daemonization: make sure the firewall subproc sends to syslog too.

author: Avery Pennarun <apenwarr@gmail.com> 2011-01-01 00:06:04 -0800
committer: Avery Pennarun <apenwarr@gmail.com> 2011-01-01 00:22:09 -0800
commit: 5bf6e40682c0957931fe09eddbe598fb48519702 (patch)
tree: b8a7865e6c23a4f2f6c98e19f4cb4c36cfaa32fb
parent: 8a5ae1a40a553ae6ddf64d292c6a6c3e55d623ff (diff)
4 files changed, 33 insertions, 24 deletions
diff --git a/client.py b/client.py
index b9555f1..8946a69 100644
--- a/client.py
+++ b/client.py
@@ -1,25 +1,10 @@
 import struct, socket, select, errno, re, signal
 import compat.ssubprocess as ssubprocess
-import helpers, ssnet, ssh
+import helpers, ssnet, ssh, ssyslog
 from ssnet import SockWrapper, Handler, Proxy, Mux, MuxWrapper
 from helpers import *
 
 
-_loggerp = None
-def start_syslog():
-    global _loggerp
-    _loggerp = ssubprocess.Popen(['logger',
-                                  '-p', 'daemon.info',
-                                  '-t', 'sshuttle'], stdin=ssubprocess.PIPE)
-
-
-def stderr_to_syslog():
-    sys.stdout.flush()
-    sys.stderr.flush()
-    os.dup2(_loggerp.stdin.fileno(), 1)
-    os.dup2(_loggerp.stdin.fileno(), 2)
-
-
 def got_signal(signum, frame):
     log('exiting on signal %d\n' % signum)
     sys.exit(1)
@@ -77,10 +62,10 @@ def daemonize():
     
     si = open('/dev/null', 'r+')
     os.dup2(si.fileno(), 0)
+    os.dup2(si.fileno(), 1)
     si.close()
 
-    stderr_to_syslog()
-    log('daemonizing (%s).\n' % _pidname)
+    ssyslog.stderr_to_syslog()
 
 
 def daemon_cleanup():
@@ -118,6 +103,8 @@ class FirewallClient:
         argvbase = ([sys.argv[0]] +
                     ['-v'] * (helpers.verbose or 0) +
                     ['--firewall', str(port)])
+        if ssyslog._p:
+            argvbase += ['--syslog']
         argv_tries = [
             ['sudo', '-p', '[local sudo] Password: '] + argvbase,
             ['su', '-c', ' '.join(argvbase)],
@@ -197,7 +184,7 @@ def _main(listener, fw, ssh_cmd, remotename, python, seed_hosts, auto_nets,
 
     try:
         (serverproc, serversock) = ssh.connect(ssh_cmd, remotename, python,
-                                               stderr=_loggerp.stdin)
+                        stderr=ssyslog._p and ssyslog._p.stdin)
     except socket.error, e:
         if e.errno == errno.EPIPE:
             raise Fatal("failed to establish ssh session")
@@ -219,8 +206,10 @@ def _main(listener, fw, ssh_cmd, remotename, python, seed_hosts, auto_nets,
     debug1('connected.\n')
     if daemon:
         daemonize()
+        log('daemonizing (%s).\n' % _pidname)
     elif syslog:
-        stderr_to_syslog()
+        debug1('switching to syslog.\n')
+        ssyslog.stderr_to_syslog()
 
     def onroutes(routestr):
         if auto_nets:
@@ -279,7 +268,7 @@ def _main(listener, fw, ssh_cmd, remotename, python, seed_hosts, auto_nets,
 def main(listenip, ssh_cmd, remotename, python, seed_hosts, auto_nets,
          subnets_include, subnets_exclude, syslog, daemon, pidfile):
     if syslog:
-        start_syslog()
+        ssyslog.start_syslog()
     if daemon:
         try:
             check_daemon(pidfile)
diff --git a/firewall.py b/firewall.py
index 36ba768..044ac52 100644
--- a/firewall.py
+++ b/firewall.py
@@ -1,6 +1,6 @@
 import re, errno
 import compat.ssubprocess as ssubprocess
-import helpers
+import helpers, ssyslog
 from helpers import *
 
 
@@ -216,7 +216,7 @@ def restore_etc_hosts(port):
 # exit.  In case that fails, it's not the end of the world; future runs will
 # supercede it in the transproxy list, at least, so the leftover rules
 # are hopefully harmless.
-def main(port):
+def main(port, syslog):
     assert(port > 0)
     assert(port <= 65535)
 
@@ -235,6 +235,10 @@ def main(port):
     # can read from it.
     os.dup2(1, 0)
 
+    if syslog:
+        ssyslog.start_syslog()
+        ssyslog.stderr_to_syslog()
+
     debug1('firewall manager ready.\n')
     sys.stdout.write('READY\n')
     sys.stdout.flush()
diff --git a/main.py b/main.py
index 1c96340..04495e1 100755
--- a/main.py
+++ b/main.py
@@ -82,7 +82,7 @@ try:
     elif opt.firewall:
         if len(extra) != 1:
             o.fatal('exactly one argument expected')
-        sys.exit(firewall.main(int(extra[0])))
+        sys.exit(firewall.main(int(extra[0]), opt.syslog))
     elif opt.hostwatch:
         sys.exit(hostwatch.hw_main(extra))
     else:
diff --git a/ssyslog.py b/ssyslog.py
new file mode 100644
index 0000000..9958c9d
--- /dev/null
+++ b/ssyslog.py
@@ -0,0 +1,16 @@
+import sys, os
+from compat import ssubprocess
+
+
+_p = None
+def start_syslog():
+    global _p
+    _p = ssubprocess.Popen(['logger',
+                            '-p', 'daemon.info',
+                            '-t', 'sshuttle'], stdin=ssubprocess.PIPE)
+
+
+def stderr_to_syslog():
+    sys.stdout.flush()
+    sys.stderr.flush()
+    os.dup2(_p.stdin.fileno(), 2)
author	Avery Pennarun <apenwarr@gmail.com>	2011-01-01 00:06:04 -0800
committer	Avery Pennarun <apenwarr@gmail.com>	2011-01-01 00:22:09 -0800
commit	5bf6e40682c0957931fe09eddbe598fb48519702 (patch)
tree	b8a7865e6c23a4f2f6c98e19f4cb4c36cfaa32fb
parent	8a5ae1a40a553ae6ddf64d292c6a6c3e55d623ff (diff)