From owner-svn-src-stable-8@FreeBSD.ORG  Mon Sep 12 06:41:14 2011
Return-Path: <owner-svn-src-stable-8@FreeBSD.ORG>
Delivered-To: svn-src-stable-8@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0A2E5106566B;
	Mon, 12 Sep 2011 06:41:14 +0000 (UTC)
	(envelope-from delphij@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id E406F8FC08;
	Mon, 12 Sep 2011 06:41:13 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id p8C6fDMm014121;
	Mon, 12 Sep 2011 06:41:13 GMT (envelope-from delphij@svn.freebsd.org)
Received: (from delphij@localhost)
	by svn.freebsd.org (8.14.4/8.14.4/Submit) id p8C6fDrn014118;
	Mon, 12 Sep 2011 06:41:13 GMT (envelope-from delphij@svn.freebsd.org)
Message-Id: <201109120641.p8C6fDrn014118@svn.freebsd.org>
From: Xin LI <delphij@FreeBSD.org>
Date: Mon, 12 Sep 2011 06:41:13 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org
X-SVN-Group: stable-8
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r225504 - stable/8/usr.sbin/syslogd
X-BeenThere: svn-src-stable-8@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for only the 8-stable src tree
	<svn-src-stable-8.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable-8>, 
	<mailto:svn-src-stable-8-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-8>
List-Post: <mailto:svn-src-stable-8@freebsd.org>
List-Help: <mailto:svn-src-stable-8-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable-8>, 
	<mailto:svn-src-stable-8-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Sep 2011 06:41:14 -0000

Author: delphij
Date: Mon Sep 12 06:41:13 2011
New Revision: 225504
URL: http://svn.freebsd.org/changeset/base/225504

Log:
  MFC r224002:
  
  Add a new option, -N to disable the default and recommended syslogd(8)
  behavior, which binds to the well known UDP port.
  
  This option implies -s.

Modified:
  stable/8/usr.sbin/syslogd/syslogd.8
  stable/8/usr.sbin/syslogd/syslogd.c
Directory Properties:
  stable/8/usr.sbin/syslogd/   (props changed)

Modified: stable/8/usr.sbin/syslogd/syslogd.8
==============================================================================
--- stable/8/usr.sbin/syslogd/syslogd.8	Mon Sep 12 04:56:48 2011	(r225503)
+++ stable/8/usr.sbin/syslogd/syslogd.8	Mon Sep 12 06:41:13 2011	(r225504)
@@ -36,7 +36,7 @@
 .Nd log systems messages
 .Sh SYNOPSIS
 .Nm
-.Op Fl 468ACcdknosuv
+.Op Fl 468ACcdkNnosuv
 .Op Fl a Ar allowed_peer
 .Op Fl b Ar bind_address
 .Op Fl f Ar config_file
@@ -208,6 +208,13 @@ facility is reserved for messages read d
 Select the number of minutes between
 .Dq mark
 messages; the default is 20 minutes.
+.It Fl N
+Disable binding on UDP sockets.  RFC 3164 recommends that outgoing
+syslogd messages should originate from the privileged port, this
+option
+.Em disables
+the recommended behavior.  This option inherits
+.Fl s .
 .It Fl n
 Disable dns query for every request.
 .It Fl o

Modified: stable/8/usr.sbin/syslogd/syslogd.c
==============================================================================
--- stable/8/usr.sbin/syslogd/syslogd.c	Mon Sep 12 04:56:48 2011	(r225503)
+++ stable/8/usr.sbin/syslogd/syslogd.c	Mon Sep 12 06:41:13 2011	(r225504)
@@ -278,6 +278,7 @@ static int	fklog = -1;	/* /dev/klog */
 static int	Initialized;	/* set when we have initialized ourselves */
 static int	MarkInterval = 20 * 60;	/* interval between marks in seconds */
 static int	MarkSeq;	/* mark sequence number */
+static int	NoBind;		/* don't bind() as suggested by RFC 3164 */
 static int	SecureMode;	/* when true, receive only unix domain socks */
 #ifdef INET6
 static int	family = PF_UNSPEC; /* protocol family (IPv4, IPv6 or both) */
@@ -357,7 +358,7 @@ main(int argc, char *argv[])
 		dprintf("madvise() failed: %s\n", strerror(errno));
 
 	bindhostname = NULL;
-	while ((ch = getopt(argc, argv, "468Aa:b:cCdf:kl:m:nop:P:sS:Tuv"))
+	while ((ch = getopt(argc, argv, "468Aa:b:cCdf:kl:m:nNop:P:sS:Tuv"))
 	    != -1)
 		switch (ch) {
 		case '4':
@@ -436,6 +437,10 @@ main(int argc, char *argv[])
 		case 'm':		/* mark interval */
 			MarkInterval = atoi(optarg) * 60;
 			break;
+		case 'N':
+			NoBind = 1;
+			SecureMode = 1;
+			break;
 		case 'n':
 			resolve = 0;
 			break;
@@ -2662,13 +2667,24 @@ socksetup(int af, const char *bindhostna
 			close(*s);
 			continue;
 		}
-		if (bind(*s, r->ai_addr, r->ai_addrlen) < 0) {
-			close(*s);
-			logerror("bind");
-			continue;
-		}
+		/*
+		 * RFC 3164 recommends that client side message
+		 * should come from the privileged syslogd port.
+		 *
+		 * If the system administrator choose not to obey
+		 * this, we can skip the bind() step so that the
+		 * system will choose a port for us.
+		 */
+		if (!NoBind) {
+			if (bind(*s, r->ai_addr, r->ai_addrlen) < 0) {
+				close(*s);
+				logerror("bind");
+				continue;
+			}
 
-		double_rbuf(*s);
+			if (!SecureMode)
+				double_rbuf(*s);
+		}
 
 		(*socks)++;
 		s++;