--- Begin Message ---
Package: cron
Version: 3.0pl1-127+deb8u1
Severity: wishlist
Tags: patch
Dear Maintainer,
it makes sense to me to Log output to stdout, when cron is executed in
foreground mode using the -f argument.
This can be especially helpful in containerized environments (LXC,
Docker), where a syslog facility is most of the times not available, and
the logging can be handled with a simple redirect.
I have included a patch, which implements this functionality.
NOTE: This patch also incorporates the fix for Bug#887014!
If you need any more info/help, please do not hesitate to contact me (or
reply to this bug report).
-- Package-specific info:
--- EDITOR:
--- /usr/bin/editor:
/bin/nano
--- /usr/bin/crontab:
-rwxr-sr-x 1 root crontab 36008 Jun 11 2015 /usr/bin/crontab
--- /var/spool/cron:
drwxr-xr-x 3 root root 4 Jan 12 13:58 /var/spool/cron
--- /var/spool/cron/crontabs:
drwx-wx--T 2 root crontab 2 Jun 11 2015 /var/spool/cron/crontabs
--- /etc/cron.d:
drwxr-xr-x 2 root root 4 Jan 12 13:58 /etc/cron.d
--- /etc/cron.daily:
drwxr-xr-x 2 root root 11 Jan 12 13:58 /etc/cron.daily
--- /etc/cron.hourly:
drwxr-xr-x 2 root root 3 Jan 12 13:58 /etc/cron.hourly
--- /etc/cron.monthly:
drwxr-xr-x 2 root root 4 Jan 12 13:58 /etc/cron.monthly
--- /etc/cron.weekly:
drwxr-xr-x 2 root root 5 Jan 12 13:58 /etc/cron.weekly
-- System Information:
Debian Release: 8.10
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect
Versions of packages cron depends on:
ii adduser 3.113+nmu3
ii debianutils 4.4+b1
ii dpkg 1.17.27
ii init-system-helpers 1.22
ii libc6 2.19-18+deb8u10
ii libpam-runtime 1.1.8-3.1+deb8u2
ii libpam0g 1.1.8-3.1+deb8u2+b1
ii libselinux1 2.3-2
ii lsb-base 4.1+Debian13+nmu1
Versions of packages cron recommends:
ii exim4 4.84.2-2+deb8u4
ii exim4-daemon-light [mail-transport-agent] 4.84.2-2+deb8u4
Versions of packages cron suggests:
ii anacron 2.3-23
pn checksecurity <none>
ii logrotate 3.8.7-1+b1
Versions of packages cron is related to:
pn libnss-ldap <none>
pn libnss-ldapd <none>
pn libpam-ldap <none>
pn libpam-mount <none>
pn nis <none>
pn nscd <none>
-- Configuration Files:
/etc/crontab changed:
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
17 * * * * root cd / && run-parts --report /etc/cron.hourly
25 6 * * * root test -x /usr/sbin/anacron || ( cd / &&
run-parts --report /etc/cron.daily )
47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / &&
run-parts --report /etc/cron.weekly )
52 6 1 * * root test -x /usr/sbin/anacron || ( cd / &&
run-parts --report /etc/cron.monthly )
* * * * * root echo test >> /var/log/test
-- no debconf information
diff -u cron-3.0pl1/cron.c cron-3.0pl1/cron.c
--- cron-3.0pl1/cron.c
+++ cron-3.0pl1/cron.c
@@ -106,7 +106,7 @@
setlocale(LC_COLLATE, "C"); /* Except for collation, since
load_database() uses a-z */
/* Except that "US-ASCII" is preferred to "ANSI_x3.4-1968" in MIME,
* even though "ANSI_x3.4-1968" is the official charset name. */
- if ( ( cs = nl_langinfo( CODESET ) ) != 0L &&
+ if ( ( cs = nl_langinfo( CODESET ) ) != 0L &&
strcasecmp(cs, "ANSI_x3.4-1968") != 0 )
strncpy( cron_default_mail_charset, cs, MAX_ENVSTR );
else
@@ -123,12 +123,12 @@
} else if (!stay_foreground) {
switch (fork()) {
case -1:
- log_it("CRON",getpid(),"DEATH","can't fork");
+ log_it(LOG_ERR, "CRON", getpid(), "DEATH", "can't
fork");
exit(0);
break;
case 0:
/* child process */
- log_it("CRON",getpid(),"STARTUP","fork ok");
+ log_it(LOG_INFO, "CRON", getpid(), "STARTUP", "fork
ok");
(void) setsid();
freopen("/dev/null", "r", stdin);
freopen("/dev/null", "w", stdout);
@@ -234,8 +234,8 @@
getpid(), timeRunning - virtualTime))
/* run wildcard jobs for current minute */
find_jobs(timeRunning, &database, TRUE, FALSE);
-
- /* run fixed-time jobs for each minute missed
*/
+
+ /* run fixed-time jobs for each minute missed */
do {
if (job_runqueue())
sleep(10);
@@ -245,7 +245,7 @@
} while (virtualTime< timeRunning &&
clockTime == timeRunning);
break;
-
+
case 0:
/*
* case 3: timeDiff is a small or medium-sized
@@ -290,23 +290,23 @@
/* Run on actual reboot, rather than cron restart */
if (access(REBOOT_FILE, F_OK) == 0) {
/* File exists, return */
- log_it("CRON", getpid(),"INFO",
+ log_it(LOG_INFO, "CRON", getpid(),"INFO",
"Skipping @reboot jobs -- not system startup");
return;
}
/* Create the file */
if ((rbfd = creat(REBOOT_FILE, S_IRUSR&S_IWUSR)) < 0) {
/* Bad news, bail out */
- log_it("CRON",getpid(),"DEATH","Can't create reboot check
file");
+ log_it(LOG_ERR, "CRON",getpid(),"DEATH","Can't create reboot
check file");
exit(0);
} else {
close(rbfd);
- log_it("CRON", getpid(),"INFO", "Running @reboot jobs");
+ log_it(LOG_INFO, "CRON", getpid(),"INFO", "Running @reboot
jobs");
}
-
+
Debug(DMISC, ("[%d], Debian running reboot jobs\n",getpid()));
-
+
#endif
Debug(DMISC, ("[%d], vixie running reboot jobs\n", getpid()));
for (u = db->head; u != NULL; u = u->next) {
@@ -455,7 +455,7 @@
sighup_handler(x) {
log_close();
- /* we should use sigaction for proper signal blocking as this
+ /* we should use sigaction for proper signal blocking as this
has a race, but... */
signal(SIGHUP, sighup_handler);
}
diff -u cron-3.0pl1/cron.h cron-3.0pl1/cron.h
--- cron-3.0pl1/cron.h
+++ cron-3.0pl1/cron.h
@@ -140,6 +140,21 @@
#define CRON_LOG_JOBFAILED 0x04
#define CRON_LOG_JOBPID 0x08
+/* Log priorities */
+#if !defined(SYSLOG)
+#define LOG_EMERG 0
+#define LOG_ALERT 1
+#define LOG_CRIT 2
+#define LOG_ERR 3
+#define LOG_WARNING 4
+#define LOG_NOTICE 5
+#define LOG_INFO 6
+#define LOG_DEBUG 7
+#else
+#include <syslog.h>
+#endif
+
+
#define SECONDS_PER_MINUTE 60
#define FIRST_MINUTE 0
@@ -171,7 +186,7 @@
typedef struct _entry {
struct _entry *next;
- uid_t uid;
+ uid_t uid;
gid_t gid;
char **envp;
char *cmd;
@@ -236,7 +251,7 @@
free_entry __P((entry *)),
acquire_daemonlock __P((int)),
skip_comments __P((FILE *)),
- log_it __P((char *, int, char *, char *)),
+ log_it __P((int, char *, int, char *, char *)),
log_close __P((void)),
check_orphans __P((cron_db *));
diff -u cron-3.0pl1/crontab.c cron-3.0pl1/crontab.c
--- cron-3.0pl1/crontab.c
+++ cron-3.0pl1/crontab.c
@@ -112,7 +112,7 @@
#endif
if (argv[1] == NULL) {
argv[1] = "-";
- }
+ }
parse_args(argc, argv); /* sets many globals, opens a file */
set_cron_cwd();
if (!allowed(User)) {
@@ -121,7 +121,7 @@
"You (%s) are not allowed to use this program
(%s)\n",
User, ProgramName);
fprintf(stderr, "See crontab(1) for more information\n");
- log_it(RealUser, Pid, "AUTH", "crontab command not
allowed");
+ log_it(LOG_NOTICE, RealUser, Pid, "AUTH", "crontab command
not allowed");
} else {
/* If the user is not allowed but root is running the
* program warn but do not log */
@@ -152,7 +152,7 @@
exit(exitstatus);
/*NOTREACHED*/
}
-
+
#if DEBUGGING
char *getoptarg = "u:lerix:";
#else
@@ -307,10 +307,10 @@
char *ctnh;
#endif
- log_it(RealUser, Pid, "LIST", User);
+ log_it(LOG_INFO, RealUser, Pid, "LIST", User);
(void) snprintf(n, MAX_FNAME, CRON_TAB(User));
if (!(f = fopen(n, "r"))) {
- if (errno == ENOENT)
+ if (errno == ENOENT)
fprintf(stderr, "no crontab for %s\n", User);
else {
fprintf(stderr, "%s/: fopen: %s\n", n,
strerror(errno));
@@ -327,7 +327,7 @@
/* ignore the top few comments since we probably put them there.
*/
if (!(ctnh = getenv("CRONTAB_NOHEADER")) ||
- toupper(*ctnh) != 'N')
+ toupper(*ctnh) != 'N')
{
for (x = 0; x < NHEADER_LINES; x++) {
ch = get_char(f);
@@ -386,7 +386,7 @@
exit(OK_EXIT);
}
- log_it(RealUser, Pid, "DELETE", User);
+ log_it(LOG_INFO, RealUser, Pid, "DELETE", User);
if (unlink(n)) {
if (errno == ENOENT)
fprintf(stderr, "no crontab for %s\n", User);
@@ -502,7 +502,7 @@
just bail, and let the user/admin deal with it.*/
static void
-cleanup_tmp_crontab(void)
+cleanup_tmp_crontab(void)
{
DIR *dp;
struct dirent *ep;
@@ -555,7 +555,7 @@
mode_t um;
int add_help_text = 0;
- log_it(RealUser, Pid, "BEGIN EDIT", User);
+ log_it(LOG_INFO, RealUser, Pid, "BEGIN EDIT", User);
(void) snprintf(n, MAX_FNAME, CRON_TAB(User));
if (!(f = fopen(n, "r"))) {
if (errno != ENOENT) {
@@ -588,7 +588,7 @@
Set_LineNum(1)
if (add_help_text) {
- fprintf(NewCrontab,
+ fprintf(NewCrontab,
"# Edit this file to introduce tasks to be run by cron.\n"
"# \n"
"# Each task to run has to be defined through a single line\n"
@@ -609,7 +609,7 @@
"# at 5 a.m every week with:\n"
"# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/\n"
"# \n"
-"# For more information see the manual pages of crontab(5) and cron(8)\n"
+"# For more information see the manual pages of crontab(5) and cron(8)\n"
"# \n"
"# m h dom mon dow command\n" );
}
@@ -795,7 +795,7 @@
remove:
cleanup_tmp_crontab();
done:
- log_it(RealUser, Pid, "END EDIT", User);
+ log_it(LOG_INFO, RealUser, Pid, "END EDIT", User);
return;
fatal:
cleanup_tmp_crontab();
@@ -809,7 +809,7 @@
{
unlink(tn);
exit(1);
-}
+}
/* returns 0 on success
* -1 on syntax error
@@ -953,7 +953,7 @@
}
- log_it(RealUser, Pid, "REPLACE", User);
+ log_it(LOG_INFO, RealUser, Pid, "REPLACE", User);
poke_daemon();
diff -u cron-3.0pl1/database.c cron-3.0pl1/database.c
--- cron-3.0pl1/database.c
+++ cron-3.0pl1/database.c
@@ -39,7 +39,7 @@
#ifndef PATH_MAX
#ifdef MAXPATHLEN
-#define PATH_MAX MAXPATHLEN
+#define PATH_MAX MAXPATHLEN
#else
#define PATH_MAX 2048
#endif
@@ -72,7 +72,7 @@
#ifdef DEBIAN
struct stat syscrond_stat;
struct stat syscrond_file_stat;
-
+
char syscrond_fname[PATH_MAX+1];
int syscrond_change = 0;
#endif
@@ -84,14 +84,14 @@
* cached any of the database), we'll see the changes next time.
*/
if (stat(SPOOL_DIR, &statbuf) < OK) {
- log_it("CRON", getpid(), "STAT FAILED", SPOOL_DIR);
+ log_it(LOG_WARNING, "CRON", getpid(), "STAT FAILED", SPOOL_DIR);
statbuf.st_mtime = 0;
}
/* track system crontab file
*/
if (stat(SYSCRONTAB, &syscron_stat) < OK) {
- log_it("CRON", getpid(), "STAT FAILED", SYSCRONTAB);
+ log_it(LOG_WARNING, "CRON", getpid(), "STAT FAILED",
SYSCRONTAB);
syscron_stat.st_mtime = 0;
}
@@ -101,7 +101,7 @@
* file check won't
*/
if (stat(SYSCRONDIR, &syscrond_stat) < OK) {
- log_it("CRON", getpid(), "STAT FAILED", SYSCRONDIR);
+ log_it(LOG_WARNING, "CRON", getpid(), "STAT FAILED",
SYSCRONDIR);
syscrond_stat.st_mtime = 0;
}
@@ -184,7 +184,7 @@
#ifdef DEBIAN
/* Read all the package crontabs. */
if (!(dir = opendir(SYSCRONDIR))) {
- log_it("CRON", getpid(), "OPENDIR FAILED", SYSCRONDIR);
+ log_it(LOG_WARNING, "CRON", getpid(), "OPENDIR FAILED",
SYSCRONDIR);
}
while (dir != NULL && NULL != (dp = readdir(dir))) {
@@ -226,7 +226,7 @@
* we fork a lot more often than the mtime of the dir changes.
*/
if (!(dir = opendir(SPOOL_DIR))) {
- log_it("CRON", getpid(), "OPENDIR FAILED", SPOOL_DIR);
+ log_it(LOG_WARNING, "CRON", getpid(), "OPENDIR FAILED",
SPOOL_DIR);
}
while (dir != NULL && NULL != (dp = readdir(dir))) {
@@ -344,7 +344,7 @@
*/
if (strncmp(fname, "tmp.", 4)) {
/* don't log these temporary files */
- log_it(fname, getpid(), "ORPHAN", "no passwd entry");
+ log_it(LOG_NOTICE, fname, getpid(), "ORPHAN", "no
passwd entry");
add_orphan(uname, fname, tabname);
}
goto next_crontab;
@@ -355,38 +355,38 @@
if ((crontab_fd = open(tabname, O_RDONLY|O_NOFOLLOW, 0)) < OK) {
/* crontab not accessible?
*/
- log_it(fname, getpid(), "CAN'T OPEN", tabname);
+ log_it(LOG_WARNING, fname, getpid(), "CAN'T OPEN", tabname);
goto next_crontab;
}
if (fstat(crontab_fd, statbuf) < OK) {
- log_it(fname, getpid(), "FSTAT FAILED", tabname);
+ log_it(LOG_WARNING, fname, getpid(), "FSTAT FAILED", tabname);
goto next_crontab;
}
/* Check to make sure that the crontab is owned by the correct user
(or root) */
if (statbuf->st_uid != pw->pw_uid && statbuf->st_uid != ROOT_UID) {
- log_it(fname, getpid(), "WRONG FILE OWNER", tabname);
+ log_it(LOG_NOTICE, fname, getpid(), "WRONG FILE OWNER",
tabname);
force_rescan_user(old_db, new_db, fname, 0);
goto next_crontab;
}
/* Check to make sure that the crontab is a regular file */
if (!S_ISREG(statbuf->st_mode)) {
- log_it(fname, getpid(), "NOT A REGULAR FILE", tabname);
+ log_it(LOG_WARNING, fname, getpid(), "NOT A REGULAR FILE",
tabname);
goto next_crontab;
}
/* Check to make sure that the crontab's permissions are secure */
if ((statbuf->st_mode & 07777) != 0600) {
- log_it(fname, getpid(), "INSECURE MODE (mode 0600 expected)",
tabname);
+ log_it(LOG_NOTICE, fname, getpid(), "INSECURE MODE (mode 0600
expected)", tabname);
force_rescan_user(old_db, new_db, fname, 0);
goto next_crontab;
}
/* Check to make sure that there are no hardlinks to the crontab */
if (statbuf->st_nlink != 1) {
- log_it(fname, getpid(), "NUMBER OF HARD LINKS > 1", tabname);
+ log_it(LOG_NOTICE, fname, getpid(), "NUMBER OF HARD LINKS > 1",
tabname);
force_rescan_user(old_db, new_db, fname, 0);
goto next_crontab;
}
@@ -394,11 +394,11 @@
/* System crontab path. These can be symlinks, but the
symlink and the target must be owned by root. */
if (lstat(tabname, statbuf) < OK) {
- log_it(fname, getpid(), "LSTAT FAILED", tabname);
+ log_it(LOG_WARNING, fname, getpid(), "LSTAT FAILED", tabname);
goto next_crontab;
}
if (S_ISLNK(statbuf->st_mode) && statbuf->st_uid != ROOT_UID) {
- log_it(fname, getpid(), "WRONG SYMLINK OWNER", tabname);
+ log_it(LOG_NOTICE, fname, getpid(), "WRONG SYMLINK OWNER",
tabname);
force_rescan_user(old_db, new_db, fname, 0);
goto next_crontab;
}
@@ -411,30 +411,30 @@
error is bad so we skip it instead.
*/
if (S_ISLNK(statbuf->st_mode)) {
- log_it(fname, getpid(), "CAN'T OPEN SYMLINK", tabname);
+ log_it(LOG_NOTICE, fname, getpid(), "CAN'T OPEN SYMLINK",
tabname);
force_rescan_user(old_db, new_db, fname, 0);
goto next_crontab;
} else {
- log_it(fname, getpid(), "CAN'T OPEN", tabname);
+ log_it(LOG_WARNING, fname, getpid(), "CAN'T OPEN", tabname);
goto next_crontab;
}
}
if (fstat(crontab_fd, statbuf) < OK) {
- log_it(fname, getpid(), "FSTAT FAILED", tabname);
+ log_it(LOG_WARNING, fname, getpid(), "FSTAT FAILED", tabname);
goto next_crontab;
}
/* Check to make sure that the crontab is owned by root */
if (statbuf->st_uid != ROOT_UID) {
- log_it(fname, getpid(), "WRONG FILE OWNER", tabname);
+ log_it(LOG_NOTICE, fname, getpid(), "WRONG FILE OWNER",
tabname);
force_rescan_user(old_db, new_db, fname, 0);
goto next_crontab;
}
/* Check to make sure that the crontab is a regular file */
if (!S_ISREG(statbuf->st_mode)) {
- log_it(fname, getpid(), "NOT A REGULAR FILE", tabname);
+ log_it(LOG_NOTICE, fname, getpid(), "NOT A REGULAR FILE",
tabname);
goto next_crontab;
}
@@ -443,7 +443,7 @@
* (mode 0600). An upgrade path could be implemented for 4.1
*/
if ((statbuf->st_mode & S_IWGRP) || (statbuf->st_mode & S_IWOTH)) {
- log_it(fname, getpid(), "INSECURE MODE (group/other writable)",
tabname);
+ log_it(LOG_NOTICE, fname, getpid(), "INSECURE MODE (group/other
writable)", tabname);
force_rescan_user(old_db, new_db, fname, 0);
goto next_crontab;
}
@@ -456,7 +456,7 @@
/* Check to make sure that there are no hardlinks to the crontab */
if (statbuf->st_nlink != 1) {
- log_it(fname, getpid(), "NUMBER OF HARD LINKS > 1", tabname);
+ log_it(LOG_NOTICE, fname, getpid(), "NUMBER OF HARD LINKS > 1",
tabname);
force_rescan_user(old_db, new_db, fname, 0);
goto next_crontab;
}
@@ -492,7 +492,7 @@
Debug(DLOAD, (" [delete old data]"))
unlink_user(old_db, u);
free_user(u);
- log_it(fname, getpid(), "RELOAD", tabname);
+ log_it(LOG_INFO, fname, getpid(), "RELOAD", tabname);
}
u = load_user(crontab_fd, pw, uname, fname, tabname);
@@ -507,7 +507,7 @@
* has actually taken place.
*/
force_rescan_user(old_db, new_db, fname, statbuf->st_mtime);
- }
+ }
next_crontab:
@@ -542,7 +542,7 @@
|| regcomp(&tradre, "^[a-z0-9][a-z0-9-]*$", REG_NOSUB)
|| regcomp(&classicalre, "^[a-zA-Z0-9_-]+$",
REG_EXTENDED | REG_NOSUB)) {
- log_it("CRON", getpid(), "REGEX FAILED", "valid_name");
+ log_it(LOG_NOTICE, "CRON", getpid(), "REGEX FAILED", "valid_name");
(void) exit(ERROR_EXIT);
}
}
@@ -595,11 +595,11 @@
/* Allocate an empty crontab with the specified mtime, add it to new DB
*/
if ((u = (user *) malloc(sizeof(user))) == NULL) {
errno = ENOMEM;
- }
+ }
if ((u->name = strdup(fname)) == NULL) {
free(u);
errno = ENOMEM;
- }
+ }
u->mtime = old_mtime;
u->crontab = NULL;
#ifdef WITH_SELINUX
@@ -634,7 +634,7 @@
orphans = next;
} else {
prev_orphan->next = next;
- }
+ }
process_crontab(o->uname, o->fname, o->tabname,
&statbuf, db, NULL);
@@ -642,19 +642,19 @@
/* process_crontab could have added a new orphan */
if (prev_orphan == NULL && orphans != next) {
prev_orphan = orphans;
- }
+ }
free_orphan(o);
o = next;
} else {
prev_orphan = o;
o = o->next;
- }
- }
+ }
+ }
}
static void
add_orphan(const char *uname, const char *fname, const char *tabname) {
- orphan *o;
+ orphan *o;
o = calloc(1, sizeof(*o));
if (o == NULL)
diff -u cron-3.0pl1/debian/changelog cron-3.0pl1/debian/changelog
--- cron-3.0pl1/debian/changelog
+++ cron-3.0pl1/debian/changelog
@@ -1,3 +1,10 @@
+cron (3.0pl1-127+deb8u1.1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * SYSLOG fix
+
+ -- root <root@b257580ceda0> Fri, 12 Jan 2018 12:53:51 +0000
+
cron (3.0pl1-127+deb8u1) jessie; urgency=medium
* d/cron.service: Use KillMode=process to kill only the daemon.
diff -u cron-3.0pl1/do_command.c cron-3.0pl1/do_command.c
--- cron-3.0pl1/do_command.c
+++ cron-3.0pl1/do_command.c
@@ -39,7 +39,7 @@
};
#define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \
fprintf(stderr,"\n%s\n",pam_strerror(pamh, retcode)); \
- syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \
+ log_it(LOG_ERR, "CRON", getpid(), "PAM ERROR", pam_strerror(pamh,
retcode)); \
pam_end(pamh, retcode); exit(1); \
}
#endif
@@ -71,7 +71,11 @@
while ((cronvar = cronenv[count++])) {
if (!(jobenv = env_set(jobenv, cronvar))) {
- syslog(LOG_ERR, "Setting Cron environment variable %s
failed", cronvar);
+ char buf[MAX_TEMPSTR];
+ snprintf(buf, MAX_TEMPSTR,
+ "Setting Cron environment variable %s failed\n",
+ cronvar);
+ log_it(LOG_ERR, "CRON", getpid(), "CRON ENVIROMENT
FAIL", buf);
return NULL;
}
}
@@ -96,7 +100,7 @@
*/
switch (fork()) {
case -1:
- log_it("CRON",getpid(),"error","can't fork");
+ log_it(LOG_ERR, "CRON", getpid(), "error", "can't fork");
break;
case 0:
/* child process */
@@ -164,7 +168,7 @@
end = mailto + strcspn(mailto, " \t\n");
if (*mailto == '-' || *end != '\0') {
printf("Bad Mailto karma.\n");
- log_it("CRON",getpid(),"error","bad mailto");
+ log_it(LOG_ERR, "CRON", getpid(), "error", "bad
mailto");
mailto = NULL;
}
}
@@ -193,10 +197,10 @@
pipe(stdin_pipe); /* child's stdin */
/* child's stdout */
if ((tmpout = tmpfile()) == NULL) {
- log_it("CRON", getpid(), "error", "create tmpfile");
+ log_it(LOG_ERR, "CRON", getpid(), "error", "create tmpfile");
exit(ERROR_EXIT);
}
-
+
/* since we are a forked process, we can diddle the command string
* we were passed -- nobody else is going to use it again, right?
*
@@ -252,7 +256,7 @@
*/
switch (job_pid = fork()) {
case -1:
- log_it("CRON",getpid(),"error","can't fork");
+ log_it(LOG_ERR, "CRON", getpid(), "error", "can't fork");
exit(ERROR_EXIT);
/*NOTREACHED*/
case 0:
@@ -266,7 +270,7 @@
*/
if ( (log_level & CRON_LOG_JOBSTART) && ! (log_level &
CRON_LOG_JOBPID)) {
char *x = mkprints((u_char *)e->cmd, strlen(e->cmd));
- log_it(usernm, getpid(), "CMD", x);
+ log_it(LOG_INFO, usernm, getpid(), "CMD", x);
free(x);
}
/* nothing to log from now on. close the log files.
@@ -313,7 +317,7 @@
char msg[256];
snprintf(msg, 256, "do_command:setgid(%lu) failed: %s",
(unsigned long) e->gid, strerror(errno));
- log_it("CRON",getpid(),"error",msg);
+ log_it(LOG_ERR, "CRON", getpid(), "error", msg);
exit(ERROR_EXIT);
}
# if defined(BSD) || defined(POSIX)
@@ -321,23 +325,23 @@
char msg[256];
snprintf(msg, 256, "do_command:initgroups(%lu) failed: %s",
(unsigned long) e->gid, strerror(errno));
- log_it("CRON",getpid(),"error",msg);
+ log_it(LOG_ERR, "CRON", getpid(), "error", msg);
exit(ERROR_EXIT);
}
# endif
if (setuid(e->uid) !=0) { /* we aren't root after this... */
char msg[256];
snprintf(msg, 256, "do_command:setuid(%lu) failed: %s",
- (unsigned long) e->uid, strerror(errno));
- log_it("CRON",getpid(),"error",msg);
+ (unsigned long) e->uid, strerror(errno));
+ log_it(LOG_ERR, "CRON", getpid(), "error", msg);
exit(ERROR_EXIT);
- }
+ }
chdir(env_get("HOME", e->envp));
/* exec the command.
*/
{
- char **jobenv = build_env(e->envp);
+ char **jobenv = build_env(e->envp);
char *shell = env_get("SHELL", jobenv);
# if DEBUGGING
if (DebugFlags & DTEST) {
@@ -386,7 +390,7 @@
char logcmd[MAX_COMMAND + 8];
snprintf(logcmd, sizeof(logcmd), "[%d] %s", (int)
job_pid, e->cmd);
char *x = mkprints((u_char *)logcmd, strlen(logcmd));
- log_it(usernm, getpid(), "CMD", x);
+ log_it(LOG_INFO, usernm, getpid(), "CMD", x);
free(x);
}
break;
@@ -495,14 +499,14 @@
status = waiter;
snprintf(msg, 256, "grandchild #%d failed with
exit "
"status %d", pid, WEXITSTATUS(waiter));
- log_it("CRON", getpid(), "error", msg);
+ log_it(LOG_ERR, "CRON", getpid(), "error", msg);
} else if (WIFSIGNALED(waiter)) {
status = waiter;
snprintf(msg, 256, "grandchild #%d terminated
by signal"
" %d%s", pid, WTERMSIG(waiter),
WCOREDUMP(waiter) ? ", dumped core" :
"");
- log_it("CRON", getpid(), "error", msg);
- }
+ log_it(LOG_ERR, "CRON", getpid(), "error", msg);
+ }
}
}
@@ -510,10 +514,10 @@
// the user if their job failed. Avoid popening the mailcmd until now
// since sendmail may time out, and to write info about the exit
// status.
-
+
long pos;
struct stat mcsb;
- int statret;
+ int statret;
fseek(tmpout, 0, SEEK_END);
pos = ftell(tmpout);
@@ -534,7 +538,7 @@
if ((statret = stat(MAILCMD, &mcsb)) != 0) {
Debug(DPROC|DEXT, ("%s not found, not sending mail\n", MAILCMD))
if (pos > 0) {
- log_it("CRON", getpid(), "info", "No MTA installed,
discarding output");
+ log_it(LOG_NOTICE, "CRON", getpid(), "info", "No MTA
installed, discarding output");
}
goto mail_finished;
} else {
@@ -545,7 +549,7 @@
register int bytes = 0;
register char **env;
- char **jobenv = build_env(e->envp);
+ char **jobenv = build_env(e->envp);
auto char mailcmd[MAX_COMMAND];
auto char hostname[MAXHOSTNAMELEN];
char *content_type = env_get("CONTENT_TYPE",jobenv),
@@ -573,7 +577,7 @@
fprintf(mail, "Content-Type: text/plain; charset=%s\n",
cron_default_mail_charset
);
- } else {
+ } else {
/* user specified Content-Type header.
* disallow new-lines for security reasons
* (else users could specify arbitrary mail headers!)
@@ -606,7 +610,7 @@
fputc('\n', mail);
// Append the actual output of the child to the mail
-
+
char buf[4096];
int ret, remain;
@@ -638,11 +642,11 @@
"mailed %d byte%s of output "
"but got status 0x%04x from MTA\n",
bytes, (bytes==1)?"":"s", status);
- log_it(usernm, getpid(), "MAIL", buf);
+ log_it(LOG_NOTICE, usernm, getpid(), "MAIL", buf);
}
if (ferror(tmpout)) {
- log_it(usernm, getpid(), "MAIL", "stream error reading output");
+ log_it(LOG_NOTICE, usernm, getpid(), "MAIL", "stream error
reading output");
}
mail_finished:
@@ -657,7 +661,7 @@
} else {
x = mkprints((u_char *)e->cmd, strlen(e->cmd));
}
- log_it(usernm, job_pid, "END", x);
+ log_it(LOG_INFO, usernm, job_pid, "END", x);
free(x);
}
diff -u cron-3.0pl1/misc.c cron-3.0pl1/misc.c
--- cron-3.0pl1/misc.c
+++ cron-3.0pl1/misc.c
@@ -197,7 +197,7 @@
struct stat sb;
mode_t um;
struct group *gr;
-
+
/* first check for CRONDIR ("/var/cron" or some such)
*/
if (stat(CRONDIR, &sb) < OK && errno == ENOENT) {
@@ -304,7 +304,7 @@
snprintf(buf, MAX_TEMPSTR, "can't open or create %s:
%s",
pidfile, strerror(errno));
fprintf(stderr, "%s: %s\n", ProgramName, buf);
- log_it("CRON", getpid(), "DEATH", buf);
+ log_it(LOG_ERR, "CRON", getpid(), "DEATH", buf);
exit(ERROR_EXIT);
}
@@ -315,11 +315,11 @@
snprintf(buf, MAX_TEMPSTR, "can't lock %s, otherpid may
be %d: %s",
pidfile, otherpid, strerror(save_errno));
fprintf(stderr, "%s: %s\n", ProgramName, buf);
- log_it("CRON", getpid(), "DEATH", buf);
+ log_it(LOG_ERR, "CRON", getpid(), "DEATH", buf);
exit(ERROR_EXIT);
}
snprintf(buf, MAX_TEMPSTR, "pidfile fd = %d", fd);
- log_it("CRON", getpid(), "INFO", buf);
+ log_it(LOG_INFO, "CRON", getpid(), "INFO", buf);
(void) fcntl(fd, F_SETFD, 1);
}
@@ -331,7 +331,7 @@
/* abandon fd and fp even though the file is open. we need to
* keep it open and locked, but we don't need the handles elsewhere.
*/
-
+
}
/* get_char(file) : like getc() but increment LineNumber on newlines
@@ -487,7 +487,7 @@
#endif
}
- if (allow)
+ if (allow)
isallowed = in_file(username, allow);
else
isallowed = TRUE; /* Allow access if ALLOW_FILE does not exist
*/
@@ -496,7 +496,7 @@
#endif
#ifdef WITH_AUDIT
- /* Log an audit message if the user is rejected */
+ /* Log an audit message if the user is rejected */
if (isallowed == FALSE) {
int audit_fd = audit_open();
audit_log_user_message(audit_fd, AUDIT_USER_START, "cron deny",
@@ -509,7 +509,8 @@
void
-log_it(username, xpid, event, detail)
+log_it(priority, username, xpid, event, detail)
+ int priority;
char *username;
int xpid;
char *event;
@@ -525,9 +526,42 @@
#if defined(LOG_FILE)
+
+ /* Logging priority parsing */
+ char *prio;
+ switch(priority){
+ case LOG_EMERG:
+ prio = "EMERGENCY: ";
+ break;
+ case LOG_ALERT:
+ prio = "ALERT: ";
+ break;
+ case LOG_CRIT:
+ prio = "CRITICAL: ";
+ break;
+ case LOG_ERR:
+ prio = "ERROR: ";
+ break;
+ case LOG_WARNING:
+ prio = "WARNING: ";
+ break;
+ case LOG_NOTICE:
+ prio = "NOTICE: ";
+ break;
+ case LOG_INFO:
+ prio = "INFO: ";
+ break;
+ case LOG_DEBUG:
+ prio = "DEBUG: ";
+ break;
+ default:
+ prio = "INFO: ";
+ break;
+ }
+
/* we assume that MAX_TEMPSTR will hold the date, time, &punctuation.
*/
- msg_size = strlen(username) + strlen(event) + strlen(detail) +
MAX_TEMPSTR;
+ msg_size = strlen(prio) + strlen(username) + strlen(event) +
strlen(detail) + MAX_TEMPSTR;
msg = malloc(msg_size);
if (msg == NULL) {
/* damn, out of mem and we did not test that before... */
@@ -549,8 +583,8 @@
* everything out in one chunk and this has to be atomically appended
* to the log file.
*/
- snprintf(msg, msg_size, "%s (%02d/%02d-%02d:%02d:%02d-%d) %s (%s)\n",
- username,
+ snprintf(msg, msg_size, "%s%s (%02d/%02d-%02d:%02d:%02d-%d) %s (%s)\n",
+ prio, username,
t->tm_mon+1, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec, pid,
event, detail);
@@ -581,16 +615,16 @@
# else
openlog(ProgramName, LOG_PID);
# endif
-
- syslog(LOG_INFO, "(%s) %s (%s)", username, event, detail);
+
+ syslog(priority, "(%s) %s (%s)", username, event, detail);
closelog();
#endif /*SYSLOG*/
#if DEBUGGING
if (DebugFlags) {
- fprintf(stderr, "log_it: (%s %d) %s (%s)\n",
- username, xpid, event, detail);
+ fprintf(stderr, "log_it: priority %d (%s %d) %s (%s)\n",
+ priority, username, xpid, event, detail);
}
#endif
}
diff -u cron-3.0pl1/pathnames.h cron-3.0pl1/pathnames.h
--- cron-3.0pl1/pathnames.h
+++ cron-3.0pl1/pathnames.h
@@ -54,7 +54,7 @@
#define ALLOW_FILE "allow" /*-*/
#define DENY_FILE "deny" /*-*/
#endif
-/* #define LOG_FILE "log" -*/
+/* #define LOG_FILE "log" -*/
/* where should the daemon stick its PID?
*/
@@ -68,7 +68,7 @@
/* 4.3BSD-style crontab */
#define SYSCRONTAB "/etc/crontab"
#ifdef DEBIAN
- /* where package specific crontabs live */
+ /* where package specific crontabs live */
#define SYSCRONDIR "/etc/cron.d"
#endif
/* what editor to use if no EDITOR or VISUAL
@@ -111,7 +111,7 @@
#ifndef SPOOL_DIR_GROUP
/* Chown SPOOL_DIR to this group (needed by Debian's
* SGID crontab feature)
- */
+ */
#define SPOOL_DIR_GROUP "crontab"
#endif
#endif
diff -u cron-3.0pl1/popen.c cron-3.0pl1/popen.c
--- cron-3.0pl1/popen.c
+++ cron-3.0pl1/popen.c
@@ -128,7 +128,7 @@
char msg[256];
snprintf(msg, 256, "popen:setgid(%lu) failed: %s",
(unsigned long) e->gid, strerror(errno));
- log_it("CRON",getpid(),"error",msg);
+ log_it(LOG_ERR, "CRON", getpid(), "error", msg);
exit(ERROR_EXIT);
}
# if defined(BSD) || defined(POSIX)
@@ -136,17 +136,17 @@
char msg[256];
snprintf(msg, 256, "popen:initgroups(%lu) failed: %s",
(unsigned long) e->gid, strerror(errno));
- log_it("CRON",getpid(),"error",msg);
+ log_it(LOG_ERR, "CRON", getpid(), "error", msg);
exit(ERROR_EXIT);
}
# endif
if (setuid(e->uid) !=0) {
char msg[256];
snprintf(msg, 256, "popen: setuid(%lu) failed: %s",
- (unsigned long) e->uid, strerror(errno));
- log_it("CRON",getpid(),"error",msg);
+ (unsigned long) e->uid, strerror(errno));
+ log_it(LOG_ERR, "CRON", getpid(), "error", msg);
exit(ERROR_EXIT);
- }
+ }
chdir(env_get("HOME", e->envp));
#if WANT_GLOBBING
diff -u cron-3.0pl1/user.c cron-3.0pl1/user.c
--- cron-3.0pl1/user.c
+++ cron-3.0pl1/user.c
@@ -22,8 +22,9 @@
/* vix 26jan87 [log is in RCS file]
*/
-
+#if defined(SYSLOG)
#include <syslog.h>
+#endif
#include <string.h>
#include "cron.h"
@@ -49,7 +50,7 @@
if (name != NULL) {
if (getseuserbyname(name, &seuser, &level)) {
- log_it(name, getpid(), "getseuserbyname FAILED", tabname);
+ log_it(LOG_ERR, name, getpid(), "getseuserbyname FAILED", tabname);
return (security_getenforce() > 0);
}
}
@@ -60,7 +61,7 @@
*rcontext = NULL;
if(getcon(¤t_con)) {
- log_it(name, getpid(), "Can't get current context", tabname);
+ log_it(LOG_ERR, name, getpid(), "Can't get current context", tabname);
return -1;
}
list_count = get_ordered_context_list_with_level(seuser, level,
current_con, &context_list);
@@ -69,10 +70,10 @@
free(level);
if (list_count == -1) {
if (security_getenforce() > 0) {
- log_it(name, getpid(), "No SELinux security context", tabname);
+ log_it(LOG_ERR, name, getpid(), "No SELinux security context",
tabname);
return -1;
} else {
- log_it(name, getpid(),
+ log_it(LOG_NOTICE, name, getpid(),
"No security context but SELinux in permissive mode,"
" continuing", tabname);
return 0;
@@ -81,11 +82,11 @@
if (fgetfilecon(crontab_fd, &file_context) < OK) {
if (security_getenforce() > 0) {
- log_it(name, getpid(), "getfilecon FAILED", tabname);
+ log_it(LOG_ERR, name, getpid(), "getfilecon FAILED", tabname);
freeconary(context_list);
return -1;
} else {
- log_it(name, getpid(), "getfilecon FAILED but SELinux in "
+ log_it(LOG_NOTICE, name, getpid(), "getfilecon FAILED but SELinux
in "
"permissive mode, continuing", tabname);
*rcontext = strdup(context_list[0]);
freeconary(context_list);
@@ -117,11 +118,11 @@
}
freecon(file_context);
if (security_getenforce() > 0) {
- log_it(name, getpid(), "ENTRYPOINT FAILED", tabname);
+ log_it(LOG_ERR, name, getpid(), "ENTRYPOINT FAILED", tabname);
freeconary(context_list);
return -1;
} else {
- log_it(name, getpid(), "ENTRYPOINT FAILED but SELinux in permissive
mode, continuing", tabname);
+ log_it(LOG_NOTICE, name, getpid(), "ENTRYPOINT FAILED but SELinux in
permissive mode, continuing", tabname);
*rcontext = strdup(context_list[0]);
freeconary(context_list);
}
@@ -143,14 +144,24 @@
const char *fn;
/* Figure out the file name from the username */
if (0 == strcmp(err_user,"*system*")) {
- syslog(LOG_ERR|LOG_CRON,"Error: %s; while reading %s", msg, SYSCRONTAB);
+ char buf[MAX_TEMPSTR];
+ snprintf(buf, MAX_TEMPSTR,
+ "Error: %s; while reading %s",
+ msg, SYSCRONTAB);
+ log_it(LOG_ERR, err_user, getpid(), "ERROR", buf);
} else if (0 == strncmp(err_user,"*system*",8)) {
fn = err_user+8;
- syslog(LOG_ERR|LOG_CRON,"Error: %s; while reading %s/%s", msg,
- SYSCRONDIR,fn);
+ char buf[MAX_TEMPSTR];
+ snprintf(buf, MAX_TEMPSTR,
+ "Error: %s; while reading %s/%s",
+ msg, SYSCRONDIR, fn);
+ log_it(LOG_ERR, err_user, getpid(), "ERROR", buf);
} else {
- syslog(LOG_ERR|LOG_CRON, "Error: %s; while reading crontab for user %s",
- msg, err_user);
+ char buf[MAX_TEMPSTR];
+ snprintf(buf, MAX_TEMPSTR,
+ "Error: %s; while reading crontab for user %s",
+ msg, err_user);
+ log_it(LOG_ERR, err_user, getpid(), "ERROR", buf);
}
}
@@ -217,7 +228,7 @@
if (pw==NULL) {
sname="system_u";
}
- if (get_security_context(sname, crontab_fd,
+ if (get_security_context(sname, crontab_fd,
&u->scontext, tabname) != 0 ) {
u->scontext = NULL;
free_user(u);
@@ -228,7 +239,7 @@
#endif
- /*
+ /*
* init environment. this will be copied/augmented for each entry.
*/
if ((envp = env_init()) == NULL) {
@@ -251,7 +262,7 @@
* newline, so we bail out
*/
if (envstr[0] != '\0') {
- log_it(u->name, getpid(), "ERROR", "Missing "
+ log_it(LOG_WARNING, u->name, getpid(),
"ERROR", "Missing "
"newline before EOF, this crontab file will be
"
"ignored");
free_user(u);
@@ -271,9 +282,9 @@
u->crontab = e;
} else {
/* stop processing on syntax error */
- log_it(u->name, getpid(), "ERROR", "Syntax "
+ log_it(LOG_WARNING, u->name, getpid(), "ERROR",
"Syntax "
"error, this crontab file will be "
- "ignored");
+ "ignored");
free_user(u);
u = NULL;
goto done;
--- End Message ---
signature.asc
