Bug 8165 - Inverted WITH_SYSLOG condition in vfs_full_audit.c
Inverted WITH_SYSLOG condition in vfs_full_audit.c
Status: NEW
Product: Samba 3.6
Classification: Unclassified
Component: VFS Modules
All All
: P5 major
: ---
Assigned To: Samba Bugzilla Account
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2011-05-25 10:52 UTC by freeserif
Modified: 2014-08-11 15:06 UTC (History)
0 users

See Also:

git-am fix for 3.6.0 (953 bytes, patch)
2011-05-25 21:23 UTC, Jeremy Allison
vl: review-

Note You need to log in before you can comment on or make changes to this bug.
Description freeserif 2011-05-25 10:52:37 UTC
In 3ad9d10, the following was added to source3/modules/vfs_full_audit.c:

@@ -606,7 +614,9 @@ static int smb_full_audit_connect(vfs_handle_struct *handle,
+#ifndef WITH_SYSLOG
        openlog("smbd_audit", 0, audit_syslog_facility(handle));

I believe that to be a typo and it should rather be like this:

diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index e4d9599..cb03413 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -617,7 +617,7 @@ static int smb_full_audit_connect(vfs_handle_struct *handle,
                return -1;
-#ifndef WITH_SYSLOG
        openlog("smbd_audit", 0, audit_syslog_facility(handle));

This is in 3.5 as well as 3.6 (not in 3.4 or earlier); a fix in both branches would be appreciated.

Severity set to major because it dearly breaks setups where log sorting is based on this particular syslog tag, thus rendering the audit log moot at best, which sort of defeats the purpose of audit logging in the first place.
Comment 1 Jeremy Allison 2011-05-25 21:23:56 UTC
Created attachment 6488 [details]
git-am fix for 3.6.0

Simple fix proposed by submitter.
Comment 2 Volker Lendecke 2014-08-11 15:06:17 UTC
Comment on attachment 6488 [details]
git-am fix for 3.6.0

This patch is wrong (although it's in master in this form). The idea is to not call openlog twice: In debug.c we already did under a different name.

Jeremy, what do you think?