",
- u->name, (char*)ucontext, u->scontext);
+ if (asprintf(&msg, "Unauthorized range in %s for user range in %s,"
+ " but SELinux in permissive mod, continuing",
+ (char*)ucontext, u->scontext) >= 0) {
+ log_it(u->name, getpid(), "WARNING", msg, 0);
+ free(msg);
+ }
}
}
}
if (setexeccon(ucontext) < 0 || setkeycreatecon(ucontext) < 0) {
if (security_getenforce() > 0) {
- syslog(LOG_ERR,
- "CRON (%s) ERROR:"
- "Could not set exec or keycreate context to %s for user",
- u->name, (char*)ucontext);
+ if (asprintf(&msg, "Could not set exec or keycreate context to %s for user",
+ (char*)ucontext) >= 0) {
+ log_it(u->name, getpid(), "ERROR", msg, 0);
+ free(msg);
+ }
return -1;
}
else {
- syslog(LOG_ERR,
- "CRON (%s) ERROR:"
- "Could not set exec or keycreate context to %s for user,"
- " but SELinux in permissive mode, continuing",
- u->name, (char*)ucontext);
-
+ if (asprintf(&msg, "Could not set exec or keycreate context to %s for user,"
+ " but SELinux in permissive mode, continuing",
+ (char*)ucontext) >= 0) {
+ log_it(u->name, getpid(), "WARNING", msg, 0);
+ free(msg);
+ }
return 0;
}
}
if (name != NULL) {
if (getseuserbyname(name, &seuser, &level) < 0) {
- log_it(name, getpid(), "getseuserbyname FAILED", name);
+ log_it(name, getpid(), "getseuserbyname FAILED", name, 0);
return (security_getenforce() > 0);
}
}
free(level);
if (retval) {
if (security_getenforce() > 0) {
- log_it(name, getpid(), "No SELinux security context",tabname);
+ log_it(name, getpid(), "No SELinux security context", tabname, 0);
return -1;
} else {
- log_it(name, getpid(), "No security context but SELinux in permissive mode, continuing",tabname);
+ log_it(name, getpid(), "No security context but SELinux in permissive mode, continuing", tabname, 0);
return 0;
}
}
if (fgetfilecon(crontab_fd, &file_context) < OK) {
if (security_getenforce() > 0) {
- log_it(name, getpid(), "getfilecon FAILED", tabname);
+ log_it(name, getpid(), "getfilecon FAILED", tabname, 0);
freecon(scontext);
return -1;
} else {
- log_it(name, getpid(), "getfilecon FAILED but SELinux in permissive mode, continuing", tabname);
+ log_it(name, getpid(), "getfilecon FAILED but SELinux in permissive mode, continuing", tabname, 0);
*rcontext=scontext;
return 0;
}
freecon(scontext);
freecon(file_context);
if (security_getenforce() > 0) {
- log_it(name, getpid(), "Unauthorized SELinux context", tabname);
+ log_it(name, getpid(), "Unauthorized SELinux context", tabname, 0);
return -1;
}
else {
log_it(name, getpid(),
"Unauthorized SELinux context, but SELinux in permissive mode, continuing",
- tabname);
+ tabname, 0);
return 0;
}
}
while ((cronvar = cronenv[count++])) {
if (!(jobenv = env_set(jobenv, cronvar))) {
- syslog(LOG_ERR, "Setting Cron environment variable %s failed", cronvar);
+ log_it("CRON", getpid(), "Setting Cron environment variable failed", cronvar, 0);
return NULL;
}
}
static void
log_error(const char *msg) {
- syslog(LOG_ERR,"CRON: error in (%s) problem is (%s)",FileName,msg);
+ log_it("CRON", getpid(), msg, FileName, 0);
}
void
char **envp, **tenvp;
if (!(file = fdopen(crontab_fd, "r"))) {
- perror("fdopen on crontab_fd in load_user");
+ int save_errno = errno;
+ log_it(uname, getpid(), "FAILED", "fdopen on crontab_fd in load_user", save_errno);
return (NULL);
}
projects / cronie / commitdiff