logsrvd_conf_apply: Open server log after opening the event log

This way we avoid calling sudo_warn_set_conversation() until the
point of no return.

Found by the ZeroPath AI Security Engineer <https://zeropath.com>

Author: millert

logsrvd/logsrvd_conf.c

@@ -1825,7 +1825,28 @@ logsrvd_conf_apply(struct logsrvd_config *config)
     if (TAILQ_EMPTY(&config->relay.relays.addrs))
 	config->relay.store_first = false;
 
-    /* Open server log if specified. */
+    /* Open event log if specified. */
+    switch (config->eventlog.log_type) {
+    case EVLOG_SYSLOG:
+	openlog("sudo", 0, config->syslog.facility);
+	break;
+    case EVLOG_FILE:
+	config->logfile.stream = logsrvd_open_eventlog(config);
+	if (config->logfile.stream == NULL)
+	    debug_return_bool(false);
+	break;
+    case EVLOG_NONE:
+	break;
+    default:
+	sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
+	    "cannot open unknown log type %d", config->eventlog.log_type);
+	break;
+    }
+
+    /*
+     * Open server log if specified.
+     * We do this last due to the sudo_warn_set_conversation() call.
+     */
     switch (config->server.log_type) {
     case SERVER_LOG_SYSLOG:
 	sudo_warn_set_conversation(logsrvd_conv_syslog);
@@ -1850,24 +1871,6 @@ logsrvd_conf_apply(struct logsrvd_config *config)
 	break;
     }
 
-    /* Open event log if specified. */
-    switch (config->eventlog.log_type) {
-    case EVLOG_SYSLOG:
-	openlog("sudo", 0, config->syslog.facility);
-	break;
-    case EVLOG_FILE:
-	config->logfile.stream = logsrvd_open_eventlog(config);
-	if (config->logfile.stream == NULL)
-	    debug_return_bool(false);
-	break;
-    case EVLOG_NONE:
-	break;
-    default:
-	sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
-	    "cannot open unknown log type %d", config->eventlog.log_type);
-	break;
-    }
-
     /*
      * Update event and I/O log library config and install the new
      * logsrvd config.  We must not fail past this point or the event