Package: cron
Source: cron
Version: 3.0pl1-127+deb8u1
Severity: normal
Tags: patch
Dear Maintainer,
several debian changes that were made to the original cron utility by
Vixie break the ability to build the package
without syslog.
This happens, because code in several positions calls the syslog()
function, without checking if the SYSLOG directive is even defined
(which happens in config.h).
Additionally a direct call to the syslog() function circumvents the
log_it() function, implemented in misc.c for this specific reason.
The included patch fixes this issue by uniformly calling the implemented
log_it() function and respecting the definition of the SYSLOG directive.
Additionally, the log_it() function is expanded with a priority
argument, allowing each call of log_it() to pass an appropriate priority
logging level. All log_it() calls are expanded with an appropriate
priority level.
If you need any more info/help, please do not hesitate to contact me (or
reply to this bug report).
-- Package-specific info:
--- EDITOR:
--- /usr/bin/editor:
/bin/nano
--- /usr/bin/crontab:
-rwxr-sr-x 1 root crontab 36008 Jun 11 2015 /usr/bin/crontab
--- /var/spool/cron:
drwxr-xr-x 3 root root 4 Jan 12 13:58 /var/spool/cron
--- /var/spool/cron/crontabs:
drwx-wx--T 2 root crontab 2 Jun 11 2015 /var/spool/cron/crontabs
--- /etc/cron.d:
drwxr-xr-x 2 root root 4 Jan 12 13:58 /etc/cron.d
--- /etc/cron.daily:
drwxr-xr-x 2 root root 11 Jan 12 13:58 /etc/cron.daily
--- /etc/cron.hourly:
drwxr-xr-x 2 root root 3 Jan 12 13:58 /etc/cron.hourly
--- /etc/cron.monthly:
drwxr-xr-x 2 root root 4 Jan 12 13:58 /etc/cron.monthly
--- /etc/cron.weekly:
drwxr-xr-x 2 root root 5 Jan 12 13:58 /etc/cron.weekly
-- System Information:
Debian Release: 8.10
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect
Versions of packages cron depends on:
ii adduser 3.113+nmu3
ii debianutils 4.4+b1
ii dpkg 1.17.27
ii init-system-helpers 1.22
ii libc6 2.19-18+deb8u10
ii libpam-runtime 1.1.8-3.1+deb8u2
ii libpam0g 1.1.8-3.1+deb8u2+b1
ii libselinux1 2.3-2
ii lsb-base 4.1+Debian13+nmu1
Versions of packages cron recommends:
ii exim4 4.84.2-2+deb8u4
ii exim4-daemon-light [mail-transport-agent] 4.84.2-2+deb8u4
Versions of packages cron suggests:
ii anacron 2.3-23
pn checksecurity <none>
ii logrotate 3.8.7-1+b1
Versions of packages cron is related to:
pn libnss-ldap <none>
pn libnss-ldapd <none>
pn libpam-ldap <none>
pn libpam-mount <none>
pn nis <none>
pn nscd <none>
-- Configuration Files:
/etc/crontab changed:
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
17 * * * * root cd / && run-parts --report /etc/cron.hourly
25 6 * * * root test -x /usr/sbin/anacron || ( cd / &&
run-parts --report /etc/cron.daily )
47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / &&
run-parts --report /etc/cron.weekly )
52 6 1 * * root test -x /usr/sbin/anacron || ( cd / &&
run-parts --report /etc/cron.monthly )
* * * * * root echo test >> /var/log/test
-- no debconf information
diff -u cron-3.0pl1/cron.c cron-3.0pl1/cron.c
--- cron-3.0pl1/cron.c
+++ cron-3.0pl1/cron.c
@@ -106,7 +106,7 @@
setlocale(LC_COLLATE, "C"); /* Except for collation, since
load_database() uses a-z */
/* Except that "US-ASCII" is preferred to "ANSI_x3.4-1968" in MIME,
* even though "ANSI_x3.4-1968" is the official charset name. */
- if ( ( cs = nl_langinfo( CODESET ) ) != 0L &&
+ if ( ( cs = nl_langinfo( CODESET ) ) != 0L &&
strcasecmp(cs, "ANSI_x3.4-1968") != 0 )
strncpy( cron_default_mail_charset, cs, MAX_ENVSTR );
else
@@ -123,12 +123,12 @@
} else if (!stay_foreground) {
switch (fork()) {
case -1:
- log_it("CRON",getpid(),"DEATH","can't fork");
+ log_it(LOG_ERR, "CRON", getpid(), "DEATH", "can't
fork");
exit(0);
break;
case 0:
/* child process */
- log_it("CRON",getpid(),"STARTUP","fork ok");
+ log_it(LOG_INFO, "CRON", getpid(), "STARTUP", "fork
ok");
(void) setsid();
freopen("/dev/null", "r", stdin);
freopen("/dev/null", "w", stdout);
@@ -234,8 +234,8 @@
getpid(), timeRunning - virtualTime))
/* run wildcard jobs for current minute */
find_jobs(timeRunning, &database, TRUE, FALSE);
-
- /* run fixed-time jobs for each minute missed
*/
+
+ /* run fixed-time jobs for each minute missed */
do {
if (job_runqueue())
sleep(10);
@@ -245,7 +245,7 @@
} while (virtualTime< timeRunning &&
clockTime == timeRunning);
break;
-
+
case 0:
/*
* case 3: timeDiff is a small or medium-sized
@@ -290,23 +290,23 @@
/* Run on actual reboot, rather than cron restart */
if (access(REBOOT_FILE, F_OK) == 0) {
/* File exists, return */
- log_it("CRON", getpid(),"INFO",
+ log_it(LOG_INFO, "CRON", getpid(),"INFO",
"Skipping @reboot jobs -- not system startup");
return;
}
/* Create the file */
if ((rbfd = creat(REBOOT_FILE, S_IRUSR&S_IWUSR)) < 0) {
/* Bad news, bail out */
- log_it("CRON",getpid(),"DEATH","Can't create reboot check
file");
+ log_it(LOG_ERR, "CRON",getpid(),"DEATH","Can't create reboot
check file");
exit(0);
} else {
close(rbfd);
- log_it("CRON", getpid(),"INFO", "Running @reboot jobs");
+ log_it(LOG_INFO, "CRON", getpid(),"INFO", "Running @reboot
jobs");
}
-
+
Debug(DMISC, ("[%d], Debian running reboot jobs\n",getpid()));
-
+
#endif
Debug(DMISC, ("[%d], vixie running reboot jobs\n", getpid()));
for (u = db->head; u != NULL; u = u->next) {
@@ -455,7 +455,7 @@
sighup_handler(x) {
log_close();
- /* we should use sigaction for proper signal blocking as this
+ /* we should use sigaction for proper signal blocking as this
has a race, but... */
signal(SIGHUP, sighup_handler);
}
diff -u cron-3.0pl1/cron.h cron-3.0pl1/cron.h
--- cron-3.0pl1/cron.h
+++ cron-3.0pl1/cron.h
@@ -140,6 +140,21 @@
#define CRON_LOG_JOBFAILED 0x04
#define CRON_LOG_JOBPID 0x08
+/* Log priorities */
+#if !defined(SYSLOG)
+#define LOG_EMERG 0
+#define LOG_ALERT 1
+#define LOG_CRIT 2
+#define LOG_ERR 3
+#define LOG_WARNING 4
+#define LOG_NOTICE 5
+#define LOG_INFO 6
+#define LOG_DEBUG 7
+#else
+#include <syslog.h>
+#endif
+
+
#define SECONDS_PER_MINUTE 60
#define FIRST_MINUTE 0
@@ -171,7 +186,7 @@
typedef struct _entry {
struct _entry *next;
- uid_t uid;
+ uid_t uid;
gid_t gid;
char **envp;
char *cmd;
@@ -236,7 +251,7 @@
free_entry __P((entry *)),
acquire_daemonlock __P((int)),
skip_comments __P((FILE *)),
- log_it __P((char *, int, char *, char *)),
+ log_it __P((int, char *, int, char *, char *)),
log_close __P((void)),
check_orphans __P((cron_db *));
diff -u cron-3.0pl1/crontab.c cron-3.0pl1/crontab.c
--- cron-3.0pl1/crontab.c
+++ cron-3.0pl1/crontab.c
@@ -112,7 +112,7 @@
#endif
if (argv[1] == NULL) {
argv[1] = "-";
- }
+ }
parse_args(argc, argv); /* sets many globals, opens a file */
set_cron_cwd();
if (!allowed(User)) {
@@ -121,7 +121,7 @@
"You (%s) are not allowed to use this program
(%s)\n",
User, ProgramName);
fprintf(stderr, "See crontab(1) for more information\n");
- log_it(RealUser, Pid, "AUTH", "crontab command not
allowed");
+ log_it(LOG_NOTICE, RealUser, Pid, "AUTH", "crontab command
not allowed");
} else {
/* If the user is not allowed but root is running the
* program warn but do not log */
@@ -152,7 +152,7 @@
exit(exitstatus);
/*NOTREACHED*/
}
-
+
#if DEBUGGING
char *getoptarg = "u:lerix:";
#else
@@ -307,10 +307,10 @@
char *ctnh;
#endif
- log_it(RealUser, Pid, "LIST", User);
+ log_it(LOG_INFO, RealUser, Pid, "LIST", User);
(void) snprintf(n, MAX_FNAME, CRON_TAB(User));
if (!(f = fopen(n, "r"))) {
- if (errno == ENOENT)
+ if (errno == ENOENT)
fprintf(stderr, "no crontab for %s\n", User);
else {
fprintf(stderr, "%s/: fopen: %s\n", n,
strerror(errno));
@@ -327,7 +327,7 @@
/* ignore the top few comments since we probably put them there.
*/
if (!(ctnh = getenv("CRONTAB_NOHEADER")) ||
- toupper(*ctnh) != 'N')
+ toupper(*ctnh) != 'N')
{
for (x = 0; x < NHEADER_LINES; x++) {
ch = get_char(f);
@@ -386,7 +386,7 @@
exit(OK_EXIT);
}
- log_it(RealUser, Pid, "DELETE", User);
+ log_it(LOG_INFO, RealUser, Pid, "DELETE", User);
if (unlink(n)) {
if (errno == ENOENT)
fprintf(stderr, "no crontab for %s\n", User);
@@ -502,7 +502,7 @@
just bail, and let the user/admin deal with it.*/
static void
-cleanup_tmp_crontab(void)
+cleanup_tmp_crontab(void)
{
DIR *dp;
struct dirent *ep;
@@ -555,7 +555,7 @@
mode_t um;
int add_help_text = 0;
- log_it(RealUser, Pid, "BEGIN EDIT", User);
+ log_it(LOG_INFO, RealUser, Pid, "BEGIN EDIT", User);
(void) snprintf(n, MAX_FNAME, CRON_TAB(User));
if (!(f = fopen(n, "r"))) {
if (errno != ENOENT) {
@@ -588,7 +588,7 @@
Set_LineNum(1)
if (add_help_text) {
- fprintf(NewCrontab,
+ fprintf(NewCrontab,
"# Edit this file to introduce tasks to be run by cron.\n"
"# \n"
"# Each task to run has to be defined through a single line\n"
@@ -609,7 +609,7 @@
"# at 5 a.m every week with:\n"
"# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/\n"
"# \n"
-"# For more information see the manual pages of crontab(5) and cron(8)\n"
+"# For more information see the manual pages of crontab(5) and cron(8)\n"
"# \n"
"# m h dom mon dow command\n" );
}
@@ -795,7 +795,7 @@
remove:
cleanup_tmp_crontab();
done:
- log_it(RealUser, Pid, "END EDIT", User);
+ log_it(LOG_INFO, RealUser, Pid, "END EDIT", User);
return;
fatal:
cleanup_tmp_crontab();
@@ -809,7 +809,7 @@
{
unlink(tn);
exit(1);
-}
+}
/* returns 0 on success
* -1 on syntax error
@@ -953,7 +953,7 @@
}
- log_it(RealUser, Pid, "REPLACE", User);
+ log_it(LOG_INFO, RealUser, Pid, "REPLACE", User);
poke_daemon();
diff -u cron-3.0pl1/database.c cron-3.0pl1/database.c
--- cron-3.0pl1/database.c
+++ cron-3.0pl1/database.c
@@ -39,7 +39,7 @@
#ifndef PATH_MAX
#ifdef MAXPATHLEN
-#define PATH_MAX MAXPATHLEN
+#define PATH_MAX MAXPATHLEN
#else
#define PATH_MAX 2048
#endif
@@ -72,7 +72,7 @@
#ifdef DEBIAN
struct stat syscrond_stat;
struct stat syscrond_file_stat;
-
+
char syscrond_fname[PATH_MAX+1];
int syscrond_change = 0;
#endif
@@ -84,14 +84,14 @@
* cached any of the database), we'll see the changes next time.
*/
if (stat(SPOOL_DIR, &statbuf) < OK) {
- log_it("CRON", getpid(), "STAT FAILED", SPOOL_DIR);
+ log_it(LOG_WARNING, "CRON", getpid(), "STAT FAILED", SPOOL_DIR);
statbuf.st_mtime = 0;
}
/* track system crontab file
*/
if (stat(SYSCRONTAB, &syscron_stat) < OK) {
- log_it("CRON", getpid(), "STAT FAILED", SYSCRONTAB);
+ log_it(LOG_WARNING, "CRON", getpid(), "STAT FAILED",
SYSCRONTAB);
syscron_stat.st_mtime = 0;
}
@@ -101,7 +101,7 @@
* file check won't
*/
if (stat(SYSCRONDIR, &syscrond_stat) < OK) {
- log_it("CRON", getpid(), "STAT FAILED", SYSCRONDIR);
+ log_it(LOG_WARNING, "CRON", getpid(), "STAT FAILED",
SYSCRONDIR);
syscrond_stat.st_mtime = 0;
}
@@ -184,7 +184,7 @@
#ifdef DEBIAN
/* Read all the package crontabs. */
if (!(dir = opendir(SYSCRONDIR))) {
- log_it("CRON", getpid(), "OPENDIR FAILED", SYSCRONDIR);
+ log_it(LOG_WARNING, "CRON", getpid(), "OPENDIR FAILED",
SYSCRONDIR);
}
while (dir != NULL && NULL != (dp = readdir(dir))) {
@@ -226,7 +226,7 @@
* we fork a lot more often than the mtime of the dir changes.
*/
if (!(dir = opendir(SPOOL_DIR))) {
- log_it("CRON", getpid(), "OPENDIR FAILED", SPOOL_DIR);
+ log_it(LOG_WARNING, "CRON", getpid(), "OPENDIR FAILED",
SPOOL_DIR);
}
while (dir != NULL && NULL != (dp = readdir(dir))) {
@@ -344,7 +344,7 @@
*/
if (strncmp(fname, "tmp.", 4)) {
/* don't log these temporary files */
- log_it(fname, getpid(), "ORPHAN", "no passwd entry");
+ log_it(LOG_NOTICE, fname, getpid(), "ORPHAN", "no
passwd entry");
add_orphan(uname, fname, tabname);
}
goto next_crontab;
@@ -355,38 +355,38 @@
if ((crontab_fd = open(tabname, O_RDONLY|O_NOFOLLOW, 0)) < OK) {
/* crontab not accessible?
*/
- log_it(fname, getpid(), "CAN'T OPEN", tabname);
+ log_it(LOG_WARNING, fname, getpid(), "CAN'T OPEN", tabname);
goto next_crontab;
}
if (fstat(crontab_fd, statbuf) < OK) {
- log_it(fname, getpid(), "FSTAT FAILED", tabname);
+ log_it(LOG_WARNING, fname, getpid(), "FSTAT FAILED", tabname);
goto next_crontab;
}
/* Check to make sure that the crontab is owned by the correct user
(or root) */
if (statbuf->st_uid != pw->pw_uid && statbuf->st_uid != ROOT_UID) {
- log_it(fname, getpid(), "WRONG FILE OWNER", tabname);
+ log_it(LOG_NOTICE, fname, getpid(), "WRONG FILE OWNER",
tabname);
force_rescan_user(old_db, new_db, fname, 0);
goto next_crontab;
}
/* Check to make sure that the crontab is a regular file */
if (!S_ISREG(statbuf->st_mode)) {
- log_it(fname, getpid(), "NOT A REGULAR FILE", tabname);
+ log_it(LOG_WARNING, fname, getpid(), "NOT A REGULAR FILE",
tabname);
goto next_crontab;
}
/* Check to make sure that the crontab's permissions are secure */
if ((statbuf->st_mode & 07777) != 0600) {
- log_it(fname, getpid(), "INSECURE MODE (mode 0600 expected)",
tabname);
+ log_it(LOG_NOTICE, fname, getpid(), "INSECURE MODE (mode 0600
expected)", tabname);
force_rescan_user(old_db, new_db, fname, 0);
goto next_crontab;
}
/* Check to make sure that there are no hardlinks to the crontab */
if (statbuf->st_nlink != 1) {
- log_it(fname, getpid(), "NUMBER OF HARD LINKS > 1", tabname);
+ log_it(LOG_NOTICE, fname, getpid(), "NUMBER OF HARD LINKS > 1",
tabname);
force_rescan_user(old_db, new_db, fname, 0);
goto next_crontab;
}
@@ -394,11 +394,11 @@
/* System crontab path. These can be symlinks, but the
symlink and the target must be owned by root. */
if (lstat(tabname, statbuf) < OK) {
- log_it(fname, getpid(), "LSTAT FAILED", tabname);
+ log_it(LOG_WARNING, fname, getpid(), "LSTAT FAILED", tabname);
goto next_crontab;
}
if (S_ISLNK(statbuf->st_mode) && statbuf->st_uid != ROOT_UID) {
- log_it(fname, getpid(), "WRONG SYMLINK OWNER", tabname);
+ log_it(LOG_NOTICE, fname, getpid(), "WRONG SYMLINK OWNER",
tabname);
force_rescan_user(old_db, new_db, fname, 0);
goto next_crontab;
}
@@ -411,30 +411,30 @@
error is bad so we skip it instead.
*/
if (S_ISLNK(statbuf->st_mode)) {
- log_it(fname, getpid(), "CAN'T OPEN SYMLINK", tabname);
+ log_it(LOG_NOTICE, fname, getpid(), "CAN'T OPEN SYMLINK",
tabname);
force_rescan_user(old_db, new_db, fname, 0);
goto next_crontab;
} else {
- log_it(fname, getpid(), "CAN'T OPEN", tabname);
+ log_it(LOG_WARNING, fname, getpid(), "CAN'T OPEN", tabname);
goto next_crontab;
}
}
if (fstat(crontab_fd, statbuf) < OK) {
- log_it(fname, getpid(), "FSTAT FAILED", tabname);
+ log_it(LOG_WARNING, fname, getpid(), "FSTAT FAILED", tabname);
goto next_crontab;
}
/* Check to make sure that the crontab is owned by root */
if (statbuf->st_uid != ROOT_UID) {
- log_it(fname, getpid(), "WRONG FILE OWNER", tabname);
+ log_it(LOG_NOTICE, fname, getpid(), "WRONG FILE OWNER",
tabname);
force_rescan_user(old_db, new_db, fname, 0);
goto next_crontab;
}
/* Check to make sure that the crontab is a regular file */
if (!S_ISREG(statbuf->st_mode)) {
- log_it(fname, getpid(), "NOT A REGULAR FILE", tabname);
+ log_it(LOG_NOTICE, fname, getpid(), "NOT A REGULAR FILE",
tabname);
goto next_crontab;
}
@@ -443,7 +443,7 @@
* (mode 0600). An upgrade path could be implemented for 4.1
*/
if ((statbuf->st_mode & S_IWGRP) || (statbuf->st_mode & S_IWOTH)) {
- log_it(fname, getpid(), "INSECURE MODE (group/other writable)",
tabname);
+ log_it(LOG_NOTICE, fname, getpid(), "INSECURE MODE (group/other
writable)", tabname);
force_rescan_user(old_db, new_db, fname, 0);
goto next_crontab;
}
@@ -456,7 +456,7 @@
/* Check to make sure that there are no hardlinks to the crontab */
if (statbuf->st_nlink != 1) {
- log_it(fname, getpid(), "NUMBER OF HARD LINKS > 1", tabname);
+ log_it(LOG_NOTICE, fname, getpid(), "NUMBER OF HARD LINKS > 1",
tabname);
force_rescan_user(old_db, new_db, fname, 0);
goto next_crontab;
}
@@ -492,7 +492,7 @@
Debug(DLOAD, (" [delete old data]"))
unlink_user(old_db, u);
free_user(u);
- log_it(fname, getpid(), "RELOAD", tabname);
+ log_it(LOG_INFO, fname, getpid(), "RELOAD", tabname);
}
u = load_user(crontab_fd, pw, uname, fname, tabname);
@@ -507,7 +507,7 @@
* has actually taken place.
*/
force_rescan_user(old_db, new_db, fname, statbuf->st_mtime);
- }
+ }
next_crontab:
@@ -542,7 +542,7 @@
|| regcomp(&tradre, "^[a-z0-9][a-z0-9-]*$", REG_NOSUB)
|| regcomp(&classicalre, "^[a-zA-Z0-9_-]+$",
REG_EXTENDED | REG_NOSUB)) {
- log_it("CRON", getpid(), "REGEX FAILED", "valid_name");
+ log_it(LOG_NOTICE, "CRON", getpid(), "REGEX FAILED", "valid_name");
(void) exit(ERROR_EXIT);
}
}
@@ -595,11 +595,11 @@
/* Allocate an empty crontab with the specified mtime, add it to new DB
*/
if ((u = (user *) malloc(sizeof(user))) == NULL) {
errno = ENOMEM;
- }
+ }
if ((u->name = strdup(fname)) == NULL) {
free(u);
errno = ENOMEM;
- }
+ }
u->mtime = old_mtime;
u->crontab = NULL;
#ifdef WITH_SELINUX
@@ -634,7 +634,7 @@
orphans = next;
} else {
prev_orphan->next = next;
- }
+ }
process_crontab(o->uname, o->fname, o->tabname,
&statbuf, db, NULL);
@@ -642,19 +642,19 @@
/* process_crontab could have added a new orphan */
if (prev_orphan == NULL && orphans != next) {
prev_orphan = orphans;
- }
+ }
free_orphan(o);
o = next;
} else {
prev_orphan = o;
o = o->next;
- }
- }
+ }
+ }
}
static void
add_orphan(const char *uname, const char *fname, const char *tabname) {
- orphan *o;
+ orphan *o;
o = calloc(1, sizeof(*o));
if (o == NULL)
diff -u cron-3.0pl1/debian/changelog cron-3.0pl1/debian/changelog
--- cron-3.0pl1/debian/changelog
+++ cron-3.0pl1/debian/changelog
@@ -1,3 +1,10 @@
+cron (3.0pl1-127+deb8u1.1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * SYSLOG fix
+
+ -- root <root@b257580ceda0> Fri, 12 Jan 2018 12:53:51 +0000
+
cron (3.0pl1-127+deb8u1) jessie; urgency=medium
* d/cron.service: Use KillMode=process to kill only the daemon.
diff -u cron-3.0pl1/do_command.c cron-3.0pl1/do_command.c
--- cron-3.0pl1/do_command.c
+++ cron-3.0pl1/do_command.c
@@ -39,7 +39,7 @@
};
#define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \
fprintf(stderr,"\n%s\n",pam_strerror(pamh, retcode)); \
- syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \
+ log_it(LOG_ERR, "CRON", getpid(), "PAM ERROR", pam_strerror(pamh,
retcode)); \
pam_end(pamh, retcode); exit(1); \
}
#endif
@@ -71,7 +71,11 @@
while ((cronvar = cronenv[count++])) {
if (!(jobenv = env_set(jobenv, cronvar))) {
- syslog(LOG_ERR, "Setting Cron environment variable %s
failed", cronvar);
+ char buf[MAX_TEMPSTR];
+ snprintf(buf, MAX_TEMPSTR,
+ "Setting Cron environment variable %s failed\n",
+ cronvar);
+ log_it(LOG_ERR, "CRON", getpid(), "CRON ENVIROMENT
FAIL", buf);
return NULL;
}
}
@@ -96,7 +100,7 @@
*/
switch (fork()) {
case -1:
- log_it("CRON",getpid(),"error","can't fork");
+ log_it(LOG_ERR, "CRON", getpid(), "error", "can't fork");
break;
case 0:
/* child process */
@@ -164,7 +168,7 @@
end = mailto + strcspn(mailto, " \t\n");
if (*mailto == '-' || *end != '\0') {
printf("Bad Mailto karma.\n");
- log_it("CRON",getpid(),"error","bad mailto");
+ log_it(LOG_ERR, "CRON", getpid(), "error", "bad
mailto");
mailto = NULL;
}
}
@@ -193,10 +197,10 @@
pipe(stdin_pipe); /* child's stdin */
/* child's stdout */
if ((tmpout = tmpfile()) == NULL) {
- log_it("CRON", getpid(), "error", "create tmpfile");
+ log_it(LOG_ERR, "CRON", getpid(), "error", "create tmpfile");
exit(ERROR_EXIT);
}
-
+
/* since we are a forked process, we can diddle the command string
* we were passed -- nobody else is going to use it again, right?
*
@@ -252,7 +256,7 @@
*/
switch (job_pid = fork()) {
case -1:
- log_it("CRON",getpid(),"error","can't fork");
+ log_it(LOG_ERR, "CRON", getpid(), "error", "can't fork");
exit(ERROR_EXIT);
/*NOTREACHED*/
case 0:
@@ -266,7 +270,7 @@
*/
if ( (log_level & CRON_LOG_JOBSTART) && ! (log_level &
CRON_LOG_JOBPID)) {
char *x = mkprints((u_char *)e->cmd, strlen(e->cmd));
- log_it(usernm, getpid(), "CMD", x);
+ log_it(LOG_INFO, usernm, getpid(), "CMD", x);
free(x);
}
/* nothing to log from now on. close the log files.
@@ -313,7 +317,7 @@
char msg[256];
snprintf(msg, 256, "do_command:setgid(%lu) failed: %s",
(unsigned long) e->gid, strerror(errno));
- log_it("CRON",getpid(),"error",msg);
+ log_it(LOG_ERR, "CRON", getpid(), "error", msg);
exit(ERROR_EXIT);
}
# if defined(BSD) || defined(POSIX)
@@ -321,23 +325,23 @@
char msg[256];
snprintf(msg, 256, "do_command:initgroups(%lu) failed: %s",
(unsigned long) e->gid, strerror(errno));
- log_it("CRON",getpid(),"error",msg);
+ log_it(LOG_ERR, "CRON", getpid(), "error", msg);
exit(ERROR_EXIT);
}
# endif
if (setuid(e->uid) !=0) { /* we aren't root after this... */
char msg[256];
snprintf(msg, 256, "do_command:setuid(%lu) failed: %s",
- (unsigned long) e->uid, strerror(errno));
- log_it("CRON",getpid(),"error",msg);
+ (unsigned long) e->uid, strerror(errno));
+ log_it(LOG_ERR, "CRON", getpid(), "error", msg);
exit(ERROR_EXIT);
- }
+ }
chdir(env_get("HOME", e->envp));
/* exec the command.
*/
{
- char **jobenv = build_env(e->envp);
+ char **jobenv = build_env(e->envp);
char *shell = env_get("SHELL", jobenv);
# if DEBUGGING
if (DebugFlags & DTEST) {
@@ -386,7 +390,7 @@
char logcmd[MAX_COMMAND + 8];
snprintf(logcmd, sizeof(logcmd), "[%d] %s", (int)
job_pid, e->cmd);
char *x = mkprints((u_char *)logcmd, strlen(logcmd));
- log_it(usernm, getpid(), "CMD", x);
+ log_it(LOG_INFO, usernm, getpid(), "CMD", x);
free(x);
}
break;
@@ -495,14 +499,14 @@
status = waiter;
snprintf(msg, 256, "grandchild #%d failed with
exit "
"status %d", pid, WEXITSTATUS(waiter));
- log_it("CRON", getpid(), "error", msg);
+ log_it(LOG_ERR, "CRON", getpid(), "error", msg);
} else if (WIFSIGNALED(waiter)) {
status = waiter;
snprintf(msg, 256, "grandchild #%d terminated
by signal"
" %d%s", pid, WTERMSIG(waiter),
WCOREDUMP(waiter) ? ", dumped core" :
"");
- log_it("CRON", getpid(), "error", msg);
- }
+ log_it(LOG_ERR, "CRON", getpid(), "error", msg);
+ }
}
}
@@ -510,10 +514,10 @@
// the user if their job failed. Avoid popening the mailcmd until now
// since sendmail may time out, and to write info about the exit
// status.
-
+
long pos;
struct stat mcsb;
- int statret;
+ int statret;
fseek(tmpout, 0, SEEK_END);
pos = ftell(tmpout);
@@ -534,7 +538,7 @@
if ((statret = stat(MAILCMD, &mcsb)) != 0) {
Debug(DPROC|DEXT, ("%s not found, not sending mail\n", MAILCMD))
if (pos > 0) {
- log_it("CRON", getpid(), "info", "No MTA installed,
discarding output");
+ log_it(LOG_NOTICE, "CRON", getpid(), "info", "No MTA
installed, discarding output");
}
goto mail_finished;
} else {
@@ -545,7 +549,7 @@
register int bytes = 0;
register char **env;
- char **jobenv = build_env(e->envp);
+ char **jobenv = build_env(e->envp);
auto char mailcmd[MAX_COMMAND];
auto char hostname[MAXHOSTNAMELEN];
char *content_type = env_get("CONTENT_TYPE",jobenv),
@@ -573,7 +577,7 @@
fprintf(mail, "Content-Type: text/plain; charset=%s\n",
cron_default_mail_charset
);
- } else {
+ } else {
/* user specified Content-Type header.
* disallow new-lines for security reasons
* (else users could specify arbitrary mail headers!)
@@ -606,7 +610,7 @@
fputc('\n', mail);
// Append the actual output of the child to the mail
-
+
char buf[4096];
int ret, remain;
@@ -638,11 +642,11 @@
"mailed %d byte%s of output "
"but got status 0x%04x from MTA\n",
bytes, (bytes==1)?"":"s", status);
- log_it(usernm, getpid(), "MAIL", buf);
+ log_it(LOG_NOTICE, usernm, getpid(), "MAIL", buf);
}
if (ferror(tmpout)) {
- log_it(usernm, getpid(), "MAIL", "stream error reading output");
+ log_it(LOG_NOTICE, usernm, getpid(), "MAIL", "stream error
reading output");
}
mail_finished:
@@ -657,7 +661,7 @@
} else {
x = mkprints((u_char *)e->cmd, strlen(e->cmd));
}
- log_it(usernm, job_pid, "END", x);
+ log_it(LOG_INFO, usernm, job_pid, "END", x);
free(x);
}
diff -u cron-3.0pl1/misc.c cron-3.0pl1/misc.c
--- cron-3.0pl1/misc.c
+++ cron-3.0pl1/misc.c
@@ -197,7 +197,7 @@
struct stat sb;
mode_t um;
struct group *gr;
-
+
/* first check for CRONDIR ("/var/cron" or some such)
*/
if (stat(CRONDIR, &sb) < OK && errno == ENOENT) {
@@ -304,7 +304,7 @@
snprintf(buf, MAX_TEMPSTR, "can't open or create %s:
%s",
pidfile, strerror(errno));
fprintf(stderr, "%s: %s\n", ProgramName, buf);
- log_it("CRON", getpid(), "DEATH", buf);
+ log_it(LOG_ERR, "CRON", getpid(), "DEATH", buf);
exit(ERROR_EXIT);
}
@@ -315,11 +315,11 @@
snprintf(buf, MAX_TEMPSTR, "can't lock %s, otherpid may
be %d: %s",
pidfile, otherpid, strerror(save_errno));
fprintf(stderr, "%s: %s\n", ProgramName, buf);
- log_it("CRON", getpid(), "DEATH", buf);
+ log_it(LOG_ERR, "CRON", getpid(), "DEATH", buf);
exit(ERROR_EXIT);
}
snprintf(buf, MAX_TEMPSTR, "pidfile fd = %d", fd);
- log_it("CRON", getpid(), "INFO", buf);
+ log_it(LOG_INFO, "CRON", getpid(), "INFO", buf);
(void) fcntl(fd, F_SETFD, 1);
}
@@ -331,7 +331,7 @@
/* abandon fd and fp even though the file is open. we need to
* keep it open and locked, but we don't need the handles elsewhere.
*/
-
+
}
/* get_char(file) : like getc() but increment LineNumber on newlines
@@ -487,7 +487,7 @@
#endif
}
- if (allow)
+ if (allow)
isallowed = in_file(username, allow);
else
isallowed = TRUE; /* Allow access if ALLOW_FILE does not exist
*/
@@ -496,7 +496,7 @@
#endif
#ifdef WITH_AUDIT
- /* Log an audit message if the user is rejected */
+ /* Log an audit message if the user is rejected */
if (isallowed == FALSE) {
int audit_fd = audit_open();
audit_log_user_message(audit_fd, AUDIT_USER_START, "cron deny",
@@ -509,7 +509,8 @@
void
-log_it(username, xpid, event, detail)
+log_it(priority, username, xpid, event, detail)
+ int priority;
char *username;
int xpid;
char *event;
@@ -525,9 +526,42 @@
#if defined(LOG_FILE)
+
+ /* Logging priority parsing */
+ char *prio;
+ switch(priority){
+ case LOG_EMERG:
+ prio = "EMERGENCY: ";
+ break;
+ case LOG_ALERT:
+ prio = "ALERT: ";
+ break;
+ case LOG_CRIT:
+ prio = "CRITICAL: ";
+ break;
+ case LOG_ERR:
+ prio = "ERROR: ";
+ break;
+ case LOG_WARNING:
+ prio = "WARNING: ";
+ break;
+ case LOG_NOTICE:
+ prio = "NOTICE: ";
+ break;
+ case LOG_INFO:
+ prio = "INFO: ";
+ break;
+ case LOG_DEBUG:
+ prio = "DEBUG: ";
+ break;
+ default:
+ prio = "INFO: ";
+ break;
+ }
+
/* we assume that MAX_TEMPSTR will hold the date, time, &punctuation.
*/
- msg_size = strlen(username) + strlen(event) + strlen(detail) +
MAX_TEMPSTR;
+ msg_size = strlen(prio) + strlen(username) + strlen(event) +
strlen(detail) + MAX_TEMPSTR;
msg = malloc(msg_size);
if (msg == NULL) {
/* damn, out of mem and we did not test that before... */
@@ -549,8 +583,8 @@
* everything out in one chunk and this has to be atomically appended
* to the log file.
*/
- snprintf(msg, msg_size, "%s (%02d/%02d-%02d:%02d:%02d-%d) %s (%s)\n",
- username,
+ snprintf(msg, msg_size, "%s%s (%02d/%02d-%02d:%02d:%02d-%d) %s (%s)\n",
+ prio, username,
t->tm_mon+1, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec, pid,
event, detail);
@@ -581,16 +615,16 @@
# else
openlog(ProgramName, LOG_PID);
# endif
-
- syslog(LOG_INFO, "(%s) %s (%s)", username, event, detail);
+
+ syslog(priority, "(%s) %s (%s)", username, event, detail);
closelog();
#endif /*SYSLOG*/
#if DEBUGGING
if (DebugFlags) {
- fprintf(stderr, "log_it: (%s %d) %s (%s)\n",
- username, xpid, event, detail);
+ fprintf(stderr, "log_it: priority %d (%s %d) %s (%s)\n",
+ priority, username, xpid, event, detail);
}
#endif
}
diff -u cron-3.0pl1/pathnames.h cron-3.0pl1/pathnames.h
--- cron-3.0pl1/pathnames.h
+++ cron-3.0pl1/pathnames.h
@@ -54,7 +54,7 @@
#define ALLOW_FILE "allow" /*-*/
#define DENY_FILE "deny" /*-*/
#endif
-/* #define LOG_FILE "log" -*/
+/* #define LOG_FILE "log" -*/
/* where should the daemon stick its PID?
*/
@@ -68,7 +68,7 @@
/* 4.3BSD-style crontab */
#define SYSCRONTAB "/etc/crontab"
#ifdef DEBIAN
- /* where package specific crontabs live */
+ /* where package specific crontabs live */
#define SYSCRONDIR "/etc/cron.d"
#endif
/* what editor to use if no EDITOR or VISUAL
@@ -111,7 +111,7 @@
#ifndef SPOOL_DIR_GROUP
/* Chown SPOOL_DIR to this group (needed by Debian's
* SGID crontab feature)
- */
+ */
#define SPOOL_DIR_GROUP "crontab"
#endif
#endif
diff -u cron-3.0pl1/popen.c cron-3.0pl1/popen.c
--- cron-3.0pl1/popen.c
+++ cron-3.0pl1/popen.c
@@ -128,7 +128,7 @@
char msg[256];
snprintf(msg, 256, "popen:setgid(%lu) failed: %s",
(unsigned long) e->gid, strerror(errno));
- log_it("CRON",getpid(),"error",msg);
+ log_it(LOG_ERR, "CRON", getpid(), "error", msg);
exit(ERROR_EXIT);
}
# if defined(BSD) || defined(POSIX)
@@ -136,17 +136,17 @@
char msg[256];
snprintf(msg, 256, "popen:initgroups(%lu) failed: %s",
(unsigned long) e->gid, strerror(errno));
- log_it("CRON",getpid(),"error",msg);
+ log_it(LOG_ERR, "CRON", getpid(), "error", msg);
exit(ERROR_EXIT);
}
# endif
if (setuid(e->uid) !=0) {
char msg[256];
snprintf(msg, 256, "popen: setuid(%lu) failed: %s",
- (unsigned long) e->uid, strerror(errno));
- log_it("CRON",getpid(),"error",msg);
+ (unsigned long) e->uid, strerror(errno));
+ log_it(LOG_ERR, "CRON", getpid(), "error", msg);
exit(ERROR_EXIT);
- }
+ }
chdir(env_get("HOME", e->envp));
#if WANT_GLOBBING
diff -u cron-3.0pl1/user.c cron-3.0pl1/user.c
--- cron-3.0pl1/user.c
+++ cron-3.0pl1/user.c
@@ -22,8 +22,9 @@
/* vix 26jan87 [log is in RCS file]
*/
-
+#if defined(SYSLOG)
#include <syslog.h>
+#endif
#include <string.h>
#include "cron.h"
@@ -49,7 +50,7 @@
if (name != NULL) {
if (getseuserbyname(name, &seuser, &level)) {
- log_it(name, getpid(), "getseuserbyname FAILED", tabname);
+ log_it(LOG_ERR, name, getpid(), "getseuserbyname FAILED", tabname);
return (security_getenforce() > 0);
}
}
@@ -60,7 +61,7 @@
*rcontext = NULL;
if(getcon(¤t_con)) {
- log_it(name, getpid(), "Can't get current context", tabname);
+ log_it(LOG_ERR, name, getpid(), "Can't get current context", tabname);
return -1;
}
list_count = get_ordered_context_list_with_level(seuser, level,
current_con, &context_list);
@@ -69,10 +70,10 @@
free(level);
if (list_count == -1) {
if (security_getenforce() > 0) {
- log_it(name, getpid(), "No SELinux security context", tabname);
+ log_it(LOG_ERR, name, getpid(), "No SELinux security context",
tabname);
return -1;
} else {
- log_it(name, getpid(),
+ log_it(LOG_NOTICE, name, getpid(),
"No security context but SELinux in permissive mode,"
" continuing", tabname);
return 0;
@@ -81,11 +82,11 @@
if (fgetfilecon(crontab_fd, &file_context) < OK) {
if (security_getenforce() > 0) {
- log_it(name, getpid(), "getfilecon FAILED", tabname);
+ log_it(LOG_ERR, name, getpid(), "getfilecon FAILED", tabname);
freeconary(context_list);
return -1;
} else {
- log_it(name, getpid(), "getfilecon FAILED but SELinux in "
+ log_it(LOG_NOTICE, name, getpid(), "getfilecon FAILED but SELinux
in "
"permissive mode, continuing", tabname);
*rcontext = strdup(context_list[0]);
freeconary(context_list);
@@ -117,11 +118,11 @@
}
freecon(file_context);
if (security_getenforce() > 0) {
- log_it(name, getpid(), "ENTRYPOINT FAILED", tabname);
+ log_it(LOG_ERR, name, getpid(), "ENTRYPOINT FAILED", tabname);
freeconary(context_list);
return -1;
} else {
- log_it(name, getpid(), "ENTRYPOINT FAILED but SELinux in permissive
mode, continuing", tabname);
+ log_it(LOG_NOTICE, name, getpid(), "ENTRYPOINT FAILED but SELinux in
permissive mode, continuing", tabname);
*rcontext = strdup(context_list[0]);
freeconary(context_list);
}
@@ -143,14 +144,24 @@
const char *fn;
/* Figure out the file name from the username */
if (0 == strcmp(err_user,"*system*")) {
- syslog(LOG_ERR|LOG_CRON,"Error: %s; while reading %s", msg, SYSCRONTAB);
+ char buf[MAX_TEMPSTR];
+ snprintf(buf, MAX_TEMPSTR,
+ "Error: %s; while reading %s",
+ msg, SYSCRONTAB);
+ log_it(LOG_ERR, err_user, getpid(), "ERROR", buf);
} else if (0 == strncmp(err_user,"*system*",8)) {
fn = err_user+8;
- syslog(LOG_ERR|LOG_CRON,"Error: %s; while reading %s/%s", msg,
- SYSCRONDIR,fn);
+ char buf[MAX_TEMPSTR];
+ snprintf(buf, MAX_TEMPSTR,
+ "Error: %s; while reading %s/%s",
+ msg, SYSCRONDIR, fn);
+ log_it(LOG_ERR, err_user, getpid(), "ERROR", buf);
} else {
- syslog(LOG_ERR|LOG_CRON, "Error: %s; while reading crontab for user %s",
- msg, err_user);
+ char buf[MAX_TEMPSTR];
+ snprintf(buf, MAX_TEMPSTR,
+ "Error: %s; while reading crontab for user %s",
+ msg, err_user);
+ log_it(LOG_ERR, err_user, getpid(), "ERROR", buf);
}
}
@@ -217,7 +228,7 @@
if (pw==NULL) {
sname="system_u";
}
- if (get_security_context(sname, crontab_fd,
+ if (get_security_context(sname, crontab_fd,
&u->scontext, tabname) != 0 ) {
u->scontext = NULL;
free_user(u);
@@ -228,7 +239,7 @@
#endif
- /*
+ /*
* init environment. this will be copied/augmented for each entry.
*/
if ((envp = env_init()) == NULL) {
@@ -251,7 +262,7 @@
* newline, so we bail out
*/
if (envstr[0] != '\0') {
- log_it(u->name, getpid(), "ERROR", "Missing "
+ log_it(LOG_WARNING, u->name, getpid(),
"ERROR", "Missing "
"newline before EOF, this crontab file will be
"
"ignored");
free_user(u);
@@ -271,9 +282,9 @@
u->crontab = e;
} else {
/* stop processing on syntax error */
- log_it(u->name, getpid(), "ERROR", "Syntax "
+ log_it(LOG_WARNING, u->name, getpid(), "ERROR",
"Syntax "
"error, this crontab file will be "
- "ignored");
+ "ignored");
free_user(u);
u = NULL;
goto done;
