Bug #9856
pkcs11_tpm.so.1 changes syslog facility
100%
Description
This problem appeared to me with sendmail on a recent OI version. With sendmail, there are two long-running processes. The client logged to the LOG_MAIL syslog facility, with output appearing in /var/log/syslog . However, the MTA logged to the LOG_DAEMON syslog facility, with output appearing in /var/adm/messages .
The sendmail source only calls openlog() with the LOG_MAIL facility. Something else must be calling openlog() with the LOG_DAEMON facility. This turned out to be the pkcs11_tpm.so.1 shared library. The code in usr/src/lib/pkcs11/pkcs11_tpm/common/apiutil.c is like this:
void
loginit() {
if (!enabled) {
enabled = 1;
openlog("tpmtoken", LOG_PID | LOG_NDELAY, LOG_DAEMON);
(void) setlogmask(LOG_UPTO(LOG_DEBUG));
logit(LOG_DEBUG, "Logging enabled %d enabled", enabled);
}
}
void
logterm()
{
closelog();
enabled = 0;
}
/*ARGSUSED*/
void
logit(int type, char *fmt, ...)
{
#ifdef DEBUG
va_list pvar;
char buffer[BUFSIZ];
if (enabled) {
if (type <= logging) {
va_start(pvar, fmt);
(void) vsnprintf(buffer, sizeof (buffer), fmt, pvar);
va_end(pvar);
syslog(type, buffer);
}
}
#else
return;
#endif /* DEBUG */
}
As is evident to all, the body of the logit() function is only included when DEBUG is defined. However, there's no similar treatment for the loginit() or logterm() functions. This omission means that loginit() will call openlog whenever it's invoked, but will not call syslog() .
Updated by