Imported Upstream version 7.3.11upstream/7.3.11

author: Michael Biebl <biebl@debian.org> 2013-04-23 13:55:44 +0200
committer: Michael Biebl <biebl@debian.org> 2013-04-23 13:55:44 +0200
commit: bd9408b88c40fb9a7dc88f4b2b6f218fcb17a388 (patch)
tree: 8c6f71d9e7c1152679a460e6f5ddda945608a78a /tools
parent: 79b9293acbb763ad949ed7878f138f424dfa85ac (diff)
download: rsyslog-bd9408b88c40fb9a7dc88f4b2b6f218fcb17a388.tar.gz
6 files changed, 857 insertions, 18 deletions
diff --git a/tools/Makefile.am b/tools/Makefile.am
index 21a3286..938782f 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -41,7 +41,8 @@ rsyslogd_CPPFLAGS =  $(PTHREADS_CFLAGS) $(RSRT_CFLAGS)
 # otherwise dependencies are not properly calculated (resulting in a 
 # potentially incomplete build, a problem we had several times...)
 rsyslogd_LDADD = ../grammar/libgrammar.la ../runtime/librsyslog.la $(ZLIB_LIBS) $(PTHREADS_LIBS) $(RSRT_LIBS) $(SOL_LIBS) $(LIBEE_LIBS) $(LIBLOGNORM_LIBS) $(LIBUUID_LIBS)
-rsyslogd_LDFLAGS = -export-dynamic
+rsyslogd_LDFLAGS = -export-dynamic `libgcrypt-config --libs`
+#rsyslogd_LDFLAGS = -export-dynamic $(LIBGCRYPT_LIBS)
 
 EXTRA_DIST = $(man_MANS) \
 	rsgtutil.rst \
@@ -64,10 +65,6 @@ logctl_LDADD = $(LIBMONGO_CLIENT_LIBS)
 endif
 if ENABLE_GUARDTIME
 bin_PROGRAMS += rsgtutil
-#bin_PROGRAMS += logsigner rsgtutil
-#logsigner = logsigner.c
-#logsigner_CPPFLAGS =  $(RSRT_CFLAGS) $(GUARDTIME_CFLAGS)
-#logsigner_LDADD = ../runtime/librsgt.la $(GUARDTIME_LIBS)
 rsgtutil = rsgtutil.c
 rsgtutil_CPPFLAGS =  $(RSRT_CFLAGS) $(GUARDTIME_CFLAGS)
 rsgtutil_LDADD = ../runtime/librsgt.la $(GUARDTIME_LIBS)
@@ -77,4 +74,16 @@ man1_MANS = rsgtutil.1
 CLEANFILES = rsgtutil.1
 EXTRA_DIST+= rsgtutil.1
 endif
+if ENABLE_LIBGCRYPT
+bin_PROGRAMS += rscryutil
+rscryutil = rscryutil.c
+rscryutil_CPPFLAGS = -I../runtime $(RSRT_CFLAGS) $(LIBGCRYPT_CFLAGS)
+rscryutil_LDFLAGS = `libgcrypt-config --libs`
+rscryutil_LDADD = ../runtime/libgcry.la $(LIBGCRYPT_LIBS)
+rscryutil.1: rscryutil.rst
+	$(AM_V_GEN) $(RST2MAN) $< $@
+man1_MANS = rscryutil.1
+CLEANFILES = rscryutil.1
+EXTRA_DIST+= rscryutil.1
+endif
 endif
diff --git a/tools/Makefile.in b/tools/Makefile.in
index cf7dbd6..123efcf 100644
--- a/tools/Makefile.in
+++ b/tools/Makefile.in
@@ -50,12 +50,14 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-sbin_PROGRAMS = rsyslogd$(EXEEXT) $(am__EXEEXT_3)
-bin_PROGRAMS = $(am__EXEEXT_1) $(am__EXEEXT_2)
+sbin_PROGRAMS = rsyslogd$(EXEEXT) $(am__EXEEXT_4)
+bin_PROGRAMS = $(am__EXEEXT_1) $(am__EXEEXT_2) $(am__EXEEXT_3)
 @ENABLE_DIAGTOOLS_TRUE@am__append_1 = rsyslog_diag_hostname msggen zpipe
 @ENABLE_OMMONGODB_TRUE@@ENABLE_USERTOOLS_TRUE@am__append_2 = logctl
 @ENABLE_GUARDTIME_TRUE@@ENABLE_USERTOOLS_TRUE@am__append_3 = rsgtutil
 @ENABLE_GUARDTIME_TRUE@@ENABLE_USERTOOLS_TRUE@am__append_4 = rsgtutil.1
+@ENABLE_LIBGCRYPT_TRUE@@ENABLE_USERTOOLS_TRUE@am__append_5 = rscryutil
+@ENABLE_LIBGCRYPT_TRUE@@ENABLE_USERTOOLS_TRUE@am__append_6 = rscryutil.1
 subdir = tools
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
 	$(top_srcdir)/depcomp
@@ -74,10 +76,11 @@ CONFIG_CLEAN_VPATH_FILES =
 @ENABLE_OMMONGODB_TRUE@@ENABLE_USERTOOLS_TRUE@am__EXEEXT_1 =  \
 @ENABLE_OMMONGODB_TRUE@@ENABLE_USERTOOLS_TRUE@	logctl$(EXEEXT)
 @ENABLE_GUARDTIME_TRUE@@ENABLE_USERTOOLS_TRUE@am__EXEEXT_2 = rsgtutil$(EXEEXT)
+@ENABLE_LIBGCRYPT_TRUE@@ENABLE_USERTOOLS_TRUE@am__EXEEXT_3 = rscryutil$(EXEEXT)
 am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" \
 	"$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man5dir)" \
 	"$(DESTDIR)$(man8dir)"
-@ENABLE_DIAGTOOLS_TRUE@am__EXEEXT_3 = rsyslog_diag_hostname$(EXEEXT) \
+@ENABLE_DIAGTOOLS_TRUE@am__EXEEXT_4 = rsyslog_diag_hostname$(EXEEXT) \
 @ENABLE_DIAGTOOLS_TRUE@	msggen$(EXEEXT) zpipe$(EXEEXT)
 PROGRAMS = $(bin_PROGRAMS) $(sbin_PROGRAMS)
 am__logctl_SOURCES_DIST = logctl.c
@@ -93,6 +96,12 @@ am__msggen_SOURCES_DIST = msggen.c
 @ENABLE_DIAGTOOLS_TRUE@am_msggen_OBJECTS = msggen.$(OBJEXT)
 msggen_OBJECTS = $(am_msggen_OBJECTS)
 msggen_LDADD = $(LDADD)
+rscryutil_SOURCES = rscryutil.c
+rscryutil_OBJECTS = rscryutil-rscryutil.$(OBJEXT)
+@ENABLE_LIBGCRYPT_TRUE@@ENABLE_USERTOOLS_TRUE@rscryutil_DEPENDENCIES = ../runtime/libgcry.la
+rscryutil_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+	$(rscryutil_LDFLAGS) $(LDFLAGS) -o $@
 rsgtutil_SOURCES = rsgtutil.c
 rsgtutil_OBJECTS = rsgtutil-rsgtutil.$(OBJEXT)
 @ENABLE_GUARDTIME_TRUE@@ENABLE_USERTOOLS_TRUE@rsgtutil_DEPENDENCIES = ../runtime/librsgt.la \
@@ -157,12 +166,13 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
 am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
-SOURCES = $(logctl_SOURCES) $(msggen_SOURCES) rsgtutil.c \
+SOURCES = $(logctl_SOURCES) $(msggen_SOURCES) rscryutil.c rsgtutil.c \
 	$(rsyslog_diag_hostname_SOURCES) $(rsyslogd_SOURCES) \
 	$(zpipe_SOURCES)
 DIST_SOURCES = $(am__logctl_SOURCES_DIST) $(am__msggen_SOURCES_DIST) \
-	rsgtutil.c $(am__rsyslog_diag_hostname_SOURCES_DIST) \
-	$(rsyslogd_SOURCES) $(am__zpipe_SOURCES_DIST)
+	rscryutil.c rsgtutil.c \
+	$(am__rsyslog_diag_hostname_SOURCES_DIST) $(rsyslogd_SOURCES) \
+	$(am__zpipe_SOURCES_DIST)
 am__can_run_installinfo = \
   case $$AM_UPDATE_INFO_DIR in \
     n|no|NO) false;; \
@@ -239,6 +249,7 @@ GREP = @GREP@
 GSS_LIBS = @GSS_LIBS@
 GUARDTIME_CFLAGS = @GUARDTIME_CFLAGS@
 GUARDTIME_LIBS = @GUARDTIME_LIBS@
+HAVE_LIBGCRYPT_CONFIG = @HAVE_LIBGCRYPT_CONFIG@
 HAVE_MYSQL_CONFIG = @HAVE_MYSQL_CONFIG@
 HAVE_ORACLE_CONFIG = @HAVE_ORACLE_CONFIG@
 HAVE_PGSQL_CONFIG = @HAVE_PGSQL_CONFIG@
@@ -425,8 +436,10 @@ rsyslogd_CPPFLAGS = $(PTHREADS_CFLAGS) $(RSRT_CFLAGS)
 # otherwise dependencies are not properly calculated (resulting in a 
 # potentially incomplete build, a problem we had several times...)
 rsyslogd_LDADD = ../grammar/libgrammar.la ../runtime/librsyslog.la $(ZLIB_LIBS) $(PTHREADS_LIBS) $(RSRT_LIBS) $(SOL_LIBS) $(LIBEE_LIBS) $(LIBLOGNORM_LIBS) $(LIBUUID_LIBS)
-rsyslogd_LDFLAGS = -export-dynamic
-EXTRA_DIST = $(man_MANS) rsgtutil.rst recover_qi.pl $(am__append_4)
+rsyslogd_LDFLAGS = -export-dynamic `libgcrypt-config --libs`
+#rsyslogd_LDFLAGS = -export-dynamic $(LIBGCRYPT_LIBS)
+EXTRA_DIST = $(man_MANS) rsgtutil.rst recover_qi.pl $(am__append_4) \
+	$(am__append_6)
 @ENABLE_DIAGTOOLS_TRUE@rsyslog_diag_hostname_SOURCES = gethostn.c
 @ENABLE_DIAGTOOLS_TRUE@zpipe_SOURCES = zpipe.c
 @ENABLE_DIAGTOOLS_TRUE@zpipe_LDADD = -lz
@@ -434,15 +447,17 @@ EXTRA_DIST = $(man_MANS) rsgtutil.rst recover_qi.pl $(am__append_4)
 @ENABLE_OMMONGODB_TRUE@@ENABLE_USERTOOLS_TRUE@logctl_SOURCES = logctl.c
 @ENABLE_OMMONGODB_TRUE@@ENABLE_USERTOOLS_TRUE@logctl_CPPFLAGS = $(LIBMONGO_CLIENT_CFLAGS)
 @ENABLE_OMMONGODB_TRUE@@ENABLE_USERTOOLS_TRUE@logctl_LDADD = $(LIBMONGO_CLIENT_LIBS)
-#bin_PROGRAMS += logsigner rsgtutil
-#logsigner = logsigner.c
-#logsigner_CPPFLAGS =  $(RSRT_CFLAGS) $(GUARDTIME_CFLAGS)
-#logsigner_LDADD = ../runtime/librsgt.la $(GUARDTIME_LIBS)
 @ENABLE_GUARDTIME_TRUE@@ENABLE_USERTOOLS_TRUE@rsgtutil = rsgtutil.c
 @ENABLE_GUARDTIME_TRUE@@ENABLE_USERTOOLS_TRUE@rsgtutil_CPPFLAGS = $(RSRT_CFLAGS) $(GUARDTIME_CFLAGS)
 @ENABLE_GUARDTIME_TRUE@@ENABLE_USERTOOLS_TRUE@rsgtutil_LDADD = ../runtime/librsgt.la $(GUARDTIME_LIBS)
 @ENABLE_GUARDTIME_TRUE@@ENABLE_USERTOOLS_TRUE@man1_MANS = rsgtutil.1
+@ENABLE_LIBGCRYPT_TRUE@@ENABLE_USERTOOLS_TRUE@man1_MANS = rscryutil.1
 @ENABLE_GUARDTIME_TRUE@@ENABLE_USERTOOLS_TRUE@CLEANFILES = rsgtutil.1
+@ENABLE_LIBGCRYPT_TRUE@@ENABLE_USERTOOLS_TRUE@CLEANFILES = rscryutil.1
+@ENABLE_LIBGCRYPT_TRUE@@ENABLE_USERTOOLS_TRUE@rscryutil = rscryutil.c
+@ENABLE_LIBGCRYPT_TRUE@@ENABLE_USERTOOLS_TRUE@rscryutil_CPPFLAGS = -I../runtime $(RSRT_CFLAGS) $(LIBGCRYPT_CFLAGS)
+@ENABLE_LIBGCRYPT_TRUE@@ENABLE_USERTOOLS_TRUE@rscryutil_LDFLAGS = `libgcrypt-config --libs`
+@ENABLE_LIBGCRYPT_TRUE@@ENABLE_USERTOOLS_TRUE@rscryutil_LDADD = ../runtime/libgcry.la $(LIBGCRYPT_LIBS)
 all: all-am
 
 .SUFFIXES:
@@ -575,6 +590,9 @@ logctl$(EXEEXT): $(logctl_OBJECTS) $(logctl_DEPENDENCIES) $(EXTRA_logctl_DEPENDE
 msggen$(EXEEXT): $(msggen_OBJECTS) $(msggen_DEPENDENCIES) $(EXTRA_msggen_DEPENDENCIES) 
 	@rm -f msggen$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(msggen_OBJECTS) $(msggen_LDADD) $(LIBS)
+rscryutil$(EXEEXT): $(rscryutil_OBJECTS) $(rscryutil_DEPENDENCIES) $(EXTRA_rscryutil_DEPENDENCIES) 
+	@rm -f rscryutil$(EXEEXT)
+	$(AM_V_CCLD)$(rscryutil_LINK) $(rscryutil_OBJECTS) $(rscryutil_LDADD) $(LIBS)
 rsgtutil$(EXEEXT): $(rsgtutil_OBJECTS) $(rsgtutil_DEPENDENCIES) $(EXTRA_rsgtutil_DEPENDENCIES) 
 	@rm -f rsgtutil$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(rsgtutil_OBJECTS) $(rsgtutil_LDADD) $(LIBS)
@@ -597,6 +615,7 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gethostn.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/logctl-logctl.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/msggen.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rscryutil-rscryutil.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rsgtutil-rsgtutil.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rsyslogd-iminternal.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rsyslogd-omdiscard.Po@am__quote@
@@ -650,6 +669,20 @@ logctl-logctl.obj: logctl.c
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(logctl_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o logctl-logctl.obj `if test -f 'logctl.c'; then $(CYGPATH_W) 'logctl.c'; else $(CYGPATH_W) '$(srcdir)/logctl.c'; fi`
 
+rscryutil-rscryutil.o: rscryutil.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(rscryutil_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rscryutil-rscryutil.o -MD -MP -MF $(DEPDIR)/rscryutil-rscryutil.Tpo -c -o rscryutil-rscryutil.o `test -f 'rscryutil.c' || echo '$(srcdir)/'`rscryutil.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/rscryutil-rscryutil.Tpo $(DEPDIR)/rscryutil-rscryutil.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='rscryutil.c' object='rscryutil-rscryutil.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(rscryutil_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rscryutil-rscryutil.o `test -f 'rscryutil.c' || echo '$(srcdir)/'`rscryutil.c
+
+rscryutil-rscryutil.obj: rscryutil.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(rscryutil_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rscryutil-rscryutil.obj -MD -MP -MF $(DEPDIR)/rscryutil-rscryutil.Tpo -c -o rscryutil-rscryutil.obj `if test -f 'rscryutil.c'; then $(CYGPATH_W) 'rscryutil.c'; else $(CYGPATH_W) '$(srcdir)/rscryutil.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/rscryutil-rscryutil.Tpo $(DEPDIR)/rscryutil-rscryutil.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='rscryutil.c' object='rscryutil-rscryutil.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(rscryutil_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rscryutil-rscryutil.obj `if test -f 'rscryutil.c'; then $(CYGPATH_W) 'rscryutil.c'; else $(CYGPATH_W) '$(srcdir)/rscryutil.c'; fi`
+
 rsgtutil-rsgtutil.o: rsgtutil.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(rsgtutil_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rsgtutil-rsgtutil.o -MD -MP -MF $(DEPDIR)/rsgtutil-rsgtutil.Tpo -c -o rsgtutil-rsgtutil.o `test -f 'rsgtutil.c' || echo '$(srcdir)/'`rsgtutil.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/rsgtutil-rsgtutil.Tpo $(DEPDIR)/rsgtutil-rsgtutil.Po
@@ -1251,6 +1284,8 @@ uninstall-man: uninstall-man1 uninstall-man5 uninstall-man8
 
 @ENABLE_GUARDTIME_TRUE@@ENABLE_USERTOOLS_TRUE@rsgtutil.1: rsgtutil.rst
 @ENABLE_GUARDTIME_TRUE@@ENABLE_USERTOOLS_TRUE@	$(AM_V_GEN) $(RST2MAN) $< $@
+@ENABLE_LIBGCRYPT_TRUE@@ENABLE_USERTOOLS_TRUE@rscryutil.1: rscryutil.rst
+@ENABLE_LIBGCRYPT_TRUE@@ENABLE_USERTOOLS_TRUE@	$(AM_V_GEN) $(RST2MAN) $< $@
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/tools/omfile.c b/tools/omfile.c
index faf3c24..46d882b 100644
--- a/tools/omfile.c
+++ b/tools/omfile.c
@@ -70,6 +70,7 @@
 #include "atomic.h"
 #include "statsobj.h"
 #include "sigprov.h"
+#include "cryprov.h"
 
 MODULE_TYPE_OUTPUT
 MODULE_TYPE_NOKEEP
@@ -151,6 +152,12 @@ typedef struct _instanceData {
 	void	*sigprovData;	/* opaque data ptr for provider use */
 	void 	*sigprovFileData;/* opaque data ptr for file instance */
 	sbool	useSigprov;	/* quicker than checkig ptr (1 vs 8 bytes!) */
+	uchar 	*cryprovName;	/* crypto provider */
+	uchar 	*cryprovNameFull;/* full internal crypto provider name */
+	void	*cryprovData;	/* opaque data ptr for provider use */
+	void 	*cryprovFileData;/* opaque data ptr for file instance */
+	cryprov_if_t cryprov;	/* ptr to crypto provider interface */
+	sbool	useCryprov;	/* quicker than checkig ptr (1 vs 8 bytes!) */
 	int	iCurrElt;	/* currently active cache element (-1 = none) */
 	int	iCurrCacheSize;	/* currently cache size (1-based) */
 	int	iDynaFileCacheSize; /* size of file handle cache */
@@ -237,6 +244,7 @@ static struct cnfparamdescr actpdescr[] = {
 	{ "file", eCmdHdlrString, 0 },     /* either "file" or ... */
 	{ "dynafile", eCmdHdlrString, 0 }, /* "dynafile" MUST be present */
 	{ "sig.provider", eCmdHdlrGetWord, 0 },
+	{ "cry.provider", eCmdHdlrGetWord, 0 },
 	{ "template", eCmdHdlrGetWord, 0 }
 };
 static struct cnfparamblk actpblk =
@@ -589,6 +597,10 @@ prepareFile(instanceData *pData, uchar *newFileName)
 	CHKiRet(strm.SetbSync(pData->pStrm, pData->bSyncFile));
 	CHKiRet(strm.SetsType(pData->pStrm, STREAMTYPE_FILE_SINGLE));
 	CHKiRet(strm.SetiSizeLimit(pData->pStrm, pData->iSizeLimit));
+	if(pData->useCryprov) {
+		CHKiRet(strm.Setcryprov(pData->pStrm, &pData->cryprov));
+		CHKiRet(strm.SetcryprovData(pData->pStrm, pData->cryprovData));
+	}
 	/* set the flush interval only if we actually use it - otherwise it will activate
 	 * async processing, which is a real performance waste if we do not do buffered
 	 * writes! -- rgerhards, 2009-07-06
@@ -689,7 +701,7 @@ prepareDynFile(instanceData *pData, uchar *newFileName, unsigned iMsgOpts)
 	 * but it could be triggered in the common case of a failed open() system call.
 	 * rgerhards, 2010-03-22
 	 */
-	pData->pStrm = pData->sigprovFileData = NULL;
+	pData->pStrm = NULL, pData->sigprovFileData = NULL;
 
 	if(iFirstFree == -1 && (pData->iCurrCacheSize < pData->iDynaFileCacheSize)) {
 		/* there is space left, so set it to that index */
@@ -885,6 +897,13 @@ CODESTARTfreeInstance
 		free(pData->sigprovName);
 		free(pData->sigprovNameFull);
 	}
+	if(pData->useCryprov) {
+		pData->cryprov.Destruct(&pData->cryprovData);
+		obj.ReleaseObj(__FILE__, pData->cryprovNameFull+2, pData->cryprovNameFull,
+			       (void*) &pData->cryprov);
+		free(pData->cryprovName);
+		free(pData->cryprovNameFull);
+	}
 ENDfreeInstance
 
 
@@ -951,7 +970,9 @@ setInstParamDefaults(instanceData *pData)
 	pData->iFlushInterval = FLUSH_INTRVL_DFLT;
 	pData->bUseAsyncWriter = USE_ASYNCWRITER_DFLT;
 	pData->sigprovName = NULL;
+	pData->cryprovName = NULL;
 	pData->useSigprov = 0;
+	pData->useCryprov = 0;
 }
 
 
@@ -1033,6 +1054,50 @@ initSigprov(instanceData *pData, struct nvlst *lst)
 done:	return;
 }
 
+static inline rsRetVal
+initCryprov(instanceData *pData, struct nvlst *lst)
+{
+	uchar szDrvrName[1024];
+	DEFiRet;
+
+	if(snprintf((char*)szDrvrName, sizeof(szDrvrName), "lmcry_%s", pData->cryprovName)
+		== sizeof(szDrvrName)) {
+		errmsg.LogError(0, RS_RET_ERR, "omfile: crypto provider "
+				"name is too long: '%s' - encryption disabled",
+				pData->cryprovName);
+		ABORT_FINALIZE(RS_RET_ERR);
+	}
+	pData->cryprovNameFull = ustrdup(szDrvrName);
+
+	pData->cryprov.ifVersion = cryprovCURR_IF_VERSION;
+	/* The pDrvrName+2 below is a hack to obtain the object name. It 
+	 * safes us to have yet another variable with the name without "lm" in
+	 * front of it. If we change the module load interface, we may re-think
+	 * about this hack, but for the time being it is efficient and clean enough.
+	 */
+	if(obj.UseObj(__FILE__, szDrvrName, szDrvrName, (void*) &pData->cryprov)
+		!= RS_RET_OK) {
+		errmsg.LogError(0, RS_RET_LOAD_ERROR, "omfile: could not load "
+				"crypto provider '%s' - encryption disabled",
+				szDrvrName);
+		ABORT_FINALIZE(RS_RET_CRYPROV_ERR);
+	}
+
+	if(pData->cryprov.Construct(&pData->cryprovData) != RS_RET_OK) {
+		errmsg.LogError(0, RS_RET_CRYPROV_ERR, "omfile: error constructing "
+				"crypto provider %s dataset - encryption disabled",
+				szDrvrName);
+		ABORT_FINALIZE(RS_RET_CRYPROV_ERR);
+	}
+	CHKiRet(pData->cryprov.SetCnfParam(pData->cryprovData, lst));
+
+	dbgprintf("loaded crypto provider %s, data instance at %p\n",
+		  szDrvrName, pData->cryprovData);
+	pData->useCryprov = 1;
+finalize_it:
+	RETiRet;
+}
+
 BEGINnewActInst
 	struct cnfparamvals *pvals;
 	uchar *tplToUse;
@@ -1102,6 +1167,8 @@ CODESTARTnewActInst
 			pData->tplName = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
 		} else if(!strcmp(actpblk.descr[i].name, "sig.provider")) {
 			pData->sigprovName = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+		} else if(!strcmp(actpblk.descr[i].name, "cry.provider")) {
+			pData->cryprovName = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
 		} else {
 			dbgprintf("omfile: program error, non-handled "
 			  "param '%s'\n", actpblk.descr[i].name);
@@ -1118,6 +1185,10 @@ CODESTARTnewActInst
 		initSigprov(pData, lst);
 	}
 
+	if(pData->cryprovName != NULL) {
+		CHKiRet(initCryprov(pData, lst));
+	}
+
 	tplToUse = ustrdup((pData->tplName == NULL) ? getDfltTpl() : pData->tplName);
 	CHKiRet(OMSRsetEntry(*ppOMSR, 0, tplToUse, OMSR_NO_RQD_TPL_OPTS));
 
diff --git a/tools/rscryutil.1 b/tools/rscryutil.1
new file mode 100644
index 0000000..c5083ee
--- /dev/null
+++ b/tools/rscryutil.1
@@ -0,0 +1,205 @@
+.\" Man page generated from reStructuredText.
+.
+.TH RSCRYUTIL 1 "2013-04-15" "" ""
+.SH NAME
+rscryutil \- Manage Encrypted Log Files
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.SH SYNOPSIS
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+rscryutil [OPTIONS] [FILE] ...
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SH DESCRIPTION
+.sp
+This tool performs various operations on encrypted log files.
+Most importantly, it provides the ability to decrypt them.
+.SH OPTIONS
+.INDENT 0.0
+.TP
+.B \-d,  \-\-decrypt
+Select decryption mode. This is the default mode.
+.TP
+.BI \-W,  \-\-write\-keyfile \ <file>
+Utility function to write a key to a keyfile. The key can be obtained
+via any method.
+.TP
+.B \-v,  \-\-verbose
+Select verbose mode.
+.TP
+.B \-f,  \-\-force
+Forces operations that otherwise would fail.
+.TP
+.BI \-k,  \-\-keyfile \ <file>
+Reads the key from <file>. File _must_ contain the key, only, no headers
+or other meta information. Keyfiles can be generated via the
+\fI\-\-write\-keyfile\fP option.
+.TP
+.BI \-p,  \-\-key\-program \ <path\-to\-program>
+In this mode, the key is provided by a so\-called "key program". This program
+is executed and must return the key to (as well as some meta information)
+via stdout. The core idea of key programs is that using this interface the
+user can implement as complex (and secure) method to obtain keys as
+desired, all without the need to make modifications to rsyslog.
+.TP
+.BI \-K,  \-\-key \ <KEY>
+TESTING AID, NOT FOR PRODUCTION USE. This uses the KEY specified
+on the command line. This is the actual key, and as such this mode
+is highly insecure. However, it can be useful for intial testing
+steps. This option may be removed in the future.
+.TP
+.BI \-a,  \-\-algo \ <algo>
+Sets the encryption algorightm (cipher) to be used. See below
+for supported algorithms. The default is "AES128".
+.TP
+.BI \-m,  \-\-mode \ <mode>
+Sets the ciphermode to be used. See below for supported modes.
+The default is "CBC".
+.TP
+.BI \-r,  \-\-generate\-random\-key \ <bytes>
+Generates a random key of length <bytes>. This option is
+meant to be used together with \fI\-\-write\-keyfile\fP (and it is hard
+to envision any other valid use for it).
+.UNINDENT
+.SH OPERATION MODES
+.sp
+The operation mode specifies what exactly the tool does with the provided
+files. The default operation mode is "dump", but this may change in the future.
+Thus, it is recommended to always set the operations mode explicitely. If
+multiple operations mode are set on the command line, results are
+unpredictable.
+.SS decrypt
+.sp
+The provided log files are decrypted. Note that the \fI.encinfo\fP side files
+must exist and be accessible in order for decryption to to work.
+.SS write\-keyfile
+.sp
+In this mode no log files are processed; thus it is an error to specify
+any on the command line. The specified keyfile is written. The key itself
+is obtained via the usual key commands. If \fI\-\-keyfile\fP is used, that
+file is effectively copied.
+.sp
+For security reasons, existing key files are _not_ overwritten. To permit
+this, specify the \fI\-\-force\fP option. When doing so, keep in mind that lost
+keys cannot be recovered and data encrypted with them may also be considered
+lost.
+.sp
+Keyfiles are always created with 0400 permission, that is read access for only
+the user. An exception is when an existing file is overwritten via the
+\fI\-\-force\fP option, in which case the former permissions still apply.
+.SH EXIT CODES
+.sp
+The command returns an exit code of 0 if everything went fine, and some
+other code in case of failures.
+.SH SUPPORTED ALGORITHMS
+.sp
+We basically support what libgcrypt supports. This is:
+.INDENT 0.0
+.INDENT 3.5
+3DES
+CAST5
+BLOWFISH
+AES128
+AES192
+AES256
+TWOFISH
+TWOFISH128
+ARCFOUR
+DES
+SERPENT128
+SERPENT192
+SERPENT256
+RFC2268_40
+SEED
+CAMELLIA128
+CAMELLIA192
+CAMELLIA256
+.UNINDENT
+.UNINDENT
+.SH SUPPORTED CIPHER MODES
+.sp
+We basically support what libgcrypt supports. This is:
+.INDENT 0.0
+.INDENT 3.5
+ECB
+CFB
+CBC
+STREAM
+OFB
+CTR
+AESWRAP
+.UNINDENT
+.UNINDENT
+.SH EXAMPLES
+.sp
+\fBrscryutil logfile\fP
+.sp
+Decrypts "logfile" and sends data to stdout.
+.sp
+\fBrscryutil \-\-generate\-random\-key 16 \-\-keyfile /some/secured/path/keyfile\fP
+.sp
+Generates random key and stores it in the specified keyfile.
+.SH LOG SIGNATURES
+.sp
+Encrypted log files can be used together with signing. To verify such a file,
+it must be decrypted first, and the verification tool \fBrsgtutil(1)\fP must be
+run on the decrypted file.
+.SH SECURITY CONSIDERATIONS
+.sp
+Specifying keys directly on the command line (\fI\-\-key\fP option) is very
+insecure and should
+not be done, except for testing purposes with test keys. Even then it is
+recommended to use keyfiles, which are also easy to handle during testing.
+Keep in mind that command history is usally be kept by bash and can also
+easily be monitored.
+.sp
+Local keyfiles are also a security risk. At a minimum, they should be
+used with very restrictive file permissions. For this reason,
+the \fIrscryutil\fP tool creates them with read permissions for the user,
+only, no matter what umask is set to.
+.sp
+When selecting cipher algorithms and modes, care needs to be taken. The
+defaults should be reasonable safe to use, but this tends to change over
+time. Keep up with the most current crypto recommendations.
+.SH SEE ALSO
+.sp
+\fBrsgtutil(1)\fP, \fBrsyslogd(8)\fP
+.SH COPYRIGHT
+.sp
+This page is part of the \fIrsyslog\fP project, and is available under
+LGPLv2.
+.SH AUTHOR
+Rainer Gerhards <rgerhards@adiscon.com>
+.\" Generated by docutils manpage writer.
+.
diff --git a/tools/rscryutil.c b/tools/rscryutil.c
new file mode 100644
index 0000000..2591b2c
--- /dev/null
+++ b/tools/rscryutil.c
@@ -0,0 +1,512 @@
+/* This is a tool for processing rsyslog encrypted log files.
+ * 
+ * Copyright 2013 Adiscon GmbH
+ *
+ * This file is part of rsyslog.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *       -or-
+ *       see COPYING.ASL20 in the source distribution
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either exprs or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <getopt.h>
+#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <gcrypt.h>
+
+#include "rsyslog.h"
+#include "libgcry.h"
+
+
+static enum { MD_DECRYPT, MD_WRITE_KEYFILE
+} mode = MD_DECRYPT;
+static int verbose = 0;
+static gcry_cipher_hd_t gcry_chd;
+static size_t blkLength;
+
+static char *keyfile = NULL;
+static char *keyprog = NULL;
+static int randomKeyLen = -1;
+static char *cry_key = NULL;
+static unsigned cry_keylen = 0;
+static int cry_algo = GCRY_CIPHER_AES128;
+static int cry_mode = GCRY_CIPHER_MODE_CBC;
+static int optionForce = 0;
+
+/* rectype/value must be EIF_MAX_*_LEN+1 long!
+ * returns 0 on success or something else on error/EOF
+ */
+static int
+eiGetRecord(FILE *eifp, char *rectype, char *value)
+{
+	int r;
+	unsigned short i, j;
+	char buf[EIF_MAX_RECTYPE_LEN+EIF_MAX_VALUE_LEN+128];
+	     /* large enough for any valid record */
+
+	if(fgets(buf, sizeof(buf), eifp) == NULL) {
+		r = 1; goto done;
+	}
+
+	for(i = 0 ; i < EIF_MAX_RECTYPE_LEN && buf[i] != ':' ; ++i)
+		if(buf[i] == '\0') {
+			r = 2; goto done;
+		} else 
+			rectype[i] = buf[i];
+	rectype[i] = '\0';
+	j = 0;
+	for(++i ; i < EIF_MAX_VALUE_LEN && buf[i] != '\n' ; ++i, ++j)
+		if(buf[i] == '\0') {
+			r = 3; goto done;
+		} else 
+			value[j] = buf[i];
+	value[j] = '\0';
+	r = 0;
+done:	return r;
+}
+
+static int
+eiCheckFiletype(FILE *eifp)
+{
+	char rectype[EIF_MAX_RECTYPE_LEN+1];
+	char value[EIF_MAX_VALUE_LEN+1];
+	int r;
+
+	if((r = eiGetRecord(eifp, rectype, value)) != 0) goto done;
+	if(strcmp(rectype, "FILETYPE") || strcmp(value, RSGCRY_FILETYPE_NAME)) {
+		fprintf(stderr, "invalid filetype \"cookie\" in encryption "
+			"info file\n");
+		fprintf(stderr, "\trectype: '%s', value: '%s'\n", rectype, value);
+		r = 1; goto done;
+	}
+	r = 0;
+done:	return r;
+}
+
+static int
+eiGetIV(FILE *eifp, char *iv, size_t leniv)
+{
+	char rectype[EIF_MAX_RECTYPE_LEN+1];
+	char value[EIF_MAX_VALUE_LEN+1];
+	size_t valueLen;
+	unsigned short i, j;
+	int r;
+	unsigned char nibble;
+
+	if((r = eiGetRecord(eifp, rectype, value)) != 0) goto done;
+	if(strcmp(rectype, "IV")) {
+		fprintf(stderr, "no IV record found when expected, record type "
+			"seen is '%s'\n", rectype);
+		r = 1; goto done;
+	}
+	valueLen = strlen(value);
+	if(valueLen/2 != leniv) {
+		fprintf(stderr, "length of IV is %d, expected %d\n",
+			valueLen/2, leniv);
+		r = 1; goto done;
+	}
+
+	for(i = j = 0 ; i < valueLen ; ++i) {
+		if(value[i] >= '0' && value[i] <= '9')
+			nibble = value[i] - '0';
+		else if(value[i] >= 'a' && value[i] <= 'f')
+			nibble = value[i] - 'a' + 10;
+		else {
+			fprintf(stderr, "invalid IV '%s'\n", value);
+			r = 1; goto done;
+		}
+		if(i % 2 == 0)
+			iv[j] = nibble << 4;
+		else
+			iv[j++] |= nibble;
+	}
+	r = 0;
+done:	return r;
+}
+
+static int
+eiGetEND(FILE *eifp, off64_t *offs)
+{
+	char rectype[EIF_MAX_RECTYPE_LEN+1];
+	char value[EIF_MAX_VALUE_LEN+1];
+	int r;
+
+	if((r = eiGetRecord(eifp, rectype, value)) != 0) goto done;
+	if(strcmp(rectype, "END")) {
+		fprintf(stderr, "no END record found when expected, record type "
+			"seen is '%s'\n", rectype);
+		r = 1; goto done;
+	}
+	*offs = atoll(value);
+	r = 0;
+done:	return r;
+}
+
+static int
+initCrypt(FILE *eifp)
+{
+ 	int r = 0;
+	gcry_error_t gcryError;
+	char iv[4096];
+
+	blkLength = gcry_cipher_get_algo_blklen(cry_algo);
+	if(blkLength > sizeof(iv)) {
+		fprintf(stderr, "internal error[%s:%d]: block length %d too large for "
+			"iv buffer\n", __FILE__, __LINE__, blkLength);
+		r = 1; goto done;
+	}
+	if((r = eiGetIV(eifp, iv, blkLength)) != 0) goto done;
+
+	size_t keyLength = gcry_cipher_get_algo_keylen(cry_algo);
+	if(strlen(cry_key) != keyLength) {
+		fprintf(stderr, "invalid key length; key is %u characters, but "
+			"exactly %u characters are required\n", cry_keylen,
+			keyLength);
+		r = 1; goto done;
+	}
+
+	gcryError = gcry_cipher_open(&gcry_chd, cry_algo, cry_mode, 0);
+	if (gcryError) {
+		printf("gcry_cipher_open failed:  %s/%s\n",
+			gcry_strsource(gcryError),
+			gcry_strerror(gcryError));
+		r = 1; goto done;
+	}
+
+	gcryError = gcry_cipher_setkey(gcry_chd, cry_key, keyLength);
+	if (gcryError) {
+		printf("gcry_cipher_setkey failed:  %s/%s\n",
+			gcry_strsource(gcryError),
+			gcry_strerror(gcryError));
+		r = 1; goto done;
+	}
+
+	gcryError = gcry_cipher_setiv(gcry_chd, iv, blkLength);
+	if (gcryError) {
+		printf("gcry_cipher_setiv failed:  %s/%s\n",
+			gcry_strsource(gcryError),
+			gcry_strerror(gcryError));
+		r = 1; goto done;
+	}
+done: return r;
+}
+
+static inline void
+removePadding(char *buf, size_t *plen)
+{
+	unsigned len = (unsigned) *plen;
+	unsigned iSrc, iDst;
+	char *frstNUL;
+
+	frstNUL = memchr(buf, 0x00, *plen);
+	if(frstNUL == NULL)
+		goto done;
+	iDst = iSrc = frstNUL - buf;
+
+	while(iSrc < len) {
+		if(buf[iSrc] != 0x00)
+			buf[iDst++] = buf[iSrc];
+		++iSrc;
+	}
+
+	*plen = iDst;
+done:	return;
+}
+
+static void
+decryptBlock(FILE *fpin, FILE *fpout, off64_t blkEnd, off64_t *pCurrOffs)
+{
+	gcry_error_t gcryError;
+	size_t nRead, nWritten;
+	size_t toRead;
+	size_t leftTillBlkEnd;
+	char buf[64*1024];
+	
+	leftTillBlkEnd = blkEnd - *pCurrOffs;
+	while(1) {
+		toRead = sizeof(buf) <= leftTillBlkEnd ? sizeof(buf) : leftTillBlkEnd;
+		toRead = toRead - toRead % blkLength;
+		nRead = fread(buf, 1, toRead, fpin);
+		if(nRead == 0)
+			break;
+		leftTillBlkEnd -= nRead, *pCurrOffs += nRead;
+		gcryError = gcry_cipher_decrypt(
+				gcry_chd, // gcry_cipher_hd_t
+				buf,    // void *
+				nRead,    // size_t
+				NULL,    // const void *
+				0);   // size_t
+		if (gcryError) {
+			fprintf(stderr, "gcry_cipher_decrypt failed:  %s/%s\n",
+			gcry_strsource(gcryError),
+			gcry_strerror(gcryError));
+			return;
+		}
+		removePadding(buf, &nRead);
+		nWritten = fwrite(buf, 1, nRead, fpout);
+		if(nWritten != nRead) {
+			perror("fpout");
+			return;
+		}
+	}
+}
+
+
+static int
+doDecrypt(FILE *logfp, FILE *eifp, FILE *outfp)
+{
+	off64_t blkEnd;
+	off64_t currOffs = 0;
+	int r;
+
+	while(1) {
+		/* process block */
+		if(initCrypt(eifp) != 0)
+			goto done;
+		if((r = eiGetEND(eifp, &blkEnd)) != 0) goto done;
+		decryptBlock(logfp, outfp, blkEnd, &currOffs);
+		gcry_cipher_close(gcry_chd);
+	}
+	r = 0;
+done:	return r;
+}
+
+static void
+decrypt(char *name)
+{
+	FILE *logfp = NULL, *eifp = NULL;
+	int r = 0;
+	char eifname[4096];
+	
+	if(!strcmp(name, "-")) {
+		fprintf(stderr, "decrypt mode cannot work on stdin\n");
+		goto err;
+	} else {
+		if((logfp = fopen(name, "r")) == NULL) {
+			perror(name);
+			goto err;
+		}
+		snprintf(eifname, sizeof(eifname), "%s%s", name, ENCINFO_SUFFIX);
+		eifname[sizeof(eifname)-1] = '\0';
+		if((eifp = fopen(eifname, "r")) == NULL) {
+			perror(eifname);
+			goto err;
+		}
+		if(eiCheckFiletype(eifp) != 0)
+			goto err;
+	}
+
+	doDecrypt(logfp, eifp, stdout);
+
+	fclose(logfp); logfp = NULL;
+	fclose(eifp); eifp = NULL;
+	return;
+
+err:
+	fprintf(stderr, "error %d processing file %s\n", r, name);
+	if(logfp != NULL)
+		fclose(logfp);
+}
+
+static void
+write_keyfile(char *fn)
+{
+	int fd;
+	int r;
+	mode_t fmode;
+
+	fmode = O_WRONLY|O_CREAT;
+	if(!optionForce)
+		fmode |= O_EXCL;
+	if((fd = open(fn, fmode, S_IRUSR)) == -1) {
+		fprintf(stderr, "error opening keyfile ");
+		perror(fn);
+		exit(1);
+	}
+	if((r = write(fd, cry_key, cry_keylen)) != (ssize_t)cry_keylen) {
+		fprintf(stderr, "error writing keyfile (ret=%d) ", r);
+		perror(fn);
+		exit(1);
+	}
+	close(fd);
+}
+
+static void
+getKeyFromFile(char *fn)
+{
+	int r;
+	r = gcryGetKeyFromFile(fn, &cry_key, &cry_keylen);
+	if(r != 0) {
+		fprintf(stderr, "Error %d reading key from file '%s'\n", r, fn);
+		exit(1);
+	}
+}
+
+static void
+getRandomKey(void)
+{
+	int fd;
+	cry_keylen = randomKeyLen;
+	cry_key = malloc(randomKeyLen); /* do NOT zero-out! */
+	/* if we cannot obtain data from /dev/urandom, we use whatever
+	 * is present at the current memory location as random data. Of
+	 * course, this is very weak and we should consider a different
+	 * option, especially when not running under Linux (for Linux,
+	 * unavailability of /dev/urandom is just a theoretic thing, it
+	 * will always work...).  -- TODO -- rgerhards, 2013-03-06
+	 */
+	if((fd = open("/dev/urandom", O_RDONLY)) > 0) {
+		if(read(fd, cry_key, randomKeyLen)) {}; /* keep compiler happy */
+		close(fd);
+	}
+}
+
+
+static void
+setKey()
+{
+	if(randomKeyLen != -1)
+		getRandomKey();
+	else if(keyfile != NULL)
+		getKeyFromFile(keyfile);
+	else if(keyprog != NULL)
+		gcryGetKeyFromProg(keyprog, &cry_key, &cry_keylen);
+	if(cry_key == NULL) {
+		fprintf(stderr, "ERROR: key must be set via some method\n");
+		exit(1);
+	}
+}
+
+static struct option long_options[] = 
+{ 
+	{"verbose", no_argument, NULL, 'v'},
+	{"version", no_argument, NULL, 'V'},
+	{"decrypt", no_argument, NULL, 'd'},
+	{"force", no_argument, NULL, 'f'},
+	{"write-keyfile", required_argument, NULL, 'W'},
+	{"key", required_argument, NULL, 'K'},
+	{"generate-random-key", required_argument, NULL, 'r'},
+	{"keyfile", required_argument, NULL, 'k'},
+	{"key-program", required_argument, NULL, 'p'},
+	{"algo", required_argument, NULL, 'a'},
+	{"mode", required_argument, NULL, 'm'},
+	{NULL, 0, NULL, 0} 
+}; 
+
+int
+main(int argc, char *argv[])
+{
+	int i;
+	int opt;
+	int temp;
+	char *newKeyFile = NULL;
+
+	while(1) {
+		opt = getopt_long(argc, argv, "a:dfk:K:m:p:r:vVW:", long_options, NULL);
+		if(opt == -1)
+			break;
+		switch(opt) {
+		case 'd':
+			mode = MD_DECRYPT;
+			break;
+		case 'W':
+			mode = MD_WRITE_KEYFILE;
+			newKeyFile = optarg;
+			break;
+		case 'k':
+			keyfile = optarg;
+			break;
+		case 'p':
+			keyprog = optarg;
+			break;
+		case 'f':
+			optionForce = 1;
+			break;
+		case 'r':
+			randomKeyLen = atoi(optarg);
+			if(randomKeyLen > 64*1024) {
+				fprintf(stderr, "ERROR: keys larger than 64KiB are "
+					"not supported\n");
+				exit(1);
+			}
+			break;
+		case 'K':
+			fprintf(stderr, "WARNING: specifying the actual key "
+				"via the command line is highly insecure\n"
+				"Do NOT use this for PRODUCTION use.\n");
+			cry_key = optarg;
+			cry_keylen = strlen(cry_key);
+			break;
+		case 'a':
+			temp = rsgcryAlgoname2Algo(optarg);
+			if(temp == GCRY_CIPHER_NONE) {
+				fprintf(stderr, "ERROR: algorithm \"%s\" is not "
+					"kown/supported\n", optarg);
+				exit(1);
+			}
+			cry_algo = temp;
+			break;
+		case 'm':
+			temp = rsgcryModename2Mode(optarg);
+			if(temp == GCRY_CIPHER_MODE_NONE) {
+				fprintf(stderr, "ERROR: cipher mode \"%s\" is not "
+					"kown/supported\n", optarg);
+				exit(1);
+			}
+			cry_mode = temp;
+			break;
+		case 'v':
+			verbose = 1;
+			break;
+		case 'V':
+			fprintf(stderr, "rsgtutil " VERSION "\n");
+			exit(0);
+			break;
+		case '?':
+			break;
+		default:fprintf(stderr, "getopt_long() returns unknown value %d\n", opt);
+			return 1;
+		}
+	}
+
+	setKey();
+
+	if(mode == MD_WRITE_KEYFILE) {
+		if(optind != argc) {
+			fprintf(stderr, "ERROR: no file parameters permitted in "
+				"--write-keyfile mode\n");
+			exit(1);
+		}
+		write_keyfile(newKeyFile);
+	} else {
+		if(optind == argc)
+			decrypt("-");
+		else {
+			for(i = optind ; i < argc ; ++i)
+				decrypt(argv[i]);
+		}
+	}
+
+	memset(cry_key, 0, cry_keylen); /* zero-out key store */
+	cry_keylen = 0;
+	return 0;
+}
diff --git a/tools/syslogd.c b/tools/syslogd.c
index 03fb2bd..77adb2c 100644
--- a/tools/syslogd.c
+++ b/tools/syslogd.c
@@ -1529,6 +1529,13 @@ queryLocalHostname(void)
 	 */
 	glbl.SetLocalHostName(LocalHostName);
 	glbl.SetLocalDomain(LocalDomain);
+
+	if ( strlen((char*)LocalDomain) )  {
+		CHKmalloc(LocalFQDNName = (uchar*)malloc(strlen((char*)LocalDomain)+strlen((char*)LocalHostName)+1));
+		if ( sprintf((char*)LocalFQDNName,"%s.%s",(char*)LocalHostName,(char*)LocalDomain) )
+			glbl.SetLocalFQDNName(LocalFQDNName);
+		}
+
 	glbl.GenerateLocalHostNameProperty(); /* must be redone after conf processing, FQDN setting may have changed */
 finalize_it:
 	RETiRet;
author	Michael Biebl <biebl@debian.org>	2013-04-23 13:55:44 +0200
committer	Michael Biebl <biebl@debian.org>	2013-04-23 13:55:44 +0200
commit	bd9408b88c40fb9a7dc88f4b2b6f218fcb17a388 (patch)
tree	8c6f71d9e7c1152679a460e6f5ddda945608a78a /tools
parent	79b9293acbb763ad949ed7878f138f424dfa85ac (diff)
download	rsyslog-bd9408b88c40fb9a7dc88f4b2b6f218fcb17a388.tar.gz