diff -up cronie-1.1/src/crontab.c.logging cronie-1.1/src/crontab.c --- cronie-1.1/src/crontab.c.logging 2008-05-30 11:29:46.000000000 +0200 +++ cronie-1.1/src/crontab.c 2008-06-17 16:41:55.000000000 +0200 @@ -115,7 +115,7 @@ main(int argc, char *argv[]) { "You (%s) are not allowed to use this program (%s)\n", User, ProgramName); fprintf(stderr, "See crontab(1) for more information\n"); - log_it(RealUser, Pid, "AUTH", "crontab command not allowed"); + log_it(RealUser, Pid, "AUTH", "crontab command not allowed", 0); exit(ERROR_EXIT); } @@ -293,7 +293,7 @@ list_cmd(void) { FILE *f; int ch; - log_it(RealUser, Pid, "LIST", User); + log_it(RealUser, Pid, "LIST", User, 0); if (!glue_strings(n, sizeof n, SPOOL_DIR, User, '/')) { fprintf(stderr, "path too long\n"); exit(ERROR_EXIT); @@ -326,7 +326,7 @@ delete_cmd(void) { ) exit(0); } - log_it(RealUser, Pid, "DELETE", User); + log_it(RealUser, Pid, "DELETE", User, 0); if (!glue_strings(n, sizeof n, SPOOL_DIR, User, '/')) { fprintf(stderr, "path too long\n"); exit(ERROR_EXIT); @@ -366,7 +366,7 @@ edit_cmd(void) { PID_T pid, xpid; int uid; - log_it(RealUser, Pid, "BEGIN EDIT", User); + log_it(RealUser, Pid, "BEGIN EDIT", User, 0); if (!glue_strings(n, sizeof n, SPOOL_DIR, User, '/')) { fprintf(stderr, "path too long\n"); exit(ERROR_EXIT); @@ -607,7 +607,7 @@ edit_cmd(void) { remove: unlink(Filename); done: - log_it(RealUser, Pid, "END EDIT", User); + log_it(RealUser, Pid, "END EDIT", User, 0); } /* returns 0 on success @@ -758,7 +758,7 @@ replace_cmd(void) { goto done; } TempFilename[0] = '\0'; - log_it(RealUser, Pid, "REPLACE", User); + log_it(RealUser, Pid, "REPLACE", User, 0); poke_daemon(); diff -up cronie-1.1/src/entry.c.logging cronie-1.1/src/entry.c --- cronie-1.1/src/entry.c.logging 2008-05-30 11:29:46.000000000 +0200 +++ cronie-1.1/src/entry.c 2008-06-17 16:41:55.000000000 +0200 @@ -284,7 +284,7 @@ load_entry(FILE *file, void (*error_func } e->envp = tenvp; } else - log_it("CRON", getpid(), "error", "can't set SHELL"); + log_it("CRON", getpid(), "error", "can't set SHELL", 0); } if (!env_get("HOME", e->envp)) { if (glue_strings(envstr, sizeof envstr, "HOME", @@ -295,7 +295,7 @@ load_entry(FILE *file, void (*error_func } e->envp = tenvp; } else - log_it("CRON", getpid(), "error", "can't set HOME"); + log_it("CRON", getpid(), "error", "can't set HOME", 0); } #ifndef LOGIN_CAP /* If login.conf is in used we will get the default PATH later. */ @@ -308,7 +308,7 @@ load_entry(FILE *file, void (*error_func } e->envp = tenvp; } else - log_it("CRON", getpid(), "error", "can't set PATH"); + log_it("CRON", getpid(), "error", "can't set PATH", 0); } #endif /* LOGIN_CAP */ if (glue_strings(envstr, sizeof envstr, "LOGNAME", @@ -319,7 +319,7 @@ load_entry(FILE *file, void (*error_func } e->envp = tenvp; } else - log_it("CRON", getpid(), "error", "can't set LOGNAME"); + log_it("CRON", getpid(), "error", "can't set LOGNAME", 0); #if defined(BSD) || defined(__linux) if (glue_strings(envstr, sizeof envstr, "USER", pw->pw_name, '=')) { @@ -329,7 +329,7 @@ load_entry(FILE *file, void (*error_func } e->envp = tenvp; } else - log_it("CRON", getpid(), "error", "can't set USER"); + log_it("CRON", getpid(), "error", "can't set USER", 0); #endif Debug(DPARS, ("load_entry()...about to parse command\n")) diff -up cronie-1.1/src/do_command.c.logging cronie-1.1/src/do_command.c --- cronie-1.1/src/do_command.c.logging 2008-05-30 11:29:46.000000000 +0200 +++ cronie-1.1/src/do_command.c 2008-06-17 16:41:55.000000000 +0200 @@ -30,8 +30,10 @@ static int safe_p(const char *, const c void do_command(entry *e, user *u) { + pid_t pid = getpid(); + Debug(DPROC, ("[%ld] do_command(%s, (%s,%ld,%ld))\n", - (long)getpid(), e->cmd, u->name, + (long)pid, e->cmd, u->name, (long)e->pwd->pw_uid, (long)e->pwd->pw_gid)) /* fork to become asynchronous -- parent process is done immediately, @@ -43,7 +45,7 @@ do_command(entry *e, user *u) { */ switch (fork()) { case -1: - log_it("CRON", getpid(), "error", "can't fork"); + log_it("CRON", pid, "can't fork", "do_command", errno); break; case 0: /* child process */ @@ -57,7 +59,7 @@ do_command(entry *e, user *u) { /* parent process */ break; } - Debug(DPROC, ("[%ld] main process returning to work\n",(long)getpid())) + Debug(DPROC, ("[%ld] main process returning to work\n",(long)pid)) } static void @@ -66,6 +68,7 @@ child_process(entry *e, user *u) { char *input_data, *usernm, *mailto; int children = 0; char **jobenv=0L; + pid_t pid = getpid(); /* Set up the Red Hat security context for both mail/minder and job processes: */ @@ -105,13 +108,13 @@ child_process(entry *e, user *u) { */ if( pipe(stdin_pipe) == -1 ) /* child's stdin */ { - log_it("CRON", getpid(), "pipe() failed:", strerror(errno)); + log_it("CRON", pid, "pipe() failed", "stdin_pipe", errno); return; } if( pipe(stdout_pipe) == -1 ) /* child's stdout */ { - log_it("CRON", getpid(), "pipe() failed:", strerror(errno)); + log_it("CRON", pid, "pipe() failed", "stdout_pipe", errno); return; } @@ -157,7 +160,7 @@ child_process(entry *e, user *u) { */ switch (fork()) { case -1: - log_it("CRON", getpid(), "error", "can't fork"); + log_it("CRON", pid, "can't fork", "child_process", errno); cron_close_pam(); exit(ERROR_EXIT); /*NOTREACHED*/ @@ -173,7 +176,7 @@ child_process(entry *e, user *u) { if ((e->flags & DONT_LOG) == 0) { char *x = mkprints((u_char *)e->cmd, strlen(e->cmd)); - log_it(usernm, getpid(), "CMD", x); + log_it(usernm, getpid(), "CMD", x, 0); free(x); } @@ -490,7 +493,7 @@ child_process(entry *e, user *u) { "mailed %d byte%s of output but got status 0x%04x\n", bytes, (bytes==1)?"":"s", status); - log_it(usernm, getpid(), "MAIL", buf); + log_it(usernm, getpid(), "MAIL", buf, 0); } } /*if data from grandchild*/ @@ -537,7 +540,7 @@ safe_p(const char *usernm, const char *s if (isascii(ch) && isprint(ch) && (isalnum(ch) || (!first && strchr(safe_delim, ch)))) continue; - log_it(usernm, getpid(), "UNSAFE", s); + log_it(usernm, getpid(), "UNSAFE", s, 0); return (FALSE); } return (TRUE); diff -up cronie-1.1/src/cron.c.logging cronie-1.1/src/cron.c --- cronie-1.1/src/cron.c.logging 2008-05-30 11:29:46.000000000 +0200 +++ cronie-1.1/src/cron.c 2008-06-17 16:41:55.000000000 +0200 @@ -55,27 +55,27 @@ int wd1, wd2, wd3, wd4; void set_cron_watched(int fd) { - int ret1, ret2, ret3; + pid_t pid = getpid(); wd1 = inotify_add_watch(fd, CRONDIR, IN_MODIFY | IN_DELETE | IN_CREATE | IN_ATTRIB); if (wd1 < 0) - log_it("CRON",getpid(),"This directory can't be watched",strerror(errno)); + log_it("CRON", pid, "This directory can't be watched", CRONDIR, errno); wd2 = inotify_add_watch(fd, RH_CROND_DIR, IN_MODIFY | IN_DELETE | IN_CREATE | IN_ATTRIB); if (wd2 < 0) - log_it("CRON",getpid(),"This directory can't be watched",strerror(errno)); + log_it("CRON", pid, "This directory can't be watched", RH_CROND_DIR, errno); wd3 = inotify_add_watch(fd, SYSCRONTAB, IN_MODIFY | IN_DELETE | IN_CREATE | IN_ATTRIB); if (wd3 < 0) - log_it("CRON",getpid(),"This file can't be watched ",strerror(errno)); + log_it("CRON", pid, "This file can't be watched", SYSCRONTAB, errno); wd4 = inotify_add_watch(fd, "/var/spool/cron/", IN_MODIFY | IN_DELETE | IN_CREATE | IN_ATTRIB); if (wd4 < 0) - log_it("CRON",getpid(),"This file can't be watched ",strerror(errno)); + log_it("CRON", pid, "This directory can't be watched", "/var/spool/cron", errno); if (wd1 <0 || wd2<0 || wd3<0 || wd4<0) { inotify_enabled = 0; - syslog(LOG_INFO, "CRON (%s) ERROR: run without inotify support"); + log_it("CRON", pid, "INFO", "running without inotify support", 0); } else inotify_enabled = 1; @@ -113,12 +113,13 @@ main(int argc, char *argv[]) { cron_db database; int fd; char *cs; + pid_t pid = getpid(); #if defined WITH_INOTIFY int fildes; fildes = inotify_init(); if (fildes < 0) - syslog(LOG_ERR, "Inotify init failed %m"); + log_it("CRON", pid, "INFO", "Inotify init failed", errno); #endif ProgramName = argv[0]; @@ -155,7 +156,7 @@ main(int argc, char *argv[]) { set_cron_cwd(); if (putenv("PATH="_PATH_DEFPATH) < 0) { - log_it("CRON", getpid(), "DEATH", "can't malloc"); + log_it("CRON", pid, "DEATH", "can't putenv PATH", errno); exit(1); } @@ -181,7 +182,7 @@ main(int argc, char *argv[]) { } else if (NoFork == 0) { switch (fork()) { case -1: - log_it("CRON",getpid(),"DEATH","can't fork"); + log_it("CRON", pid, "DEATH", "can't fork", errno); exit(0); break; case 0: @@ -195,9 +196,9 @@ main(int argc, char *argv[]) { (void) close(fd); } if (inotify_enabled) - log_it("CRON",getpid(),"STARTUP INOTIFY",PACKAGE_VERSION); + log_it("CRON", getpid(), "STARTUP INOTIFY", PACKAGE_VERSION, 0); else - log_it("CRON",getpid(),"STARTUP",PACKAGE_VERSION); + log_it("CRON", getpid(), "STARTUP", PACKAGE_VERSION, 0); break; default: /* parent process should just die */ @@ -362,10 +363,8 @@ main(int argc, char *argv[]) { #if defined WITH_INOTIFY set_cron_unwatched(fildes); - int ret; - ret = close(fildes); - if (ret) - syslog(LOG_ERR, "Inotify can't remove watches %m"); + if (fildes >= 0 && close(fildes) < 0) + log_it("CRON", pid, "INFO", "Inotify can't remove watches", errno); #endif } diff -up cronie-1.1/src/popen.c.logging cronie-1.1/src/popen.c --- cronie-1.1/src/popen.c.logging 2008-05-30 11:29:46.000000000 +0200 +++ cronie-1.1/src/popen.c 2008-06-17 16:41:55.000000000 +0200 @@ -110,7 +110,9 @@ cron_popen(char *program, const char *ty } if (execvp(argv[0], argv) < 0) { - syslog(LOG_ERR, "CRON: Exec of (%s) failed: (%s)", program, strerror(errno)); + int save_errno = errno; + + log_it("CRON", getpid(), "EXEC FAILED", program, save_errno); if (*type != 'r') { while (0 != (out = read(STDIN, buf, PIPE_BUF))) { if ((out == -1) && (errno != EINTR)) diff -up cronie-1.1/src/database.c.logging cronie-1.1/src/database.c --- cronie-1.1/src/database.c.logging 2008-05-30 11:29:46.000000000 +0200 +++ cronie-1.1/src/database.c 2008-06-17 16:41:55.000000000 +0200 @@ -58,35 +58,36 @@ check_open(const char *tabname, const ch struct passwd *pw) { struct stat statbuf; int crontab_fd; + pid_t pid = getpid(); if ((crontab_fd = open(tabname, O_RDONLY|O_NONBLOCK|O_NOFOLLOW, 0)) == -1) { - log_it("CRON", getpid(), "CAN'T OPEN", tabname); + log_it(uname, pid, "CAN'T OPEN", tabname, errno); return(-1); } if (PermitAnyCrontab == 0) { if (fstat(crontab_fd, &statbuf) < OK) { - log_it("CRON", getpid(), "STAT FAILED", tabname); + log_it(uname, pid, "STAT FAILED", tabname, errno); close(crontab_fd); return(-1); } if (!S_ISREG(statbuf.st_mode)) { - syslog(LOG_INFO, "NOT REGULAR %s", tabname); + log_it(uname, pid, "NOT REGULAR", tabname, 0); close(crontab_fd); return(-1); } if ((statbuf.st_mode & 07533) != 0400) { - log_it(fname, getpid(), "BAD FILE MODE", tabname); + log_it(uname, pid, "BAD FILE MODE", tabname, 0); close(crontab_fd); return(-1); } if (statbuf.st_uid != ROOT_UID && (pw == NULL || statbuf.st_uid != pw->pw_uid || strcmp(uname, pw->pw_name) != 0)) { - log_it(fname, getpid(), "WRONG FILE OWNER", tabname); + log_it(uname, pid, "WRONG FILE OWNER", tabname, 0); close(crontab_fd); return(-1); } if (pw && statbuf.st_nlink != 1) { - log_it(fname, getpid(), "BAD LINK COUNT", tabname); + log_it(uname, pid, "BAD LINK COUNT", tabname, 0); close(crontab_fd); return(-1); } @@ -110,7 +111,7 @@ process_inotify_crontab(const char *unam } else if ((pw = getpwnam(uname)) == NULL) { /* file doesn't have a user in passwd file. */ - log_it("CRON", getpid(), "ORPHAN", "no passwd entry"); + log_it(uname, getpid(), "ORPHAN", "no passwd entry", 0); goto next_crontab; } @@ -164,13 +165,14 @@ load_inotify_database(cron_db *old_db, i cron_db new_db; DIR_T *dp; DIR *dir; + pid_t pid = getpid(); new_db.head = new_db.tail = NULL; process_inotify_crontab("root", NULL, SYSCRONTAB, &new_db, old_db, fd, RELOAD); /* RH_CROND_DIR /etc/cron.d */ if (!(dir = opendir(RH_CROND_DIR))) { - log_it("CRON", getpid(), "OPENDIR FAILED", RH_CROND_DIR); + log_it("CRON", pid, "OPENDIR FAILED", RH_CROND_DIR, errno); (void) exit(ERROR_EXIT); } while (NULL != (dp = readdir(dir))) { @@ -187,7 +189,7 @@ load_inotify_database(cron_db *old_db, i closedir(dir); /* SPOOL_DIR */ if (!(dir = opendir(SPOOL_DIR))) { - syslog(LOG_INFO, "CRON: OPENDIR FAILED %s", SPOOL_DIR); + log_it("CRON", pid, "OPENDIR FAILED", SPOOL_DIR, errno); (void) exit(ERROR_EXIT); } @@ -218,6 +220,7 @@ check_inotify_database(cron_db *old_db, fd_set rfds; int retval = 0; char buf[BUF_LEN]; + pid_t pid = getpid(); time.tv_sec = 1; time.tv_usec = 0; @@ -227,17 +230,16 @@ check_inotify_database(cron_db *old_db, retval = select(fd + 1, &rfds, NULL, NULL, &time); if (retval == -1) { - perror("select()"); - syslog(LOG_INFO, "CRON: select failed: %s", strerror(errno)); + log_it("CRON", pid, "INOTIFY", "select failed", errno); } else if (FD_ISSET(fd, &rfds)) { new_db.head = new_db.tail = NULL; if (read(fd, buf, sizeof(buf)) == -1) - log_it("CRON", getpid(), "reading problem",buf); + log_it("CRON", pid, "INOTIFY", "read failed", errno); process_inotify_crontab("root", NULL, SYSCRONTAB, &new_db, old_db, fd, RELOAD); if (!(dir = opendir(RH_CROND_DIR))) { - log_it("CRON", getpid(), "OPENDIR FAILED", RH_CROND_DIR); + log_it("CRON", pid, "OPENDIR FAILED", RH_CROND_DIR, errno); (void) exit(ERROR_EXIT); } while (NULL != (dp = readdir(dir))) { @@ -253,7 +255,7 @@ check_inotify_database(cron_db *old_db, closedir(dir); if (!(dir = opendir(SPOOL_DIR))) { - syslog(LOG_INFO, "CRON: OPENDIR FAILED %s", SPOOL_DIR); + log_it("CRON", pid, "OPENDIR FAILED", SPOOL_DIR, errno); (void) exit(ERROR_EXIT); } while (NULL != (dp = readdir(dir))) { @@ -274,7 +276,7 @@ check_inotify_database(cron_db *old_db, new_db.head = new_db.tail = NULL; process_inotify_crontab("root", NULL, SYSCRONTAB, &new_db, old_db, fd, !RELOAD); if (!(dir = opendir(RH_CROND_DIR))) { - log_it("CRON", getpid(), "OPENDIR FAILED", RH_CROND_DIR); + log_it("CRON", pid, "OPENDIR FAILED", RH_CROND_DIR, errno); (void) exit(ERROR_EXIT); } @@ -291,7 +293,7 @@ check_inotify_database(cron_db *old_db, closedir(dir); if (!(dir = opendir(SPOOL_DIR))) { - syslog(LOG_INFO, "CRON: OPENDIR FAILED %s", SPOOL_DIR); + log_it("CRON", pid, "OPENDIR FAILED", SPOOL_DIR, errno); (void) exit(ERROR_EXIT); } @@ -366,15 +368,16 @@ load_database(cron_db *old_db) { DIR_T *dp; DIR *dir; user *u, *nu; + pid_t pid = getpid(); - Debug(DLOAD, ("[%ld] load_database()\n", (long)getpid())) + Debug(DLOAD, ("[%ld] load_database()\n", (long)pid)) /* before we start loading any data, do a stat on SPOOL_DIR * so that if anything changes as of this moment (i.e., before we've * cached any of the database), we'll see the changes next time. */ if (stat(SPOOL_DIR, &statbuf) < OK) { - log_it("CRON", getpid(), "STAT FAILED", SPOOL_DIR); + log_it("CRON", pid, "STAT FAILED", SPOOL_DIR, errno); (void) exit(ERROR_EXIT); } @@ -385,7 +388,7 @@ load_database(cron_db *old_db) { max_mtime(SPOOL_DIR, &statbuf); if (stat(RH_CROND_DIR, &crond_stat) < OK) { - log_it("CRON", getpid(), "STAT FAILED", RH_CROND_DIR); + log_it("CRON", pid, "STAT FAILED", RH_CROND_DIR, errno); (void) exit(ERROR_EXIT); } @@ -407,7 +410,7 @@ load_database(cron_db *old_db) { TMAX(statbuf.st_mtime, syscron_stat.st_mtime)) ){ Debug(DLOAD, ("[%ld] spool dir mtime unch, no load needed.\n", - (long)getpid())) + (long)pid)) return; } @@ -425,7 +428,7 @@ load_database(cron_db *old_db) { &new_db, old_db); if (!(dir = opendir(RH_CROND_DIR))) { - log_it("CRON", getpid(), "OPENDIR FAILED", RH_CROND_DIR); + log_it("CRON", pid, "OPENDIR FAILED", RH_CROND_DIR, errno); (void) exit(ERROR_EXIT); } @@ -449,7 +452,7 @@ load_database(cron_db *old_db) { */ if (!(dir = opendir(SPOOL_DIR))) { - log_it("CRON", getpid(), "OPENDIR FAILED", SPOOL_DIR); + log_it("CRON", pid, "OPENDIR FAILED", SPOOL_DIR, errno); (void) exit(ERROR_EXIT); } @@ -536,6 +539,7 @@ process_crontab(const char *uname, const int crontab_fd = OK - 1; user *u; int crond_crontab = (fname == NULL) && (strcmp(tabname, SYSCRONTAB) != 0); + pid_t pid = getpid(); if (fname == NULL) { /* must be set to something for logging purposes. @@ -544,39 +548,39 @@ process_crontab(const char *uname, const } else if ((pw = getpwnam(uname)) == NULL) { /* file doesn't have a user in passwd file. */ - log_it(fname, getpid(), "ORPHAN", "no passwd entry"); + log_it(fname, pid, "ORPHAN", "no passwd entry", 0); goto next_crontab; } if ((crontab_fd = open(tabname, O_RDONLY|O_NONBLOCK|O_NOFOLLOW, 0)) < OK) { /* crontab not accessible? */ - log_it(fname, getpid(), "CAN'T OPEN", tabname); + log_it(fname, pid, "CAN'T OPEN", tabname, errno); goto next_crontab; } if (fstat(crontab_fd, statbuf) < OK) { - log_it(fname, getpid(), "FSTAT FAILED", tabname); + log_it(fname, pid, "FSTAT FAILED", tabname, errno); goto next_crontab; } if ( PermitAnyCrontab == 0 ) { if (!S_ISREG(statbuf->st_mode)) { - log_it(fname, getpid(), "NOT REGULAR", tabname); + log_it(fname, pid, "NOT REGULAR", tabname, 0); goto next_crontab; } if ((statbuf->st_mode & 07533) != 0400) { - log_it(fname, getpid(), "BAD FILE MODE", tabname); + log_it(fname, pid, "BAD FILE MODE", tabname, 0); goto next_crontab; } if (statbuf->st_uid != ROOT_UID && (pw == NULL || statbuf->st_uid != pw->pw_uid || strcmp(uname, pw->pw_name) != 0)) { - log_it(fname, getpid(), "WRONG FILE OWNER", tabname); + log_it(fname, pid, "WRONG FILE OWNER", tabname, 0); goto next_crontab; } if (pw && statbuf->st_nlink != 1) { - log_it(fname, getpid(), "BAD LINK COUNT", tabname); + log_it(fname, pid, "BAD LINK COUNT", tabname, 0); goto next_crontab; } } @@ -606,7 +610,7 @@ process_crontab(const char *uname, const Debug(DLOAD, (" [delete old data]")) unlink_user(old_db, u); free_user(u); - log_it(fname, getpid(), "RELOAD", tabname); + log_it(fname, pid, "RELOAD", tabname, 0); } u = load_user(crontab_fd, pw, uname, fname, tabname); if (u != NULL) { @@ -660,9 +664,10 @@ static void max_mtime( char *dir_name, s DIR * dir; DIR_T *dp; struct stat st; + pid_t pid = getpid(); if (!(dir = opendir(dir_name))) { - log_it("CRON", getpid(), "OPENDIR FAILED", dir_name); + log_it("CRON", pid, "OPENDIR FAILED", dir_name, errno); (void) exit(ERROR_EXIT); } diff -up cronie-1.1/src/misc.c.logging cronie-1.1/src/misc.c --- cronie-1.1/src/misc.c.logging 2008-05-30 11:29:46.000000000 +0200 +++ cronie-1.1/src/misc.c 2008-06-17 16:41:55.000000000 +0200 @@ -287,6 +287,7 @@ acquire_daemonlock(int closeflag) { char *ep; long otherpid=-1; ssize_t num, len; + pid_t pid = getpid(); if (closeflag) { /* close stashed fd for child so we don't leak it. */ @@ -301,10 +302,11 @@ acquire_daemonlock(int closeflag) { pidfile = _PATH_CRON_PID; /* Initial mode is 0600 to prevent flock() race/DoS. */ if ((fd = open(pidfile, O_RDWR|O_CREAT, 0600)) == -1) { - sprintf(buf, "can't open or create %s: %s", - pidfile, strerror(errno)); - fprintf(stderr, "%s: %s\n", ProgramName, buf); - log_it("CRON", getpid(), "DEATH", buf); + int save_errno = errno; + sprintf(buf, "can't open or create %s", + pidfile); + fprintf(stderr, "%s: %s: %s\n", ProgramName, buf, strerror(save_errno)); + log_it("CRON", pid, "DEATH", buf, save_errno); exit(ERROR_EXIT); } @@ -315,33 +317,31 @@ acquire_daemonlock(int closeflag) { if ((num = read(fd, buf, sizeof(buf) - 1)) > 0 && (otherpid = strtol(buf, &ep, 10)) > 0 && ep != buf && *ep == '\n' && otherpid != LONG_MAX) { - sprintf(buf, - "can't lock %s, otherpid may be %ld: %s", - pidfile, otherpid, strerror(save_errno)); + snprintf(buf, sizeof(buf), + "can't lock %s, otherpid may be %ld", + pidfile, otherpid); } else { - sprintf(buf, - "can't lock %s, otherpid unknown: %s", - pidfile, strerror(save_errno)); + snprintf(buf, sizeof(buf), + "can't lock %s, otherpid unknown", + pidfile); } - sprintf(buf, "can't lock %s, otherpid may be %ld: %s", - pidfile, otherpid, strerror(save_errno)); - fprintf(stderr, "%s: %s\n", ProgramName, buf); - log_it("CRON", getpid(), "DEATH", buf); + fprintf(stderr, "%s: %s: %s\n", ProgramName, buf, strerror(save_errno)); + log_it("CRON", pid, "DEATH", buf, save_errno); exit(ERROR_EXIT); } (void) fchmod(fd, 0644); (void) fcntl(fd, F_SETFD, 1); } - sprintf(buf, "%ld\n", (long)getpid()); + sprintf(buf, "%ld\n", (long)pid); (void) lseek(fd, (off_t)0, SEEK_SET); len = strlen(buf); if( (num = write(fd, buf, len)) != len ) - log_it("CRON", getpid(), "write() failed:", strerror(errno)); + log_it("CRON", pid, "ERROR", "write() failed", errno); else { if( ftruncate(fd, num) == -1 ) - log_it("CRON", getpid(), "ftruncate() failed:", strerror(errno)); + log_it("CRON", pid, "ERROR", "ftruncate() failed", errno); } /* abandon fd even though the file is open. we need to keep @@ -477,7 +477,7 @@ allowed(const char *username, const char if( ( getuid() == 0 ) && (!isallowed) ) { snprintf(buf,sizeof(buf),"root used -u for user %s not in cron.allow",username); - log_it("crontab",getpid(),"warning",buf); + log_it("crontab", getpid(), "warning", buf, 0); isallowed = TRUE; } } else if ((fp = fopen(deny_file, "r")) != NULL) { @@ -486,7 +486,7 @@ allowed(const char *username, const char if( ( getuid() == 0 ) && (!isallowed) ) { snprintf(buf,sizeof(buf),"root used -u for user %s in cron.deny",username); - log_it("crontab",getpid(),"warning",buf); + log_it("crontab", getpid(), "warning", buf, 0); isallowed = TRUE; } } @@ -502,7 +502,7 @@ allowed(const char *username, const char } void -log_it(const char *username, PID_T xpid, const char *event, const char *detail) { +log_it(const char *username, PID_T xpid, const char *event, const char *detail, int err) { #if defined(LOG_FILE) || DEBUGGING PID_T pid = xpid; #endif @@ -542,10 +542,12 @@ log_it(const char *username, PID_T xpid, * everything out in one chunk and this has to be atomically appended * to the log file. */ - snprintf(msg, msg_size, "%s (%02d/%02d-%02d:%02d:%02d-%d) %s (%s)\n", + snprintf(msg, msg_size, "%s (%02d/%02d-%02d:%02d:%02d-%d) %s (%s)%s%s\n", username, t->tm_mon+1, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec, pid, - event, detail); + event, detail, + err != 0 ? ": " : "", + err != 0 ? strerror(err) : ""); /* we have to run strlen() because sprintf() returns (char*) on old BSD */ @@ -569,14 +571,20 @@ log_it(const char *username, PID_T xpid, syslog_open = TRUE; /* assume openlog success */ } - syslog(LOG_INFO, "(%s) %s (%s)", username, event, detail); + syslog(err != 0 ? LOG_ERR : LOG_INFO, + "(%s) %s (%s)%s%s", username, event, detail, + err != 0 ? ": " : "", + err != 0 ? strerror(err) : ""); + #endif /*SYSLOG*/ #if DEBUGGING if (DebugFlags) { - fprintf(stderr, "log_it: (%s %ld) %s (%s)\n", - username, (long)pid, event, detail); + fprintf(stderr, "log_it: (%s %ld) %s (%s)%s%s\n", + username, (long)pid, event, detail, + err != 0 ? ": " : "", + err != 0 ? strerror(err) : ""); } #endif } diff -up cronie-1.1/src/funcs.h.logging cronie-1.1/src/funcs.h --- cronie-1.1/src/funcs.h.logging 2008-05-30 11:29:46.000000000 +0200 +++ cronie-1.1/src/funcs.h 2008-06-17 16:41:55.000000000 +0200 @@ -38,7 +38,7 @@ void set_cron_uid(void), free_entry(entry *), acquire_daemonlock(int), skip_comments(FILE *), - log_it(const char *, int, const char *, const char *), + log_it(const char *, int, const char *, const char *, int), log_close(void); #if defined WITH_INOTIFY void load_inotify_database(cron_db *, int ), diff -up cronie-1.1/src/security.c.logging cronie-1.1/src/security.c --- cronie-1.1/src/security.c.logging 2008-06-17 16:41:55.000000000 +0200 +++ cronie-1.1/src/security.c 2008-06-17 16:42:23.000000000 +0200 @@ -49,6 +49,9 @@ void cron_restore_default_security_conte int cron_set_job_security_context(entry *e, user *u, char ***jobenv) { time_t minutely_time = 0; +#ifdef WITH_PAM + int ret; +#endif if ((e->flags & MIN_STAR)==MIN_STAR) { /* "minute-ly" job: Every minute for given hour/dow/month/dom. @@ -59,8 +62,8 @@ int cron_set_job_security_context(entry } #ifdef WITH_PAM - if (cron_start_pam(e->pwd) != 0) { - syslog(LOG_INFO, "CRON (%s): failed to open PAM security session: %s", e->pwd->pw_name, pam_strerror(pamh,cron_start_pam(e->pwd))); + if ((ret=cron_start_pam(e->pwd)) != 0) { + log_it(e->pwd->pw_name, getpid(), "FAILED to authorize user with PAM", pam_strerror(pamh, ret), 0); return -1; } #endif @@ -74,14 +77,12 @@ int cron_set_job_security_context(entry security_context_t ucontext=0; if (cron_get_job_range(u, &ucontext, *jobenv) < OK) { - syslog(LOG_ERR, "CRON (%s) ERROR: failed to get selinux context: %s", - e->pwd->pw_name, strerror(errno)); + log_it(e->pwd->pw_name, getpid(), "ERROR", "failed to get SELinux context", 0); return -1; } if (cron_change_selinux_range(u, ucontext) != 0) { - syslog(LOG_INFO,"CRON (%s) ERROR: failed to change SELinux context", - e->pwd->pw_name); + log_it(e->pwd->pw_name, getpid(),"ERROR", "failed to change SELinux context", 0); if ( ucontext ) freecon(ucontext); return -1; @@ -90,19 +91,18 @@ int cron_set_job_security_context(entry freecon(ucontext); #endif #ifdef WITH_PAM - if (cron_open_pam_session(e->pwd) != 0) { - syslog(LOG_INFO, "CRON (%s) ERROR: failed to open PAM security session: %s", e->pwd->pw_name, strerror(errno)); + if ((ret=cron_open_pam_session(e->pwd)) != 0) { + log_it(e->pwd->pw_name, getpid(), "FAILED to open PAM security session", pam_strerror(pamh, ret), 0); return -1; } #endif if (cron_change_user(e->pwd, env_get("HOME", *jobenv)) != 0) { - syslog(LOG_INFO, "CRON (%s) ERROR: failed to open change cron user: %s", e->pwd->pw_name, strerror(errno)); + log_it(e->pwd->pw_name, getpid(), "ERROR", "failed to change user", 0); return -1; } log_close(); - openlog(ProgramName, LOG_PID, LOG_CRON); time_t job_run_time = time(0L); @@ -111,12 +111,15 @@ int cron_set_job_security_context(entry * (eg. by network authentication method timeouts), skip it. */ struct tm tmS, tmN; + char buf[256]; + localtime_r(&job_run_time, &tmN); localtime_r(&minutely_time,&tmS); - syslog(LOG_ERR, - "(%s) error: Job execution of per-minute job scheduled for " - "%.2u:%.2u delayed into subsequent minute %.2u:%.2u. Skipping job run.", - e->pwd->pw_name, tmS.tm_hour, tmS.tm_min, tmN.tm_hour, tmN.tm_min); + + snprintf(buf, sizeof(buf), "Job execution of per-minute job scheduled for " + "%.2u:%.2u delayed into subsequent minute %.2u:%.2u. Skipping job run.", + tmS.tm_hour, tmS.tm_min, tmN.tm_hour, tmN.tm_min); + log_it(e->pwd->pw_name, getpid(), "INFO", buf, 0); return -1; } return 0; @@ -163,27 +166,27 @@ void cron_close_pam(void) { } int cron_change_user(struct passwd *pw, char *homedir) { + pid_t pid = getpid(); /* set our directory, uid and gid. Set gid first, since once * we set uid, we've lost root privledges. */ if (setgid(pw->pw_gid) != 0) { - log_it("CRON", getpid(), "setgid failed:", strerror(errno)); + log_it("CRON", pid, "ERROR", "setgid failed", errno); return -1; } if (initgroups(pw->pw_name, pw->pw_gid) != 0) { - log_it("CRON", getpid(), "initgroups failed:", strerror(errno)); + log_it("CRON", pid, "ERROR", "initgroups failed", errno); return -1; } if (setuid( pw->pw_uid ) != 0) { - log_it("CRON", getpid(), "setuid failed:", strerror(errno)); + log_it("CRON", pid, "ERROR", "setuid failed", errno); return -1; } if (chdir(homedir) == -1) { - log_it("CRON", getpid(), "chdir(HOME) failed:", strerror(errno)); - log_it("CRON", getpid(), homedir, strerror(errno)); + log_it("CRON", pid, "ERROR chdir failed", homedir, errno); return -1; } return 0; @@ -254,12 +257,12 @@ int cron_get_job_context(user *u, void * if (getfilecon( crontab, file_contextp ) == -1) { if (security_getenforce() > 0) { log_it(u->name, getpid(), "getfilecon FAILED for SELINUX_ROLE_TYPE", - sroletype); + sroletype, 0); return -1; } else if (access( crontab, F_OK ) == 0) log_it(u->name, getpid(), "getfilecon FAILED but SELinux in permissive mode, continuing " - "- SELINUX_ROLE_TYPE=", sroletype); + "- SELINUX_ROLE_TYPE", sroletype, 0); } } #endif @@ -282,25 +285,25 @@ static int cron_get_job_range(user *u, s if ((range = env_get("MLS_LEVEL",jobenv)) != 0L) { context_t ccon; if (!(ccon = context_new(u->scontext))) { - log_it(u->name, getpid(), "context_new FAILED for MLS_LEVEL", range); + log_it(u->name, getpid(), "context_new FAILED for MLS_LEVEL", range, 0); return -1; } if (context_range_set(ccon, range)) { log_it(u->name, getpid(), "context_range_set FAILED for MLS_LEVEL", - range); + range, 0); return -1; } if (!(*ucontextp = context_str(ccon))) { log_it(u->name, getpid(), "context_str FAILED for MLS_LEVEL", - range); + range, 0); return -1; } if (!(*ucontextp = strdup(*ucontextp))) { log_it(u->name, getpid(), "strdup FAILED for MLS_LEVEL", - range); + range, 0); return -1; } context_free(ccon); @@ -311,7 +314,7 @@ static int cron_get_job_range(user *u, s } else if (!(*ucontextp = strdup(u->scontext))) { log_it(u->name, getpid(), "strdup FAILED for MLS_LEVEL", - range); + range, 0); return -1; } @@ -321,6 +324,8 @@ static int cron_get_job_range(user *u, s #ifdef WITH_SELINUX static int cron_change_selinux_range(user *u,security_context_t ucontext) { + char *msg = NULL; + if (is_selinux_enabled() <= 0) return 0; @@ -329,14 +334,14 @@ static int cron_change_selinux_range(use { log_it( u->name, getpid(), "NULL security context for user", - ""); + "", 0); return -1; } else { log_it( u->name, getpid(), "NULL security context for user, " "but SELinux in permissive mode, continuing", - ""); + "", 0); return 0; } } @@ -345,46 +350,48 @@ static int cron_change_selinux_range(use if (!cron_authorize_range( u->scontext, ucontext)) { if (security_getenforce() > 0) { #ifdef WITH_AUDIT - char *msg = NULL; if (asprintf(&msg, "cron: Unauthorized MLS range acct=%s new_scontext=%s old_scontext=%s", u->name, (char*)ucontext, u->scontext) >= 0) { int audit_fd = audit_open(); audit_log_user_message(audit_fd, AUDIT_USER_ROLE_CHANGE, msg, NULL, NULL, NULL, 0); close(audit_fd); + free(msg); } - free(msg); #endif - syslog(LOG_ERR, - "CRON (%s) ERROR:" - "Unauthorized range %s in MLS_LEVEL for user %s", - u->name, (char*)ucontext, u->scontext); + if (asprintf(&msg, "Unauthorized range in %s for user range in %s", + (char*)ucontext, u->scontext) >= 0) { + log_it(u->name, getpid(), "ERROR", msg, 0); + free(msg); + } return -1; } else { - syslog(LOG_INFO, - "CRON (%s) WARNING:" - "Unauthorized range %s in MLS_LEVEL for user %s," - " but SELinux in permissive mode, continuing", - u->name, (char*)ucontext, u->scontext); + if (asprintf(&msg, "Unauthorized range in %s for user range in %s," + " but SELinux in permissive mod, continuing", + (char*)ucontext, u->scontext) >= 0) { + log_it(u->name, getpid(), "WARNING", msg, 0); + free(msg); + } } } } if (setexeccon(ucontext) < 0 || setkeycreatecon(ucontext) < 0) { if (security_getenforce() > 0) { - syslog(LOG_ERR, - "CRON (%s) ERROR:" - "Could not set exec or keycreate context to %s for user", - u->name, (char*)ucontext); + if (asprintf(&msg, "Could not set exec or keycreate context to %s for user", + (char*)ucontext) >= 0) { + log_it(u->name, getpid(), "ERROR", msg, 0); + free(msg); + } return -1; } else { - syslog(LOG_ERR, - "CRON (%s) ERROR:" - "Could not set exec or keycreate context to %s for user," - " but SELinux in permissive mode, continuing", - u->name, (char*)ucontext); - + if (asprintf(&msg, "Could not set exec or keycreate context to %s for user," + " but SELinux in permissive mode, continuing", + (char*)ucontext) >= 0) { + log_it(u->name, getpid(), "WARNING", msg, 0); + free(msg); + } return 0; } } @@ -410,7 +417,7 @@ int get_security_context( const char *na if (name != NULL) { if (getseuserbyname(name, &seuser, &level) < 0) { - log_it(name, getpid(), "getseuserbyname FAILED", name); + log_it(name, getpid(), "getseuserbyname FAILED", name, 0); return (security_getenforce() > 0); } } @@ -420,21 +427,21 @@ int get_security_context( const char *na free(level); if (retval) { if (security_getenforce() > 0) { - log_it(name, getpid(), "No SELinux security context",tabname); + log_it(name, getpid(), "No SELinux security context", tabname, 0); return -1; } else { - log_it(name, getpid(), "No security context but SELinux in permissive mode, continuing",tabname); + log_it(name, getpid(), "No security context but SELinux in permissive mode, continuing", tabname, 0); return 0; } } if (fgetfilecon(crontab_fd, &file_context) < OK) { if (security_getenforce() > 0) { - log_it(name, getpid(), "getfilecon FAILED", tabname); + log_it(name, getpid(), "getfilecon FAILED", tabname, 0); freecon(scontext); return -1; } else { - log_it(name, getpid(), "getfilecon FAILED but SELinux in permissive mode, continuing", tabname); + log_it(name, getpid(), "getfilecon FAILED but SELinux in permissive mode, continuing", tabname, 0); *rcontext=scontext; return 0; } @@ -444,13 +451,13 @@ int get_security_context( const char *na freecon(scontext); freecon(file_context); if (security_getenforce() > 0) { - log_it(name, getpid(), "Unauthorized SELinux context", tabname); + log_it(name, getpid(), "Unauthorized SELinux context", tabname, 0); return -1; } else { log_it(name, getpid(), "Unauthorized SELinux context, but SELinux in permissive mode, continuing", - tabname); + tabname, 0); return 0; } } @@ -496,7 +503,7 @@ static char ** build_env(char **cronenv) while ((cronvar = cronenv[count++])) { if (!(jobenv = env_set(jobenv, cronvar))) { - syslog(LOG_ERR, "Setting Cron environment variable %s failed", cronvar); + log_it("CRON", getpid(), "Setting Cron environment variable failed", cronvar, 0); return NULL; } } diff -up cronie-1.1/src/user.c.logging cronie-1.1/src/user.c --- cronie-1.1/src/user.c.logging 2008-05-30 11:29:46.000000000 +0200 +++ cronie-1.1/src/user.c 2008-06-17 16:41:55.000000000 +0200 @@ -32,7 +32,7 @@ static const char *FileName; static void log_error(const char *msg) { - syslog(LOG_ERR,"CRON: error in (%s) problem is (%s)",FileName,msg); + log_it("CRON", getpid(), msg, FileName, 0); } void @@ -59,7 +59,8 @@ load_user(int crontab_fd, struct passwd char **envp, **tenvp; if (!(file = fdopen(crontab_fd, "r"))) { - perror("fdopen on crontab_fd in load_user"); + int save_errno = errno; + log_it(uname, getpid(), "FAILED", "fdopen on crontab_fd in load_user", save_errno); return (NULL); }