From: Joe Orton Date: Wed, 23 May 2012 15:42:33 +0000 (+0000) Subject: suexec: Add support for logging to syslog as an alternative to a X-Git-Tag: 2.5.0-alpha~6797 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=cc9eab4c92d66e8e0f6fa169a2641858f92de951;p=apache suexec: Add support for logging to syslog as an alternative to a logfile. * support/suexec.c (err_output) [AP_LOG_SYSLOG]: Log to syslog. (main): Close syslog fd if open, before execv. Add -V output for AP_LOG_SYSLOG. * configure.in: Add --with-suexec-syslog argument; allow --without-suexec-logfile to omit definition of AP_LOG_EXEC. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1341905 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 0a7839d9b6..34c65d91a1 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + *) suexec: Add support for logging to syslog as an alternative to + logging to a file; use --without-suexec-logfile --with-suexec-syslog. + [Joe Orton] + *) mod_proxy_ajp: Reduce memory usage in case of many keep-alive requests on one connection. PR 52275. [Naohiro Ooiwa ] diff --git a/configure.in b/configure.in index 10d645cd7e..59b4fcb48c 100644 --- a/configure.in +++ b/configure.in @@ -703,7 +703,24 @@ APACHE_HELP_STRING(--with-suexec-gidmin,Minimal allowed GID),[ AC_ARG_WITH(suexec-logfile, APACHE_HELP_STRING(--with-suexec-logfile,Set the logfile),[ - AC_DEFINE_UNQUOTED(AP_LOG_EXEC, "$withval", [SuExec log file] ) ] ) + if test "x$withval" = "xyes"; then + AC_DEFINE_UNQUOTED(AP_LOG_EXEC, "$withval", [SuExec log file]) + fi +]) + +AC_ARG_WITH(suexec-syslog, +APACHE_HELP_STRING(--with-suexec-syslog,Set the logfile),[ + if test $withval = "yes"; then + if test "x${with_suexec_logfile}" != "xno"; then + AC_MSG_NOTICE([hint: use "--without-suexec-logfile --with-suexec-syslog"]) + AC_MSG_ERROR([suexec does not support both logging to file and syslog]) + fi + AC_CHECK_FUNCS([vsyslog], [], [ + AC_MSG_ERROR([cannot support syslog from suexec without vsyslog()])]) + AC_DEFINE(AP_LOG_SYSLOG, 1, [SuExec log to syslog]) + fi +]) + AC_ARG_WITH(suexec-safepath, APACHE_HELP_STRING(--with-suexec-safepath,Set the safepath),[ diff --git a/support/suexec.c b/support/suexec.c index 2c4e2c3bf0..8d7fcfdd99 100644 --- a/support/suexec.c +++ b/support/suexec.c @@ -58,6 +58,10 @@ #include #endif +#ifdef AP_LOG_SYSLOG +#include +#endif + #if defined(PATH_MAX) #define AP_MAXPATH PATH_MAX #elif defined(MAXPATHLEN) @@ -69,7 +73,12 @@ #define AP_ENVBUF 256 extern char **environ; + +#ifdef AP_LOG_SYSLOG +static int log_open; +#else static FILE *log = NULL; +#endif static const char *const safe_env_lst[] = { @@ -137,7 +146,14 @@ static void err_output(int is_error, const char *fmt, va_list ap) static void err_output(int is_error, const char *fmt, va_list ap) { -#ifdef AP_LOG_EXEC +#if defined(AP_LOG_SYSLOG) + if (!log_open) { + openlog("suexec", LOG_PID, LOG_DAEMON); + log_open = 1; + } + + vsyslog(is_error ? LOG_ERR : LOG_INFO, fmt, ap); +#elif defined(AP_LOG_EXEC) time_t timevar; struct tm *lt; @@ -295,7 +311,9 @@ int main(int argc, char *argv[]) #ifdef AP_HTTPD_USER fprintf(stderr, " -D AP_HTTPD_USER=\"%s\"\n", AP_HTTPD_USER); #endif -#ifdef AP_LOG_EXEC +#if defined(AP_LOG_SYSLOG) + fprintf(stderr, " -D AP_LOG_SYSLOG\n"); +#elif defined(AP_LOG_EXEC) fprintf(stderr, " -D AP_LOG_EXEC=\"%s\"\n", AP_LOG_EXEC); #endif #ifdef AP_SAFE_PATH @@ -591,6 +609,12 @@ int main(int argc, char *argv[]) #endif /* AP_SUEXEC_UMASK */ /* Be sure to close the log file so the CGI can't mess with it. */ +#ifdef AP_LOG_SYSLOG + if (log_open) { + closelog(); + log_open = 0; + } +#else if (log != NULL) { #if APR_HAVE_FCNTL_H /* @@ -612,6 +636,7 @@ int main(int argc, char *argv[]) log = NULL; #endif } +#endif /* * Execute the command, replacing our image with its own.