Imported Upstream version 7.3.12upstream/7.3.12

4 files changed, 203 insertions, 4 deletions

diff --git a/tools/Makefile.am b/tools/Makefile.am
index 938782f..c600d6d 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -46,6 +46,7 @@ rsyslogd_LDFLAGS = -export-dynamic `libgcrypt-config --libs`
 
 EXTRA_DIST = $(man_MANS) \
 	rsgtutil.rst \
+	rscryutil.rst \
 	recover_qi.pl
 
 if ENABLE_DIAGTOOLS
diff --git a/tools/Makefile.in b/tools/Makefile.in
index 123efcf..bb7cb0f 100644
--- a/tools/Makefile.in
+++ b/tools/Makefile.in
@@ -438,8 +438,8 @@ rsyslogd_CPPFLAGS = $(PTHREADS_CFLAGS) $(RSRT_CFLAGS)
 rsyslogd_LDADD = ../grammar/libgrammar.la ../runtime/librsyslog.la $(ZLIB_LIBS) $(PTHREADS_LIBS) $(RSRT_LIBS) $(SOL_LIBS) $(LIBEE_LIBS) $(LIBLOGNORM_LIBS) $(LIBUUID_LIBS)
 rsyslogd_LDFLAGS = -export-dynamic `libgcrypt-config --libs`
 #rsyslogd_LDFLAGS = -export-dynamic $(LIBGCRYPT_LIBS)
-EXTRA_DIST = $(man_MANS) rsgtutil.rst recover_qi.pl $(am__append_4) \
-	$(am__append_6)
+EXTRA_DIST = $(man_MANS) rsgtutil.rst rscryutil.rst recover_qi.pl \
+	$(am__append_4) $(am__append_6)
 @ENABLE_DIAGTOOLS_TRUE@rsyslog_diag_hostname_SOURCES = gethostn.c
 @ENABLE_DIAGTOOLS_TRUE@zpipe_SOURCES = zpipe.c
 @ENABLE_DIAGTOOLS_TRUE@zpipe_LDADD = -lz
diff --git a/tools/rscryutil.rst b/tools/rscryutil.rst
new file mode 100644
index 0000000..dfd447d
--- /dev/null
+++ b/tools/rscryutil.rst
@@ -0,0 +1,199 @@
+=========
+rscryutil
+=========
+
+--------------------------
+Manage Encrypted Log Files
+--------------------------
+
+:Author: Rainer Gerhards <rgerhards@adiscon.com>
+:Date: 2013-04-15
+:Manual section: 1
+
+SYNOPSIS
+========
+
+::
+
+   rscryutil [OPTIONS] [FILE] ...
+
+
+DESCRIPTION
+===========
+
+This tool performs various operations on encrypted log files.
+Most importantly, it provides the ability to decrypt them.
+
+
+OPTIONS
+=======
+
+-d, --decrypt
+  Select decryption mode. This is the default mode.
+
+-W, --write-keyfile <file>
+  Utility function to write a key to a keyfile. The key can be obtained
+  via any method.
+
+-v, --verbose
+  Select verbose mode.
+
+-f, --force
+  Forces operations that otherwise would fail.
+
+-k, --keyfile <file>
+  Reads the key from <file>. File _must_ contain the key, only, no headers
+  or other meta information. Keyfiles can be generated via the
+  *--write-keyfile* option.
+
+-p, --key-program <path-to-program>
+ In this mode, the key is provided by a so-called "key program". This program
+ is executed and must return the key to (as well as some meta information)
+ via stdout. The core idea of key programs is that using this interface the
+ user can implement as complex (and secure) method to obtain keys as
+ desired, all without the need to make modifications to rsyslog.
+
+-K, --key <KEY>
+  TESTING AID, NOT FOR PRODUCTION USE. This uses the KEY specified
+  on the command line. This is the actual key, and as such this mode
+  is highly insecure. However, it can be useful for intial testing
+  steps. This option may be removed in the future.
+
+-a, --algo <algo>
+  Sets the encryption algorightm (cipher) to be used. See below
+  for supported algorithms. The default is "AES128".
+
+-m, --mode <mode>
+  Sets the ciphermode to be used. See below for supported modes.
+  The default is "CBC".
+
+-r, --generate-random-key <bytes>
+  Generates a random key of length <bytes>. This option is
+  meant to be used together with *--write-keyfile* (and it is hard
+  to envision any other valid use for it).
+
+OPERATION MODES
+===============
+
+The operation mode specifies what exactly the tool does with the provided
+files. The default operation mode is "dump", but this may change in the future.
+Thus, it is recommended to always set the operations mode explicitely. If 
+multiple operations mode are set on the command line, results are 
+unpredictable.
+
+decrypt
+-------
+
+The provided log files are decrypted. Note that the *.encinfo* side files
+must exist and be accessible in order for decryption to to work.
+
+write-keyfile
+-------------
+
+In this mode no log files are processed; thus it is an error to specify
+any on the command line. The specified keyfile is written. The key itself
+is obtained via the usual key commands. If *--keyfile* is used, that
+file is effectively copied.
+
+For security reasons, existing key files are _not_ overwritten. To permit
+this, specify the *--force* option. When doing so, keep in mind that lost
+keys cannot be recovered and data encrypted with them may also be considered
+lost.
+
+Keyfiles are always created with 0400 permission, that is read access for only
+the user. An exception is when an existing file is overwritten via the
+*--force* option, in which case the former permissions still apply.
+
+EXIT CODES
+==========
+
+The command returns an exit code of 0 if everything went fine, and some 
+other code in case of failures.
+
+
+SUPPORTED ALGORITHMS
+====================
+
+We basically support what libgcrypt supports. This is:
+
+	3DES
+	CAST5
+	BLOWFISH
+	AES128
+	AES192
+	AES256
+	TWOFISH
+	TWOFISH128
+	ARCFOUR
+	DES
+	SERPENT128
+	SERPENT192
+	SERPENT256
+	RFC2268_40
+	SEED
+	CAMELLIA128
+	CAMELLIA192
+	CAMELLIA256
+
+
+SUPPORTED CIPHER MODES
+======================
+
+We basically support what libgcrypt supports. This is:
+
+  	ECB
+	CFB
+	CBC
+	STREAM
+	OFB
+	CTR
+	AESWRAP
+
+EXAMPLES
+========
+
+**rscryutil logfile**
+
+Decrypts "logfile" and sends data to stdout.
+
+
+**rscryutil --generate-random-key 16 --keyfile /some/secured/path/keyfile**
+
+Generates random key and stores it in the specified keyfile.
+
+LOG SIGNATURES
+==============
+
+Encrypted log files can be used together with signing. To verify such a file,
+it must be decrypted first, and the verification tool **rsgtutil(1)** must be
+run on the decrypted file.
+
+SECURITY CONSIDERATIONS
+=======================
+
+Specifying keys directly on the command line (*--key* option) is very 
+insecure and should
+not be done, except for testing purposes with test keys. Even then it is
+recommended to use keyfiles, which are also easy to handle during testing.
+Keep in mind that command history is usally be kept by bash and can also
+easily be monitored.
+
+Local keyfiles are also a security risk. At a minimum, they should be
+used with very restrictive file permissions. For this reason,
+the *rscryutil* tool creates them with read permissions for the user,
+only, no matter what umask is set to.
+
+When selecting cipher algorithms and modes, care needs to be taken. The
+defaults should be reasonable safe to use, but this tends to change over
+time. Keep up with the most current crypto recommendations.
+
+
+SEE ALSO
+========
+**rsgtutil(1)**, **rsyslogd(8)**
+
+COPYRIGHT
+=========
+
+This page is part of the *rsyslog* project, and is available under
+LGPLv2.
diff --git a/tools/syslogd.c b/tools/syslogd.c
index 77adb2c..1b38bf9 100644
--- a/tools/syslogd.c
+++ b/tools/syslogd.c
@@ -567,7 +567,6 @@ msgConsumer(void __attribute__((unused)) *notNeeded, batch_t *pBatch, int *pbShu
 	assert(pBatch != NULL);
 	pBatch->pbShutdownImmediate = pbShutdownImmediate; /* TODO: move this to batch creation! */
 	preprocessBatch(pBatch);
-dbgprintf("DDDD: batches ShutdownImmediate is %p\n", pBatch->pbShutdownImmediate);
 	ruleset.ProcessBatch(pBatch);
 //TODO: the BATCH_STATE_COMM must be set somewhere down the road, but we 
 //do not have this yet and so we emulate -- 2010-06-10
@@ -1531,7 +1530,7 @@ queryLocalHostname(void)
 	glbl.SetLocalDomain(LocalDomain);
 
 	if ( strlen((char*)LocalDomain) )  {
-		CHKmalloc(LocalFQDNName = (uchar*)malloc(strlen((char*)LocalDomain)+strlen((char*)LocalHostName)+1));
+		CHKmalloc(LocalFQDNName = (uchar*)malloc(strlen((char*)LocalDomain)+strlen((char*)LocalHostName)+2));/* one for dot, one for NUL! */
 		if ( sprintf((char*)LocalFQDNName,"%s.%s",(char*)LocalHostName,(char*)LocalDomain) )
 			glbl.SetLocalFQDNName(LocalFQDNName);
 		}