Bug #9856
closedpkcs11_tpm.so.1 changes syslog facility
100%
Description
This problem appeared to me with sendmail on a recent OI version. With sendmail, there are two long-running processes. The client logged to the LOG_MAIL syslog facility, with output appearing in /var/log/syslog . However, the MTA logged to the LOG_DAEMON syslog facility, with output appearing in /var/adm/messages .
The sendmail source only calls openlog() with the LOG_MAIL facility. Something else must be calling openlog() with the LOG_DAEMON facility. This turned out to be the pkcs11_tpm.so.1 shared library. The code in usr/src/lib/pkcs11/pkcs11_tpm/common/apiutil.c is like this:
void loginit() { if (!enabled) { enabled = 1; openlog("tpmtoken", LOG_PID | LOG_NDELAY, LOG_DAEMON); (void) setlogmask(LOG_UPTO(LOG_DEBUG)); logit(LOG_DEBUG, "Logging enabled %d enabled", enabled); } } void logterm() { closelog(); enabled = 0; } /*ARGSUSED*/ void logit(int type, char *fmt, ...) { #ifdef DEBUG va_list pvar; char buffer[BUFSIZ]; if (enabled) { if (type <= logging) { va_start(pvar, fmt); (void) vsnprintf(buffer, sizeof (buffer), fmt, pvar); va_end(pvar); syslog(type, buffer); } } #else return; #endif /* DEBUG */ }
As is evident to all, the body of the logit() function is only included when DEBUG is defined. However, there's no similar treatment for the loginit() or logterm() functions. This omission means that loginit() will call openlog whenever it's invoked, but will not call syslog() .