From andre.albsmeier@mchp.siemens.de  Fri Oct  6 12:40:12 2000
Return-Path: <andre.albsmeier@mchp.siemens.de>
Received: from goliath.siemens.de (goliath.siemens.de [194.138.37.131])
	by hub.freebsd.org (Postfix) with ESMTP id 7AE5637B503
	for <FreeBSD-gnats-submit@freebsd.org>; Fri,  6 Oct 2000 12:40:11 -0700 (PDT)
Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14])
	by goliath.siemens.de (8.11.0/8.11.0) with ESMTP id e96Je9C12501
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 6 Oct 2000 21:40:10 +0200 (MET DST)
Received: from curry.mchp.siemens.de (curry.mchp.siemens.de [139.25.42.7])
	by mail1.siemens.de (8.11.0/8.11.0) with ESMTP id e96Je9l14012
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 6 Oct 2000 21:40:09 +0200 (MET DST)
Received: (from localhost)
	by curry.mchp.siemens.de (8.11.0/8.11.0) id e96Je9o36260
	for FreeBSD-gnats-submit@freebsd.org; Fri, 6 Oct 2000 21:40:09 +0200 (CEST)
Message-Id: <200010061940.e96Je9Y28510@curry.mchp.siemens.de>
Date: Fri, 6 Oct 2000 21:40:09 +0200 (CEST)
From: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
To: FreeBSD-gnats-submit@freebsd.org
Subject: [PATCH] for syslogd option to allow keeping of kern facility
X-Send-Pr-Version: 3.2

>Number:         21788
>Category:       bin
>Synopsis:       [PATCH] for syslogd option to allow keeping of kern facility
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    dwmalone
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Oct 06 12:50:01 PDT 2000
>Closed-Date:    Mon Oct 30 03:42:59 PST 2000
>Last-Modified:  Mon Oct 30 03:43:17 PST 2000
>Originator:     Andre Albsmeier
>Release:        FreeBSD 4.1-STABLE i386
>Organization:
>Environment:

All FreeBSD machines receiving messages via syslogd's network socket.

>Description:

If a syslogd receives a message via the network socket with the
kern facility, this facility is changed into user. IIRC, this is
done because otherwise ordinary users could generate faked
messages with kern facility.

However, if you don't have ordinary users on your machines and
you control who can log to your syslogd's socket, it might be
desireable not to change the facility. This is very useful if
you run syslogd with -vv and log to a command via a pipe for
further processing.

The patch below adds the -k option to syslogd. If you use it, the
changing of the kern facility won't take place anymore. If you
don't use it, the behaviour is excatly as before so there won't be
any compatibility issues.

The manual page has been updated as well.

>How-To-Repeat:

Watch local syslogd's output when receiving kern messages via
the network socket.

>Fix:

--- usr.sbin/syslogd/syslogd.c.ORI	Mon Aug  7 16:02:10 2000
+++ usr.sbin/syslogd/syslogd.c	Mon Sep 25 15:16:12 2000
@@ -268,6 +268,7 @@
 int	UniquePriority = 0;	/* Only log specified priority? */
 int	LogFacPri = 0;		/* Put facility and priority in log message: */
 				/* 0=no, 1=numeric, 2=names */
+int	KeepKernFac = 0;	/* Keep remotely logged kernel facility */
 
 int	allowaddr __P((char *));
 void	cfline __P((char *, struct filed *, char *));
@@ -310,7 +311,7 @@
 	pid_t ppid = 1;
 	socklen_t len;
 
-	while ((ch = getopt(argc, argv, "a:dl:f:m:p:nsuv")) != -1)
+	while ((ch = getopt(argc, argv, "a:dl:f:km:p:nsuv")) != -1)
 		switch(ch) {
 		case 'd':		/* debug */
 			Debug++;
@@ -322,6 +323,9 @@
 		case 'f':		/* configuration file */
 			ConfFile = optarg;
 			break;
+		case 'k':		/* keep remote kern fac */
+			KeepKernFac = 1;
+			break;
 		case 'm':		/* mark interval */
 			MarkInterval = atoi(optarg) * 60;
 			break;
@@ -579,7 +583,7 @@
 		pri = DEFUPRI;
 
 	/* don't allow users to log kernel messages */
-	if (LOG_FAC(pri) == LOG_KERN)
+	if (KeepKernFac == 0 && LOG_FAC(pri) == LOG_KERN)
 		pri = LOG_MAKEPRI(LOG_USER, LOG_PRI(pri));
 
 	q = line;
--- usr.sbin/syslogd/syslogd.8.ORI	Mon Sep 25 15:17:47 2000
+++ usr.sbin/syslogd/syslogd.8	Mon Sep 25 15:24:03 2000
@@ -40,7 +40,7 @@
 .Nd log systems messages
 .Sh SYNOPSIS
 .Nm
-.Op Fl dsuv
+.Op Fl dksuv
 .Op Fl a Ar allowed_peer
 .Op Fl f Ar config_file
 .Op Fl m Ar mark_interval
@@ -112,6 +112,9 @@
 Specify the pathname of an alternate configuration file;
 the default is
 .Pa /etc/syslog.conf .
+.It Fl k
+Don't turn messages logged from remote machines with facility kern into
+facility user.
 .It Fl m
 Select the number of minutes between
 .Dq mark

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->dwmalone 
Responsible-Changed-By: dwmalone 
Responsible-Changed-When: Sat Oct 7 09:20:00 PDT 2000 
Responsible-Changed-Why:  
I'll take a look at this one - the idea seems reasonable at first glance. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=21788 
State-Changed-From-To: open->closed 
State-Changed-By: dwmalone 
State-Changed-When: Mon Oct 30 03:42:59 PST 2000 
State-Changed-Why:  
Now in -current and -stable. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=21788 
>Unformatted:
