From 3e3b746380c610fff39e16d0a73d4a4f3564af91 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Mon, 28 Jan 2013 15:36:04 +0100
Subject: doc: add link for set statement

---
 doc/rsyslog_conf_basic_structure.html | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/doc/rsyslog_conf_basic_structure.html b/doc/rsyslog_conf_basic_structure.html
index fad1b110..412540e3 100644
--- a/doc/rsyslog_conf_basic_structure.html
+++ b/doc/rsyslog_conf_basic_structure.html
@@ -49,7 +49,8 @@ after the stop statement are never evaluated.
 
 <h3>Data Manipulation Statements</h3>
 <ul>
-<li><b>set</b> - sets a user variable
+<li><b>set</b> - <a href="http://www.rsyslog.com/how-to-set-variables-in-rsyslog-v7/">sets</a>
+a user variable
 <li><b>unset</b> - deletes a previously set user variable
 </ul>
 
-- 
cgit v1.2.3


From 1deef18daa1b39035e42c8b1db68286727d8f950 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Tue, 29 Jan 2013 15:21:26 +0100
Subject: doc: give quick example of ruleset() {} use

---
 doc/rsyslog_conf_basic_structure.html | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/doc/rsyslog_conf_basic_structure.html b/doc/rsyslog_conf_basic_structure.html
index 412540e3..00a700d4 100644
--- a/doc/rsyslog_conf_basic_structure.html
+++ b/doc/rsyslog_conf_basic_structure.html
@@ -81,6 +81,14 @@ a message comes in via that input, the "program" (ruleset) bound to it will be e
 (but not any other!).
 <p>There is detail documentation available for
 <a href="multi_ruleset">rsyslog rulesets</a>.
+<p>For quick reference, rulesets are defined as follows:
+<pre>
+ruleset(name="rulesetname") {
+	action(type="omfile" file="/path/to/file")
+	action(type="..." ...)
+	/* and so on... */
+}
+</pre>
 
 <p>[<a href="manual.html">manual index</a>]
 [<a href="rsyslog_conf.html">rsyslog.conf</a>]
-- 
cgit v1.2.3


From 3a62484067d28d6b859b7e4b8d87d6de7b3585f8 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Mon, 18 Feb 2013 16:52:45 +0100
Subject: logsig: add pseudocodish C skeleton for signature algo

---
 runtime/lmgt.c | 124 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 124 insertions(+)
 create mode 100644 runtime/lmgt.c

diff --git a/runtime/lmgt.c b/runtime/lmgt.c
new file mode 100644
index 00000000..15a56cfa
--- /dev/null
+++ b/runtime/lmgt.c
@@ -0,0 +1,124 @@
+/* lmgt.c
+ *
+ * Regarding the online algorithm for Merkle tree signing. Expected 
+ * calling sequence is:
+ *
+ * sigblkConstruct
+ * for each signature block:
+ *    sigblkInit
+ *    for each record:
+ *       sigblkAddRecord
+ *    sigblkFinish
+ * sigblkDestruct
+ *
+ * Obviously, the next call after sigblkFinsh must either be to 
+ * sigblkInit or sigblkDestruct (if no more signature blocks are
+ * to be emitted, e.g. on file close). sigblkDestruct saves state
+ * information (most importantly last block hash) and sigblkConstruct
+ * reads (or initilizes if not present) it.
+ *
+ * Copyright 2013 Adiscon GmbH.
+ *
+ * This file is part of rsyslog.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *       -or-
+ *       see COPYING.ASL20 in the source distribution
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "config.h"
+#include <stdint.h>
+
+
+/* Max number of roots inside the forest. This permits blocks of up to
+ * 2^MAX_ROOTS records. We assume that 64 is sufficient for all use
+ * cases ;) [and 64 is not really a waste of memory, so we do not even
+ * try to work with reallocs and such...
+ */
+#define MAX_ROOTS 64
+
+/* context for gt calls. All state data is kept here, this permits
+ * multiple concurrent callers.
+ */
+struct gtctx_s {
+	IV; /* initial value for blinding masks (where to do we get it from?) */
+	x_prev = NULL; /* last leaf hash (maybe of previous block) --> preserve on term */
+	int8_t nroots;
+	/* algo engineering: roots structure is split into two arrays
+	 * in order to improve cache hits.
+	 */
+	char roots_valid[MAX_ROOTS];
+	hash_mem roots_hash[MAX_ROOTS];
+
+};
+typedef struct gtctx_s *gtctx;
+
+void
+sigblkInit(gtctx ctx)
+{
+	init ctx->IV;
+	if(ctx->x_prev == NULL)
+		alloc & zero-fill x_prev;
+	memset(ctx->roots_valid, 0, sizeof(ctx->roots_valid)/sizeof(char));
+	nroots = 0;
+}
+
+
+void
+sigblkAddRecord(gtctx ctx, char *rec)
+{
+	auto x; /* current hash */
+	hash_mem m, r, t;
+	int8_t j;
+
+	m = hash(concat(ctx->x_prev, IV));
+	r = hash(canonicalize(rec));
+	x = hash(concat(m, r, 0)); /* hash leaf */
+	/* persists x here if Merkle tree needs to be persisted! */
+	/* add x to the forest as new leaf, update roots list */
+	t = x;
+	for(j = 0 ; j < ctx->nRoots ; ++j) {
+		if(ctx->roots_valid[j] == 0) {
+			ctx->roots_hash[j] = t;
+			ctx->roots_valid[j] = 1;
+			t = NULL;
+		} else if(t != NULL) {
+			t = hash(concat(ctx->roots_hash[j], t, j+1)); /* hash interim node */
+			ctx->roots_valid[j] = 0;
+	}
+	if(t != NULL) {
+		ctx->roots_hash[ctx->nroots] = t;
+		++ctx->roots_hash;
+		assert(ctx->roots_hash < MAX_ROOTS);
+		t = NULL;
+	}
+	ctx->x_prev = x; /* single var may be sufficient */
+}
+
+void
+sigblkFinish(gtctx ctx)
+{
+	hash_mem root;
+	int8_t j;
+
+	root = NULL;
+	for(j = 0 ; j < ctx->nRoots ; ++j) {
+		if(root == NULL) {
+			root = ctx->roots_hash[j];
+			ctx->roots_valid[j] = 0; /* guess this is redundant with init, maybe del */
+		} else if(ctx->roots_valid[j]) {
+			root = hash(concat(ctx->roots_hash[j], root, j+1));
+			ctx->roots_valid[j] = 0; /* guess this is redundant with init, maybe del */
+		}
+	}
+	/* persist root value here (callback?) */
+}
-- 
cgit v1.2.3


From 3cc89eb96923cb85654558ce623256f4da76b87f Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Wed, 20 Feb 2013 18:03:56 +0100
Subject: add test/PoC logsigner tool

---
 configure.ac      |  16 +++++
 tools/logsigner.c | 173 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 189 insertions(+)
 create mode 100644 tools/logsigner.c

diff --git a/configure.ac b/configure.ac
index e9fce3f7..3f60a5b5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -908,6 +908,21 @@ fi
 AM_CONDITIONAL(ENABLE_RELP, test x$enable_relp = xyes)
 
 
+# GuardTime support
+AC_ARG_ENABLE(guardtime,
+        [AS_HELP_STRING([--enable-guardtime],[Enable GuardTime support @<:@default=no@:>@])],
+        [case "${enableval}" in
+         yes) enable_guardtime="yes" ;;
+          no) enable_guardtime="no" ;;
+           *) AC_MSG_ERROR(bad value ${enableval} for --enable-guardtime) ;;
+         esac],
+        [enable_guardtime=no]
+)
+if test "x$enable_guardtime" = "xyes"; then
+	PKG_CHECK_MODULES(GUARDTIME, gt >= 0.3.1)
+fi
+AM_CONDITIONAL(ENABLE_GUARDTIME, test x$enable_guardtime = xyes)
+
 # RFC 3195 support
 AC_ARG_ENABLE(rfc3195,
         [AS_HELP_STRING([--enable-rfc3195],[Enable RFC3195 support @<:@default=no@:>@])],
@@ -1348,6 +1363,7 @@ echo "    rsyslogd will be built:                   $enable_rsyslogd"
 echo "    GUI components will be built:             $enable_gui"
 echo "    Unlimited select() support enabled:       $enable_unlimited_select"
 echo "    uuid support enabled:                     $enable_uuid"
+echo "    GuardTime signature support enabled:      $enable_guardtime"
 echo
 echo "---{ input plugins }---"
 echo "    Klog functionality enabled:               $enable_klog ($os_type)"
diff --git a/tools/logsigner.c b/tools/logsigner.c
new file mode 100644
index 00000000..2aeb2162
--- /dev/null
+++ b/tools/logsigner.c
@@ -0,0 +1,173 @@
+/* This is a tool for offline signing logfiles via the guardtime API.
+ * 
+ * NOTE: this currently is only a PoC and WiP! NOT suitable for
+ *       production use!
+ *
+ * Current hardcoded timestamper (use this if you do not have an
+ * idea of which one else to use):
+ *    http://stamper.guardtime.net/gt-signingservice
+ * Check the GuardTime website for the URLs of nearest public services.
+ *
+ * Copyright 2013 Adiscon GmbH
+ *
+ * This file is part of rsyslog.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *       -or-
+ *       see COPYING.ASL20 in the source distribution
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either exprs or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+
+#include <gt_base.h>
+#include <gt_http.h>
+
+
+void
+outputhash(GTDataHash *hash)
+{
+	int i;
+	for(i = 0 ; i < hash->digest_length ; ++i)
+		printf("%2.2x", hash->digest[i]);
+	printf("\n");
+}
+
+void
+gtInit()
+{
+	int r = GT_OK;
+
+	r = GT_init();
+	if(r != GT_OK) {
+		fprintf(stderr, "GT_init() failed: %d (%s)\n",
+				r, GT_getErrorString(r));
+		goto done;
+	}
+	r = GTHTTP_init("rsyslog logsigner", 1);
+	if(r != GT_OK) {
+		fprintf(stderr, "GTHTTP_init() failed: %d (%s)\n",
+				r, GTHTTP_getErrorString(r));
+		goto done;
+	}
+done:	return;
+}
+
+void
+gtExit()
+{
+	GTHTTP_finalize();
+	GT_finalize();
+}
+
+void
+timestampIt(GTDataHash *hash)
+{
+	int r = GT_OK;
+	GTTimestamp *timestamp = NULL;
+	unsigned char *der = NULL;
+	char *sigFile = "logsigner.TIMESTAMP";
+	size_t der_len;
+
+	/* Get the timestamp. */
+	r = GTHTTP_createTimestampHash(hash,
+		"http://stamper.guardtime.net/gt-signingservice", &timestamp);
+
+	if(r != GT_OK) {
+		fprintf(stderr, "GTHTTP_createTimestampHash() failed: %d (%s)\n",
+				r, GTHTTP_getErrorString(r));
+		goto done;
+	}
+
+	/* Encode timestamp. */
+	r = GTTimestamp_getDEREncoded(timestamp, &der, &der_len);
+	if(r != GT_OK) {
+		fprintf(stderr, "GTTimestamp_getDEREncoded() failed: %d (%s)\n",
+				r, GT_getErrorString(r));
+		goto done;
+	}
+
+	/* Save DER-encoded timestamp to file. */
+	r = GT_saveFile(sigFile, der, der_len);
+	if(r != GT_OK) {
+		fprintf(stderr, "Cannot save timestamp to file %s: %d (%s)\n",
+				sigFile, r, GT_getErrorString(r));
+		if(r == GT_IO_ERROR) {
+			fprintf(stderr, "\t%d (%s)\n", errno, strerror(errno));
+		}
+		goto done;
+	}
+	printf("Timestamping succeeded!\n");
+done:
+	GT_free(der);
+	GTTimestamp_free(timestamp);
+}
+
+
+void
+sign(const char *buf, size_t len)
+{
+	int r;
+	GTDataHash *hash = NULL;
+
+	printf("hash for '%s' is ", buf);
+	r = GTDataHash_create(GT_HASHALG_SHA256, (const unsigned char*)buf, len, &hash);
+	if(r != GT_OK) {
+		fprintf(stderr, "GTTDataHash_create() failed: %d (%s)\n",
+				r, GT_getErrorString(r));
+		goto done;
+	}
+	outputhash(hash);
+	timestampIt(hash); /* of course, this needs to be moved to once at end ;) */
+done:	GTDataHash_free(hash);
+}
+
+void
+processFile(char *name)
+{
+	FILE *fp;
+	size_t len;
+	char line[64*1024+1];
+	
+	if(!strcmp(name, "-"))
+		fp = stdin;
+	else
+		fp = fopen(name, "r");
+
+	while(1) {
+		if(fgets(line, sizeof(line), fp) == NULL) {
+			perror(name);
+			break;
+		}
+		len = strlen(line);
+		if(line[len-1] == '\n') {
+			--len;
+			line[len] = '\0';
+		}
+		sign(line, len);
+	}
+
+	if(fp != stdout)
+		fclose(fp);
+}
+
+
+int
+main(int argc, char *argv[])
+{
+	gtInit();
+	processFile("-");
+	gtExit();
+	return 0;
+}
-- 
cgit v1.2.3


From 212af677576238bf87deb1bee3e7bcfb170dc668 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Thu, 21 Feb 2013 11:29:22 +0100
Subject: logsigner: sign via merkle tree approach (still PoC, non production)

---
 runtime/Makefile.am |  11 +-
 runtime/librsgt.c   | 309 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 runtime/lmgt.c      | 124 ---------------------
 tools/Makefile.am   |   6 +
 tools/logsigner.c   |  54 ++++-----
 5 files changed, 345 insertions(+), 159 deletions(-)
 create mode 100644 runtime/librsgt.c
 delete mode 100644 runtime/lmgt.c

diff --git a/runtime/Makefile.am b/runtime/Makefile.am
index fbc92d9c..0f1b580a 100644
--- a/runtime/Makefile.am
+++ b/runtime/Makefile.am
@@ -1,6 +1,6 @@
 sbin_PROGRAMS =
 man_MANS = 
-noinst_LTLIBRARIES = librsyslog.la
+noinst_LTLIBRARIES = librsyslog.la librsgt.la
 pkglib_LTLIBRARIES =
 #pkglib_LTLIBRARIES = librsyslog.la
 
@@ -92,6 +92,7 @@ librsyslog_la_SOURCES = \
 	../template.h
 # the files with ../ we need to work on - so that they either become part of the
 # runtime or will no longer be needed. -- rgerhards, 2008-06-13
+#
 
 if WITH_MODDIRS
 librsyslog_la_CPPFLAGS = -DSD_EXPORT_SYMBOLS -D_PATH_MODDIR=\"$(pkglibdir)/:$(moddirs)\" $(PTHREADS_CFLAGS) $(LIBEE_CFLAGS) -I\$(top_srcdir)/tools
@@ -172,6 +173,14 @@ lmnsd_gtls_la_LDFLAGS = -module -avoid-version
 lmnsd_gtls_la_LIBADD = $(GNUTLS_LIBS)
 endif
 
+#
+# support library for guardtime
+#
+if ENABLE_GUARDTIME
+   librsgt_la_SOURCES = librsgt.c
+endif
+
+
 update-systemd:
        curl http://cgit.freedesktop.org/systemd/plain/src/sd-daemon.c > sd-daemon.c
        curl http://cgit.freedesktop.org/systemd/plain/src/sd-daemon.h > sd-daemon.h
diff --git a/runtime/librsgt.c b/runtime/librsgt.c
new file mode 100644
index 00000000..4ad4ec26
--- /dev/null
+++ b/runtime/librsgt.c
@@ -0,0 +1,309 @@
+/* librsgt.c - rsyslog's guardtime support library
+ *
+ * Regarding the online algorithm for Merkle tree signing. Expected 
+ * calling sequence is:
+ *
+ * sigblkConstruct
+ * for each signature block:
+ *    sigblkInit
+ *    for each record:
+ *       sigblkAddRecord
+ *    sigblkFinish
+ * sigblkDestruct
+ *
+ * Obviously, the next call after sigblkFinsh must either be to 
+ * sigblkInit or sigblkDestruct (if no more signature blocks are
+ * to be emitted, e.g. on file close). sigblkDestruct saves state
+ * information (most importantly last block hash) and sigblkConstruct
+ * reads (or initilizes if not present) it.
+ *
+ * Copyright 2013 Adiscon GmbH.
+ *
+ * This file is part of rsyslog.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *       -or-
+ *       see COPYING.ASL20 in the source distribution
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include <stdint.h>
+#include <assert.h>
+
+#include <gt_base.h>
+#include <gt_http.h>
+
+#include "librsgt.h"
+
+typedef unsigned char uchar;
+#ifndef VERSION
+#define VERSION "no-version"
+#endif
+
+static void
+outputhash(GTDataHash *hash)
+{
+	int i;
+	for(i = 0 ; i < hash->digest_length ; ++i)
+		printf("%2.2x", hash->digest[i]);
+	printf("\n");
+}
+
+
+
+void
+rsgtInit(char *usragent)
+{
+	int ret = GT_OK;
+
+	srand(time(NULL) * 7); /* see comments in seedIV() */
+
+	ret = GT_init();
+	if(ret != GT_OK) {
+		fprintf(stderr, "GT_init() failed: %d (%s)\n",
+				ret, GT_getErrorString(ret));
+		goto done;
+	}
+	ret = GTHTTP_init(usragent, 1);
+	if(ret != GT_OK) {
+		fprintf(stderr, "GTHTTP_init() failed: %d (%s)\n",
+				ret, GTHTTP_getErrorString(ret));
+		goto done;
+	}
+done:	return;
+}
+
+void
+rsgtExit(void)
+{
+	GTHTTP_finalize();
+	GT_finalize();
+}
+
+
+void
+seedIV(gtctx ctx)
+{
+	/* FIXME: this currently is "kindergarten cryptography" - use a
+	 * sufficiently strong PRNG instead! Just a PoC so far! Do NOT
+	 * use in production!!!
+	 */
+	ctx->IV = rand() * 1000037;
+}
+
+gtctx
+rsgtCtxNew(void)
+{
+	return calloc(1, sizeof(struct gtctx_s));
+}
+
+void
+rsgtCtxDel(gtctx ctx)
+{
+	if(ctx == NULL)
+		goto done;
+	free(ctx);
+	/* TODO: persist! */
+done:	return;
+}
+
+/* new sigblk is initialized, but maybe in existing ctx */
+void
+sigblkInit(gtctx ctx)
+{
+	seedIV(ctx);
+//	if(ctx->x_prev == NULL) {
+		ctx->x_prev = NULL;
+		/* FIXME: do the real thing - or in a later step as currently? */
+//	}
+	memset(ctx->roots_valid, 0, sizeof(ctx->roots_valid)/sizeof(char));
+	ctx->nRoots = 0;
+}
+
+
+/* concat: add IV to buffer */
+static inline void
+bufAddIV(gtctx ctx, uchar *buf, size_t *len)
+{
+	memcpy(buf+*len, &ctx->IV, sizeof(ctx->IV));
+	*len += sizeof(ctx->IV);
+}
+
+/* concat: add hash to buffer */
+static inline void
+bufAddHash(gtctx ctx, uchar *buf, size_t *len, GTDataHash *hash)
+{
+	if(hash == NULL) {
+		memset(buf+*len, 0, 32); /* FIXME: depends on hash function! */
+		*len += 32;
+	} else {
+		memcpy(buf+*len, hash->digest, hash->digest_length);
+		*len += hash->digest_length;
+	}
+}
+/* concat: add tree level to buffer */
+static inline void
+bufAddLevel(gtctx ctx, uchar *buf, size_t *len, int level)
+{
+	memcpy(buf+*len, &level, sizeof(level));
+	*len += sizeof(level);
+}
+
+
+static void
+hash_m(gtctx ctx, GTDataHash **m)
+{
+	// m = hash(concat(ctx->x_prev, IV));
+	int r;
+	uchar concatBuf[16*1024];
+	size_t len = 0;
+
+	bufAddHash(ctx, concatBuf, &len, ctx->x_prev);
+	bufAddIV(ctx, concatBuf, &len);
+	r = GTDataHash_create(GT_HASHALG_SHA256, concatBuf, len, m);
+}
+
+static void
+hash_r(gtctx ctx, GTDataHash **r, const uchar *rec, const size_t len)
+{
+	// r = hash(canonicalize(rec));
+	int ret;
+
+	ret = GTDataHash_create(GT_HASHALG_SHA256, rec, len, r);
+}
+
+
+static void
+hash_node(gtctx ctx, GTDataHash **node, GTDataHash *m, GTDataHash *r, int level)
+{
+	// x = hash(concat(m, r, 0)); /* hash leaf */
+	int ret;
+	uchar concatBuf[16*1024];
+	size_t len = 0;
+
+	bufAddHash(ctx, concatBuf, &len, m);
+	bufAddHash(ctx, concatBuf, &len, r);
+	bufAddLevel(ctx, concatBuf, &len, level);
+	ret = GTDataHash_create(GT_HASHALG_SHA256, concatBuf, len, node);
+}
+void
+sigblkAddRecord(gtctx ctx, const uchar *rec, const size_t len)
+{
+	GTDataHash *x; /* current hash */
+	GTDataHash *m, *r, *t;
+	int8_t j;
+	int ret;
+
+	hash_m(ctx, &m);
+	hash_r(ctx, &r, rec, len);
+	hash_node(ctx, &x, m, r, 0); /* hash leaf */
+	/* persists x here if Merkle tree needs to be persisted! */
+	/* add x to the forest as new leaf, update roots list */
+	t = x;
+	for(j = 0 ; j < ctx->nRoots ; ++j) {
+		if(ctx->roots_valid[j] == 0) {
+			GTDataHash_free(ctx->roots_hash[j]);
+			ctx->roots_hash[j] = t;
+			ctx->roots_valid[j] = 1;
+			t = NULL;
+		} else if(t != NULL) {
+			/* hash interim node */
+			hash_node(ctx, &t, ctx->roots_hash[j], t, j+1);
+			ctx->roots_valid[j] = 0;
+		}
+	}
+	if(t != NULL) {
+		/* new level, append "at the top" */
+		ctx->roots_hash[ctx->nRoots] = t;
+		++ctx->nRoots;
+		assert(ctx->nRoots < MAX_ROOTS);
+		t = NULL;
+	}
+	ctx->x_prev = x; /* single var may be sufficient */
+
+	/* cleanup */
+	GTDataHash_free(m);
+	GTDataHash_free(r);
+}
+
+static void
+timestampIt(gtctx ctx, GTDataHash *hash)
+{
+	int r = GT_OK;
+	GTTimestamp *timestamp = NULL;
+	unsigned char *der = NULL;
+	char *sigFile = "logsigner.TIMESTAMP";
+	size_t der_len;
+
+	/* Get the timestamp. */
+	r = GTHTTP_createTimestampHash(hash,
+		"http://stamper.guardtime.net/gt-signingservice", &timestamp);
+
+	if(r != GT_OK) {
+		fprintf(stderr, "GTHTTP_createTimestampHash() failed: %d (%s)\n",
+				r, GTHTTP_getErrorString(r));
+		goto done;
+	}
+
+	/* Encode timestamp. */
+	r = GTTimestamp_getDEREncoded(timestamp, &der, &der_len);
+	if(r != GT_OK) {
+		fprintf(stderr, "GTTimestamp_getDEREncoded() failed: %d (%s)\n",
+				r, GT_getErrorString(r));
+		goto done;
+	}
+
+	/* Save DER-encoded timestamp to file. */
+	r = GT_saveFile(sigFile, der, der_len);
+	if(r != GT_OK) {
+		fprintf(stderr, "Cannot save timestamp to file %s: %d (%s)\n",
+				sigFile, r, GT_getErrorString(r));
+		if(r == GT_IO_ERROR) {
+			fprintf(stderr, "\t%d (%s)\n", errno, strerror(errno));
+		}
+		goto done;
+	}
+	printf("Timestamping succeeded!\n");
+done:
+	GT_free(der);
+	GTTimestamp_free(timestamp);
+}
+
+
+void
+sigblkFinish(gtctx ctx)
+{
+	GTDataHash *root, *rootDel;
+	int8_t j;
+
+	root = NULL;
+	for(j = 0 ; j < ctx->nRoots ; ++j) {
+		if(root == NULL) {
+			root = ctx->roots_hash[j];
+			ctx->roots_valid[j] = 0; /* guess this is redundant with init, maybe del */
+		} else if(ctx->roots_valid[j]) {
+			rootDel = root;
+			hash_node(ctx, &root, ctx->roots_hash[j], root, j+1);
+			ctx->roots_valid[j] = 0; /* guess this is redundant with init, maybe del */
+			GTDataHash_free(rootDel);
+		}
+	}
+	/* persist root value here (callback?) */
+printf("root hash is:\n"); outputhash(root);
+	timestampIt(ctx, root);
+}
diff --git a/runtime/lmgt.c b/runtime/lmgt.c
deleted file mode 100644
index 15a56cfa..00000000
--- a/runtime/lmgt.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/* lmgt.c
- *
- * Regarding the online algorithm for Merkle tree signing. Expected 
- * calling sequence is:
- *
- * sigblkConstruct
- * for each signature block:
- *    sigblkInit
- *    for each record:
- *       sigblkAddRecord
- *    sigblkFinish
- * sigblkDestruct
- *
- * Obviously, the next call after sigblkFinsh must either be to 
- * sigblkInit or sigblkDestruct (if no more signature blocks are
- * to be emitted, e.g. on file close). sigblkDestruct saves state
- * information (most importantly last block hash) and sigblkConstruct
- * reads (or initilizes if not present) it.
- *
- * Copyright 2013 Adiscon GmbH.
- *
- * This file is part of rsyslog.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * 
- *       http://www.apache.org/licenses/LICENSE-2.0
- *       -or-
- *       see COPYING.ASL20 in the source distribution
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#include "config.h"
-#include <stdint.h>
-
-
-/* Max number of roots inside the forest. This permits blocks of up to
- * 2^MAX_ROOTS records. We assume that 64 is sufficient for all use
- * cases ;) [and 64 is not really a waste of memory, so we do not even
- * try to work with reallocs and such...
- */
-#define MAX_ROOTS 64
-
-/* context for gt calls. All state data is kept here, this permits
- * multiple concurrent callers.
- */
-struct gtctx_s {
-	IV; /* initial value for blinding masks (where to do we get it from?) */
-	x_prev = NULL; /* last leaf hash (maybe of previous block) --> preserve on term */
-	int8_t nroots;
-	/* algo engineering: roots structure is split into two arrays
-	 * in order to improve cache hits.
-	 */
-	char roots_valid[MAX_ROOTS];
-	hash_mem roots_hash[MAX_ROOTS];
-
-};
-typedef struct gtctx_s *gtctx;
-
-void
-sigblkInit(gtctx ctx)
-{
-	init ctx->IV;
-	if(ctx->x_prev == NULL)
-		alloc & zero-fill x_prev;
-	memset(ctx->roots_valid, 0, sizeof(ctx->roots_valid)/sizeof(char));
-	nroots = 0;
-}
-
-
-void
-sigblkAddRecord(gtctx ctx, char *rec)
-{
-	auto x; /* current hash */
-	hash_mem m, r, t;
-	int8_t j;
-
-	m = hash(concat(ctx->x_prev, IV));
-	r = hash(canonicalize(rec));
-	x = hash(concat(m, r, 0)); /* hash leaf */
-	/* persists x here if Merkle tree needs to be persisted! */
-	/* add x to the forest as new leaf, update roots list */
-	t = x;
-	for(j = 0 ; j < ctx->nRoots ; ++j) {
-		if(ctx->roots_valid[j] == 0) {
-			ctx->roots_hash[j] = t;
-			ctx->roots_valid[j] = 1;
-			t = NULL;
-		} else if(t != NULL) {
-			t = hash(concat(ctx->roots_hash[j], t, j+1)); /* hash interim node */
-			ctx->roots_valid[j] = 0;
-	}
-	if(t != NULL) {
-		ctx->roots_hash[ctx->nroots] = t;
-		++ctx->roots_hash;
-		assert(ctx->roots_hash < MAX_ROOTS);
-		t = NULL;
-	}
-	ctx->x_prev = x; /* single var may be sufficient */
-}
-
-void
-sigblkFinish(gtctx ctx)
-{
-	hash_mem root;
-	int8_t j;
-
-	root = NULL;
-	for(j = 0 ; j < ctx->nRoots ; ++j) {
-		if(root == NULL) {
-			root = ctx->roots_hash[j];
-			ctx->roots_valid[j] = 0; /* guess this is redundant with init, maybe del */
-		} else if(ctx->roots_valid[j]) {
-			root = hash(concat(ctx->roots_hash[j], root, j+1));
-			ctx->roots_valid[j] = 0; /* guess this is redundant with init, maybe del */
-		}
-	}
-	/* persist root value here (callback?) */
-}
diff --git a/tools/Makefile.am b/tools/Makefile.am
index 9d9bd352..712443c0 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -58,6 +58,12 @@ logctl_SOURCES = logctl.c
 logctl_CPPFLAGS =  $(LIBMONGO_CLIENT_CFLAGS)
 logctl_LDADD = $(LIBMONGO_CLIENT_LIBS)
 endif
+if ENABLE_GUARDTIME
+bin_PROGRAMS += logsigner
+logsigner = logsigner.c
+logsigner_CPPFLAGS =  $(RSRT_CFLAGS) $(GUARDTIME_CFLAGS)
+logsigner_LDADD = ../runtime/librsgt.la $(GUARDTIME_LIBS)
+endif
 endif
 
 EXTRA_DIST = $(man_MANS) \
diff --git a/tools/logsigner.c b/tools/logsigner.c
index 2aeb2162..51803be2 100644
--- a/tools/logsigner.c
+++ b/tools/logsigner.c
@@ -26,15 +26,20 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
 #include <stdlib.h>
 #include <stdio.h>
 #include <errno.h>
 #include <string.h>
-
 #include <gt_base.h>
 #include <gt_http.h>
 
+#include "librsgt.h"
+
 
+#if 0
 void
 outputhash(GTDataHash *hash)
 {
@@ -44,33 +49,6 @@ outputhash(GTDataHash *hash)
 	printf("\n");
 }
 
-void
-gtInit()
-{
-	int r = GT_OK;
-
-	r = GT_init();
-	if(r != GT_OK) {
-		fprintf(stderr, "GT_init() failed: %d (%s)\n",
-				r, GT_getErrorString(r));
-		goto done;
-	}
-	r = GTHTTP_init("rsyslog logsigner", 1);
-	if(r != GT_OK) {
-		fprintf(stderr, "GTHTTP_init() failed: %d (%s)\n",
-				r, GTHTTP_getErrorString(r));
-		goto done;
-	}
-done:	return;
-}
-
-void
-gtExit()
-{
-	GTHTTP_finalize();
-	GT_finalize();
-}
-
 void
 timestampIt(GTDataHash *hash)
 {
@@ -116,7 +94,7 @@ done:
 
 
 void
-sign(const char *buf, size_t len)
+sign(const char *buf, const size_t len)
 {
 	int r;
 	GTDataHash *hash = NULL;
@@ -132,6 +110,7 @@ sign(const char *buf, size_t len)
 	timestampIt(hash); /* of course, this needs to be moved to once at end ;) */
 done:	GTDataHash_free(hash);
 }
+#endif
 
 void
 processFile(char *name)
@@ -139,7 +118,10 @@ processFile(char *name)
 	FILE *fp;
 	size_t len;
 	char line[64*1024+1];
+	gtctx ctx = NULL;
 	
+	ctx = rsgtCtxNew();
+	sigblkInit(ctx);
 	if(!strcmp(name, "-"))
 		fp = stdin;
 	else
@@ -147,7 +129,8 @@ processFile(char *name)
 
 	while(1) {
 		if(fgets(line, sizeof(line), fp) == NULL) {
-			perror(name);
+			if(!feof(fp))
+				perror(name);
 			break;
 		}
 		len = strlen(line);
@@ -155,19 +138,22 @@ processFile(char *name)
 			--len;
 			line[len] = '\0';
 		}
-		sign(line, len);
+		//sign(line, len);
+		sigblkAddRecord(ctx, line, len);
 	}
 
-	if(fp != stdout)
+	if(fp != stdin)
 		fclose(fp);
+	sigblkFinish(ctx);
+	rsgtCtxDel(ctx);
 }
 
 
 int
 main(int argc, char *argv[])
 {
-	gtInit();
+	rsgtInit("rsyslog logsigner " VERSION);
 	processFile("-");
-	gtExit();
+	rsgtExit();
 	return 0;
 }
-- 
cgit v1.2.3


From b129a96287492685050f6f80f8f0204122b22e77 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Thu, 28 Feb 2013 10:02:27 +0100
Subject: bugfix: include files got included in the wrong order

This happens if an $IncludeConfig directive was done on multiple
files (e.g. the distro default of $IncludeConfig /etc/rsyslog.d/*.conf).
In that case, the order of include file processing is reversed, which
could lead to all sorts of problems.
Thanks to Nathan Stratton Treadway for his great analysis of the problem,
which made bug fixing really easy.
---
 ChangeLog              | 7 +++++++
 grammar/lexer.l        | 8 +++++++-
 grammar/rainerscript.c | 9 +++++++--
 3 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 9418d241..fb67f4d3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,13 @@
 ----------------------------------------------------------------------------
 Version 7.2.6  [v7-stable] 2013-01-??
 - slightly improved config parser error messages when invalid escapes happen
+- bugfix: include files got included in the wrong order
+  This happens if an $IncludeConfig directive was done on multiple
+  files (e.g. the distro default of $IncludeConfig /etc/rsyslog.d/*.conf).
+  In that case, the order of include file processing is reversed, which
+  could lead to all sorts of problems.
+  Thanks to Nathan Stratton Treadway for his great analysis of the problem,
+  which made bug fixing really easy.
 - bugfix: omelasticsearch failed when authentication data was provided
   ... at least in most cases it emitted an error message:
   "snprintf failed when trying to build auth string"
diff --git a/grammar/lexer.l b/grammar/lexer.l
index e1f5a9c3..237eb2a6 100644
--- a/grammar/lexer.l
+++ b/grammar/lexer.l
@@ -310,6 +310,7 @@ cnfSetLexFile(char *fname)
 	currbs = bs;
 	cnfcurrfn = bs->fn;
 	yylineno = 1;
+	dbgprintf("config parser: pushed file %s on top of stack\n", fname);
 
 done:
 	if(r != 0) {
@@ -337,6 +338,7 @@ popfile(void)
 	 * necessary, as otherwise we may provide wrong file name information
 	 * at the end of include files as well. -- rgerhards, 2011-07-22
 	 */
+	dbgprintf("config parser: reached end of file %s\n", bs->fn);
 	yy_delete_buffer(bs->bs);
 	if(bs->prev != NULL)
 		free(bs->fn);
@@ -346,12 +348,16 @@ popfile(void)
 	currbs = bs->prev;
 	free(bs);
 
-	if(currbs == NULL)
+	if(currbs == NULL) {
+		dbgprintf("config parser: parsing completed\n");
 		return 1; /* all processed */
+	}
 	
 	yy_switch_to_buffer(currbs->bs);
 	yylineno = currbs->lineno;
 	cnfcurrfn = currbs->fn;
+	dbgprintf("config parser: resume parsing of file %s at line %d\n",
+		  cnfcurrfn, yylineno);
 	return 0;
 }
 
diff --git a/grammar/rainerscript.c b/grammar/rainerscript.c
index 0584d6a9..20b86c5c 100644
--- a/grammar/rainerscript.c
+++ b/grammar/rainerscript.c
@@ -2793,7 +2793,7 @@ cnfDoInclude(char *name)
 {
 	char *cfgFile;
 	char *finalName;
-	unsigned i;
+	int i;
 	int result;
 	glob_t cfgFiles;
 	struct stat fileInfo;
@@ -2829,7 +2829,12 @@ cnfDoInclude(char *name)
 		return 1;
 	}
 
-	for(i = 0; i < cfgFiles.gl_pathc; i++) {
+	/* note: bison "stacks" the files, so we need to submit them
+	 * in reverse order to the *stack* in order to get the proper
+	 * parsing order. Also see
+	 * http://bugzilla.adiscon.com/show_bug.cgi?id=411
+	 */
+	for(i = cfgFiles.gl_pathc - 1; i >= 0 ; i--) {
 		cfgFile = cfgFiles.gl_pathv[i];
 		if(stat(cfgFile, &fileInfo) != 0) {
 			char errStr[1024];
-- 
cgit v1.2.3


From bb0fb0dbd0bcff349e128a740b8bd14f35008deb Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Thu, 28 Feb 2013 10:07:03 +0100
Subject: add bug tracker ID to ChangeLog bugfix

---
 ChangeLog | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ChangeLog b/ChangeLog
index fb67f4d3..4ab28d67 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,7 @@
 Version 7.2.6  [v7-stable] 2013-01-??
 - slightly improved config parser error messages when invalid escapes happen
 - bugfix: include files got included in the wrong order
+  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=411
   This happens if an $IncludeConfig directive was done on multiple
   files (e.g. the distro default of $IncludeConfig /etc/rsyslog.d/*.conf).
   In that case, the order of include file processing is reversed, which
-- 
cgit v1.2.3


From 6867887a424d86fccce3a54ae81da2c1d7f7656f Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Mon, 4 Mar 2013 18:32:49 +0100
Subject: logsig: PoC for some TLV support functions

also first steps at integrating them into rest of PoC
---
 runtime/librsgt.c | 99 +++++++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 97 insertions(+), 2 deletions(-)

diff --git a/runtime/librsgt.c b/runtime/librsgt.c
index 4ad4ec26..89a82f41 100644
--- a/runtime/librsgt.c
+++ b/runtime/librsgt.c
@@ -96,20 +96,110 @@ rsgtExit(void)
 }
 
 
+
+
+static inline void
+tlvbufPhysWrite(gtctx ctx)
+{
+	fprintf(stderr, "emu: writing TLV file!\n");
+	ctx->tlvIdx = 0;
+}
+
+static inline void
+tlvbufChkWrite(gtctx ctx)
+{
+	if(ctx->tlvIdx == sizeof(ctx->tlvBuf)) {
+		tlvbufPhysWrite(ctx);
+	}
+}
+
+
+/* write to TLV file buffer. If buffer is full, an actual call occurs. Else
+ * output is written only on flush or close.
+ */
+static inline void
+tlvbufAddOctet(gtctx ctx, int8_t octet)
+{
+	tlvbufChkWrite(ctx);
+	ctx->tlvBuf[ctx->tlvIdx++] = octet;
+}
+static inline void
+tlvbufAddOctetString(gtctx ctx, int8_t *octet, int size)
+{
+	int i;
+	for(i = 0 ; i < size ; ++i)
+		tlvbufAddOctet(ctx, octet[i]);
+}
+static inline void
+tlvbufAddInteger(gtctx ctx, uint32_t val)
+{
+	tlvbufAddOctet(ctx, (val >> 24) & 0xff);
+	tlvbufAddOctet(ctx, (val >> 16) & 0xff);
+	tlvbufAddOctet(ctx, (val >>  8) & 0xff);
+	tlvbufAddOctet(ctx,  val        & 0xff);
+}
+
+
+void
+tlv8Write(gtctx ctx, int flags, int tlvtype, int len)
+{
+	tlvbufAddOctet(ctx, (flags << 5)|tlvtype);
+	tlvbufAddOctet(ctx, len & 0xff);
+} 
+
+void
+tlv16Write(gtctx ctx, int flags, int tlvtype, uint16_t len)
+{
+	tlvbufAddOctet(ctx, ((flags|1) << 13)|tlvtype);
+	tlvbufAddOctet(ctx, (len >> 8) & 0xff);
+	tlvbufAddOctet(ctx, len & 0xff);
+} 
+
+void
+tlvFlush(gtctx ctx)
+{
+	if(ctx->tlvIdx != 0)
+		tlvbufPhysWrite(ctx);
+}
+
+void tlvClose(gtctx ctx)
+{
+	tlvFlush(ctx);
+	fprintf(stderr, "emu: close tlv file\n");
+}
+
+/* note: if file exists, the last hash for chaining must
+ * be read from file.
+ */
+void tlvOpen(gtctx ctx)
+{
+	fprintf(stderr, "emu: open tlv file\n");
+	ctx->tlvIdx = 0;
+}
+
 void
 seedIV(gtctx ctx)
 {
 	/* FIXME: this currently is "kindergarten cryptography" - use a
 	 * sufficiently strong PRNG instead! Just a PoC so far! Do NOT
 	 * use in production!!!
+	 * As of some Linux and security expert I spoke to, /dev/urandom
+	 * provides very strong random numbers, even if it runs out of
+	 * entropy. As far as he knew, this is save for all applications
+	 * (and he had good proof that I currently am not permitted to
+	 * reproduce). -- rgerhards, 2013-03-04
 	 */
 	ctx->IV = rand() * 1000037;
 }
 
 gtctx
-rsgtCtxNew(void)
+rsgtCtxNew(void, char *logfilename)
 {
-	return calloc(1, sizeof(struct gtctx_s));
+	gtctx ctx;
+	ctx =  calloc(1, sizeof(struct gtctx_s));
+	ctx->logfilename = strdup(logfilename);
+	tlvOpen(ctx);
+	return ctx;
 }
 
 void
@@ -117,6 +207,9 @@ rsgtCtxDel(gtctx ctx)
 {
 	if(ctx == NULL)
 		goto done;
+
+	tlvClose(ctx);
+	free(ctx->logfilename);
 	free(ctx);
 	/* TODO: persist! */
 done:	return;
@@ -133,6 +226,7 @@ sigblkInit(gtctx ctx)
 //	}
 	memset(ctx->roots_valid, 0, sizeof(ctx->roots_valid)/sizeof(char));
 	ctx->nRoots = 0;
+	ctx->nRecords = 0;
 }
 
 
@@ -235,6 +329,7 @@ sigblkAddRecord(gtctx ctx, const uchar *rec, const size_t len)
 		t = NULL;
 	}
 	ctx->x_prev = x; /* single var may be sufficient */
+	++ctx->nRecords;
 
 	/* cleanup */
 	GTDataHash_free(m);
-- 
cgit v1.2.3


From 5aaeb6287ba2c9175dccc4d228e0819a2988a692 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Tue, 5 Mar 2013 10:30:22 +0100
Subject: preparing for 7.2.6 release

---
 ChangeLog       | 2 +-
 configure.ac    | 2 +-
 doc/manual.html | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 4ab28d67..73b2faa2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,5 @@
 ----------------------------------------------------------------------------
-Version 7.2.6  [v7-stable] 2013-01-??
+Version 7.2.6  [v7-stable] 2013-03-05
 - slightly improved config parser error messages when invalid escapes happen
 - bugfix: include files got included in the wrong order
   closes: http://bugzilla.adiscon.com/show_bug.cgi?id=411
diff --git a/configure.ac b/configure.ac
index 71a3fc19..ac6fd43d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ(2.61)
-AC_INIT([rsyslog],[7.2.5],[rsyslog@lists.adiscon.com])
+AC_INIT([rsyslog],[7.2.6],[rsyslog@lists.adiscon.com])
 AM_INIT_AUTOMAKE
 
 m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
diff --git a/doc/manual.html b/doc/manual.html
index 78b5d006..8b54bd0b 100644
--- a/doc/manual.html
+++ b/doc/manual.html
@@ -19,7 +19,7 @@ rsyslog support</a> available directly from the source!</p>
 <p><b>Please visit the <a href="http://www.rsyslog.com/sponsors">rsyslog sponsor's page</a>
 to honor the project sponsors or become one yourself!</b> We are very grateful for any help towards the
 project goals.</p>
-<p><b>This documentation is for version 7.2.5 (v7-stable branch) of rsyslog.</b>
+<p><b>This documentation is for version 7.2.6 (v7.2-stable branch) of rsyslog.</b>
 Visit the <i><a href="http://www.rsyslog.com/status">rsyslog status page</a></i></b>
 to obtain current version information and project status.
 </p><p><b>If you like rsyslog, you might
-- 
cgit v1.2.3


From 3a68c5cda88336af1fde3755180f4e293735da5d Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Tue, 5 Mar 2013 11:55:02 +0100
Subject: logsig: build base plumbing for signature multi-provider interface

---
 runtime/Makefile.am |   7 ++++
 runtime/librsgt.c   |   3 +-
 runtime/lmsig_gt.c  | 107 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 runtime/lmsig_gt.h  |  40 ++++++++++++++++++++
 runtime/rsyslog.h   |   1 +
 runtime/sigprov.h   |  33 ++++++++++++++++
 tools/logsigner.c   |   4 +-
 tools/omfile.c      |  68 ++++++++++++++++++++++++++++++++-
 8 files changed, 257 insertions(+), 6 deletions(-)
 create mode 100644 runtime/lmsig_gt.c
 create mode 100644 runtime/lmsig_gt.h
 create mode 100644 runtime/sigprov.h

diff --git a/runtime/Makefile.am b/runtime/Makefile.am
index 0f1b580a..b6009b98 100644
--- a/runtime/Makefile.am
+++ b/runtime/Makefile.am
@@ -17,6 +17,7 @@ librsyslog_la_SOURCES = \
 	module-template.h \
 	im-helper.h \
 	obj-types.h \
+	sigprov.h \
 	nsd.h \
 	glbl.h \
 	glbl.c \
@@ -178,6 +179,12 @@ endif
 #
 if ENABLE_GUARDTIME
    librsgt_la_SOURCES = librsgt.c
+
+   pkglib_LTLIBRARIES += lmsig_gt.la
+   lmsig_gt_la_SOURCES = lmsig_gt.c
+   lmsig_gt_la_CPPFLAGS = $(RSRT_CFLAGS) $(GUARDTIME_CFLAGS)
+   lmsig_gt_la_LDFLAGS = -module -avoid-version
+   lmsig_gt_la_LIBADD = librsgt.c $(GUARDTIME_LIBS)
 endif
 
 
diff --git a/runtime/librsgt.c b/runtime/librsgt.c
index 89a82f41..68e0f6d4 100644
--- a/runtime/librsgt.c
+++ b/runtime/librsgt.c
@@ -45,7 +45,6 @@
 #include <stdint.h>
 #include <assert.h>
 
-#include <gt_base.h>
 #include <gt_http.h>
 
 #include "librsgt.h"
@@ -193,7 +192,7 @@ seedIV(gtctx ctx)
 }
 
 gtctx
-rsgtCtxNew(void, char *logfilename)
+rsgtCtxNew(char *logfilename)
 {
 	gtctx ctx;
 	ctx =  calloc(1, sizeof(struct gtctx_s));
diff --git a/runtime/lmsig_gt.c b/runtime/lmsig_gt.c
new file mode 100644
index 00000000..c390457a
--- /dev/null
+++ b/runtime/lmsig_gt.c
@@ -0,0 +1,107 @@
+/* lmsig_gt.c
+ *
+ * An implementation of the sigprov interface for GuardTime.
+ * 
+ * Copyright 2013 Rainer Gerhards and Adiscon GmbH.
+ *
+ * This file is part of the rsyslog runtime library.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *       -or-
+ *       see COPYING.ASL20 in the source distribution
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "config.h"
+
+#include "rsyslog.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "module-template.h"
+#include "glbl.h"
+#include "errmsg.h"
+#include "sigprov.h"
+#include "lmsig_gt.h"
+
+MODULE_TYPE_LIB
+MODULE_TYPE_NOKEEP
+
+/* static data */
+DEFobjStaticHelpers
+DEFobjCurrIf(errmsg)
+DEFobjCurrIf(glbl)
+
+
+/* Standard-Constructor
+ */
+BEGINobjConstruct(lmsig_gt) /* be sure to specify the object type also in END macro! */
+	dbgprintf("DDDD: lmsig_gt: called construct\n");
+ENDobjConstruct(lmsig_gt)
+
+
+/* destructor for the lmsig_gt object */
+BEGINobjDestruct(lmsig_gt) /* be sure to specify the object type also in END and CODESTART macros! */
+CODESTARTobjDestruct(lmsig_gt)
+	dbgprintf("DDDD: lmsig_gt: called destruct\n");
+ENDobjDestruct(lmsig_gt)
+
+
+BEGINobjQueryInterface(lmsig_gt)
+CODESTARTobjQueryInterface(lmsig_gt)
+	if(pIf->ifVersion != sigprovCURR_IF_VERSION) {/* check for current version, increment on each change */
+		ABORT_FINALIZE(RS_RET_INTERFACE_NOT_SUPPORTED);
+	}
+	pIf->Construct = lmsig_gtConstruct;
+	pIf->Destruct = lmsig_gtDestruct;
+finalize_it:
+ENDobjQueryInterface(lmsig_gt)
+
+
+BEGINObjClassExit(lmsig_gt, OBJ_IS_LOADABLE_MODULE) /* CHANGE class also in END MACRO! */
+CODESTARTObjClassExit(lmsig_gt)
+	/* release objects we no longer need */
+	objRelease(errmsg, CORE_COMPONENT);
+	objRelease(glbl, CORE_COMPONENT);
+ENDObjClassExit(lmsig_gt)
+
+
+BEGINObjClassInit(lmsig_gt, 1, OBJ_IS_LOADABLE_MODULE) /* class, version */
+	/* request objects we use */
+	CHKiRet(objUse(errmsg, CORE_COMPONENT));
+	CHKiRet(objUse(glbl, CORE_COMPONENT));
+
+	/* set our own handlers */
+ENDObjClassInit(lmsig_gt)
+
+
+/* --------------- here now comes the plumbing that makes as a library module --------------- */
+
+
+BEGINmodExit
+CODESTARTmodExit
+	lmsig_gtClassExit();
+ENDmodExit
+
+
+BEGINqueryEtryPt
+CODESTARTqueryEtryPt
+CODEqueryEtryPt_STD_LIB_QUERIES
+ENDqueryEtryPt
+
+
+BEGINmodInit()
+CODESTARTmodInit
+	*ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */
+	/* Initialize all classes that are in our module - this includes ourselfs */
+	CHKiRet(lmsig_gtClassInit(pModInfo)); /* must be done after tcps_sess, as we use it */
+ENDmodInit
diff --git a/runtime/lmsig_gt.h b/runtime/lmsig_gt.h
new file mode 100644
index 00000000..665e6a8e
--- /dev/null
+++ b/runtime/lmsig_gt.h
@@ -0,0 +1,40 @@
+/* An implementation of the sigprov interface for GuardTime.
+ *
+ * Copyright 2013 Adiscon GmbH.
+ *
+ * This file is part of the rsyslog runtime library.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *       -or-
+ *       see COPYING.ASL20 in the source distribution
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef INCLUDED_LMSIG_GT_H
+#define INCLUDED_LMSIG_GT_H
+#include "sigprov.h"
+#include "librsgt.h"
+
+/* interface is defined in sigprov.h, we just implement it! */
+#define lmsig_gtCURR_IF_VERSION sigprovCURR_IF_VERSION
+typedef sigprov_if_t lmsig_gt_if_t;
+
+/* the lmsig_gt object */
+struct lmsig_gt_s {
+	BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */
+	gtctx ctx;	/* librsgt context - contains all we need */
+};
+typedef struct lmsig_gt_s lmsig_gt_t;
+
+/* prototypes */
+PROTOTYPEObj(lmsig_gt);
+
+#endif /* #ifndef INCLUDED_LMSIG_GT_H */
diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h
index 7e3761e0..42c61579 100644
--- a/runtime/rsyslog.h
+++ b/runtime/rsyslog.h
@@ -399,6 +399,7 @@ enum rsRetVal_				/** return value. All methods return this if not specified oth
 	RS_RET_DS_PROP_SEQ_ERR = -2308,/**< property sequence error deserializing object */
 	RS_RET_TPL_INVLD_PROP = -2309,/**< property name error in template (unknown name) */
 	RS_RET_NO_RULEBASE = -2310,/**< mmnormalize: rulebase can not be found or otherwise invalid */
+	RS_RET_SIGPROV_ERR = -2320,/**< error in signature provider */
 
 	/* RainerScript error messages (range 1000.. 1999) */
 	RS_RET_SYSVAR_NOT_FOUND = 1001, /**< system variable could not be found (maybe misspelled) */
diff --git a/runtime/sigprov.h b/runtime/sigprov.h
new file mode 100644
index 00000000..f0eb9350
--- /dev/null
+++ b/runtime/sigprov.h
@@ -0,0 +1,33 @@
+/* The interface definition for (file) signature providers.
+ *
+ * This is just an abstract driver interface, which needs to be
+ * implemented by concrete classes.
+ *
+ * Copyright 2013 Adiscon GmbH.
+ *
+ * This file is part of the rsyslog runtime library.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *       -or-
+ *       see COPYING.ASL20 in the source distribution
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef INCLUDED_SIGPROV_H
+#define INCLUDED_SIGPROV_H
+
+/* interface */
+BEGINinterface(sigprov) /* name must also be changed in ENDinterface macro! */
+	rsRetVal (*Construct)(void *ppThis);
+	rsRetVal (*Destruct)(void **ppThis);
+ENDinterface(sigprov)
+#define sigprovCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */
+#endif /* #ifndef INCLUDED_SIGPROV_H */
diff --git a/tools/logsigner.c b/tools/logsigner.c
index 51803be2..1a9b9ab5 100644
--- a/tools/logsigner.c
+++ b/tools/logsigner.c
@@ -120,7 +120,7 @@ processFile(char *name)
 	char line[64*1024+1];
 	gtctx ctx = NULL;
 	
-	ctx = rsgtCtxNew();
+	ctx = rsgtCtxNew("SIGFILE");
 	sigblkInit(ctx);
 	if(!strcmp(name, "-"))
 		fp = stdin;
@@ -139,7 +139,7 @@ processFile(char *name)
 			line[len] = '\0';
 		}
 		//sign(line, len);
-		sigblkAddRecord(ctx, line, len);
+		sigblkAddRecord(ctx, (unsigned char*)line, len);
 	}
 
 	if(fp != stdin)
diff --git a/tools/omfile.c b/tools/omfile.c
index 1c65fc59..27bbe02e 100644
--- a/tools/omfile.c
+++ b/tools/omfile.c
@@ -17,7 +17,7 @@
  * pipes. These have been moved to ompipe, to reduced the entanglement
  * between the two different functionalities. -- rgerhards
  *
- * Copyright 2007-2012 Adiscon GmbH.
+ * Copyright 2007-2013 Adiscon GmbH.
  *
  * This file is part of rsyslog.
  *
@@ -69,6 +69,7 @@
 #include "unicode-helper.h"
 #include "atomic.h"
 #include "statsobj.h"
+#include "sigprov.h"
 
 MODULE_TYPE_OUTPUT
 MODULE_TYPE_NOKEEP
@@ -143,6 +144,11 @@ typedef struct _instanceData {
 	gid_t	fileGID;
 	gid_t	dirGID;
 	int	bFailOnChown;	/* fail creation if chown fails? */
+	uchar 	*sigprovName;	/* signature provider */
+	uchar 	*sigprovNameFull;/* full internal signature provider name */
+	sigprov_if_t sigprov;	/* ptr to signature provider interface */
+	void	*sigprovData;	/* opaque data ptr for provider use */
+	sbool	useSigprov;	/* quicker than checkig ptr (1 vs 8 bytes!) */
 	int	iCurrElt;	/* currently active cache element (-1 = none) */
 	int	iCurrCacheSize;	/* currently cache size (1-based) */
 	int	iDynaFileCacheSize; /* size of file handle cache */
@@ -228,7 +234,8 @@ static struct cnfparamdescr actpdescr[] = {
 	{ "sync", eCmdHdlrBinary, 0 }, /* legacy: actionfileenablesync */
 	{ "file", eCmdHdlrString, 0 },     /* either "file" or ... */
 	{ "dynafile", eCmdHdlrString, 0 }, /* "dynafile" MUST be present */
-	{ "template", eCmdHdlrGetWord, 0 },
+	{ "sig.provider", eCmdHdlrGetWord, 0 },
+	{ "template", eCmdHdlrGetWord, 0 }
 };
 static struct cnfparamblk actpblk =
 	{ CNFPARAMBLK_VERSION,
@@ -836,6 +843,14 @@ ENDcreateInstance
 
 BEGINfreeInstance
 CODESTARTfreeInstance
+	if(pData->useSigprov) {
+		dbgprintf("DDDD: destructing signature provider %s\n", pData->sigprovNameFull);
+		pData->sigprov.Destruct(&pData->sigprovData);
+		obj.ReleaseObj(__FILE__, pData->sigprovNameFull+2, pData->sigprovNameFull,
+			       (void*) &pData->sigprov);
+		free(pData->sigprovName);
+		free(pData->sigprovNameFull);
+	}
 	free(pData->tplName);
 	free(pData->f_fname);
 	if(pData->bDynamicName) {
@@ -907,6 +922,8 @@ setInstParamDefaults(instanceData *pData)
 	pData->iIOBufSize = IOBUF_DFLT_SIZE;
 	pData->iFlushInterval = FLUSH_INTRVL_DFLT;
 	pData->bUseAsyncWriter = USE_ASYNCWRITER_DFLT;
+	pData->sigprovName = NULL;
+	pData->useSigprov = 0;
 }
 
 
@@ -946,6 +963,47 @@ finalize_it:
 	RETiRet;
 }
 
+static inline void
+initSigprov(instanceData *pData)
+{
+	uchar szDrvrName[1024];
+
+	if(snprintf((char*)szDrvrName, sizeof(szDrvrName), "lmsig_%s", pData->sigprovName)
+		== sizeof(szDrvrName)) {
+		errmsg.LogError(0, RS_RET_ERR, "omfile: signature provider "
+				"name is too long: '%s' - signatures disabled",
+				pData->sigprovName);
+		goto done;
+	}
+	pData->sigprovNameFull = ustrdup(szDrvrName);
+
+	pData->sigprov.ifVersion = sigprovCURR_IF_VERSION;
+	/* The pDrvrName+2 below is a hack to obtain the object name. It 
+	 * safes us to have yet another variable with the name without "lm" in
+	 * front of it. If we change the module load interface, we may re-think
+	 * about this hack, but for the time being it is efficient and clean enough.
+	 */
+	if(obj.UseObj(__FILE__, szDrvrName, szDrvrName, (void*) &pData->sigprov)
+		!= RS_RET_OK) {
+		errmsg.LogError(0, RS_RET_LOAD_ERROR, "omfile: could not load "
+				"signature provider '%s' - signatures disabled",
+				szDrvrName);
+		goto done;
+	}
+
+	if(pData->sigprov.Construct(&pData->sigprovData) != RS_RET_OK) {
+		errmsg.LogError(0, RS_RET_SIGPROV_ERR, "omfile: error constructing "
+				"signature provider %s dataset - signatures disabled",
+				szDrvrName);
+		goto done;
+	}
+
+	dbgprintf("loaded signature provider %s, data instance at %p\n",
+		  szDrvrName, pData->sigprovData);
+	pData->useSigprov = 1;
+done:	return;
+}
+
 BEGINnewActInst
 	struct cnfparamvals *pvals;
 	uchar *tplToUse;
@@ -1013,6 +1071,8 @@ CODESTARTnewActInst
 			pData->bDynamicName = 1;
 		} else if(!strcmp(actpblk.descr[i].name, "template")) {
 			pData->tplName = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+		} else if(!strcmp(actpblk.descr[i].name, "sig.provider")) {
+			pData->sigprovName = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
 		} else {
 			dbgprintf("omfile: program error, non-handled "
 			  "param '%s'\n", actpblk.descr[i].name);
@@ -1025,6 +1085,10 @@ CODESTARTnewActInst
 		ABORT_FINALIZE(RS_RET_MISSING_CNFPARAMS);
 	}
 
+	if(pData->sigprovName != NULL) {
+		initSigprov(pData);
+	}
+
 	tplToUse = ustrdup((pData->tplName == NULL) ? getDfltTpl() : pData->tplName);
 	CHKiRet(OMSRsetEntry(*ppOMSR, 0, tplToUse, OMSR_NO_RQD_TPL_OPTS));
 
-- 
cgit v1.2.3


From 8f32f09d7e688091f432e0c0e156d3a9eec78a4b Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Tue, 5 Mar 2013 12:52:28 +0100
Subject: logsig: more interface plumbing

---
 runtime/Makefile.am |  2 +-
 runtime/lmsig_gt.c  | 40 +++++++++++++++++++++++++++++++++++++---
 runtime/sigprov.h   |  5 ++++-
 tools/omfile.c      | 46 +++++++++++++++++++++++++++++++++++-----------
 4 files changed, 77 insertions(+), 16 deletions(-)

diff --git a/runtime/Makefile.am b/runtime/Makefile.am
index b6009b98..20824494 100644
--- a/runtime/Makefile.am
+++ b/runtime/Makefile.am
@@ -184,7 +184,7 @@ if ENABLE_GUARDTIME
    lmsig_gt_la_SOURCES = lmsig_gt.c
    lmsig_gt_la_CPPFLAGS = $(RSRT_CFLAGS) $(GUARDTIME_CFLAGS)
    lmsig_gt_la_LDFLAGS = -module -avoid-version
-   lmsig_gt_la_LIBADD = librsgt.c $(GUARDTIME_LIBS)
+   lmsig_gt_la_LIBADD = librsgt.la $(GUARDTIME_LIBS)
 endif
 
 
diff --git a/runtime/lmsig_gt.c b/runtime/lmsig_gt.c
index c390457a..f58d46c3 100644
--- a/runtime/lmsig_gt.c
+++ b/runtime/lmsig_gt.c
@@ -55,14 +55,46 @@ CODESTARTobjDestruct(lmsig_gt)
 	dbgprintf("DDDD: lmsig_gt: called destruct\n");
 ENDobjDestruct(lmsig_gt)
 
+static rsRetVal
+OnFileOpen(void *pT, uchar *fn)
+{
+	lmsig_gt_t *pThis = (lmsig_gt_t*) pT;
+	DEFiRet;
+dbgprintf("DDDD: onFileOpen: %s\n", fn);
+
+	RETiRet;
+}
+
+static rsRetVal
+OnRecordWrite(void *pT, uchar *rec, rs_size_t lenRec)
+{
+	lmsig_gt_t *pThis = (lmsig_gt_t*) pT;
+	DEFiRet;
+dbgprintf("DDDD: onRecordWrite (%d): %s\n", lenRec, rec);
+
+	RETiRet;
+}
+
+static rsRetVal
+OnFileClose(void *pT)
+{
+	lmsig_gt_t *pThis = (lmsig_gt_t*) pT;
+	DEFiRet;
+dbgprintf("DDDD: onFileClose\n");
+
+	RETiRet;
+}
 
 BEGINobjQueryInterface(lmsig_gt)
 CODESTARTobjQueryInterface(lmsig_gt)
 	if(pIf->ifVersion != sigprovCURR_IF_VERSION) {/* check for current version, increment on each change */
 		ABORT_FINALIZE(RS_RET_INTERFACE_NOT_SUPPORTED);
 	}
-	pIf->Construct = lmsig_gtConstruct;
-	pIf->Destruct = lmsig_gtDestruct;
+	pIf->Construct = (rsRetVal(*)(void*)) lmsig_gtConstruct;
+	pIf->Destruct = (rsRetVal(*)(void*)) lmsig_gtDestruct;
+	pIf->OnFileOpen = OnFileOpen;
+	pIf->OnRecordWrite = OnRecordWrite;
+	pIf->OnFileClose = OnFileClose;
 finalize_it:
 ENDobjQueryInterface(lmsig_gt)
 
@@ -72,6 +104,8 @@ CODESTARTObjClassExit(lmsig_gt)
 	/* release objects we no longer need */
 	objRelease(errmsg, CORE_COMPONENT);
 	objRelease(glbl, CORE_COMPONENT);
+
+	rsgtExit();
 ENDObjClassExit(lmsig_gt)
 
 
@@ -80,7 +114,7 @@ BEGINObjClassInit(lmsig_gt, 1, OBJ_IS_LOADABLE_MODULE) /* class, version */
 	CHKiRet(objUse(errmsg, CORE_COMPONENT));
 	CHKiRet(objUse(glbl, CORE_COMPONENT));
 
-	/* set our own handlers */
+	rsgtInit("rsyslogd " VERSION);
 ENDObjClassInit(lmsig_gt)
 
 
diff --git a/runtime/sigprov.h b/runtime/sigprov.h
index f0eb9350..0154a1f4 100644
--- a/runtime/sigprov.h
+++ b/runtime/sigprov.h
@@ -27,7 +27,10 @@
 /* interface */
 BEGINinterface(sigprov) /* name must also be changed in ENDinterface macro! */
 	rsRetVal (*Construct)(void *ppThis);
-	rsRetVal (*Destruct)(void **ppThis);
+	rsRetVal (*Destruct)(void *ppThis);
+	rsRetVal (*OnFileOpen)(void *pThis, uchar *fn);
+	rsRetVal (*OnRecordWrite)(void *pThis, uchar *rec, rs_size_t lenRec);
+	rsRetVal (*OnFileClose)(void *pThis);
 ENDinterface(sigprov)
 #define sigprovCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */
 #endif /* #ifndef INCLUDED_SIGPROV_H */
diff --git a/tools/omfile.c b/tools/omfile.c
index 27bbe02e..efdf5e5b 100644
--- a/tools/omfile.c
+++ b/tools/omfile.c
@@ -441,6 +441,7 @@ dynaFileDelCacheEntry(dynaFileCacheEntry **pCache, int iEntry, int bFreeEntry)
 
 	if(pCache[iEntry]->pStrm != NULL) {
 		strm.Destruct(&pCache[iEntry]->pStrm);
+#warning add sig capability here
 		if(pCache[iEntry]->pStrm != NULL) /* safety check -- TODO: remove if no longer necessary */
 			abort();
 	}
@@ -488,6 +489,27 @@ static void dynaFileFreeCache(instanceData *pData)
 }
 
 
+/* close current file */
+static rsRetVal
+closeFile(instanceData *pData)
+{
+	DEFiRet;
+	if(pData->useSigprov)
+		pData->sigprov.OnFileClose(pData->sigprovData);
+	strm.Destruct(&pData->pStrm);
+	RETiRet;
+}
+
+
+/* This prepares the signature provider to process a file */
+static rsRetVal
+sigprovPrepare(instanceData *pData, uchar *fn)
+{
+	DEFiRet;
+	pData->sigprov.OnFileOpen(pData->sigprovData, fn);
+	RETiRet;
+}
+
 /* This is now shared code for all types of files. It simply prepares
  * file access, which, among others, means the the file wil be opened
  * and any directories in between will be created (based on config, of
@@ -570,11 +592,14 @@ prepareFile(instanceData *pData, uchar *newFileName)
 	if(pData->pszSizeLimitCmd != NULL)
 		CHKiRet(strm.SetpszSizeLimitCmd(pData->pStrm, ustrdup(pData->pszSizeLimitCmd)));
 	CHKiRet(strm.ConstructFinalize(pData->pStrm));
+
+	if(pData->useSigprov)
+		sigprovPrepare(pData, szNameBuf);
 	
 finalize_it:
 	if(iRet != RS_RET_OK) {
 		if(pData->pStrm != NULL) {
-			strm.Destruct(&pData->pStrm);
+			closeFile(pData);
 		}
 	}
 	RETiRet;
@@ -701,7 +726,7 @@ prepareDynFile(instanceData *pData, uchar *newFileName, unsigned iMsgOpts)
 	}
 
 	if((pCache[iFirstFree]->pName = ustrdup(newFileName)) == NULL) {
-		strm.Destruct(&pData->pStrm); /* need to free failed entry! */
+		closeFile(pData); /* need to free failed entry! */
 		ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY);
 	}
 	pCache[iFirstFree]->pStrm = pData->pStrm;
@@ -729,7 +754,7 @@ doWrite(instanceData *pData, uchar *pszBuf, int lenBuf)
 	DBGPRINTF("write to stream, pData->pStrm %p, lenBuf %d\n", pData->pStrm, lenBuf);
 	if(pData->pStrm != NULL){
 		CHKiRet(strm.Write(pData->pStrm, pszBuf, lenBuf));
-		FINALIZE;
+		CHKiRet(pData->sigprov.OnRecordWrite(pData->sigprovData, pszBuf, lenBuf));
 	}
 
 finalize_it:
@@ -843,6 +868,12 @@ ENDcreateInstance
 
 BEGINfreeInstance
 CODESTARTfreeInstance
+	free(pData->tplName);
+	free(pData->f_fname);
+	if(pData->bDynamicName) {
+		dynaFileFreeCache(pData);
+	} else if(pData->pStrm != NULL)
+		closeFile(pData);
 	if(pData->useSigprov) {
 		dbgprintf("DDDD: destructing signature provider %s\n", pData->sigprovNameFull);
 		pData->sigprov.Destruct(&pData->sigprovData);
@@ -851,12 +882,6 @@ CODESTARTfreeInstance
 		free(pData->sigprovName);
 		free(pData->sigprovNameFull);
 	}
-	free(pData->tplName);
-	free(pData->f_fname);
-	if(pData->bDynamicName) {
-		dynaFileFreeCache(pData);
-	} else if(pData->pStrm != NULL)
-		strm.Destruct(&pData->pStrm);
 ENDfreeInstance
 
 
@@ -1231,8 +1256,7 @@ CODESTARTdoHUP
 		dynaFileFreeCacheEntries(pData);
 	} else {
 		if(pData->pStrm != NULL) {
-			strm.Destruct(&pData->pStrm);
-			pData->pStrm = NULL;
+			closeFile(pData);
 		}
 	}
 ENDdoHUP
-- 
cgit v1.2.3


From 027441b337a3dc2c0017df6eebf473445f628d52 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Tue, 5 Mar 2013 15:10:11 +0100
Subject: logsig: first PoC of actually writing to signature file

---
 runtime/librsgt.c  | 87 +++++++++++++++++++++++++++++++++++++++++++++++-------
 runtime/lmsig_gt.c |  4 +++
 tools/logsigner.c  |  2 +-
 3 files changed, 81 insertions(+), 12 deletions(-)

diff --git a/runtime/librsgt.c b/runtime/librsgt.c
index 68e0f6d4..e1d760c6 100644
--- a/runtime/librsgt.c
+++ b/runtime/librsgt.c
@@ -44,6 +44,11 @@
 #include <string.h>
 #include <stdint.h>
 #include <assert.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#define MAXFNAME 1024 /* TODO: include correct header */
 
 #include <gt_http.h>
 
@@ -53,11 +58,12 @@ typedef unsigned char uchar;
 #ifndef VERSION
 #define VERSION "no-version"
 #endif
+#define LOGSIGHDR "LOGSIG10"
 
 static void
 outputhash(GTDataHash *hash)
 {
-	int i;
+	unsigned i;
 	for(i = 0 ; i < hash->digest_length ; ++i)
 		printf("%2.2x", hash->digest[i]);
 	printf("\n");
@@ -95,12 +101,43 @@ rsgtExit(void)
 }
 
 
-
-
 static inline void
 tlvbufPhysWrite(gtctx ctx)
 {
+	ssize_t lenBuf;
+	ssize_t iTotalWritten;
+	ssize_t iWritten;
+	char *pWriteBuf;
 	fprintf(stderr, "emu: writing TLV file!\n");
+
+	lenBuf = ctx->tlvIdx;
+	pWriteBuf = ctx->tlvBuf;
+	iTotalWritten = 0;
+	do {
+		iWritten = write(ctx->fd, pWriteBuf, lenBuf);
+		if(iWritten < 0) {
+			//char errStr[1024];
+			int err = errno;
+			iWritten = 0; /* we have written NO bytes! */
+		/*	rs_strerror_r(err, errStr, sizeof(errStr));
+			DBGPRINTF("log file (%d) write error %d: %s\n", pThis->fd, err, errStr);
+			*/
+			if(err == EINTR) {
+				/*NO ERROR, just continue */;
+			} else {
+				goto finalize_it; //ABORT_FINALIZE(RS_RET_IO_ERROR);
+				/* FIXME: flag error */
+			}
+	 	} 
+		/* advance buffer to next write position */
+		iTotalWritten += iWritten;
+		lenBuf -= iWritten;
+		pWriteBuf += iWritten;
+	} while(lenBuf > 0);	/* Warning: do..while()! */
+
+	//DBGOPRINT((obj_t*) pThis, "file %d write wrote %d bytes\n", pThis->fd, (int) iWritten);
+
+finalize_it:
 	ctx->tlvIdx = 0;
 }
 
@@ -161,19 +198,36 @@ tlvFlush(gtctx ctx)
 		tlvbufPhysWrite(ctx);
 }
 
+void
+tlvWriteBlockSig(gtctx ctx, uchar *der, size_t der_len)
+{
+	//FIXME: flags???
+	tlv8Write(ctx, 0x00, 0x00, 1);
+	tlvbufAddOctet(ctx, 0x02); // TODO: hash identifier (Tab. 2)!
+	tlv16Write(ctx, 0x00, 0x906, (uint16_t) der_len);
+	tlvbufAddOctetString(ctx, (int8_t*) der, (int) der_len);
+}
+
 void tlvClose(gtctx ctx)
 {
 	tlvFlush(ctx);
 	fprintf(stderr, "emu: close tlv file\n");
+	close(ctx->fd);
+	ctx->fd = -1;
 }
 
+
 /* note: if file exists, the last hash for chaining must
  * be read from file.
  */
-void tlvOpen(gtctx ctx)
+void tlvOpen(gtctx ctx, char *hdr, unsigned lenHdr)
 {
-	fprintf(stderr, "emu: open tlv file\n");
-	ctx->tlvIdx = 0;
+	fprintf(stderr, "emu: open tlv file '%s'\n", ctx->sigfilename);
+	ctx->fd = open((char*)ctx->sigfilename,
+		       O_WRONLY/*|O_APPEND*/|O_CREAT|O_NOCTTY|O_CLOEXEC, 0600);
+	// FIXME: check fd == -1
+	memcpy(ctx->tlvBuf, hdr, lenHdr);
+	ctx->tlvIdx = lenHdr;
 }
 
 void
@@ -192,12 +246,15 @@ seedIV(gtctx ctx)
 }
 
 gtctx
-rsgtCtxNew(char *logfilename)
+rsgtCtxNew(unsigned char *logfn)
 {
+	char fn[MAXFNAME+1];
 	gtctx ctx;
 	ctx =  calloc(1, sizeof(struct gtctx_s));
-	ctx->logfilename = strdup(logfilename);
-	tlvOpen(ctx);
+	snprintf(fn, sizeof(fn), "%s.gtsig", logfn);
+	fn[MAXFNAME] = '\0'; /* be on save side */
+	ctx->sigfilename = (uchar*) strdup(fn);
+	tlvOpen(ctx, LOGSIGHDR, sizeof(LOGSIGHDR)-1);
 	return ctx;
 }
 
@@ -207,8 +264,10 @@ rsgtCtxDel(gtctx ctx)
 	if(ctx == NULL)
 		goto done;
 
+	if(ctx->bInBlk)
+		sigblkFinish(ctx);
 	tlvClose(ctx);
-	free(ctx->logfilename);
+	free(ctx->sigfilename);
 	free(ctx);
 	/* TODO: persist! */
 done:	return;
@@ -226,6 +285,7 @@ sigblkInit(gtctx ctx)
 	memset(ctx->roots_valid, 0, sizeof(ctx->roots_valid)/sizeof(char));
 	ctx->nRoots = 0;
 	ctx->nRecords = 0;
+	ctx->bInBlk = 1;
 }
 
 
@@ -300,7 +360,7 @@ sigblkAddRecord(gtctx ctx, const uchar *rec, const size_t len)
 	GTDataHash *x; /* current hash */
 	GTDataHash *m, *r, *t;
 	int8_t j;
-	int ret;
+	//int ret;
 
 	hash_m(ctx, &m);
 	hash_r(ctx, &r, rec, len);
@@ -362,6 +422,9 @@ timestampIt(gtctx ctx, GTDataHash *hash)
 		goto done;
 	}
 
+	tlvWriteBlockSig(ctx, der, der_len);
+
+#if 0
 	/* Save DER-encoded timestamp to file. */
 	r = GT_saveFile(sigFile, der, der_len);
 	if(r != GT_OK) {
@@ -373,6 +436,7 @@ timestampIt(gtctx ctx, GTDataHash *hash)
 		goto done;
 	}
 	printf("Timestamping succeeded!\n");
+#endif
 done:
 	GT_free(der);
 	GTTimestamp_free(timestamp);
@@ -400,4 +464,5 @@ sigblkFinish(gtctx ctx)
 	/* persist root value here (callback?) */
 printf("root hash is:\n"); outputhash(root);
 	timestampIt(ctx, root);
+	ctx->bInBlk = 0;
 }
diff --git a/runtime/lmsig_gt.c b/runtime/lmsig_gt.c
index f58d46c3..578e51e5 100644
--- a/runtime/lmsig_gt.c
+++ b/runtime/lmsig_gt.c
@@ -61,6 +61,8 @@ OnFileOpen(void *pT, uchar *fn)
 	lmsig_gt_t *pThis = (lmsig_gt_t*) pT;
 	DEFiRet;
 dbgprintf("DDDD: onFileOpen: %s\n", fn);
+	pThis->ctx = rsgtCtxNew(fn);
+	sigblkInit(pThis->ctx);
 
 	RETiRet;
 }
@@ -71,6 +73,7 @@ OnRecordWrite(void *pT, uchar *rec, rs_size_t lenRec)
 	lmsig_gt_t *pThis = (lmsig_gt_t*) pT;
 	DEFiRet;
 dbgprintf("DDDD: onRecordWrite (%d): %s\n", lenRec, rec);
+	sigblkAddRecord(pThis->ctx, rec, lenRec);
 
 	RETiRet;
 }
@@ -81,6 +84,7 @@ OnFileClose(void *pT)
 	lmsig_gt_t *pThis = (lmsig_gt_t*) pT;
 	DEFiRet;
 dbgprintf("DDDD: onFileClose\n");
+	rsgtCtxDel(pThis->ctx);
 
 	RETiRet;
 }
diff --git a/tools/logsigner.c b/tools/logsigner.c
index 1a9b9ab5..f11371aa 100644
--- a/tools/logsigner.c
+++ b/tools/logsigner.c
@@ -120,7 +120,7 @@ processFile(char *name)
 	char line[64*1024+1];
 	gtctx ctx = NULL;
 	
-	ctx = rsgtCtxNew("SIGFILE");
+	ctx = rsgtCtxNew((unsigned char*)"SIGFILE");
 	sigblkInit(ctx);
 	if(!strcmp(name, "-"))
 		fp = stdin;
-- 
cgit v1.2.3


From 497d1e09638c6e819f0e02b7f940a8a826b63265 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Wed, 6 Mar 2013 15:44:11 +0100
Subject: logsig: write block-sig record

also some general improvements, e.g. random data is now gathered
correctly
---
 runtime/librsgt.c  | 181 ++++++++++++++++++++++++++++++++++++-----------------
 runtime/librsgt.h  |  91 +++++++++++++++++++++++++++
 runtime/lmsig_gt.c |   2 +-
 tools/logsigner.c  |   2 +-
 4 files changed, 218 insertions(+), 58 deletions(-)
 create mode 100644 runtime/librsgt.h

diff --git a/runtime/librsgt.c b/runtime/librsgt.c
index e1d760c6..8aa80771 100644
--- a/runtime/librsgt.c
+++ b/runtime/librsgt.c
@@ -58,7 +58,45 @@ typedef unsigned char uchar;
 #ifndef VERSION
 #define VERSION "no-version"
 #endif
-#define LOGSIGHDR "LOGSIG10"
+
+static inline uint16_t
+hashOutputLengthOctets(uint8_t hashID)
+{
+	switch(hashID) {
+	case GT_HASHALG_SHA1:	/* paper: SHA1 */
+		return 20;
+	case GT_HASHALG_RIPEMD160: /* paper: RIPEMD-160 */
+		return 20;
+	case GT_HASHALG_SHA224:	/* paper: SHA2-224 */
+		return 28;
+	case GT_HASHALG_SHA256: /* paper: SHA2-256 */
+		return 32;
+	case GT_HASHALG_SHA384: /* paper: SHA2-384 */
+		return 48;
+	case GT_HASHALG_SHA512:	/* paper: SHA2-512 */
+		return 64;
+	default:return 32;
+	}
+}
+static inline uint8_t
+hashIdentifier(uint8_t hashID)
+{
+	switch(hashID) {
+	case GT_HASHALG_SHA1:	/* paper: SHA1 */
+		return 0x00;
+	case GT_HASHALG_RIPEMD160: /* paper: RIPEMD-160 */
+		return 0x02;
+	case GT_HASHALG_SHA224:	/* paper: SHA2-224 */
+		return 0x03;
+	case GT_HASHALG_SHA256: /* paper: SHA2-256 */
+		return 0x01;
+	case GT_HASHALG_SHA384: /* paper: SHA2-384 */
+		return 0x04;
+	case GT_HASHALG_SHA512:	/* paper: SHA2-512 */
+		return 0x05;
+	default:return 0xff;
+	}
+}
 
 static void
 outputhash(GTDataHash *hash)
@@ -76,8 +114,6 @@ rsgtInit(char *usragent)
 {
 	int ret = GT_OK;
 
-	srand(time(NULL) * 7); /* see comments in seedIV() */
-
 	ret = GT_init();
 	if(ret != GT_OK) {
 		fprintf(stderr, "GT_init() failed: %d (%s)\n",
@@ -160,20 +196,26 @@ tlvbufAddOctet(gtctx ctx, int8_t octet)
 	ctx->tlvBuf[ctx->tlvIdx++] = octet;
 }
 static inline void
-tlvbufAddOctetString(gtctx ctx, int8_t *octet, int size)
+tlvbufAddOctetString(gtctx ctx, uint8_t *octet, int size)
 {
 	int i;
 	for(i = 0 ; i < size ; ++i)
 		tlvbufAddOctet(ctx, octet[i]);
 }
 static inline void
-tlvbufAddInteger(gtctx ctx, uint32_t val)
+tlvbufAddInt32(gtctx ctx, uint32_t val)
 {
 	tlvbufAddOctet(ctx, (val >> 24) & 0xff);
 	tlvbufAddOctet(ctx, (val >> 16) & 0xff);
 	tlvbufAddOctet(ctx, (val >>  8) & 0xff);
 	tlvbufAddOctet(ctx,  val        & 0xff);
 }
+static inline void
+tlvbufAddInt64(gtctx ctx, uint64_t val)
+{
+	tlvbufAddInt32(ctx, (val >> 32) & 0xffffffff);
+	tlvbufAddInt32(ctx,  val        & 0xffffffff);
+}
 
 
 void
@@ -199,13 +241,34 @@ tlvFlush(gtctx ctx)
 }
 
 void
-tlvWriteBlockSig(gtctx ctx, uchar *der, size_t der_len)
+tlvWriteBlockSig(gtctx ctx, uchar *der, uint16_t lenDer)
 {
+	unsigned tlvlen;
+
+	tlvlen  = 1 + 1 /* hash algo TLV */ +
+	 	  1 + hashOutputLengthOctets(ctx->hashAlg) /* iv */ +
+		  1 + 1 + ctx->lenBlkStrtHash /* last hash */ +
+		  1 + 8 /* rec-count (64 bit integer) */ +
+		  2 + lenDer /* rfc-3161 */;
+	/* write top-level TLV object (block-sig */
+	tlv16Write(ctx, 0x00, 0x0902, tlvlen);
+	/* and now write the children */
 	//FIXME: flags???
+	/* hash-algo */
 	tlv8Write(ctx, 0x00, 0x00, 1);
-	tlvbufAddOctet(ctx, 0x02); // TODO: hash identifier (Tab. 2)!
-	tlv16Write(ctx, 0x00, 0x906, (uint16_t) der_len);
-	tlvbufAddOctetString(ctx, (int8_t*) der, (int) der_len);
+	tlvbufAddOctet(ctx, hashIdentifier(ctx->hashAlg));
+	/* block-iv */
+	tlv8Write(ctx, 0x00, 0x01, 1);
+	tlvbufAddOctetString(ctx, ctx->IV, hashOutputLengthOctets(ctx->hashAlg));
+	/* last-hash */
+	tlv8Write(ctx, 0x00, 0x02, 1);
+	tlvbufAddOctetString(ctx, ctx->blkStrtHash, ctx->lenBlkStrtHash);
+	/* rec-count */
+	tlv8Write(ctx, 0x00, 0x03, 1);
+	tlvbufAddInt64(ctx, ctx->nRecords);
+	/* rfc-3161 */
+	tlv16Write(ctx, 0x00, 0x906, lenDer);
+	tlvbufAddOctetString(ctx, der, lenDer);
 }
 
 void tlvClose(gtctx ctx)
@@ -228,36 +291,62 @@ void tlvOpen(gtctx ctx, char *hdr, unsigned lenHdr)
 	// FIXME: check fd == -1
 	memcpy(ctx->tlvBuf, hdr, lenHdr);
 	ctx->tlvIdx = lenHdr;
+	/* we now need to obtain the last previous hash, so that
+	 * we can continue the hash chain.
+	 */
+	// ...
+	/* in case we did not have a previous hash (or could not
+	 * obtain it), we start with zero.
+	 */
+	ctx->lenBlkStrtHash = hashOutputLengthOctets(ctx->hashAlg);
+	ctx->blkStrtHash = calloc(1, ctx->lenBlkStrtHash);
 }
 
+/*
+ * As of some Linux and security expert I spoke to, /dev/urandom
+ * provides very strong random numbers, even if it runs out of
+ * entropy. As far as he knew, this is save for all applications
+ * (and he had good proof that I currently am not permitted to
+ * reproduce). -- rgerhards, 2013-03-04
+ */
 void
 seedIV(gtctx ctx)
 {
-	/* FIXME: this currently is "kindergarten cryptography" - use a
-	 * sufficiently strong PRNG instead! Just a PoC so far! Do NOT
-	 * use in production!!!
-	 * As of some Linux and security expert I spoke to, /dev/urandom
-	 * provides very strong random numbers, even if it runs out of
-	 * entropy. As far as he knew, this is save for all applications
-	 * (and he had good proof that I currently am not permitted to
-	 * reproduce). -- rgerhards, 2013-03-04
+	int hashlen;
+	int fd;
+
+	hashlen = hashOutputLengthOctets(ctx->hashAlg);
+	ctx->IV = malloc(hashlen); /* do NOT zero-out! */
+	/* if we cannot obtain data from /dev/urandom, we use whatever
+	 * is present at the current memory location as random data. Of
+	 * course, this is very weak and we should consider a different
+	 * option, especially when not running under Linux (for Linux,
+	 * unavailability of /dev/urandom is just a theoretic thing, it
+	 * will always work...).  -- TODO -- rgerhards, 2013-03-06
 	 */
-	ctx->IV = rand() * 1000037;
+	if((fd = open("/dev/urandom", O_RDONLY)) > 0) {
+		read(fd, ctx->IV, hashlen);
+		close(fd);
+	}
 }
 
 gtctx
-rsgtCtxNew(unsigned char *logfn)
+rsgtCtxNew(unsigned char *logfn, enum GTHashAlgorithm hashAlg)
 {
 	char fn[MAXFNAME+1];
 	gtctx ctx;
 	ctx =  calloc(1, sizeof(struct gtctx_s));
+	ctx->x_prev = NULL;
+	ctx->hashAlg = hashAlg;
+	ctx->timestamper = strdup(
+			   "http://stamper.guardtime.net/gt-signingservice");
 	snprintf(fn, sizeof(fn), "%s.gtsig", logfn);
 	fn[MAXFNAME] = '\0'; /* be on save side */
 	ctx->sigfilename = (uchar*) strdup(fn);
 	tlvOpen(ctx, LOGSIGHDR, sizeof(LOGSIGHDR)-1);
 	return ctx;
 }
-
+ 
 void
 rsgtCtxDel(gtctx ctx)
 {
@@ -278,10 +367,6 @@ void
 sigblkInit(gtctx ctx)
 {
 	seedIV(ctx);
-//	if(ctx->x_prev == NULL) {
-		ctx->x_prev = NULL;
-		/* FIXME: do the real thing - or in a later step as currently? */
-//	}
 	memset(ctx->roots_valid, 0, sizeof(ctx->roots_valid)/sizeof(char));
 	ctx->nRoots = 0;
 	ctx->nRecords = 0;
@@ -297,13 +382,14 @@ bufAddIV(gtctx ctx, uchar *buf, size_t *len)
 	*len += sizeof(ctx->IV);
 }
 
+
 /* concat: add hash to buffer */
 static inline void
 bufAddHash(gtctx ctx, uchar *buf, size_t *len, GTDataHash *hash)
 {
 	if(hash == NULL) {
-		memset(buf+*len, 0, 32); /* FIXME: depends on hash function! */
-		*len += 32;
+		memcpy(buf+*len, ctx->blkStrtHash, ctx->lenBlkStrtHash);
+		*len += ctx->lenBlkStrtHash;
 	} else {
 		memcpy(buf+*len, hash->digest, hash->digest_length);
 		*len += hash->digest_length;
@@ -311,7 +397,7 @@ bufAddHash(gtctx ctx, uchar *buf, size_t *len, GTDataHash *hash)
 }
 /* concat: add tree level to buffer */
 static inline void
-bufAddLevel(gtctx ctx, uchar *buf, size_t *len, int level)
+bufAddLevel(uchar *buf, size_t *len, int level)
 {
 	memcpy(buf+*len, &level, sizeof(level));
 	*len += sizeof(level);
@@ -321,23 +407,21 @@ bufAddLevel(gtctx ctx, uchar *buf, size_t *len, int level)
 static void
 hash_m(gtctx ctx, GTDataHash **m)
 {
+#warning Overall: check GT API return states!
 	// m = hash(concat(ctx->x_prev, IV));
-	int r;
 	uchar concatBuf[16*1024];
 	size_t len = 0;
 
 	bufAddHash(ctx, concatBuf, &len, ctx->x_prev);
 	bufAddIV(ctx, concatBuf, &len);
-	r = GTDataHash_create(GT_HASHALG_SHA256, concatBuf, len, m);
+	GTDataHash_create(ctx->hashAlg, concatBuf, len, m);
 }
 
 static void
 hash_r(gtctx ctx, GTDataHash **r, const uchar *rec, const size_t len)
 {
 	// r = hash(canonicalize(rec));
-	int ret;
-
-	ret = GTDataHash_create(GT_HASHALG_SHA256, rec, len, r);
+	GTDataHash_create(ctx->hashAlg, rec, len, r);
 }
 
 
@@ -345,22 +429,21 @@ static void
 hash_node(gtctx ctx, GTDataHash **node, GTDataHash *m, GTDataHash *r, int level)
 {
 	// x = hash(concat(m, r, 0)); /* hash leaf */
-	int ret;
 	uchar concatBuf[16*1024];
 	size_t len = 0;
 
 	bufAddHash(ctx, concatBuf, &len, m);
 	bufAddHash(ctx, concatBuf, &len, r);
-	bufAddLevel(ctx, concatBuf, &len, level);
-	ret = GTDataHash_create(GT_HASHALG_SHA256, concatBuf, len, node);
+	bufAddLevel(concatBuf, &len, level);
+	GTDataHash_create(ctx->hashAlg, concatBuf, len, node);
 }
+
 void
 sigblkAddRecord(gtctx ctx, const uchar *rec, const size_t len)
 {
 	GTDataHash *x; /* current hash */
 	GTDataHash *m, *r, *t;
 	int8_t j;
-	//int ret;
 
 	hash_m(ctx, &m);
 	hash_r(ctx, &r, rec, len);
@@ -391,6 +474,7 @@ sigblkAddRecord(gtctx ctx, const uchar *rec, const size_t len)
 	++ctx->nRecords;
 
 	/* cleanup */
+	/* note: x is freed later as part of roots cleanup */
 	GTDataHash_free(m);
 	GTDataHash_free(r);
 }
@@ -398,15 +482,13 @@ sigblkAddRecord(gtctx ctx, const uchar *rec, const size_t len)
 static void
 timestampIt(gtctx ctx, GTDataHash *hash)
 {
+	unsigned char *der;
+	size_t lenDer;
 	int r = GT_OK;
 	GTTimestamp *timestamp = NULL;
-	unsigned char *der = NULL;
-	char *sigFile = "logsigner.TIMESTAMP";
-	size_t der_len;
 
 	/* Get the timestamp. */
-	r = GTHTTP_createTimestampHash(hash,
-		"http://stamper.guardtime.net/gt-signingservice", &timestamp);
+	r = GTHTTP_createTimestampHash(hash, ctx->timestamper, &timestamp);
 
 	if(r != GT_OK) {
 		fprintf(stderr, "GTHTTP_createTimestampHash() failed: %d (%s)\n",
@@ -415,28 +497,15 @@ timestampIt(gtctx ctx, GTDataHash *hash)
 	}
 
 	/* Encode timestamp. */
-	r = GTTimestamp_getDEREncoded(timestamp, &der, &der_len);
+	r = GTTimestamp_getDEREncoded(timestamp, &der, &lenDer);
 	if(r != GT_OK) {
 		fprintf(stderr, "GTTimestamp_getDEREncoded() failed: %d (%s)\n",
 				r, GT_getErrorString(r));
 		goto done;
 	}
 
-	tlvWriteBlockSig(ctx, der, der_len);
+	tlvWriteBlockSig(ctx, der, lenDer);
 
-#if 0
-	/* Save DER-encoded timestamp to file. */
-	r = GT_saveFile(sigFile, der, der_len);
-	if(r != GT_OK) {
-		fprintf(stderr, "Cannot save timestamp to file %s: %d (%s)\n",
-				sigFile, r, GT_getErrorString(r));
-		if(r == GT_IO_ERROR) {
-			fprintf(stderr, "\t%d (%s)\n", errno, strerror(errno));
-		}
-		goto done;
-	}
-	printf("Timestamping succeeded!\n");
-#endif
 done:
 	GT_free(der);
 	GTTimestamp_free(timestamp);
diff --git a/runtime/librsgt.h b/runtime/librsgt.h
new file mode 100644
index 00000000..cb1829e9
--- /dev/null
+++ b/runtime/librsgt.h
@@ -0,0 +1,91 @@
+/* librsgt.h - rsyslog's guardtime support library
+ *
+ * Copyright 2013 Adiscon GmbH.
+ *
+ * This file is part of rsyslog.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *       -or-
+ *       see COPYING.ASL20 in the source distribution
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef INCLUDED_LIBRSGT_H
+#define INCLUDED_LIBRSGT_H
+#include <gt_base.h>
+
+/* Max number of roots inside the forest. This permits blocks of up to
+ * 2^MAX_ROOTS records. We assume that 64 is sufficient for all use
+ * cases ;) [and 64 is not really a waste of memory, so we do not even
+ * try to work with reallocs and such...]
+ */
+#define MAX_ROOTS 64
+#define LOGSIGHDR "LOGSIG10"
+
+/* context for gt calls. All state data is kept here, this permits
+ * multiple concurrent callers.
+ */
+struct gtctx_s {
+	enum GTHashAlgorithm hashAlg;
+	uint8_t *IV; /* initial value for blinding masks (where to do we get it from?) */
+	GTDataHash *x_prev; /* last leaf hash (maybe of previous block) --> preserve on term */
+	char *timestamper;
+	unsigned char *sigfilename;
+	int fd;
+	unsigned char *blkStrtHash; /* last hash from previous block */
+	uint16_t lenBlkStrtHash;
+	uint64_t nRecords;  /* current number of records in current block */
+	uint64_t bInBlk;    /* are we currently inside a blk --> need to finish on close */
+	int8_t nRoots;
+	/* algo engineering: roots structure is split into two arrays
+	 * in order to improve cache hits.
+	 */
+	int8_t roots_valid[MAX_ROOTS];
+	GTDataHash *roots_hash[MAX_ROOTS];
+	/* data mambers for the associated TLV file */
+	char	tlvBuf[4096];
+	int	tlvIdx; /* current index into tlvBuf */
+};
+typedef struct gtctx_s *gtctx;
+
+typedef struct imprint_s imprint_t;
+typedef struct block_sig_s block_sig_t;
+
+struct imprint_s {
+	uint8_t hashID;
+	int	len;
+	uint8_t *data;
+};
+
+#define SIGID_RFC3161 0
+struct block_sig_s {
+	uint8_t hashID;
+	uint8_t sigID; /* what type of *signature*? */
+	uint8_t *iv;
+	imprint_t lastHash;
+	uint64_t recCount;
+	struct {
+		struct {
+			uint8_t *data;
+			size_t len; /* must be size_t due to GT API! */
+		} der;
+	} sig;
+};
+
+void rsgtInit(char *usragent);
+void rsgtExit(void);
+gtctx rsgtCtxNew(unsigned char *logfn, enum GTHashAlgorithm hashAlg);
+void rsgtCtxDel(gtctx ctx);
+void sigblkInit(gtctx ctx);
+void sigblkAddRecord(gtctx ctx, const unsigned char *rec, const size_t len);
+void sigblkFinish(gtctx ctx);
+void rsgtCtxSetLogfileName(gtctx ctx, char *logfilename);
+#endif  /* #ifndef INCLUDED_LIBRSGT_H */
diff --git a/runtime/lmsig_gt.c b/runtime/lmsig_gt.c
index 578e51e5..8be3e045 100644
--- a/runtime/lmsig_gt.c
+++ b/runtime/lmsig_gt.c
@@ -61,7 +61,7 @@ OnFileOpen(void *pT, uchar *fn)
 	lmsig_gt_t *pThis = (lmsig_gt_t*) pT;
 	DEFiRet;
 dbgprintf("DDDD: onFileOpen: %s\n", fn);
-	pThis->ctx = rsgtCtxNew(fn);
+	pThis->ctx = rsgtCtxNew(fn, GT_HASHALG_SHA256);
 	sigblkInit(pThis->ctx);
 
 	RETiRet;
diff --git a/tools/logsigner.c b/tools/logsigner.c
index f11371aa..f6887696 100644
--- a/tools/logsigner.c
+++ b/tools/logsigner.c
@@ -120,7 +120,7 @@ processFile(char *name)
 	char line[64*1024+1];
 	gtctx ctx = NULL;
 	
-	ctx = rsgtCtxNew((unsigned char*)"SIGFILE");
+	ctx = rsgtCtxNew((unsigned char*)"SIGFILE", GT_HASHALG_SHA256);
 	sigblkInit(ctx);
 	if(!strcmp(name, "-"))
 		fp = stdin;
-- 
cgit v1.2.3


From 4786aa9e9ccacc9715588bed8a5bf16fc47b1717 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Thu, 7 Mar 2013 15:45:13 +0100
Subject: logsig: add support to read signature files

... still incomplete ...
---
 runtime/Makefile.am    |   2 +-
 runtime/librsgt.c      |  70 +++-------
 runtime/librsgt.h      |  88 +++++++++++++
 runtime/librsgt_read.c | 348 +++++++++++++++++++++++++++++++++++++++++++++++++
 tools/Makefile.am      |   5 +-
 tools/rsgttlvdump.c    |  76 +++++++++++
 6 files changed, 532 insertions(+), 57 deletions(-)
 create mode 100644 runtime/librsgt_read.c
 create mode 100644 tools/rsgttlvdump.c

diff --git a/runtime/Makefile.am b/runtime/Makefile.am
index 20824494..c429394d 100644
--- a/runtime/Makefile.am
+++ b/runtime/Makefile.am
@@ -178,7 +178,7 @@ endif
 # support library for guardtime
 #
 if ENABLE_GUARDTIME
-   librsgt_la_SOURCES = librsgt.c
+   librsgt_la_SOURCES = librsgt.c librsgt_read.c
 
    pkglib_LTLIBRARIES += lmsig_gt.la
    lmsig_gt_la_SOURCES = lmsig_gt.c
diff --git a/runtime/librsgt.c b/runtime/librsgt.c
index 8aa80771..e5187c42 100644
--- a/runtime/librsgt.c
+++ b/runtime/librsgt.c
@@ -48,7 +48,7 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
-#define MAXFNAME 1024 /* TODO: include correct header */
+#define MAXFNAME 1024
 
 #include <gt_http.h>
 
@@ -59,45 +59,6 @@ typedef unsigned char uchar;
 #define VERSION "no-version"
 #endif
 
-static inline uint16_t
-hashOutputLengthOctets(uint8_t hashID)
-{
-	switch(hashID) {
-	case GT_HASHALG_SHA1:	/* paper: SHA1 */
-		return 20;
-	case GT_HASHALG_RIPEMD160: /* paper: RIPEMD-160 */
-		return 20;
-	case GT_HASHALG_SHA224:	/* paper: SHA2-224 */
-		return 28;
-	case GT_HASHALG_SHA256: /* paper: SHA2-256 */
-		return 32;
-	case GT_HASHALG_SHA384: /* paper: SHA2-384 */
-		return 48;
-	case GT_HASHALG_SHA512:	/* paper: SHA2-512 */
-		return 64;
-	default:return 32;
-	}
-}
-static inline uint8_t
-hashIdentifier(uint8_t hashID)
-{
-	switch(hashID) {
-	case GT_HASHALG_SHA1:	/* paper: SHA1 */
-		return 0x00;
-	case GT_HASHALG_RIPEMD160: /* paper: RIPEMD-160 */
-		return 0x02;
-	case GT_HASHALG_SHA224:	/* paper: SHA2-224 */
-		return 0x03;
-	case GT_HASHALG_SHA256: /* paper: SHA2-256 */
-		return 0x01;
-	case GT_HASHALG_SHA384: /* paper: SHA2-384 */
-		return 0x04;
-	case GT_HASHALG_SHA512:	/* paper: SHA2-512 */
-		return 0x05;
-	default:return 0xff;
-	}
-}
-
 static void
 outputhash(GTDataHash *hash)
 {
@@ -108,7 +69,6 @@ outputhash(GTDataHash *hash)
 }
 
 
-
 void
 rsgtInit(char *usragent)
 {
@@ -144,7 +104,6 @@ tlvbufPhysWrite(gtctx ctx)
 	ssize_t iTotalWritten;
 	ssize_t iWritten;
 	char *pWriteBuf;
-	fprintf(stderr, "emu: writing TLV file!\n");
 
 	lenBuf = ctx->tlvIdx;
 	pWriteBuf = ctx->tlvBuf;
@@ -171,8 +130,6 @@ tlvbufPhysWrite(gtctx ctx)
 		pWriteBuf += iWritten;
 	} while(lenBuf > 0);	/* Warning: do..while()! */
 
-	//DBGOPRINT((obj_t*) pThis, "file %d write wrote %d bytes\n", pThis->fd, (int) iWritten);
-
 finalize_it:
 	ctx->tlvIdx = 0;
 }
@@ -228,7 +185,10 @@ tlv8Write(gtctx ctx, int flags, int tlvtype, int len)
 void
 tlv16Write(gtctx ctx, int flags, int tlvtype, uint16_t len)
 {
-	tlvbufAddOctet(ctx, ((flags|1) << 13)|tlvtype);
+	uint16_t typ;
+	typ = ((flags|1) << 13)|tlvtype;
+	tlvbufAddOctet(ctx, typ >> 8);
+	tlvbufAddOctet(ctx, typ & 0xff);
 	tlvbufAddOctet(ctx, (len >> 8) & 0xff);
 	tlvbufAddOctet(ctx, len & 0xff);
 } 
@@ -245,11 +205,12 @@ tlvWriteBlockSig(gtctx ctx, uchar *der, uint16_t lenDer)
 {
 	unsigned tlvlen;
 
-	tlvlen  = 1 + 1 /* hash algo TLV */ +
-	 	  1 + hashOutputLengthOctets(ctx->hashAlg) /* iv */ +
-		  1 + 1 + ctx->lenBlkStrtHash /* last hash */ +
-		  1 + 8 /* rec-count (64 bit integer) */ +
-		  2 + lenDer /* rfc-3161 */;
+	tlvlen  = 2 + 1 /* hash algo TLV */ +
+	 	  2 + hashOutputLengthOctets(ctx->hashAlg) /* iv */ +
+		  2 + 1 + ctx->lenBlkStrtHash /* last hash */ +
+		  2 + 8 /* rec-count (64 bit integer) */ +
+		  4 + lenDer /* rfc-3161 */;
+printf("TTTT: tlvlen %u, lenDer %u\n", tlvlen, lenDer);
 	/* write top-level TLV object (block-sig */
 	tlv16Write(ctx, 0x00, 0x0902, tlvlen);
 	/* and now write the children */
@@ -258,13 +219,14 @@ tlvWriteBlockSig(gtctx ctx, uchar *der, uint16_t lenDer)
 	tlv8Write(ctx, 0x00, 0x00, 1);
 	tlvbufAddOctet(ctx, hashIdentifier(ctx->hashAlg));
 	/* block-iv */
-	tlv8Write(ctx, 0x00, 0x01, 1);
+	tlv8Write(ctx, 0x00, 0x01, hashOutputLengthOctets(ctx->hashAlg));
 	tlvbufAddOctetString(ctx, ctx->IV, hashOutputLengthOctets(ctx->hashAlg));
 	/* last-hash */
-	tlv8Write(ctx, 0x00, 0x02, 1);
+	tlv8Write(ctx, 0x00, 0x02, ctx->lenBlkStrtHash+1);
+	tlvbufAddOctet(ctx, hashIdentifier(ctx->hashAlg));
 	tlvbufAddOctetString(ctx, ctx->blkStrtHash, ctx->lenBlkStrtHash);
 	/* rec-count */
-	tlv8Write(ctx, 0x00, 0x03, 1);
+	tlv8Write(ctx, 0x00, 0x03, 8);
 	tlvbufAddInt64(ctx, ctx->nRecords);
 	/* rfc-3161 */
 	tlv16Write(ctx, 0x00, 0x906, lenDer);
@@ -274,7 +236,6 @@ tlvWriteBlockSig(gtctx ctx, uchar *der, uint16_t lenDer)
 void tlvClose(gtctx ctx)
 {
 	tlvFlush(ctx);
-	fprintf(stderr, "emu: close tlv file\n");
 	close(ctx->fd);
 	ctx->fd = -1;
 }
@@ -285,7 +246,6 @@ void tlvClose(gtctx ctx)
  */
 void tlvOpen(gtctx ctx, char *hdr, unsigned lenHdr)
 {
-	fprintf(stderr, "emu: open tlv file '%s'\n", ctx->sigfilename);
 	ctx->fd = open((char*)ctx->sigfilename,
 		       O_WRONLY/*|O_APPEND*/|O_CREAT|O_NOCTTY|O_CLOEXEC, 0600);
 	// FIXME: check fd == -1
diff --git a/runtime/librsgt.h b/runtime/librsgt.h
index cb1829e9..4ce0be30 100644
--- a/runtime/librsgt.h
+++ b/runtime/librsgt.h
@@ -70,6 +70,8 @@ struct block_sig_s {
 	uint8_t hashID;
 	uint8_t sigID; /* what type of *signature*? */
 	uint8_t *iv;
+	// TODO: think about the situation where the last hash is 
+	// different from the current one (e.g. config change!)
 	imprint_t lastHash;
 	uint64_t recCount;
 	struct {
@@ -80,6 +82,87 @@ struct block_sig_s {
 	} sig;
 };
 
+/* error states */
+#define RSGTE_IO 1 	/* any kind of io error, including EOF */
+#define RSGTE_FMT 2	/* data fromat error */
+#define RSGTE_INVLTYP 3	/* invalid TLV type record (unexcpected at this point) */
+#define RSGTE_OOM 4	/* ran out of memory */
+#define RSGTE_LEN 5	/* error related to length records */
+
+
+static inline uint16_t
+hashOutputLengthOctets(uint8_t hashID)
+{
+	switch(hashID) {
+	case GT_HASHALG_SHA1:	/* paper: SHA1 */
+		return 20;
+	case GT_HASHALG_RIPEMD160: /* paper: RIPEMD-160 */
+		return 20;
+	case GT_HASHALG_SHA224:	/* paper: SHA2-224 */
+		return 28;
+	case GT_HASHALG_SHA256: /* paper: SHA2-256 */
+		return 32;
+	case GT_HASHALG_SHA384: /* paper: SHA2-384 */
+		return 48;
+	case GT_HASHALG_SHA512:	/* paper: SHA2-512 */
+		return 64;
+	default:return 32;
+	}
+}
+
+static inline uint8_t
+hashIdentifier(uint8_t hashID)
+{
+	switch(hashID) {
+	case GT_HASHALG_SHA1:	/* paper: SHA1 */
+		return 0x00;
+	case GT_HASHALG_RIPEMD160: /* paper: RIPEMD-160 */
+		return 0x02;
+	case GT_HASHALG_SHA224:	/* paper: SHA2-224 */
+		return 0x03;
+	case GT_HASHALG_SHA256: /* paper: SHA2-256 */
+		return 0x01;
+	case GT_HASHALG_SHA384: /* paper: SHA2-384 */
+		return 0x04;
+	case GT_HASHALG_SHA512:	/* paper: SHA2-512 */
+		return 0x05;
+	default:return 0xff;
+	}
+}
+static inline char *
+hashAlgName(uint8_t hashID)
+{
+	switch(hashID) {
+	case GT_HASHALG_SHA1:
+		return "SHA1";
+	case GT_HASHALG_RIPEMD160:
+		return "RIPEMD-160";
+	case GT_HASHALG_SHA224:
+		return "SHA2-224";
+	case GT_HASHALG_SHA256:
+		return "SHA2-256";
+	case GT_HASHALG_SHA384:
+		return "SHA2-384";
+	case GT_HASHALG_SHA512:
+		return "SHA2-512";
+	default:return "[unknown]";
+	}
+}
+static inline char *
+sigTypeName(uint8_t sigID)
+{
+	switch(sigID) {
+	case SIGID_RFC3161:
+		return "RFC3161";
+	default:return "[unknown]";
+	}
+}
+static inline uint16_t
+getIVLen(block_sig_t *bs)
+{
+	return hashOutputLengthOctets(bs->hashID);
+}
+
 void rsgtInit(char *usragent);
 void rsgtExit(void);
 gtctx rsgtCtxNew(unsigned char *logfn, enum GTHashAlgorithm hashAlg);
@@ -88,4 +171,9 @@ void sigblkInit(gtctx ctx);
 void sigblkAddRecord(gtctx ctx, const unsigned char *rec, const size_t len);
 void sigblkFinish(gtctx ctx);
 void rsgtCtxSetLogfileName(gtctx ctx, char *logfilename);
+/* reader functions */
+int rsgt_tlvrdHeader(FILE *fp, unsigned char *hdr);
+int rsgt_tlvrd(FILE *fp, uint16_t *tlvtype, uint16_t *tlvlen, void *obj);
+void rsgt_tlvprint(FILE *fp, uint16_t tlvtype, void *obj, uint8_t verbose);
+
 #endif  /* #ifndef INCLUDED_LIBRSGT_H */
diff --git a/runtime/librsgt_read.c b/runtime/librsgt_read.c
new file mode 100644
index 00000000..fa489a0f
--- /dev/null
+++ b/runtime/librsgt_read.c
@@ -0,0 +1,348 @@
+/* librsgt_read.c - rsyslog's guardtime support library
+ * This includes functions used for reading signature (and 
+ * other related) files.
+ *
+ * This part of the library uses C stdio and expects that the
+ * caller will open and close the file to be read itself.
+ *
+ * Copyright 2013 Adiscon GmbH.
+ *
+ * This file is part of rsyslog.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *       -or-
+ *       see COPYING.ASL20 in the source distribution
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include <stdint.h>
+#include <assert.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+#include "librsgt.h"
+
+typedef unsigned char uchar;
+#ifndef VERSION
+#define VERSION "no-version"
+#endif
+#define MAXFNAME 1024
+
+static int rsgt_read_debug = 0;
+
+/* macro to obtain next char from file including error tracking */
+#define NEXTC	if((c = fgetc(fp)) == EOF) { \
+			r = RSGTE_IO; \
+			goto done; \
+		}
+
+/* check return state of operation and abort, if non-OK */
+#define CHKr(code) if((r = code) != 0) goto done
+
+/**
+ * Read a header from a binary file.
+ * @param[in] fp file pointer for processing
+ * @param[in] hdr buffer for the header. Must be 9 bytes 
+ * 		  (8 for header + NUL byte)
+ * @returns 0 if ok, something else otherwise
+ */
+int
+rsgt_tlvrdHeader(FILE *fp, uchar *hdr)
+{
+	int r;
+	if(fread(hdr, 8, 1, fp) != 1) {
+		r = RSGTE_IO;
+		goto done;
+	}
+	hdr[8] = '\0';
+	r = 0;
+done:	return r;
+}
+
+/* read type & length */
+static int
+rsgt_tlvrdTL(FILE *fp, uint16_t *tlvtype, uint16_t *tlvlen)
+{
+	int r = 1;
+	int c;
+
+	NEXTC;
+	*tlvtype = c & 0x1f;
+	if(c & 0x20) { /* tlv16? */
+		NEXTC;
+		*tlvtype = (*tlvtype << 8) | c;
+		NEXTC;
+		*tlvlen = c << 8;
+		NEXTC;
+		*tlvlen |= c;
+	} else {
+		NEXTC;
+		*tlvlen = c;
+	}
+	if(rsgt_read_debug)
+		printf("read tlvtype %4.4x, len %u\n", (unsigned) *tlvtype,
+			(unsigned) *tlvlen);
+	r = 0;
+done:	return r;
+}
+
+static int
+rsgt_tlvrdOctetString(FILE *fp, uint8_t **data, size_t len)
+{
+	size_t i;
+	int c, r = 1;
+	if((*data = (uint8_t*)malloc(len)) == NULL) {r=RSGTE_OOM;goto done;}
+	for(i = 0 ; i < len ; ++i) {
+		NEXTC;
+		(*data)[i] = c;
+	}
+	r = 0;
+done:	return r;
+}
+static int
+rsgt_tlvrdHASH_ALGO(FILE *fp, uint8_t *hashAlg)
+{
+	int r = 1;
+	int c;
+	uint16_t tlvtype, tlvlen;
+
+	CHKr(rsgt_tlvrdTL(fp, &tlvtype, &tlvlen));
+	if(!(tlvtype == 0x00 && tlvlen == 1)) {
+		r = RSGTE_FMT;
+		goto done;
+	}
+	NEXTC;
+	*hashAlg = c;
+	r = 0;
+done:	return r;
+}
+static int
+rsgt_tlvrdBLOCK_IV(FILE *fp, uint8_t **iv)
+{
+	int r = 1;
+	uint16_t tlvtype, tlvlen;
+
+	CHKr(rsgt_tlvrdTL(fp, &tlvtype, &tlvlen));
+	if(!(tlvtype == 0x01)) {
+		r = RSGTE_INVLTYP;
+		goto done;
+	}
+	CHKr(rsgt_tlvrdOctetString(fp, iv, tlvlen));
+	r = 0;
+done:	return r;
+}
+static int
+rsgt_tlvrdLAST_HASH(FILE *fp, imprint_t *imp)
+{
+	int r = 1;
+	int c;
+	uint16_t tlvtype, tlvlen;
+
+	CHKr(rsgt_tlvrdTL(fp, &tlvtype, &tlvlen));
+	if(!(tlvtype == 0x02)) { r = RSGTE_INVLTYP; goto done; }
+	NEXTC;
+	imp->hashID = c;
+	imp->len = tlvlen - 1;
+	CHKr(rsgt_tlvrdOctetString(fp, &imp->data, tlvlen-1));
+	r = 0;
+done:	return r;
+}
+static int
+rsgt_tlvrdREC_COUNT(FILE *fp, uint64_t *cnt, size_t *lenInt)
+{
+	int r = 1;
+	int i;
+	int c;
+	uint64_t val;
+	uint16_t tlvtype, tlvlen;
+
+	if((r = rsgt_tlvrdTL(fp, &tlvtype, &tlvlen)) != 0) goto done;
+	if(!(tlvtype == 0x03 && tlvlen <= 8)) { r = RSGTE_INVLTYP; goto done; }
+	*lenInt = tlvlen;
+	val = 0;
+	for(i = 0 ; i < tlvlen ; ++i) {
+		NEXTC;
+		val = (val << 8) + c;
+	}
+	*cnt = val;
+	r = 0;
+done:	return r;
+}
+static int
+rsgt_tlvrdSIG(FILE *fp, block_sig_t *bs)
+{
+	int r = 1;
+	uint16_t tlvtype, tlvlen;
+
+	CHKr(rsgt_tlvrdTL(fp, &tlvtype, &tlvlen));
+	if(!(tlvtype == 0x0906)) { r = RSGTE_INVLTYP; goto done; }
+	bs->sig.der.len = tlvlen;
+	bs->sigID = SIGID_RFC3161;
+	CHKr(rsgt_tlvrdOctetString(fp, &(bs->sig.der.data), tlvlen));
+	r = 0;
+done:	return r;
+}
+
+static int
+rsgt_tlvrdBLOCK_SIG(FILE *fp, block_sig_t **blocksig, uint16_t tlvlen)
+{
+	int r = 1;
+	size_t lenInt = 0;
+	uint16_t sizeRead;
+	block_sig_t *bs;
+	if((bs = calloc(1, sizeof(block_sig_t))) == NULL) {
+		r = RSGTE_OOM;
+		goto done;
+	}
+	CHKr(rsgt_tlvrdHASH_ALGO(fp, &(bs->hashID)));
+	CHKr(rsgt_tlvrdBLOCK_IV(fp, &(bs->iv)));
+	CHKr(rsgt_tlvrdLAST_HASH(fp, &(bs->lastHash)));
+	CHKr(rsgt_tlvrdREC_COUNT(fp, &(bs->recCount), &lenInt));
+	CHKr(rsgt_tlvrdSIG(fp, bs));
+	sizeRead = 2 + 1 /* hash algo TLV */ +
+	 	   2 + getIVLen(bs) /* iv */ +
+		   2 + 1 + bs->lastHash.len /* last hash */ +
+		   2 + lenInt /* rec-count */ +
+		   4 + bs->sig.der.len /* rfc-3161 */;
+	if(sizeRead != tlvlen) {
+		printf("lenght record error!\n");
+		r = RSGTE_LEN;
+		goto done;
+	}
+	*blocksig = bs;
+	r = 0;
+done:	return r;
+}
+
+
+/**
+ * Read the next "object" from file. This usually is
+ * a single TLV, but may be something larger, for
+ * example in case of a block-sig TLV record.
+ * Unknown type records are ignored (or run aborted
+ * if we are not permitted to skip).
+ *
+ * @param[in] fp file pointer for processing
+ * @param[out] tlvtype type of tlv record (top-level for
+ * 		    structured objects.
+ * @param[out] tlvlen length of the tlv record value
+ * @param[out] obj pointer to object; This is a proper
+ * 		   tlv record structure, which must be casted
+ * 		   by the caller according to the reported type.
+ * 		   The object must be freed by the caller (TODO: better way?)
+ *
+ * @returns 0 if ok, something else otherwise
+ */
+int
+rsgt_tlvrd(FILE *fp, uint16_t *tlvtype, uint16_t *tlvlen, void *obj)
+{
+	int r = 1;
+
+	if((r = rsgt_tlvrdTL(fp, tlvtype, tlvlen)) != 0) goto done;
+	switch(*tlvtype) {
+		case 0x0902:
+			r = rsgt_tlvrdBLOCK_SIG(fp, obj, *tlvlen);
+			if(r != 0) goto done;
+			break;
+	}
+	r = 0;
+done:	return r;
+}
+
+
+/* if verbose==0, only the first and last two octets are shown,
+ * otherwise everything.
+ */
+static void
+outputHexBlob(uint8_t *blob, uint16_t len, uint8_t verbose)
+{
+	unsigned i;
+	if(verbose || len <= 6) {
+		for(i = 0 ; i < len ; ++i)
+			printf("%2.2x", blob[i]);
+	} else {
+		printf("%2.2x%2.2x[...]%2.2x%2.2x",
+			blob[0], blob[1],
+			blob[len-2], blob[len-2]);
+	}
+}
+
+/* return if a blob is all zero */
+static inline int
+blobIsZero(uint8_t *blob, uint16_t len)
+{
+	int i;
+	for(i = 0 ; i < len ; ++i)
+		if(blob[i] != 0)
+			return 0;
+	return 1;
+}
+/**
+ * Output a human-readable representation of a block_sig_t
+ * to proviced file pointer. This function is mainly inteded for
+ * debugging purposes or dumping tlv files.
+ *
+ * @param[in] fp file pointer to send output to
+ * @param[in] bsig ponter to block_sig_t to output
+ * @param[in] verbose if 0, abbreviate blob hexdump, else complete
+ */
+void
+rsgt_printBLOCK_SIG(FILE *fp, block_sig_t *bs, uint8_t verbose)
+{
+	fprintf(fp, "Block Signature Record [0x0902]:\n");
+	fprintf(fp, "\tPrevious Block Hash:\n");
+	fprintf(fp, "\t   Algorithm..: %s\n", hashAlgName(bs->lastHash.hashID));
+	fprintf(fp, "\t   Hash.......: ");
+		outputHexBlob(bs->lastHash.data, bs->lastHash.len, verbose);
+		fputc('\n', fp);
+	if(blobIsZero(bs->lastHash.data, bs->lastHash.len))
+		fprintf(fp, "\t   NOTE: New Hash Chain Start!\n");
+	fprintf(fp, "\tHash Algorithm: %s\n", hashAlgName(bs->hashID));
+	fprintf(fp, "\tIV............: ");
+		outputHexBlob(bs->iv, getIVLen(bs), verbose);
+		fputc('\n', fp);
+	fprintf(fp, "\tRecord Count..: %llu\n", bs->recCount);
+	fprintf(fp, "\tSignature Type: %s\n", sigTypeName(bs->sigID));
+	fprintf(fp, "\tSignature Len.: %u\n", bs->sig.der.len);
+	fprintf(fp, "\tSignature.....: ");
+		outputHexBlob(bs->sig.der.data, bs->sig.der.len, verbose);
+		fputc('\n', fp);
+}
+
+
+/**
+ * Output a human-readable representation of a tlv object.
+ *
+ * @param[in] fp file pointer to send output to
+ * @param[in] tlvtype type of tlv object (record)
+ * @param[in] verbose if 0, abbreviate blob hexdump, else complete
+ */
+void
+rsgt_tlvprint(FILE *fp, uint16_t tlvtype, void *obj, uint8_t verbose)
+{
+	switch(tlvtype) {
+	case 0x0902:
+		rsgt_printBLOCK_SIG(fp, obj, verbose);
+		break;
+	default:fprintf(fp, "unknown tlv record %4.4x\n", tlvtype);
+		break;
+	}
+}
diff --git a/tools/Makefile.am b/tools/Makefile.am
index 712443c0..ecdce8ea 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -59,10 +59,13 @@ logctl_CPPFLAGS =  $(LIBMONGO_CLIENT_CFLAGS)
 logctl_LDADD = $(LIBMONGO_CLIENT_LIBS)
 endif
 if ENABLE_GUARDTIME
-bin_PROGRAMS += logsigner
+bin_PROGRAMS += logsigner rsgttlvdump
 logsigner = logsigner.c
 logsigner_CPPFLAGS =  $(RSRT_CFLAGS) $(GUARDTIME_CFLAGS)
 logsigner_LDADD = ../runtime/librsgt.la $(GUARDTIME_LIBS)
+rsgttlvdump = rsgttlvdump.c
+rsgttlvdump_CPPFLAGS =  $(RSRT_CFLAGS) $(GUARDTIME_CFLAGS)
+rsgttlvdump_LDADD = ../runtime/librsgt.la $(GUARDTIME_LIBS)
 endif
 endif
 
diff --git a/tools/rsgttlvdump.c b/tools/rsgttlvdump.c
new file mode 100644
index 00000000..af5b1a03
--- /dev/null
+++ b/tools/rsgttlvdump.c
@@ -0,0 +1,76 @@
+/* This is a tool for dumpoing the content of GuardTime TLV
+ * files in a (somewhat) human-readable manner.
+ * 
+ * Copyright 2013 Adiscon GmbH
+ *
+ * This file is part of rsyslog.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *       -or-
+ *       see COPYING.ASL20 in the source distribution
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either exprs or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include <gt_base.h>
+#include <gt_http.h>
+
+#include "librsgt.h"
+
+typedef unsigned char uchar;
+
+void
+processFile(char *name)
+{
+	FILE *fp;
+	uchar hdr[9];
+	uint16_t tlvtype, tlvlen;
+	void *obj;
+	
+	if(!strcmp(name, "-"))
+		fp = stdin;
+	else {
+		printf("Processing file %s:\n", name);
+		if((fp = fopen(name, "r")) == NULL) {
+			perror(name);
+			goto err;
+		}
+	}
+	if(rsgt_tlvrdHeader(fp, hdr) != 0) goto err;
+	printf("File Header: '%s'\n", hdr);
+	if(rsgt_tlvrd(fp, &tlvtype, &tlvlen, &obj) != 0) goto err;
+	rsgt_tlvprint(stdout, tlvtype, obj, 0);
+
+	if(fp != stdin)
+		fclose(fp);
+	return;
+err:	fprintf(stderr, "error processing file %s\n", name);
+}
+
+
+int
+main(int argc, char *argv[])
+{
+	int i;
+	if(argc == 1)
+		processFile("-");
+	else {
+		for(i = 1 ; i < argc ; ++i)
+			processFile(argv[i]);
+	}
+	return 0;
+}
-- 
cgit v1.2.3


From 85dd75a54cc9032fce7553f284618cfbbf8508ef Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Thu, 7 Mar 2013 17:19:45 +0100
Subject: logsig: preserve necessary state during file closed time

---
 runtime/librsgt.c   | 82 ++++++++++++++++++++++++++++++++++++++++++++++-------
 runtime/librsgt.h   | 14 +++++++--
 tools/rsgttlvdump.c | 12 ++++++--
 3 files changed, 93 insertions(+), 15 deletions(-)

diff --git a/runtime/librsgt.c b/runtime/librsgt.c
index e5187c42..4e457005 100644
--- a/runtime/librsgt.c
+++ b/runtime/librsgt.c
@@ -233,11 +233,68 @@ printf("TTTT: tlvlen %u, lenDer %u\n", tlvlen, lenDer);
 	tlvbufAddOctetString(ctx, der, lenDer);
 }
 
+/* read rsyslog log state file; if we cannot access it or the
+ * contents looks invalid, we flag it as non-present (and thus
+ * begin a new hash chain).
+ * The context is initialized accordingly.
+ */
+static void
+readStateFile(gtctx ctx)
+{
+	int fd;
+	struct rsgtstatefile sf;
+	int rr;
+
+	fd = open((char*)ctx->statefilename, O_RDONLY|O_NOCTTY|O_CLOEXEC, 0600);
+	if(fd == -1) goto err;
+
+	if(read(fd, &sf, sizeof(sf)) != sizeof(sf)) goto err;
+	if(strncmp(sf.hdr, "GTSTAT10", 8)) goto err;
+
+	ctx->lenBlkStrtHash = hashOutputLengthOctets(sf.lenHash);
+	ctx->blkStrtHash = calloc(1, ctx->lenBlkStrtHash);
+	if((rr=read(fd, ctx->blkStrtHash, ctx->lenBlkStrtHash))
+		!= ctx->lenBlkStrtHash) {
+		free(ctx->blkStrtHash);
+		goto err;
+	}
+return;
+
+err:
+	ctx->lenBlkStrtHash = hashOutputLengthOctets(ctx->hashAlg);
+	ctx->blkStrtHash = calloc(1, ctx->lenBlkStrtHash);
+}
+
+/* persist all information that we need to re-open and append
+ * to a log signature file.
+ */
+static void
+writeStateFile(gtctx ctx)
+{
+	int fd;
+	struct rsgtstatefile sf;
+
+	fd = open((char*)ctx->statefilename,
+		       O_WRONLY|O_CREAT|O_TRUNC|O_NOCTTY|O_CLOEXEC, 0600);
+	if(fd == -1)
+		goto done;
+
+	memcpy(sf.hdr, "GTSTAT10", 8);
+	sf.hashID = hashIdentifier(ctx->hashAlg);
+	sf.lenHash = ctx->x_prev->digest_length;
+	write(fd, &sf, sizeof(sf));
+	write(fd, ctx->x_prev->digest, ctx->x_prev->digest_length);
+	close(fd);
+done:	return;
+}
+
+
 void tlvClose(gtctx ctx)
 {
 	tlvFlush(ctx);
 	close(ctx->fd);
 	ctx->fd = -1;
+	writeStateFile(ctx);
 }
 
 
@@ -247,19 +304,21 @@ void tlvClose(gtctx ctx)
 void tlvOpen(gtctx ctx, char *hdr, unsigned lenHdr)
 {
 	ctx->fd = open((char*)ctx->sigfilename,
-		       O_WRONLY/*|O_APPEND*/|O_CREAT|O_NOCTTY|O_CLOEXEC, 0600);
-	// FIXME: check fd == -1
-	memcpy(ctx->tlvBuf, hdr, lenHdr);
-	ctx->tlvIdx = lenHdr;
+		       O_WRONLY|O_APPEND|O_NOCTTY|O_CLOEXEC, 0600);
+	if(ctx->fd == -1) {
+		/* looks like we need to create a new file */
+		ctx->fd = open((char*)ctx->sigfilename,
+			       O_WRONLY|O_CREAT|O_NOCTTY|O_CLOEXEC, 0600);
+		// FIXME: check fd == -1
+		memcpy(ctx->tlvBuf, hdr, lenHdr);
+		ctx->tlvIdx = lenHdr;
+	} else {
+		ctx->tlvIdx = 0; /* header already present! */
+	}
 	/* we now need to obtain the last previous hash, so that
 	 * we can continue the hash chain.
 	 */
-	// ...
-	/* in case we did not have a previous hash (or could not
-	 * obtain it), we start with zero.
-	 */
-	ctx->lenBlkStrtHash = hashOutputLengthOctets(ctx->hashAlg);
-	ctx->blkStrtHash = calloc(1, ctx->lenBlkStrtHash);
+	readStateFile(ctx);
 }
 
 /*
@@ -303,6 +362,9 @@ rsgtCtxNew(unsigned char *logfn, enum GTHashAlgorithm hashAlg)
 	snprintf(fn, sizeof(fn), "%s.gtsig", logfn);
 	fn[MAXFNAME] = '\0'; /* be on save side */
 	ctx->sigfilename = (uchar*) strdup(fn);
+	snprintf(fn, sizeof(fn), "%s.gtstate", logfn);
+	fn[MAXFNAME] = '\0'; /* be on save side */
+	ctx->statefilename = (uchar*) strdup(fn);
 	tlvOpen(ctx, LOGSIGHDR, sizeof(LOGSIGHDR)-1);
 	return ctx;
 }
diff --git a/runtime/librsgt.h b/runtime/librsgt.h
index 4ce0be30..ff35d19b 100644
--- a/runtime/librsgt.h
+++ b/runtime/librsgt.h
@@ -39,6 +39,7 @@ struct gtctx_s {
 	GTDataHash *x_prev; /* last leaf hash (maybe of previous block) --> preserve on term */
 	char *timestamper;
 	unsigned char *sigfilename;
+	unsigned char *statefilename;
 	int fd;
 	unsigned char *blkStrtHash; /* last hash from previous block */
 	uint16_t lenBlkStrtHash;
@@ -70,8 +71,6 @@ struct block_sig_s {
 	uint8_t hashID;
 	uint8_t sigID; /* what type of *signature*? */
 	uint8_t *iv;
-	// TODO: think about the situation where the last hash is 
-	// different from the current one (e.g. config change!)
 	imprint_t lastHash;
 	uint64_t recCount;
 	struct {
@@ -82,6 +81,17 @@ struct block_sig_s {
 	} sig;
 };
 
+
+/* the following defines the gtstate file record. Currently, this record
+ * is fixed, we may change that over time.
+ */
+struct rsgtstatefile {
+	char hdr[8];	/* must be "GTSTAT10" */
+	uint8_t hashID;
+	uint8_t lenHash;
+	/* after that, the hash value is contained within the file */
+};
+
 /* error states */
 #define RSGTE_IO 1 	/* any kind of io error, including EOF */
 #define RSGTE_FMT 2	/* data fromat error */
diff --git a/tools/rsgttlvdump.c b/tools/rsgttlvdump.c
index af5b1a03..256a85b5 100644
--- a/tools/rsgttlvdump.c
+++ b/tools/rsgttlvdump.c
@@ -52,8 +52,15 @@ processFile(char *name)
 	}
 	if(rsgt_tlvrdHeader(fp, hdr) != 0) goto err;
 	printf("File Header: '%s'\n", hdr);
-	if(rsgt_tlvrd(fp, &tlvtype, &tlvlen, &obj) != 0) goto err;
-	rsgt_tlvprint(stdout, tlvtype, obj, 0);
+	while(1) { /* we will err out on EOF */
+		if(rsgt_tlvrd(fp, &tlvtype, &tlvlen, &obj) != 0) {
+			if(feof(fp))
+				break;
+			else
+				goto err;
+		}
+		rsgt_tlvprint(stdout, tlvtype, obj, 0);
+	}
 
 	if(fp != stdin)
 		fclose(fp);
@@ -61,7 +68,6 @@ processFile(char *name)
 err:	fprintf(stderr, "error processing file %s\n", name);
 }
 
-
 int
 main(int argc, char *argv[])
 {
-- 
cgit v1.2.3


From 212d4e4fe684a4562b284c5b07d9873b0135b10f Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Thu, 7 Mar 2013 19:00:51 +0100
Subject: logsig: add config parameters (for omfile)

---
 runtime/librsgt.c  | 38 +++++++++++++++++++++++++++----
 runtime/librsgt.h  | 28 ++++++++++++++++++++++-
 runtime/lmsig_gt.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
 runtime/sigprov.h  |  1 +
 tools/Makefile.am  |  9 ++++----
 tools/omfile.c     |  5 ++--
 6 files changed, 134 insertions(+), 14 deletions(-)

diff --git a/runtime/librsgt.c b/runtime/librsgt.c
index 4e457005..2f336e2d 100644
--- a/runtime/librsgt.c
+++ b/runtime/librsgt.c
@@ -350,15 +350,21 @@ seedIV(gtctx ctx)
 }
 
 gtctx
-rsgtCtxNew(unsigned char *logfn, enum GTHashAlgorithm hashAlg)
+rsgtCtxNew(void)
 {
-	char fn[MAXFNAME+1];
 	gtctx ctx;
-	ctx =  calloc(1, sizeof(struct gtctx_s));
+	ctx = calloc(1, sizeof(struct gtctx_s));
 	ctx->x_prev = NULL;
-	ctx->hashAlg = hashAlg;
+	ctx->hashAlg = GT_HASHALG_SHA256;
 	ctx->timestamper = strdup(
 			   "http://stamper.guardtime.net/gt-signingservice");
+	return ctx;
+}
+
+int
+rsgtCtxOpenFile(gtctx ctx, unsigned char *logfn)
+{
+	char fn[MAXFNAME+1];
 	snprintf(fn, sizeof(fn), "%s.gtsig", logfn);
 	fn[MAXFNAME] = '\0'; /* be on save side */
 	ctx->sigfilename = (uchar*) strdup(fn);
@@ -366,9 +372,31 @@ rsgtCtxNew(unsigned char *logfn, enum GTHashAlgorithm hashAlg)
 	fn[MAXFNAME] = '\0'; /* be on save side */
 	ctx->statefilename = (uchar*) strdup(fn);
 	tlvOpen(ctx, LOGSIGHDR, sizeof(LOGSIGHDR)-1);
-	return ctx;
+	return 0;
 }
  
+
+/* returns 0 on succes, 1 if algo is unknown */
+int
+rsgtSetHashFunction(gtctx ctx, char *algName)
+{
+	int r = 0;
+	if(!strcmp(algName, "SHA2-256"))
+		ctx->hashAlg = GT_HASHALG_SHA256;
+	else if(!strcmp(algName, "SHA2-384"))
+		ctx->hashAlg = GT_HASHALG_SHA384;
+	else if(!strcmp(algName, "SHA2-512"))
+		ctx->hashAlg = GT_HASHALG_SHA512;
+	else if(!strcmp(algName, "SHA1"))
+		ctx->hashAlg = GT_HASHALG_SHA1;
+	else if(!strcmp(algName, "RIPEMD-160"))
+		ctx->hashAlg = GT_HASHALG_RIPEMD160;
+	else if(!strcmp(algName, "SHA2-224"))
+		ctx->hashAlg = GT_HASHALG_SHA224;
+	else
+		r = 1;
+	return r;
+}
 void
 rsgtCtxDel(gtctx ctx)
 {
diff --git a/runtime/librsgt.h b/runtime/librsgt.h
index ff35d19b..a4ea7cc1 100644
--- a/runtime/librsgt.h
+++ b/runtime/librsgt.h
@@ -37,6 +37,9 @@ struct gtctx_s {
 	enum GTHashAlgorithm hashAlg;
 	uint8_t *IV; /* initial value for blinding masks (where to do we get it from?) */
 	GTDataHash *x_prev; /* last leaf hash (maybe of previous block) --> preserve on term */
+	uint8_t bKeepRecordHashes;
+	uint8_t bKeepTreeHashes;
+	uint64_t blockSizeLimit;
 	char *timestamper;
 	unsigned char *sigfilename;
 	unsigned char *statefilename;
@@ -172,10 +175,33 @@ getIVLen(block_sig_t *bs)
 {
 	return hashOutputLengthOctets(bs->hashID);
 }
+static inline void
+rsgtSetTimestamper(gtctx ctx, char *timestamper)
+{
+	free(ctx->timestamper);
+	ctx->timestamper = strdup(timestamper);
+}
+static inline void
+rsgtSetBlockSizeLimit(gtctx ctx, uint64_t limit)
+{
+	ctx->blockSizeLimit = limit;
+}
+static inline void
+rsgtSetKeepRecordHashes(gtctx ctx, int val)
+{
+	ctx->bKeepRecordHashes = val;
+}
+static inline void
+rsgtSetKeepTreeHashes(gtctx ctx, int val)
+{
+	ctx->bKeepTreeHashes = val;
+}
 
+int rsgtSetHashFunction(gtctx ctx, char *algName);
 void rsgtInit(char *usragent);
 void rsgtExit(void);
-gtctx rsgtCtxNew(unsigned char *logfn, enum GTHashAlgorithm hashAlg);
+gtctx rsgtCtxNew(void);
+int rsgtCtxOpenFile(gtctx ctx, unsigned char *logfn);
 void rsgtCtxDel(gtctx ctx);
 void sigblkInit(gtctx ctx);
 void sigblkAddRecord(gtctx ctx, const unsigned char *rec, const size_t len);
diff --git a/runtime/lmsig_gt.c b/runtime/lmsig_gt.c
index 8be3e045..474c573f 100644
--- a/runtime/lmsig_gt.c
+++ b/runtime/lmsig_gt.c
@@ -41,11 +41,25 @@ DEFobjStaticHelpers
 DEFobjCurrIf(errmsg)
 DEFobjCurrIf(glbl)
 
+/* tables for interfacing with the v6 config system */
+static struct cnfparamdescr cnfpdescr[] = {
+	{ "sig.hashfunction", eCmdHdlrGetWord, 0 },
+	{ "sig.timestampservice", eCmdHdlrGetWord, 0 },
+	{ "sig.block.sizelimit", eCmdHdlrSize, 0 },
+	{ "sig.keeprecordhashes", eCmdHdlrBinary, 0 },
+	{ "sig.keeptreehashes", eCmdHdlrBinary, 0 }
+};
+static struct cnfparamblk pblk =
+	{ CNFPARAMBLK_VERSION,
+	  sizeof(cnfpdescr)/sizeof(struct cnfparamdescr),
+	  cnfpdescr
+	};
 
 /* Standard-Constructor
  */
-BEGINobjConstruct(lmsig_gt) /* be sure to specify the object type also in END macro! */
+BEGINobjConstruct(lmsig_gt)
 	dbgprintf("DDDD: lmsig_gt: called construct\n");
+	pThis->ctx = rsgtCtxNew();
 ENDobjConstruct(lmsig_gt)
 
 
@@ -55,13 +69,61 @@ CODESTARTobjDestruct(lmsig_gt)
 	dbgprintf("DDDD: lmsig_gt: called destruct\n");
 ENDobjDestruct(lmsig_gt)
 
+
+/* apply all params from param block to us. This must be called
+ * after construction, but before the OnFileOpen() entry point.
+ * Defaults are expected to have been set during construction.
+ */
+rsRetVal
+SetCnfParam(void *pT, struct nvlst *lst)
+{
+	lmsig_gt_t *pThis = (lmsig_gt_t*) pT;
+	int i;
+	uchar *cstr;
+	struct cnfparamvals *pvals;
+	pvals = nvlstGetParams(lst, &pblk, NULL);
+	if(Debug) {
+		dbgprintf("sig param blk in lmsig_gt:\n");
+		cnfparamsPrint(&pblk, pvals);
+	}
+
+	for(i = 0 ; i < pblk.nParams ; ++i) {
+		if(!pvals[i].bUsed)
+			continue;
+		if(!strcmp(pblk.descr[i].name, "sig.hashfunction")) {
+			cstr = (uchar*) es_str2cstr(pvals[i].val.d.estr, NULL);
+			if(rsgtSetHashFunction(pThis->ctx, (char*)cstr) != 0) {
+				errmsg.LogError(0, RS_RET_ERR, "Hash function "
+					"'%s' unknown - using default", cstr);
+			}
+			free(cstr);
+		} else if(!strcmp(pblk.descr[i].name, "sig.timestampservice")) {
+			cstr = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+			rsgtSetTimestamper(pThis->ctx, (char*) cstr);
+			free(cstr);
+		} else if(!strcmp(pblk.descr[i].name, "sig.block.sizelimit")) {
+			rsgtSetBlockSizeLimit(pThis->ctx, pvals[i].val.d.n);
+		} else if(!strcmp(pblk.descr[i].name, "sig.keeprecordhashes")) {
+			rsgtSetKeepRecordHashes(pThis->ctx, pvals[i].val.d.n);
+		} else if(!strcmp(pblk.descr[i].name, "sig.keeptreehashes")) {
+			rsgtSetKeepTreeHashes(pThis->ctx, pvals[i].val.d.n);
+		} else {
+			DBGPRINTF("lmsig_gt: program error, non-handled "
+			  "param '%s'\n", pblk.descr[i].name);
+		}
+	}
+	cnfparamvalsDestruct(pvals, &pblk);
+	return RS_RET_OK;
+}
+
+
 static rsRetVal
 OnFileOpen(void *pT, uchar *fn)
 {
 	lmsig_gt_t *pThis = (lmsig_gt_t*) pT;
 	DEFiRet;
 dbgprintf("DDDD: onFileOpen: %s\n", fn);
-	pThis->ctx = rsgtCtxNew(fn, GT_HASHALG_SHA256);
+	rsgtCtxOpenFile(pThis->ctx, fn);
 	sigblkInit(pThis->ctx);
 
 	RETiRet;
@@ -95,6 +157,7 @@ CODESTARTobjQueryInterface(lmsig_gt)
 		ABORT_FINALIZE(RS_RET_INTERFACE_NOT_SUPPORTED);
 	}
 	pIf->Construct = (rsRetVal(*)(void*)) lmsig_gtConstruct;
+	pIf->SetCnfParam = SetCnfParam;
 	pIf->Destruct = (rsRetVal(*)(void*)) lmsig_gtDestruct;
 	pIf->OnFileOpen = OnFileOpen;
 	pIf->OnRecordWrite = OnRecordWrite;
diff --git a/runtime/sigprov.h b/runtime/sigprov.h
index 0154a1f4..5abfb390 100644
--- a/runtime/sigprov.h
+++ b/runtime/sigprov.h
@@ -27,6 +27,7 @@
 /* interface */
 BEGINinterface(sigprov) /* name must also be changed in ENDinterface macro! */
 	rsRetVal (*Construct)(void *ppThis);
+	rsRetVal (*SetCnfParam)(void *ppThis, struct nvlst *lst);
 	rsRetVal (*Destruct)(void *ppThis);
 	rsRetVal (*OnFileOpen)(void *pThis, uchar *fn);
 	rsRetVal (*OnRecordWrite)(void *pThis, uchar *rec, rs_size_t lenRec);
diff --git a/tools/Makefile.am b/tools/Makefile.am
index ecdce8ea..8af86cb4 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -59,10 +59,11 @@ logctl_CPPFLAGS =  $(LIBMONGO_CLIENT_CFLAGS)
 logctl_LDADD = $(LIBMONGO_CLIENT_LIBS)
 endif
 if ENABLE_GUARDTIME
-bin_PROGRAMS += logsigner rsgttlvdump
-logsigner = logsigner.c
-logsigner_CPPFLAGS =  $(RSRT_CFLAGS) $(GUARDTIME_CFLAGS)
-logsigner_LDADD = ../runtime/librsgt.la $(GUARDTIME_LIBS)
+bin_PROGRAMS += rsgttlvdump
+#bin_PROGRAMS += logsigner rsgttlvdump
+#logsigner = logsigner.c
+#logsigner_CPPFLAGS =  $(RSRT_CFLAGS) $(GUARDTIME_CFLAGS)
+#logsigner_LDADD = ../runtime/librsgt.la $(GUARDTIME_LIBS)
 rsgttlvdump = rsgttlvdump.c
 rsgttlvdump_CPPFLAGS =  $(RSRT_CFLAGS) $(GUARDTIME_CFLAGS)
 rsgttlvdump_LDADD = ../runtime/librsgt.la $(GUARDTIME_LIBS)
diff --git a/tools/omfile.c b/tools/omfile.c
index efdf5e5b..e439d504 100644
--- a/tools/omfile.c
+++ b/tools/omfile.c
@@ -989,7 +989,7 @@ finalize_it:
 }
 
 static inline void
-initSigprov(instanceData *pData)
+initSigprov(instanceData *pData, struct nvlst *lst)
 {
 	uchar szDrvrName[1024];
 
@@ -1022,6 +1022,7 @@ initSigprov(instanceData *pData)
 				szDrvrName);
 		goto done;
 	}
+	pData->sigprov.SetCnfParam(pData->sigprovData, lst);
 
 	dbgprintf("loaded signature provider %s, data instance at %p\n",
 		  szDrvrName, pData->sigprovData);
@@ -1111,7 +1112,7 @@ CODESTARTnewActInst
 	}
 
 	if(pData->sigprovName != NULL) {
-		initSigprov(pData);
+		initSigprov(pData, lst);
 	}
 
 	tplToUse = ustrdup((pData->tplName == NULL) ? getDfltTpl() : pData->tplName);
-- 
cgit v1.2.3


From 80f2b9f0cba2c55dcb1640fe73ceec55eda80348 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 8 Mar 2013 08:34:57 +0100
Subject: logsig: implement sig.block.sizelimit parameter

---
 runtime/librsgt.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/runtime/librsgt.c b/runtime/librsgt.c
index 2f336e2d..72a1dfeb 100644
--- a/runtime/librsgt.c
+++ b/runtime/librsgt.c
@@ -527,6 +527,11 @@ sigblkAddRecord(gtctx ctx, const uchar *rec, const size_t len)
 	/* note: x is freed later as part of roots cleanup */
 	GTDataHash_free(m);
 	GTDataHash_free(r);
+
+	if(ctx->nRecords == ctx->blockSizeLimit) {
+		sigblkFinish(ctx);
+		sigblkInit(ctx);
+	}
 }
 
 static void
@@ -568,6 +573,9 @@ sigblkFinish(gtctx ctx)
 	GTDataHash *root, *rootDel;
 	int8_t j;
 
+	if(ctx->nRecords == 0)
+		goto done;
+
 	root = NULL;
 	for(j = 0 ; j < ctx->nRoots ; ++j) {
 		if(root == NULL) {
@@ -580,8 +588,12 @@ sigblkFinish(gtctx ctx)
 			GTDataHash_free(rootDel);
 		}
 	}
-	/* persist root value here (callback?) */
-printf("root hash is:\n"); outputhash(root);
 	timestampIt(ctx, root);
+
+	free(ctx->blkStrtHash);
+	ctx->lenBlkStrtHash = ctx->x_prev->digest_length;
+	ctx->blkStrtHash = malloc(ctx->lenBlkStrtHash);
+	memcpy(ctx->blkStrtHash, ctx->x_prev->digest, ctx->lenBlkStrtHash);
+done:
 	ctx->bInBlk = 0;
 }
-- 
cgit v1.2.3


From b19a3072bde93afa1ad04c684a38ad0a3177ab22 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 8 Mar 2013 09:03:08 +0100
Subject: logsig: write integers in most compact from to tlv file

---
 runtime/librsgt.c   | 60 ++++++++++++++++++++++++++++++++++-------------------
 tools/rsgttlvdump.c |  7 ++++---
 2 files changed, 43 insertions(+), 24 deletions(-)

diff --git a/runtime/librsgt.c b/runtime/librsgt.c
index 72a1dfeb..b3e23628 100644
--- a/runtime/librsgt.c
+++ b/runtime/librsgt.c
@@ -59,15 +59,6 @@ typedef unsigned char uchar;
 #define VERSION "no-version"
 #endif
 
-static void
-outputhash(GTDataHash *hash)
-{
-	unsigned i;
-	for(i = 0 ; i < hash->digest_length ; ++i)
-		printf("%2.2x", hash->digest[i]);
-	printf("\n");
-}
-
 
 void
 rsgtInit(char *usragent)
@@ -159,19 +150,45 @@ tlvbufAddOctetString(gtctx ctx, uint8_t *octet, int size)
 	for(i = 0 ; i < size ; ++i)
 		tlvbufAddOctet(ctx, octet[i]);
 }
-static inline void
-tlvbufAddInt32(gtctx ctx, uint32_t val)
-{
-	tlvbufAddOctet(ctx, (val >> 24) & 0xff);
-	tlvbufAddOctet(ctx, (val >> 16) & 0xff);
-	tlvbufAddOctet(ctx, (val >>  8) & 0xff);
-	tlvbufAddOctet(ctx,  val        & 0xff);
+/* return the actual length in to-be-written octets of an integer */
+static inline uint8_t
+tlvbufGetInt64OctetSize(uint64_t val)
+{
+	if(val >> 56)
+		return 8;
+	if((val >> 48) & 0xff)
+		return 7;
+	if((val >> 40) & 0xff)
+		return 6;
+	if((val >> 32) & 0xff)
+		return 5;
+	if((val >> 24) & 0xff)
+		return 4;
+	if((val >> 16) & 0xff)
+		return 3;
+	if((val >> 8) & 0xff)
+		return 2;
+	return 1;
 }
 static inline void
 tlvbufAddInt64(gtctx ctx, uint64_t val)
 {
-	tlvbufAddInt32(ctx, (val >> 32) & 0xffffffff);
-	tlvbufAddInt32(ctx,  val        & 0xffffffff);
+	uint8_t doWrite = 0;
+	if(val >> 56)
+		tlvbufAddOctet(ctx, (val >> 56) & 0xff), doWrite = 1;
+	if(doWrite || ((val >> 48) & 0xff))
+		tlvbufAddOctet(ctx, (val >> 48) & 0xff), doWrite = 1;
+	if(doWrite || ((val >> 40) & 0xff))
+		tlvbufAddOctet(ctx, (val >> 40) & 0xff), doWrite = 1;
+	if(doWrite || ((val >> 32) & 0xff))
+		tlvbufAddOctet(ctx, (val >> 32) & 0xff), doWrite = 1;
+	if(doWrite || ((val >> 24) & 0xff))
+		tlvbufAddOctet(ctx, (val >> 24) & 0xff), doWrite = 1;
+	if(doWrite || ((val >> 16) & 0xff))
+		tlvbufAddOctet(ctx, (val >> 16) & 0xff), doWrite = 1;
+	if(doWrite || ((val >> 8) & 0xff))
+		tlvbufAddOctet(ctx, (val >>  8) & 0xff), doWrite = 1;
+	tlvbufAddOctet(ctx, val & 0xff);
 }
 
 
@@ -204,13 +221,14 @@ void
 tlvWriteBlockSig(gtctx ctx, uchar *der, uint16_t lenDer)
 {
 	unsigned tlvlen;
+	uint8_t tlvlenRecords;
 
+	tlvlenRecords = tlvbufGetInt64OctetSize(ctx->nRecords);
 	tlvlen  = 2 + 1 /* hash algo TLV */ +
 	 	  2 + hashOutputLengthOctets(ctx->hashAlg) /* iv */ +
 		  2 + 1 + ctx->lenBlkStrtHash /* last hash */ +
-		  2 + 8 /* rec-count (64 bit integer) */ +
+		  2 + tlvlenRecords /* rec-count */ +
 		  4 + lenDer /* rfc-3161 */;
-printf("TTTT: tlvlen %u, lenDer %u\n", tlvlen, lenDer);
 	/* write top-level TLV object (block-sig */
 	tlv16Write(ctx, 0x00, 0x0902, tlvlen);
 	/* and now write the children */
@@ -226,7 +244,7 @@ printf("TTTT: tlvlen %u, lenDer %u\n", tlvlen, lenDer);
 	tlvbufAddOctet(ctx, hashIdentifier(ctx->hashAlg));
 	tlvbufAddOctetString(ctx, ctx->blkStrtHash, ctx->lenBlkStrtHash);
 	/* rec-count */
-	tlv8Write(ctx, 0x00, 0x03, 8);
+	tlv8Write(ctx, 0x00, 0x03, tlvlenRecords);
 	tlvbufAddInt64(ctx, ctx->nRecords);
 	/* rfc-3161 */
 	tlv16Write(ctx, 0x00, 0x906, lenDer);
diff --git a/tools/rsgttlvdump.c b/tools/rsgttlvdump.c
index 256a85b5..9b536db1 100644
--- a/tools/rsgttlvdump.c
+++ b/tools/rsgttlvdump.c
@@ -40,6 +40,7 @@ processFile(char *name)
 	uchar hdr[9];
 	uint16_t tlvtype, tlvlen;
 	void *obj;
+	int r = -1;
 	
 	if(!strcmp(name, "-"))
 		fp = stdin;
@@ -50,10 +51,10 @@ processFile(char *name)
 			goto err;
 		}
 	}
-	if(rsgt_tlvrdHeader(fp, hdr) != 0) goto err;
+	if((r = rsgt_tlvrdHeader(fp, hdr)) != 0) goto err;
 	printf("File Header: '%s'\n", hdr);
 	while(1) { /* we will err out on EOF */
-		if(rsgt_tlvrd(fp, &tlvtype, &tlvlen, &obj) != 0) {
+		if((r = rsgt_tlvrd(fp, &tlvtype, &tlvlen, &obj)) != 0) {
 			if(feof(fp))
 				break;
 			else
@@ -65,7 +66,7 @@ processFile(char *name)
 	if(fp != stdin)
 		fclose(fp);
 	return;
-err:	fprintf(stderr, "error processing file %s\n", name);
+err:	fprintf(stderr, "error %d processing file %s\n", r, name);
 }
 
 int
-- 
cgit v1.2.3


From e01e72695022ae50af68a47c4aef2c338eff8c8e Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 8 Mar 2013 09:38:26 +0100
Subject: logsig: update hash chain algorithm to match updated paper

---
 runtime/librsgt.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/runtime/librsgt.c b/runtime/librsgt.c
index b3e23628..16dc3995 100644
--- a/runtime/librsgt.c
+++ b/runtime/librsgt.c
@@ -515,7 +515,7 @@ sigblkAddRecord(gtctx ctx, const uchar *rec, const size_t len)
 
 	hash_m(ctx, &m);
 	hash_r(ctx, &r, rec, len);
-	hash_node(ctx, &x, m, r, 0); /* hash leaf */
+	hash_node(ctx, &x, m, r, 1); /* hash leaf */
 	/* persists x here if Merkle tree needs to be persisted! */
 	/* add x to the forest as new leaf, update roots list */
 	t = x;
@@ -527,7 +527,7 @@ sigblkAddRecord(gtctx ctx, const uchar *rec, const size_t len)
 			t = NULL;
 		} else if(t != NULL) {
 			/* hash interim node */
-			hash_node(ctx, &t, ctx->roots_hash[j], t, j+1);
+			hash_node(ctx, &t, ctx->roots_hash[j], t, j+2);
 			ctx->roots_valid[j] = 0;
 		}
 	}
@@ -601,7 +601,7 @@ sigblkFinish(gtctx ctx)
 			ctx->roots_valid[j] = 0; /* guess this is redundant with init, maybe del */
 		} else if(ctx->roots_valid[j]) {
 			rootDel = root;
-			hash_node(ctx, &root, ctx->roots_hash[j], root, j+1);
+			hash_node(ctx, &root, ctx->roots_hash[j], root, j+2);
 			ctx->roots_valid[j] = 0; /* guess this is redundant with init, maybe del */
 			GTDataHash_free(rootDel);
 		}
-- 
cgit v1.2.3


From e34de52833507224f5f0522fd205ee4fae81176e Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 8 Mar 2013 10:34:04 +0100
Subject: logsig: update implementation to new concatenation rules from paper

- when concatenting hashes, the hash ID must be included
  (actually the imprint, not just the hash is concatenated)
- when concatenting integers, the smallest number of octets
  must be used (actually, we have just level currently, which
  always is one octet)
---
 runtime/librsgt.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/runtime/librsgt.c b/runtime/librsgt.c
index 16dc3995..aa37dc84 100644
--- a/runtime/librsgt.c
+++ b/runtime/librsgt.c
@@ -456,16 +456,21 @@ static inline void
 bufAddHash(gtctx ctx, uchar *buf, size_t *len, GTDataHash *hash)
 {
 	if(hash == NULL) {
+	// TODO: how to get the REAL HASH ID? --> add field!
+		buf[*len] = hashIdentifier(ctx->hashAlg);
+		++(*len);
 		memcpy(buf+*len, ctx->blkStrtHash, ctx->lenBlkStrtHash);
 		*len += ctx->lenBlkStrtHash;
 	} else {
+		buf[*len] = hashIdentifier(ctx->hashAlg);
+		++(*len);
 		memcpy(buf+*len, hash->digest, hash->digest_length);
 		*len += hash->digest_length;
 	}
 }
 /* concat: add tree level to buffer */
 static inline void
-bufAddLevel(uchar *buf, size_t *len, int level)
+bufAddLevel(uchar *buf, size_t *len, uint8_t level)
 {
 	memcpy(buf+*len, &level, sizeof(level));
 	*len += sizeof(level);
@@ -494,7 +499,8 @@ hash_r(gtctx ctx, GTDataHash **r, const uchar *rec, const size_t len)
 
 
 static void
-hash_node(gtctx ctx, GTDataHash **node, GTDataHash *m, GTDataHash *r, int level)
+hash_node(gtctx ctx, GTDataHash **node, GTDataHash *m, GTDataHash *r,
+          uint8_t level)
 {
 	// x = hash(concat(m, r, 0)); /* hash leaf */
 	uchar concatBuf[16*1024];
@@ -511,7 +517,7 @@ sigblkAddRecord(gtctx ctx, const uchar *rec, const size_t len)
 {
 	GTDataHash *x; /* current hash */
 	GTDataHash *m, *r, *t;
-	int8_t j;
+	uint8_t j;
 
 	hash_m(ctx, &m);
 	hash_r(ctx, &r, rec, len);
-- 
cgit v1.2.3


From febd1c619d3774766064294358c885f14c74ed7c Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 8 Mar 2013 14:32:06 +0100
Subject: logsig: add capability to write log signature records

---
 runtime/librsgt.c      | 16 ++++++++++++-
 runtime/librsgt_read.c | 63 +++++++++++++++++++++++++++++++++++++++++++++++---
 2 files changed, 75 insertions(+), 4 deletions(-)

diff --git a/runtime/librsgt.c b/runtime/librsgt.c
index aa37dc84..f00c894d 100644
--- a/runtime/librsgt.c
+++ b/runtime/librsgt.c
@@ -217,6 +217,18 @@ tlvFlush(gtctx ctx)
 		tlvbufPhysWrite(ctx);
 }
 
+void
+tlvWriteRecHash(gtctx ctx, GTDataHash *r)
+{
+	unsigned tlvlen;
+
+	tlvlen = 1 + r->digest_length;
+	tlv16Write(ctx, 0x00, 0x0900, tlvlen);
+	tlvbufAddOctet(ctx, hashIdentifier(ctx->hashAlg));
+	tlvbufAddOctetString(ctx, r->digest, r->digest_length);
+dbgprintf("DDDD: tlvWriteRecHash: tlvlen %u, digest_len %u\n", tlvlen, r->digest_length);
+}
+
 void
 tlvWriteBlockSig(gtctx ctx, uchar *der, uint16_t lenDer)
 {
@@ -490,7 +502,7 @@ hash_m(gtctx ctx, GTDataHash **m)
 	GTDataHash_create(ctx->hashAlg, concatBuf, len, m);
 }
 
-static void
+static inline void
 hash_r(gtctx ctx, GTDataHash **r, const uchar *rec, const size_t len)
 {
 	// r = hash(canonicalize(rec));
@@ -521,6 +533,8 @@ sigblkAddRecord(gtctx ctx, const uchar *rec, const size_t len)
 
 	hash_m(ctx, &m);
 	hash_r(ctx, &r, rec, len);
+	if(ctx->bKeepRecordHashes)
+		tlvWriteRecHash(ctx, r);
 	hash_node(ctx, &x, m, r, 1); /* hash leaf */
 	/* persists x here if Merkle tree needs to be persisted! */
 	/* add x to the forest as new leaf, update roots list */
diff --git a/runtime/librsgt_read.c b/runtime/librsgt_read.c
index fa489a0f..a1c59509 100644
--- a/runtime/librsgt_read.c
+++ b/runtime/librsgt_read.c
@@ -160,6 +160,10 @@ rsgt_tlvrdLAST_HASH(FILE *fp, imprint_t *imp)
 	if(!(tlvtype == 0x02)) { r = RSGTE_INVLTYP; goto done; }
 	NEXTC;
 	imp->hashID = c;
+	if(tlvlen != 1 + hashOutputLengthOctets(imp->hashID)) {
+		r = RSGTE_LEN;
+		goto done;
+	}
 	imp->len = tlvlen - 1;
 	CHKr(rsgt_tlvrdOctetString(fp, &imp->data, tlvlen-1));
 	r = 0;
@@ -223,7 +227,7 @@ rsgt_tlvrdBLOCK_SIG(FILE *fp, block_sig_t **blocksig, uint16_t tlvlen)
 		   2 + lenInt /* rec-count */ +
 		   4 + bs->sig.der.len /* rfc-3161 */;
 	if(sizeRead != tlvlen) {
-		printf("lenght record error!\n");
+		printf("length record error!\n");
 		r = RSGTE_LEN;
 		goto done;
 	}
@@ -232,8 +236,38 @@ rsgt_tlvrdBLOCK_SIG(FILE *fp, block_sig_t **blocksig, uint16_t tlvlen)
 done:	return r;
 }
 
+static int
+rsgt_tlvrdREC_HASH(FILE *fp, imprint_t **imprint, uint16_t tlvlen)
+{
+	int r = 1;
+	imprint_t *imp;
+	int c;
 
-/**
+	if((imp = calloc(1, sizeof(imprint_t))) == NULL) {
+		r = RSGTE_OOM;
+		goto done;
+	}
+	if((imp->data = calloc(1, sizeof(imprint_t))) == NULL) {
+		r = RSGTE_OOM;
+		goto done;
+	}
+
+	NEXTC;
+	imp->hashID = c;
+	if(tlvlen != 1 + hashOutputLengthOctets(imp->hashID)) {
+		r = RSGTE_LEN;
+		goto done;
+	}
+	imp->len = tlvlen - 1;
+	CHKr(rsgt_tlvrdOctetString(fp, &imp->data, tlvlen-1));
+
+	*imprint = imp;
+	r = 0;
+done:	return r;
+}
+
+
+/**;
  * Read the next "object" from file. This usually is
  * a single TLV, but may be something larger, for
  * example in case of a block-sig TLV record.
@@ -258,6 +292,10 @@ rsgt_tlvrd(FILE *fp, uint16_t *tlvtype, uint16_t *tlvlen, void *obj)
 
 	if((r = rsgt_tlvrdTL(fp, tlvtype, tlvlen)) != 0) goto done;
 	switch(*tlvtype) {
+		case 0x0900:
+			r = rsgt_tlvrdREC_HASH(fp, obj, *tlvlen);
+			if(r != 0) goto done;
+			break;
 		case 0x0902:
 			r = rsgt_tlvrdBLOCK_SIG(fp, obj, *tlvlen);
 			if(r != 0) goto done;
@@ -295,6 +333,22 @@ blobIsZero(uint8_t *blob, uint16_t len)
 			return 0;
 	return 1;
 }
+
+static void
+rsgt_printIMPRINT(FILE *fp, char *name, imprint_t *imp, uint8_t verbose)
+{
+	fprintf(fp, "%s", name);
+		outputHexBlob(imp->data, imp->len, verbose);
+		fputc('\n', fp);
+}
+
+static void
+rsgt_printREC_HASH(FILE *fp, imprint_t *imp, uint8_t verbose)
+{
+	rsgt_printIMPRINT(fp, "[0x0900]Record Signature Record: ",
+		imp, verbose);
+}
+
 /**
  * Output a human-readable representation of a block_sig_t
  * to proviced file pointer. This function is mainly inteded for
@@ -307,7 +361,7 @@ blobIsZero(uint8_t *blob, uint16_t len)
 void
 rsgt_printBLOCK_SIG(FILE *fp, block_sig_t *bs, uint8_t verbose)
 {
-	fprintf(fp, "Block Signature Record [0x0902]:\n");
+	fprintf(fp, "[0x0902]Block Signature Record:\n");
 	fprintf(fp, "\tPrevious Block Hash:\n");
 	fprintf(fp, "\t   Algorithm..: %s\n", hashAlgName(bs->lastHash.hashID));
 	fprintf(fp, "\t   Hash.......: ");
@@ -339,6 +393,9 @@ void
 rsgt_tlvprint(FILE *fp, uint16_t tlvtype, void *obj, uint8_t verbose)
 {
 	switch(tlvtype) {
+	case 0x0900:
+		rsgt_printREC_HASH(fp, obj, verbose);
+		break;
 	case 0x0902:
 		rsgt_printBLOCK_SIG(fp, obj, verbose);
 		break;
-- 
cgit v1.2.3


From 39b91ca4e7b40d4a1ab3fb8ac857cecc084b7308 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 8 Mar 2013 15:13:22 +0100
Subject: logsig: add capability to write interim hash records

---
 runtime/librsgt.c      | 14 +++++++++-----
 runtime/librsgt_read.c | 20 +++++++++++++++++---
 2 files changed, 26 insertions(+), 8 deletions(-)

diff --git a/runtime/librsgt.c b/runtime/librsgt.c
index f00c894d..aa74f09d 100644
--- a/runtime/librsgt.c
+++ b/runtime/librsgt.c
@@ -218,15 +218,14 @@ tlvFlush(gtctx ctx)
 }
 
 void
-tlvWriteRecHash(gtctx ctx, GTDataHash *r)
+tlvWriteHash(gtctx ctx, uint16_t tlvtype, GTDataHash *r)
 {
 	unsigned tlvlen;
 
 	tlvlen = 1 + r->digest_length;
-	tlv16Write(ctx, 0x00, 0x0900, tlvlen);
+	tlv16Write(ctx, 0x00, tlvtype, tlvlen);
 	tlvbufAddOctet(ctx, hashIdentifier(ctx->hashAlg));
 	tlvbufAddOctetString(ctx, r->digest, r->digest_length);
-dbgprintf("DDDD: tlvWriteRecHash: tlvlen %u, digest_len %u\n", tlvlen, r->digest_length);
 }
 
 void
@@ -281,7 +280,7 @@ readStateFile(gtctx ctx)
 	if(read(fd, &sf, sizeof(sf)) != sizeof(sf)) goto err;
 	if(strncmp(sf.hdr, "GTSTAT10", 8)) goto err;
 
-	ctx->lenBlkStrtHash = hashOutputLengthOctets(sf.lenHash);
+	ctx->lenBlkStrtHash = sf.lenHash;
 	ctx->blkStrtHash = calloc(1, ctx->lenBlkStrtHash);
 	if((rr=read(fd, ctx->blkStrtHash, ctx->lenBlkStrtHash))
 		!= ctx->lenBlkStrtHash) {
@@ -534,9 +533,11 @@ sigblkAddRecord(gtctx ctx, const uchar *rec, const size_t len)
 	hash_m(ctx, &m);
 	hash_r(ctx, &r, rec, len);
 	if(ctx->bKeepRecordHashes)
-		tlvWriteRecHash(ctx, r);
+		tlvWriteHash(ctx, 0x0900, r);
 	hash_node(ctx, &x, m, r, 1); /* hash leaf */
 	/* persists x here if Merkle tree needs to be persisted! */
+	if(ctx->bKeepTreeHashes)
+		tlvWriteHash(ctx, 0x0901, x);
 	/* add x to the forest as new leaf, update roots list */
 	t = x;
 	for(j = 0 ; j < ctx->nRoots ; ++j) {
@@ -549,6 +550,9 @@ sigblkAddRecord(gtctx ctx, const uchar *rec, const size_t len)
 			/* hash interim node */
 			hash_node(ctx, &t, ctx->roots_hash[j], t, j+2);
 			ctx->roots_valid[j] = 0;
+			// TODO: check if this is correct location (paper!)
+			if(ctx->bKeepTreeHashes)
+				tlvWriteHash(ctx, 0x0901, t);
 		}
 	}
 	if(t != NULL) {
diff --git a/runtime/librsgt_read.c b/runtime/librsgt_read.c
index a1c59509..be78580d 100644
--- a/runtime/librsgt_read.c
+++ b/runtime/librsgt_read.c
@@ -237,7 +237,7 @@ done:	return r;
 }
 
 static int
-rsgt_tlvrdREC_HASH(FILE *fp, imprint_t **imprint, uint16_t tlvlen)
+rsgt_tlvrdIMPRINT(FILE *fp, imprint_t **imprint, uint16_t tlvlen)
 {
 	int r = 1;
 	imprint_t *imp;
@@ -293,7 +293,11 @@ rsgt_tlvrd(FILE *fp, uint16_t *tlvtype, uint16_t *tlvlen, void *obj)
 	if((r = rsgt_tlvrdTL(fp, tlvtype, tlvlen)) != 0) goto done;
 	switch(*tlvtype) {
 		case 0x0900:
-			r = rsgt_tlvrdREC_HASH(fp, obj, *tlvlen);
+			r = rsgt_tlvrdIMPRINT(fp, obj, *tlvlen);
+			if(r != 0) goto done;
+			break;
+		case 0x0901:
+			r = rsgt_tlvrdIMPRINT(fp, obj, *tlvlen);
 			if(r != 0) goto done;
 			break;
 		case 0x0902:
@@ -345,7 +349,14 @@ rsgt_printIMPRINT(FILE *fp, char *name, imprint_t *imp, uint8_t verbose)
 static void
 rsgt_printREC_HASH(FILE *fp, imprint_t *imp, uint8_t verbose)
 {
-	rsgt_printIMPRINT(fp, "[0x0900]Record Signature Record: ",
+	rsgt_printIMPRINT(fp, "[0x0900]Record hash................: ",
+		imp, verbose);
+}
+
+static void
+rsgt_printINT_HASH(FILE *fp, imprint_t *imp, uint8_t verbose)
+{
+	rsgt_printIMPRINT(fp, "[0x0901]Intermediate aggregate hash: ",
 		imp, verbose);
 }
 
@@ -396,6 +407,9 @@ rsgt_tlvprint(FILE *fp, uint16_t tlvtype, void *obj, uint8_t verbose)
 	case 0x0900:
 		rsgt_printREC_HASH(fp, obj, verbose);
 		break;
+	case 0x0901:
+		rsgt_printINT_HASH(fp, obj, verbose);
+		break;
 	case 0x0902:
 		rsgt_printBLOCK_SIG(fp, obj, verbose);
 		break;
-- 
cgit v1.2.3


From c29b6b6415f668cc3933e7fcc40425fe9f18607f Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 8 Mar 2013 17:15:18 +0100
Subject: logsig: fix subroot forest handling

---
 runtime/librsgt.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/runtime/librsgt.c b/runtime/librsgt.c
index aa74f09d..9d112a08 100644
--- a/runtime/librsgt.c
+++ b/runtime/librsgt.c
@@ -542,14 +542,15 @@ sigblkAddRecord(gtctx ctx, const uchar *rec, const size_t len)
 	t = x;
 	for(j = 0 ; j < ctx->nRoots ; ++j) {
 		if(ctx->roots_valid[j] == 0) {
-			GTDataHash_free(ctx->roots_hash[j]);
 			ctx->roots_hash[j] = t;
 			ctx->roots_valid[j] = 1;
 			t = NULL;
+			break;
 		} else if(t != NULL) {
 			/* hash interim node */
 			hash_node(ctx, &t, ctx->roots_hash[j], t, j+2);
 			ctx->roots_valid[j] = 0;
+			GTDataHash_free(ctx->roots_hash[j]);
 			// TODO: check if this is correct location (paper!)
 			if(ctx->bKeepTreeHashes)
 				tlvWriteHash(ctx, 0x0901, t);
@@ -558,6 +559,7 @@ sigblkAddRecord(gtctx ctx, const uchar *rec, const size_t len)
 	if(t != NULL) {
 		/* new level, append "at the top" */
 		ctx->roots_hash[ctx->nRoots] = t;
+		ctx->roots_valid[ctx->nRoots] = 1;
 		++ctx->nRoots;
 		assert(ctx->nRoots < MAX_ROOTS);
 		t = NULL;
-- 
cgit v1.2.3


From 171482ee70ca74e907ea892f33daf8c07433dcd8 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 8 Mar 2013 17:24:09 +0100
Subject: some cleanup

---
 runtime/librsgt.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/runtime/librsgt.c b/runtime/librsgt.c
index 9d112a08..f2ad2727 100644
--- a/runtime/librsgt.c
+++ b/runtime/librsgt.c
@@ -272,7 +272,6 @@ readStateFile(gtctx ctx)
 {
 	int fd;
 	struct rsgtstatefile sf;
-	int rr;
 
 	fd = open((char*)ctx->statefilename, O_RDONLY|O_NOCTTY|O_CLOEXEC, 0600);
 	if(fd == -1) goto err;
@@ -282,7 +281,7 @@ readStateFile(gtctx ctx)
 
 	ctx->lenBlkStrtHash = sf.lenHash;
 	ctx->blkStrtHash = calloc(1, ctx->lenBlkStrtHash);
-	if((rr=read(fd, ctx->blkStrtHash, ctx->lenBlkStrtHash))
+	if(read(fd, ctx->blkStrtHash, ctx->lenBlkStrtHash)
 		!= ctx->lenBlkStrtHash) {
 		free(ctx->blkStrtHash);
 		goto err;
-- 
cgit v1.2.3


From d0289157529dd219c16c0c27f0e6580312ae6470 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Mon, 11 Mar 2013 12:35:15 +0100
Subject: logsig: support dynafiles

---
 runtime/librsgt.c  | 359 ++++++++++++++++++++++++++++-------------------------
 runtime/librsgt.h  |  36 ++++--
 runtime/lmsig_gt.c |  17 ++-
 runtime/sigprov.h  |   6 +-
 tools/omfile.c     |  56 +++++----
 5 files changed, 262 insertions(+), 212 deletions(-)

diff --git a/runtime/librsgt.c b/runtime/librsgt.c
index f2ad2727..83a2fe05 100644
--- a/runtime/librsgt.c
+++ b/runtime/librsgt.c
@@ -88,19 +88,34 @@ rsgtExit(void)
 }
 
 
+static inline gtfile
+rsgtfileConstruct(gtctx ctx)
+{
+	gtfile gf;
+	if((gf = calloc(1, sizeof(struct gtfile_s))) == NULL)
+		goto done;
+	gf->ctx = ctx;
+	gf->hashAlg = ctx->hashAlg;
+	gf->bKeepRecordHashes = ctx->bKeepRecordHashes;
+	gf->bKeepTreeHashes = ctx->bKeepTreeHashes;
+	gf->x_prev = NULL;
+
+done:	return gf;
+}
+
 static inline void
-tlvbufPhysWrite(gtctx ctx)
+tlvbufPhysWrite(gtfile gf)
 {
 	ssize_t lenBuf;
 	ssize_t iTotalWritten;
 	ssize_t iWritten;
 	char *pWriteBuf;
 
-	lenBuf = ctx->tlvIdx;
-	pWriteBuf = ctx->tlvBuf;
+	lenBuf = gf->tlvIdx;
+	pWriteBuf = gf->tlvBuf;
 	iTotalWritten = 0;
 	do {
-		iWritten = write(ctx->fd, pWriteBuf, lenBuf);
+		iWritten = write(gf->fd, pWriteBuf, lenBuf);
 		if(iWritten < 0) {
 			//char errStr[1024];
 			int err = errno;
@@ -122,14 +137,14 @@ tlvbufPhysWrite(gtctx ctx)
 	} while(lenBuf > 0);	/* Warning: do..while()! */
 
 finalize_it:
-	ctx->tlvIdx = 0;
+	gf->tlvIdx = 0;
 }
 
 static inline void
-tlvbufChkWrite(gtctx ctx)
+tlvbufChkWrite(gtfile gf)
 {
-	if(ctx->tlvIdx == sizeof(ctx->tlvBuf)) {
-		tlvbufPhysWrite(ctx);
+	if(gf->tlvIdx == sizeof(gf->tlvBuf)) {
+		tlvbufPhysWrite(gf);
 	}
 }
 
@@ -138,17 +153,17 @@ tlvbufChkWrite(gtctx ctx)
  * output is written only on flush or close.
  */
 static inline void
-tlvbufAddOctet(gtctx ctx, int8_t octet)
+tlvbufAddOctet(gtfile gf, int8_t octet)
 {
-	tlvbufChkWrite(ctx);
-	ctx->tlvBuf[ctx->tlvIdx++] = octet;
+	tlvbufChkWrite(gf);
+	gf->tlvBuf[gf->tlvIdx++] = octet;
 }
 static inline void
-tlvbufAddOctetString(gtctx ctx, uint8_t *octet, int size)
+tlvbufAddOctetString(gtfile gf, uint8_t *octet, int size)
 {
 	int i;
 	for(i = 0 ; i < size ; ++i)
-		tlvbufAddOctet(ctx, octet[i]);
+		tlvbufAddOctet(gf, octet[i]);
 }
 /* return the actual length in to-be-written octets of an integer */
 static inline uint8_t
@@ -171,95 +186,95 @@ tlvbufGetInt64OctetSize(uint64_t val)
 	return 1;
 }
 static inline void
-tlvbufAddInt64(gtctx ctx, uint64_t val)
+tlvbufAddInt64(gtfile gf, uint64_t val)
 {
 	uint8_t doWrite = 0;
 	if(val >> 56)
-		tlvbufAddOctet(ctx, (val >> 56) & 0xff), doWrite = 1;
+		tlvbufAddOctet(gf, (val >> 56) & 0xff), doWrite = 1;
 	if(doWrite || ((val >> 48) & 0xff))
-		tlvbufAddOctet(ctx, (val >> 48) & 0xff), doWrite = 1;
+		tlvbufAddOctet(gf, (val >> 48) & 0xff), doWrite = 1;
 	if(doWrite || ((val >> 40) & 0xff))
-		tlvbufAddOctet(ctx, (val >> 40) & 0xff), doWrite = 1;
+		tlvbufAddOctet(gf, (val >> 40) & 0xff), doWrite = 1;
 	if(doWrite || ((val >> 32) & 0xff))
-		tlvbufAddOctet(ctx, (val >> 32) & 0xff), doWrite = 1;
+		tlvbufAddOctet(gf, (val >> 32) & 0xff), doWrite = 1;
 	if(doWrite || ((val >> 24) & 0xff))
-		tlvbufAddOctet(ctx, (val >> 24) & 0xff), doWrite = 1;
+		tlvbufAddOctet(gf, (val >> 24) & 0xff), doWrite = 1;
 	if(doWrite || ((val >> 16) & 0xff))
-		tlvbufAddOctet(ctx, (val >> 16) & 0xff), doWrite = 1;
+		tlvbufAddOctet(gf, (val >> 16) & 0xff), doWrite = 1;
 	if(doWrite || ((val >> 8) & 0xff))
-		tlvbufAddOctet(ctx, (val >>  8) & 0xff), doWrite = 1;
-	tlvbufAddOctet(ctx, val & 0xff);
+		tlvbufAddOctet(gf, (val >>  8) & 0xff), doWrite = 1;
+	tlvbufAddOctet(gf, val & 0xff);
 }
 
 
 void
-tlv8Write(gtctx ctx, int flags, int tlvtype, int len)
+tlv8Write(gtfile gf, int flags, int tlvtype, int len)
 {
-	tlvbufAddOctet(ctx, (flags << 5)|tlvtype);
-	tlvbufAddOctet(ctx, len & 0xff);
+	tlvbufAddOctet(gf, (flags << 5)|tlvtype);
+	tlvbufAddOctet(gf, len & 0xff);
 } 
 
 void
-tlv16Write(gtctx ctx, int flags, int tlvtype, uint16_t len)
+tlv16Write(gtfile gf, int flags, int tlvtype, uint16_t len)
 {
 	uint16_t typ;
 	typ = ((flags|1) << 13)|tlvtype;
-	tlvbufAddOctet(ctx, typ >> 8);
-	tlvbufAddOctet(ctx, typ & 0xff);
-	tlvbufAddOctet(ctx, (len >> 8) & 0xff);
-	tlvbufAddOctet(ctx, len & 0xff);
+	tlvbufAddOctet(gf, typ >> 8);
+	tlvbufAddOctet(gf, typ & 0xff);
+	tlvbufAddOctet(gf, (len >> 8) & 0xff);
+	tlvbufAddOctet(gf, len & 0xff);
 } 
 
 void
-tlvFlush(gtctx ctx)
+tlvFlush(gtfile gf)
 {
-	if(ctx->tlvIdx != 0)
-		tlvbufPhysWrite(ctx);
+	if(gf->tlvIdx != 0)
+		tlvbufPhysWrite(gf);
 }
 
 void
-tlvWriteHash(gtctx ctx, uint16_t tlvtype, GTDataHash *r)
+tlvWriteHash(gtfile gf, uint16_t tlvtype, GTDataHash *r)
 {
 	unsigned tlvlen;
 
 	tlvlen = 1 + r->digest_length;
-	tlv16Write(ctx, 0x00, tlvtype, tlvlen);
-	tlvbufAddOctet(ctx, hashIdentifier(ctx->hashAlg));
-	tlvbufAddOctetString(ctx, r->digest, r->digest_length);
+	tlv16Write(gf, 0x00, tlvtype, tlvlen);
+	tlvbufAddOctet(gf, hashIdentifier(gf->hashAlg));
+	tlvbufAddOctetString(gf, r->digest, r->digest_length);
 }
 
 void
-tlvWriteBlockSig(gtctx ctx, uchar *der, uint16_t lenDer)
+tlvWriteBlockSig(gtfile gf, uchar *der, uint16_t lenDer)
 {
 	unsigned tlvlen;
 	uint8_t tlvlenRecords;
 
-	tlvlenRecords = tlvbufGetInt64OctetSize(ctx->nRecords);
+	tlvlenRecords = tlvbufGetInt64OctetSize(gf->nRecords);
 	tlvlen  = 2 + 1 /* hash algo TLV */ +
-	 	  2 + hashOutputLengthOctets(ctx->hashAlg) /* iv */ +
-		  2 + 1 + ctx->lenBlkStrtHash /* last hash */ +
+	 	  2 + hashOutputLengthOctets(gf->hashAlg) /* iv */ +
+		  2 + 1 + gf->lenBlkStrtHash /* last hash */ +
 		  2 + tlvlenRecords /* rec-count */ +
 		  4 + lenDer /* rfc-3161 */;
 	/* write top-level TLV object (block-sig */
-	tlv16Write(ctx, 0x00, 0x0902, tlvlen);
+	tlv16Write(gf, 0x00, 0x0902, tlvlen);
 	/* and now write the children */
 	//FIXME: flags???
 	/* hash-algo */
-	tlv8Write(ctx, 0x00, 0x00, 1);
-	tlvbufAddOctet(ctx, hashIdentifier(ctx->hashAlg));
+	tlv8Write(gf, 0x00, 0x00, 1);
+	tlvbufAddOctet(gf, hashIdentifier(gf->hashAlg));
 	/* block-iv */
-	tlv8Write(ctx, 0x00, 0x01, hashOutputLengthOctets(ctx->hashAlg));
-	tlvbufAddOctetString(ctx, ctx->IV, hashOutputLengthOctets(ctx->hashAlg));
+	tlv8Write(gf, 0x00, 0x01, hashOutputLengthOctets(gf->hashAlg));
+	tlvbufAddOctetString(gf, gf->IV, hashOutputLengthOctets(gf->hashAlg));
 	/* last-hash */
-	tlv8Write(ctx, 0x00, 0x02, ctx->lenBlkStrtHash+1);
-	tlvbufAddOctet(ctx, hashIdentifier(ctx->hashAlg));
-	tlvbufAddOctetString(ctx, ctx->blkStrtHash, ctx->lenBlkStrtHash);
+	tlv8Write(gf, 0x00, 0x02, gf->lenBlkStrtHash+1);
+	tlvbufAddOctet(gf, hashIdentifier(gf->hashAlg));
+	tlvbufAddOctetString(gf, gf->blkStrtHash, gf->lenBlkStrtHash);
 	/* rec-count */
-	tlv8Write(ctx, 0x00, 0x03, tlvlenRecords);
-	tlvbufAddInt64(ctx, ctx->nRecords);
+	tlv8Write(gf, 0x00, 0x03, tlvlenRecords);
+	tlvbufAddInt64(gf, gf->nRecords);
 	/* rfc-3161 */
-	tlv16Write(ctx, 0x00, 0x906, lenDer);
-	tlvbufAddOctetString(ctx, der, lenDer);
+	tlv16Write(gf, 0x00, 0x906, lenDer);
+	tlvbufAddOctetString(gf, der, lenDer);
 }
 
 /* read rsyslog log state file; if we cannot access it or the
@@ -268,85 +283,85 @@ tlvWriteBlockSig(gtctx ctx, uchar *der, uint16_t lenDer)
  * The context is initialized accordingly.
  */
 static void
-readStateFile(gtctx ctx)
+readStateFile(gtfile gf)
 {
 	int fd;
 	struct rsgtstatefile sf;
 
-	fd = open((char*)ctx->statefilename, O_RDONLY|O_NOCTTY|O_CLOEXEC, 0600);
+	fd = open((char*)gf->statefilename, O_RDONLY|O_NOCTTY|O_CLOEXEC, 0600);
 	if(fd == -1) goto err;
 
 	if(read(fd, &sf, sizeof(sf)) != sizeof(sf)) goto err;
 	if(strncmp(sf.hdr, "GTSTAT10", 8)) goto err;
 
-	ctx->lenBlkStrtHash = sf.lenHash;
-	ctx->blkStrtHash = calloc(1, ctx->lenBlkStrtHash);
-	if(read(fd, ctx->blkStrtHash, ctx->lenBlkStrtHash)
-		!= ctx->lenBlkStrtHash) {
-		free(ctx->blkStrtHash);
+	gf->lenBlkStrtHash = sf.lenHash;
+	gf->blkStrtHash = calloc(1, gf->lenBlkStrtHash);
+	if(read(fd, gf->blkStrtHash, gf->lenBlkStrtHash)
+		!= gf->lenBlkStrtHash) {
+		free(gf->blkStrtHash);
 		goto err;
 	}
 return;
 
 err:
-	ctx->lenBlkStrtHash = hashOutputLengthOctets(ctx->hashAlg);
-	ctx->blkStrtHash = calloc(1, ctx->lenBlkStrtHash);
+	gf->lenBlkStrtHash = hashOutputLengthOctets(gf->hashAlg);
+	gf->blkStrtHash = calloc(1, gf->lenBlkStrtHash);
 }
 
 /* persist all information that we need to re-open and append
  * to a log signature file.
  */
 static void
-writeStateFile(gtctx ctx)
+writeStateFile(gtfile gf)
 {
 	int fd;
 	struct rsgtstatefile sf;
 
-	fd = open((char*)ctx->statefilename,
+	fd = open((char*)gf->statefilename,
 		       O_WRONLY|O_CREAT|O_TRUNC|O_NOCTTY|O_CLOEXEC, 0600);
 	if(fd == -1)
 		goto done;
 
 	memcpy(sf.hdr, "GTSTAT10", 8);
-	sf.hashID = hashIdentifier(ctx->hashAlg);
-	sf.lenHash = ctx->x_prev->digest_length;
+	sf.hashID = hashIdentifier(gf->hashAlg);
+	sf.lenHash = gf->x_prev->digest_length;
 	write(fd, &sf, sizeof(sf));
-	write(fd, ctx->x_prev->digest, ctx->x_prev->digest_length);
+	write(fd, gf->x_prev->digest, gf->x_prev->digest_length);
 	close(fd);
 done:	return;
 }
 
 
-void tlvClose(gtctx ctx)
+void tlvClose(gtfile gf)
 {
-	tlvFlush(ctx);
-	close(ctx->fd);
-	ctx->fd = -1;
-	writeStateFile(ctx);
+	tlvFlush(gf);
+	close(gf->fd);
+	gf->fd = -1;
+	writeStateFile(gf);
 }
 
 
 /* note: if file exists, the last hash for chaining must
  * be read from file.
  */
-void tlvOpen(gtctx ctx, char *hdr, unsigned lenHdr)
+void tlvOpen(gtfile gf, char *hdr, unsigned lenHdr)
 {
-	ctx->fd = open((char*)ctx->sigfilename,
+	gf->fd = open((char*)gf->sigfilename,
 		       O_WRONLY|O_APPEND|O_NOCTTY|O_CLOEXEC, 0600);
-	if(ctx->fd == -1) {
+	if(gf->fd == -1) {
 		/* looks like we need to create a new file */
-		ctx->fd = open((char*)ctx->sigfilename,
+		gf->fd = open((char*)gf->sigfilename,
 			       O_WRONLY|O_CREAT|O_NOCTTY|O_CLOEXEC, 0600);
 		// FIXME: check fd == -1
-		memcpy(ctx->tlvBuf, hdr, lenHdr);
-		ctx->tlvIdx = lenHdr;
+		memcpy(gf->tlvBuf, hdr, lenHdr);
+		gf->tlvIdx = lenHdr;
 	} else {
-		ctx->tlvIdx = 0; /* header already present! */
+		gf->tlvIdx = 0; /* header already present! */
 	}
 	/* we now need to obtain the last previous hash, so that
 	 * we can continue the hash chain.
 	 */
-	readStateFile(ctx);
+	readStateFile(gf);
 }
 
 /*
@@ -357,13 +372,13 @@ void tlvOpen(gtctx ctx, char *hdr, unsigned lenHdr)
  * reproduce). -- rgerhards, 2013-03-04
  */
 void
-seedIV(gtctx ctx)
+seedIV(gtfile gf)
 {
 	int hashlen;
 	int fd;
 
-	hashlen = hashOutputLengthOctets(ctx->hashAlg);
-	ctx->IV = malloc(hashlen); /* do NOT zero-out! */
+	hashlen = hashOutputLengthOctets(gf->hashAlg);
+	gf->IV = malloc(hashlen); /* do NOT zero-out! */
 	/* if we cannot obtain data from /dev/urandom, we use whatever
 	 * is present at the current memory location as random data. Of
 	 * course, this is very weak and we should consider a different
@@ -372,7 +387,7 @@ seedIV(gtctx ctx)
 	 * will always work...).  -- TODO -- rgerhards, 2013-03-06
 	 */
 	if((fd = open("/dev/urandom", O_RDONLY)) > 0) {
-		read(fd, ctx->IV, hashlen);
+		read(fd, gf->IV, hashlen);
 		close(fd);
 	}
 }
@@ -382,25 +397,30 @@ rsgtCtxNew(void)
 {
 	gtctx ctx;
 	ctx = calloc(1, sizeof(struct gtctx_s));
-	ctx->x_prev = NULL;
 	ctx->hashAlg = GT_HASHALG_SHA256;
 	ctx->timestamper = strdup(
 			   "http://stamper.guardtime.net/gt-signingservice");
 	return ctx;
 }
 
-int
+/* either returns gtfile object or NULL if something went wrong */
+gtfile
 rsgtCtxOpenFile(gtctx ctx, unsigned char *logfn)
 {
+	gtfile gf;
 	char fn[MAXFNAME+1];
+
+	if((gf = rsgtfileConstruct(ctx)) == NULL)
+		goto done;
+
 	snprintf(fn, sizeof(fn), "%s.gtsig", logfn);
 	fn[MAXFNAME] = '\0'; /* be on save side */
-	ctx->sigfilename = (uchar*) strdup(fn);
+	gf->sigfilename = (uchar*) strdup(fn);
 	snprintf(fn, sizeof(fn), "%s.gtstate", logfn);
 	fn[MAXFNAME] = '\0'; /* be on save side */
-	ctx->statefilename = (uchar*) strdup(fn);
-	tlvOpen(ctx, LOGSIGHDR, sizeof(LOGSIGHDR)-1);
-	return 0;
+	gf->statefilename = (uchar*) strdup(fn);
+	tlvOpen(gf, LOGSIGHDR, sizeof(LOGSIGHDR)-1);
+done:	return gf;
 }
  
 
@@ -425,54 +445,61 @@ rsgtSetHashFunction(gtctx ctx, char *algName)
 		r = 1;
 	return r;
 }
+
 void
-rsgtCtxDel(gtctx ctx)
+rsgtfileDestruct(gtfile gf)
 {
-	if(ctx == NULL)
+	if(gf == NULL)
 		goto done;
 
-	if(ctx->bInBlk)
-		sigblkFinish(ctx);
-	tlvClose(ctx);
-	free(ctx->sigfilename);
-	free(ctx);
-	/* TODO: persist! */
+	if(gf->bInBlk)
+		sigblkFinish(gf);
+	tlvClose(gf);
+	free(gf->sigfilename);
+	free(gf);
 done:	return;
 }
 
+void
+rsgtCtxDel(gtctx ctx)
+{
+	if(ctx != NULL)
+		free(ctx);
+}
+
 /* new sigblk is initialized, but maybe in existing ctx */
 void
-sigblkInit(gtctx ctx)
+sigblkInit(gtfile gf)
 {
-	seedIV(ctx);
-	memset(ctx->roots_valid, 0, sizeof(ctx->roots_valid)/sizeof(char));
-	ctx->nRoots = 0;
-	ctx->nRecords = 0;
-	ctx->bInBlk = 1;
+	seedIV(gf);
+	memset(gf->roots_valid, 0, sizeof(gf->roots_valid)/sizeof(char));
+	gf->nRoots = 0;
+	gf->nRecords = 0;
+	gf->bInBlk = 1;
 }
 
 
 /* concat: add IV to buffer */
 static inline void
-bufAddIV(gtctx ctx, uchar *buf, size_t *len)
+bufAddIV(gtfile gf, uchar *buf, size_t *len)
 {
-	memcpy(buf+*len, &ctx->IV, sizeof(ctx->IV));
-	*len += sizeof(ctx->IV);
+	memcpy(buf+*len, &gf->IV, sizeof(gf->IV));
+	*len += sizeof(gf->IV);
 }
 
 
 /* concat: add hash to buffer */
 static inline void
-bufAddHash(gtctx ctx, uchar *buf, size_t *len, GTDataHash *hash)
+bufAddHash(gtfile gf, uchar *buf, size_t *len, GTDataHash *hash)
 {
 	if(hash == NULL) {
 	// TODO: how to get the REAL HASH ID? --> add field!
-		buf[*len] = hashIdentifier(ctx->hashAlg);
+		buf[*len] = hashIdentifier(gf->hashAlg);
 		++(*len);
-		memcpy(buf+*len, ctx->blkStrtHash, ctx->lenBlkStrtHash);
-		*len += ctx->lenBlkStrtHash;
+		memcpy(buf+*len, gf->blkStrtHash, gf->lenBlkStrtHash);
+		*len += gf->lenBlkStrtHash;
 	} else {
-		buf[*len] = hashIdentifier(ctx->hashAlg);
+		buf[*len] = hashIdentifier(gf->hashAlg);
 		++(*len);
 		memcpy(buf+*len, hash->digest, hash->digest_length);
 		*len += hash->digest_length;
@@ -488,97 +515,97 @@ bufAddLevel(uchar *buf, size_t *len, uint8_t level)
 
 
 static void
-hash_m(gtctx ctx, GTDataHash **m)
+hash_m(gtfile gf, GTDataHash **m)
 {
 #warning Overall: check GT API return states!
-	// m = hash(concat(ctx->x_prev, IV));
+	// m = hash(concat(gf->x_prev, IV));
 	uchar concatBuf[16*1024];
 	size_t len = 0;
 
-	bufAddHash(ctx, concatBuf, &len, ctx->x_prev);
-	bufAddIV(ctx, concatBuf, &len);
-	GTDataHash_create(ctx->hashAlg, concatBuf, len, m);
+	bufAddHash(gf, concatBuf, &len, gf->x_prev);
+	bufAddIV(gf, concatBuf, &len);
+	GTDataHash_create(gf->hashAlg, concatBuf, len, m);
 }
 
 static inline void
-hash_r(gtctx ctx, GTDataHash **r, const uchar *rec, const size_t len)
+hash_r(gtfile gf, GTDataHash **r, const uchar *rec, const size_t len)
 {
 	// r = hash(canonicalize(rec));
-	GTDataHash_create(ctx->hashAlg, rec, len, r);
+	GTDataHash_create(gf->hashAlg, rec, len, r);
 }
 
 
 static void
-hash_node(gtctx ctx, GTDataHash **node, GTDataHash *m, GTDataHash *r,
+hash_node(gtfile gf, GTDataHash **node, GTDataHash *m, GTDataHash *r,
           uint8_t level)
 {
 	// x = hash(concat(m, r, 0)); /* hash leaf */
 	uchar concatBuf[16*1024];
 	size_t len = 0;
 
-	bufAddHash(ctx, concatBuf, &len, m);
-	bufAddHash(ctx, concatBuf, &len, r);
+	bufAddHash(gf, concatBuf, &len, m);
+	bufAddHash(gf, concatBuf, &len, r);
 	bufAddLevel(concatBuf, &len, level);
-	GTDataHash_create(ctx->hashAlg, concatBuf, len, node);
+	GTDataHash_create(gf->hashAlg, concatBuf, len, node);
 }
 
 void
-sigblkAddRecord(gtctx ctx, const uchar *rec, const size_t len)
+sigblkAddRecord(gtfile gf, const uchar *rec, const size_t len)
 {
 	GTDataHash *x; /* current hash */
 	GTDataHash *m, *r, *t;
 	uint8_t j;
 
-	hash_m(ctx, &m);
-	hash_r(ctx, &r, rec, len);
-	if(ctx->bKeepRecordHashes)
-		tlvWriteHash(ctx, 0x0900, r);
-	hash_node(ctx, &x, m, r, 1); /* hash leaf */
+	hash_m(gf, &m);
+	hash_r(gf, &r, rec, len);
+	if(gf->bKeepRecordHashes)
+		tlvWriteHash(gf, 0x0900, r);
+	hash_node(gf, &x, m, r, 1); /* hash leaf */
 	/* persists x here if Merkle tree needs to be persisted! */
-	if(ctx->bKeepTreeHashes)
-		tlvWriteHash(ctx, 0x0901, x);
+	if(gf->bKeepTreeHashes)
+		tlvWriteHash(gf, 0x0901, x);
 	/* add x to the forest as new leaf, update roots list */
 	t = x;
-	for(j = 0 ; j < ctx->nRoots ; ++j) {
-		if(ctx->roots_valid[j] == 0) {
-			ctx->roots_hash[j] = t;
-			ctx->roots_valid[j] = 1;
+	for(j = 0 ; j < gf->nRoots ; ++j) {
+		if(gf->roots_valid[j] == 0) {
+			gf->roots_hash[j] = t;
+			gf->roots_valid[j] = 1;
 			t = NULL;
 			break;
 		} else if(t != NULL) {
 			/* hash interim node */
-			hash_node(ctx, &t, ctx->roots_hash[j], t, j+2);
-			ctx->roots_valid[j] = 0;
-			GTDataHash_free(ctx->roots_hash[j]);
+			hash_node(gf, &t, gf->roots_hash[j], t, j+2);
+			gf->roots_valid[j] = 0;
+			GTDataHash_free(gf->roots_hash[j]);
 			// TODO: check if this is correct location (paper!)
-			if(ctx->bKeepTreeHashes)
-				tlvWriteHash(ctx, 0x0901, t);
+			if(gf->bKeepTreeHashes)
+				tlvWriteHash(gf, 0x0901, t);
 		}
 	}
 	if(t != NULL) {
 		/* new level, append "at the top" */
-		ctx->roots_hash[ctx->nRoots] = t;
-		ctx->roots_valid[ctx->nRoots] = 1;
-		++ctx->nRoots;
-		assert(ctx->nRoots < MAX_ROOTS);
+		gf->roots_hash[gf->nRoots] = t;
+		gf->roots_valid[gf->nRoots] = 1;
+		++gf->nRoots;
+		assert(gf->nRoots < MAX_ROOTS);
 		t = NULL;
 	}
-	ctx->x_prev = x; /* single var may be sufficient */
-	++ctx->nRecords;
+	gf->x_prev = x; /* single var may be sufficient */
+	++gf->nRecords;
 
 	/* cleanup */
 	/* note: x is freed later as part of roots cleanup */
 	GTDataHash_free(m);
 	GTDataHash_free(r);
 
-	if(ctx->nRecords == ctx->blockSizeLimit) {
-		sigblkFinish(ctx);
-		sigblkInit(ctx);
+	if(gf->nRecords == gf->blockSizeLimit) {
+		sigblkFinish(gf);
+		sigblkInit(gf);
 	}
 }
 
 static void
-timestampIt(gtctx ctx, GTDataHash *hash)
+timestampIt(gtfile gf, GTDataHash *hash)
 {
 	unsigned char *der;
 	size_t lenDer;
@@ -586,7 +613,7 @@ timestampIt(gtctx ctx, GTDataHash *hash)
 	GTTimestamp *timestamp = NULL;
 
 	/* Get the timestamp. */
-	r = GTHTTP_createTimestampHash(hash, ctx->timestamper, &timestamp);
+	r = GTHTTP_createTimestampHash(hash, gf->ctx->timestamper, &timestamp);
 
 	if(r != GT_OK) {
 		fprintf(stderr, "GTHTTP_createTimestampHash() failed: %d (%s)\n",
@@ -602,7 +629,7 @@ timestampIt(gtctx ctx, GTDataHash *hash)
 		goto done;
 	}
 
-	tlvWriteBlockSig(ctx, der, lenDer);
+	tlvWriteBlockSig(gf, der, lenDer);
 
 done:
 	GT_free(der);
@@ -611,32 +638,32 @@ done:
 
 
 void
-sigblkFinish(gtctx ctx)
+sigblkFinish(gtfile gf)
 {
 	GTDataHash *root, *rootDel;
 	int8_t j;
 
-	if(ctx->nRecords == 0)
+	if(gf->nRecords == 0)
 		goto done;
 
 	root = NULL;
-	for(j = 0 ; j < ctx->nRoots ; ++j) {
+	for(j = 0 ; j < gf->nRoots ; ++j) {
 		if(root == NULL) {
-			root = ctx->roots_hash[j];
-			ctx->roots_valid[j] = 0; /* guess this is redundant with init, maybe del */
-		} else if(ctx->roots_valid[j]) {
+			root = gf->roots_hash[j];
+			gf->roots_valid[j] = 0; /* guess this is redundant with init, maybe del */
+		} else if(gf->roots_valid[j]) {
 			rootDel = root;
-			hash_node(ctx, &root, ctx->roots_hash[j], root, j+2);
-			ctx->roots_valid[j] = 0; /* guess this is redundant with init, maybe del */
+			hash_node(gf, &root, gf->roots_hash[j], root, j+2);
+			gf->roots_valid[j] = 0; /* guess this is redundant with init, maybe del */
 			GTDataHash_free(rootDel);
 		}
 	}
-	timestampIt(ctx, root);
+	timestampIt(gf, root);
 
-	free(ctx->blkStrtHash);
-	ctx->lenBlkStrtHash = ctx->x_prev->digest_length;
-	ctx->blkStrtHash = malloc(ctx->lenBlkStrtHash);
-	memcpy(ctx->blkStrtHash, ctx->x_prev->digest, ctx->lenBlkStrtHash);
+	free(gf->blkStrtHash);
+	gf->lenBlkStrtHash = gf->x_prev->digest_length;
+	gf->blkStrtHash = malloc(gf->lenBlkStrtHash);
+	memcpy(gf->blkStrtHash, gf->x_prev->digest, gf->lenBlkStrtHash);
 done:
-	ctx->bInBlk = 0;
+	gf->bInBlk = 0;
 }
diff --git a/runtime/librsgt.h b/runtime/librsgt.h
index a4ea7cc1..b2de73bd 100644
--- a/runtime/librsgt.h
+++ b/runtime/librsgt.h
@@ -30,17 +30,31 @@
 #define MAX_ROOTS 64
 #define LOGSIGHDR "LOGSIG10"
 
-/* context for gt calls. All state data is kept here, this permits
- * multiple concurrent callers.
+/* context for gt calls. This primarily serves as a container for the
+ * config settings. The actual file-specific data is kept in gtfile.
  */
 struct gtctx_s {
 	enum GTHashAlgorithm hashAlg;
-	uint8_t *IV; /* initial value for blinding masks (where to do we get it from?) */
-	GTDataHash *x_prev; /* last leaf hash (maybe of previous block) --> preserve on term */
 	uint8_t bKeepRecordHashes;
 	uint8_t bKeepTreeHashes;
 	uint64_t blockSizeLimit;
 	char *timestamper;
+};
+typedef struct gtctx_s *gtctx;
+
+/* this describes a file, as far as librsgt is concerned */
+struct gtfile_s {
+	gtctx ctx;
+	/* the following data items are mirrored from gtctx to
+	 * increase cache hit ratio (they are frequently accesed).
+	 */
+	enum GTHashAlgorithm hashAlg;
+	uint8_t bKeepRecordHashes;
+	uint8_t bKeepTreeHashes;
+	/* end mirrored properties */
+	uint64_t blockSizeLimit;
+	uint8_t *IV; /* initial value for blinding masks */
+	GTDataHash *x_prev; /* last leaf hash (maybe of previous block) --> preserve on term */
 	unsigned char *sigfilename;
 	unsigned char *statefilename;
 	int fd;
@@ -54,11 +68,11 @@ struct gtctx_s {
 	 */
 	int8_t roots_valid[MAX_ROOTS];
 	GTDataHash *roots_hash[MAX_ROOTS];
-	/* data mambers for the associated TLV file */
+	/* data members for the associated TLV file */
 	char	tlvBuf[4096];
 	int	tlvIdx; /* current index into tlvBuf */
 };
-typedef struct gtctx_s *gtctx;
+typedef struct gtfile_s *gtfile;
 
 typedef struct imprint_s imprint_t;
 typedef struct block_sig_s block_sig_t;
@@ -201,12 +215,12 @@ int rsgtSetHashFunction(gtctx ctx, char *algName);
 void rsgtInit(char *usragent);
 void rsgtExit(void);
 gtctx rsgtCtxNew(void);
-int rsgtCtxOpenFile(gtctx ctx, unsigned char *logfn);
+gtfile rsgtCtxOpenFile(gtctx ctx, unsigned char *logfn);
+void rsgtfileDestruct(gtfile gf);
 void rsgtCtxDel(gtctx ctx);
-void sigblkInit(gtctx ctx);
-void sigblkAddRecord(gtctx ctx, const unsigned char *rec, const size_t len);
-void sigblkFinish(gtctx ctx);
-void rsgtCtxSetLogfileName(gtctx ctx, char *logfilename);
+void sigblkInit(gtfile gf);
+void sigblkAddRecord(gtfile gf, const unsigned char *rec, const size_t len);
+void sigblkFinish(gtfile gf);
 /* reader functions */
 int rsgt_tlvrdHeader(FILE *fp, unsigned char *hdr);
 int rsgt_tlvrd(FILE *fp, uint16_t *tlvtype, uint16_t *tlvlen, void *obj);
diff --git a/runtime/lmsig_gt.c b/runtime/lmsig_gt.c
index 474c573f..021cd9f8 100644
--- a/runtime/lmsig_gt.c
+++ b/runtime/lmsig_gt.c
@@ -118,35 +118,34 @@ SetCnfParam(void *pT, struct nvlst *lst)
 
 
 static rsRetVal
-OnFileOpen(void *pT, uchar *fn)
+OnFileOpen(void *pT, uchar *fn, gtfile *pgf)
 {
 	lmsig_gt_t *pThis = (lmsig_gt_t*) pT;
 	DEFiRet;
 dbgprintf("DDDD: onFileOpen: %s\n", fn);
-	rsgtCtxOpenFile(pThis->ctx, fn);
-	sigblkInit(pThis->ctx);
+	
+	*pgf = rsgtCtxOpenFile(pThis->ctx, fn);
+	sigblkInit(*pgf);
 
 	RETiRet;
 }
 
 static rsRetVal
-OnRecordWrite(void *pT, uchar *rec, rs_size_t lenRec)
+OnRecordWrite(void *pF, uchar *rec, rs_size_t lenRec)
 {
-	lmsig_gt_t *pThis = (lmsig_gt_t*) pT;
 	DEFiRet;
 dbgprintf("DDDD: onRecordWrite (%d): %s\n", lenRec, rec);
-	sigblkAddRecord(pThis->ctx, rec, lenRec);
+	sigblkAddRecord(pF, rec, lenRec);
 
 	RETiRet;
 }
 
 static rsRetVal
-OnFileClose(void *pT)
+OnFileClose(void *pF)
 {
-	lmsig_gt_t *pThis = (lmsig_gt_t*) pT;
 	DEFiRet;
 dbgprintf("DDDD: onFileClose\n");
-	rsgtCtxDel(pThis->ctx);
+	rsgtfileDestruct(pF);
 
 	RETiRet;
 }
diff --git a/runtime/sigprov.h b/runtime/sigprov.h
index 5abfb390..82587b7d 100644
--- a/runtime/sigprov.h
+++ b/runtime/sigprov.h
@@ -29,9 +29,9 @@ BEGINinterface(sigprov) /* name must also be changed in ENDinterface macro! */
 	rsRetVal (*Construct)(void *ppThis);
 	rsRetVal (*SetCnfParam)(void *ppThis, struct nvlst *lst);
 	rsRetVal (*Destruct)(void *ppThis);
-	rsRetVal (*OnFileOpen)(void *pThis, uchar *fn);
-	rsRetVal (*OnRecordWrite)(void *pThis, uchar *rec, rs_size_t lenRec);
-	rsRetVal (*OnFileClose)(void *pThis);
+	rsRetVal (*OnFileOpen)(void *pThis, uchar *fn, void *pFileInstData);
+	rsRetVal (*OnRecordWrite)(void *pFileInstData, uchar *rec, rs_size_t lenRec);
+	rsRetVal (*OnFileClose)(void *pFileInstData);
 ENDinterface(sigprov)
 #define sigprovCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */
 #endif /* #ifndef INCLUDED_SIGPROV_H */
diff --git a/tools/omfile.c b/tools/omfile.c
index e439d504..ba2ef3ae 100644
--- a/tools/omfile.c
+++ b/tools/omfile.c
@@ -119,6 +119,7 @@ getClockFileAccess(void)
 struct s_dynaFileCacheEntry {
 	uchar *pName;		/* name currently open, if dynamic name */
 	strm_t	*pStrm;		/* our output stream */
+	void	*sigprovFileData;	/* opaque data ptr for provider use */
 	uint64	clkTickAccessed;/* for LRU - based on clockFileAccess */
 };
 typedef struct s_dynaFileCacheEntry dynaFileCacheEntry;
@@ -148,6 +149,7 @@ typedef struct _instanceData {
 	uchar 	*sigprovNameFull;/* full internal signature provider name */
 	sigprov_if_t sigprov;	/* ptr to signature provider interface */
 	void	*sigprovData;	/* opaque data ptr for provider use */
+	void 	*sigprovFileData;/* opaque data ptr for file instance */
 	sbool	useSigprov;	/* quicker than checkig ptr (1 vs 8 bytes!) */
 	int	iCurrElt;	/* currently active cache element (-1 = none) */
 	int	iCurrCacheSize;	/* currently cache size (1-based) */
@@ -423,15 +425,16 @@ finalize_it:
  * if the entry should be d_free()ed and 0 if not.
  */
 static rsRetVal
-dynaFileDelCacheEntry(dynaFileCacheEntry **pCache, int iEntry, int bFreeEntry)
+dynaFileDelCacheEntry(instanceData *pData, int iEntry, int bFreeEntry)
 {
+	dynaFileCacheEntry **pCache = pData->dynCache;
 	DEFiRet;
 	ASSERT(pCache != NULL);
 
 	if(pCache[iEntry] == NULL)
 		FINALIZE;
 
-	DBGPRINTF("Removed entry %d for file '%s' from dynaCache.\n", iEntry,
+	DBGPRINTF("Removing entry %d for file '%s' from dynaCache.\n", iEntry,
 		pCache[iEntry]->pName == NULL ? UCHAR_CONSTANT("[OPEN FAILED]") : pCache[iEntry]->pName);
 
 	if(pCache[iEntry]->pName != NULL) {
@@ -441,9 +444,10 @@ dynaFileDelCacheEntry(dynaFileCacheEntry **pCache, int iEntry, int bFreeEntry)
 
 	if(pCache[iEntry]->pStrm != NULL) {
 		strm.Destruct(&pCache[iEntry]->pStrm);
-#warning add sig capability here
-		if(pCache[iEntry]->pStrm != NULL) /* safety check -- TODO: remove if no longer necessary */
-			abort();
+		if(pData->useSigprov) {
+			pData->sigprov.OnFileClose(pCache[iEntry]->sigprovFileData);
+			pCache[iEntry]->sigprovFileData = NULL;
+		}
 	}
 
 	if(bFreeEntry) {
@@ -468,7 +472,7 @@ dynaFileFreeCacheEntries(instanceData *pData)
 
 	BEGINfunc;
 	for(i = 0 ; i < pData->iCurrCacheSize ; ++i) {
-		dynaFileDelCacheEntry(pData->dynCache, i, 1);
+		dynaFileDelCacheEntry(pData, i, 1);
 	}
 	pData->iCurrElt = -1; /* invalidate current element */
 	ENDfunc;
@@ -494,8 +498,10 @@ static rsRetVal
 closeFile(instanceData *pData)
 {
 	DEFiRet;
-	if(pData->useSigprov)
-		pData->sigprov.OnFileClose(pData->sigprovData);
+	if(pData->useSigprov) {
+		pData->sigprov.OnFileClose(pData->sigprovFileData);
+		pData->sigprovFileData = NULL;
+	}
 	strm.Destruct(&pData->pStrm);
 	RETiRet;
 }
@@ -506,7 +512,7 @@ static rsRetVal
 sigprovPrepare(instanceData *pData, uchar *fn)
 {
 	DEFiRet;
-	pData->sigprov.OnFileOpen(pData->sigprovData, fn);
+	pData->sigprov.OnFileOpen(pData->sigprovData, fn, &pData->sigprovFileData);
 	RETiRet;
 }
 
@@ -594,7 +600,9 @@ prepareFile(instanceData *pData, uchar *newFileName)
 	CHKiRet(strm.ConstructFinalize(pData->pStrm));
 
 	if(pData->useSigprov)
+{ dbgprintf("DDDD: prepareFile, call sigprovPrepare\n");
 		sigprovPrepare(pData, szNameBuf);
+}
 	
 finalize_it:
 	if(iRet != RS_RET_OK) {
@@ -630,9 +638,7 @@ prepareDynFile(instanceData *pData, uchar *newFileName, unsigned iMsgOpts)
 
 	pCache = pData->dynCache;
 
-	/* first check, if we still have the current file
-	 * I *hope* this will be a performance enhancement.
-	 */
+	/* first check, if we still have the current file */
 	if(   (pData->iCurrElt != -1)
 	   && !ustrcmp(newFileName, pCache[pData->iCurrElt]->pName)) {
 	   	/* great, we are all set */
@@ -654,9 +660,11 @@ prepareDynFile(instanceData *pData, uchar *newFileName, unsigned iMsgOpts)
 			if(iFirstFree == -1)
 				iFirstFree = i;
 		} else { /* got an element, let's see if it matches */
-			if(!ustrcmp(newFileName, pCache[i]->pName)) {  // RG:  name == NULL?
+			if(!ustrcmp(newFileName, pCache[i]->pName)) {
 				/* we found our element! */
 				pData->pStrm = pCache[i]->pStrm;
+				if(pData->useSigprov)
+					pData->sigprovFileData = pCache[i]->sigprovFileData;
 				pData->iCurrElt = i;
 				pCache[i]->clkTickAccessed = getClockFileAccess(); /* update "timestamp" for LRU */
 				FINALIZE;
@@ -683,7 +691,7 @@ prepareDynFile(instanceData *pData, uchar *newFileName, unsigned iMsgOpts)
 	 * but it could be triggered in the common case of a failed open() system call.
 	 * rgerhards, 2010-03-22
 	 */
-	pData->pStrm = NULL;
+	pData->pStrm = pData->sigprovFileData = NULL;
 
 	if(iFirstFree == -1 && (pData->iCurrCacheSize < pData->iDynaFileCacheSize)) {
 		/* there is space left, so set it to that index */
@@ -696,19 +704,17 @@ prepareDynFile(instanceData *pData, uchar *newFileName, unsigned iMsgOpts)
 	 * The cache array is only updated after the open was successful. -- rgerhards, 2010-03-21
 	 */
 	if(iFirstFree == -1) {
-		dynaFileDelCacheEntry(pCache, iOldest, 0);
+		dynaFileDelCacheEntry(pData, iOldest, 0);
 		STATSCOUNTER_INC(pData->ctrEvict, pData->mutCtrEvict);
 		iFirstFree = iOldest; /* this one *is* now free ;) */
 	} else {
 		/* we need to allocate memory for the cache structure */
-		/* TODO: performance note: we could alloc all entries on startup, thus saving malloc
-		 *       overhead -- this may be something to consider in v5...
-		 */
 		CHKmalloc(pCache[iFirstFree] = (dynaFileCacheEntry*) calloc(1, sizeof(dynaFileCacheEntry)));
 	}
 
 	/* Ok, we finally can open the file */
 	localRet = prepareFile(pData, newFileName); /* ignore exact error, we check fd below */
+dbgprintf("DDDD: prepareFile returned %d\n", localRet);
 
 	/* check if we had an error */
 	if(localRet != RS_RET_OK) {
@@ -730,6 +736,8 @@ prepareDynFile(instanceData *pData, uchar *newFileName, unsigned iMsgOpts)
 		ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY);
 	}
 	pCache[iFirstFree]->pStrm = pData->pStrm;
+	if(pData->useSigprov)
+		pCache[iFirstFree]->sigprovFileData = pData->sigprovFileData;
 	pCache[iFirstFree]->clkTickAccessed = getClockFileAccess();
 	pData->iCurrElt = iFirstFree;
 	DBGPRINTF("Added new entry %d for file cache, file '%s'.\n", iFirstFree, newFileName);
@@ -751,10 +759,11 @@ doWrite(instanceData *pData, uchar *pszBuf, int lenBuf)
 	ASSERT(pData != NULL);
 	ASSERT(pszBuf != NULL);
 
+dbgprintf("DDDD: pData->sigprov %p\n", pData->sigprov);
 	DBGPRINTF("write to stream, pData->pStrm %p, lenBuf %d\n", pData->pStrm, lenBuf);
 	if(pData->pStrm != NULL){
 		CHKiRet(strm.Write(pData->pStrm, pszBuf, lenBuf));
-		CHKiRet(pData->sigprov.OnRecordWrite(pData->sigprovData, pszBuf, lenBuf));
+		CHKiRet(pData->sigprov.OnRecordWrite(pData->sigprovFileData, pszBuf, lenBuf));
 	}
 
 finalize_it:
@@ -762,10 +771,7 @@ finalize_it:
 }
 
 
-/* rgerhards 2004-11-11: write to a file output. This
- * will be called for all outputs using file semantics,
- * for example also for pipes.
- */
+/* rgerhards 2004-11-11: write to a file output.  */
 static rsRetVal
 writeFile(uchar **ppString, unsigned iMsgOpts, instanceData *pData)
 {
@@ -773,11 +779,14 @@ writeFile(uchar **ppString, unsigned iMsgOpts, instanceData *pData)
 
 	ASSERT(pData != NULL);
 
+dbgprintf("DDDD: enter writeFile, dyn: %d, name: %s\n", pData->bDynamicName, pData->f_fname);
 	/* first check if we have a dynamic file name and, if so,
 	 * check if it still is ok or a new file needs to be created
 	 */
 	if(pData->bDynamicName) {
+dbgprintf("DDDD: calling prepareDynFile\n");
 		CHKiRet(prepareDynFile(pData, ppString[1], iMsgOpts));
+dbgprintf("DDDD: done prepareDynFile\n");
 	} else { /* "regular", non-dynafile */
 		if(pData->pStrm == NULL) {
 			CHKiRet(prepareFile(pData, pData->f_fname));
@@ -787,6 +796,7 @@ writeFile(uchar **ppString, unsigned iMsgOpts, instanceData *pData)
 		}
 	}
 
+dbgprintf("DDDD: calling doWrite()\n");
 	CHKiRet(doWrite(pData, ppString[0], strlen(CHAR_CONVERT(ppString[0]))));
 
 finalize_it:
-- 
cgit v1.2.3


From 625480e22019a2b701853b98e34a2a3846279eac Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Mon, 11 Mar 2013 12:39:22 +0100
Subject: cleanup

---
 tools/omfile.c | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/tools/omfile.c b/tools/omfile.c
index ba2ef3ae..4740ed1d 100644
--- a/tools/omfile.c
+++ b/tools/omfile.c
@@ -600,9 +600,7 @@ prepareFile(instanceData *pData, uchar *newFileName)
 	CHKiRet(strm.ConstructFinalize(pData->pStrm));
 
 	if(pData->useSigprov)
-{ dbgprintf("DDDD: prepareFile, call sigprovPrepare\n");
 		sigprovPrepare(pData, szNameBuf);
-}
 	
 finalize_it:
 	if(iRet != RS_RET_OK) {
@@ -714,7 +712,6 @@ prepareDynFile(instanceData *pData, uchar *newFileName, unsigned iMsgOpts)
 
 	/* Ok, we finally can open the file */
 	localRet = prepareFile(pData, newFileName); /* ignore exact error, we check fd below */
-dbgprintf("DDDD: prepareFile returned %d\n", localRet);
 
 	/* check if we had an error */
 	if(localRet != RS_RET_OK) {
@@ -759,7 +756,6 @@ doWrite(instanceData *pData, uchar *pszBuf, int lenBuf)
 	ASSERT(pData != NULL);
 	ASSERT(pszBuf != NULL);
 
-dbgprintf("DDDD: pData->sigprov %p\n", pData->sigprov);
 	DBGPRINTF("write to stream, pData->pStrm %p, lenBuf %d\n", pData->pStrm, lenBuf);
 	if(pData->pStrm != NULL){
 		CHKiRet(strm.Write(pData->pStrm, pszBuf, lenBuf));
@@ -779,14 +775,11 @@ writeFile(uchar **ppString, unsigned iMsgOpts, instanceData *pData)
 
 	ASSERT(pData != NULL);
 
-dbgprintf("DDDD: enter writeFile, dyn: %d, name: %s\n", pData->bDynamicName, pData->f_fname);
 	/* first check if we have a dynamic file name and, if so,
 	 * check if it still is ok or a new file needs to be created
 	 */
 	if(pData->bDynamicName) {
-dbgprintf("DDDD: calling prepareDynFile\n");
 		CHKiRet(prepareDynFile(pData, ppString[1], iMsgOpts));
-dbgprintf("DDDD: done prepareDynFile\n");
 	} else { /* "regular", non-dynafile */
 		if(pData->pStrm == NULL) {
 			CHKiRet(prepareFile(pData, pData->f_fname));
@@ -796,7 +789,6 @@ dbgprintf("DDDD: done prepareDynFile\n");
 		}
 	}
 
-dbgprintf("DDDD: calling doWrite()\n");
 	CHKiRet(doWrite(pData, ppString[0], strlen(CHAR_CONVERT(ppString[0]))));
 
 finalize_it:
@@ -885,7 +877,6 @@ CODESTARTfreeInstance
 	} else if(pData->pStrm != NULL)
 		closeFile(pData);
 	if(pData->useSigprov) {
-		dbgprintf("DDDD: destructing signature provider %s\n", pData->sigprovNameFull);
 		pData->sigprov.Destruct(&pData->sigprovData);
 		obj.ReleaseObj(__FILE__, pData->sigprovNameFull+2, pData->sigprovNameFull,
 			       (void*) &pData->sigprov);
-- 
cgit v1.2.3


From 462426844d188e21a402cda78dc33c100e1b394d Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Mon, 11 Mar 2013 15:19:05 +0100
Subject: doc bugfix: rsyslog.conf man page had invalid file format info

closes: http://bugzilla.adiscon.com/show_bug.cgi?id=418
---
 ChangeLog            | 4 ++++
 tools/rsyslog.conf.5 | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 73b2faa2..bb546122 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,8 @@
 ----------------------------------------------------------------------------
+Version 7.2.7  [v7-stable] 2013-03-??
+- doc bugfix: rsyslog.conf man page had invalid file format info
+  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=418
+----------------------------------------------------------------------------
 Version 7.2.6  [v7-stable] 2013-03-05
 - slightly improved config parser error messages when invalid escapes happen
 - bugfix: include files got included in the wrong order
diff --git a/tools/rsyslog.conf.5 b/tools/rsyslog.conf.5
index fe9e083b..07da6ffd 100644
--- a/tools/rsyslog.conf.5
+++ b/tools/rsyslog.conf.5
@@ -218,7 +218,7 @@ beginning with a slash ('/').
 
 .B Example:
 .RS
-*.*     /var/log/traditionalfile.log;RSYSLOG_TraditionalFormat      # log to a file in the traditional format
+*.*     /var/log/traditionalfile.log;RSYSLOG_TraditionalFileFormat      # log to a file in the traditional format
 .RE
 
 Note: if you would like to use high-precision timestamps in your log files,
-- 
cgit v1.2.3


From 65734fd32105a574e3fae9e469bac72e1f93e945 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Tue, 12 Mar 2013 12:26:00 +0100
Subject: adjust to corrected libgt pkgconfig name

---
 configure.ac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 3f60a5b5..450f06ae 100644
--- a/configure.ac
+++ b/configure.ac
@@ -919,7 +919,7 @@ AC_ARG_ENABLE(guardtime,
         [enable_guardtime=no]
 )
 if test "x$enable_guardtime" = "xyes"; then
-	PKG_CHECK_MODULES(GUARDTIME, gt >= 0.3.1)
+	PKG_CHECK_MODULES(GUARDTIME, libgt >= 0.3.1)
 fi
 AM_CONDITIONAL(ENABLE_GUARDTIME, test x$enable_guardtime = xyes)
 
-- 
cgit v1.2.3


From a25a4bc02e2a6e9915677600401ef927f9b58013 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Tue, 12 Mar 2013 16:48:14 +0100
Subject: prepare 7.3.7 release

---
 ChangeLog       | 2 +-
 configure.ac    | 2 +-
 doc/manual.html | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 870d34fa..c8ef7ac6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,5 @@
 ---------------------------------------------------------------------------
-Version 7.3.7  [devel] 2013-02-??
+Version 7.3.7  [devel] 2013-03-12
 - add support for anonymizing IPv4 addresses
 - add support for writing to the Linux Journal (omjournal)
 - imuxsock: add capability to ignore messages from ourselfes
diff --git a/configure.ac b/configure.ac
index a0c063c2..c3785f48 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ(2.61)
-AC_INIT([rsyslog],[7.3.6],[rsyslog@lists.adiscon.com])
+AC_INIT([rsyslog],[7.3.7],[rsyslog@lists.adiscon.com])
 AM_INIT_AUTOMAKE
 
 m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
diff --git a/doc/manual.html b/doc/manual.html
index 05a03e29..b8461b6d 100644
--- a/doc/manual.html
+++ b/doc/manual.html
@@ -19,7 +19,7 @@ professional services</a> available directly from the source!</p>
 <p><b>Please visit the <a href="http://www.rsyslog.com/sponsors">rsyslog sponsor's page</a>
 to honor the project sponsors or become one yourself!</b> We are very grateful for any help towards the
 project goals.</p>
-<p><b>This documentation is for version 7.3.6 (devel branch) of rsyslog.</b>
+<p><b>This documentation is for version 7.3.7 (devel branch) of rsyslog.</b>
 Visit the <i><a href="http://www.rsyslog.com/status">rsyslog status page</a></i></b>
 to obtain current version information and project status.
 </p><p><b>If you like rsyslog, you might
-- 
cgit v1.2.3


From c469cff2f2e6cfd75ba91dfc106bed0baba99bf8 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Tue, 12 Mar 2013 13:56:32 +0100
Subject: bugfix: imuxsock was missing SysSock.ParseTrusted module parameter

 use that functionality, legacy rsyslog.conf syntax had to be used.
Also, the doc was missing information on the "ParseTrusted" set of
config directives.
---
 ChangeLog                   |  4 ++++
 doc/imuxsock.html           | 27 +++++++++++++++++++++------
 plugins/imuxsock/imuxsock.c |  3 +++
 3 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 20599500..a66bbadc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
 ---------------------------------------------------------------------------
 Version 7.3.8  [devel] 2013-03-??
+- bugfix: imuxsock was missing SysSock.ParseTrusted module parameter
+  To use that functionality, legacy rsyslog.conf syntax had to be used.
+  Also, the doc was missing information on the "ParseTrusted" set of
+  config directives.
 - bugfix: include files got included in the wrong order
   closes: http://bugzilla.adiscon.com/show_bug.cgi?id=411
   This happens if an $IncludeConfig directive was done on multiple
diff --git a/doc/imuxsock.html b/doc/imuxsock.html
index ee9e2a05..d7a52268 100644
--- a/doc/imuxsock.html
+++ b/doc/imuxsock.html
@@ -98,6 +98,10 @@ messages that shall be rate-limited.
 </li>
 <li><b>SysSock.Annotate</b> &lt;on/<b>off</b>&gt; turn on annotation/trusted
 properties for the system log socket.</li>
+<li><b>SysSock.ParseTrusted</b> &lt;on/<b>off</b>&gt; if Annotation is turned on, create
+JSON/lumberjack properties out of the trusted properties (which can be accessed
+via RainerScript JSON Variables, e.g. "$!pid") instead of adding them to the message.
+properties for the system log socket.</li>
 </ul>
 
 <p><b>Input Instance Parameters</b></p>
@@ -160,6 +164,8 @@ will only affect the next one and then automatically be reset. This functionalit
 that the local hostname can be overridden in cases where that is desired.</li>
 <li><b>Annotate</b> &lt;on/<b>off</b>&gt; turn on annotation/trusted
 properties for the non-system log socket in question.</li>
+<li><b>ParseTrusted</b> &lt;on/<b>off</b>&gt; equivalent to the SysSock.ParseTrusted module
+parameter, but applies to the input that is being defined.
 </ul>
 
 <b>Caveats/Known Bugs:</b><br>
@@ -172,12 +178,20 @@ change the array size in imuxsock.c.
 <p>The following sample is the minimum setup required to accept syslog messages from applications running
 on the local system.<br>
 </p>
-<textarea rows="2" cols="70">module(load="/folder/to/rsyslog/plugins/imuxsock/.libs/imuxsock" # needs to be done just once
+<textarea rows="2" cols="70">module(load="imuxsock" # needs to be done just once
 SysSock.FlowControl="on") # enable flow control (use if needed)
 </textarea>
+
+<p>The following sample is similiar to the first one, but enables trusted
+properties, which are put into JSON/lumberjack variables.
+<br>
+</p>
+<textarea rows="2" cols="70">module(load="imuxsock" SysSock.Annotate="on" SysSock.ParseTrusted="on")
+</textarea>
+
 <p>The following sample is a configuration where rsyslogd pulls logs from two
 jails, and assigns different hostnames to each of the jails: </p>
-<textarea rows="6" cols="70">module(load="/folder/to/rsyslog/plugins/imuxsock/.libs/imuxsock") # needs to be done just once
+<textarea rows="6" cols="70">module(load="imuxsock") # needs to be done just once
 
 input(type="imuxsock" HostName="jail1.example.net" Socket="/jail/1/dev/log")
 input(type="imuxsock" HostName="jail2.example.net" Socket="/jail/2/dev/log")
@@ -188,18 +202,18 @@ system. As rsyslogd starts up before the sshd, it needs to create the socket
 directories, because it otherwise can not open the socket and thus not listen
 to openssh messages. Note that it is vital not to place any other socket between
 the CreatePath and the Socket.</p>
-<textarea rows="6" cols="70">module(load="/folder/to/rsyslog/plugins/imuxsock/.libs/imuxsock") # needs to be done just once
+<textarea rows="6" cols="70">module(load="imuxsock") # needs to be done just once
 
 input(type="imuxsock" Socket="/var/run/sshd/dev/log" CreatePath="on")
 </textarea>
 <p>The following sample is used to turn off input rate limiting on the system log
 socket.
-<textarea rows="4" cols="70">module(load="/folder/to/rsyslog/plugins/imuxsock/.libs/imuxsock" # needs to be done just once
+<textarea rows="4" cols="70">module(load="imuxsock" # needs to be done just once
 SysSock.RateLimit.Interval="0") # turn off rate limiting
 </textarea>
 <p>The following sample is used activate message annotation and thus trusted properties
 on the system log socket.
-<textarea rows="4" cols="70">module(load="/folder/to/rsyslog/plugins/imuxsock/.libs/imuxsock" # needs to be done just once
+<textarea rows="4" cols="70">module(load="imuxsock" # needs to be done just once
 SysSock.Annotate="on")
 </textarea>
 
@@ -243,6 +257,7 @@ equivalent to: SysSock.IgnoreTimestamp.</li>
 <li><b>$InputUnixListenSocketHostName</b> &lt;hostname&gt; equivalent to: HostName.</li>
 <li><b>$InputUnixListenSocketAnnotate</b> &lt;on/<b>off</b>&gt; equivalent to: Annotate.</li>
 <li><b>$SystemLogSocketAnnotate</b> &lt;on/<b>off</b>&gt; equivalent to: SysSock.Annotate.</li>
+<li><b>$SystemLogSocketParseTrusted</b> &lt;on/<b>off</b>&gt; equivalent to: SysSock.ParseTrusted.</li>
 </ul>
 
 <b>Caveats/Known Bugs:</b><br>
@@ -295,7 +310,7 @@ $SystemLogSocketAnnotate on
 <p><font size="2">This documentation is part of the
 <a href="http://www.rsyslog.com/">rsyslog</a>
 project.<br>
-Copyright &copy; 2008-2012 by <a href="http://www.gerhards.net/rainer">Rainer
+Copyright &copy; 2008-2013 by <a href="http://www.gerhards.net/rainer">Rainer
 Gerhards</a> and
 <a href="http://www.adiscon.com/">Adiscon</a>.
 Released under the GNU GPL version 3 or higher.</font></p>
diff --git a/plugins/imuxsock/imuxsock.c b/plugins/imuxsock/imuxsock.c
index a5360bee..773cb8db 100644
--- a/plugins/imuxsock/imuxsock.c
+++ b/plugins/imuxsock/imuxsock.c
@@ -233,6 +233,7 @@ static struct cnfparamdescr modpdescr[] = {
 	{ "syssock.flowcontrol", eCmdHdlrBinary, 0 },
 	{ "syssock.usesystimestamp", eCmdHdlrBinary, 0 },
 	{ "syssock.annotate", eCmdHdlrBinary, 0 },
+	{ "syssock.parsetrusted", eCmdHdlrBinary, 0 },
 	{ "syssock.usepidfromsystem", eCmdHdlrBinary, 0 },
 	{ "syssock.ratelimit.interval", eCmdHdlrInt, 0 },
 	{ "syssock.ratelimit.burst", eCmdHdlrInt, 0 },
@@ -1145,6 +1146,8 @@ CODESTARTsetModCnf
 			loadModConf->bUseSysTimeStamp = (int) pvals[i].val.d.n;
 		} else if(!strcmp(modpblk.descr[i].name, "syssock.annotate")) {
 			loadModConf->bAnnotateSysSock = (int) pvals[i].val.d.n;
+		} else if(!strcmp(modpblk.descr[i].name, "syssock.parsetrusted")) {
+			loadModConf->bParseTrusted = (int) pvals[i].val.d.n;
 		} else if(!strcmp(modpblk.descr[i].name, "syssock.usepidfromsystem")) {
 			loadModConf->bWritePidSysSock = (int) pvals[i].val.d.n;
 		} else if(!strcmp(modpblk.descr[i].name, "syssock.ratelimit.interval")) {
-- 
cgit v1.2.3


From 06ba977249e6806571795d3257970c5f98fa0d16 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Wed, 13 Mar 2013 17:38:04 +0100
Subject: rsgtutil: begin to make rsgttlvdump a generic utility

It will support various maintenaince operations, including
verification of signatures in the future. To match its new
scope, it also has been renamed.
---
 tools/Makefile.am   |  10 ++--
 tools/rsgttlvdump.c |  83 --------------------------
 tools/rsgtutil.c    | 168 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 173 insertions(+), 88 deletions(-)
 delete mode 100644 tools/rsgttlvdump.c
 create mode 100644 tools/rsgtutil.c

diff --git a/tools/Makefile.am b/tools/Makefile.am
index 8af86cb4..2501331e 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -59,14 +59,14 @@ logctl_CPPFLAGS =  $(LIBMONGO_CLIENT_CFLAGS)
 logctl_LDADD = $(LIBMONGO_CLIENT_LIBS)
 endif
 if ENABLE_GUARDTIME
-bin_PROGRAMS += rsgttlvdump
-#bin_PROGRAMS += logsigner rsgttlvdump
+bin_PROGRAMS += rsgtutil
+#bin_PROGRAMS += logsigner rsgtutil
 #logsigner = logsigner.c
 #logsigner_CPPFLAGS =  $(RSRT_CFLAGS) $(GUARDTIME_CFLAGS)
 #logsigner_LDADD = ../runtime/librsgt.la $(GUARDTIME_LIBS)
-rsgttlvdump = rsgttlvdump.c
-rsgttlvdump_CPPFLAGS =  $(RSRT_CFLAGS) $(GUARDTIME_CFLAGS)
-rsgttlvdump_LDADD = ../runtime/librsgt.la $(GUARDTIME_LIBS)
+rsgtutil = rsgtutil.c
+rsgtutil_CPPFLAGS =  $(RSRT_CFLAGS) $(GUARDTIME_CFLAGS)
+rsgtutil_LDADD = ../runtime/librsgt.la $(GUARDTIME_LIBS)
 endif
 endif
 
diff --git a/tools/rsgttlvdump.c b/tools/rsgttlvdump.c
deleted file mode 100644
index 9b536db1..00000000
--- a/tools/rsgttlvdump.c
+++ /dev/null
@@ -1,83 +0,0 @@
-/* This is a tool for dumpoing the content of GuardTime TLV
- * files in a (somewhat) human-readable manner.
- * 
- * Copyright 2013 Adiscon GmbH
- *
- * This file is part of rsyslog.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * 
- *       http://www.apache.org/licenses/LICENSE-2.0
- *       -or-
- *       see COPYING.ASL20 in the source distribution
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either exprs or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-#include <stdlib.h>
-#include <stdio.h>
-#include <errno.h>
-#include <string.h>
-#include <gt_base.h>
-#include <gt_http.h>
-
-#include "librsgt.h"
-
-typedef unsigned char uchar;
-
-void
-processFile(char *name)
-{
-	FILE *fp;
-	uchar hdr[9];
-	uint16_t tlvtype, tlvlen;
-	void *obj;
-	int r = -1;
-	
-	if(!strcmp(name, "-"))
-		fp = stdin;
-	else {
-		printf("Processing file %s:\n", name);
-		if((fp = fopen(name, "r")) == NULL) {
-			perror(name);
-			goto err;
-		}
-	}
-	if((r = rsgt_tlvrdHeader(fp, hdr)) != 0) goto err;
-	printf("File Header: '%s'\n", hdr);
-	while(1) { /* we will err out on EOF */
-		if((r = rsgt_tlvrd(fp, &tlvtype, &tlvlen, &obj)) != 0) {
-			if(feof(fp))
-				break;
-			else
-				goto err;
-		}
-		rsgt_tlvprint(stdout, tlvtype, obj, 0);
-	}
-
-	if(fp != stdin)
-		fclose(fp);
-	return;
-err:	fprintf(stderr, "error %d processing file %s\n", r, name);
-}
-
-int
-main(int argc, char *argv[])
-{
-	int i;
-	if(argc == 1)
-		processFile("-");
-	else {
-		for(i = 1 ; i < argc ; ++i)
-			processFile(argv[i]);
-	}
-	return 0;
-}
diff --git a/tools/rsgtutil.c b/tools/rsgtutil.c
new file mode 100644
index 00000000..7b70a9a7
--- /dev/null
+++ b/tools/rsgtutil.c
@@ -0,0 +1,168 @@
+/* This is a tool for dumpoing the content of GuardTime TLV
+ * files in a (somewhat) human-readable manner.
+ * 
+ * Copyright 2013 Adiscon GmbH
+ *
+ * This file is part of rsyslog.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *       -or-
+ *       see COPYING.ASL20 in the source distribution
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either exprs or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include <gt_base.h>
+#include <gt_http.h>
+#include <getopt.h>
+
+#include "librsgt.h"
+
+typedef unsigned char uchar;
+
+static enum { MD_DUMP, MD_DETECT_FILE_TYPE,
+} mode = MD_DUMP;
+static int verbose = 0;
+
+static void
+dumpFile(char *name)
+{
+	FILE *fp;
+	uchar hdr[9];
+	uint16_t tlvtype, tlvlen;
+	void *obj;
+	int r = -1;
+	
+	if(!strcmp(name, "-"))
+		fp = stdin;
+	else {
+		printf("Processing file %s:\n", name);
+		if((fp = fopen(name, "r")) == NULL) {
+			perror(name);
+			goto err;
+		}
+	}
+	if((r = rsgt_tlvrdHeader(fp, hdr)) != 0) goto err;
+	printf("File Header: '%s'\n", hdr);
+	while(1) { /* we will err out on EOF */
+		if((r = rsgt_tlvrd(fp, &tlvtype, &tlvlen, &obj)) != 0) {
+			if(feof(fp))
+				break;
+			else
+				goto err;
+		}
+		rsgt_tlvprint(stdout, tlvtype, obj, verbose);
+	}
+
+	if(fp != stdin)
+		fclose(fp);
+	return;
+err:	fprintf(stderr, "error %d processing file %s\n", r, name);
+}
+
+static void
+detectFileType(char *name)
+{
+	FILE *fp;
+	char *typeName;
+	char hdr[9];
+	int r = -1;
+	
+	if(!strcmp(name, "-"))
+		fp = stdin;
+	else {
+		if((fp = fopen(name, "r")) == NULL) {
+			perror(name);
+			goto err;
+		}
+	}
+	if((r = rsgt_tlvrdHeader(fp, (uchar*)hdr)) != 0) goto err;
+	if(!strcmp(hdr, "LOGSIG10"))
+		typeName = "Log Signature File, Version 10";
+	else
+		typeName = "unknown";
+
+	printf("%s: %s [%s]\n", name, hdr, typeName);
+
+	if(fp != stdin)
+		fclose(fp);
+	return;
+err:	fprintf(stderr, "error %d processing file %s\n", r, name);
+}
+
+static void
+processFile(char *name)
+{
+	switch(mode) {
+	case MD_DETECT_FILE_TYPE:
+		detectFileType(name);
+		break;
+	case MD_DUMP:
+		dumpFile(name);
+		break;
+	}
+}
+
+
+static struct option long_options[] = 
+{ 
+	{"dump", no_argument, NULL, 'D'},
+	{"verbose", no_argument, NULL, 'v'},
+	{"version", no_argument, NULL, 'V'},
+	{"detect-file-type", no_argument, NULL, 'T'},
+	{NULL, 0, NULL, 0} 
+}; 
+
+int
+main(int argc, char *argv[])
+{
+	int i;
+	int opt;
+
+	while(1) {
+		opt = getopt_long(argc, argv, "v", long_options, NULL);
+		if(opt == -1)
+			break;
+		switch(opt) {
+		case 'v':
+			verbose = 1;
+			break;
+		case 'V':
+			fprintf(stderr, "rsgtutil " VERSION "\n");
+			exit(0);
+		case 'D':
+			mode = MD_DUMP;
+			break;
+		case 'T':
+			mode = MD_DETECT_FILE_TYPE;
+			break;
+		case '?':
+			break;
+		default:fprintf(stderr, "getopt_long() returns unknown value %d\n", opt);
+			return 1;
+		}
+	}
+
+	if(optind == argc)
+		processFile("-");
+	else {
+		for(i = optind ; i < argc ; ++i)
+			processFile(argv[i]);
+	}
+
+	return 0;
+}
-- 
cgit v1.2.3


From 44b4922825df794f678cd4ad18d940ff114b943f Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Thu, 14 Mar 2013 12:32:03 +0100
Subject: rsgtutil: add --show-sigblock-params parameter

---
 runtime/librsgt.h      |  10 +++-
 runtime/librsgt_read.c | 127 +++++++++++++++++++++++++++++++++++++++++++++----
 tools/rsgtutil.c       |  48 ++++++++++++++++++-
 3 files changed, 175 insertions(+), 10 deletions(-)

diff --git a/runtime/librsgt.h b/runtime/librsgt.h
index b2de73bd..d9d221ea 100644
--- a/runtime/librsgt.h
+++ b/runtime/librsgt.h
@@ -110,11 +110,16 @@ struct rsgtstatefile {
 };
 
 /* error states */
-#define RSGTE_IO 1 	/* any kind of io error, including EOF */
+#define RSGTE_IO 1 	/* any kind of io error */
 #define RSGTE_FMT 2	/* data fromat error */
 #define RSGTE_INVLTYP 3	/* invalid TLV type record (unexcpected at this point) */
 #define RSGTE_OOM 4	/* ran out of memory */
 #define RSGTE_LEN 5	/* error related to length records */
+#define RSGTE_NO_BLKSIG 6/* block signature record is missing --> invalid block */
+#define RSGTE_INVLD_RECCNT 7/* mismatch between actual records and records
+                               given in block-sig record */
+#define RSGTE_INVLHDR 8/* invalid file header */
+#define RSGTE_EOF 9 	/* specific EOF */
 
 
 static inline uint16_t
@@ -225,5 +230,8 @@ void sigblkFinish(gtfile gf);
 int rsgt_tlvrdHeader(FILE *fp, unsigned char *hdr);
 int rsgt_tlvrd(FILE *fp, uint16_t *tlvtype, uint16_t *tlvlen, void *obj);
 void rsgt_tlvprint(FILE *fp, uint16_t tlvtype, void *obj, uint8_t verbose);
+void rsgt_printBLOCK_SIG(FILE *fp, block_sig_t *bs, uint8_t verbose);
+int rsgt_getBlockParams(FILE *fp, uint8_t bRewind, block_sig_t **bs, uint8_t *bHasRecHashes, uint8_t *bHasIntermedHashes);
+int rsgt_chkFileHdr(FILE *fp, char *expect);
 
 #endif  /* #ifndef INCLUDED_LIBRSGT_H */
diff --git a/runtime/librsgt_read.c b/runtime/librsgt_read.c
index be78580d..961e50c5 100644
--- a/runtime/librsgt_read.c
+++ b/runtime/librsgt_read.c
@@ -50,7 +50,7 @@ static int rsgt_read_debug = 0;
 
 /* macro to obtain next char from file including error tracking */
 #define NEXTC	if((c = fgetc(fp)) == EOF) { \
-			r = RSGTE_IO; \
+			r = feof(fp) ? RSGTE_EOF : RSGTE_IO; \
 			goto done; \
 		}
 
@@ -118,6 +118,17 @@ rsgt_tlvrdOctetString(FILE *fp, uint8_t **data, size_t len)
 done:	return r;
 }
 static int
+rsgt_tlvrdSkipVal(FILE *fp, size_t len)
+{
+	size_t i;
+	int c, r = 1;
+	for(i = 0 ; i < len ; ++i) {
+		NEXTC;
+	}
+	r = 0;
+done:	return r;
+}
+static int
 rsgt_tlvrdHASH_ALGO(FILE *fp, uint8_t *hashAlg)
 {
 	int r = 1;
@@ -314,14 +325,14 @@ done:	return r;
  * otherwise everything.
  */
 static void
-outputHexBlob(uint8_t *blob, uint16_t len, uint8_t verbose)
+outputHexBlob(FILE *fp, uint8_t *blob, uint16_t len, uint8_t verbose)
 {
 	unsigned i;
 	if(verbose || len <= 6) {
 		for(i = 0 ; i < len ; ++i)
-			printf("%2.2x", blob[i]);
+			fprintf(fp, "%2.2x", blob[i]);
 	} else {
-		printf("%2.2x%2.2x[...]%2.2x%2.2x",
+		fprintf(fp, "%2.2x%2.2x[...]%2.2x%2.2x",
 			blob[0], blob[1],
 			blob[len-2], blob[len-2]);
 	}
@@ -342,7 +353,7 @@ static void
 rsgt_printIMPRINT(FILE *fp, char *name, imprint_t *imp, uint8_t verbose)
 {
 	fprintf(fp, "%s", name);
-		outputHexBlob(imp->data, imp->len, verbose);
+		outputHexBlob(fp, imp->data, imp->len, verbose);
 		fputc('\n', fp);
 }
 
@@ -376,19 +387,19 @@ rsgt_printBLOCK_SIG(FILE *fp, block_sig_t *bs, uint8_t verbose)
 	fprintf(fp, "\tPrevious Block Hash:\n");
 	fprintf(fp, "\t   Algorithm..: %s\n", hashAlgName(bs->lastHash.hashID));
 	fprintf(fp, "\t   Hash.......: ");
-		outputHexBlob(bs->lastHash.data, bs->lastHash.len, verbose);
+		outputHexBlob(fp, bs->lastHash.data, bs->lastHash.len, verbose);
 		fputc('\n', fp);
 	if(blobIsZero(bs->lastHash.data, bs->lastHash.len))
 		fprintf(fp, "\t   NOTE: New Hash Chain Start!\n");
 	fprintf(fp, "\tHash Algorithm: %s\n", hashAlgName(bs->hashID));
 	fprintf(fp, "\tIV............: ");
-		outputHexBlob(bs->iv, getIVLen(bs), verbose);
+		outputHexBlob(fp, bs->iv, getIVLen(bs), verbose);
 		fputc('\n', fp);
 	fprintf(fp, "\tRecord Count..: %llu\n", bs->recCount);
 	fprintf(fp, "\tSignature Type: %s\n", sigTypeName(bs->sigID));
 	fprintf(fp, "\tSignature Len.: %u\n", bs->sig.der.len);
 	fprintf(fp, "\tSignature.....: ");
-		outputHexBlob(bs->sig.der.data, bs->sig.der.len, verbose);
+		outputHexBlob(fp, bs->sig.der.data, bs->sig.der.len, verbose);
 		fputc('\n', fp);
 }
 
@@ -417,3 +428,103 @@ rsgt_tlvprint(FILE *fp, uint16_t tlvtype, void *obj, uint8_t verbose)
 		break;
 	}
 }
+
+
+/**
+ * Read block parameters. This detects if the block contains the
+ * individual log hashes, the intermediate hashes and the overall
+ * block paramters (from the signature block). As we do not have any
+ * begin of block record, we do not know e.g. the hash algorithm or IV
+ * until reading the block signature record. And because the file is
+ * purely sequential and variable size, we need to read all records up to
+ * the next signature record.
+ * If a caller intends to verify a log file based on the parameters,
+ * he must re-read the file from the begining (we could keep things
+ * in memory, but this is impractical for large blocks). In order
+ * to facitate this, the function permits to rewind to the original
+ * read location when it is done.
+ *
+ * @param[in] fp file pointer of tlv file
+ * @param[in] bRewind 0 - do not rewind at end of procesing, 1 - do so
+ * @param[out] bs block signature record
+ * @param[out] bHasRecHashes 0 if record hashes are present, 1 otherwise
+ * @param[out] bHasIntermedHashes 0 if intermediate hashes are present,
+ *                1 otherwise
+ *
+ * @returns 0 if ok, something else otherwise
+ */
+int
+rsgt_getBlockParams(FILE *fp, uint8_t bRewind, block_sig_t **bs,
+                    uint8_t *bHasRecHashes, uint8_t *bHasIntermedHashes)
+{
+	int r;
+	uint64_t nRecs = 0;
+	uint16_t tlvtype, tlvlen;
+	uint8_t bDone = 0;
+	off_t rewindPos = 0;
+
+	if(bRewind)
+		rewindPos = ftello(fp);
+	*bHasRecHashes = 0;
+	*bHasIntermedHashes = 0;
+	*bs = NULL;
+
+	while(!bDone) { /* we will err out on EOF */
+		if((r = rsgt_tlvrdTL(fp, &tlvtype, &tlvlen)) != 0) goto done;
+		switch(tlvtype) {
+		case 0x0900:
+			++nRecs;
+			*bHasRecHashes = 1;
+			rsgt_tlvrdSkipVal(fp, tlvlen);
+			break;
+		case 0x0901:
+			*bHasIntermedHashes = 1;
+			rsgt_tlvrdSkipVal(fp, tlvlen);
+			break;
+		case 0x0902:
+			r = rsgt_tlvrdBLOCK_SIG(fp, bs, tlvlen);
+			if(r != 0) goto done;
+			bDone = 1;
+			break;
+		default:fprintf(fp, "unknown tlv record %4.4x\n", tlvtype);
+			break;
+		}
+	}
+
+	if(*bHasRecHashes && (nRecs != (*bs)->recCount)) {
+		r = RSGTE_INVLD_RECCNT;
+		goto done;
+	}
+
+	if(bRewind) {
+		if(fseeko(fp, rewindPos, SEEK_SET) != 0) {
+			r = RSGTE_IO;
+			goto done;
+		}
+	}
+done:
+	return r;
+}
+
+
+/**
+ * Read the file header and compare it to the expected value.
+ * The file pointer is placed right after the header.
+ * @param[in] fp file pointer of tlv file
+ * @param[in] excpect expected header (e.g. "LOGSIG10")
+ * @returns 0 if ok, something else otherwise
+ */
+int
+rsgt_chkFileHdr(FILE *fp, char *expect)
+{
+	int r;
+	char hdr[9];
+
+	if((r = rsgt_tlvrdHeader(fp, (uchar*)hdr)) != 0) goto done;
+	if(strcmp(hdr, expect))
+		r = RSGTE_INVLHDR;
+	else
+		r = 0;
+done:
+	return r;
+}
diff --git a/tools/rsgtutil.c b/tools/rsgtutil.c
index 7b70a9a7..3286163b 100644
--- a/tools/rsgtutil.c
+++ b/tools/rsgtutil.c
@@ -34,7 +34,7 @@
 
 typedef unsigned char uchar;
 
-static enum { MD_DUMP, MD_DETECT_FILE_TYPE,
+static enum { MD_DUMP, MD_DETECT_FILE_TYPE, MD_SHOW_SIGBLK_PARAMS
 } mode = MD_DUMP;
 static int verbose = 0;
 
@@ -74,6 +74,45 @@ dumpFile(char *name)
 err:	fprintf(stderr, "error %d processing file %s\n", r, name);
 }
 
+static void
+showSigblkParams(char *name)
+{
+	FILE *fp;
+	block_sig_t *bs;
+	uint8_t bHasRecHashes, bHasIntermedHashes;
+	uint64_t blkCnt = 0;
+	int r = -1;
+	
+	if(!strcmp(name, "-"))
+		fp = stdin;
+	else {
+		if((fp = fopen(name, "r")) == NULL) {
+			perror(name);
+			goto err;
+		}
+	}
+	if((r = rsgt_chkFileHdr(fp, "LOGSIG10")) != 0) goto err;
+
+	while(1) { /* we will err out on EOF */
+		if((r = rsgt_getBlockParams(fp, 0, &bs, &bHasRecHashes,
+				        &bHasIntermedHashes)) != 0)
+			goto err;
+		++blkCnt;
+		rsgt_printBLOCK_SIG(stdout, bs, verbose);
+		printf("\t***META INFORMATION:\n");
+		printf("\tBlock Nbr in File......: %llu\n", blkCnt);
+		printf("\tHas Record Hashes......: %d\n", bHasRecHashes);
+		printf("\tHas Intermediate Hashes: %d\n", bHasIntermedHashes);
+	}
+
+	if(fp != stdin)
+		fclose(fp);
+	return;
+err:
+	if(r != RSGTE_EOF)
+		fprintf(stderr, "error %d processing file %s\n", r, name);
+}
+
 static void
 detectFileType(char *name)
 {
@@ -114,6 +153,9 @@ processFile(char *name)
 	case MD_DUMP:
 		dumpFile(name);
 		break;
+	case MD_SHOW_SIGBLK_PARAMS:
+		showSigblkParams(name);
+		break;
 	}
 }
 
@@ -124,6 +166,7 @@ static struct option long_options[] =
 	{"verbose", no_argument, NULL, 'v'},
 	{"version", no_argument, NULL, 'V'},
 	{"detect-file-type", no_argument, NULL, 'T'},
+	{"show-sigblock-params", no_argument, NULL, 'B'},
 	{NULL, 0, NULL, 0} 
 }; 
 
@@ -147,6 +190,9 @@ main(int argc, char *argv[])
 		case 'D':
 			mode = MD_DUMP;
 			break;
+		case 'B':
+			mode = MD_SHOW_SIGBLK_PARAMS;
+			break;
 		case 'T':
 			mode = MD_DETECT_FILE_TYPE;
 			break;
-- 
cgit v1.2.3


From 6345e959d96bd9a3cbeeaea7f99572c33bea3054 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 15 Mar 2013 08:19:14 +0100
Subject: bugfix: imuxsock was missing SysSock.ParseTrusted module parameter

To use that functionality, legacy rsyslog.conf syntax had to be used.
Also, the doc was missing information on the "ParseTrusted" set of
config directives.
---
 ChangeLog                   |  4 ++++
 doc/imuxsock.html           | 27 +++++++++++++++++++++------
 plugins/imuxsock/imuxsock.c |  3 +++
 3 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index bb546122..c41a89c0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
 ----------------------------------------------------------------------------
 Version 7.2.7  [v7-stable] 2013-03-??
+- bugfix: imuxsock was missing SysSock.ParseTrusted module parameter
+  To use that functionality, legacy rsyslog.conf syntax had to be used.
+  Also, the doc was missing information on the "ParseTrusted" set of
+  config directives.
 - doc bugfix: rsyslog.conf man page had invalid file format info
   closes: http://bugzilla.adiscon.com/show_bug.cgi?id=418
 ----------------------------------------------------------------------------
diff --git a/doc/imuxsock.html b/doc/imuxsock.html
index a962f814..d505604a 100644
--- a/doc/imuxsock.html
+++ b/doc/imuxsock.html
@@ -92,6 +92,10 @@ messages that shall be rate-limited.
 </li>
 <li><b>SysSock.Annotate</b> &lt;on/<b>off</b>&gt; turn on annotation/trusted
 properties for the system log socket.</li>
+<li><b>SysSock.ParseTrusted</b> &lt;on/<b>off</b>&gt; if Annotation is turned on, create
+JSON/lumberjack properties out of the trusted properties (which can be accessed
+via RainerScript JSON Variables, e.g. "$!pid") instead of adding them to the message.
+properties for the system log socket.</li>
 </ul>
 
 <p><b>Input Instance Parameters</b></p>
@@ -148,6 +152,8 @@ will only affect the next one and then automatically be reset. This functionalit
 that the local hostname can be overridden in cases where that is desired.</li>
 <li><b>Annotate</b> &lt;on/<b>off</b>&gt; turn on annotation/trusted
 properties for the non-system log socket in question.</li>
+<li><b>ParseTrusted</b> &lt;on/<b>off</b>&gt; equivalent to the SysSock.ParseTrusted module
+parameter, but applies to the input that is being defined.
 </ul>
 
 <b>Caveats/Known Bugs:</b><br>
@@ -160,12 +166,20 @@ change the array size in imuxsock.c.
 <p>The following sample is the minimum setup required to accept syslog messages from applications running
 on the local system.<br>
 </p>
-<textarea rows="2" cols="70">module(load="/folder/to/rsyslog/plugins/imuxsock/.libs/imuxsock" # needs to be done just once
+<textarea rows="2" cols="70">module(load="imuxsock" # needs to be done just once
 SysSock.FlowControl="on") # enable flow control (use if needed)
 </textarea>
+
+<p>The following sample is similiar to the first one, but enables trusted
+properties, which are put into JSON/lumberjack variables.
+<br>
+</p>
+<textarea rows="2" cols="70">module(load="imuxsock" SysSock.Annotate="on" SysSock.ParseTrusted="on")
+</textarea>
+
 <p>The following sample is a configuration where rsyslogd pulls logs from two
 jails, and assigns different hostnames to each of the jails: </p>
-<textarea rows="6" cols="70">module(load="/folder/to/rsyslog/plugins/imuxsock/.libs/imuxsock") # needs to be done just once
+<textarea rows="6" cols="70">module(load="imuxsock") # needs to be done just once
 
 input(type="imuxsock" HostName="jail1.example.net" Socket="/jail/1/dev/log")
 input(type="imuxsock" HostName="jail2.example.net" Socket="/jail/2/dev/log")
@@ -176,18 +190,18 @@ system. As rsyslogd starts up before the sshd, it needs to create the socket
 directories, because it otherwise can not open the socket and thus not listen
 to openssh messages. Note that it is vital not to place any other socket between
 the CreatePath and the Socket.</p>
-<textarea rows="6" cols="70">module(load="/folder/to/rsyslog/plugins/imuxsock/.libs/imuxsock") # needs to be done just once
+<textarea rows="6" cols="70">module(load="imuxsock") # needs to be done just once
 
 input(type="imuxsock" Socket="/var/run/sshd/dev/log" CreatePath="on")
 </textarea>
 <p>The following sample is used to turn off input rate limiting on the system log
 socket.
-<textarea rows="4" cols="70">module(load="/folder/to/rsyslog/plugins/imuxsock/.libs/imuxsock" # needs to be done just once
+<textarea rows="4" cols="70">module(load="imuxsock" # needs to be done just once
 SysSock.RateLimit.Interval="0") # turn off rate limiting
 </textarea>
 <p>The following sample is used activate message annotation and thus trusted properties
 on the system log socket.
-<textarea rows="4" cols="70">module(load="/folder/to/rsyslog/plugins/imuxsock/.libs/imuxsock" # needs to be done just once
+<textarea rows="4" cols="70">module(load="imuxsock" # needs to be done just once
 SysSock.Annotate="on")
 </textarea>
 
@@ -231,6 +245,7 @@ equivalent to: SysSock.IgnoreTimestamp.</li>
 <li><b>$InputUnixListenSocketHostName</b> &lt;hostname&gt; equivalent to: HostName.</li>
 <li><b>$InputUnixListenSocketAnnotate</b> &lt;on/<b>off</b>&gt; equivalent to: Annotate.</li>
 <li><b>$SystemLogSocketAnnotate</b> &lt;on/<b>off</b>&gt; equivalent to: SysSock.Annotate.</li>
+<li><b>$SystemLogSocketParseTrusted</b> &lt;on/<b>off</b>&gt; equivalent to: SysSock.ParseTrusted.</li>
 </ul>
 
 <b>Caveats/Known Bugs:</b><br>
@@ -283,7 +298,7 @@ $SystemLogSocketAnnotate on
 <p><font size="2">This documentation is part of the
 <a href="http://www.rsyslog.com/">rsyslog</a>
 project.<br>
-Copyright &copy; 2008-2012 by <a href="http://www.gerhards.net/rainer">Rainer
+Copyright &copy; 2008-2013 by <a href="http://www.gerhards.net/rainer">Rainer
 Gerhards</a> and
 <a href="http://www.adiscon.com/">Adiscon</a>.
 Released under the GNU GPL version 3 or higher.</font></p>
diff --git a/plugins/imuxsock/imuxsock.c b/plugins/imuxsock/imuxsock.c
index 871a1fa5..637cb133 100644
--- a/plugins/imuxsock/imuxsock.c
+++ b/plugins/imuxsock/imuxsock.c
@@ -236,6 +236,7 @@ static struct cnfparamdescr modpdescr[] = {
 	{ "syssock.flowcontrol", eCmdHdlrBinary, 0 },
 	{ "syssock.usesystimestamp", eCmdHdlrBinary, 0 },
 	{ "syssock.annotate", eCmdHdlrBinary, 0 },
+	{ "syssock.parsetrusted", eCmdHdlrBinary, 0 },
 	{ "syssock.usepidfromsystem", eCmdHdlrBinary, 0 },
 	{ "syssock.ratelimit.interval", eCmdHdlrInt, 0 },
 	{ "syssock.ratelimit.burst", eCmdHdlrInt, 0 },
@@ -1204,6 +1205,8 @@ CODESTARTsetModCnf
 			loadModConf->bUseSysTimeStamp = (int) pvals[i].val.d.n;
 		} else if(!strcmp(modpblk.descr[i].name, "syssock.annotate")) {
 			loadModConf->bAnnotateSysSock = (int) pvals[i].val.d.n;
+		} else if(!strcmp(modpblk.descr[i].name, "syssock.parsetrusted")) {
+			loadModConf->bParseTrusted = (int) pvals[i].val.d.n;
 		} else if(!strcmp(modpblk.descr[i].name, "syssock.usepidfromsystem")) {
 			loadModConf->bWritePidSysSock = (int) pvals[i].val.d.n;
 		} else if(!strcmp(modpblk.descr[i].name, "syssock.ratelimit.interval")) {
-- 
cgit v1.2.3


From 3f4facd593e03d8fcabba04910dfbde46035a445 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 15 Mar 2013 08:41:36 +0100
Subject: doc: typo fix

---
 doc/imuxsock.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/imuxsock.html b/doc/imuxsock.html
index d7a52268..68bbe4b2 100644
--- a/doc/imuxsock.html
+++ b/doc/imuxsock.html
@@ -101,7 +101,7 @@ properties for the system log socket.</li>
 <li><b>SysSock.ParseTrusted</b> &lt;on/<b>off</b>&gt; if Annotation is turned on, create
 JSON/lumberjack properties out of the trusted properties (which can be accessed
 via RainerScript JSON Variables, e.g. "$!pid") instead of adding them to the message.
-properties for the system log socket.</li>
+</li>
 </ul>
 
 <p><b>Input Instance Parameters</b></p>
-- 
cgit v1.2.3


From ebda75e574dcb077c0da3ffd8cc4cc6b96c69ed3 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 15 Mar 2013 12:16:57 +0100
Subject: imrelp: now supports listening to IPv4/v6 only instead of always both

build now requires librelp 1.0.2
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=378
---
 ChangeLog               | 3 +++
 configure.ac            | 2 +-
 doc/imrelp.html         | 2 +-
 plugins/imrelp/imrelp.c | 1 +
 4 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 29192537..29cd533c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
 ---------------------------------------------------------------------------
 Version 7.3.8  [devel] 2013-03-??
+- imrelp: now supports listening to IPv4/v6 only instead of always both
+  build now requires librelp 1.0.2
+  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=378
 - bugfix: imuxsock was missing SysSock.ParseTrusted module parameter
   To use that functionality, legacy rsyslog.conf syntax had to be used.
   Also, the doc was missing information on the "ParseTrusted" set of
diff --git a/configure.ac b/configure.ac
index c3785f48..0e398307 100644
--- a/configure.ac
+++ b/configure.ac
@@ -915,7 +915,7 @@ AC_ARG_ENABLE(relp,
         [enable_relp=no]
 )
 if test "x$enable_relp" = "xyes"; then
-	PKG_CHECK_MODULES(RELP, relp >= 1.0.1)
+	PKG_CHECK_MODULES(RELP, relp >= 1.0.2)
 fi
 AM_CONDITIONAL(ENABLE_RELP, test x$enable_relp = xyes)
 
diff --git a/doc/imrelp.html b/doc/imrelp.html
index 856aff82..9f3e4875 100644
--- a/doc/imrelp.html
+++ b/doc/imrelp.html
@@ -47,7 +47,7 @@ not specific ones. This is due to a currently existing limitation in librelp.
 <p><b>Sample:</b></p>
 <p>This sets up a RELP server on port 20514.<br>
 </p>
-<textarea rows="15" cols="60">module(load="/folder/to/rsyslog/plugins/imrelp/.libs/imrelp") # needs to be done just once
+<textarea rows="15" cols="60">module(load="imrelp") # needs to be done just once
 input(type="imrelp" port="20514")
 </textarea>
 
diff --git a/plugins/imrelp/imrelp.c b/plugins/imrelp/imrelp.c
index dc67f4fe..5e0ae552 100644
--- a/plugins/imrelp/imrelp.c
+++ b/plugins/imrelp/imrelp.c
@@ -208,6 +208,7 @@ addListner(modConfData_t __attribute__((unused)) *modConf, instanceConf_t *inst)
 	if(pRelpEngine == NULL) {
 		CHKiRet(relpEngineConstruct(&pRelpEngine));
 		CHKiRet(relpEngineSetDbgprint(pRelpEngine, dbgprintf));
+		CHKiRet(relpEngineSetFamily(pRelpEngine, glbl.GetDefPFFamily()));
 		CHKiRet(relpEngineSetEnableCmd(pRelpEngine, (uchar*) "syslog", eRelpCmdState_Required));
 		CHKiRet(relpEngineSetSyslogRcv(pRelpEngine, onSyslogRcv));
 		if (!glbl.GetDisableDNS()) {
-- 
cgit v1.2.3


From 0114b531b38b16db98b04b680017d6c758987fd9 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 15 Mar 2013 14:33:23 +0100
Subject: debug system improvement & bug fix for init system status (see below)

- rsyslogd startup information is now properly conveyed back to init
  when privileges are beging dropped
  Actually, we have moved termination of the parent in front of the
  priv drop. So it shall work now in all cases. See code comments in
  commit for more details.
- If forking, the parent now waits for a maximum of 60 seconds for
  termination by the child
- improved debugging support in forked (auto-backgrounding) mode
  The rsyslog debug log file is now continued to be written across the
  fork.
---
 ChangeLog       | 10 ++++++++++
 runtime/debug.c |  9 +++++++++
 runtime/debug.h |  1 +
 tools/syslogd.c | 48 ++++++++++++++++++++++++++++--------------------
 4 files changed, 48 insertions(+), 20 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index c41a89c0..b143ae81 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,16 @@ Version 7.2.7  [v7-stable] 2013-03-??
   config directives.
 - doc bugfix: rsyslog.conf man page had invalid file format info
   closes: http://bugzilla.adiscon.com/show_bug.cgi?id=418
+- rsyslogd startup information is now properly conveyed back to init
+  when privileges are beging dropped
+  Actually, we have moved termination of the parent in front of the
+  priv drop. So it shall work now in all cases. See code comments in
+  commit for more details.
+- If forking, the parent now waits for a maximum of 60 seconds for
+  termination by the child
+- improved debugging support in forked (auto-backgrounding) mode
+  The rsyslog debug log file is now continued to be written across the
+  fork.
 ----------------------------------------------------------------------------
 Version 7.2.6  [v7-stable] 2013-03-05
 - slightly improved config parser error messages when invalid escapes happen
diff --git a/runtime/debug.c b/runtime/debug.c
index 1d306dbd..26da31b4 100644
--- a/runtime/debug.c
+++ b/runtime/debug.c
@@ -1296,6 +1296,15 @@ dbgmalloc(size_t size)
 }
 
 
+/* report fd used for debug log. This is needed in case of
+ * auto-backgrounding, where the debug log shall not be closed.
+ */
+int
+dbgGetDbglogFd(void)
+{
+	return altdbg;
+}
+
 /* read in the runtime options
  * rgerhards, 2008-02-28
  */
diff --git a/runtime/debug.h b/runtime/debug.h
index 5bd26bd8..e6971f82 100644
--- a/runtime/debug.h
+++ b/runtime/debug.h
@@ -104,6 +104,7 @@ void dbgSetExecLocation(int iStackPtr, int line);
 void dbgSetThrdName(uchar *pszName);
 void dbgPrintAllDebugInfo(void);
 void *dbgmalloc(size_t size);
+int dbgGetDbglogFd(void);
 
 /* macros */
 #ifdef DEBUGLESS
diff --git a/tools/syslogd.c b/tools/syslogd.c
index 62c18e72..0d7aac6c 100644
--- a/tools/syslogd.c
+++ b/tools/syslogd.c
@@ -224,7 +224,7 @@ struct queuefilenames_s {
 
 int	MarkInterval = 20 * 60;	/* interval between marks in seconds - read-only after startup */
 int      send_to_all = 0;        /* send message to all IPv4/IPv6 addresses */
-static int	NoFork = 0; 	/* don't fork - don't run in daemon mode - read-only after startup */
+static int	doFork = 1; 	/* fork - run in daemon mode - read-only after startup */
 int	bHaveMainQueue = 0;/* set to 1 if the main queue - in queueing mode - is available
 				 * If the main queue is either not yet ready or not running in 
 				 * queueing mode (mode DIRECT!), then this is set to 0.
@@ -473,7 +473,7 @@ logmsgInternal(int iErr, int pri, uchar *msg, int flags)
 	 * permits us to process unmodified config files which otherwise contain a
 	 * supressor statement.
 	 */
-	if(((Debug == DEBUG_FULL || NoFork) && ourConf->globals.bErrMsgToStderr) || iConfigVerify) {
+	if(((Debug == DEBUG_FULL || !doFork) && ourConf->globals.bErrMsgToStderr) || iConfigVerify) {
 		if(LOG_PRI(pri) == LOG_ERR)
 			fprintf(stderr, "rsyslogd: %s\n", msg);
 	}
@@ -652,7 +652,6 @@ finalize_it:
 rsRetVal
 multiSubmitMsg(multi_submit_t *pMultiSub)
 {
-	int i;
 	qqueue_t *pQueue;
 	ruleset_t *pRuleset;
 	DEFiRet;
@@ -1693,8 +1692,7 @@ doGlblProcessInit(void)
 
 	thrdInit();
 
-	if( !(Debug == DEBUG_FULL || NoFork) )
-	{
+	if(doFork) {
 		DBGPRINTF("Checking pidfile '%s'.\n", PidFile);
 		if (!check_pid(PidFile))
 		{
@@ -1706,16 +1704,23 @@ doGlblProcessInit(void)
 			/* stop writing debug messages to stdout (if debugging is on) */
 			stddbg = -1;
 
+			dbgprintf("ready for forking\n");
 			if (fork()) {
 				/* Parent process
 				 */
-				sleep(300);
-				/* Not reached unless something major went wrong.  5
-				 * minutes should be a fair amount of time to wait.
-				 * Please note that this procedure is important since
-				 * the father must not exit before syslogd isn't
-				 * initialized or the klogd won't be able to flush its
-				 * logs.  -Joey
+				dbgprintf("parent process going to sleep for 60 secs\n");
+				sleep(60);
+				/* Not reached unless something major went wrong.  1
+				 * minute should be a fair amount of time to wait.
+				 * The parent should not exit before rsyslogd is 
+				 * properly initilized (at least almost) or the init
+				 * system may get a wrong impression of our readyness.
+				 * Note that we exit before being completely initialized,
+				 * but at this point it is very, very unlikely that something
+				 * bad can happen. We do this here, because otherwise we would
+				 * need to have much more code to handle priv drop (which we
+				 * don't consider worth for the init system, especially as it
+				 * is going away on the majority of distros).
 				 */
 				exit(1); /* "good" exit - after forking, not diasabling anything */
 			}
@@ -1724,6 +1729,7 @@ doGlblProcessInit(void)
 			close(0);
 			/* we keep stdout and stderr open in case we have to emit something */
 			i = 3;
+			dbgprintf("in child, finalizing initialization\n");
 
 			/* if (sd_booted()) */ {
 				const char *e;
@@ -1757,7 +1763,8 @@ doGlblProcessInit(void)
 					i = SD_LISTEN_FDS_START + sd_fds;
 			}
 			for ( ; i < num_fds; i++)
-				(void) close(i);
+				if(i != dbgGetDbglogFd())
+					close(i);
 
 			untty();
 		} else {
@@ -1968,7 +1975,7 @@ int realMain(int argc, char **argv)
 			fprintf(stderr, "rsyslogd: error -m is no longer supported - use immark instead");
 			break;
 		case 'n':		/* don't fork */
-			NoFork = 1;
+			doFork = 0;
 			break;
 		case 'N':		/* enable config verify mode */
 			iConfigVerify = atoi(arg);
@@ -2066,17 +2073,18 @@ int realMain(int argc, char **argv)
 	if(!iConfigVerify)
 		CHKiRet(doGlblProcessInit());
 
+	/* Send a signal to the parent so it can terminate.  */
+	if(myPid != ppid) {
+		dbgprintf("signaling parent to terminate\n");
+		kill(ppid, SIGTERM);
+	}
+
 	CHKiRet(init());
 
 	if(Debug && debugging_on) {
 		dbgprintf("Debugging enabled, SIGUSR1 to turn off debugging.\n");
 	}
 
-	/* Send a signal to the parent so it can terminate.  */
-	if(myPid != ppid)
-		kill(ppid, SIGTERM);
-
-
 	/* END OF INTIALIZATION */
 	DBGPRINTF("initialization completed, transitioning to regular run mode\n");
 
@@ -2087,7 +2095,7 @@ int realMain(int argc, char **argv)
 	 * is still in its infancy (and not really done), we currently accept this issue.
 	 * rgerhards, 2009-06-29
 	 */
-	if(!(Debug == DEBUG_FULL || NoFork)) {
+	if(!doFork) {
 		close(1);
 		close(2);
 		ourConf->globals.bErrMsgToStderr = 0;
-- 
cgit v1.2.3


From b097e889a14de1341262e53c70451f67bbe077ab Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 15 Mar 2013 16:59:40 +0100
Subject: bugfix: segfault in expression optimizer

closes: http://bugzilla.adiscon.com/show_bug.cgi?id=423
---
 ChangeLog              | 2 ++
 grammar/rainerscript.c | 8 ++++----
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 29cd533c..ddfed3b8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,8 @@ Version 7.3.8  [devel] 2013-03-??
 - imrelp: now supports listening to IPv4/v6 only instead of always both
   build now requires librelp 1.0.2
   closes: http://bugzilla.adiscon.com/show_bug.cgi?id=378
+- bugfix: segfault in expression optimizer
+  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=423
 - bugfix: imuxsock was missing SysSock.ParseTrusted module parameter
   To use that functionality, legacy rsyslog.conf syntax had to be used.
   Also, the doc was missing information on the "ParseTrusted" set of
diff --git a/grammar/rainerscript.c b/grammar/rainerscript.c
index 7ef7bf7f..8a9c9aaa 100644
--- a/grammar/rainerscript.c
+++ b/grammar/rainerscript.c
@@ -2635,7 +2635,7 @@ cnfexprOptimize_CMP_severity_facility(struct cnfexpr *expr)
 
 /* optimize a comparison with a variable as left-hand operand
  * NOTE: Currently support CMP_EQ, CMP_NE only and code NEEDS 
- *       TO BE CHANGED for other comparisons!
+ *       TO BE CHANGED fgr other comparisons!
  */
 static inline struct cnfexpr*
 cnfexprOptimize_CMP_var(struct cnfexpr *expr)
@@ -2790,10 +2790,10 @@ cnfexprOptimize(struct cnfexpr *expr)
 				expr->l = expr->r;
 				expr->r = exprswap;
 			}
-		} else if(expr->l->nodetype == 'V') {
-			expr = cnfexprOptimize_CMP_var(expr);
 		}
-		if(expr->r->nodetype == 'A') {
+		if(expr->l->nodetype == 'V') {
+			expr = cnfexprOptimize_CMP_var(expr);
+		} else if(expr->r->nodetype == 'A') {
 			cnfexprOptimize_CMPEQ_arr((struct cnfarray *)expr->r);
 		}
 		break;
-- 
cgit v1.2.3


From d2467c38d42f590deecd807741324fc0e5522a8a Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Sun, 17 Mar 2013 13:06:02 +0100
Subject: logsig: milestone/verfier: record hashes are verified

---
 runtime/librsgt.c      |   6 +--
 runtime/librsgt.h      |  33 +++++++++++++
 runtime/librsgt_read.c | 126 +++++++++++++++++++++++++++++++++++++++++++++++++
 runtime/lmsig_gt.c     |  12 ++++-
 tools/rsgtutil.c       |  95 ++++++++++++++++++++++++++++++++++++-
 5 files changed, 266 insertions(+), 6 deletions(-)

diff --git a/runtime/librsgt.c b/runtime/librsgt.c
index 83a2fe05..e49011f4 100644
--- a/runtime/librsgt.c
+++ b/runtime/librsgt.c
@@ -514,7 +514,7 @@ bufAddLevel(uchar *buf, size_t *len, uint8_t level)
 }
 
 
-static void
+void
 hash_m(gtfile gf, GTDataHash **m)
 {
 #warning Overall: check GT API return states!
@@ -527,7 +527,7 @@ hash_m(gtfile gf, GTDataHash **m)
 	GTDataHash_create(gf->hashAlg, concatBuf, len, m);
 }
 
-static inline void
+void
 hash_r(gtfile gf, GTDataHash **r, const uchar *rec, const size_t len)
 {
 	// r = hash(canonicalize(rec));
@@ -535,7 +535,7 @@ hash_r(gtfile gf, GTDataHash **r, const uchar *rec, const size_t len)
 }
 
 
-static void
+void
 hash_node(gtfile gf, GTDataHash **node, GTDataHash *m, GTDataHash *r,
           uint8_t level)
 {
diff --git a/runtime/librsgt.h b/runtime/librsgt.h
index d9d221ea..35ee96b5 100644
--- a/runtime/librsgt.h
+++ b/runtime/librsgt.h
@@ -120,6 +120,12 @@ struct rsgtstatefile {
                                given in block-sig record */
 #define RSGTE_INVLHDR 8/* invalid file header */
 #define RSGTE_EOF 9 	/* specific EOF */
+#define RSGTE_MISS_REC_HASH 10 /* record hash missing when expected */
+#define RSGTE_MISS_TREE_HASH 11 /* tree hash missing when expected */
+#define RSGTE_INVLD_REC_HASH 12 /* invalid record hash (failed verification) */
+#define RSGTE_INVLD_TREE_HASH 13 /* invalid tree hash (failed verification) */
+#define RSGTE_INVLD_REC_HASHID 14 /* invalid record hash ID (failed verification) */
+#define RSGTE_INVLD_TREE_HASHID 15 /* invalid tree hash ID (failed verification) */
 
 
 static inline uint16_t
@@ -180,6 +186,26 @@ hashAlgName(uint8_t hashID)
 	default:return "[unknown]";
 	}
 }
+static inline enum GTHashAlgorithm
+hashID2Alg(uint8_t hashID)
+{
+	switch(hashID) {
+	case 0x00:
+		return GT_HASHALG_SHA1;
+	case 0x02:
+		return GT_HASHALG_RIPEMD160;
+	case 0x03:
+		return GT_HASHALG_SHA224;
+	case 0x01:
+		return GT_HASHALG_SHA256;
+	case 0x04:
+		return GT_HASHALG_SHA384;
+	case 0x05:
+		return GT_HASHALG_SHA512;
+	default:
+		return 0xff;
+	}
+}
 static inline char *
 sigTypeName(uint8_t sigID)
 {
@@ -233,5 +259,12 @@ void rsgt_tlvprint(FILE *fp, uint16_t tlvtype, void *obj, uint8_t verbose);
 void rsgt_printBLOCK_SIG(FILE *fp, block_sig_t *bs, uint8_t verbose);
 int rsgt_getBlockParams(FILE *fp, uint8_t bRewind, block_sig_t **bs, uint8_t *bHasRecHashes, uint8_t *bHasIntermedHashes);
 int rsgt_chkFileHdr(FILE *fp, char *expect);
+gtfile rsgt_vrfyConstruct_gf(void);
+void rsgt_vrfyBlkInit(gtfile gf, block_sig_t *bs, uint8_t bHasRecHashes, uint8_t bHasIntermedHashes);
+int rsgt_vrfy_nextRec(block_sig_t *bs, gtfile gf, FILE *sigfp, unsigned char *rec, size_t lenRec);
 
+/* TODO: replace these? */
+void hash_m(gtfile gf, GTDataHash **m);
+void hash_r(gtfile gf, GTDataHash **r, const unsigned char *rec, const size_t len);
+void hash_node(gtfile gf, GTDataHash **node, GTDataHash *m, GTDataHash *r, uint8_t level);
 #endif  /* #ifndef INCLUDED_LIBRSGT_H */
diff --git a/runtime/librsgt_read.c b/runtime/librsgt_read.c
index 961e50c5..ca52cb93 100644
--- a/runtime/librsgt_read.c
+++ b/runtime/librsgt_read.c
@@ -277,6 +277,22 @@ rsgt_tlvrdIMPRINT(FILE *fp, imprint_t **imprint, uint16_t tlvlen)
 done:	return r;
 }
 
+static int
+rsgt_tlvrdRecHash(FILE *fp, imprint_t **imp)
+{
+	int r;
+	uint16_t tlvtype, tlvlen;
+
+	if((r = rsgt_tlvrdTL(fp, &tlvtype, &tlvlen)) != 0) goto done;
+printf("read tlvtype %4.4x\n", tlvtype);
+	if(tlvtype != 0x0900) {
+		r = RSGTE_MISS_REC_HASH;
+		goto done;
+	}
+	if((r = rsgt_tlvrdIMPRINT(fp, imp, tlvlen)) != 0) goto done;
+	r = 0;
+done:	return r;
+}
 
 /**;
  * Read the next "object" from file. This usually is
@@ -528,3 +544,113 @@ rsgt_chkFileHdr(FILE *fp, char *expect)
 done:
 	return r;
 }
+
+gtfile
+rsgt_vrfyConstruct_gf(void)
+{
+	gtfile gf;
+	if((gf = calloc(1, sizeof(struct gtfile_s))) == NULL)
+		goto done;
+	gf->x_prev = NULL;
+
+done:	return gf;
+}
+
+void
+rsgt_vrfyBlkInit(gtfile gf, block_sig_t *bs, uint8_t bHasRecHashes, uint8_t bHasIntermedHashes)
+{
+printf("bs->hashID %d\n", bs->hashID);
+	gf->hashAlg = hashID2Alg(bs->hashID);
+	gf->bKeepRecordHashes = bHasRecHashes;
+	gf->bKeepTreeHashes = bHasIntermedHashes;
+	free(gf->IV);
+	gf->IV = malloc(getIVLen(bs));
+	memcpy(gf->IV, bs->iv, getIVLen(bs));
+}
+
+static int
+rsgt_vrfy_chkRecHash(gtfile gf, FILE *sigfp, GTDataHash *recHash)
+{
+	int r = 0;
+	imprint_t *imp;
+
+	if(!gf->bKeepRecordHashes)
+		goto done;
+	if((r = rsgt_tlvrdRecHash(sigfp, &imp)) != 0)
+		goto done;
+	if(imp->hashID != hashIdentifier(gf->hashAlg)) {
+		r = RSGTE_INVLD_REC_HASHID;
+		goto done;
+	}
+printf("imp hash:");
+outputHexBlob(stdout, imp->data, hashOutputLengthOctets(imp->hashID), 1);
+printf("\nrec hash:");
+outputHexBlob(stdout, recHash->digest, hashOutputLengthOctets(imp->hashID), 1);
+printf("\n");
+	if(memcmp(imp->data, recHash->digest,
+		  hashOutputLengthOctets(imp->hashID))) {
+		r = RSGTE_INVLD_REC_HASH;
+		goto done;
+	}
+printf("record hash is OK\n");
+	r = 0;
+done:
+	return r;
+}
+
+int
+rsgt_vrfy_nextRec(block_sig_t *bs, gtfile gf, FILE *sigfp, unsigned char *rec,
+	size_t len)
+{
+	int r = 0;
+	GTDataHash *x; /* current hash */
+	GTDataHash *m, *recHash, *t;
+	uint8_t j;
+
+printf("hasRecHash %d, verify: %s", gf->bKeepRecordHashes, rec);
+	hash_m(gf, &m);
+	hash_r(gf, &recHash, rec, len);
+	if(gf->bKeepRecordHashes) {
+		r = rsgt_vrfy_chkRecHash(gf, sigfp, recHash);
+		if(r != 0) goto done;
+	}
+	hash_node(gf, &x, m, recHash, 1); /* hash leaf */
+	/* persists x here if Merkle tree needs to be persisted! */
+	//if(gf->bKeepTreeHashes)
+		//tlvWriteHash(gf, 0x0901, x);
+	/* add x to the forest as new leaf, update roots list */
+	t = x;
+	for(j = 0 ; j < gf->nRoots ; ++j) {
+		if(gf->roots_valid[j] == 0) {
+			gf->roots_hash[j] = t;
+			gf->roots_valid[j] = 1;
+			t = NULL;
+			break;
+		} else if(t != NULL) {
+			/* hash interim node */
+			hash_node(gf, &t, gf->roots_hash[j], t, j+2);
+			gf->roots_valid[j] = 0;
+			GTDataHash_free(gf->roots_hash[j]);
+			// TODO: check if this is correct location (paper!)
+			//if(gf->bKeepTreeHashes)
+				//tlvWriteHash(gf, 0x0901, t);
+		}
+	}
+	if(t != NULL) {
+		/* new level, append "at the top" */
+		gf->roots_hash[gf->nRoots] = t;
+		gf->roots_valid[gf->nRoots] = 1;
+		++gf->nRoots;
+		assert(gf->nRoots < MAX_ROOTS);
+		t = NULL;
+	}
+	gf->x_prev = x; /* single var may be sufficient */
+	++gf->nRecords;
+
+	/* cleanup */
+	/* note: x is freed later as part of roots cleanup */
+	GTDataHash_free(m);
+	GTDataHash_free(recHash);
+done:
+	return r;
+}
diff --git a/runtime/lmsig_gt.c b/runtime/lmsig_gt.c
index 021cd9f8..54a795a1 100644
--- a/runtime/lmsig_gt.c
+++ b/runtime/lmsig_gt.c
@@ -130,12 +130,20 @@ dbgprintf("DDDD: onFileOpen: %s\n", fn);
 	RETiRet;
 }
 
+/* Note: we assume that the record is terminated by a \n.
+ * As of the GuardTime paper, \n is not part of the signed
+ * message, so we subtract one from the record size. This
+ * may cause issues with non-standard formats, but let's 
+ * see how things evolve (the verifier will not work in
+ * any case when the records are not \n delimited...).
+ * rgerhards, 2013-03-17
+ */
 static rsRetVal
 OnRecordWrite(void *pF, uchar *rec, rs_size_t lenRec)
 {
 	DEFiRet;
-dbgprintf("DDDD: onRecordWrite (%d): %s\n", lenRec, rec);
-	sigblkAddRecord(pF, rec, lenRec);
+dbgprintf("DDDD: onRecordWrite (%d): %s\n", lenRec-1, rec);
+	sigblkAddRecord(pF, rec, lenRec-1);
 
 	RETiRet;
 }
diff --git a/tools/rsgtutil.c b/tools/rsgtutil.c
index 3286163b..d94a63cd 100644
--- a/tools/rsgtutil.c
+++ b/tools/rsgtutil.c
@@ -34,7 +34,8 @@
 
 typedef unsigned char uchar;
 
-static enum { MD_DUMP, MD_DETECT_FILE_TYPE, MD_SHOW_SIGBLK_PARAMS
+static enum { MD_DUMP, MD_DETECT_FILE_TYPE, MD_SHOW_SIGBLK_PARAMS,
+              MD_VERIFY
 } mode = MD_DUMP;
 static int verbose = 0;
 
@@ -143,6 +144,91 @@ detectFileType(char *name)
 err:	fprintf(stderr, "error %d processing file %s\n", r, name);
 }
 
+static inline int
+doVerifyRec(FILE *logfp, FILE *sigfp, block_sig_t *bs, gtfile gf)
+{
+	int r;
+	size_t lenRec;
+	char rec[128*1024];
+
+	fgets(rec, sizeof(rec), logfp);
+	lenRec = strlen(rec);
+	if(rec[lenRec-1] == '\n')
+		--lenRec;
+
+	r = rsgt_vrfy_nextRec(bs, gf, sigfp, (unsigned char*)rec, lenRec);
+	return r;
+}
+
+/* note: here we need to have the LOG file name, not signature! */
+static void
+verify(char *name)
+{
+	FILE *logfp = NULL, *sigfp = NULL;
+	block_sig_t *bs;
+	gtfile gf;
+	uint8_t bHasRecHashes, bHasIntermedHashes;
+	uint8_t bInBlock;
+	int r = 0;
+	uint64_t nRecs;
+	char sigfname[4096];
+	
+	if(!strcmp(name, "-")) {
+		fprintf(stderr, "verify mode cannot work on stdin\n");
+		goto err;
+	} else {
+		snprintf(sigfname, sizeof(sigfname), "%s.gtsig", name);
+		sigfname[sizeof(sigfname)-1] = '\0';
+		if((logfp = fopen(name, "r")) == NULL) {
+			perror(name);
+			goto err;
+		}
+		if((sigfp = fopen(sigfname, "r")) == NULL) {
+			perror(name);
+			goto err;
+		}
+	}
+	if((r = rsgt_chkFileHdr(sigfp, "LOGSIG10")) != 0) goto err;
+
+	gf = rsgt_vrfyConstruct_gf();
+	if(gf == NULL) {
+		fprintf(stderr, "error initializing signature file structure\n");
+		goto err;
+	}
+
+	bInBlock = 0;
+
+	while(!feof(logfp)) {
+		if(bInBlock == 0) {
+			if((r = rsgt_getBlockParams(sigfp, 1, &bs, &bHasRecHashes,
+							&bHasIntermedHashes)) != 0)
+				goto err;
+			rsgt_vrfyBlkInit(gf, bs, bHasRecHashes,
+						bHasIntermedHashes);
+			nRecs = 0;
+			bInBlock = 1;
+		}
+		++nRecs;
+		if((r = doVerifyRec(logfp, sigfp, bs, gf)) != 0)
+			goto err;
+		if(nRecs == bs->recCount) {
+		//	verifyBLOCK_SIG(bs, gf);
+			bInBlock = 0;
+		}
+	}
+
+	fclose(logfp);
+	fclose(sigfp);
+	return;
+err:
+	if(logfp != NULL)
+		fclose(logfp);
+	if(sigfp != NULL)
+		fclose(sigfp);
+	if(r != RSGTE_EOF)
+		fprintf(stderr, "error %d processing file %s [%s]\n", r, name, sigfname);
+}
+
 static void
 processFile(char *name)
 {
@@ -156,6 +242,9 @@ processFile(char *name)
 	case MD_SHOW_SIGBLK_PARAMS:
 		showSigblkParams(name);
 		break;
+	case MD_VERIFY:
+		verify(name);
+		break;
 	}
 }
 
@@ -167,6 +256,7 @@ static struct option long_options[] =
 	{"version", no_argument, NULL, 'V'},
 	{"detect-file-type", no_argument, NULL, 'T'},
 	{"show-sigblock-params", no_argument, NULL, 'B'},
+	{"verify", no_argument, NULL, 't'}, /* 't' as in "test signatures" */
 	{NULL, 0, NULL, 0} 
 }; 
 
@@ -196,6 +286,9 @@ main(int argc, char *argv[])
 		case 'T':
 			mode = MD_DETECT_FILE_TYPE;
 			break;
+		case 't':
+			mode = MD_VERIFY;
+			break;
 		case '?':
 			break;
 		default:fprintf(stderr, "getopt_long() returns unknown value %d\n", opt);
-- 
cgit v1.2.3


From 03901766c7f452c637ac57ec526b98895da510d5 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Sun, 17 Mar 2013 14:29:17 +0100
Subject: logsig: milestone/verfier: tree hashes are verified; ALSO a bugfix

bugfix: the initial vector was used incorrectly during hash computation.
---
 runtime/librsgt.c      |  2 +-
 runtime/librsgt_read.c | 74 ++++++++++++++++++++++++++++++++++++++++----------
 tools/rsgtutil.c       |  6 +++-
 3 files changed, 66 insertions(+), 16 deletions(-)

diff --git a/runtime/librsgt.c b/runtime/librsgt.c
index e49011f4..92b0d412 100644
--- a/runtime/librsgt.c
+++ b/runtime/librsgt.c
@@ -483,7 +483,7 @@ sigblkInit(gtfile gf)
 static inline void
 bufAddIV(gtfile gf, uchar *buf, size_t *len)
 {
-	memcpy(buf+*len, &gf->IV, sizeof(gf->IV));
+	memcpy(buf+*len, gf->IV, hashOutputLengthOctets(gf->hashAlg));
 	*len += sizeof(gf->IV);
 }
 
diff --git a/runtime/librsgt_read.c b/runtime/librsgt_read.c
index ca52cb93..8dc6f811 100644
--- a/runtime/librsgt_read.c
+++ b/runtime/librsgt_read.c
@@ -294,6 +294,23 @@ printf("read tlvtype %4.4x\n", tlvtype);
 done:	return r;
 }
 
+static int
+rsgt_tlvrdTreeHash(FILE *fp, imprint_t **imp)
+{
+	int r;
+	uint16_t tlvtype, tlvlen;
+
+	if((r = rsgt_tlvrdTL(fp, &tlvtype, &tlvlen)) != 0) goto done;
+printf("read tlvtype %4.4x\n", tlvtype);
+	if(tlvtype != 0x0901) {
+		r = RSGTE_MISS_TREE_HASH;
+		goto done;
+	}
+	if((r = rsgt_tlvrdIMPRINT(fp, imp, tlvlen)) != 0) goto done;
+	r = 0;
+done:	return r;
+}
+
 /**;
  * Read the next "object" from file. This usually is
  * a single TLV, but may be something larger, for
@@ -350,7 +367,7 @@ outputHexBlob(FILE *fp, uint8_t *blob, uint16_t len, uint8_t verbose)
 	} else {
 		fprintf(fp, "%2.2x%2.2x[...]%2.2x%2.2x",
 			blob[0], blob[1],
-			blob[len-2], blob[len-2]);
+			blob[len-2], blob[len-1]);
 	}
 }
 
@@ -559,13 +576,16 @@ done:	return gf;
 void
 rsgt_vrfyBlkInit(gtfile gf, block_sig_t *bs, uint8_t bHasRecHashes, uint8_t bHasIntermedHashes)
 {
-printf("bs->hashID %d\n", bs->hashID);
 	gf->hashAlg = hashID2Alg(bs->hashID);
 	gf->bKeepRecordHashes = bHasRecHashes;
 	gf->bKeepTreeHashes = bHasIntermedHashes;
 	free(gf->IV);
 	gf->IV = malloc(getIVLen(bs));
 	memcpy(gf->IV, bs->iv, getIVLen(bs));
+	free(gf->blkStrtHash);
+	gf->lenBlkStrtHash = bs->lastHash.len;
+	gf->blkStrtHash = malloc(gf->lenBlkStrtHash);
+	memcpy(gf->blkStrtHash, bs->lastHash.data, gf->lenBlkStrtHash);
 }
 
 static int
@@ -574,30 +594,52 @@ rsgt_vrfy_chkRecHash(gtfile gf, FILE *sigfp, GTDataHash *recHash)
 	int r = 0;
 	imprint_t *imp;
 
-	if(!gf->bKeepRecordHashes)
-		goto done;
 	if((r = rsgt_tlvrdRecHash(sigfp, &imp)) != 0)
 		goto done;
 	if(imp->hashID != hashIdentifier(gf->hashAlg)) {
 		r = RSGTE_INVLD_REC_HASHID;
 		goto done;
 	}
-printf("imp hash:");
-outputHexBlob(stdout, imp->data, hashOutputLengthOctets(imp->hashID), 1);
-printf("\nrec hash:");
-outputHexBlob(stdout, recHash->digest, hashOutputLengthOctets(imp->hashID), 1);
-printf("\n");
 	if(memcmp(imp->data, recHash->digest,
 		  hashOutputLengthOctets(imp->hashID))) {
 		r = RSGTE_INVLD_REC_HASH;
 		goto done;
 	}
-printf("record hash is OK\n");
 	r = 0;
 done:
 	return r;
 }
 
+static int
+rsgt_vrfy_chkTreeHash(gtfile gf, FILE *sigfp, GTDataHash *hash)
+{
+	int r = 0;
+	imprint_t *imp;
+
+	if((r = rsgt_tlvrdTreeHash(sigfp, &imp)) != 0)
+		goto done;
+	if(imp->hashID != hashIdentifier(gf->hashAlg)) {
+		r = RSGTE_INVLD_TREE_HASHID;
+		goto done;
+	}
+//printf("imp  hash:");
+//outputHexBlob(stdout, imp->data, hashOutputLengthOctets(imp->hashID), 1);
+//printf("\ntree hash:");
+//outputHexBlob(stdout, hash->digest, hashOutputLengthOctets(imp->hashID), 1);
+//printf("\nlenBlkStrtHAsh %d\nblkstrt hash:", gf->lenBlkStrtHash);
+//outputHexBlob(stdout, gf->blkStrtHash, gf->lenBlkStrtHash, 1);
+//printf("\n");
+	if(memcmp(imp->data, hash->digest,
+		  hashOutputLengthOctets(imp->hashID))) {
+		r = RSGTE_INVLD_TREE_HASH;
+		goto done;
+	}
+	r = 0;
+printf("Tree hash OK\n");
+done:
+	return r;
+}
+
 int
 rsgt_vrfy_nextRec(block_sig_t *bs, gtfile gf, FILE *sigfp, unsigned char *rec,
 	size_t len)
@@ -616,8 +658,10 @@ printf("hasRecHash %d, verify: %s", gf->bKeepRecordHashes, rec);
 	}
 	hash_node(gf, &x, m, recHash, 1); /* hash leaf */
 	/* persists x here if Merkle tree needs to be persisted! */
-	//if(gf->bKeepTreeHashes)
-		//tlvWriteHash(gf, 0x0901, x);
+	if(gf->bKeepTreeHashes) {
+		r = rsgt_vrfy_chkTreeHash(gf, sigfp, x);
+		if(r != 0) goto done;
+	}
 	/* add x to the forest as new leaf, update roots list */
 	t = x;
 	for(j = 0 ; j < gf->nRoots ; ++j) {
@@ -632,8 +676,10 @@ printf("hasRecHash %d, verify: %s", gf->bKeepRecordHashes, rec);
 			gf->roots_valid[j] = 0;
 			GTDataHash_free(gf->roots_hash[j]);
 			// TODO: check if this is correct location (paper!)
-			//if(gf->bKeepTreeHashes)
-				//tlvWriteHash(gf, 0x0901, t);
+			if(gf->bKeepTreeHashes) {
+				r = rsgt_vrfy_chkTreeHash(gf, sigfp, t);
+				if(r != 0) goto done;
+			}
 		}
 	}
 	if(t != NULL) {
diff --git a/tools/rsgtutil.c b/tools/rsgtutil.c
index d94a63cd..d4c58d2d 100644
--- a/tools/rsgtutil.c
+++ b/tools/rsgtutil.c
@@ -151,12 +151,16 @@ doVerifyRec(FILE *logfp, FILE *sigfp, block_sig_t *bs, gtfile gf)
 	size_t lenRec;
 	char rec[128*1024];
 
-	fgets(rec, sizeof(rec), logfp);
+	if(fgets(rec, sizeof(rec), logfp) == NULL) {
+		r = feof(logfp) ? RSGTE_EOF : RSGTE_IO;
+		goto done;
+	}
 	lenRec = strlen(rec);
 	if(rec[lenRec-1] == '\n')
 		--lenRec;
 
 	r = rsgt_vrfy_nextRec(bs, gf, sigfp, (unsigned char*)rec, lenRec);
+done:
 	return r;
 }
 
-- 
cgit v1.2.3


From b09d37063fc155ff5ec38430c679da5be5de0dcc Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Sun, 17 Mar 2013 15:46:24 +0100
Subject: logsig: milestone/verfier: block timestamp verification almost
 complete

unfortunately, there seems to be a problem with the GuardTime API, so
that I need their support before being able to carry on. Once I
receive it, it should be fairly quick to complete the function. I am
commiting this work as I do not know how long it will take to receive
an answer.
---
 runtime/librsgt.h      |   3 ++
 runtime/librsgt_read.c | 109 ++++++++++++++++++++++++++++++++++++++++++++++++-
 tools/rsgtutil.c       |   2 +-
 3 files changed, 112 insertions(+), 2 deletions(-)

diff --git a/runtime/librsgt.h b/runtime/librsgt.h
index 35ee96b5..26eaf8ee 100644
--- a/runtime/librsgt.h
+++ b/runtime/librsgt.h
@@ -126,6 +126,8 @@ struct rsgtstatefile {
 #define RSGTE_INVLD_TREE_HASH 13 /* invalid tree hash (failed verification) */
 #define RSGTE_INVLD_REC_HASHID 14 /* invalid record hash ID (failed verification) */
 #define RSGTE_INVLD_TREE_HASHID 15 /* invalid tree hash ID (failed verification) */
+#define RSGTE_MISS_BLOCKSIG 16 /* block signature record missing when expected */
+#define RSGTE_INVLD_TIMESTAMP 17 /* RFC3161 timestamp is invalid */
 
 
 static inline uint16_t
@@ -262,6 +264,7 @@ int rsgt_chkFileHdr(FILE *fp, char *expect);
 gtfile rsgt_vrfyConstruct_gf(void);
 void rsgt_vrfyBlkInit(gtfile gf, block_sig_t *bs, uint8_t bHasRecHashes, uint8_t bHasIntermedHashes);
 int rsgt_vrfy_nextRec(block_sig_t *bs, gtfile gf, FILE *sigfp, unsigned char *rec, size_t lenRec);
+int verifyBLOCK_SIG(block_sig_t *bs, gtfile gf, FILE *sigfp, uint64_t nRecs);
 
 /* TODO: replace these? */
 void hash_m(gtfile gf, GTDataHash **m);
diff --git a/runtime/librsgt_read.c b/runtime/librsgt_read.c
index 8dc6f811..0cc5f492 100644
--- a/runtime/librsgt_read.c
+++ b/runtime/librsgt_read.c
@@ -311,6 +311,24 @@ printf("read tlvtype %4.4x\n", tlvtype);
 done:	return r;
 }
 
+/* read BLOCK_SIG during verification phase */
+static int
+rsgt_tlvrdVrfyBlockSig(FILE *fp, block_sig_t **bs)
+{
+	int r;
+	uint16_t tlvtype, tlvlen;
+
+	if((r = rsgt_tlvrdTL(fp, &tlvtype, &tlvlen)) != 0) goto done;
+printf("read tlvtype %4.4x\n", tlvtype);
+	if(tlvtype != 0x0902) {
+		r = RSGTE_MISS_BLOCKSIG;
+		goto done;
+	}
+	if((r = rsgt_tlvrdBLOCK_SIG(fp, bs, tlvlen)) != 0) goto done;
+	r = 0;
+done:	return r;
+}
+
 /**;
  * Read the next "object" from file. This usually is
  * a single TLV, but may be something larger, for
@@ -649,7 +667,6 @@ rsgt_vrfy_nextRec(block_sig_t *bs, gtfile gf, FILE *sigfp, unsigned char *rec,
 	GTDataHash *m, *recHash, *t;
 	uint8_t j;
 
-printf("hasRecHash %d, verify: %s", gf->bKeepRecordHashes, rec);
 	hash_m(gf, &m);
 	hash_r(gf, &recHash, rec, len);
 	if(gf->bKeepRecordHashes) {
@@ -700,3 +717,93 @@ printf("hasRecHash %d, verify: %s", gf->bKeepRecordHashes, rec);
 done:
 	return r;
 }
+
+
+static int
+verifyTimestamp(gtfile gf, GTDataHash *root)
+{
+	int r = 0;
+	printf("in verifyTimestamp\n");
+	return r;
+}
+
+
+/* TODO: think about merging this with the writer. The
+ * same applies to the other computation algos.
+ */
+static int
+verifySigblkFinish(gtfile gf)
+{
+	GTDataHash *root, *rootDel;
+	int8_t j;
+	int r;
+
+	if(gf->nRecords == 0)
+		goto done;
+
+	root = NULL;
+	for(j = 0 ; j < gf->nRoots ; ++j) {
+		if(root == NULL) {
+			root = gf->roots_hash[j];
+			gf->roots_valid[j] = 0; /* guess this is redundant with init, maybe del */
+		} else if(gf->roots_valid[j]) {
+			rootDel = root;
+			hash_node(gf, &root, gf->roots_hash[j], root, j+2);
+			gf->roots_valid[j] = 0; /* guess this is redundant with init, maybe del */
+			GTDataHash_free(rootDel);
+		}
+	}
+	r = verifyTimestamp(gf, root);
+
+	free(gf->blkStrtHash);
+	gf->blkStrtHash = NULL;
+	// We do not need the following as we take this from the block params
+	// (but I leave it in in order to aid getting to common code)
+	//gf->lenBlkStrtHash = gf->x_prev->digest_length;
+	//gf->blkStrtHash = malloc(gf->lenBlkStrtHash);
+	//memcpy(gf->blkStrtHash, gf->x_prev->digest, gf->lenBlkStrtHash);
+done:
+	gf->bInBlk = 0;
+	return r;
+}
+
+/* verify the root hash. This also means we need to compute the
+ * Merkle tree root for the current block.
+ */
+int
+verifyBLOCK_SIG(block_sig_t *bs, gtfile gf, FILE *sigfp, uint64_t nRecs)
+{
+	int r;
+	int gtstate;
+	block_sig_t *file_bs;
+	GTTimestamp *timestamp = NULL;
+	GTVerificationInfo *vrfyInf;
+	
+	if((r = verifySigblkFinish(gf)) != 0)
+		goto done;
+	if((r = rsgt_tlvrdVrfyBlockSig(sigfp, &file_bs)) != 0)
+		goto done;
+printf("got sig block, now doing checks \n");
+	if(nRecs != bs->recCount) {
+		r = RSGTE_INVLD_RECCNT;
+		goto done;
+	}
+
+printf("len DER timestamp: %d, data %p\n", (int) file_bs->sig.der.len, file_bs->sig.der.data);
+	gtstate = GTTimestamp_DERDecode(file_bs->sig.der.data,
+					file_bs->sig.der.len, &timestamp);
+printf("result of GTTimestamp_DERDecode: %d\n", gtstate);
+	gtstate = GTTimestamp_verify(timestamp, 1, &vrfyInf);
+printf("result of GTTimestamp_verify: %d, verf_err %d\n", gtstate, vrfyInf->verification_errors );
+	if(! (gtstate == GT_OK
+	      && vrfyInf->verification_errors == GT_NO_FAILURES) ) {
+		r = RSGTE_INVLD_TIMESTAMP; goto done;
+	}
+
+printf("root timestamp OK\n");
+	r = 0;
+done:
+	if(timestamp != NULL)
+		GTTimestamp_free(timestamp);
+	return r;
+}
diff --git a/tools/rsgtutil.c b/tools/rsgtutil.c
index d4c58d2d..cc045f8c 100644
--- a/tools/rsgtutil.c
+++ b/tools/rsgtutil.c
@@ -216,7 +216,7 @@ verify(char *name)
 		if((r = doVerifyRec(logfp, sigfp, bs, gf)) != 0)
 			goto err;
 		if(nRecs == bs->recCount) {
-		//	verifyBLOCK_SIG(bs, gf);
+			verifyBLOCK_SIG(bs, gf, sigfp, nRecs);
 			bInBlock = 0;
 		}
 	}
-- 
cgit v1.2.3


From ff192e5b3cea37863d3a080ad993ad3233a852b6 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Mon, 18 Mar 2013 11:47:14 +0100
Subject: bugfix: mmanon did not build on some platforms (e.g. Ubuntu)

---
 ChangeLog               | 3 ++-
 plugins/mmanon/mmanon.c | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index ddfed3b8..fae64d13 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,8 +1,9 @@
 ---------------------------------------------------------------------------
-Version 7.3.8  [devel] 2013-03-??
+Version 7.3.8  [devel] 2013-03-18
 - imrelp: now supports listening to IPv4/v6 only instead of always both
   build now requires librelp 1.0.2
   closes: http://bugzilla.adiscon.com/show_bug.cgi?id=378
+- bugfix: mmanon did not build on some platforms (e.g. Ubuntu)
 - bugfix: segfault in expression optimizer
   closes: http://bugzilla.adiscon.com/show_bug.cgi?id=423
 - bugfix: imuxsock was missing SysSock.ParseTrusted module parameter
diff --git a/plugins/mmanon/mmanon.c b/plugins/mmanon/mmanon.c
index fc0c8a03..a1c99d09 100644
--- a/plugins/mmanon/mmanon.c
+++ b/plugins/mmanon/mmanon.c
@@ -29,6 +29,7 @@
 #include <signal.h>
 #include <errno.h>
 #include <unistd.h>
+#include <stdint.h>
 #include "conf.h"
 #include "syslogd-types.h"
 #include "srUtils.h"
-- 
cgit v1.2.3


From cc69a17b62599dc5c5a6d1320b6f62ca7632226d Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Mon, 18 Mar 2013 11:48:16 +0100
Subject: prepare for 7.3.8 release

---
 configure.ac    | 2 +-
 doc/manual.html | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index 0e398307..7a4af19d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ(2.61)
-AC_INIT([rsyslog],[7.3.7],[rsyslog@lists.adiscon.com])
+AC_INIT([rsyslog],[7.3.8],[rsyslog@lists.adiscon.com])
 AM_INIT_AUTOMAKE
 
 m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
diff --git a/doc/manual.html b/doc/manual.html
index b8461b6d..ca54a04a 100644
--- a/doc/manual.html
+++ b/doc/manual.html
@@ -19,7 +19,7 @@ professional services</a> available directly from the source!</p>
 <p><b>Please visit the <a href="http://www.rsyslog.com/sponsors">rsyslog sponsor's page</a>
 to honor the project sponsors or become one yourself!</b> We are very grateful for any help towards the
 project goals.</p>
-<p><b>This documentation is for version 7.3.7 (devel branch) of rsyslog.</b>
+<p><b>This documentation is for version 7.3.8 (devel branch) of rsyslog.</b>
 Visit the <i><a href="http://www.rsyslog.com/status">rsyslog status page</a></i></b>
 to obtain current version information and project status.
 </p><p><b>If you like rsyslog, you might
-- 
cgit v1.2.3


From 4dce63486fbb197522e11c5644cdf7aef5d7bbbc Mon Sep 17 00:00:00 2001
From: Milan Bartos <mbartos@redhat.com>
Date: Thu, 14 Mar 2013 11:52:21 +0100
Subject: Fix trailing '-' in kernel messages.

	modified:   plugins/imkmsg/kmsg.c
---
 plugins/imkmsg/kmsg.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/plugins/imkmsg/kmsg.c b/plugins/imkmsg/kmsg.c
index b771d68a..c531f941 100644
--- a/plugins/imkmsg/kmsg.c
+++ b/plugins/imkmsg/kmsg.c
@@ -89,6 +89,10 @@ submitSyslog(uchar *buf)
 	for (; isdigit(*buf); buf++) {
 		timestamp += (timestamp * 10) + (*buf - '0');
 	}
+
+	while (*buf != ';') {
+		buf++; /* skip everything till the first ; */
+	} 
 	buf++; /* skip ; */
 
 	/* get message */
-- 
cgit v1.2.3


From 07ddb712ba562480a5492e1c8733b28e3a766d1a Mon Sep 17 00:00:00 2001
From: Milan Bartos <mbartos@redhat.com>
Date: Thu, 14 Mar 2013 11:52:21 +0100
Subject: Fix trailing '-' in kernel messages.

	modified:   plugins/imkmsg/kmsg.c
---
 plugins/imkmsg/kmsg.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/plugins/imkmsg/kmsg.c b/plugins/imkmsg/kmsg.c
index b771d68a..c531f941 100644
--- a/plugins/imkmsg/kmsg.c
+++ b/plugins/imkmsg/kmsg.c
@@ -89,6 +89,10 @@ submitSyslog(uchar *buf)
 	for (; isdigit(*buf); buf++) {
 		timestamp += (timestamp * 10) + (*buf - '0');
 	}
+
+	while (*buf != ';') {
+		buf++; /* skip everything till the first ; */
+	} 
 	buf++; /* skip ; */
 
 	/* get message */
-- 
cgit v1.2.3


From 68fe67afc88a105575e6be256523a67c40ccff39 Mon Sep 17 00:00:00 2001
From: Milan Bartos <mbartos@redhat.com>
Date: Mon, 18 Mar 2013 09:06:33 +0100
Subject: Remove unnecessary strlen() call

	modified:   plugins/imkmsg/kmsg.c
---
 plugins/imkmsg/kmsg.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/imkmsg/kmsg.c b/plugins/imkmsg/kmsg.c
index c531f941..bc91f989 100644
--- a/plugins/imkmsg/kmsg.c
+++ b/plugins/imkmsg/kmsg.c
@@ -107,7 +107,7 @@ submitSyslog(uchar *buf)
 	if (*buf != '\0') /* message has appended properties, skip \n */
 		buf++;
 
-	while (strlen((char *)buf)) {
+	while (*buf) {
 		/* get name of the property */
 		buf++; /* skip ' ' */
 		offs = 0;
-- 
cgit v1.2.3


From 3c0c1aa425c8f1bbaa61cf93724cae8e0bd72fee Mon Sep 17 00:00:00 2001
From: Milan Bartos <mbartos@redhat.com>
Date: Mon, 18 Mar 2013 09:15:32 +0100
Subject: Fix message read buffer size

	modified:   plugins/imkmsg/kmsg.c
---
 plugins/imkmsg/kmsg.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/imkmsg/kmsg.c b/plugins/imkmsg/kmsg.c
index bc91f989..0117b6ba 100644
--- a/plugins/imkmsg/kmsg.c
+++ b/plugins/imkmsg/kmsg.c
@@ -178,14 +178,14 @@ static void
 readkmsg(void)
 {
 	int i;
-	uchar pRcv[8096+1];
+	uchar pRcv[8192+1];
 	char errmsg[2048];
 
 	for (;;) {
 		dbgprintf("imkmsg waiting for kernel log line\n");
 
 		/* every read() from the opened device node receives one record of the printk buffer */
-		i = read(fklog, pRcv, 8096);
+		i = read(fklog, pRcv, 8192);
 
 		if (i > 0) {
 			/* successful read of message of nonzero length */
-- 
cgit v1.2.3


From bc740ffc8009095dd6cec3e3629fcd2283906fcd Mon Sep 17 00:00:00 2001
From: Milan Bartos <mbartos@redhat.com>
Date: Mon, 18 Mar 2013 11:12:46 +0100
Subject: Do not exit when messages get overwritten in the circular buffer

	modified:   plugins/imkmsg/kmsg.c
---
 plugins/imkmsg/kmsg.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/plugins/imkmsg/kmsg.c b/plugins/imkmsg/kmsg.c
index 0117b6ba..f1815f25 100644
--- a/plugins/imkmsg/kmsg.c
+++ b/plugins/imkmsg/kmsg.c
@@ -190,6 +190,10 @@ readkmsg(void)
 		if (i > 0) {
 			/* successful read of message of nonzero length */
 			pRcv[i] = '\0';
+		} else if (i == -EPIPE) {
+			imkmsgLogIntMsg(LOG_WARNING,
+					"imkmsg: some messages in circular buffer got overwritten");
+			continue;
 		} else {
 			/* something went wrong - error or zero length message */
 			if (i < 0 && errno != EINTR && errno != EAGAIN) {
-- 
cgit v1.2.3


From ff261830c65f7d094584dba1f9bce669bd6748d4 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Mon, 18 Mar 2013 12:16:28 +0100
Subject: doc: mention last patches in ChangeLog

---
 ChangeLog | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index b143ae81..9acbbf27 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,11 +1,5 @@
 ----------------------------------------------------------------------------
 Version 7.2.7  [v7-stable] 2013-03-??
-- bugfix: imuxsock was missing SysSock.ParseTrusted module parameter
-  To use that functionality, legacy rsyslog.conf syntax had to be used.
-  Also, the doc was missing information on the "ParseTrusted" set of
-  config directives.
-- doc bugfix: rsyslog.conf man page had invalid file format info
-  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=418
 - rsyslogd startup information is now properly conveyed back to init
   when privileges are beging dropped
   Actually, we have moved termination of the parent in front of the
@@ -16,6 +10,14 @@ Version 7.2.7  [v7-stable] 2013-03-??
 - improved debugging support in forked (auto-backgrounding) mode
   The rsyslog debug log file is now continued to be written across the
   fork.
+- bugfix: several issues in imkmsg
+  see bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=421#c8
+- bugfix: imuxsock was missing SysSock.ParseTrusted module parameter
+  To use that functionality, legacy rsyslog.conf syntax had to be used.
+  Also, the doc was missing information on the "ParseTrusted" set of
+  config directives.
+- doc bugfix: rsyslog.conf man page had invalid file format info
+  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=418
 ----------------------------------------------------------------------------
 Version 7.2.6  [v7-stable] 2013-03-05
 - slightly improved config parser error messages when invalid escapes happen
-- 
cgit v1.2.3


From 0dab9aa0c4f50403436f318e92a65903a956c195 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Mon, 18 Mar 2013 13:57:42 +0100
Subject: fix merge problem

---
 tools/syslogd.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tools/syslogd.c b/tools/syslogd.c
index 66adde48..d4fc1c36 100644
--- a/tools/syslogd.c
+++ b/tools/syslogd.c
@@ -2001,16 +2001,16 @@ int realMain(int argc, char **argv)
 	if(!iConfigVerify)
 		CHKiRet(doGlblProcessInit());
 
+	/* Send a signal to the parent so it can terminate.  */
+	if(glblGetOurPid() != ppid)
+		kill(ppid, SIGTERM);
+
 	CHKiRet(init());
 
 	if(Debug && debugging_on) {
 		dbgprintf("Debugging enabled, SIGUSR1 to turn off debugging.\n");
 	}
 
-	/* Send a signal to the parent so it can terminate.  */
-	if(glblGetOurPid() != ppid)
-		kill(ppid, SIGTERM);
-
 	/* END OF INTIALIZATION */
 	DBGPRINTF("initialization completed, transitioning to regular run mode\n");
 
-- 
cgit v1.2.3


From 1125a60d3fcc5b64e0cc7abe54748b6d6ee2fb28 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Mon, 18 Mar 2013 14:41:11 +0100
Subject: logsig: implement timestamp verification

We now use a higher-level verification function as suggested
by GuardTime.
---
 runtime/librsgt_read.c | 25 +++++++++++--------------
 tools/rsgtutil.c       |  4 ++++
 2 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/runtime/librsgt_read.c b/runtime/librsgt_read.c
index 0cc5f492..11c43775 100644
--- a/runtime/librsgt_read.c
+++ b/runtime/librsgt_read.c
@@ -37,6 +37,7 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
+#include <gt_http.h>
 
 #include "librsgt.h"
 
@@ -719,20 +720,11 @@ done:
 }
 
 
-static int
-verifyTimestamp(gtfile gf, GTDataHash *root)
-{
-	int r = 0;
-	printf("in verifyTimestamp\n");
-	return r;
-}
-
-
 /* TODO: think about merging this with the writer. The
  * same applies to the other computation algos.
  */
 static int
-verifySigblkFinish(gtfile gf)
+verifySigblkFinish(gtfile gf, GTDataHash **pRoot)
 {
 	GTDataHash *root, *rootDel;
 	int8_t j;
@@ -753,15 +745,16 @@ verifySigblkFinish(gtfile gf)
 			GTDataHash_free(rootDel);
 		}
 	}
-	r = verifyTimestamp(gf, root);
 
 	free(gf->blkStrtHash);
 	gf->blkStrtHash = NULL;
+	*pRoot = root;
 	// We do not need the following as we take this from the block params
 	// (but I leave it in in order to aid getting to common code)
 	//gf->lenBlkStrtHash = gf->x_prev->digest_length;
 	//gf->blkStrtHash = malloc(gf->lenBlkStrtHash);
 	//memcpy(gf->blkStrtHash, gf->x_prev->digest, gf->lenBlkStrtHash);
+	r = 0;
 done:
 	gf->bInBlk = 0;
 	return r;
@@ -778,8 +771,9 @@ verifyBLOCK_SIG(block_sig_t *bs, gtfile gf, FILE *sigfp, uint64_t nRecs)
 	block_sig_t *file_bs;
 	GTTimestamp *timestamp = NULL;
 	GTVerificationInfo *vrfyInf;
+	GTDataHash *root = NULL;
 	
-	if((r = verifySigblkFinish(gf)) != 0)
+	if((r = verifySigblkFinish(gf, &root)) != 0)
 		goto done;
 	if((r = rsgt_tlvrdVrfyBlockSig(sigfp, &file_bs)) != 0)
 		goto done;
@@ -793,8 +787,11 @@ printf("len DER timestamp: %d, data %p\n", (int) file_bs->sig.der.len, file_bs->
 	gtstate = GTTimestamp_DERDecode(file_bs->sig.der.data,
 					file_bs->sig.der.len, &timestamp);
 printf("result of GTTimestamp_DERDecode: %d\n", gtstate);
-	gtstate = GTTimestamp_verify(timestamp, 1, &vrfyInf);
-printf("result of GTTimestamp_verify: %d, verf_err %d\n", gtstate, vrfyInf->verification_errors );
+	gtstate = GTHTTP_verifyTimestampHash(timestamp, root, NULL,
+			NULL, NULL,
+			"http://verify.guardtime.com/gt-controlpublications.bin",
+			0, &vrfyInf);
+printf("result of HTTP_vrfy: %d: %s\n", gtstate, GTHTTP_getErrorString(gtstate));
 	if(! (gtstate == GT_OK
 	      && vrfyInf->verification_errors == GT_NO_FAILURES) ) {
 		r = RSGTE_INVLD_TIMESTAMP; goto done;
diff --git a/tools/rsgtutil.c b/tools/rsgtutil.c
index cc045f8c..0ccfcd7b 100644
--- a/tools/rsgtutil.c
+++ b/tools/rsgtutil.c
@@ -192,6 +192,9 @@ verify(char *name)
 			goto err;
 		}
 	}
+
+	rsgtInit("rsyslog rsgtutil " VERSION);
+
 	if((r = rsgt_chkFileHdr(sigfp, "LOGSIG10")) != 0) goto err;
 
 	gf = rsgt_vrfyConstruct_gf();
@@ -231,6 +234,7 @@ err:
 		fclose(sigfp);
 	if(r != RSGTE_EOF)
 		fprintf(stderr, "error %d processing file %s [%s]\n", r, name, sigfname);
+	rsgtExit();
 }
 
 static void
-- 
cgit v1.2.3


From cec4c3d3a2cf429999c37d8e987d1186c0755e9b Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Mon, 18 Mar 2013 17:34:09 +0100
Subject: logsig: fix abort if no signature provider was configured

---
 tools/omfile.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/tools/omfile.c b/tools/omfile.c
index 4740ed1d..faf3c24f 100644
--- a/tools/omfile.c
+++ b/tools/omfile.c
@@ -759,7 +759,9 @@ doWrite(instanceData *pData, uchar *pszBuf, int lenBuf)
 	DBGPRINTF("write to stream, pData->pStrm %p, lenBuf %d\n", pData->pStrm, lenBuf);
 	if(pData->pStrm != NULL){
 		CHKiRet(strm.Write(pData->pStrm, pszBuf, lenBuf));
-		CHKiRet(pData->sigprov.OnRecordWrite(pData->sigprovFileData, pszBuf, lenBuf));
+		if(pData->useSigprov) {
+			CHKiRet(pData->sigprov.OnRecordWrite(pData->sigprovFileData, pszBuf, lenBuf));
+		}
 	}
 
 finalize_it:
-- 
cgit v1.2.3


From 9101b00ed29145bde5b816889544eed4638f0925 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Mon, 18 Mar 2013 17:36:38 +0100
Subject: logsig: fix calculation of merkle tree at end of signature block

---
 runtime/librsgt.c      | 2 +-
 runtime/librsgt_read.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/runtime/librsgt.c b/runtime/librsgt.c
index 92b0d412..20c8fd79 100644
--- a/runtime/librsgt.c
+++ b/runtime/librsgt.c
@@ -649,7 +649,7 @@ sigblkFinish(gtfile gf)
 	root = NULL;
 	for(j = 0 ; j < gf->nRoots ; ++j) {
 		if(root == NULL) {
-			root = gf->roots_hash[j];
+			root = gf->roots_valid[j] ? gf->roots_hash[j] : NULL;
 			gf->roots_valid[j] = 0; /* guess this is redundant with init, maybe del */
 		} else if(gf->roots_valid[j]) {
 			rootDel = root;
diff --git a/runtime/librsgt_read.c b/runtime/librsgt_read.c
index 0cc5f492..32a62c65 100644
--- a/runtime/librsgt_read.c
+++ b/runtime/librsgt_read.c
@@ -744,7 +744,7 @@ verifySigblkFinish(gtfile gf)
 	root = NULL;
 	for(j = 0 ; j < gf->nRoots ; ++j) {
 		if(root == NULL) {
-			root = gf->roots_hash[j];
+			root = gf->roots_valid[j] ? gf->roots_hash[j] : NULL;
 			gf->roots_valid[j] = 0; /* guess this is redundant with init, maybe del */
 		} else if(gf->roots_valid[j]) {
 			rootDel = root;
-- 
cgit v1.2.3


From 785e0c3c8b00614b6f780f902442025f4558a160 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Tue, 19 Mar 2013 15:26:21 +0100
Subject: logsig: complete initial version of verifier

---
 runtime/librsgt.c      |   9 +-
 runtime/librsgt.h      |  96 +++++++++++++++++++-
 runtime/librsgt_read.c | 231 ++++++++++++++++++++++++++++++++++++-------------
 runtime/lmsig_gt.c     |   3 +-
 tools/rsgtutil.c       |  61 +++++++++----
 5 files changed, 315 insertions(+), 85 deletions(-)

diff --git a/runtime/librsgt.c b/runtime/librsgt.c
index 20c8fd79..e24c3769 100644
--- a/runtime/librsgt.c
+++ b/runtime/librsgt.c
@@ -325,8 +325,11 @@ writeStateFile(gtfile gf)
 	memcpy(sf.hdr, "GTSTAT10", 8);
 	sf.hashID = hashIdentifier(gf->hashAlg);
 	sf.lenHash = gf->x_prev->digest_length;
-	write(fd, &sf, sizeof(sf));
-	write(fd, gf->x_prev->digest, gf->x_prev->digest_length);
+	/* if the write fails, we cannot do anything against that. We check
+	 * the condition just to keep the compiler happy.
+	 */
+	if(write(fd, &sf, sizeof(sf))){};
+	if(write(fd, gf->x_prev->digest, gf->x_prev->digest_length)){};
 	close(fd);
 done:	return;
 }
@@ -387,7 +390,7 @@ seedIV(gtfile gf)
 	 * will always work...).  -- TODO -- rgerhards, 2013-03-06
 	 */
 	if((fd = open("/dev/urandom", O_RDONLY)) > 0) {
-		read(fd, gf->IV, hashlen);
+		if(read(fd, gf->IV, hashlen)) {}; /* keep compiler happy */
 		close(fd);
 	}
 }
diff --git a/runtime/librsgt.h b/runtime/librsgt.h
index 26eaf8ee..98384bb9 100644
--- a/runtime/librsgt.h
+++ b/runtime/librsgt.h
@@ -73,10 +73,39 @@ struct gtfile_s {
 	int	tlvIdx; /* current index into tlvBuf */
 };
 typedef struct gtfile_s *gtfile;
-
+typedef struct gterrctx_s gterrctx_t;
 typedef struct imprint_s imprint_t;
 typedef struct block_sig_s block_sig_t;
 
+/* The following structure describes the "error context" to be used
+ * for verification and similiar reader functions. While verifying,
+ * we need some information (like filenames or block numbers) that
+ * is not readily available from the other objects (or not even known
+ * to librsgt). In order to provide meaningful error messages, this
+ * information must be passed in from the external callers. In order
+ * to centralize information (and make it more manageable), we use
+ * ths error context here, which contains everything needed to
+ * generate good error messages. Members of this structure are
+ * maintained both by library users (the callers) as well as
+ * the library itself. Who does what simply depends on who has
+ * the relevant information.
+ */
+struct gterrctx_s {
+	FILE *fp;	/**< file for error messages */
+	char *filename;
+	uint8_t verbose;
+	uint64_t recNumInFile;
+	uint64_t recNum;
+	uint64_t blkNum;
+	uint8_t treeLevel;
+	GTDataHash *computedHash;
+	GTDataHash *lefthash, *righthash; /* hashes to display if tree hash fails */
+	imprint_t *fileHash;
+	int gtstate;	/* status from last relevant GT.*() function call */
+	char *errRec;
+	char *frstRecInBlk; /* This holds the first message seen inside the current block */
+};
+
 struct imprint_s {
 	uint8_t hashID;
 	int	len;
@@ -115,7 +144,7 @@ struct rsgtstatefile {
 #define RSGTE_INVLTYP 3	/* invalid TLV type record (unexcpected at this point) */
 #define RSGTE_OOM 4	/* ran out of memory */
 #define RSGTE_LEN 5	/* error related to length records */
-#define RSGTE_NO_BLKSIG 6/* block signature record is missing --> invalid block */
+// 6 may be reused!
 #define RSGTE_INVLD_RECCNT 7/* mismatch between actual records and records
                                given in block-sig record */
 #define RSGTE_INVLHDR 8/* invalid file header */
@@ -128,6 +157,57 @@ struct rsgtstatefile {
 #define RSGTE_INVLD_TREE_HASHID 15 /* invalid tree hash ID (failed verification) */
 #define RSGTE_MISS_BLOCKSIG 16 /* block signature record missing when expected */
 #define RSGTE_INVLD_TIMESTAMP 17 /* RFC3161 timestamp is invalid */
+#define RSGTE_TS_DERDECODE 18 /* error DER-Decoding a timestamp */
+
+/* the following function maps RSGTE_* state to a string - must be updated
+ * whenever a new state is added.
+ * Note: it is thread-safe to call this function, as it returns a pointer
+ * into constant memory pool.
+ */
+static inline char *
+RSGTE2String(int err)
+{
+	switch(err) {
+	case 0:
+		return "success";
+	case RSGTE_IO:
+		return "i/o error";
+	case RSGTE_FMT:
+		return "data format error";
+	case RSGTE_INVLTYP:
+		return "invalid/unexpected tlv record type";
+	case RSGTE_OOM:
+		return "out of memory";
+	case RSGTE_LEN:
+		return "length record problem";
+	case RSGTE_INVLD_RECCNT:
+		return "mismatch between actual record count and number in block signature record";
+	case RSGTE_INVLHDR:
+		return "invalid file header";
+	case RSGTE_EOF:
+		return "EOF";
+	case RSGTE_MISS_REC_HASH:
+		return "record hash missing";
+	case RSGTE_MISS_TREE_HASH:
+		return "tree hash missing";
+	case RSGTE_INVLD_REC_HASH:
+		return "record hash mismatch";
+	case RSGTE_INVLD_TREE_HASH:
+		return "tree hash mismatch";
+	case RSGTE_INVLD_REC_HASHID:
+		return "invalid record hash ID";
+	case RSGTE_INVLD_TREE_HASHID:
+		return "invalid tree hash ID";
+	case RSGTE_MISS_BLOCKSIG:
+		return "missing block signature record";
+	case RSGTE_INVLD_TIMESTAMP:
+		return "RFC3161 timestamp invalid";
+	case RSGTE_TS_DERDECODE:
+		return "error DER-decoding RFC3161 timestamp";
+	default:
+		return "unknown error";
+	}
+}
 
 
 static inline uint16_t
@@ -263,11 +343,19 @@ int rsgt_getBlockParams(FILE *fp, uint8_t bRewind, block_sig_t **bs, uint8_t *bH
 int rsgt_chkFileHdr(FILE *fp, char *expect);
 gtfile rsgt_vrfyConstruct_gf(void);
 void rsgt_vrfyBlkInit(gtfile gf, block_sig_t *bs, uint8_t bHasRecHashes, uint8_t bHasIntermedHashes);
-int rsgt_vrfy_nextRec(block_sig_t *bs, gtfile gf, FILE *sigfp, unsigned char *rec, size_t lenRec);
-int verifyBLOCK_SIG(block_sig_t *bs, gtfile gf, FILE *sigfp, uint64_t nRecs);
+int rsgt_vrfy_nextRec(block_sig_t *bs, gtfile gf, FILE *sigfp, unsigned char *rec, size_t lenRec, gterrctx_t *ectx);
+int verifyBLOCK_SIG(block_sig_t *bs, gtfile gf, FILE *sigfp, gterrctx_t *ectx);
+void rsgt_errctxInit(gterrctx_t *ectx);
+void rsgt_errctxExit(gterrctx_t *ectx);
+void rsgt_errctxSetErrRec(gterrctx_t *ectx, char *rec);
+void rsgt_errctxFrstRecInBlk(gterrctx_t *ectx, char *rec);
+
 
 /* TODO: replace these? */
 void hash_m(gtfile gf, GTDataHash **m);
 void hash_r(gtfile gf, GTDataHash **r, const unsigned char *rec, const size_t len);
 void hash_node(gtfile gf, GTDataHash **node, GTDataHash *m, GTDataHash *r, uint8_t level);
+extern char *rsgt_read_puburl; /**< url of publication server */
+extern uint8_t rsgt_read_showVerified;
+
 #endif  /* #ifndef INCLUDED_LIBRSGT_H */
diff --git a/runtime/librsgt_read.c b/runtime/librsgt_read.c
index d756c336..e32ae454 100644
--- a/runtime/librsgt_read.c
+++ b/runtime/librsgt_read.c
@@ -48,6 +48,8 @@ typedef unsigned char uchar;
 #define MAXFNAME 1024
 
 static int rsgt_read_debug = 0;
+char *rsgt_read_puburl = "http://verify.guardtime.com/gt-controlpublications.bin";
+uint8_t rsgt_read_showVerified = 0;
 
 /* macro to obtain next char from file including error tracking */
 #define NEXTC	if((c = fgetc(fp)) == EOF) { \
@@ -58,6 +60,130 @@ static int rsgt_read_debug = 0;
 /* check return state of operation and abort, if non-OK */
 #define CHKr(code) if((r = code) != 0) goto done
 
+
+/* if verbose==0, only the first and last two octets are shown,
+ * otherwise everything.
+ */
+static void
+outputHexBlob(FILE *fp, uint8_t *blob, uint16_t len, uint8_t verbose)
+{
+	unsigned i;
+	if(verbose || len <= 8) {
+		for(i = 0 ; i < len ; ++i)
+			fprintf(fp, "%2.2x", blob[i]);
+	} else {
+		fprintf(fp, "%2.2x%2.2x%2.2x[...]%2.2x%2.2x%2.2x",
+			blob[0], blob[1], blob[2],
+			blob[len-3], blob[len-2], blob[len-1]);
+	}
+}
+
+static inline void
+outputHash(FILE *fp, char *hdr, uint8_t *data, uint16_t len, uint8_t verbose)
+{
+	fprintf(fp, "%s", hdr);
+	outputHexBlob(fp, data, len, verbose);
+	fputc('\n', fp);
+}
+
+void
+rsgt_errctxInit(gterrctx_t *ectx)
+{
+	ectx->fp = NULL;
+	ectx->filename = NULL;
+	ectx->recNum = 0;
+	ectx->recNumInFile = 0;
+	ectx->blkNum = 0;
+	ectx->verbose = 0;
+	ectx->errRec = NULL;
+	ectx->frstRecInBlk = NULL;
+}
+void
+rsgt_errctxExit(gterrctx_t *ectx)
+{
+	free(ectx->filename);
+	free(ectx->frstRecInBlk);
+}
+
+/* note: we do not copy the record, so the caller MUST not destruct
+ * it before processing of the record is completed. To remove the
+ * current record without setting a new one, call this function
+ * with rec==NULL.
+ */
+void
+rsgt_errctxSetErrRec(gterrctx_t *ectx, char *rec)
+{
+	ectx->errRec = strdup(rec);
+}
+/* This stores the block's first record. Here we copy the data,
+ * as the caller will usually not preserve it long enough.
+ */
+void
+rsgt_errctxFrstRecInBlk(gterrctx_t *ectx, char *rec)
+{
+	free(ectx->frstRecInBlk);
+	ectx->frstRecInBlk = strdup(rec);
+}
+
+static void
+reportError(int errcode, gterrctx_t *ectx)
+{
+	if(ectx->fp != NULL) {
+		fprintf(ectx->fp, "%s[%llu:%llu:%llu]: error[%u]: %s\n",
+			ectx->filename,
+			(long long unsigned) ectx->blkNum, (long long unsigned) ectx->recNum,
+			(long long unsigned) ectx->recNumInFile,
+			errcode, RSGTE2String(errcode));
+		if(ectx->frstRecInBlk != NULL)
+			fprintf(ectx->fp, "\tBlock Start Record.: '%s'\n", ectx->frstRecInBlk);
+		if(ectx->errRec != NULL)
+			fprintf(ectx->fp, "\tRecord in Question.: '%s'\n", ectx->errRec);
+		if(ectx->computedHash != NULL) {
+			outputHash(ectx->fp, "\tComputed Hash......: ", ectx->computedHash->digest,
+				ectx->computedHash->digest_length, ectx->verbose);
+		}
+		if(ectx->fileHash != NULL) {
+			outputHash(ectx->fp, "\tSignature File Hash: ", ectx->fileHash->data,
+				ectx->fileHash->len, ectx->verbose);
+		}
+		if(errcode == RSGTE_INVLD_TREE_HASH ||
+		   errcode == RSGTE_INVLD_TREE_HASHID) {
+			fprintf(ectx->fp, "\tTree Level.........: %d\n", (int) ectx->treeLevel);
+			outputHash(ectx->fp, "\tTree Left Hash.....: ", ectx->lefthash->digest,
+				ectx->lefthash->digest_length, ectx->verbose);
+			outputHash(ectx->fp, "\tTree Right Hash....: ", ectx->righthash->digest,
+				ectx->righthash->digest_length, ectx->verbose);
+		}
+		if(errcode == RSGTE_INVLD_TIMESTAMP ||
+		   errcode == RSGTE_TS_DERDECODE) {
+			fprintf(ectx->fp, "\tPublication Server.: %s\n", rsgt_read_puburl);
+			fprintf(ectx->fp, "\tGT Verify Timestamp: [%u]%s\n",
+				ectx->gtstate, GTHTTP_getErrorString(ectx->gtstate));
+		}
+	}
+}
+
+/* obviously, this is not an error-reporting function. We still use
+ * ectx, as it has most information we need.
+ */
+static void
+reportVerifySuccess(gterrctx_t *ectx)
+{
+	if(ectx->fp != NULL) {
+		fprintf(ectx->fp, "%s[%llu:%llu:%llu]: block signature successfully verified\n",
+			ectx->filename,
+			(long long unsigned) ectx->blkNum, (long long unsigned) ectx->recNum,
+			(long long unsigned) ectx->recNumInFile);
+		if(ectx->frstRecInBlk != NULL)
+			fprintf(ectx->fp, "\tBlock Start Record.: '%s'\n", ectx->frstRecInBlk);
+		if(ectx->errRec != NULL)
+			fprintf(ectx->fp, "\tBlock End Record...: '%s'\n", ectx->errRec);
+		fprintf(ectx->fp, "\tGT Verify Timestamp: [%u]%s\n",
+			ectx->gtstate, GTHTTP_getErrorString(ectx->gtstate));
+	}
+}
+
+
 /**
  * Read a header from a binary file.
  * @param[in] fp file pointer for processing
@@ -239,7 +365,6 @@ rsgt_tlvrdBLOCK_SIG(FILE *fp, block_sig_t **blocksig, uint16_t tlvlen)
 		   2 + lenInt /* rec-count */ +
 		   4 + bs->sig.der.len /* rfc-3161 */;
 	if(sizeRead != tlvlen) {
-		printf("length record error!\n");
 		r = RSGTE_LEN;
 		goto done;
 	}
@@ -285,7 +410,6 @@ rsgt_tlvrdRecHash(FILE *fp, imprint_t **imp)
 	uint16_t tlvtype, tlvlen;
 
 	if((r = rsgt_tlvrdTL(fp, &tlvtype, &tlvlen)) != 0) goto done;
-printf("read tlvtype %4.4x\n", tlvtype);
 	if(tlvtype != 0x0900) {
 		r = RSGTE_MISS_REC_HASH;
 		goto done;
@@ -302,7 +426,6 @@ rsgt_tlvrdTreeHash(FILE *fp, imprint_t **imp)
 	uint16_t tlvtype, tlvlen;
 
 	if((r = rsgt_tlvrdTL(fp, &tlvtype, &tlvlen)) != 0) goto done;
-printf("read tlvtype %4.4x\n", tlvtype);
 	if(tlvtype != 0x0901) {
 		r = RSGTE_MISS_TREE_HASH;
 		goto done;
@@ -320,7 +443,6 @@ rsgt_tlvrdVrfyBlockSig(FILE *fp, block_sig_t **bs)
 	uint16_t tlvtype, tlvlen;
 
 	if((r = rsgt_tlvrdTL(fp, &tlvtype, &tlvlen)) != 0) goto done;
-printf("read tlvtype %4.4x\n", tlvtype);
 	if(tlvtype != 0x0902) {
 		r = RSGTE_MISS_BLOCKSIG;
 		goto done;
@@ -372,24 +494,6 @@ rsgt_tlvrd(FILE *fp, uint16_t *tlvtype, uint16_t *tlvlen, void *obj)
 done:	return r;
 }
 
-
-/* if verbose==0, only the first and last two octets are shown,
- * otherwise everything.
- */
-static void
-outputHexBlob(FILE *fp, uint8_t *blob, uint16_t len, uint8_t verbose)
-{
-	unsigned i;
-	if(verbose || len <= 6) {
-		for(i = 0 ; i < len ; ++i)
-			fprintf(fp, "%2.2x", blob[i]);
-	} else {
-		fprintf(fp, "%2.2x%2.2x[...]%2.2x%2.2x",
-			blob[0], blob[1],
-			blob[len-2], blob[len-1]);
-	}
-}
-
 /* return if a blob is all zero */
 static inline int
 blobIsZero(uint8_t *blob, uint16_t len)
@@ -412,14 +516,14 @@ rsgt_printIMPRINT(FILE *fp, char *name, imprint_t *imp, uint8_t verbose)
 static void
 rsgt_printREC_HASH(FILE *fp, imprint_t *imp, uint8_t verbose)
 {
-	rsgt_printIMPRINT(fp, "[0x0900]Record hash................: ",
+	rsgt_printIMPRINT(fp, "[0x0900]Record hash: ",
 		imp, verbose);
 }
 
 static void
 rsgt_printINT_HASH(FILE *fp, imprint_t *imp, uint8_t verbose)
 {
-	rsgt_printIMPRINT(fp, "[0x0901]Intermediate aggregate hash: ",
+	rsgt_printIMPRINT(fp, "[0x0901]Tree hash..: ",
 		imp, verbose);
 }
 
@@ -608,20 +712,26 @@ rsgt_vrfyBlkInit(gtfile gf, block_sig_t *bs, uint8_t bHasRecHashes, uint8_t bHas
 }
 
 static int
-rsgt_vrfy_chkRecHash(gtfile gf, FILE *sigfp, GTDataHash *recHash)
+rsgt_vrfy_chkRecHash(gtfile gf, FILE *sigfp, GTDataHash *recHash, gterrctx_t *ectx)
 {
 	int r = 0;
 	imprint_t *imp;
 
 	if((r = rsgt_tlvrdRecHash(sigfp, &imp)) != 0)
+		reportError(r, ectx);
 		goto done;
 	if(imp->hashID != hashIdentifier(gf->hashAlg)) {
+		reportError(r, ectx);
 		r = RSGTE_INVLD_REC_HASHID;
 		goto done;
 	}
 	if(memcmp(imp->data, recHash->digest,
 		  hashOutputLengthOctets(imp->hashID))) {
 		r = RSGTE_INVLD_REC_HASH;
+		ectx->computedHash = recHash;
+		ectx->fileHash = imp;
+		reportError(r, ectx);
+		ectx->computedHash = NULL, ectx->fileHash = NULL;
 		goto done;
 	}
 	r = 0;
@@ -630,38 +740,37 @@ done:
 }
 
 static int
-rsgt_vrfy_chkTreeHash(gtfile gf, FILE *sigfp, GTDataHash *hash)
+rsgt_vrfy_chkTreeHash(gtfile gf, FILE *sigfp, GTDataHash *hash, gterrctx_t *ectx)
 {
 	int r = 0;
 	imprint_t *imp;
 
-	if((r = rsgt_tlvrdTreeHash(sigfp, &imp)) != 0)
+	if((r = rsgt_tlvrdTreeHash(sigfp, &imp)) != 0) {
+		reportError(r, ectx);
 		goto done;
+	}
 	if(imp->hashID != hashIdentifier(gf->hashAlg)) {
+		reportError(r, ectx);
 		r = RSGTE_INVLD_TREE_HASHID;
 		goto done;
 	}
-//printf("imp  hash:");
-//outputHexBlob(stdout, imp->data, hashOutputLengthOctets(imp->hashID), 1);
-//printf("\ntree hash:");
-//outputHexBlob(stdout, hash->digest, hashOutputLengthOctets(imp->hashID), 1);
-//printf("\nlenBlkStrtHAsh %d\nblkstrt hash:", gf->lenBlkStrtHash);
-//outputHexBlob(stdout, gf->blkStrtHash, gf->lenBlkStrtHash, 1);
-//printf("\n");
 	if(memcmp(imp->data, hash->digest,
 		  hashOutputLengthOctets(imp->hashID))) {
 		r = RSGTE_INVLD_TREE_HASH;
+		ectx->computedHash = hash;
+		ectx->fileHash = imp;
+		reportError(r, ectx);
+		ectx->computedHash = NULL, ectx->fileHash = NULL;
 		goto done;
 	}
 	r = 0;
-printf("Tree hash OK\n");
 done:
 	return r;
 }
 
 int
 rsgt_vrfy_nextRec(block_sig_t *bs, gtfile gf, FILE *sigfp, unsigned char *rec,
-	size_t len)
+	size_t len, gterrctx_t *ectx)
 {
 	int r = 0;
 	GTDataHash *x; /* current hash */
@@ -671,13 +780,15 @@ rsgt_vrfy_nextRec(block_sig_t *bs, gtfile gf, FILE *sigfp, unsigned char *rec,
 	hash_m(gf, &m);
 	hash_r(gf, &recHash, rec, len);
 	if(gf->bKeepRecordHashes) {
-		r = rsgt_vrfy_chkRecHash(gf, sigfp, recHash);
+		r = rsgt_vrfy_chkRecHash(gf, sigfp, recHash, ectx);
 		if(r != 0) goto done;
 	}
 	hash_node(gf, &x, m, recHash, 1); /* hash leaf */
-	/* persists x here if Merkle tree needs to be persisted! */
 	if(gf->bKeepTreeHashes) {
-		r = rsgt_vrfy_chkTreeHash(gf, sigfp, x);
+		ectx->treeLevel = 0;
+		ectx->lefthash = m;
+		ectx->righthash = recHash;
+		r = rsgt_vrfy_chkTreeHash(gf, sigfp, x, ectx);
 		if(r != 0) goto done;
 	}
 	/* add x to the forest as new leaf, update roots list */
@@ -690,14 +801,16 @@ rsgt_vrfy_nextRec(block_sig_t *bs, gtfile gf, FILE *sigfp, unsigned char *rec,
 			break;
 		} else if(t != NULL) {
 			/* hash interim node */
+			ectx->treeLevel = j+1;
+			ectx->righthash = t;
 			hash_node(gf, &t, gf->roots_hash[j], t, j+2);
 			gf->roots_valid[j] = 0;
-			GTDataHash_free(gf->roots_hash[j]);
-			// TODO: check if this is correct location (paper!)
 			if(gf->bKeepTreeHashes) {
-				r = rsgt_vrfy_chkTreeHash(gf, sigfp, t);
-				if(r != 0) goto done;
+				ectx->lefthash = gf->roots_hash[j];
+				r = rsgt_vrfy_chkTreeHash(gf, sigfp, t, ectx);
+				if(r != 0) goto done; /* mem leak ok, we terminate! */
 			}
+			GTDataHash_free(gf->roots_hash[j]);
 		}
 	}
 	if(t != NULL) {
@@ -749,11 +862,6 @@ verifySigblkFinish(gtfile gf, GTDataHash **pRoot)
 	free(gf->blkStrtHash);
 	gf->blkStrtHash = NULL;
 	*pRoot = root;
-	// We do not need the following as we take this from the block params
-	// (but I leave it in in order to aid getting to common code)
-	//gf->lenBlkStrtHash = gf->x_prev->digest_length;
-	//gf->blkStrtHash = malloc(gf->lenBlkStrtHash);
-	//memcpy(gf->blkStrtHash, gf->x_prev->digest, gf->lenBlkStrtHash);
 	r = 0;
 done:
 	gf->bInBlk = 0;
@@ -764,7 +872,7 @@ done:
  * Merkle tree root for the current block.
  */
 int
-verifyBLOCK_SIG(block_sig_t *bs, gtfile gf, FILE *sigfp, uint64_t nRecs)
+verifyBLOCK_SIG(block_sig_t *bs, gtfile gf, FILE *sigfp, gterrctx_t *ectx)
 {
 	int r;
 	int gtstate;
@@ -777,29 +885,34 @@ verifyBLOCK_SIG(block_sig_t *bs, gtfile gf, FILE *sigfp, uint64_t nRecs)
 		goto done;
 	if((r = rsgt_tlvrdVrfyBlockSig(sigfp, &file_bs)) != 0)
 		goto done;
-printf("got sig block, now doing checks \n");
-	if(nRecs != bs->recCount) {
+	if(ectx->recNum != bs->recCount) {
 		r = RSGTE_INVLD_RECCNT;
 		goto done;
 	}
 
-printf("len DER timestamp: %d, data %p\n", (int) file_bs->sig.der.len, file_bs->sig.der.data);
 	gtstate = GTTimestamp_DERDecode(file_bs->sig.der.data,
 					file_bs->sig.der.len, &timestamp);
-printf("result of GTTimestamp_DERDecode: %d\n", gtstate);
+	if(gtstate != GT_OK) {
+		r = RSGTE_TS_DERDECODE;
+		ectx->gtstate = gtstate;
+		goto done;
+	}
+
 	gtstate = GTHTTP_verifyTimestampHash(timestamp, root, NULL,
-			NULL, NULL,
-			"http://verify.guardtime.com/gt-controlpublications.bin",
-			0, &vrfyInf);
-printf("result of HTTP_vrfy: %d: %s\n", gtstate, GTHTTP_getErrorString(gtstate));
+			NULL, NULL, rsgt_read_puburl, 0, &vrfyInf);
 	if(! (gtstate == GT_OK
 	      && vrfyInf->verification_errors == GT_NO_FAILURES) ) {
-		r = RSGTE_INVLD_TIMESTAMP; goto done;
+		r = RSGTE_INVLD_TIMESTAMP;
+		ectx->gtstate = gtstate;
+		goto done;
 	}
 
-printf("root timestamp OK\n");
 	r = 0;
+	if(rsgt_read_showVerified)
+		reportVerifySuccess(ectx);
 done:
+	if(r != 0)
+		reportError(r, ectx);
 	if(timestamp != NULL)
 		GTTimestamp_free(timestamp);
 	return r;
diff --git a/runtime/lmsig_gt.c b/runtime/lmsig_gt.c
index 54a795a1..d61f3a86 100644
--- a/runtime/lmsig_gt.c
+++ b/runtime/lmsig_gt.c
@@ -118,9 +118,10 @@ SetCnfParam(void *pT, struct nvlst *lst)
 
 
 static rsRetVal
-OnFileOpen(void *pT, uchar *fn, gtfile *pgf)
+OnFileOpen(void *pT, uchar *fn, void *pGF)
 {
 	lmsig_gt_t *pThis = (lmsig_gt_t*) pT;
+	gtfile *pgf = (gtfile*) pGF;
 	DEFiRet;
 dbgprintf("DDDD: onFileOpen: %s\n", fn);
 	
diff --git a/tools/rsgtutil.c b/tools/rsgtutil.c
index 0ccfcd7b..d9cce2f7 100644
--- a/tools/rsgtutil.c
+++ b/tools/rsgtutil.c
@@ -101,9 +101,9 @@ showSigblkParams(char *name)
 		++blkCnt;
 		rsgt_printBLOCK_SIG(stdout, bs, verbose);
 		printf("\t***META INFORMATION:\n");
-		printf("\tBlock Nbr in File......: %llu\n", blkCnt);
-		printf("\tHas Record Hashes......: %d\n", bHasRecHashes);
-		printf("\tHas Intermediate Hashes: %d\n", bHasIntermedHashes);
+		printf("\tBlock Nbr in File...: %llu\n", blkCnt);
+		printf("\tHas Record Hashes...: %d\n", bHasRecHashes);
+		printf("\tHas Tree Hashes.....: %d\n", bHasIntermedHashes);
 	}
 
 	if(fp != stdin)
@@ -145,7 +145,7 @@ err:	fprintf(stderr, "error %d processing file %s\n", r, name);
 }
 
 static inline int
-doVerifyRec(FILE *logfp, FILE *sigfp, block_sig_t *bs, gtfile gf)
+doVerifyRec(FILE *logfp, FILE *sigfp, block_sig_t *bs, gtfile gf, gterrctx_t *ectx, uint8_t bInBlock)
 {
 	int r;
 	size_t lenRec;
@@ -156,10 +156,19 @@ doVerifyRec(FILE *logfp, FILE *sigfp, block_sig_t *bs, gtfile gf)
 		goto done;
 	}
 	lenRec = strlen(rec);
-	if(rec[lenRec-1] == '\n')
+	if(rec[lenRec-1] == '\n') {
+		rec[lenRec-1] = '\0';
 		--lenRec;
+		rsgt_errctxSetErrRec(ectx, rec);
+	}
+
+	/* we need to preserve the first record of each block for
+	 * error-reporting purposes (bInBlock==0 meanst start of block)
+	 */
+	if(bInBlock == 0)
+		rsgt_errctxFrstRecInBlk(ectx, rec);
 
-	r = rsgt_vrfy_nextRec(bs, gf, sigfp, (unsigned char*)rec, lenRec);
+	r = rsgt_vrfy_nextRec(bs, gf, sigfp, (unsigned char*)rec, lenRec, ectx);
 done:
 	return r;
 }
@@ -174,8 +183,8 @@ verify(char *name)
 	uint8_t bHasRecHashes, bHasIntermedHashes;
 	uint8_t bInBlock;
 	int r = 0;
-	uint64_t nRecs;
 	char sigfname[4096];
+	gterrctx_t ectx;
 	
 	if(!strcmp(name, "-")) {
 		fprintf(stderr, "verify mode cannot work on stdin\n");
@@ -194,6 +203,10 @@ verify(char *name)
 	}
 
 	rsgtInit("rsyslog rsgtutil " VERSION);
+	rsgt_errctxInit(&ectx);
+	ectx.verbose = verbose;
+	ectx.fp = stderr;
+	ectx.filename = strdup(sigfname);
 
 	if((r = rsgt_chkFileHdr(sigfp, "LOGSIG10")) != 0) goto err;
 
@@ -204,28 +217,31 @@ verify(char *name)
 	}
 
 	bInBlock = 0;
+	ectx.blkNum = 0;
+	ectx.recNumInFile = 0;
 
 	while(!feof(logfp)) {
 		if(bInBlock == 0) {
 			if((r = rsgt_getBlockParams(sigfp, 1, &bs, &bHasRecHashes,
 							&bHasIntermedHashes)) != 0)
 				goto err;
-			rsgt_vrfyBlkInit(gf, bs, bHasRecHashes,
-						bHasIntermedHashes);
-			nRecs = 0;
-			bInBlock = 1;
+			rsgt_vrfyBlkInit(gf, bs, bHasRecHashes, bHasIntermedHashes);
+			ectx.recNum = 0;
+			++ectx.blkNum;
 		}
-		++nRecs;
-		if((r = doVerifyRec(logfp, sigfp, bs, gf)) != 0)
+		++ectx.recNum, ++ectx.recNumInFile;
+		if((r = doVerifyRec(logfp, sigfp, bs, gf, &ectx, bInBlock)) != 0)
 			goto err;
-		if(nRecs == bs->recCount) {
-			verifyBLOCK_SIG(bs, gf, sigfp, nRecs);
+		if(ectx.recNum == bs->recCount) {
+			verifyBLOCK_SIG(bs, gf, sigfp, &ectx);
 			bInBlock = 0;
-		}
+		} else	bInBlock = 1;
 	}
 
 	fclose(logfp);
 	fclose(sigfp);
+	rsgtExit();
+	rsgt_errctxExit(&ectx);
 	return;
 err:
 	if(logfp != NULL)
@@ -233,8 +249,9 @@ err:
 	if(sigfp != NULL)
 		fclose(sigfp);
 	if(r != RSGTE_EOF)
-		fprintf(stderr, "error %d processing file %s [%s]\n", r, name, sigfname);
+		fprintf(stderr, "error %d processing file %s\n", r, name);
 	rsgtExit();
+	rsgt_errctxExit(&ectx);
 }
 
 static void
@@ -265,6 +282,8 @@ static struct option long_options[] =
 	{"detect-file-type", no_argument, NULL, 'T'},
 	{"show-sigblock-params", no_argument, NULL, 'B'},
 	{"verify", no_argument, NULL, 't'}, /* 't' as in "test signatures" */
+	{"publications-server", optional_argument, NULL, 'P'},
+	{"show-verified", no_argument, NULL, 's'},
 	{NULL, 0, NULL, 0} 
 }; 
 
@@ -275,13 +294,16 @@ main(int argc, char *argv[])
 	int opt;
 
 	while(1) {
-		opt = getopt_long(argc, argv, "v", long_options, NULL);
+		opt = getopt_long(argc, argv, "DvVTBtPs", long_options, NULL);
 		if(opt == -1)
 			break;
 		switch(opt) {
 		case 'v':
 			verbose = 1;
 			break;
+		case 's':
+			rsgt_read_showVerified = 1;
+			break;
 		case 'V':
 			fprintf(stderr, "rsgtutil " VERSION "\n");
 			exit(0);
@@ -291,6 +313,9 @@ main(int argc, char *argv[])
 		case 'B':
 			mode = MD_SHOW_SIGBLK_PARAMS;
 			break;
+		case 'P':
+			rsgt_read_puburl = optarg;
+			break;
 		case 'T':
 			mode = MD_DETECT_FILE_TYPE;
 			break;
-- 
cgit v1.2.3


From aef0be0c1799fbb20955fc1dc014cb9c9772af88 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Tue, 19 Mar 2013 16:20:25 +0100
Subject: bugfix: solve compile problems on non-Linux platforms

Thanks to Michael Biebl for alerting us on this issue.
---
 configure.ac    | 1 +
 runtime/debug.c | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 7a4af19d..68769808 100644
--- a/configure.ac
+++ b/configure.ac
@@ -122,6 +122,7 @@ AC_CHECK_DECL([SCM_CREDENTIALS], [AC_DEFINE(HAVE_SCM_CREDENTIALS, [1], [set defi
 #include <sys/socket.h>])
 AC_CHECK_DECL([SO_TIMESTAMP], [AC_DEFINE(HAVE_SO_TIMESTAMP, [1], [set define])], [], [#include <sys/types.h>
 #include <sys/socket.h>])
+AC_CHECK_DECL([SYS_gettid], [AC_DEFINE(HAVE_SYS_gettid, [1], [set define])], [], [#include <sys/syscall.h>])
 AC_CHECK_MEMBER([struct sysinfo.uptime], [AC_DEFINE(HAVE_SYSINFO_UPTIME, [1], [set define])], [], [#include <sys/sysinfo.h>])
 
 # Check for MAXHOSTNAMELEN
diff --git a/runtime/debug.c b/runtime/debug.c
index 3cb22232..876f61d0 100644
--- a/runtime/debug.c
+++ b/runtime/debug.c
@@ -303,7 +303,7 @@ static inline void dbgFuncDBRemoveMutexLock(dbgFuncDB_t *pFuncDB, pthread_mutex_
 void
 dbgOutputTID(char* name)
 {
-#	ifdef	HAVE_SYSCALL
+#	if defined(HAVE_SYSCALL) && defined(HAVE_SYS_gettid)
 	if(bOutputTidToStderr)
 		fprintf(stderr, "thread tid %u, name '%s'\n",
 			(unsigned)syscall(SYS_gettid), name);
-- 
cgit v1.2.3


From 83c1920d7a6e675f1f433b047e8ed4e50e1050af Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Tue, 19 Mar 2013 16:55:25 +0100
Subject: require newer libestr due to a bug in it

---
 configure.ac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index ac6fd43d..86aaa20d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -32,7 +32,7 @@ AC_CANONICAL_HOST
 PKG_PROG_PKG_CONFIG
 
 # modules we require
-PKG_CHECK_MODULES(LIBESTR, libestr >= 0.1.2)
+PKG_CHECK_MODULES(LIBESTR, libestr >= 0.1.5)
 PKG_CHECK_MODULES(LIBEE, libee >= 0.4.0)
 PKG_CHECK_MODULES([JSON_C], [json])
 
-- 
cgit v1.2.3


From 25b53e72195272e4fbc7a4494b816a34138d5718 Mon Sep 17 00:00:00 2001
From: Philippe Muller <philippe.muller@gmail.com>
Date: Wed, 20 Mar 2013 09:27:04 +0100
Subject: bugfix: RainerScript getenv() function caused segfault when var was
 not found

Signed-off-by: Rainer Gerhards <rgerhards@adiscon.com>
---
 ChangeLog              | 3 +++
 grammar/rainerscript.c | 6 +++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 9acbbf27..b0e943c2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,9 @@ Version 7.2.7  [v7-stable] 2013-03-??
 - improved debugging support in forked (auto-backgrounding) mode
   The rsyslog debug log file is now continued to be written across the
   fork.
+- bugfix: RainerScript getenv() function caused segfault when var was
+  not found.
+  Thanks to Philippe Muller for the patch.
 - bugfix: several issues in imkmsg
   see bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=421#c8
 - bugfix: imuxsock was missing SysSock.ParseTrusted module parameter
diff --git a/grammar/rainerscript.c b/grammar/rainerscript.c
index 20b86c5c..b04e53b5 100644
--- a/grammar/rainerscript.c
+++ b/grammar/rainerscript.c
@@ -1071,8 +1071,12 @@ doFuncCall(struct cnffunc *func, struct var *ret, void* usrptr)
 		estr = var2String(&r[0], &bMustFree);
 		str = (char*) es_str2cstr(estr, NULL);
 		envvar = getenv(str);
+		if(envvar == NULL) {
+			ret->d.estr = es_newStr(0);
+		} else {
+			ret->d.estr = es_newStrFromCStr(envvar, strlen(envvar));
+		}
 		ret->datatype = 'S';
-		ret->d.estr = es_newStrFromCStr(envvar, strlen(envvar));
 		if(bMustFree) es_deleteStr(estr);
 		if(r[0].datatype == 'S') es_deleteStr(r[0].d.estr);
 		free(str);
-- 
cgit v1.2.3


From 619c70d31f33deb8538636ac1302a2d4032a844e Mon Sep 17 00:00:00 2001
From: Philippe Muller <philippe.muller@gmail.com>
Date: Wed, 20 Mar 2013 09:27:04 +0100
Subject: bugfix: RainerScript getenv() function caused segfault when var was
 not found

This patch is released under ASL 2.0 as of email conversation from
2013-03-20.

Signed-off-by: Rainer Gerhards <rgerhards@adiscon.com>
---
 ChangeLog              | 3 +++
 grammar/rainerscript.c | 6 +++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 9acbbf27..b0e943c2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,9 @@ Version 7.2.7  [v7-stable] 2013-03-??
 - improved debugging support in forked (auto-backgrounding) mode
   The rsyslog debug log file is now continued to be written across the
   fork.
+- bugfix: RainerScript getenv() function caused segfault when var was
+  not found.
+  Thanks to Philippe Muller for the patch.
 - bugfix: several issues in imkmsg
   see bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=421#c8
 - bugfix: imuxsock was missing SysSock.ParseTrusted module parameter
diff --git a/grammar/rainerscript.c b/grammar/rainerscript.c
index 20b86c5c..b04e53b5 100644
--- a/grammar/rainerscript.c
+++ b/grammar/rainerscript.c
@@ -1071,8 +1071,12 @@ doFuncCall(struct cnffunc *func, struct var *ret, void* usrptr)
 		estr = var2String(&r[0], &bMustFree);
 		str = (char*) es_str2cstr(estr, NULL);
 		envvar = getenv(str);
+		if(envvar == NULL) {
+			ret->d.estr = es_newStr(0);
+		} else {
+			ret->d.estr = es_newStrFromCStr(envvar, strlen(envvar));
+		}
 		ret->datatype = 'S';
-		ret->d.estr = es_newStrFromCStr(envvar, strlen(envvar));
 		if(bMustFree) es_deleteStr(estr);
 		if(r[0].datatype == 'S') es_deleteStr(r[0].d.estr);
 		free(str);
-- 
cgit v1.2.3


From 8059afa9998906ba11d3509beff7af6f7efd9af1 Mon Sep 17 00:00:00 2001
From: Tomas Heinrich <theinric@redhat.com>
Date: Mon, 18 Mar 2013 16:28:47 +0100
Subject: bugfix: get rid of potential endless loop in doGetGID()

---
 runtime/cfsysline.c | 28 +++++++++++++++-------------
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/runtime/cfsysline.c b/runtime/cfsysline.c
index ad087652..bc5ffa6f 100644
--- a/runtime/cfsysline.c
+++ b/runtime/cfsysline.c
@@ -349,8 +349,9 @@ static rsRetVal doGetGID(uchar **pp, rsRetVal (*pSetHdlr)(void*, uid_t), void *p
 	struct group gBuf;
 	DEFiRet;
 	uchar szName[256];
-	int bufSize = 2048;
+	int bufSize = 1024;
 	char * stringBuf = NULL;
+	int err;
 
 	assert(pp != NULL);
 	assert(*pp != NULL);
@@ -360,20 +361,21 @@ static rsRetVal doGetGID(uchar **pp, rsRetVal (*pSetHdlr)(void*, uid_t), void *p
 		ABORT_FINALIZE(RS_RET_NOT_FOUND);
 	}
 
-
-	CHKmalloc(stringBuf = malloc(bufSize));
-	while(pgBuf == NULL) {
-		errno = 0;
-		getgrnam_r((char*)szName, &gBuf, stringBuf, bufSize, &pgBuf);
-		if((pgBuf == NULL) && (errno == ERANGE)) {
-			/* Increase bufsize and try again.*/
-			bufSize *= 2;
-			CHKmalloc(stringBuf = realloc(stringBuf, bufSize));
-		}
-	}
+	do {
+		/* Increase bufsize and try again.*/
+		bufSize *= 2;
+		CHKmalloc(stringBuf = realloc(stringBuf, bufSize));
+		err = getgrnam_r((char*)szName, &gBuf, stringBuf, bufSize, &pgBuf);
+	} while((pgBuf == NULL) && (err == ERANGE));
 
 	if(pgBuf == NULL) {
-		errmsg.LogError(0, RS_RET_NOT_FOUND, "ID for group '%s' could not be found or error", (char*)szName);
+		if (err != 0) {
+			rs_strerror_r(err, stringBuf, bufSize);
+			errmsg.LogError(0, RS_RET_NOT_FOUND, "Query for group '%s' resulted in an error: %s\n",
+				(char*)szName, stringBuf);
+		} else {
+			errmsg.LogError(0, RS_RET_NOT_FOUND, "ID for group '%s' could not be found", (char*)szName);
+		}
 		iRet = RS_RET_NOT_FOUND;
 	} else {
 		if(pSetHdlr == NULL) {
-- 
cgit v1.2.3


From 2e4e7e819fed64fa2897af01479a9083b081d0c2 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Wed, 20 Mar 2013 09:46:59 +0100
Subject: doc: mention merged bugfix in ChangeLog

---
 ChangeLog | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index b0e943c2..8286b0a0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,9 @@ Version 7.2.7  [v7-stable] 2013-03-??
 - improved debugging support in forked (auto-backgrounding) mode
   The rsyslog debug log file is now continued to be written across the
   fork.
+- bugfix: using group resolution could lead to endless loop
+  Thanks to Tomas Heinrich for the patch.
+  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=310
 - bugfix: RainerScript getenv() function caused segfault when var was
   not found.
   Thanks to Philippe Muller for the patch.
-- 
cgit v1.2.3


From 7784b65d8709fba647a7beeb934c18b7cb8cb6f1 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Wed, 20 Mar 2013 10:24:36 +0100
Subject: bugfix: build on non-linux platforms failed

The previous fix for this was incomplete.
---
 runtime/wtp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/runtime/wtp.c b/runtime/wtp.c
index f8d3588b..19151e7c 100644
--- a/runtime/wtp.c
+++ b/runtime/wtp.c
@@ -381,9 +381,9 @@ wtpWorker(void *arg) /* the arg is actually a wti object, even though we are in
 	if(prctl(PR_SET_NAME, thrdName, 0, 0, 0) != 0) {
 		DBGPRINTF("prctl failed, not setting thread name for '%s'\n", wtpGetDbgHdr(pThis));
 	}
+	dbgOutputTID((char*)thrdName);
 #	endif
 
-	dbgOutputTID((char*)thrdName);
 	pthread_cleanup_push(wtpWrkrExecCancelCleanup, pWti);
 	wtiWorker(pWti);
 	pthread_cleanup_pop(0);
-- 
cgit v1.2.3


From 5ebb7d03cf88c86390450b1dd63c9467e9a4f3c7 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Wed, 20 Mar 2013 10:25:26 +0100
Subject: add recent bugfix to ChangeLog

---
 ChangeLog | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 07cf7844..adc12076 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,7 @@
 ---------------------------------------------------------------------------
+Version 7.3.9  [devel] 2013-03-??
+- bugfix: build problems on non-Linux platforms
+---------------------------------------------------------------------------
 Version 7.3.8  [devel] 2013-03-18
 - imrelp: now supports listening to IPv4/v6 only instead of always both
   build now requires librelp 1.0.2
-- 
cgit v1.2.3


From 5b76d639659fe5582b425b903fa8f5e14624a8e4 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Wed, 20 Mar 2013 11:03:41 +0100
Subject: bugfix: $mmnormalizeuseramsg paramter was specified with wrong type

Thanks to Renzhong Zhang for alerting us of the problem.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=420
---
 ChangeLog                         | 3 +++
 plugins/mmnormalize/mmnormalize.c | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index b0e943c2..2df963a2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,9 @@ Version 7.2.7  [v7-stable] 2013-03-??
 - improved debugging support in forked (auto-backgrounding) mode
   The rsyslog debug log file is now continued to be written across the
   fork.
+- bugfix: $mmnormalizeuseramsg paramter was specified with wrong type
+  Thank to Renzhong Zhang for alerting us of the problem.
+  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=420
 - bugfix: RainerScript getenv() function caused segfault when var was
   not found.
   Thanks to Philippe Muller for the patch.
diff --git a/plugins/mmnormalize/mmnormalize.c b/plugins/mmnormalize/mmnormalize.c
index d3fba39b..c366d5fe 100644
--- a/plugins/mmnormalize/mmnormalize.c
+++ b/plugins/mmnormalize/mmnormalize.c
@@ -281,7 +281,7 @@ CODEmodInit_QueryRegCFSLineHdlr
 	
 	CHKiRet(omsdRegCFSLineHdlr((uchar *)"mmnormalizerulebase", 0, eCmdHdlrGetWord,
 				    setRuleBase, NULL, STD_LOADABLE_MODULE_ID));
-	CHKiRet(omsdRegCFSLineHdlr((uchar *)"mmnormalizeuserawmsg", 0, eCmdHdlrInt,
+	CHKiRet(omsdRegCFSLineHdlr((uchar *)"mmnormalizeuserawmsg", 0, eCmdHdlrBinary,
 				    NULL, &cs.bUseRawMsg, STD_LOADABLE_MODULE_ID));
 	CHKiRet(omsdRegCFSLineHdlr((uchar *)"resetconfigvariables", 1, eCmdHdlrCustomHandler,
 				    resetConfigVariables, NULL, STD_LOADABLE_MODULE_ID));
-- 
cgit v1.2.3


From 2b69e2aaddb587185b7c0ddb412b36549d848091 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Wed, 20 Mar 2013 12:47:53 +0100
Subject: omstdout: added debug message when writing to stdout fails

---
 plugins/omstdout/omstdout.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/plugins/omstdout/omstdout.c b/plugins/omstdout/omstdout.c
index 59f9c8bb..a84a7593 100644
--- a/plugins/omstdout/omstdout.c
+++ b/plugins/omstdout/omstdout.c
@@ -105,6 +105,7 @@ BEGINdoAction
 	int iBuf;
 	char szBuf[65564];
 	size_t len;
+	int r;
 CODESTARTdoAction
 	if(pData->bUseArrayInterface) {
 		/* if we use array passing, we need to put together a string
@@ -140,9 +141,15 @@ CODESTARTdoAction
 	 * actually intends to use this module in production (why???), this code
 	 * needs to be more solid. -- rgerhards, 2012-11-28
 	 */
-	if(write(1, toWrite, len)) {}; /* 1 is stdout! */
+	if((r = write(1, toWrite, len)) != (int) len) { /* 1 is stdout! */
+		DBGPRINTF("omstdout: error %d writing to stdout[%d]: %s\n",
+			r, len, toWrite);
+	}
 	if(pData->bEnsureLFEnding && toWrite[len-1] != '\n') {
-		if(write(1, "\n", 1)) {}; /* write missing LF */
+		if((r = write(1, "\n", 1)) != 1) { /* write missing LF */
+			DBGPRINTF("omstdout: error %d writing \\n to stdout\n",
+				r);
+		}
 	}
 ENDdoAction
 
-- 
cgit v1.2.3


From cbe737ed06667b5bcb15f332061ebcde8d50bc8b Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Wed, 20 Mar 2013 12:49:35 +0100
Subject: bugfix: stdout/stderr were not closed on forking

but were closed when running in the forground - this was just reversed
of what it should be. This is a regression of a recent change.
---
 ChangeLog       | 3 +++
 tools/syslogd.c | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 705dcf13..c6a4eb41 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,9 @@
 ---------------------------------------------------------------------------
 Version 7.3.9  [devel] 2013-03-??
 - bugfix: build problems on non-Linux platforms
+- bugfix: stdout/stderr were not closed on forking
+  but were closed when running in the forground - this was just reversed
+  of what it should be. This is a regression of a recent change.
 ---------------------------------------------------------------------------
 Version 7.3.8  [devel] 2013-03-18
 - imrelp: now supports listening to IPv4/v6 only instead of always both
diff --git a/tools/syslogd.c b/tools/syslogd.c
index d4fc1c36..e291ba47 100644
--- a/tools/syslogd.c
+++ b/tools/syslogd.c
@@ -2021,7 +2021,7 @@ int realMain(int argc, char **argv)
 	 * is still in its infancy (and not really done), we currently accept this issue.
 	 * rgerhards, 2009-06-29
 	 */
-	if(!doFork) {
+	if(doFork) {
 		close(1);
 		close(2);
 		ourConf->globals.bErrMsgToStderr = 0;
-- 
cgit v1.2.3


From a8e83e494720c3657a74cacb367241f8991d6d73 Mon Sep 17 00:00:00 2001
From: Milan Bartos <mbartos@redhat.com>
Date: Wed, 20 Mar 2013 13:01:37 +0100
Subject: bugfix: imuxsock rate-limiting could not be configured via legacy
 conf

Signed-off-by: Rainer Gerhards <rgerhards@adiscon.com>
---
 ChangeLog                   | 6 ++++++
 plugins/imuxsock/imuxsock.c | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index c517cb89..1f6c4bf3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,12 @@ Version 7.2.7  [v7-stable] 2013-03-??
 - improved debugging support in forked (auto-backgrounding) mode
   The rsyslog debug log file is now continued to be written across the
   fork.
+- bugfix: imuxsock rate-limiting could not be configured via legacy conf
+  Rate-limiting for the system socket could not be configured via legacy
+  configuration directives. However, the new-style RainerScript config
+  options worked.
+  Thanks to Milan Bartos for the patch.
+  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=390
 - bugfix: using group resolution could lead to endless loop
   Thanks to Tomas Heinrich for the patch.
   closes: http://bugzilla.adiscon.com/show_bug.cgi?id=310
diff --git a/plugins/imuxsock/imuxsock.c b/plugins/imuxsock/imuxsock.c
index 637cb133..1a2b696e 100644
--- a/plugins/imuxsock/imuxsock.c
+++ b/plugins/imuxsock/imuxsock.c
@@ -1300,6 +1300,9 @@ CODESTARTendCnfLoad
 		loadModConf->bUseFlowCtl = cs.bUseFlowCtlSysSock;
 		loadModConf->bAnnotateSysSock = cs.bAnnotateSysSock;
 		loadModConf->bParseTrusted = cs.bParseTrusted;
+		loadModConf->ratelimitIntervalSysSock = cs.ratelimitIntervalSysSock;
+		loadModConf->ratelimitBurstSysSock = cs.ratelimitBurstSysSock;
+		loadModConf->ratelimitSeveritySysSock = cs.ratelimitSeveritySysSock;
 	}
 
 	loadModConf = NULL; /* done loading */
-- 
cgit v1.2.3


From 144f0858b7250ceffe4828712126146345e0e92a Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Wed, 20 Mar 2013 14:21:32 +0100
Subject: cleanup

---
 tools/pmrfc3164.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/pmrfc3164.c b/tools/pmrfc3164.c
index bcded428..5dfa74f0 100644
--- a/tools/pmrfc3164.c
+++ b/tools/pmrfc3164.c
@@ -138,7 +138,7 @@ CODESTARTparse
 		 */
 		if(lenMsg > 0 && pMsg->msgFlags & PARSE_HOSTNAME) {
 			i = 0;
-			while(i < lenMsg && (isalnum(p2parse[i]) || p2parse[i] == '.' || p2parse[i] == '.'
+			while(i < lenMsg && (isalnum(p2parse[i]) || p2parse[i] == '.'
 				|| p2parse[i] == '_' || p2parse[i] == '-') && i < (CONF_HOSTNAME_MAXSIZE - 1)) {
 				bufParseHOSTNAME[i] = p2parse[i];
 				++i;
-- 
cgit v1.2.3


From 136a9828452486da97578fc5a2e870143279dceb Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Wed, 20 Mar 2013 15:36:57 +0100
Subject: slightly improve imfile doc

---
 doc/imfile.html | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/doc/imfile.html b/doc/imfile.html
index 0997e382..de4893ac 100644
--- a/doc/imfile.html
+++ b/doc/imfile.html
@@ -141,17 +141,17 @@ your distro puts rsyslog's config files). Note that only commands
 actually needed need to be specified. The second file uses less
 commands and uses defaults instead.<br>
 </p>
-<textarea rows="15" cols="60">module(load="folder/to/rsyslog/plugins/imfile/.libs/imfile" PollingInterval="10") #needs to be done just once
+<textarea rows="15" cols="60">module(load="imfile" PollingInterval="10") #needs to be done just once
 # File 1
 input(type="imfile" File="/path/to/file1" 
-Tag="tag1" 
-StateFile="/var/spool/rsyslog/statefile1" 
-Severity="error" 
-Facility="local7")
+      Tag="tag1" 
+      StateFile="/var/spool/rsyslog/statefile1" 
+      Severity="error" 
+      Facility="local7")
 # File 2
 input(type="imfile" File="/path/to/file2" 
-Tag="tag2" 
-StateFile="/var/spool/rsyslog/statefile2")
+      Tag="tag2" 
+      StateFile="/var/spool/rsyslog/statefile2")
 # ... and so on ...
 #
 </textarea>
@@ -210,8 +210,7 @@ your distro puts rsyslog's config files). Note that only commands
 actually needed need to be specified. The second file uses less
 commands and uses defaults instead.<br>
 </p>
-<textarea rows="15" cols="60">$ModLoad imfile #
-needs to be done just once
+<textarea rows="15" cols="60">$ModLoad imfile # needs to be done just once
 # File 1
 $InputFileName /path/to/file1
 $InputFileTag tag1:
-- 
cgit v1.2.3


From 35bafbef04a8f7ba56abebbed337f79b8d6dd67f Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Wed, 20 Mar 2013 17:05:18 +0100
Subject: imfile: now detects file change when rsyslog was inactive

Previosly, this case could not be detected, so if a file was overwritten
or rotated away while rsyslog was stopped, some data was missing. This
is now detected and the new file being forwarded right from the
beginning.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=228
---
 ChangeLog               |   6 +++
 plugins/imfile/imfile.c |   1 +
 runtime/stream.c        | 103 +++++++++++++++++++++++++++++++++++++-----------
 runtime/stream.h        |   5 ++-
 4 files changed, 90 insertions(+), 25 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 18977c9b..1e833ead 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
 ---------------------------------------------------------------------------
 Version 7.3.9  [devel] 2013-03-??
+- imfile: now detects file change when rsyslog was inactive
+  Previosly, this case could not be detected, so if a file was overwritten
+  or rotated away while rsyslog was stopped, some data was missing. This
+  is now detected and the new file being forwarded right from the
+  beginning.
+  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=228
 - bugfix: build problems on non-Linux platforms
 - bugfix: stdout/stderr were not closed on forking
   but were closed when running in the forground - this was just reversed
diff --git a/plugins/imfile/imfile.c b/plugins/imfile/imfile.c
index 0f155c10..6ce08fd4 100644
--- a/plugins/imfile/imfile.c
+++ b/plugins/imfile/imfile.c
@@ -235,6 +235,7 @@ openFile(fileInfo_t *pThis)
 	/* read back in the object */
 	CHKiRet(obj.Deserialize(&pThis->pStrm, (uchar*) "strm", psSF, NULL, pThis));
 
+	strm.CheckFileChange(pThis->pStrm);
 	CHKiRet(strm.SeekCurrOffs(pThis->pStrm));
 
 	/* note: we do not delete the state file, so that the last position remains
diff --git a/runtime/stream.c b/runtime/stream.c
index 3e890c71..00afcdaa 100644
--- a/runtime/stream.c
+++ b/runtime/stream.c
@@ -81,6 +81,7 @@ static void *asyncWriterThread(void *pPtr);
 static rsRetVal doZipWrite(strm_t *pThis, uchar *pBuf, size_t lenBuf, int bFlush);
 static rsRetVal doZipFinish(strm_t *pThis);
 static rsRetVal strmPhysWrite(strm_t *pThis, uchar *pBuf, size_t lenBuf);
+static rsRetVal strmSeekCurrOffs(strm_t *pThis);
 
 
 /* methods */
@@ -197,6 +198,7 @@ static rsRetVal
 doPhysOpen(strm_t *pThis)
 {
 	int iFlags = 0;
+	struct stat statOpen;
 	DEFiRet;
 	ISOBJ_TYPE_assert(pThis, strm);
 
@@ -234,15 +236,71 @@ doPhysOpen(strm_t *pThis)
 			ABORT_FINALIZE(RS_RET_FILE_NOT_FOUND);
 		else
 			ABORT_FINALIZE(RS_RET_IO_ERROR);
+	}
+
+	if(pThis->tOperationsMode == STREAMMODE_READ) {
+		if(fstat(pThis->fd, &statOpen) == -1) {
+			DBGPRINTF("Error: cannot obtain inode# for file %s\n", pThis->pszCurrFName);
+			ABORT_FINALIZE(RS_RET_IO_ERROR);
+		}
+		pThis->inode = statOpen.st_ino;
+	}
+
+	if(!ustrcmp(pThis->pszCurrFName, UCHAR_CONSTANT(_PATH_CONSOLE)) || isatty(pThis->fd)) {
+		DBGPRINTF("file %d is a tty-type file\n", pThis->fd);
+		pThis->bIsTTY = 1;
 	} else {
-		if(!ustrcmp(pThis->pszCurrFName, UCHAR_CONSTANT(_PATH_CONSOLE)) || isatty(pThis->fd)) {
-			DBGPRINTF("file %d is a tty-type file\n", pThis->fd);
-			pThis->bIsTTY = 1;
+		pThis->bIsTTY = 0;
+	}
+
+finalize_it:
+	RETiRet;
+}
+
+
+static rsRetVal
+strmSetCurrFName(strm_t *pThis)
+{
+	DEFiRet;
+
+	if(pThis->sType == STREAMTYPE_FILE_CIRCULAR) {
+		CHKiRet(genFileName(&pThis->pszCurrFName, pThis->pszDir, pThis->lenDir,
+				    pThis->pszFName, pThis->lenFName, pThis->iCurrFNum, pThis->iFileNumDigits));
+	} else {
+		if(pThis->pszDir == NULL) {
+			if((pThis->pszCurrFName = ustrdup(pThis->pszFName)) == NULL)
+				ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY);
 		} else {
-			pThis->bIsTTY = 0;
+			CHKiRet(genFileName(&pThis->pszCurrFName, pThis->pszDir, pThis->lenDir,
+					    pThis->pszFName, pThis->lenFName, -1, 0));
 		}
 	}
+finalize_it:
+	RETiRet;
+}
+	
+/* This function checks if the actual file has changed and, if so, resets the
+ * offset. This is support for monitoring files. It should be called after
+ * deserializing the strm object and before doing any other operation on it
+ * (most importantly not an open or seek!).
+ */
+static rsRetVal
+CheckFileChange(strm_t *pThis)
+{
+	struct stat statName;
+	DEFiRet;
 
+	CHKiRet(strmSetCurrFName(pThis));
+	if(stat((char*) pThis->pszCurrFName, &statName) == -1)
+		ABORT_FINALIZE(RS_RET_IO_ERROR);
+	DBGPRINTF("stream/after deserialize checking for file change on '%s', "
+		  "inode %u/%u, size/currOffs %llu/%llu\n",
+	  pThis->pszCurrFName, (unsigned) pThis->inode,
+	  (unsigned) statName.st_ino, statName.st_size, pThis->iCurrOffs);
+	if(pThis->inode != statName.st_ino || statName.st_size < pThis->iCurrOffs) {
+		DBGPRINTF("stream: file %s has changed\n", pThis->pszCurrFName);
+		pThis->iCurrOffs = 0;
+	}
 finalize_it:
 	RETiRet;
 }
@@ -265,19 +323,8 @@ static rsRetVal strmOpenFile(strm_t *pThis)
 	if(pThis->pszFName == NULL)
 		ABORT_FINALIZE(RS_RET_FILE_PREFIX_MISSING);
 
-	if(pThis->sType == STREAMTYPE_FILE_CIRCULAR) {
-		CHKiRet(genFileName(&pThis->pszCurrFName, pThis->pszDir, pThis->lenDir,
-				    pThis->pszFName, pThis->lenFName, pThis->iCurrFNum, pThis->iFileNumDigits));
-	} else {
-		if(pThis->pszDir == NULL) {
-			if((pThis->pszCurrFName = ustrdup(pThis->pszFName)) == NULL)
-				ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY);
-		} else {
-			CHKiRet(genFileName(&pThis->pszCurrFName, pThis->pszDir, pThis->lenDir,
-					    pThis->pszFName, pThis->lenFName, -1, 0));
-		}
-	}
-
+	CHKiRet(strmSetCurrFName(pThis));
+	
 	CHKiRet(doPhysOpen(pThis));
 
 	pThis->iCurrOffs = 0;
@@ -357,6 +404,7 @@ static rsRetVal strmCloseFile(strm_t *pThis)
 	if(pThis->fd != -1) {
 		close(pThis->fd);
 		pThis->fd = -1;
+		pThis->inode = 0;
 	}
 
 	if(pThis->fdDir != -1) {
@@ -432,18 +480,15 @@ static rsRetVal
 strmHandleEOFMonitor(strm_t *pThis)
 {
 	DEFiRet;
-	struct stat statOpen;
 	struct stat statName;
 
 	ISOBJ_TYPE_assert(pThis, strm);
-	if(fstat(pThis->fd, &statOpen) == -1)
-		ABORT_FINALIZE(RS_RET_IO_ERROR);
 	if(stat((char*) pThis->pszCurrFName, &statName) == -1)
 		ABORT_FINALIZE(RS_RET_IO_ERROR);
-	DBGPRINTF("stream checking for file change on '%s', inode %u/%u",
-	  pThis->pszCurrFName, (unsigned) statOpen.st_ino,
+	DBGPRINTF("stream checking for file change on '%s', inode %u/%u\n",
+	  pThis->pszCurrFName, (unsigned) pThis->inode,
 	  (unsigned) statName.st_ino);
-	if(statOpen.st_ino == statName.st_ino) {
+	if(pThis->inode == statName.st_ino) {
 		ABORT_FINALIZE(RS_RET_EOF);
 	} else {
 		/* we had a file change! */
@@ -1343,7 +1388,11 @@ static rsRetVal strmSeek(strm_t *pThis, off64_t offs)
 	}
 	long long i;
 	DBGOPRINT((obj_t*) pThis, "file %d seek, pos %llu\n", pThis->fd, (long long unsigned) offs);
-	i = lseek64(pThis->fd, offs, SEEK_SET); // TODO: check error!
+	i = lseek64(pThis->fd, offs, SEEK_SET);
+	if(i != offs) {
+		DBGPRINTF("strmSeek: error %lld seeking to offset %lld\n", i, offs);
+		ABORT_FINALIZE(RS_RET_IO_ERROR);
+	}
 	pThis->iCurrOffs = offs; /* we are now at *this* offset */
 	pThis->iBufPtr = 0; /* buffer invalidated */
 
@@ -1697,6 +1746,9 @@ static rsRetVal strmSerialize(strm_t *pThis, strm_t *pStrm)
 	l = pThis->iCurrOffs;
 	objSerializeSCALAR_VAR(pStrm, iCurrOffs, INT64, l);
 
+	l = pThis->inode;
+	objSerializeSCALAR_VAR(pStrm, inode, INT64, l);
+
 	objSerializePTR(pStrm, prevLineSegment, PSZ);
 
 	CHKiRet(obj.EndSerialize(pStrm));
@@ -1796,6 +1848,8 @@ static rsRetVal strmSetProperty(strm_t *pThis, var_t *pProp)
 		CHKiRet(strmSettOpenMode(pThis, pProp->val.num));
  	} else if(isProp("iCurrOffs")) {
 		pThis->iCurrOffs = pProp->val.num;
+ 	} else if(isProp("inode")) {
+		pThis->inode = (ino_t) pProp->val.num;
  	} else if(isProp("iMaxFileSize")) {
 		CHKiRet(strmSetiMaxFileSize(pThis, pProp->val.num));
  	} else if(isProp("iMaxFiles")) {
@@ -1865,6 +1919,7 @@ CODESTARTobjQueryInterface(strm)
 	pIf->GetCurrOffset = strmGetCurrOffset;
 	pIf->Dup = strmDup;
 	pIf->SetWCntr = strmSetWCntr;
+	pIf->CheckFileChange = CheckFileChange;
 	/* set methods */
 	pIf->SetbDeleteOnClose = strmSetbDeleteOnClose;
 	pIf->SetiMaxFileSize = strmSetiMaxFileSize;
diff --git a/runtime/stream.h b/runtime/stream.h
index b7e74074..b7cc6d36 100644
--- a/runtime/stream.h
+++ b/runtime/stream.h
@@ -112,6 +112,7 @@ typedef struct strm_s {
 	int lenDir;
 	int fd;		/* the file descriptor, -1 if closed */
 	int fdDir;	/* the directory's descriptor, in case bSync is requested (-1 if closed) */
+	ino_t inode;	/* current inode for files being monitored (undefined else) */
 	uchar *pszCurrFName; /* name of current file (if open) */
 	uchar *pIOBuf;	/* the iobuffer currently in use to gather data */
 	size_t iBufPtrMax;	/* current max Ptr in Buffer (if partial read!) */
@@ -187,8 +188,10 @@ BEGINinterface(strm) /* name must also be changed in ENDinterface macro! */
 	rsRetVal (*ReadLine)(strm_t *pThis, cstr_t **ppCStr, int mode);
 	/* v7 added  2012-09-14 */
 	INTERFACEpropSetMeth(strm, bVeryReliableZip, int);
+	/* v8 added  2013-03-21 */
+	rsRetVal (*CheckFileChange)(strm_t *pThis);
 ENDinterface(strm)
-#define strmCURR_IF_VERSION 7 /* increment whenever you change the interface structure! */
+#define strmCURR_IF_VERSION 8 /* increment whenever you change the interface structure! */
 
 static inline int
 strmGetCurrFileNum(strm_t *pStrm) {
-- 
cgit v1.2.3


From 3b55048094d759adf8162f0829f239e115ebf2c0 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Wed, 20 Mar 2013 17:48:56 +0100
Subject: imuxsock: add ability to NOT create/delete sockets during startup and
 shutdown

closes: http://bugzilla.adiscon.com/show_bug.cgi?id=259
---
 ChangeLog                   |  3 +++
 doc/imuxsock.html           | 13 +++++++++++++
 plugins/imuxsock/imuxsock.c | 23 ++++++++++++++++++++---
 3 files changed, 36 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 1e833ead..5d4d4747 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
 ---------------------------------------------------------------------------
 Version 7.3.9  [devel] 2013-03-??
+- imuxsock: add ability to NOT create/delete sockets during startup and
+  shutdown
+  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=259
 - imfile: now detects file change when rsyslog was inactive
   Previosly, this case could not be detected, so if a file was overwritten
   or rotated away while rsyslog was stopped, some data was missing. This
diff --git a/doc/imuxsock.html b/doc/imuxsock.html
index 68bbe4b2..0affe8c3 100644
--- a/doc/imuxsock.html
+++ b/doc/imuxsock.html
@@ -102,6 +102,12 @@ properties for the system log socket.</li>
 JSON/lumberjack properties out of the trusted properties (which can be accessed
 via RainerScript JSON Variables, e.g. "$!pid") instead of adding them to the message.
 </li>
+<li><b>SysSock.Unlink</b> &lt;<b>on</b>/off&gt; (available since 7.3.9)<br>
+if turned on (default), the system socket is unlinked and re-created when
+opened and also unlinked when finally closed. Note that this setting has
+no effect when running under systemd control (because systemd handles
+the socket).
+</li>
 </ul>
 
 <p><b>Input Instance Parameters</b></p>
@@ -166,6 +172,13 @@ that the local hostname can be overridden in cases where that is desired.</li>
 properties for the non-system log socket in question.</li>
 <li><b>ParseTrusted</b> &lt;on/<b>off</b>&gt; equivalent to the SysSock.ParseTrusted module
 parameter, but applies to the input that is being defined.
+<li><b>Unlink</b> &lt;<b>on</b>/off&gt; (available since 7.3.9)<br>
+if turned on (default), the socket is unlinked and re-created when
+opened and also unlinked when finally closed. Set it to off if you
+handle socket creation yourself. Note that handling socket creation
+oneself has the advantage that a limited amount of messages may be 
+queued by the OS if rsyslog is not running.
+</li>
 </ul>
 
 <b>Caveats/Known Bugs:</b><br>
diff --git a/plugins/imuxsock/imuxsock.c b/plugins/imuxsock/imuxsock.c
index 178c73b3..f15773fc 100644
--- a/plugins/imuxsock/imuxsock.c
+++ b/plugins/imuxsock/imuxsock.c
@@ -146,6 +146,7 @@ typedef struct lstn_s {
 	sbool bWritePid;	/* write original PID into tag */
 	sbool bDiscardOwnMsgs;	/* discard messages that originated from ourselves */
 	sbool bUseSysTimeStamp;	/* use timestamp from system (instead of from message) */
+	sbool bUnlink;		/* unlink&re-create socket at start and end of processing */
 } lstn_t;
 static lstn_t listeners[MAXFUNIX];
 
@@ -201,6 +202,7 @@ struct instanceConf_s {
 	int bAnnotate;			/* annotate trusted properties */
 	int bParseTrusted;		/* parse trusted properties */
 	sbool bDiscardOwnMsgs;		/* discard messages that originated from our own pid? */
+	sbool bUnlink;
 	struct instanceConf_s *next;
 };
 
@@ -220,6 +222,7 @@ struct modConfData_s {
 	sbool bUseSysTimeStamp;
 	sbool bDiscardOwnMsgs;
 	sbool configSetViaV2Method;
+	sbool bUnlink;
 };
 static modConfData_t *loadModConf = NULL;/* modConf ptr to use for the current load process */
 static modConfData_t *runModConf = NULL;/* modConf ptr to use for the current load process */
@@ -228,6 +231,7 @@ static modConfData_t *runModConf = NULL;/* modConf ptr to use for the current lo
 static struct cnfparamdescr modpdescr[] = {
 	{ "syssock.use", eCmdHdlrBinary, 0 },
 	{ "syssock.name", eCmdHdlrGetWord, 0 },
+	{ "syssock.unlink", eCmdHdlrBinary, 0 },
 	{ "syssock.ignoretimestamp", eCmdHdlrBinary, 0 },
 	{ "syssock.ignoreownmessages", eCmdHdlrBinary, 0 },
 	{ "syssock.flowcontrol", eCmdHdlrBinary, 0 },
@@ -248,6 +252,7 @@ static struct cnfparamblk modpblk =
 /* input instance parameters */
 static struct cnfparamdescr inppdescr[] = {
 	{ "socket", eCmdHdlrString, CNFPARAM_REQUIRED }, /* legacy: addunixlistensocket */
+	{ "unlink", eCmdHdlrBinary, 0 },
 	{ "createpath", eCmdHdlrBinary, 0 },
 	{ "parsetrusted", eCmdHdlrBinary, 0 },
 	{ "ignoreownmessages", eCmdHdlrBinary, 0 },
@@ -295,6 +300,7 @@ createInstance(instanceConf_t **pinst)
 	inst->bAnnotate = 0;
 	inst->bParseTrusted = 0;
 	inst->bDiscardOwnMsgs = 1;
+	inst->bUnlink = 1;
 	inst->next = NULL;
 
 	/* node created, let's add to config */
@@ -399,6 +405,7 @@ addListner(instanceConf_t *inst)
 		listeners[nfd].bAnnotate = inst->bAnnotate;
 		listeners[nfd].bParseTrusted = inst->bParseTrusted;
 		listeners[nfd].bDiscardOwnMsgs = inst->bDiscardOwnMsgs;
+		listeners[nfd].bUnlink = inst->bUnlink;
 		listeners[nfd].bWritePid = inst->bWritePid;
 		listeners[nfd].bUseSysTimeStamp = inst->bUseSysTimeStamp;
 		CHKiRet(ratelimitNew(&listeners[nfd].dflt_ratelimiter, "imuxsock", NULL));
@@ -449,7 +456,8 @@ createLogSocket(lstn_t *pLstn)
 	struct sockaddr_un sunx;
 	DEFiRet;
 
-	unlink((char*)pLstn->sockName);
+	if(pLstn->bUnlink)
+		unlink((char*)pLstn->sockName);
 	memset(&sunx, 0, sizeof(sunx));
 	sunx.sun_family = AF_UNIX;
 	if(pLstn->bCreatePath) {
@@ -1055,6 +1063,7 @@ activateListeners()
 	listeners[0].bAnnotate = runModConf->bAnnotateSysSock;
 	listeners[0].bParseTrusted = runModConf->bParseTrusted;
 	listeners[0].bDiscardOwnMsgs = runModConf->bDiscardOwnMsgs;
+	listeners[0].bUnlink = runModConf->bUnlink;
 	listeners[0].bUseSysTimeStamp = runModConf->bUseSysTimeStamp;
 	listeners[0].flags = runModConf->bIgnoreTimestamp ? IGNDATE : NOFLAG;
 	listeners[0].flowCtl = runModConf->bUseFlowCtl ? eFLOWCTL_LIGHT_DELAY : eFLOWCTL_NO_DELAY;
@@ -1104,6 +1113,7 @@ CODESTARTbeginCnfLoad
 	pModConf->bAnnotateSysSock = 0;
 	pModConf->bParseTrusted = 0;
 	pModConf->bDiscardOwnMsgs = 1;
+	pModConf->bUnlink = 1;
 	pModConf->ratelimitIntervalSysSock = DFLT_ratelimitInterval;
 	pModConf->ratelimitBurstSysSock = DFLT_ratelimitBurst;
 	pModConf->ratelimitSeveritySysSock = DFLT_ratelimitSeverity;
@@ -1140,6 +1150,8 @@ CODESTARTsetModCnf
 			loadModConf->bIgnoreTimestamp = (int) pvals[i].val.d.n;
 		} else if(!strcmp(modpblk.descr[i].name, "syssock.ignoreownmessages")) {
 			loadModConf->bDiscardOwnMsgs = (int) pvals[i].val.d.n;
+		} else if(!strcmp(modpblk.descr[i].name, "syssock.unlink")) {
+			loadModConf->bUnlink = (int) pvals[i].val.d.n;
 		} else if(!strcmp(modpblk.descr[i].name, "syssock.flowcontrol")) {
 			loadModConf->bUseFlowCtl = (int) pvals[i].val.d.n;
 		} else if(!strcmp(modpblk.descr[i].name, "syssock.usesystimestamp")) {
@@ -1204,6 +1216,8 @@ CODESTARTnewInpInst
 			inst->bParseTrusted = (int) pvals[i].val.d.n;
 		} else if(!strcmp(modpblk.descr[i].name, "ignoreownmessages")) {
 			inst->bDiscardOwnMsgs = (int) pvals[i].val.d.n;
+		} else if(!strcmp(modpblk.descr[i].name, "unlink")) {
+			inst->bUnlink = (int) pvals[i].val.d.n;
 		} else if(!strcmp(modpblk.descr[i].name, "hostname")) {
 			inst->pLogHostName = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
 		} else if(!strcmp(modpblk.descr[i].name, "ignoretimestamp")) {
@@ -1383,8 +1397,10 @@ CODESTARTafterRun
 			    listeners[i].fd <  SD_LISTEN_FDS_START + sd_fds)
 				continue;
 
-			DBGPRINTF("imuxsock: unlinking unix socket file[%d] %s\n", i, listeners[i].sockName);
-			unlink((char*) listeners[i].sockName);
+			if(listeners[i].bUnlink) {
+				DBGPRINTF("imuxsock: unlinking unix socket file[%d] %s\n", i, listeners[i].sockName);
+				unlink((char*) listeners[i].sockName);
+			}
 		}
 
 	discardLogSockets();
@@ -1497,6 +1513,7 @@ CODEmodInit_QueryRegCFSLineHdlr
 	listeners[0].bAnnotate = 0;
 	listeners[0].bParseTrusted = 0;
 	listeners[0].bDiscardOwnMsgs = 1;
+	listeners[0].bUnlink = 1;
 	listeners[0].bCreatePath = 0;
 	listeners[0].bUseSysTimeStamp = 1;
 	if((listeners[0].ht = create_hashtable(100, hash_from_key_fn, key_equals_fn,
-- 
cgit v1.2.3


From 3e0c277d3606b3dd871ac3b3d5bf6fe872778eb2 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Wed, 20 Mar 2013 18:05:34 +0100
Subject: doc: describe imfile dependency on work directory

---
 doc/imfile.html | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/doc/imfile.html b/doc/imfile.html
index de4893ac..f37f7055 100644
--- a/doc/imfile.html
+++ b/doc/imfile.html
@@ -77,7 +77,9 @@ created in the rsyslog working directory (configurable via
 $WorkDirectory). Be careful to use unique names for different files
 being monitored. If there are duplicates, all sorts of "interesting"
 things may happen. Rsyslog currently does not check if a name is
-specified multiple times.</li>
+specified multiple times.
+Note that when $WorkDirectory is not set or set to a non-writable
+location, the state file will not be generated.</li>
 <li><span style="font-weight: bold;">Facility
 facility</span><br>
 The syslog facility to be assigned to lines read. Can be specified in
-- 
cgit v1.2.3


From b96674bbc9439f107c700d75e69268ee75e0387e Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Wed, 20 Mar 2013 18:10:17 +0100
Subject: imfile: errors persisting state file are now reported

closes: http://bugzilla.adiscon.com/show_bug.cgi?id=292
---
 ChangeLog               | 2 ++
 plugins/imfile/imfile.c | 8 ++++++++
 2 files changed, 10 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 5d4d4747..8138202b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,8 @@ Version 7.3.9  [devel] 2013-03-??
 - imuxsock: add ability to NOT create/delete sockets during startup and
   shutdown
   closes: http://bugzilla.adiscon.com/show_bug.cgi?id=259
+- imfile: errors persisting state file are now reported
+  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=292
 - imfile: now detects file change when rsyslog was inactive
   Previosly, this case could not be detected, so if a file was overwritten
   or rotated away while rsyslog was stopped, some data was missing. This
diff --git a/plugins/imfile/imfile.c b/plugins/imfile/imfile.c
index 6ce08fd4..349acead 100644
--- a/plugins/imfile/imfile.c
+++ b/plugins/imfile/imfile.c
@@ -739,12 +739,20 @@ persistStrmState(fileInfo_t *pInfo)
 	CHKiRet(strm.ConstructFinalize(psSF));
 
 	CHKiRet(strm.Serialize(pInfo->pStrm, psSF));
+	CHKiRet(strm.Flush(psSF));
 
 	CHKiRet(strm.Destruct(&psSF));
 
 finalize_it:
 	if(psSF != NULL)
 		strm.Destruct(&psSF);
+	
+	if(iRet != RS_RET_OK) {
+		errmsg.LogError(0, iRet, "imfile: could not persist state "
+				"file %s - data may be repeated on next "
+				"startup. Is WorkDirectory set?",
+				pInfo->pszStateFile);
+	}
 
 	RETiRet;
 }
-- 
cgit v1.2.3


From 81e45885ac5688318d8ddb00937b43d11c26ee0f Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Thu, 21 Mar 2013 15:53:50 +0100
Subject: bugfix: imudp scheduling parameters did affect main thread, not imudp

closes: http://bugzilla.adiscon.com/show_bug.cgi?id=409
---
 ChangeLog             |  2 ++
 doc/imudp.html        |  8 ++++++--
 plugins/imudp/imudp.c | 10 +++++++++-
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 8138202b..5a6ec24b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
 ---------------------------------------------------------------------------
 Version 7.3.9  [devel] 2013-03-??
+- bugfix: imudp scheduling parameters did affect main thread, not imudp
+  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=409
 - imuxsock: add ability to NOT create/delete sockets during startup and
   shutdown
   closes: http://bugzilla.adiscon.com/show_bug.cgi?id=259
diff --git a/doc/imudp.html b/doc/imudp.html
index f2d04d65..a86c9939 100644
--- a/doc/imudp.html
+++ b/doc/imudp.html
@@ -33,7 +33,7 @@ the value, the less precise the timestamp.
 <li><b>SchedulingPolicy</b> &lt;rr/fifo/other&gt;<br>
 Can be used the set the scheduler priority, if the necessary functionality
 is provided by the platform. Most useful to select "fifo" for real-time 
-processing under Linux (and thus reduce chance of packet loss). 
+processing under Linux (and thus reduce chance of packet loss).
 <li><b>SchedulingPriority</b> &lt;number&gt;<br>
 Scheduling priority to use. 
 </ul>
@@ -57,7 +57,11 @@ burst in number of messages. Default is 10,000.
 </ul>
 <b>Caveats/Known Bugs:</b>
 <ul>
-<li>currently none known</li>
+<li>Scheduling parameters are set <b>after</b> privileges have been dropped.
+In most cases, this means that setting them will not be possible after
+privilege drop. This may be worked around by using a sufficiently-privileged
+user account.
+</li>
 </ul>
 <p><b>Sample:</b></p>
 <p>This sets up an UPD server on port 514:<br>
diff --git a/plugins/imudp/imudp.c b/plugins/imudp/imudp.c
index dde8f105..7e11a80e 100644
--- a/plugins/imudp/imudp.c
+++ b/plugins/imudp/imudp.c
@@ -853,7 +853,6 @@ CODESTARTactivateCnfPrePrivDrop
 		ABORT_FINALIZE(RS_RET_NO_RUN);
 	}
 
-	setSchedParams(pModConf);
 finalize_it:
 ENDactivateCnfPrePrivDrop
 
@@ -886,6 +885,15 @@ ENDfreeCnf
  */
 BEGINrunInput
 CODESTARTrunInput
+	/* Note well: the setting of scheduling parameters will not work
+	 * when we dropped privileges (if the user is not sufficently
+	 * privileged, of course). Howerver, we can't change the 
+	 * scheduling params in PrePrivDrop(), as at that point our thread
+	 * is not yet created. So at least as an interim solution, we do
+	 * NOT support both setting sched parameters and dropping
+	 * privileges within the same instance.
+	 */
+	setSchedParams(runModConf);
 	iRet = rcvMainLoop(pThrd);
 ENDrunInput
 
-- 
cgit v1.2.3


From 0003b4e04e1872bf48bb061a9b8865e516834e97 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Thu, 21 Mar 2013 15:53:50 +0100
Subject: bugfix: imudp scheduling parameters did affect main thread, not imudp

closes: http://bugzilla.adiscon.com/show_bug.cgi?id=409

Conflicts:

	ChangeLog
---
 ChangeLog             |  2 ++
 doc/imudp.html        |  8 ++++++--
 plugins/imudp/imudp.c | 10 +++++++++-
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 1f6c4bf3..1226002e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,8 @@ Version 7.2.7  [v7-stable] 2013-03-??
 - improved debugging support in forked (auto-backgrounding) mode
   The rsyslog debug log file is now continued to be written across the
   fork.
+- bugfix: imudp scheduling parameters did affect main thread, not imudp
+  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=409
 - bugfix: imuxsock rate-limiting could not be configured via legacy conf
   Rate-limiting for the system socket could not be configured via legacy
   configuration directives. However, the new-style RainerScript config
diff --git a/doc/imudp.html b/doc/imudp.html
index 1ebce4d7..105e0b2a 100644
--- a/doc/imudp.html
+++ b/doc/imudp.html
@@ -33,7 +33,7 @@ the value, the less precise the timestamp.
 <li><b>SchedulingPolicy</b> &lt;rr/fifo/other&gt;<br>
 Can be used the set the scheduler priority, if the necessary functionality
 is provided by the platform. Most useful to select "fifo" for real-time 
-processing under Linux (and thus reduce chance of packet loss). 
+processing under Linux (and thus reduce chance of packet loss).
 <li><b>SchedulingPriority</b> &lt;number&gt;<br>
 Scheduling priority to use. 
 </ul>
@@ -50,7 +50,11 @@ Binds the listener to a specific <a href="multi_ruleset.html">ruleset</a>.</li>
 </ul>
 <b>Caveats/Known Bugs:</b>
 <ul>
-<li>currently none known</li>
+<li>Scheduling parameters are set <b>after</b> privileges have been dropped.
+In most cases, this means that setting them will not be possible after
+privilege drop. This may be worked around by using a sufficiently-privileged
+user account.
+</li>
 </ul>
 <p><b>Sample:</b></p>
 <p>This sets up an UPD server on port 514:<br>
diff --git a/plugins/imudp/imudp.c b/plugins/imudp/imudp.c
index 782d7bee..06e1471d 100644
--- a/plugins/imudp/imudp.c
+++ b/plugins/imudp/imudp.c
@@ -832,7 +832,6 @@ CODESTARTactivateCnfPrePrivDrop
 		ABORT_FINALIZE(RS_RET_NO_RUN);
 	}
 
-	setSchedParams(pModConf);
 finalize_it:
 ENDactivateCnfPrePrivDrop
 
@@ -865,6 +864,15 @@ ENDfreeCnf
  */
 BEGINrunInput
 CODESTARTrunInput
+	/* Note well: the setting of scheduling parameters will not work
+	 * when we dropped privileges (if the user is not sufficently
+	 * privileged, of course). Howerver, we can't change the 
+	 * scheduling params in PrePrivDrop(), as at that point our thread
+	 * is not yet created. So at least as an interim solution, we do
+	 * NOT support both setting sched parameters and dropping
+	 * privileges within the same instance.
+	 */
+	setSchedParams(runModConf);
 	iRet = rcvMainLoop(pThrd);
 ENDrunInput
 
-- 
cgit v1.2.3


From 5e6ba49ef3ae3bc79c2dc1aa160900a5f776c72a Mon Sep 17 00:00:00 2001
From: Martin Carpenter <mcarpenter@free.fr>
Date: Tue, 27 Nov 2012 09:35:48 +0100
Subject: Fix for glob(3)s that lack GLOB_NOMAGIC

Conflicts:

	configure.ac
---
 ChangeLog              |  1 +
 configure.ac           |  1 +
 grammar/rainerscript.c | 12 ++++++++----
 runtime/srUtils.h      |  1 +
 runtime/srutils.c      | 22 ++++++++++++++++++++++
 5 files changed, 33 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index c3445a66..4705b985 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,7 @@ Version 7.3.9  [devel] 2013-03-??
   is now detected and the new file being forwarded right from the
   beginning.
   closes: http://bugzilla.adiscon.com/show_bug.cgi?id=228
+- bugfix: build problem on platforms without GLOB_NOMAGIC
 - bugfix: build problems on non-Linux platforms
 - bugfix: stdout/stderr were not closed on forking
   but were closed when running in the forground - this was just reversed
diff --git a/configure.ac b/configure.ac
index 526244fe..a6d1b8e7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -124,6 +124,7 @@ AC_CHECK_DECL([SO_TIMESTAMP], [AC_DEFINE(HAVE_SO_TIMESTAMP, [1], [set define])],
 #include <sys/socket.h>])
 AC_CHECK_DECL([SYS_gettid], [AC_DEFINE(HAVE_SYS_gettid, [1], [set define])], [], [#include <sys/syscall.h>])
 AC_CHECK_MEMBER([struct sysinfo.uptime], [AC_DEFINE(HAVE_SYSINFO_UPTIME, [1], [set define])], [], [#include <sys/sysinfo.h>])
+AC_CHECK_DECL([GLOB_NOMAGIC], [AC_DEFINE(HAVE_GLOB_NOMAGIC, [1], [set define])], [], [#include <glob.h>])
 
 # Check for MAXHOSTNAMELEN
 AC_MSG_CHECKING(for MAXHOSTNAMELEN)
diff --git a/grammar/rainerscript.c b/grammar/rainerscript.c
index 065e815a..8ef7429d 100644
--- a/grammar/rainerscript.c
+++ b/grammar/rainerscript.c
@@ -3256,12 +3256,16 @@ cnfDoInclude(char *name)
 
 	/* Use GLOB_MARK to append a trailing slash for directories. */
 	/* Use GLOB_NOMAGIC to detect wildcards that match nothing. */
-	result = glob(finalName, GLOB_MARK | GLOB_NOMAGIC, NULL, &cfgFiles);
-
+#ifdef HAVE_GLOB_NOMAGIC
 	/* Silently ignore wildcards that match nothing */
+	result = glob(finalName, GLOB_MARK | GLOB_NOMAGIC, NULL, &cfgFiles);
 	if(result == GLOB_NOMATCH) {
-		return 0;
-	}
+#else
+	result = glob(finalName, GLOB_MARK, NULL, &cfgFiles);
+    if(result == GLOB_NOMATCH && containsGlobWildcard(finalName)) {
+#endif /* HAVE_GLOB_NOMAGIC */
+        return 0;
+    }
 
 	if(result == GLOB_NOSPACE || result == GLOB_ABORTED) {
 		char errStr[1024];
diff --git a/runtime/srUtils.h b/runtime/srUtils.h
index 3169fd94..8626a4bb 100644
--- a/runtime/srUtils.h
+++ b/runtime/srUtils.h
@@ -91,6 +91,7 @@ char *rs_strerror_r(int errnum, char *buf, size_t buflen);
 int decodeSyslogName(uchar *name, syslogName_t *codetab);
 int getSubString(uchar **ppSrc,  char *pDst, size_t DstSize, char cSep);
 rsRetVal getFileSize(uchar *pszName, off_t *pSize);
+int containsGlobWildcard(char *str);
 
 /* mutex operations */
 /* some useful constants */
diff --git a/runtime/srutils.c b/runtime/srutils.c
index 7b485b23..6a509b4a 100644
--- a/runtime/srutils.c
+++ b/runtime/srutils.c
@@ -630,6 +630,28 @@ finalize_it:
 	RETiRet;
 }
 
+/* Returns 1 if the given string contains a non-escaped glob(3)
+ * wildcard character and 0 otherwise (or if the string is empty).
+ */
+int
+containsGlobWildcard(char *str)
+{
+	char *p;
+	if(!str) {
+		return 0;
+	}
+	/* From Linux Programmer's Guide:
+	 * "A string is a wildcard pattern if it contains one of the characters '?', '*' or '['"
+	 * "One can remove the special meaning of '?', '*' and '[' by preceding them by a backslash"
+	 */
+	for(p = str; *p != '\0'; p++) {
+		if((*p == '?' || *p == '*' || *p == '[') &&
+				(p == str || *(p-1) != '\\')) {
+			return 1;
+		}
+	}
+	return 0;
+}
 
 /* vim:set ai:
  */
-- 
cgit v1.2.3


From b78a7ba0af45014b1b50a6842dfaad82806d8bf2 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Wed, 20 Mar 2013 12:49:35 +0100
Subject: bugfix: stdout/stderr were not closed on forking

but were closed when running in the forground - this was just reversed
of what it should be. This is a regression of a recent change.

Conflicts:

	ChangeLog
---
 tools/syslogd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/syslogd.c b/tools/syslogd.c
index 0d7aac6c..e2776c11 100644
--- a/tools/syslogd.c
+++ b/tools/syslogd.c
@@ -2095,7 +2095,7 @@ int realMain(int argc, char **argv)
 	 * is still in its infancy (and not really done), we currently accept this issue.
 	 * rgerhards, 2009-06-29
 	 */
-	if(!doFork) {
+	if(doFork) {
 		close(1);
 		close(2);
 		ourConf->globals.bErrMsgToStderr = 0;
-- 
cgit v1.2.3


From a6597b3ece1145876e0ac949e0df1033625b1b1f Mon Sep 17 00:00:00 2001
From: Ulrike Gerhards <ugerhards@adiscon.com>
Date: Thu, 21 Mar 2013 16:44:13 +0100
Subject: omlibdbi: support transaction interface

---
 ChangeLog                   |  1 +
 plugins/omlibdbi/omlibdbi.c | 41 +++++++++++++++++++++++++++++++++++------
 2 files changed, 36 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 4705b985..2ef0aaa3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,7 @@
 Version 7.3.9  [devel] 2013-03-??
 - bugfix: imudp scheduling parameters did affect main thread, not imudp
   closes: http://bugzilla.adiscon.com/show_bug.cgi?id=409
+- omlibdbi: now supports transaction interface
 - imuxsock: add ability to NOT create/delete sockets during startup and
   shutdown
   closes: http://bugzilla.adiscon.com/show_bug.cgi?id=259
diff --git a/plugins/omlibdbi/omlibdbi.c b/plugins/omlibdbi/omlibdbi.c
index 390e59d5..9e8cb913 100644
--- a/plugins/omlibdbi/omlibdbi.c
+++ b/plugins/omlibdbi/omlibdbi.c
@@ -70,6 +70,7 @@ typedef struct _instanceData {
 	uchar *dbName;		/* database to use */
 	unsigned uLastDBErrno;	/* last errno returned by libdbi or 0 if all is well */
 	uchar	*tplName;       /* format template to use */
+	int txSupport;		/* transaction support */
 } instanceData;
 
 typedef struct configSettings_s {
@@ -261,7 +262,7 @@ static rsRetVal initConn(instanceData *pData, int bSilent)
 #	endif
 	if(pData->conn == NULL) {
 		errmsg.LogError(0, RS_RET_SUSPENDED, "can not initialize libdbi connection");
-		iRet = RS_RET_SUSPENDED;
+		ABORT_FINALIZE(RS_RET_SUSPENDED);
 	} else { /* we could get the handle, now on with work... */
 		/* Connect to database */
 		dbi_conn_set_option(pData->conn, "host",     (char*) pData->host);
@@ -272,8 +273,9 @@ static rsRetVal initConn(instanceData *pData, int bSilent)
 		if(dbi_conn_connect(pData->conn) < 0) {
 			reportDBError(pData, bSilent);
 			closeConn(pData); /* ignore any error we may get */
-			iRet = RS_RET_SUSPENDED;
+			ABORT_FINALIZE(RS_RET_SUSPENDED);		
 		}
+		pData->txSupport = dbi_conn_cap_get(pData->conn, "transaction_support");
 	}
 
 finalize_it:
@@ -329,12 +331,40 @@ CODESTARTtryResume
 	}
 ENDtryResume
 
+/* transaction support 2013-03 */
+BEGINbeginTransaction
+CODESTARTbeginTransaction
+	if(pData->conn == NULL) {
+		CHKiRet(initConn(pData, 0));
+	}
+	if (pData->txSupport == 1) {
+		if (dbi_conn_transaction_begin(pData->conn) != 0) {	
+			dbgprintf("libdbi server error: begin transaction not successful\n");		
+			iRet = RS_RET_SUSPENDED; 
+		} 		
+	}
+finalize_it:
+ENDbeginTransaction
+/* end transaction */
+
 BEGINdoAction
 CODESTARTdoAction
-	dbgprintf("\n");
-	iRet = writeDB(ppString[0], pData);
+	CHKiRet(writeDB(ppString[0], pData));
+	if (pData->txSupport == 1) {
+		iRet = RS_RET_DEFER_COMMIT;
+	}
+finalize_it:
 ENDdoAction
 
+/* transaction support 2013-03 */
+BEGINendTransaction
+CODESTARTendTransaction
+	if (dbi_conn_transaction_commit(pData->conn) != 0) {	
+		dbgprintf("libdbi server error: transaction not committed\n");		
+		iRet = RS_RET_SUSPENDED; 
+	} 
+ENDendTransaction
+/* end transaction */
 
 BEGINbeginCnfLoad
 CODESTARTbeginCnfLoad
@@ -427,7 +457,6 @@ CODESTARTnewActInst
 
 	CHKiRet(createInstance(&pData));
 	setInstParamDefaults(pData);
-
 	CODE_STD_STRING_REQUESTnewActInst(1)
 	for(i = 0 ; i < actpblk.nParams ; ++i) {
 		if(!pvals[i].bUsed)
@@ -468,7 +497,6 @@ CODE_STD_STRING_REQUESTparseSelectorAct(1)
 
 	/* ok, if we reach this point, we have something for us */
 	CHKiRet(createInstance(&pData));
-
 	/* no create the instance based on what we currently have */
 	if(cs.drvrName == NULL) {
 		errmsg.LogError(0, RS_RET_NO_DRIVERNAME, "omlibdbi: no db driver name given - action can not be created");
@@ -513,6 +541,7 @@ CODEqueryEtryPt_STD_OMOD_QUERIES
 CODEqueryEtryPt_STD_CONF2_QUERIES
 CODEqueryEtryPt_STD_CONF2_setModCnf_QUERIES
 CODEqueryEtryPt_STD_CONF2_OMOD_QUERIES
+CODEqueryEtryPt_TXIF_OMOD_QUERIES /* we support the transactional interface! */
 ENDqueryEtryPt
 
 
-- 
cgit v1.2.3


From e2ff3d0e857334cde09eb5ffd2c2a6cc9fef7bd5 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Thu, 21 Mar 2013 17:06:35 +0100
Subject: keep omlibdbi usable with older libdbi without transaction support

in that case, omlibdbi gracefully degrades to non-transaction mode
but emits a warning message during build, so that one knows an
update of libdbi makes sense.
---
 ChangeLog                   |  1 +
 configure.ac                |  5 +++++
 plugins/omlibdbi/omlibdbi.c | 12 +++++++++++-
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 2ef0aaa3..ffc00891 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,7 @@ Version 7.3.9  [devel] 2013-03-??
 - bugfix: imudp scheduling parameters did affect main thread, not imudp
   closes: http://bugzilla.adiscon.com/show_bug.cgi?id=409
 - omlibdbi: now supports transaction interface
+  if recent enough lbdbi is present
 - imuxsock: add ability to NOT create/delete sockets during startup and
   shutdown
   closes: http://bugzilla.adiscon.com/show_bug.cgi?id=259
diff --git a/configure.ac b/configure.ac
index a6d1b8e7..671e6442 100644
--- a/configure.ac
+++ b/configure.ac
@@ -660,6 +660,11 @@ if test "x$enable_libdbi" = "xyes"; then
     [dbi_initialize_r],
     [AC_DEFINE([HAVE_DBI_R], [1], [Define to 1 if libdbi supports the new plugin-safe interface])]
   )
+  AC_CHECK_LIB(
+    [dbi],
+    [dbi_conn_transaction_begin],
+    [AC_DEFINE([HAVE_DBI_TXSUPP], [1], [Define to 1 if libdbi supports transactions])]
+  )
 fi
 AM_CONDITIONAL(ENABLE_OMLIBDBI, test x$enable_libdbi = xyes)
 AC_SUBST(LIBDBI_CFLAGS)
diff --git a/plugins/omlibdbi/omlibdbi.c b/plugins/omlibdbi/omlibdbi.c
index 9e8cb913..6e27ad22 100644
--- a/plugins/omlibdbi/omlibdbi.c
+++ b/plugins/omlibdbi/omlibdbi.c
@@ -337,12 +337,14 @@ CODESTARTbeginTransaction
 	if(pData->conn == NULL) {
 		CHKiRet(initConn(pData, 0));
 	}
+#	if HAVE_DBI_TXSUPP
 	if (pData->txSupport == 1) {
 		if (dbi_conn_transaction_begin(pData->conn) != 0) {	
 			dbgprintf("libdbi server error: begin transaction not successful\n");		
 			iRet = RS_RET_SUSPENDED; 
-		} 		
+		} 
 	}
+#	endif
 finalize_it:
 ENDbeginTransaction
 /* end transaction */
@@ -350,19 +352,23 @@ ENDbeginTransaction
 BEGINdoAction
 CODESTARTdoAction
 	CHKiRet(writeDB(ppString[0], pData));
+#	if HAVE_DBI_TXSUPP
 	if (pData->txSupport == 1) {
 		iRet = RS_RET_DEFER_COMMIT;
 	}
+#	endif
 finalize_it:
 ENDdoAction
 
 /* transaction support 2013-03 */
 BEGINendTransaction
 CODESTARTendTransaction
+#	if HAVE_DBI_TXSUPP
 	if (dbi_conn_transaction_commit(pData->conn) != 0) {	
 		dbgprintf("libdbi server error: transaction not committed\n");		
 		iRet = RS_RET_SUSPENDED; 
 	} 
+#	endif
 ENDendTransaction
 /* end transaction */
 
@@ -571,6 +577,10 @@ CODESTARTmodInit
 INITLegCnfVars
 	*ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */
 CODEmodInit_QueryRegCFSLineHdlr
+#	ifndef HAVE_DBI_TXSUPP
+	DBGPRINTF("omlibdbi: no transaction support in libdbi\n");
+#	warning libdbi too old - transactions are not enabled (use 0.9 or later)
+#	endif
 	CHKiRet(objUse(errmsg, CORE_COMPONENT));
 	CHKiRet(regCfSysLineHdlr2((uchar *)"actionlibdbidriverdirectory", 0, eCmdHdlrGetWord, NULL, &cs.dbiDrvrDir, STD_LOADABLE_MODULE_ID, &bLegacyCnfModGlobalsPermitted));
 	CHKiRet(omsdRegCFSLineHdlr((uchar *)"actionlibdbidriver", 0, eCmdHdlrGetWord, NULL, &cs.drvrName, STD_LOADABLE_MODULE_ID));
-- 
cgit v1.2.3


From d6b86f8b9fde1e2aa39353c36e413540649067b6 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Thu, 21 Mar 2013 18:51:31 +0100
Subject: update systemd files to match current systemd source

---
 ChangeLog           |   1 +
 runtime/sd-daemon.c | 172 +++++++++++++++++++++++++++++++++++++++++-----------
 2 files changed, 136 insertions(+), 37 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index ec769416..1cb7a1a8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
 ---------------------------------------------------------------------------
 Version 5.10.2  [V5-STABLE], 201?-??-??
+- updated systemd files to match current systemd source
 - bugfix: spurios error messages from imuxsock about (non-error) EAGAIN
   Thanks to Marius Tomaschewski for the patch.
 - imklog: added $klogParseKernelTimestamp option
diff --git a/runtime/sd-daemon.c b/runtime/sd-daemon.c
index 9c23b917..79d8ca37 100644
--- a/runtime/sd-daemon.c
+++ b/runtime/sd-daemon.c
@@ -25,14 +25,18 @@
 ***/
 
 #ifndef _GNU_SOURCE
-#define _GNU_SOURCE
+#  define _GNU_SOURCE
 #endif
 
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/socket.h>
 #include <sys/un.h>
-#include <sys/fcntl.h>
+#ifdef __BIONIC__
+#  include <linux/fcntl.h>
+#else
+#  include <sys/fcntl.h>
+#endif
 #include <netinet/in.h>
 #include <stdlib.h>
 #include <errno.h>
@@ -40,10 +44,28 @@
 #include <string.h>
 #include <stdarg.h>
 #include <stdio.h>
+#include <stddef.h>
+#include <limits.h>
+
+#if defined(__linux__)
+#  include <mqueue.h>
+#endif
 
 #include "sd-daemon.h"
 
-int sd_listen_fds(int unset_environment) {
+#if (__GNUC__ >= 4)
+#  ifdef SD_EXPORT_SYMBOLS
+/* Export symbols */
+#    define _sd_export_ __attribute__ ((visibility("default")))
+#  else
+/* Don't export the symbols */
+#    define _sd_export_ __attribute__ ((visibility("hidden")))
+#  endif
+#else
+#  define _sd_export_
+#endif
+
+_sd_export_ int sd_listen_fds(int unset_environment) {
 
 #if defined(DISABLE_SYSTEMD) || !defined(__linux__)
         return 0;
@@ -53,7 +75,8 @@ int sd_listen_fds(int unset_environment) {
         char *p = NULL;
         unsigned long l;
 
-        if (!(e = getenv("LISTEN_PID"))) {
+        e = getenv("LISTEN_PID");
+        if (!e) {
                 r = 0;
                 goto finish;
         }
@@ -66,7 +89,7 @@ int sd_listen_fds(int unset_environment) {
                 goto finish;
         }
 
-        if (!p || *p || l <= 0) {
+        if (!p || p == e || *p || l <= 0) {
                 r = -EINVAL;
                 goto finish;
         }
@@ -77,7 +100,8 @@ int sd_listen_fds(int unset_environment) {
                 goto finish;
         }
 
-        if (!(e = getenv("LISTEN_FDS"))) {
+        e = getenv("LISTEN_FDS");
+        if (!e) {
                 r = 0;
                 goto finish;
         }
@@ -90,7 +114,7 @@ int sd_listen_fds(int unset_environment) {
                 goto finish;
         }
 
-        if (!p || *p) {
+        if (!p || p == e || *p) {
                 r = -EINVAL;
                 goto finish;
         }
@@ -98,7 +122,8 @@ int sd_listen_fds(int unset_environment) {
         for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + (int) l; fd ++) {
                 int flags;
 
-                if ((flags = fcntl(fd, F_GETFD)) < 0) {
+                flags = fcntl(fd, F_GETFD);
+                if (flags < 0) {
                         r = -errno;
                         goto finish;
                 }
@@ -124,13 +149,12 @@ finish:
 #endif
 }
 
-int sd_is_fifo(int fd, const char *path) {
+_sd_export_ int sd_is_fifo(int fd, const char *path) {
         struct stat st_fd;
 
         if (fd < 0)
                 return -EINVAL;
 
-        memset(&st_fd, 0, sizeof(st_fd));
         if (fstat(fd, &st_fd) < 0)
                 return -errno;
 
@@ -140,7 +164,6 @@ int sd_is_fifo(int fd, const char *path) {
         if (path) {
                 struct stat st_path;
 
-                memset(&st_path, 0, sizeof(st_path));
                 if (stat(path, &st_path) < 0) {
 
                         if (errno == ENOENT || errno == ENOTDIR)
@@ -157,6 +180,42 @@ int sd_is_fifo(int fd, const char *path) {
         return 1;
 }
 
+_sd_export_ int sd_is_special(int fd, const char *path) {
+        struct stat st_fd;
+
+        if (fd < 0)
+                return -EINVAL;
+
+        if (fstat(fd, &st_fd) < 0)
+                return -errno;
+
+        if (!S_ISREG(st_fd.st_mode) && !S_ISCHR(st_fd.st_mode))
+                return 0;
+
+        if (path) {
+                struct stat st_path;
+
+                if (stat(path, &st_path) < 0) {
+
+                        if (errno == ENOENT || errno == ENOTDIR)
+                                return 0;
+
+                        return -errno;
+                }
+
+                if (S_ISREG(st_fd.st_mode) && S_ISREG(st_path.st_mode))
+                        return
+                                st_path.st_dev == st_fd.st_dev &&
+                                st_path.st_ino == st_fd.st_ino;
+                else if (S_ISCHR(st_fd.st_mode) && S_ISCHR(st_path.st_mode))
+                        return st_path.st_rdev == st_fd.st_rdev;
+                else
+                        return 0;
+        }
+
+        return 1;
+}
+
 static int sd_is_socket_internal(int fd, int type, int listening) {
         struct stat st_fd;
 
@@ -208,13 +267,14 @@ union sockaddr_union {
         struct sockaddr_storage storage;
 };
 
-int sd_is_socket(int fd, int family, int type, int listening) {
+_sd_export_ int sd_is_socket(int fd, int family, int type, int listening) {
         int r;
 
         if (family < 0)
                 return -EINVAL;
 
-        if ((r = sd_is_socket_internal(fd, type, listening)) <= 0)
+        r = sd_is_socket_internal(fd, type, listening);
+        if (r <= 0)
                 return r;
 
         if (family > 0) {
@@ -236,7 +296,7 @@ int sd_is_socket(int fd, int family, int type, int listening) {
         return 1;
 }
 
-int sd_is_socket_inet(int fd, int family, int type, int listening, uint16_t port) {
+_sd_export_ int sd_is_socket_inet(int fd, int family, int type, int listening, uint16_t port) {
         union sockaddr_union sockaddr;
         socklen_t l;
         int r;
@@ -244,7 +304,8 @@ int sd_is_socket_inet(int fd, int family, int type, int listening, uint16_t port
         if (family != 0 && family != AF_INET && family != AF_INET6)
                 return -EINVAL;
 
-        if ((r = sd_is_socket_internal(fd, type, listening)) <= 0)
+        r = sd_is_socket_internal(fd, type, listening);
+        if (r <= 0)
                 return r;
 
         memset(&sockaddr, 0, sizeof(sockaddr));
@@ -281,12 +342,13 @@ int sd_is_socket_inet(int fd, int family, int type, int listening, uint16_t port
         return 1;
 }
 
-int sd_is_socket_unix(int fd, int type, int listening, const char *path, size_t length) {
+_sd_export_ int sd_is_socket_unix(int fd, int type, int listening, const char *path, size_t length) {
         union sockaddr_union sockaddr;
         socklen_t l;
         int r;
 
-        if ((r = sd_is_socket_internal(fd, type, listening)) <= 0)
+        r = sd_is_socket_internal(fd, type, listening);
+        if (r <= 0)
                 return r;
 
         memset(&sockaddr, 0, sizeof(sockaddr));
@@ -302,29 +364,66 @@ int sd_is_socket_unix(int fd, int type, int listening, const char *path, size_t
                 return 0;
 
         if (path) {
-                if (length <= 0)
+                if (length == 0)
                         length = strlen(path);
 
-                if (length <= 0)
+                if (length == 0)
                         /* Unnamed socket */
-                        return l == sizeof(sa_family_t);
+                        return l == offsetof(struct sockaddr_un, sun_path);
 
                 if (path[0])
                         /* Normal path socket */
                         return
-                                (l >= sizeof(sa_family_t) + length + 1) &&
+                                (l >= offsetof(struct sockaddr_un, sun_path) + length + 1) &&
                                 memcmp(path, sockaddr.un.sun_path, length+1) == 0;
                 else
                         /* Abstract namespace socket */
                         return
-                                (l == sizeof(sa_family_t) + length) &&
+                                (l == offsetof(struct sockaddr_un, sun_path) + length) &&
                                 memcmp(path, sockaddr.un.sun_path, length) == 0;
         }
 
         return 1;
 }
 
-int sd_notify(int unset_environment, const char *state) {
+_sd_export_ int sd_is_mq(int fd, const char *path) {
+#if !defined(__linux__)
+        return 0;
+#else
+        struct mq_attr attr;
+
+        if (fd < 0)
+                return -EINVAL;
+
+        if (mq_getattr(fd, &attr) < 0)
+                return -errno;
+
+        if (path) {
+                char fpath[PATH_MAX];
+                struct stat a, b;
+
+                if (path[0] != '/')
+                        return -EINVAL;
+
+                if (fstat(fd, &a) < 0)
+                        return -errno;
+
+                strncpy(stpcpy(fpath, "/dev/mqueue"), path, sizeof(fpath) - 12);
+                fpath[sizeof(fpath)-1] = 0;
+
+                if (stat(fpath, &b) < 0)
+                        return -errno;
+
+                if (a.st_dev != b.st_dev ||
+                    a.st_ino != b.st_ino)
+                        return 0;
+        }
+
+        return 1;
+#endif
+}
+
+_sd_export_ int sd_notify(int unset_environment, const char *state) {
 #if defined(DISABLE_SYSTEMD) || !defined(__linux__) || !defined(SOCK_CLOEXEC)
         return 0;
 #else
@@ -339,7 +438,8 @@ int sd_notify(int unset_environment, const char *state) {
                 goto finish;
         }
 
-        if (!(e = getenv("NOTIFY_SOCKET")))
+        e = getenv("NOTIFY_SOCKET");
+        if (!e)
                 return 0;
 
         /* Must be an abstract socket, or an absolute path */
@@ -348,7 +448,8 @@ int sd_notify(int unset_environment, const char *state) {
                 goto finish;
         }
 
-        if ((fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0)) < 0) {
+        fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0);
+        if (fd < 0) {
                 r = -errno;
                 goto finish;
         }
@@ -366,7 +467,7 @@ int sd_notify(int unset_environment, const char *state) {
 
         memset(&msghdr, 0, sizeof(msghdr));
         msghdr.msg_name = &sockaddr;
-        msghdr.msg_namelen = sizeof(sa_family_t) + strlen(e);
+        msghdr.msg_namelen = offsetof(struct sockaddr_un, sun_path) + strlen(e);
 
         if (msghdr.msg_namelen > sizeof(struct sockaddr_un))
                 msghdr.msg_namelen = sizeof(struct sockaddr_un);
@@ -392,7 +493,7 @@ finish:
 #endif
 }
 
-int sd_notifyf(int unset_environment, const char *format, ...) {
+_sd_export_ int sd_notifyf(int unset_environment, const char *format, ...) {
 #if defined(DISABLE_SYSTEMD) || !defined(__linux__)
         return 0;
 #else
@@ -414,22 +515,19 @@ int sd_notifyf(int unset_environment, const char *format, ...) {
 #endif
 }
 
-int sd_booted(void) {
+_sd_export_ int sd_booted(void) {
 #if defined(DISABLE_SYSTEMD) || !defined(__linux__)
         return 0;
 #else
+        struct stat st;
 
-        struct stat a, b;
-
-        /* We simply test whether the systemd cgroup hierarchy is
-         * mounted */
-
-        if (lstat("/sys/fs/cgroup", &a) < 0)
-                return 0;
+        /* We test whether the runtime unit file directory has been
+         * created. This takes place in mount-setup.c, so is
+         * guaranteed to happen very early during boot. */
 
-        if (lstat("/sys/fs/cgroup/systemd", &b) < 0)
+        if (lstat("/run/systemd/system/", &st) < 0)
                 return 0;
 
-        return a.st_dev != b.st_dev;
+        return !!S_ISDIR(st.st_mode);
 #endif
 }
-- 
cgit v1.2.3


From a73506c3a54098c4465b2428eabbe5a40b1cc937 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Thu, 21 Mar 2013 18:56:18 +0100
Subject: mention systemd update in ChangeLog

---
 ChangeLog | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ChangeLog b/ChangeLog
index fc5a2c6d..405e8b18 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,7 @@ Version 7.2.7  [v7-stable] 2013-03-??
 - improved debugging support in forked (auto-backgrounding) mode
   The rsyslog debug log file is now continued to be written across the
   fork.
+- updated systemd files to match current systemd source
 - bugfix: imudp scheduling parameters did affect main thread, not imudp
   closes: http://bugzilla.adiscon.com/show_bug.cgi?id=409
 - bugfix: imuxsock rate-limiting could not be configured via legacy conf
-- 
cgit v1.2.3


From 202068763bf7a30acd08291a4760b88faad06d75 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Thu, 21 Mar 2013 18:58:38 +0100
Subject: mention systemd update in ChangeLog

---
 ChangeLog | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ChangeLog b/ChangeLog
index 6e30343f..d75b79c1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,6 +15,7 @@ Version 7.3.9  [devel] 2013-03-??
   is now detected and the new file being forwarded right from the
   beginning.
   closes: http://bugzilla.adiscon.com/show_bug.cgi?id=228
+- updated systemd files to match current systemd source
 - bugfix: build problem on platforms without GLOB_NOMAGIC
 - bugfix: build problems on non-Linux platforms
 - bugfix: stdout/stderr were not closed on forking
-- 
cgit v1.2.3


From 7da35cf0e26451f0186af387e6466cce99c2cd6b Mon Sep 17 00:00:00 2001
From: Martin Pitt <martinpitt@gnome.org>
Date: Fri, 22 Mar 2013 06:46:32 +0100
Subject: Fix linking for recent sd-daemon.c update

The recent update of sd-daemon.c introduced the usage of mq_getattr(), which is
shipped in -lrt (but clock_gettime isn't any more in glibc 2.17).

Also check for mq_getattr() in the rt library to fix linking with glibc 2.17.

http://bugzilla.adiscon.com/show_bug.cgi?id=428
---
 configure.ac | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/configure.ac b/configure.ac
index eabd2272..52e6fbc2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -65,6 +65,8 @@ save_LIBS=$LIBS
 LIBS=
 AC_SEARCH_LIBS(clock_gettime, rt)
 RT_LIBS=$LIBS
+AC_SEARCH_LIBS(mq_getattr, rt)
+RT_LIBS="$RT_LIBS $LIBS"
 LIBS=
 AC_SEARCH_LIBS(dlopen, dl)
 DL_LIBS=$LIBS
-- 
cgit v1.2.3


From 6a6202e80414e368b9b28a7a7f56279949e37b5d Mon Sep 17 00:00:00 2001
From: Michael Biebl <biebl@debian.org>
Date: Fri, 22 Mar 2013 01:10:02 +0100
Subject: build-sys: Fix "update-systemd" target

The urls have changed.
---
 runtime/Makefile.am | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/runtime/Makefile.am b/runtime/Makefile.am
index 09cb6b41..f0898e43 100644
--- a/runtime/Makefile.am
+++ b/runtime/Makefile.am
@@ -189,5 +189,5 @@ lmnsd_gtls_la_LIBADD = $(GNUTLS_LIBS)
 endif
 
 update-systemd:
-       curl http://cgit.freedesktop.org/systemd/plain/src/sd-daemon.c > sd-daemon.c
-       curl http://cgit.freedesktop.org/systemd/plain/src/sd-daemon.h > sd-daemon.h
+	curl http://cgit.freedesktop.org/systemd/systemd/plain/src/libsystemd-daemon/sd-daemon.c > sd-daemon.c
+	curl http://cgit.freedesktop.org/systemd/systemd/plain/src/systemd/sd-daemon.h > sd-daemon.h
-- 
cgit v1.2.3


From 1cf9955ff9a9fdc739ca1f82d93a81bd2e2aec2c Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 22 Mar 2013 09:06:30 +0100
Subject: yet another update of the systemd files we need to carry...

---
 runtime/sd-daemon.h | 63 +++++++++++++++++++++++++++++++++++------------------
 1 file changed, 42 insertions(+), 21 deletions(-)

diff --git a/runtime/sd-daemon.h b/runtime/sd-daemon.h
index 45aac8bd..fb7456d5 100644
--- a/runtime/sd-daemon.h
+++ b/runtime/sd-daemon.h
@@ -58,25 +58,21 @@ extern "C" {
 
   You may find an up-to-date version of these source files online:
 
-  http://cgit.freedesktop.org/systemd/plain/src/sd-daemon.h
-  http://cgit.freedesktop.org/systemd/plain/src/sd-daemon.c
+  http://cgit.freedesktop.org/systemd/systemd/plain/src/systemd/sd-daemon.h
+  http://cgit.freedesktop.org/systemd/systemd/plain/src/libsystemd-daemon/sd-daemon.c
 
   This should compile on non-Linux systems, too, but with the
   exception of the sd_is_xxx() calls all functions will become NOPs.
 
-  See sd-daemon(7) for more information.
+  See sd-daemon(3) for more information.
 */
 
-#if (__GNUC__ >= 4)
+#ifndef _sd_printf_attr_
+#if __GNUC__ >= 4
 #define _sd_printf_attr_(a,b) __attribute__ ((format (printf, a, b)))
-#  if defined(SD_EXPORT_SYMBOLS)
-#    define _sd_hidden_
-#  else
-#    define _sd_hidden_ __attribute__ ((visibility("hidden")))
-#  endif
 #else
 #define _sd_printf_attr_(a,b)
-#define _sd_hidden_
+#endif
 #endif
 
 /*
@@ -113,7 +109,7 @@ extern "C" {
 
   See sd_listen_fds(3) for more information.
 */
-int sd_listen_fds(int unset_environment) _sd_hidden_;
+int sd_listen_fds(int unset_environment);
 
 /*
   Helper call for identifying a passed file descriptor. Returns 1 if
@@ -125,7 +121,19 @@ int sd_listen_fds(int unset_environment) _sd_hidden_;
 
   See sd_is_fifo(3) for more information.
 */
-int sd_is_fifo(int fd, const char *path) _sd_hidden_;
+int sd_is_fifo(int fd, const char *path);
+
+/*
+  Helper call for identifying a passed file descriptor. Returns 1 if
+  the file descriptor is a special character device on the file
+  system stored under the specified path, 0 otherwise.
+  If path is NULL a path name check will not be done and the call
+  only verifies if the file descriptor refers to a special character.
+  Returns a negative errno style error code on failure.
+
+  See sd_is_special(3) for more information.
+*/
+int sd_is_special(int fd, const char *path);
 
 /*
   Helper call for identifying a passed file descriptor. Returns 1 if
@@ -141,7 +149,7 @@ int sd_is_fifo(int fd, const char *path) _sd_hidden_;
 
   See sd_is_socket(3) for more information.
 */
-int sd_is_socket(int fd, int family, int type, int listening) _sd_hidden_;
+int sd_is_socket(int fd, int family, int type, int listening);
 
 /*
   Helper call for identifying a passed file descriptor. Returns 1 if
@@ -155,7 +163,7 @@ int sd_is_socket(int fd, int family, int type, int listening) _sd_hidden_;
 
   See sd_is_socket_inet(3) for more information.
 */
-int sd_is_socket_inet(int fd, int family, int type, int listening, uint16_t port) _sd_hidden_;
+int sd_is_socket_inet(int fd, int family, int type, int listening, uint16_t port);
 
 /*
   Helper call for identifying a passed file descriptor. Returns 1 if
@@ -171,7 +179,15 @@ int sd_is_socket_inet(int fd, int family, int type, int listening, uint16_t port
 
   See sd_is_socket_unix(3) for more information.
 */
-int sd_is_socket_unix(int fd, int type, int listening, const char *path, size_t length) _sd_hidden_;
+int sd_is_socket_unix(int fd, int type, int listening, const char *path, size_t length);
+
+/*
+  Helper call for identifying a passed file descriptor. Returns 1 if
+  the file descriptor is a POSIX Message Queue of the specified name,
+  0 otherwise. If path is NULL a message queue name check is not
+  done. Returns a negative errno style error code on failure.
+*/
+int sd_is_mq(int fd, const char *path);
 
 /*
   Informs systemd about changed daemon state. This takes a number of
@@ -181,7 +197,7 @@ int sd_is_socket_unix(int fd, int type, int listening, const char *path, size_t
      READY=1      Tells systemd that daemon startup is finished (only
                   relevant for services of Type=notify). The passed
                   argument is a boolean "1" or "0". Since there is
-                  little value in signalling non-readiness the only
+                  little value in signaling non-readiness the only
                   value daemons should send is "READY=1".
 
      STATUS=...   Passes a single-line status string back to systemd
@@ -201,8 +217,13 @@ int sd_is_socket_unix(int fd, int type, int listening, const char *path, size_t
      MAINPID=...  The main pid of a daemon, in case systemd did not
                   fork off the process itself. Example: "MAINPID=4711"
 
+     WATCHDOG=1   Tells systemd to update the watchdog timestamp.
+                  Services using this feature should do this in
+                  regular intervals. A watchdog framework can use the
+                  timestamps to detect failed services.
+
   Daemons can choose to send additional variables. However, it is
-  recommened to prefix variable names not listed above with X_.
+  recommended to prefix variable names not listed above with X_.
 
   Returns a negative errno-style error code on failure. Returns > 0
   if systemd could be notified, 0 if it couldn't possibly because
@@ -217,7 +238,7 @@ int sd_is_socket_unix(int fd, int type, int listening, const char *path, size_t
 
   See sd_notify(3) for more information.
 */
-int sd_notify(int unset_environment, const char *state) _sd_hidden_;
+int sd_notify(int unset_environment, const char *state);
 
 /*
   Similar to sd_notify() but takes a format string.
@@ -239,7 +260,7 @@ int sd_notify(int unset_environment, const char *state) _sd_hidden_;
 
   See sd_notifyf(3) for more information.
 */
-int sd_notifyf(int unset_environment, const char *format, ...) _sd_printf_attr_(2,3) _sd_hidden_;
+int sd_notifyf(int unset_environment, const char *format, ...) _sd_printf_attr_(2,3);
 
 /*
   Returns > 0 if the system was booted with systemd. Returns < 0 on
@@ -248,11 +269,11 @@ int sd_notifyf(int unset_environment, const char *format, ...) _sd_printf_attr_(
   fine. You should NOT protect them with a call to this function. Also
   note that this function checks whether the system, not the user
   session is controlled by systemd. However the functions above work
-  for both session and system services.
+  for both user and system services.
 
   See sd_booted(3) for more information.
 */
-int sd_booted(void) _sd_hidden_;
+int sd_booted(void);
 
 #ifdef __cplusplus
 }
-- 
cgit v1.2.3


From d1caf0e291f0fb587781436f3f634749f761ea03 Mon Sep 17 00:00:00 2001
From: Michael Biebl <biebl@debian.org>
Date: Fri, 22 Mar 2013 01:15:18 +0100
Subject: build-sys: Change the compat library to noinst

It's supposed to be a convenience library and should not be installed.
---
 compat/Makefile.am | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/compat/Makefile.am b/compat/Makefile.am
index 635ad280..78c298e0 100644
--- a/compat/Makefile.am
+++ b/compat/Makefile.am
@@ -1,4 +1,4 @@
-pkglib_LTLIBRARIES = compat.la
+noinst_LTLIBRARIES = compat.la
 
 compat_la_SOURCES = getifaddrs.c
 compat_la_CPPFLAGS = -I$(top_srcdir) $(PTHREADS_CFLAGS) $(RSRT_CFLAGS)
-- 
cgit v1.2.3


From 3e8ab2d389e802df8ec28b36ebe3f968e760b2db Mon Sep 17 00:00:00 2001
From: Michael Biebl <biebl@debian.org>
Date: Fri, 22 Mar 2013 09:39:00 +0100
Subject: fix build on non-Linux systems

---
 threads.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/threads.c b/threads.c
index e5006e90..990733a8 100644
--- a/threads.c
+++ b/threads.c
@@ -183,10 +183,10 @@ static void* thrdStarter(void *arg)
 	assert(pThis != NULL);
 	assert(pThis->pUsrThrdMain != NULL);
 
+#	if HAVE_PRCTL && defined PR_SET_NAME
 	ustrncpy(thrdName+3, pThis->name, 20);
 	dbgOutputTID((char*)thrdName);
 
-#	if HAVE_PRCTL && defined PR_SET_NAME
 	/* set thread name - we ignore if the call fails, has no harsh consequences... */
 	if(prctl(PR_SET_NAME, thrdName, 0, 0, 0) != 0) {
 		DBGPRINTF("prctl failed, not setting thread name for '%s'\n", pThis->name);
-- 
cgit v1.2.3


From 88c62b390eb5504772dd4fbb266054828dc4dc5d Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 22 Mar 2013 13:33:18 +0100
Subject: rsgtutil: add new file type to file type detection

---
 tools/rsgtutil.c   |   2 +
 tools/rsgtutil.rst | 119 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 121 insertions(+)
 create mode 100644 tools/rsgtutil.rst

diff --git a/tools/rsgtutil.c b/tools/rsgtutil.c
index d9cce2f7..9d9f3568 100644
--- a/tools/rsgtutil.c
+++ b/tools/rsgtutil.c
@@ -133,6 +133,8 @@ detectFileType(char *name)
 	if((r = rsgt_tlvrdHeader(fp, (uchar*)hdr)) != 0) goto err;
 	if(!strcmp(hdr, "LOGSIG10"))
 		typeName = "Log Signature File, Version 10";
+	else if(!strcmp(hdr, "GTSTAT10"))
+		typeName = "rsyslog GuardTime Signature State File, Version 10";
 	else
 		typeName = "unknown";
 
diff --git a/tools/rsgtutil.rst b/tools/rsgtutil.rst
new file mode 100644
index 00000000..f2b097dc
--- /dev/null
+++ b/tools/rsgtutil.rst
@@ -0,0 +1,119 @@
+========
+rsgtutil
+========
+
+-----------------------------------
+Manage (GuardTime) Signed Log Files
+-----------------------------------
+
+:Author: Rainer Gerhards <rgerhards@adiscon.com>
+:Date: 2013-03-22
+:Manual section: 1
+
+SYNOPSIS
+========
+
+::
+
+   rsgtutil [OPTIONS] [FILE] ...
+
+
+DESCRIPTION
+===========
+
+This tool performs various maintenance operations on signed log files.
+It specifically supports the GuardTime signature provider.
+
+The *rsgtutil* tool is the primary tool to verify log file signatures,
+dump signature file contents and carry out other maintenance operations.
+The tool offers different operation modes, which are selected via
+command line options.
+
+The processing of multiple files is permitted. Depending on operation
+mode, either the signature file or the base log file must be specified.
+Within a single call, only a single operations mode is permitted. To 
+use different modes on different files, multiple calles, one for each
+mode, must be made.
+
+If no file is specified on the command line, stdin is used instead. Note
+that not all operation modes support stdin.
+
+OPTIONS
+=======
+
+-D, --dump
+  Select "dump" operations mode.
+
+-t, --verify
+  Select "verify" operations mode.
+
+-T, --detect-file-type
+  Select "detect-file-type" operations mode.
+
+-B, --show-sigblock-params
+  Select "show-sigblock-params" operations mode.
+
+-s, --show-verified
+  Prints out information about correctly verified blocks (by default, only
+  errors are printed).
+
+-v, --verbose
+  Select verbose mode. Most importantly, hashes and signatures are printed
+  in full length (can be **very** lengthy) rather than the usual abbreviation.
+
+-P <URL>, --publications-server <URL>
+  Sets the publications server. If not set but required by the operation a
+  default server is used. The default server is not necessarily optimal
+  in regard to performance and reliability.
+
+
+OPERATION MODES
+===============
+
+The operation mode specifies what exactly the tool does with the provided
+files. The default operation mode is "dump", but this may change in the future.
+Thus, it is recommended to always set the operations mode explicitely. If 
+multiple operations mode are set on the command line, results are 
+unpredictable.
+
+dump
+----
+
+This dump a the TLV header.
+
+EXIT CODES
+==========
+
+The command returns an exit code of 0 if everything went fine, and some 
+other code in case of failures.
+
+
+EXAMPLES
+========
+
+::
+
+    rsgtutil --verify logfile
+
+    This verifies the file "logfile" via its associated signature file
+    "logfile.gtsig". If errors are detected, these are reported to stderr.
+    Otherwise, rsgtutil terminates without messages.
+
+
+::
+
+    rsgtutil --dump logfile.gtsig
+
+    This dumps the content of the signature file "logfile.gtsig". The
+    actual log file is not being processed and does not even need to be
+    present.
+
+SEE ALSO
+========
+**rsyslogd(8)**
+
+COPYRIGHT
+=========
+
+This page is part of the *rsyslog* project, and is available under
+LGPLv2.
-- 
cgit v1.2.3


From e25ffb6d1839d35fa890099aef8a78930d90438d Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 22 Mar 2013 14:05:25 +0100
Subject: doc: add doc for rsgtutil

---
 configure.ac       |  1 +
 tools/Makefile.am  | 12 ++++++++---
 tools/rsgtutil.rst | 59 +++++++++++++++++++++++++++++++++++++++++-------------
 3 files changed, 55 insertions(+), 17 deletions(-)

diff --git a/configure.ac b/configure.ac
index 650def0f..f444e5eb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -28,6 +28,7 @@ fi
 AC_DISABLE_STATIC
 AC_PROG_LIBTOOL
 AC_CANONICAL_HOST
+AC_PATH_PROG([RST2MAN], [rst2man])
 
 PKG_PROG_PKG_CONFIG
 
diff --git a/tools/Makefile.am b/tools/Makefile.am
index 2501331e..21a32868 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -43,6 +43,10 @@ rsyslogd_CPPFLAGS =  $(PTHREADS_CFLAGS) $(RSRT_CFLAGS)
 rsyslogd_LDADD = ../grammar/libgrammar.la ../runtime/librsyslog.la $(ZLIB_LIBS) $(PTHREADS_LIBS) $(RSRT_LIBS) $(SOL_LIBS) $(LIBEE_LIBS) $(LIBLOGNORM_LIBS) $(LIBUUID_LIBS)
 rsyslogd_LDFLAGS = -export-dynamic
 
+EXTRA_DIST = $(man_MANS) \
+	rsgtutil.rst \
+	recover_qi.pl
+
 if ENABLE_DIAGTOOLS
 sbin_PROGRAMS += rsyslog_diag_hostname msggen zpipe
 rsyslog_diag_hostname_SOURCES = gethostn.c
@@ -67,8 +71,10 @@ bin_PROGRAMS += rsgtutil
 rsgtutil = rsgtutil.c
 rsgtutil_CPPFLAGS =  $(RSRT_CFLAGS) $(GUARDTIME_CFLAGS)
 rsgtutil_LDADD = ../runtime/librsgt.la $(GUARDTIME_LIBS)
+rsgtutil.1: rsgtutil.rst
+	$(AM_V_GEN) $(RST2MAN) $< $@
+man1_MANS = rsgtutil.1
+CLEANFILES = rsgtutil.1
+EXTRA_DIST+= rsgtutil.1
 endif
 endif
-
-EXTRA_DIST = $(man_MANS) \
-	recover_qi.pl
diff --git a/tools/rsgtutil.rst b/tools/rsgtutil.rst
index f2b097dc..c5782c5a 100644
--- a/tools/rsgtutil.rst
+++ b/tools/rsgtutil.rst
@@ -79,7 +79,43 @@ unpredictable.
 dump
 ----
 
-This dump a the TLV header.
+The provided *signature* files are dumped. For each top-level record, the*u
+type code is printed as well as q short description. If there is additional
+information available, it will be printed in tab-indented lines below the
+main record dump. The actual *log* files need not to be present.
+
+verify
+------
+
+This mode does not work with stdin. On the command line, the *log* file names
+are specified. The corresponding *signature* files (ending on ".gtsig") must also
+be preset at the same location as the log file. In verify mode, both the log
+and signature file is read and the validity of the log file checked. If verification
+errors are detected these are printed and processing of the file aborted. By default,
+each file is verified individually, without taking cross-file hash chains into
+account (so the order of files on the command line does not matter).
+
+Note that the actual amount of what can be verified depends on the parameters with
+which the signature file was written. If record and tree hashes are present, they
+will be verified and thus fine-granular error reporting is possible. If they are
+not present, only the block signature itself is verified.
+
+By default, only errors are printed. To also print successful verifications, use the
+**--show-verified** option.
+
+
+detect-file-type
+----------------
+This mode is used to detect the type of some well-know files used inside the 
+signature system. The detection is based on the file header. This mode is
+primarily a debug aid.
+
+
+show-sigblock-params
+--------------------
+This mode is used to print signature block parameters. It is similar to *dump*
+mode, but will ignore everything except signature blocks. Also, some additional
+meta information is printed. This mode is primarily a debug aid.
 
 EXIT CODES
 ==========
@@ -91,22 +127,17 @@ other code in case of failures.
 EXAMPLES
 ========
 
-::
-
-    rsgtutil --verify logfile
+**rsgtutil --verify logfile**
 
-    This verifies the file "logfile" via its associated signature file
-    "logfile.gtsig". If errors are detected, these are reported to stderr.
-    Otherwise, rsgtutil terminates without messages.
-
-
-::
+This verifies the file "logfile" via its associated signature file
+"logfile.gtsig". If errors are detected, these are reported to stderr.
+Otherwise, rsgtutil terminates without messages.
 
-    rsgtutil --dump logfile.gtsig
+**rsgtutil --dump logfile.gtsig**
 
-    This dumps the content of the signature file "logfile.gtsig". The
-    actual log file is not being processed and does not even need to be
-    present.
+This dumps the content of the signature file "logfile.gtsig". The
+actual log file is not being processed and does not even need to be
+present.
 
 SEE ALSO
 ========
-- 
cgit v1.2.3


From 21553364368b3b23b4b2007f9526b29c898287ab Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 22 Mar 2013 16:46:31 +0100
Subject: fix: librsgt.h was not put in distribution tarball

---
 runtime/Makefile.am    | 2 +-
 runtime/librsgt_read.c | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/runtime/Makefile.am b/runtime/Makefile.am
index c429394d..5109d33c 100644
--- a/runtime/Makefile.am
+++ b/runtime/Makefile.am
@@ -178,7 +178,7 @@ endif
 # support library for guardtime
 #
 if ENABLE_GUARDTIME
-   librsgt_la_SOURCES = librsgt.c librsgt_read.c
+   librsgt_la_SOURCES = librsgt.c librsgt_read.c librsgt.h
 
    pkglib_LTLIBRARIES += lmsig_gt.la
    lmsig_gt_la_SOURCES = lmsig_gt.c
diff --git a/runtime/librsgt_read.c b/runtime/librsgt_read.c
index e32ae454..8bd04aca 100644
--- a/runtime/librsgt_read.c
+++ b/runtime/librsgt_read.c
@@ -167,7 +167,7 @@ reportError(int errcode, gterrctx_t *ectx)
  * ectx, as it has most information we need.
  */
 static void
-reportVerifySuccess(gterrctx_t *ectx)
+reportVerifySuccess(gterrctx_t *ectx, GTVerificationInfo *vrfyInf)
 {
 	if(ectx->fp != NULL) {
 		fprintf(ectx->fp, "%s[%llu:%llu:%llu]: block signature successfully verified\n",
@@ -180,6 +180,7 @@ reportVerifySuccess(gterrctx_t *ectx)
 			fprintf(ectx->fp, "\tBlock End Record...: '%s'\n", ectx->errRec);
 		fprintf(ectx->fp, "\tGT Verify Timestamp: [%u]%s\n",
 			ectx->gtstate, GTHTTP_getErrorString(ectx->gtstate));
+		GTVerificationInfo_print(ectx->fp, 0, vrfyInf);
 	}
 }
 
@@ -909,7 +910,7 @@ verifyBLOCK_SIG(block_sig_t *bs, gtfile gf, FILE *sigfp, gterrctx_t *ectx)
 
 	r = 0;
 	if(rsgt_read_showVerified)
-		reportVerifySuccess(ectx);
+		reportVerifySuccess(ectx, vrfyInf);
 done:
 	if(r != 0)
 		reportError(r, ectx);
-- 
cgit v1.2.3


From 6bc94b09b219aee8ef81db78fe7f2b280cb40b6a Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Sat, 23 Mar 2013 12:24:23 +0100
Subject: logsig: refactor 'dump' mode in rsgtutil

The way tlvrecords are processed is changed in order to
provide better extensibility for further work.
---
 runtime/librsgt.h      |  12 ++-
 runtime/librsgt_read.c | 285 +++++++++++++++++++++++++++++++++++++++++++++----
 tools/rsgtutil.c       |   7 +-
 3 files changed, 281 insertions(+), 23 deletions(-)

diff --git a/runtime/librsgt.h b/runtime/librsgt.h
index 98384bb9..652b1339 100644
--- a/runtime/librsgt.h
+++ b/runtime/librsgt.h
@@ -76,6 +76,15 @@ typedef struct gtfile_s *gtfile;
 typedef struct gterrctx_s gterrctx_t;
 typedef struct imprint_s imprint_t;
 typedef struct block_sig_s block_sig_t;
+typedef struct tlvrecord_s tlvrecord_t;
+
+struct tlvrecord_s {
+	uint16_t tlvtype;
+	uint16_t tlvlen;
+	uint8_t hdr[4]; /* the raw header (as persisted to file) */
+	uint8_t lenHdr; /* length of raw header */
+	uint8_t data[64*1024];	/* the actual data part (of length tlvlen) */
+};
 
 /* The following structure describes the "error context" to be used
  * for verification and similiar reader functions. While verifying,
@@ -336,7 +345,7 @@ void sigblkAddRecord(gtfile gf, const unsigned char *rec, const size_t len);
 void sigblkFinish(gtfile gf);
 /* reader functions */
 int rsgt_tlvrdHeader(FILE *fp, unsigned char *hdr);
-int rsgt_tlvrd(FILE *fp, uint16_t *tlvtype, uint16_t *tlvlen, void *obj);
+int rsgt_tlvrd(FILE *fp, tlvrecord_t *rec, void *obj);
 void rsgt_tlvprint(FILE *fp, uint16_t tlvtype, void *obj, uint8_t verbose);
 void rsgt_printBLOCK_SIG(FILE *fp, block_sig_t *bs, uint8_t verbose);
 int rsgt_getBlockParams(FILE *fp, uint8_t bRewind, block_sig_t **bs, uint8_t *bHasRecHashes, uint8_t *bHasIntermedHashes);
@@ -349,6 +358,7 @@ void rsgt_errctxInit(gterrctx_t *ectx);
 void rsgt_errctxExit(gterrctx_t *ectx);
 void rsgt_errctxSetErrRec(gterrctx_t *ectx, char *rec);
 void rsgt_errctxFrstRecInBlk(gterrctx_t *ectx, char *rec);
+void rsgt_objfree(uint16_t tlvtype, void *obj);
 
 
 /* TODO: replace these? */
diff --git a/runtime/librsgt_read.c b/runtime/librsgt_read.c
index 8bd04aca..2a9ff7c3 100644
--- a/runtime/librsgt_read.c
+++ b/runtime/librsgt_read.c
@@ -205,6 +205,242 @@ rsgt_tlvrdHeader(FILE *fp, uchar *hdr)
 done:	return r;
 }
 
+/* read type a complete tlv record 
+ */
+static int
+rsgt_tlvRecRead(FILE *fp, tlvrecord_t *rec)
+{
+	int r = 1;
+	int c;
+
+	NEXTC;
+	rec->hdr[0] = c;
+	rec->tlvtype = c & 0x1f;
+	if(c & 0x20) { /* tlv16? */
+		rec->lenHdr = 4;
+		NEXTC;
+		rec->hdr[1] = c;
+		rec->tlvtype = (rec->tlvtype << 8) | c;
+		NEXTC;
+		rec->hdr[2] = c;
+		rec->tlvlen = c << 8;
+		NEXTC;
+		rec->hdr[3] = c;
+		rec->tlvlen |= c;
+	} else {
+		NEXTC;
+		rec->lenHdr = 2;
+		rec->hdr[1] = c;
+		rec->tlvlen = c;
+	}
+	if(fread(rec->data, (size_t) rec->tlvlen, 1, fp) != 1) {
+		r = RSGTE_IO;
+		goto done;
+	}
+
+	if(rsgt_read_debug)
+		printf("read tlvtype %4.4x, len %u\n", (unsigned) rec->tlvtype,
+			(unsigned) rec->tlvlen);
+	r = 0;
+done:	return r;
+}
+
+/* decode a sub-tlv record from an existing record's memory buffer
+ */
+static int
+rsgt_tlvDecodeSUBREC(tlvrecord_t *rec, uint16_t *stridx, tlvrecord_t *newrec)
+{
+	int r = 1;
+	int c;
+
+	if(rec->tlvlen == *stridx) {r=RSGTE_LEN; goto done;}
+	c = rec->data[(*stridx)++];
+	newrec->hdr[0] = c;
+	newrec->tlvtype = c & 0x1f;
+	if(c & 0x20) { /* tlv16? */
+		newrec->lenHdr = 4;
+		if(rec->tlvlen == *stridx) {r=RSGTE_LEN; goto done;}
+		c = rec->data[(*stridx)++];
+		newrec->hdr[1] = c;
+		newrec->tlvtype = (newrec->tlvtype << 8) | c;
+		if(rec->tlvlen == *stridx) {r=RSGTE_LEN; goto done;}
+		c = rec->data[(*stridx)++];
+		newrec->hdr[2] = c;
+		newrec->tlvlen = c << 8;
+		if(rec->tlvlen == *stridx) {r=RSGTE_LEN; goto done;}
+		c = rec->data[(*stridx)++];
+		newrec->hdr[3] = c;
+		newrec->tlvlen |= c;
+	} else {
+		if(rec->tlvlen == *stridx) {r=RSGTE_LEN; goto done;}
+		c = rec->data[(*stridx)++];
+		newrec->lenHdr = 2;
+		newrec->hdr[1] = c;
+		newrec->tlvlen = c;
+	}
+	if(rec->tlvlen < *stridx + newrec->tlvlen) {r=RSGTE_LEN; goto done;}
+	memcpy(newrec->data, (rec->data)+(*stridx), newrec->tlvlen);
+	*stridx += newrec->tlvlen;
+
+	if(rsgt_read_debug)
+		printf("read sub-tlv: tlvtype %4.4x, len %u\n",
+			(unsigned) newrec->tlvtype,
+			(unsigned) newrec->tlvlen);
+	r = 0;
+done:	return r;
+}
+
+
+static int
+rsgt_tlvDecodeIMPRINT(tlvrecord_t *rec, imprint_t **imprint)
+{
+	int r = 1;
+	imprint_t *imp;
+
+	if((imp = calloc(1, sizeof(imprint_t))) == NULL) {
+		r = RSGTE_OOM;
+		goto done;
+	}
+
+	imp->hashID = rec->data[0];
+	if(rec->tlvlen != 1 + hashOutputLengthOctets(imp->hashID)) {
+		r = RSGTE_LEN;
+		goto done;
+	}
+	imp->len = rec->tlvlen - 1;
+	if((imp->data = (uint8_t*)malloc(imp->len)) == NULL) {r=RSGTE_OOM;goto done;}
+	memcpy(imp->data, rec->data+1, imp->len);
+	*imprint = imp;
+	r = 0;
+done:	return r;
+}
+
+static int
+rsgt_tlvDecodeHASH_ALGO(tlvrecord_t *rec, uint16_t *strtidx, uint8_t *hashAlg)
+{
+	int r = 1;
+	tlvrecord_t subrec;
+
+	CHKr(rsgt_tlvDecodeSUBREC(rec, strtidx, &subrec));
+	if(!(subrec.tlvtype == 0x00 && subrec.tlvlen == 1)) {
+		r = RSGTE_FMT;
+		goto done;
+	}
+	*hashAlg = subrec.data[0];
+	r = 0;
+done:	return r;
+}
+static int
+rsgt_tlvDecodeBLOCK_IV(tlvrecord_t *rec, uint16_t *strtidx, uint8_t **iv)
+{
+	int r = 1;
+	tlvrecord_t subrec;
+
+	CHKr(rsgt_tlvDecodeSUBREC(rec, strtidx, &subrec));
+	if(!(subrec.tlvtype == 0x01)) {
+		r = RSGTE_INVLTYP;
+		goto done;
+	}
+	if((*iv = (uint8_t*)malloc(subrec.tlvlen)) == NULL) {r=RSGTE_OOM;goto done;}
+	memcpy(*iv, subrec.data, subrec.tlvlen);
+	r = 0;
+done:	return r;
+}
+static int
+rsgt_tlvDecodeLAST_HASH(tlvrecord_t *rec, uint16_t *strtidx, imprint_t *imp)
+{
+	int r = 1;
+	tlvrecord_t subrec;
+
+	CHKr(rsgt_tlvDecodeSUBREC(rec, strtidx, &subrec));
+	if(!(subrec.tlvtype == 0x02)) { r = RSGTE_INVLTYP; goto done; }
+	imp->hashID = subrec.data[0];
+	if(subrec.tlvlen != 1 + hashOutputLengthOctets(imp->hashID)) {
+		r = RSGTE_LEN;
+		goto done;
+	}
+	imp->len = subrec.tlvlen - 1;
+	if((imp->data = (uint8_t*)malloc(imp->len)) == NULL) {r=RSGTE_OOM;goto done;}
+	memcpy(imp->data, subrec.data+1, subrec.tlvlen-1);
+	r = 0;
+done:	return r;
+}
+static int
+rsgt_tlvDecodeREC_COUNT(tlvrecord_t *rec, uint16_t *strtidx, uint64_t *cnt)
+{
+	int r = 1;
+	int i;
+	uint64_t val;
+	tlvrecord_t subrec;
+
+	CHKr(rsgt_tlvDecodeSUBREC(rec, strtidx, &subrec));
+	if(!(subrec.tlvtype == 0x03 && subrec.tlvlen <= 8)) { r = RSGTE_INVLTYP; goto done; }
+	val = 0;
+	for(i = 0 ; i < subrec.tlvlen ; ++i) {
+		val = (val << 8) + subrec.data[i];
+	}
+	*cnt = val;
+	r = 0;
+done:	return r;
+}
+static int
+rsgt_tlvDecodeSIG(tlvrecord_t *rec, uint16_t *strtidx, block_sig_t *bs)
+{
+	int r = 1;
+	tlvrecord_t subrec;
+
+	CHKr(rsgt_tlvDecodeSUBREC(rec, strtidx, &subrec));
+	if(!(subrec.tlvtype == 0x0906)) { r = RSGTE_INVLTYP; goto done; }
+	bs->sig.der.len = subrec.tlvlen;
+	bs->sigID = SIGID_RFC3161;
+	if((bs->sig.der.data = (uint8_t*)malloc(bs->sig.der.len)) == NULL) {r=RSGTE_OOM;goto done;}
+	memcpy(bs->sig.der.data, subrec.data, bs->sig.der.len);
+	r = 0;
+done:	return r;
+}
+
+static int
+rsgt_tlvDecodeBLOCK_SIG(tlvrecord_t *rec, block_sig_t **blocksig)
+{
+	int r = 1;
+	uint16_t strtidx = 0;
+	block_sig_t *bs;
+	if((bs = calloc(1, sizeof(block_sig_t))) == NULL) {
+		r = RSGTE_OOM;
+		goto done;
+	}
+	CHKr(rsgt_tlvDecodeHASH_ALGO(rec, &strtidx, &(bs->hashID)));
+	CHKr(rsgt_tlvDecodeBLOCK_IV(rec, &strtidx, &(bs->iv)));
+	CHKr(rsgt_tlvDecodeLAST_HASH(rec, &strtidx, &(bs->lastHash)));
+	CHKr(rsgt_tlvDecodeREC_COUNT(rec, &strtidx, &(bs->recCount)));
+	CHKr(rsgt_tlvDecodeSIG(rec, &strtidx, bs));
+	if(strtidx != rec->tlvlen) {
+		r = RSGTE_LEN;
+		goto done;
+	}
+	*blocksig = bs;
+	r = 0;
+done:	return r;
+}
+static int
+rsgt_tlvRecDecode(tlvrecord_t *rec, void *obj)
+{
+	int r = 1;
+	switch(rec->tlvtype) {
+		case 0x0900:
+		case 0x0901:
+			r = rsgt_tlvDecodeIMPRINT(rec, obj);
+			if(r != 0) goto done;
+			break;
+		case 0x0902:
+			r = rsgt_tlvDecodeBLOCK_SIG(rec, obj);
+			if(r != 0) goto done;
+			break;
+	}
+done:
+	return r;
+}
+
 /* read type & length */
 static int
 rsgt_tlvrdTL(FILE *fp, uint16_t *tlvtype, uint16_t *tlvlen)
@@ -225,6 +461,7 @@ rsgt_tlvrdTL(FILE *fp, uint16_t *tlvtype, uint16_t *tlvlen)
 		NEXTC;
 		*tlvlen = c;
 	}
+
 	if(rsgt_read_debug)
 		printf("read tlvtype %4.4x, len %u\n", (unsigned) *tlvtype,
 			(unsigned) *tlvlen);
@@ -472,26 +709,11 @@ done:	return r;
  * @returns 0 if ok, something else otherwise
  */
 int
-rsgt_tlvrd(FILE *fp, uint16_t *tlvtype, uint16_t *tlvlen, void *obj)
+rsgt_tlvrd(FILE *fp, tlvrecord_t *rec, void *obj)
 {
-	int r = 1;
-
-	if((r = rsgt_tlvrdTL(fp, tlvtype, tlvlen)) != 0) goto done;
-	switch(*tlvtype) {
-		case 0x0900:
-			r = rsgt_tlvrdIMPRINT(fp, obj, *tlvlen);
-			if(r != 0) goto done;
-			break;
-		case 0x0901:
-			r = rsgt_tlvrdIMPRINT(fp, obj, *tlvlen);
-			if(r != 0) goto done;
-			break;
-		case 0x0902:
-			r = rsgt_tlvrdBLOCK_SIG(fp, obj, *tlvlen);
-			if(r != 0) goto done;
-			break;
-	}
-	r = 0;
+	int r;
+	if((r = rsgt_tlvRecRead(fp, rec)) != 0) goto done;
+	r = rsgt_tlvRecDecode(rec, obj);
 done:	return r;
 }
 
@@ -586,6 +808,31 @@ rsgt_tlvprint(FILE *fp, uint16_t tlvtype, void *obj, uint8_t verbose)
 	}
 }
 
+/**
+ * Free the provided object.
+ *
+ * @param[in] tlvtype type of tlv object (record)
+ * @param[in] obj the object to be destructed
+ */
+void
+rsgt_objfree(uint16_t tlvtype, void *obj)
+{
+	switch(tlvtype) {
+	case 0x0900:
+	case 0x0901:
+		free(((imprint_t*)obj)->data);
+		break;
+	case 0x0902:
+		free(((block_sig_t*)obj)->iv);
+		free(((block_sig_t*)obj)->lastHash.data);
+		free(((block_sig_t*)obj)->sig.der.data);
+		break;
+	default:fprintf(stderr, "rsgt_objfree: unknown tlv record %4.4x\n",
+		        tlvtype);
+		break;
+	}
+	free(obj);
+}
 
 /**
  * Read block parameters. This detects if the block contains the
diff --git a/tools/rsgtutil.c b/tools/rsgtutil.c
index 9d9f3568..c5ac5066 100644
--- a/tools/rsgtutil.c
+++ b/tools/rsgtutil.c
@@ -44,8 +44,8 @@ dumpFile(char *name)
 {
 	FILE *fp;
 	uchar hdr[9];
-	uint16_t tlvtype, tlvlen;
 	void *obj;
+	tlvrecord_t rec;
 	int r = -1;
 	
 	if(!strcmp(name, "-"))
@@ -60,13 +60,14 @@ dumpFile(char *name)
 	if((r = rsgt_tlvrdHeader(fp, hdr)) != 0) goto err;
 	printf("File Header: '%s'\n", hdr);
 	while(1) { /* we will err out on EOF */
-		if((r = rsgt_tlvrd(fp, &tlvtype, &tlvlen, &obj)) != 0) {
+		if((r = rsgt_tlvrd(fp, &rec, &obj)) != 0) {
 			if(feof(fp))
 				break;
 			else
 				goto err;
 		}
-		rsgt_tlvprint(stdout, tlvtype, obj, verbose);
+		rsgt_tlvprint(stdout, rec.tlvtype, obj, verbose);
+		rsgt_objfree(rec.tlvtype, obj);
 	}
 
 	if(fp != stdin)
-- 
cgit v1.2.3


From 487711fb5e64a5311b62eee9ce103d8044b915e3 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Sat, 23 Mar 2013 12:36:19 +0100
Subject: rsgtutil: refactor 'show-sigblock-params" mode

---
 runtime/librsgt_read.c | 27 ++++++++-------------------
 1 file changed, 8 insertions(+), 19 deletions(-)

diff --git a/runtime/librsgt_read.c b/runtime/librsgt_read.c
index 2a9ff7c3..82efa245 100644
--- a/runtime/librsgt_read.c
+++ b/runtime/librsgt_read.c
@@ -483,17 +483,6 @@ rsgt_tlvrdOctetString(FILE *fp, uint8_t **data, size_t len)
 done:	return r;
 }
 static int
-rsgt_tlvrdSkipVal(FILE *fp, size_t len)
-{
-	size_t i;
-	int c, r = 1;
-	for(i = 0 ; i < len ; ++i) {
-		NEXTC;
-	}
-	r = 0;
-done:	return r;
-}
-static int
 rsgt_tlvrdHASH_ALGO(FILE *fp, uint8_t *hashAlg)
 {
 	int r = 1;
@@ -863,9 +852,10 @@ rsgt_getBlockParams(FILE *fp, uint8_t bRewind, block_sig_t **bs,
 {
 	int r;
 	uint64_t nRecs = 0;
-	uint16_t tlvtype, tlvlen;
 	uint8_t bDone = 0;
 	off_t rewindPos = 0;
+	void *obj;
+	tlvrecord_t rec;
 
 	if(bRewind)
 		rewindPos = ftello(fp);
@@ -874,25 +864,24 @@ rsgt_getBlockParams(FILE *fp, uint8_t bRewind, block_sig_t **bs,
 	*bs = NULL;
 
 	while(!bDone) { /* we will err out on EOF */
-		if((r = rsgt_tlvrdTL(fp, &tlvtype, &tlvlen)) != 0) goto done;
-		switch(tlvtype) {
+		if((r = rsgt_tlvrd(fp, &rec, &obj)) != 0) goto done;
+		switch(rec.tlvtype) {
 		case 0x0900:
 			++nRecs;
 			*bHasRecHashes = 1;
-			rsgt_tlvrdSkipVal(fp, tlvlen);
 			break;
 		case 0x0901:
 			*bHasIntermedHashes = 1;
-			rsgt_tlvrdSkipVal(fp, tlvlen);
 			break;
 		case 0x0902:
-			r = rsgt_tlvrdBLOCK_SIG(fp, bs, tlvlen);
-			if(r != 0) goto done;
+			*bs = (block_sig_t*) obj;
 			bDone = 1;
 			break;
-		default:fprintf(fp, "unknown tlv record %4.4x\n", tlvtype);
+		default:fprintf(fp, "unknown tlv record %4.4x\n", rec.tlvtype);
 			break;
 		}
+		if(!bDone)
+			rsgt_objfree(rec.tlvtype, obj);
 	}
 
 	if(*bHasRecHashes && (nRecs != (*bs)->recCount)) {
-- 
cgit v1.2.3


From c77a77a6c7919d17936e6ba2f71b0903cac9c890 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Sat, 23 Mar 2013 13:07:12 +0100
Subject: rsgtutil: refactor 'verify' mode to use new tlv file read functions

---
 runtime/librsgt_read.c | 230 ++++++-------------------------------------------
 tools/rsgtutil.c       |   4 +-
 2 files changed, 27 insertions(+), 207 deletions(-)

diff --git a/runtime/librsgt_read.c b/runtime/librsgt_read.c
index 82efa245..66c4c805 100644
--- a/runtime/librsgt_read.c
+++ b/runtime/librsgt_read.c
@@ -441,207 +441,18 @@ done:
 	return r;
 }
 
-/* read type & length */
-static int
-rsgt_tlvrdTL(FILE *fp, uint16_t *tlvtype, uint16_t *tlvlen)
-{
-	int r = 1;
-	int c;
-
-	NEXTC;
-	*tlvtype = c & 0x1f;
-	if(c & 0x20) { /* tlv16? */
-		NEXTC;
-		*tlvtype = (*tlvtype << 8) | c;
-		NEXTC;
-		*tlvlen = c << 8;
-		NEXTC;
-		*tlvlen |= c;
-	} else {
-		NEXTC;
-		*tlvlen = c;
-	}
-
-	if(rsgt_read_debug)
-		printf("read tlvtype %4.4x, len %u\n", (unsigned) *tlvtype,
-			(unsigned) *tlvlen);
-	r = 0;
-done:	return r;
-}
-
-static int
-rsgt_tlvrdOctetString(FILE *fp, uint8_t **data, size_t len)
-{
-	size_t i;
-	int c, r = 1;
-	if((*data = (uint8_t*)malloc(len)) == NULL) {r=RSGTE_OOM;goto done;}
-	for(i = 0 ; i < len ; ++i) {
-		NEXTC;
-		(*data)[i] = c;
-	}
-	r = 0;
-done:	return r;
-}
-static int
-rsgt_tlvrdHASH_ALGO(FILE *fp, uint8_t *hashAlg)
-{
-	int r = 1;
-	int c;
-	uint16_t tlvtype, tlvlen;
-
-	CHKr(rsgt_tlvrdTL(fp, &tlvtype, &tlvlen));
-	if(!(tlvtype == 0x00 && tlvlen == 1)) {
-		r = RSGTE_FMT;
-		goto done;
-	}
-	NEXTC;
-	*hashAlg = c;
-	r = 0;
-done:	return r;
-}
-static int
-rsgt_tlvrdBLOCK_IV(FILE *fp, uint8_t **iv)
-{
-	int r = 1;
-	uint16_t tlvtype, tlvlen;
-
-	CHKr(rsgt_tlvrdTL(fp, &tlvtype, &tlvlen));
-	if(!(tlvtype == 0x01)) {
-		r = RSGTE_INVLTYP;
-		goto done;
-	}
-	CHKr(rsgt_tlvrdOctetString(fp, iv, tlvlen));
-	r = 0;
-done:	return r;
-}
-static int
-rsgt_tlvrdLAST_HASH(FILE *fp, imprint_t *imp)
-{
-	int r = 1;
-	int c;
-	uint16_t tlvtype, tlvlen;
-
-	CHKr(rsgt_tlvrdTL(fp, &tlvtype, &tlvlen));
-	if(!(tlvtype == 0x02)) { r = RSGTE_INVLTYP; goto done; }
-	NEXTC;
-	imp->hashID = c;
-	if(tlvlen != 1 + hashOutputLengthOctets(imp->hashID)) {
-		r = RSGTE_LEN;
-		goto done;
-	}
-	imp->len = tlvlen - 1;
-	CHKr(rsgt_tlvrdOctetString(fp, &imp->data, tlvlen-1));
-	r = 0;
-done:	return r;
-}
-static int
-rsgt_tlvrdREC_COUNT(FILE *fp, uint64_t *cnt, size_t *lenInt)
-{
-	int r = 1;
-	int i;
-	int c;
-	uint64_t val;
-	uint16_t tlvtype, tlvlen;
-
-	if((r = rsgt_tlvrdTL(fp, &tlvtype, &tlvlen)) != 0) goto done;
-	if(!(tlvtype == 0x03 && tlvlen <= 8)) { r = RSGTE_INVLTYP; goto done; }
-	*lenInt = tlvlen;
-	val = 0;
-	for(i = 0 ; i < tlvlen ; ++i) {
-		NEXTC;
-		val = (val << 8) + c;
-	}
-	*cnt = val;
-	r = 0;
-done:	return r;
-}
-static int
-rsgt_tlvrdSIG(FILE *fp, block_sig_t *bs)
-{
-	int r = 1;
-	uint16_t tlvtype, tlvlen;
-
-	CHKr(rsgt_tlvrdTL(fp, &tlvtype, &tlvlen));
-	if(!(tlvtype == 0x0906)) { r = RSGTE_INVLTYP; goto done; }
-	bs->sig.der.len = tlvlen;
-	bs->sigID = SIGID_RFC3161;
-	CHKr(rsgt_tlvrdOctetString(fp, &(bs->sig.der.data), tlvlen));
-	r = 0;
-done:	return r;
-}
-
-static int
-rsgt_tlvrdBLOCK_SIG(FILE *fp, block_sig_t **blocksig, uint16_t tlvlen)
-{
-	int r = 1;
-	size_t lenInt = 0;
-	uint16_t sizeRead;
-	block_sig_t *bs;
-	if((bs = calloc(1, sizeof(block_sig_t))) == NULL) {
-		r = RSGTE_OOM;
-		goto done;
-	}
-	CHKr(rsgt_tlvrdHASH_ALGO(fp, &(bs->hashID)));
-	CHKr(rsgt_tlvrdBLOCK_IV(fp, &(bs->iv)));
-	CHKr(rsgt_tlvrdLAST_HASH(fp, &(bs->lastHash)));
-	CHKr(rsgt_tlvrdREC_COUNT(fp, &(bs->recCount), &lenInt));
-	CHKr(rsgt_tlvrdSIG(fp, bs));
-	sizeRead = 2 + 1 /* hash algo TLV */ +
-	 	   2 + getIVLen(bs) /* iv */ +
-		   2 + 1 + bs->lastHash.len /* last hash */ +
-		   2 + lenInt /* rec-count */ +
-		   4 + bs->sig.der.len /* rfc-3161 */;
-	if(sizeRead != tlvlen) {
-		r = RSGTE_LEN;
-		goto done;
-	}
-	*blocksig = bs;
-	r = 0;
-done:	return r;
-}
-
-static int
-rsgt_tlvrdIMPRINT(FILE *fp, imprint_t **imprint, uint16_t tlvlen)
-{
-	int r = 1;
-	imprint_t *imp;
-	int c;
-
-	if((imp = calloc(1, sizeof(imprint_t))) == NULL) {
-		r = RSGTE_OOM;
-		goto done;
-	}
-	if((imp->data = calloc(1, sizeof(imprint_t))) == NULL) {
-		r = RSGTE_OOM;
-		goto done;
-	}
-
-	NEXTC;
-	imp->hashID = c;
-	if(tlvlen != 1 + hashOutputLengthOctets(imp->hashID)) {
-		r = RSGTE_LEN;
-		goto done;
-	}
-	imp->len = tlvlen - 1;
-	CHKr(rsgt_tlvrdOctetString(fp, &imp->data, tlvlen-1));
-
-	*imprint = imp;
-	r = 0;
-done:	return r;
-}
-
 static int
 rsgt_tlvrdRecHash(FILE *fp, imprint_t **imp)
 {
 	int r;
-	uint16_t tlvtype, tlvlen;
+	tlvrecord_t rec;
 
-	if((r = rsgt_tlvrdTL(fp, &tlvtype, &tlvlen)) != 0) goto done;
-	if(tlvtype != 0x0900) {
+	if((r = rsgt_tlvrd(fp, &rec, imp)) != 0) goto done;
+	if(rec.tlvtype != 0x0900) {
 		r = RSGTE_MISS_REC_HASH;
+		rsgt_objfree(rec.tlvtype, *imp);
 		goto done;
 	}
-	if((r = rsgt_tlvrdIMPRINT(fp, imp, tlvlen)) != 0) goto done;
 	r = 0;
 done:	return r;
 }
@@ -650,14 +461,14 @@ static int
 rsgt_tlvrdTreeHash(FILE *fp, imprint_t **imp)
 {
 	int r;
-	uint16_t tlvtype, tlvlen;
+	tlvrecord_t rec;
 
-	if((r = rsgt_tlvrdTL(fp, &tlvtype, &tlvlen)) != 0) goto done;
-	if(tlvtype != 0x0901) {
+	if((r = rsgt_tlvrd(fp, &rec, imp)) != 0) goto done;
+	if(rec.tlvtype != 0x0901) {
 		r = RSGTE_MISS_TREE_HASH;
+		rsgt_objfree(rec.tlvtype, *imp);
 		goto done;
 	}
-	if((r = rsgt_tlvrdIMPRINT(fp, imp, tlvlen)) != 0) goto done;
 	r = 0;
 done:	return r;
 }
@@ -667,14 +478,14 @@ static int
 rsgt_tlvrdVrfyBlockSig(FILE *fp, block_sig_t **bs)
 {
 	int r;
-	uint16_t tlvtype, tlvlen;
+	tlvrecord_t rec;
 
-	if((r = rsgt_tlvrdTL(fp, &tlvtype, &tlvlen)) != 0) goto done;
-	if(tlvtype != 0x0902) {
+	if((r = rsgt_tlvrd(fp, &rec, bs)) != 0) goto done;
+	if(rec.tlvtype != 0x0902) {
 		r = RSGTE_MISS_BLOCKSIG;
+		rsgt_objfree(rec.tlvtype, *bs);
 		goto done;
 	}
-	if((r = rsgt_tlvrdBLOCK_SIG(fp, bs, tlvlen)) != 0) goto done;
 	r = 0;
 done:	return r;
 }
@@ -952,7 +763,7 @@ static int
 rsgt_vrfy_chkRecHash(gtfile gf, FILE *sigfp, GTDataHash *recHash, gterrctx_t *ectx)
 {
 	int r = 0;
-	imprint_t *imp;
+	imprint_t *imp = NULL;
 
 	if((r = rsgt_tlvrdRecHash(sigfp, &imp)) != 0)
 		reportError(r, ectx);
@@ -973,6 +784,8 @@ rsgt_vrfy_chkRecHash(gtfile gf, FILE *sigfp, GTDataHash *recHash, gterrctx_t *ec
 	}
 	r = 0;
 done:
+	if(imp != NULL)
+		rsgt_objfree(0x0900, imp);
 	return r;
 }
 
@@ -980,7 +793,7 @@ static int
 rsgt_vrfy_chkTreeHash(gtfile gf, FILE *sigfp, GTDataHash *hash, gterrctx_t *ectx)
 {
 	int r = 0;
-	imprint_t *imp;
+	imprint_t *imp = NULL;
 
 	if((r = rsgt_tlvrdTreeHash(sigfp, &imp)) != 0) {
 		reportError(r, ectx);
@@ -1002,6 +815,8 @@ rsgt_vrfy_chkTreeHash(gtfile gf, FILE *sigfp, GTDataHash *hash, gterrctx_t *ectx
 	}
 	r = 0;
 done:
+	if(imp != NULL)
+		rsgt_objfree(0x0901, imp);
 	return r;
 }
 
@@ -1011,7 +826,7 @@ rsgt_vrfy_nextRec(block_sig_t *bs, gtfile gf, FILE *sigfp, unsigned char *rec,
 {
 	int r = 0;
 	GTDataHash *x; /* current hash */
-	GTDataHash *m, *recHash, *t;
+	GTDataHash *m, *recHash = NULL, *t;
 	uint8_t j;
 
 	hash_m(gf, &m);
@@ -1064,8 +879,9 @@ rsgt_vrfy_nextRec(block_sig_t *bs, gtfile gf, FILE *sigfp, unsigned char *rec,
 	/* cleanup */
 	/* note: x is freed later as part of roots cleanup */
 	GTDataHash_free(m);
-	GTDataHash_free(recHash);
 done:
+	if(recHash != NULL)
+		GTDataHash_free(recHash);
 	return r;
 }
 
@@ -1113,7 +929,7 @@ verifyBLOCK_SIG(block_sig_t *bs, gtfile gf, FILE *sigfp, gterrctx_t *ectx)
 {
 	int r;
 	int gtstate;
-	block_sig_t *file_bs;
+	block_sig_t *file_bs = NULL;
 	GTTimestamp *timestamp = NULL;
 	GTVerificationInfo *vrfyInf;
 	GTDataHash *root = NULL;
@@ -1148,6 +964,8 @@ verifyBLOCK_SIG(block_sig_t *bs, gtfile gf, FILE *sigfp, gterrctx_t *ectx)
 	if(rsgt_read_showVerified)
 		reportVerifySuccess(ectx, vrfyInf);
 done:
+	if(file_bs != NULL)
+		rsgt_objfree(0x0902, file_bs);
 	if(r != 0)
 		reportError(r, ectx);
 	if(timestamp != NULL)
diff --git a/tools/rsgtutil.c b/tools/rsgtutil.c
index c5ac5066..c78671c7 100644
--- a/tools/rsgtutil.c
+++ b/tools/rsgtutil.c
@@ -181,7 +181,7 @@ static void
 verify(char *name)
 {
 	FILE *logfp = NULL, *sigfp = NULL;
-	block_sig_t *bs;
+	block_sig_t *bs = NULL;
 	gtfile gf;
 	uint8_t bHasRecHashes, bHasIntermedHashes;
 	uint8_t bInBlock;
@@ -225,6 +225,8 @@ verify(char *name)
 
 	while(!feof(logfp)) {
 		if(bInBlock == 0) {
+			if(bs != NULL)
+				rsgt_objfree(0x0902, bs);
 			if((r = rsgt_getBlockParams(sigfp, 1, &bs, &bHasRecHashes,
 							&bHasIntermedHashes)) != 0)
 				goto err;
-- 
cgit v1.2.3


From 0b77585a10062117d1904c8c08db1fc4520ab16d Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Sat, 23 Mar 2013 14:59:50 +0100
Subject: rsgtutil: basic plumbing for extend mode

does not contain actual implementation
---
 tools/rsgtutil.c | 39 +++++++++++++++++++++++++++++++++------
 1 file changed, 33 insertions(+), 6 deletions(-)

diff --git a/tools/rsgtutil.c b/tools/rsgtutil.c
index c78671c7..f65c46fd 100644
--- a/tools/rsgtutil.c
+++ b/tools/rsgtutil.c
@@ -35,7 +35,7 @@
 typedef unsigned char uchar;
 
 static enum { MD_DUMP, MD_DETECT_FILE_TYPE, MD_SHOW_SIGBLK_PARAMS,
-              MD_VERIFY
+              MD_VERIFY, MD_EXTEND
 } mode = MD_DUMP;
 static int verbose = 0;
 
@@ -155,7 +155,12 @@ doVerifyRec(FILE *logfp, FILE *sigfp, block_sig_t *bs, gtfile gf, gterrctx_t *ec
 	char rec[128*1024];
 
 	if(fgets(rec, sizeof(rec), logfp) == NULL) {
-		r = feof(logfp) ? RSGTE_EOF : RSGTE_IO;
+		if(feof(logfp)) {
+			r = RSGTE_EOF;
+		} else {
+			perror("log file input");
+			r = RSGTE_IO;
+		}
 		goto done;
 	}
 	lenRec = strlen(rec);
@@ -176,21 +181,27 @@ done:
 	return r;
 }
 
-/* note: here we need to have the LOG file name, not signature! */
+/* We handle both verify and extend with the same function as they
+ * are very similiar.
+ *
+ * note: here we need to have the LOG file name, not signature!
+ */
 static void
 verify(char *name)
 {
-	FILE *logfp = NULL, *sigfp = NULL;
+	FILE *logfp = NULL, *sigfp = NULL, *nsigfp = NULL;
 	block_sig_t *bs = NULL;
 	gtfile gf;
 	uint8_t bHasRecHashes, bHasIntermedHashes;
 	uint8_t bInBlock;
 	int r = 0;
 	char sigfname[4096];
+	char nsigfname[4096];
 	gterrctx_t ectx;
 	
 	if(!strcmp(name, "-")) {
-		fprintf(stderr, "verify mode cannot work on stdin\n");
+		fprintf(stderr, "%s mode cannot work on stdin\n",
+			mode == MD_VERIFY ? "verify" : "extend");
 		goto err;
 	} else {
 		snprintf(sigfname, sizeof(sigfname), "%s.gtsig", name);
@@ -200,9 +211,17 @@ verify(char *name)
 			goto err;
 		}
 		if((sigfp = fopen(sigfname, "r")) == NULL) {
-			perror(name);
+			perror(sigfname);
 			goto err;
 		}
+		if(mode == MD_EXTEND) {
+			snprintf(nsigfname, sizeof(nsigfname), "%s.gtsig.new", name);
+			nsigfname[sizeof(nsigfname)-1] = '\0';
+			if((nsigfp = fopen(nsigfname, "w")) == NULL) {
+				perror(nsigfname);
+				goto err;
+			}
+		}
 	}
 
 	rsgtInit("rsyslog rsgtutil " VERSION);
@@ -245,6 +264,7 @@ verify(char *name)
 
 	fclose(logfp);
 	fclose(sigfp);
+	fclose(nsigfp);
 	rsgtExit();
 	rsgt_errctxExit(&ectx);
 	return;
@@ -253,6 +273,8 @@ err:
 		fclose(logfp);
 	if(sigfp != NULL)
 		fclose(sigfp);
+	if(nsigfp != NULL)
+		fclose(nsigfp);
 	if(r != RSGTE_EOF)
 		fprintf(stderr, "error %d processing file %s\n", r, name);
 	rsgtExit();
@@ -273,6 +295,7 @@ processFile(char *name)
 		showSigblkParams(name);
 		break;
 	case MD_VERIFY:
+	case MD_EXTEND:
 		verify(name);
 		break;
 	}
@@ -287,6 +310,7 @@ static struct option long_options[] =
 	{"detect-file-type", no_argument, NULL, 'T'},
 	{"show-sigblock-params", no_argument, NULL, 'B'},
 	{"verify", no_argument, NULL, 't'}, /* 't' as in "test signatures" */
+	{"extend", no_argument, NULL, 'e'},
 	{"publications-server", optional_argument, NULL, 'P'},
 	{"show-verified", no_argument, NULL, 's'},
 	{NULL, 0, NULL, 0} 
@@ -327,6 +351,9 @@ main(int argc, char *argv[])
 		case 't':
 			mode = MD_VERIFY;
 			break;
+		case 'e':
+			mode = MD_EXTEND;
+			break;
 		case '?':
 			break;
 		default:fprintf(stderr, "getopt_long() returns unknown value %d\n", opt);
-- 
cgit v1.2.3


From 199630a5ef8f0c919fbbbd9e122415d1d72886a3 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Sat, 23 Mar 2013 18:39:03 +0100
Subject: rsgtutil/milestone: basic 'extend' mode implementation

... done up until the point where I need to wait for the
timestamps to become extendible. So doing a milestone commit
to make sure the work is inside the archive. Actual writing of the
extended timestamp is missing.
---
 runtime/librsgt.c      |   1 +
 runtime/librsgt.h      |   8 ++--
 runtime/librsgt_read.c | 112 +++++++++++++++++++++++++++++++++++++++----------
 tools/rsgtutil.c       |  34 +++++++++------
 4 files changed, 118 insertions(+), 37 deletions(-)

diff --git a/runtime/librsgt.c b/runtime/librsgt.c
index e24c3769..40b46d9c 100644
--- a/runtime/librsgt.c
+++ b/runtime/librsgt.c
@@ -627,6 +627,7 @@ timestampIt(gtfile gf, GTDataHash *hash)
 	/* Encode timestamp. */
 	r = GTTimestamp_getDEREncoded(timestamp, &der, &lenDer);
 	if(r != GT_OK) {
+		// TODO: use rsyslog error reporting!
 		fprintf(stderr, "GTTimestamp_getDEREncoded() failed: %d (%s)\n",
 				r, GT_getErrorString(r));
 		goto done;
diff --git a/runtime/librsgt.h b/runtime/librsgt.h
index 652b1339..d1c2b521 100644
--- a/runtime/librsgt.h
+++ b/runtime/librsgt.h
@@ -153,7 +153,7 @@ struct rsgtstatefile {
 #define RSGTE_INVLTYP 3	/* invalid TLV type record (unexcpected at this point) */
 #define RSGTE_OOM 4	/* ran out of memory */
 #define RSGTE_LEN 5	/* error related to length records */
-// 6 may be reused!
+#define RSGTE_TS_EXTEND 6/* error extending timestamp */
 #define RSGTE_INVLD_RECCNT 7/* mismatch between actual records and records
                                given in block-sig record */
 #define RSGTE_INVLHDR 8/* invalid file header */
@@ -189,6 +189,8 @@ RSGTE2String(int err)
 		return "out of memory";
 	case RSGTE_LEN:
 		return "length record problem";
+	case RSGTE_TS_EXTEND:
+		return "error extending timestamp";
 	case RSGTE_INVLD_RECCNT:
 		return "mismatch between actual record count and number in block signature record";
 	case RSGTE_INVLHDR:
@@ -352,8 +354,8 @@ int rsgt_getBlockParams(FILE *fp, uint8_t bRewind, block_sig_t **bs, uint8_t *bH
 int rsgt_chkFileHdr(FILE *fp, char *expect);
 gtfile rsgt_vrfyConstruct_gf(void);
 void rsgt_vrfyBlkInit(gtfile gf, block_sig_t *bs, uint8_t bHasRecHashes, uint8_t bHasIntermedHashes);
-int rsgt_vrfy_nextRec(block_sig_t *bs, gtfile gf, FILE *sigfp, unsigned char *rec, size_t lenRec, gterrctx_t *ectx);
-int verifyBLOCK_SIG(block_sig_t *bs, gtfile gf, FILE *sigfp, gterrctx_t *ectx);
+int rsgt_vrfy_nextRec(block_sig_t *bs, gtfile gf, FILE *sigfp, FILE *nsigfp, unsigned char *rec, size_t len, gterrctx_t *ectx);
+int verifyBLOCK_SIG(block_sig_t *bs, gtfile gf, FILE *sigfp, FILE *nsigfp, uint8_t bExtend, gterrctx_t *ectx);
 void rsgt_errctxInit(gterrctx_t *ectx);
 void rsgt_errctxExit(gterrctx_t *ectx);
 void rsgt_errctxSetErrRec(gterrctx_t *ectx, char *rec);
diff --git a/runtime/librsgt_read.c b/runtime/librsgt_read.c
index 66c4c805..5469db4b 100644
--- a/runtime/librsgt_read.c
+++ b/runtime/librsgt_read.c
@@ -1,6 +1,8 @@
 /* librsgt_read.c - rsyslog's guardtime support library
  * This includes functions used for reading signature (and 
- * other related) files.
+ * other related) files. Well, actually it also contains
+ * some writing functionality, but only as far as rsyslog
+ * itself is not concerned, but "just" the utility programs.
  *
  * This part of the library uses C stdio and expects that the
  * caller will open and close the file to be read itself.
@@ -49,6 +51,7 @@ typedef unsigned char uchar;
 
 static int rsgt_read_debug = 0;
 char *rsgt_read_puburl = "http://verify.guardtime.com/gt-controlpublications.bin";
+char *rsgt_extend_puburl = "http://verifier.guardtime.net/gt-extendingservice";
 uint8_t rsgt_read_showVerified = 0;
 
 /* macro to obtain next char from file including error tracking */
@@ -184,6 +187,23 @@ reportVerifySuccess(gterrctx_t *ectx, GTVerificationInfo *vrfyInf)
 	}
 }
 
+/**
+ * Write the provided record to the current file position.
+ *
+ * @param[in] fp file pointer for writing
+ * @param[out] rec tlvrecord to write
+ *
+ * @returns 0 if ok, something else otherwise
+ */
+static int
+rsgt_tlvwrite(FILE *fp, tlvrecord_t *rec)
+{
+	int r = RSGTE_IO;
+	if(fwrite(rec->hdr, (size_t) rec->lenHdr, 1, fp) != 1) goto done;
+	if(fwrite(rec->data, (size_t) rec->tlvlen, 1, fp) != 1) goto done;
+	r = 0;
+done:	return r;
+}
 
 /**
  * Read a header from a binary file.
@@ -442,7 +462,7 @@ done:
 }
 
 static int
-rsgt_tlvrdRecHash(FILE *fp, imprint_t **imp)
+rsgt_tlvrdRecHash(FILE *fp, FILE *outfp, imprint_t **imp)
 {
 	int r;
 	tlvrecord_t rec;
@@ -453,12 +473,14 @@ rsgt_tlvrdRecHash(FILE *fp, imprint_t **imp)
 		rsgt_objfree(rec.tlvtype, *imp);
 		goto done;
 	}
+	if(outfp != NULL)
+		if((r = rsgt_tlvwrite(outfp, &rec)) != 0) goto done;
 	r = 0;
 done:	return r;
 }
 
 static int
-rsgt_tlvrdTreeHash(FILE *fp, imprint_t **imp)
+rsgt_tlvrdTreeHash(FILE *fp, FILE *outfp, imprint_t **imp)
 {
 	int r;
 	tlvrecord_t rec;
@@ -469,28 +491,29 @@ rsgt_tlvrdTreeHash(FILE *fp, imprint_t **imp)
 		rsgt_objfree(rec.tlvtype, *imp);
 		goto done;
 	}
+	if(outfp != NULL)
+		if((r = rsgt_tlvwrite(outfp, &rec)) != 0) goto done;
 	r = 0;
 done:	return r;
 }
 
 /* read BLOCK_SIG during verification phase */
 static int
-rsgt_tlvrdVrfyBlockSig(FILE *fp, block_sig_t **bs)
+rsgt_tlvrdVrfyBlockSig(FILE *fp, block_sig_t **bs, tlvrecord_t *rec)
 {
 	int r;
-	tlvrecord_t rec;
 
-	if((r = rsgt_tlvrd(fp, &rec, bs)) != 0) goto done;
-	if(rec.tlvtype != 0x0902) {
+	if((r = rsgt_tlvrd(fp, rec, bs)) != 0) goto done;
+	if(rec->tlvtype != 0x0902) {
 		r = RSGTE_MISS_BLOCKSIG;
-		rsgt_objfree(rec.tlvtype, *bs);
+		rsgt_objfree(rec->tlvtype, *bs);
 		goto done;
 	}
 	r = 0;
 done:	return r;
 }
 
-/**;
+/**
  * Read the next "object" from file. This usually is
  * a single TLV, but may be something larger, for
  * example in case of a block-sig TLV record.
@@ -517,6 +540,7 @@ rsgt_tlvrd(FILE *fp, tlvrecord_t *rec, void *obj)
 done:	return r;
 }
 
+
 /* return if a blob is all zero */
 static inline int
 blobIsZero(uint8_t *blob, uint16_t len)
@@ -760,12 +784,13 @@ rsgt_vrfyBlkInit(gtfile gf, block_sig_t *bs, uint8_t bHasRecHashes, uint8_t bHas
 }
 
 static int
-rsgt_vrfy_chkRecHash(gtfile gf, FILE *sigfp, GTDataHash *recHash, gterrctx_t *ectx)
+rsgt_vrfy_chkRecHash(gtfile gf, FILE *sigfp, FILE *nsigfp, 
+		     GTDataHash *recHash, gterrctx_t *ectx)
 {
 	int r = 0;
 	imprint_t *imp = NULL;
 
-	if((r = rsgt_tlvrdRecHash(sigfp, &imp)) != 0)
+	if((r = rsgt_tlvrdRecHash(sigfp, nsigfp, &imp)) != 0)
 		reportError(r, ectx);
 		goto done;
 	if(imp->hashID != hashIdentifier(gf->hashAlg)) {
@@ -790,12 +815,13 @@ done:
 }
 
 static int
-rsgt_vrfy_chkTreeHash(gtfile gf, FILE *sigfp, GTDataHash *hash, gterrctx_t *ectx)
+rsgt_vrfy_chkTreeHash(gtfile gf, FILE *sigfp, FILE *nsigfp,
+                      GTDataHash *hash, gterrctx_t *ectx)
 {
 	int r = 0;
 	imprint_t *imp = NULL;
 
-	if((r = rsgt_tlvrdTreeHash(sigfp, &imp)) != 0) {
+	if((r = rsgt_tlvrdTreeHash(sigfp, nsigfp, &imp)) != 0) {
 		reportError(r, ectx);
 		goto done;
 	}
@@ -821,8 +847,8 @@ done:
 }
 
 int
-rsgt_vrfy_nextRec(block_sig_t *bs, gtfile gf, FILE *sigfp, unsigned char *rec,
-	size_t len, gterrctx_t *ectx)
+rsgt_vrfy_nextRec(block_sig_t *bs, gtfile gf, FILE *sigfp, FILE *nsigfp,
+	          unsigned char *rec, size_t len, gterrctx_t *ectx)
 {
 	int r = 0;
 	GTDataHash *x; /* current hash */
@@ -832,7 +858,7 @@ rsgt_vrfy_nextRec(block_sig_t *bs, gtfile gf, FILE *sigfp, unsigned char *rec,
 	hash_m(gf, &m);
 	hash_r(gf, &recHash, rec, len);
 	if(gf->bKeepRecordHashes) {
-		r = rsgt_vrfy_chkRecHash(gf, sigfp, recHash, ectx);
+		r = rsgt_vrfy_chkRecHash(gf, sigfp, nsigfp, recHash, ectx);
 		if(r != 0) goto done;
 	}
 	hash_node(gf, &x, m, recHash, 1); /* hash leaf */
@@ -840,7 +866,7 @@ rsgt_vrfy_nextRec(block_sig_t *bs, gtfile gf, FILE *sigfp, unsigned char *rec,
 		ectx->treeLevel = 0;
 		ectx->lefthash = m;
 		ectx->righthash = recHash;
-		r = rsgt_vrfy_chkTreeHash(gf, sigfp, x, ectx);
+		r = rsgt_vrfy_chkTreeHash(gf, sigfp, nsigfp, x, ectx);
 		if(r != 0) goto done;
 	}
 	/* add x to the forest as new leaf, update roots list */
@@ -859,7 +885,7 @@ rsgt_vrfy_nextRec(block_sig_t *bs, gtfile gf, FILE *sigfp, unsigned char *rec,
 			gf->roots_valid[j] = 0;
 			if(gf->bKeepTreeHashes) {
 				ectx->lefthash = gf->roots_hash[j];
-				r = rsgt_vrfy_chkTreeHash(gf, sigfp, t, ectx);
+				r = rsgt_vrfy_chkTreeHash(gf, sigfp, nsigfp, t, ectx);
 				if(r != 0) goto done; /* mem leak ok, we terminate! */
 			}
 			GTDataHash_free(gf->roots_hash[j]);
@@ -921,11 +947,49 @@ done:
 	return r;
 }
 
+static inline int
+rsgt_extendSig(GTTimestamp *timestamp, tlvrecord_t *rec)
+{
+	GTTimestamp *out_timestamp;
+	uint8_t *der;
+	size_t lenDer;
+	int r, rgt;
+
+printf("calling extend... ");fflush(stdout);
+	rgt = GTHTTP_extendTimestamp(timestamp, rsgt_extend_puburl, &out_timestamp);
+printf("done: %d\n", rgt);
+	if(rgt != GT_OK) {
+		r = RSGTE_TS_EXTEND;
+		// TODO: use ectx and report via the usual method!
+		fprintf(stderr, "GTHTTP_extendTimestamp() failed: %d (%s)\n",
+				rgt, GTHTTP_getErrorString(rgt));
+		goto done;
+	}
+	r = GTTimestamp_getDEREncoded(out_timestamp, &der, &lenDer);
+	if(r != GT_OK) {
+		// TODO: use rsyslog error reporting!
+		fprintf(stderr, "GTTimestamp_getDEREncoded() failed: %d (%s)\n",
+				r, GT_getErrorString(r));
+		goto done;
+	}
+	/* update block_sig tlv record with new extended timestamp */
+	rec->hdr[2] = (lenDer >> 8) & 0xff;
+	rec->hdr[3] = lenDer & 0xff;
+	rec->tlvlen = (uint16_t) lenDer;
+	free(rec->data);
+	memcpy(rec->data, der, lenDer);
+	r = 0;
+done:
+	return r;
+}
+
+
 /* verify the root hash. This also means we need to compute the
  * Merkle tree root for the current block.
  */
 int
-verifyBLOCK_SIG(block_sig_t *bs, gtfile gf, FILE *sigfp, gterrctx_t *ectx)
+verifyBLOCK_SIG(block_sig_t *bs, gtfile gf, FILE *sigfp, FILE *nsigfp,
+                uint8_t bExtend, gterrctx_t *ectx)
 {
 	int r;
 	int gtstate;
@@ -933,10 +997,11 @@ verifyBLOCK_SIG(block_sig_t *bs, gtfile gf, FILE *sigfp, gterrctx_t *ectx)
 	GTTimestamp *timestamp = NULL;
 	GTVerificationInfo *vrfyInf;
 	GTDataHash *root = NULL;
+	tlvrecord_t rec;
 	
 	if((r = verifySigblkFinish(gf, &root)) != 0)
 		goto done;
-	if((r = rsgt_tlvrdVrfyBlockSig(sigfp, &file_bs)) != 0)
+	if((r = rsgt_tlvrdVrfyBlockSig(sigfp, &file_bs, &rec)) != 0)
 		goto done;
 	if(ectx->recNum != bs->recCount) {
 		r = RSGTE_INVLD_RECCNT;
@@ -960,9 +1025,14 @@ verifyBLOCK_SIG(block_sig_t *bs, gtfile gf, FILE *sigfp, gterrctx_t *ectx)
 		goto done;
 	}
 
-	r = 0;
 	if(rsgt_read_showVerified)
 		reportVerifySuccess(ectx, vrfyInf);
+	if(bExtend)
+		if((r = rsgt_extendSig(timestamp, &rec)) != 0) goto done;
+		
+	if(nsigfp != NULL)
+		if((r = rsgt_tlvwrite(nsigfp, &rec)) != 0) goto done;
+	r = 0;
 done:
 	if(file_bs != NULL)
 		rsgt_objfree(0x0902, file_bs);
diff --git a/tools/rsgtutil.c b/tools/rsgtutil.c
index f65c46fd..1f475527 100644
--- a/tools/rsgtutil.c
+++ b/tools/rsgtutil.c
@@ -148,13 +148,14 @@ err:	fprintf(stderr, "error %d processing file %s\n", r, name);
 }
 
 static inline int
-doVerifyRec(FILE *logfp, FILE *sigfp, block_sig_t *bs, gtfile gf, gterrctx_t *ectx, uint8_t bInBlock)
+doVerifyRec(FILE *logfp, FILE *sigfp, FILE *nsigfp,
+	    block_sig_t *bs, gtfile gf, gterrctx_t *ectx, uint8_t bInBlock)
 {
 	int r;
 	size_t lenRec;
-	char rec[128*1024];
+	char line[128*1024];
 
-	if(fgets(rec, sizeof(rec), logfp) == NULL) {
+	if(fgets(line, sizeof(line), logfp) == NULL) {
 		if(feof(logfp)) {
 			r = RSGTE_EOF;
 		} else {
@@ -163,20 +164,20 @@ doVerifyRec(FILE *logfp, FILE *sigfp, block_sig_t *bs, gtfile gf, gterrctx_t *ec
 		}
 		goto done;
 	}
-	lenRec = strlen(rec);
-	if(rec[lenRec-1] == '\n') {
-		rec[lenRec-1] = '\0';
+	lenRec = strlen(line);
+	if(line[lenRec-1] == '\n') {
+		line[lenRec-1] = '\0';
 		--lenRec;
-		rsgt_errctxSetErrRec(ectx, rec);
+		rsgt_errctxSetErrRec(ectx, line);
 	}
 
-	/* we need to preserve the first record of each block for
+	/* we need to preserve the first line (record) of each block for
 	 * error-reporting purposes (bInBlock==0 meanst start of block)
 	 */
 	if(bInBlock == 0)
-		rsgt_errctxFrstRecInBlk(ectx, rec);
+		rsgt_errctxFrstRecInBlk(ectx, line);
 
-	r = rsgt_vrfy_nextRec(bs, gf, sigfp, (unsigned char*)rec, lenRec, ectx);
+	r = rsgt_vrfy_nextRec(bs, gf, sigfp, nsigfp, (unsigned char*)line, lenRec, ectx);
 done:
 	return r;
 }
@@ -231,7 +232,13 @@ verify(char *name)
 	ectx.filename = strdup(sigfname);
 
 	if((r = rsgt_chkFileHdr(sigfp, "LOGSIG10")) != 0) goto err;
-
+	if(mode == MD_EXTEND) {
+		if(fwrite("LOGSIG10", 8, 1, nsigfp) != 1) {
+			perror(nsigfname);
+			r = RSGTE_IO;
+			goto err;
+		}
+	}
 	gf = rsgt_vrfyConstruct_gf();
 	if(gf == NULL) {
 		fprintf(stderr, "error initializing signature file structure\n");
@@ -254,10 +261,11 @@ verify(char *name)
 			++ectx.blkNum;
 		}
 		++ectx.recNum, ++ectx.recNumInFile;
-		if((r = doVerifyRec(logfp, sigfp, bs, gf, &ectx, bInBlock)) != 0)
+		if((r = doVerifyRec(logfp, sigfp, nsigfp, bs, gf, &ectx, bInBlock)) != 0)
 			goto err;
 		if(ectx.recNum == bs->recCount) {
-			verifyBLOCK_SIG(bs, gf, sigfp, &ectx);
+			verifyBLOCK_SIG(bs, gf, sigfp, nsigfp, 
+					(mode == MD_EXTEND) ? 1 : 0, &ectx);
 			bInBlock = 0;
 		} else	bInBlock = 1;
 	}
-- 
cgit v1.2.3


From c896a6ba7498e15ddfe869823a64434a4180d57b Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Mon, 25 Mar 2013 15:56:33 +0100
Subject: rsgtsig: finish implementation of 'extend' mode

This is tested as far as possible. However, the actual extend
case can only be tested in about three weeks from now when the
next publication is out. I have done module-testing with a
mockup extend call, so chances are great the final test will
be passed.
---
 runtime/librsgt.c      |  4 +++
 runtime/librsgt.h      |  6 ++++
 runtime/librsgt_read.c | 75 ++++++++++++++++++++++++++++++++++++++++----------
 tools/rsgtutil.c       | 75 +++++++++++++++++++++++++++++++++++++++++---------
 4 files changed, 132 insertions(+), 28 deletions(-)

diff --git a/runtime/librsgt.c b/runtime/librsgt.c
index 40b46d9c..adcc2a8a 100644
--- a/runtime/librsgt.c
+++ b/runtime/librsgt.c
@@ -277,6 +277,10 @@ tlvWriteBlockSig(gtfile gf, uchar *der, uint16_t lenDer)
 	tlvbufAddOctetString(gf, der, lenDer);
 }
 
+/* support for old platforms - graceful degrade */
+#ifndef O_CLOEXEC
+#define O_CLOEXEC 0
+#endif
 /* read rsyslog log state file; if we cannot access it or the
  * contents looks invalid, we flag it as non-present (and thus
  * begin a new hash chain).
diff --git a/runtime/librsgt.h b/runtime/librsgt.h
index d1c2b521..d308d4c3 100644
--- a/runtime/librsgt.h
+++ b/runtime/librsgt.h
@@ -147,6 +147,9 @@ struct rsgtstatefile {
 	/* after that, the hash value is contained within the file */
 };
 
+/* Flags and record types for TLV handling */
+#define RSGT_FLAG_TLV16 0x20
+
 /* error states */
 #define RSGTE_IO 1 	/* any kind of io error */
 #define RSGTE_FMT 2	/* data fromat error */
@@ -167,6 +170,7 @@ struct rsgtstatefile {
 #define RSGTE_MISS_BLOCKSIG 16 /* block signature record missing when expected */
 #define RSGTE_INVLD_TIMESTAMP 17 /* RFC3161 timestamp is invalid */
 #define RSGTE_TS_DERDECODE 18 /* error DER-Decoding a timestamp */
+#define RSGTE_TS_DERENCODE 19 /* error DER-Encoding a timestamp */
 
 /* the following function maps RSGTE_* state to a string - must be updated
  * whenever a new state is added.
@@ -215,6 +219,8 @@ RSGTE2String(int err)
 		return "RFC3161 timestamp invalid";
 	case RSGTE_TS_DERDECODE:
 		return "error DER-decoding RFC3161 timestamp";
+	case RSGTE_TS_DERENCODE:
+		return "error DER-encoding RFC3161 timestamp";
 	default:
 		return "unknown error";
 	}
diff --git a/runtime/librsgt_read.c b/runtime/librsgt_read.c
index 5469db4b..29a07e54 100644
--- a/runtime/librsgt_read.c
+++ b/runtime/librsgt_read.c
@@ -100,6 +100,8 @@ rsgt_errctxInit(gterrctx_t *ectx)
 	ectx->verbose = 0;
 	ectx->errRec = NULL;
 	ectx->frstRecInBlk = NULL;
+	ectx->fileHash = NULL;
+	ectx->lefthash = ectx->righthash = ectx->computedHash = NULL;
 }
 void
 rsgt_errctxExit(gterrctx_t *ectx)
@@ -163,6 +165,16 @@ reportError(int errcode, gterrctx_t *ectx)
 			fprintf(ectx->fp, "\tGT Verify Timestamp: [%u]%s\n",
 				ectx->gtstate, GTHTTP_getErrorString(ectx->gtstate));
 		}
+		if(errcode == RSGTE_TS_EXTEND ||
+		   errcode == RSGTE_TS_DERDECODE) {
+			fprintf(ectx->fp, "\tExtending Server...: %s\n", rsgt_extend_puburl);
+			fprintf(ectx->fp, "\tGT Extend Timestamp: [%u]%s\n",
+				ectx->gtstate, GTHTTP_getErrorString(ectx->gtstate));
+		}
+		if(errcode == RSGTE_TS_DERENCODE) {
+			fprintf(ectx->fp, "\tAPI return state...: [%u]%s\n",
+				ectx->gtstate, GTHTTP_getErrorString(ectx->gtstate));
+		}
 	}
 }
 
@@ -947,37 +959,70 @@ done:
 	return r;
 }
 
+
+/* helper for rsgt_extendSig: */
+#define COPY_SUBREC_TO_NEWREC \
+	memcpy(newrec.data+iWr, subrec.hdr, subrec.lenHdr); \
+	iWr += subrec.lenHdr; \
+	memcpy(newrec.data+iWr, subrec.data, subrec.tlvlen); \
+	iWr += subrec.tlvlen;
 static inline int
-rsgt_extendSig(GTTimestamp *timestamp, tlvrecord_t *rec)
+rsgt_extendSig(GTTimestamp *timestamp, tlvrecord_t *rec, gterrctx_t *ectx)
 {
 	GTTimestamp *out_timestamp;
 	uint8_t *der;
 	size_t lenDer;
 	int r, rgt;
+	tlvrecord_t newrec, subrec;
+	uint16_t iRd, iWr;
 
-printf("calling extend... ");fflush(stdout);
 	rgt = GTHTTP_extendTimestamp(timestamp, rsgt_extend_puburl, &out_timestamp);
-printf("done: %d\n", rgt);
 	if(rgt != GT_OK) {
+		ectx->gtstate = rgt;
 		r = RSGTE_TS_EXTEND;
-		// TODO: use ectx and report via the usual method!
-		fprintf(stderr, "GTHTTP_extendTimestamp() failed: %d (%s)\n",
-				rgt, GTHTTP_getErrorString(rgt));
 		goto done;
 	}
 	r = GTTimestamp_getDEREncoded(out_timestamp, &der, &lenDer);
 	if(r != GT_OK) {
-		// TODO: use rsyslog error reporting!
-		fprintf(stderr, "GTTimestamp_getDEREncoded() failed: %d (%s)\n",
-				r, GT_getErrorString(r));
+		r = RSGTE_TS_DERENCODE;
+		ectx->gtstate = rgt;
 		goto done;
 	}
 	/* update block_sig tlv record with new extended timestamp */
-	rec->hdr[2] = (lenDer >> 8) & 0xff;
-	rec->hdr[3] = lenDer & 0xff;
-	rec->tlvlen = (uint16_t) lenDer;
-	free(rec->data);
-	memcpy(rec->data, der, lenDer);
+	/* we now need to copy all tlv records before the actual der
+	 * encoded part.
+	 */
+	iRd = iWr = 0;
+	// TODO; check tlvtypes at comment places below!
+	if ((r = rsgt_tlvDecodeSUBREC(rec, &iRd, &subrec)) != 0) goto done;
+	/* HASH_ALGO */
+	COPY_SUBREC_TO_NEWREC
+	if ((r = rsgt_tlvDecodeSUBREC(rec, &iRd, &subrec)) != 0) goto done;
+	/* BLOCK_IV */
+	COPY_SUBREC_TO_NEWREC
+	if ((r = rsgt_tlvDecodeSUBREC(rec, &iRd, &subrec)) != 0) goto done;
+	/* LAST_HASH */
+	COPY_SUBREC_TO_NEWREC
+	if ((r = rsgt_tlvDecodeSUBREC(rec, &iRd, &subrec)) != 0) goto done;
+	/* REC_COUNT */
+	COPY_SUBREC_TO_NEWREC
+	if ((r = rsgt_tlvDecodeSUBREC(rec, &iRd, &subrec)) != 0) goto done;
+	/* actual sig! */
+	newrec.data[iWr++] = 0x09 | RSGT_FLAG_TLV16;
+	newrec.data[iWr++] = 0x06;
+	newrec.data[iWr++] = (lenDer >> 8) & 0xff;
+	newrec.data[iWr++] = lenDer & 0xff;
+	/* now we know how large the new main record is */
+	newrec.tlvlen = (uint16_t) iWr+lenDer;
+	newrec.tlvtype = rec->tlvtype;
+	newrec.hdr[0] = rec->hdr[0];
+	newrec.hdr[1] = rec->hdr[1];
+	newrec.hdr[2] = (newrec.tlvlen >> 8) & 0xff;
+	newrec.hdr[3] = newrec.tlvlen & 0xff;
+	newrec.lenHdr = 4;
+	memcpy(newrec.data+iWr, der, lenDer);
+	/* and finally copy back new record to existing one */
+	memcpy(rec, &newrec, sizeof(newrec)-sizeof(newrec.data)+newrec.tlvlen+4);
 	r = 0;
 done:
 	return r;
@@ -1028,7 +1073,7 @@ verifyBLOCK_SIG(block_sig_t *bs, gtfile gf, FILE *sigfp, FILE *nsigfp,
 	if(rsgt_read_showVerified)
 		reportVerifySuccess(ectx, vrfyInf);
 	if(bExtend)
-		if((r = rsgt_extendSig(timestamp, &rec)) != 0) goto done;
+		if((r = rsgt_extendSig(timestamp, &rec, ectx)) != 0) goto done;
 		
 	if(nsigfp != NULL)
 		if((r = rsgt_tlvwrite(nsigfp, &rec)) != 0) goto done;
diff --git a/tools/rsgtutil.c b/tools/rsgtutil.c
index 1f475527..45106c00 100644
--- a/tools/rsgtutil.c
+++ b/tools/rsgtutil.c
@@ -26,6 +26,7 @@
 #include <stdio.h>
 #include <errno.h>
 #include <string.h>
+#include <unistd.h>
 #include <gt_base.h>
 #include <gt_http.h>
 #include <getopt.h>
@@ -197,6 +198,7 @@ verify(char *name)
 	uint8_t bInBlock;
 	int r = 0;
 	char sigfname[4096];
+	char oldsigfname[4096];
 	char nsigfname[4096];
 	gterrctx_t ectx;
 	
@@ -222,6 +224,9 @@ verify(char *name)
 				perror(nsigfname);
 				goto err;
 			}
+			snprintf(oldsigfname, sizeof(oldsigfname),
+			         "%s.gtsig.old", name);
+			oldsigfname[sizeof(oldsigfname)-1] = '\0';
 		}
 	}
 
@@ -231,18 +236,18 @@ verify(char *name)
 	ectx.fp = stderr;
 	ectx.filename = strdup(sigfname);
 
-	if((r = rsgt_chkFileHdr(sigfp, "LOGSIG10")) != 0) goto err;
+	if((r = rsgt_chkFileHdr(sigfp, "LOGSIG10")) != 0) goto done;
 	if(mode == MD_EXTEND) {
 		if(fwrite("LOGSIG10", 8, 1, nsigfp) != 1) {
 			perror(nsigfname);
 			r = RSGTE_IO;
-			goto err;
+			goto done;
 		}
 	}
 	gf = rsgt_vrfyConstruct_gf();
 	if(gf == NULL) {
 		fprintf(stderr, "error initializing signature file structure\n");
-		goto err;
+		goto done;
 	}
 
 	bInBlock = 0;
@@ -255,36 +260,80 @@ verify(char *name)
 				rsgt_objfree(0x0902, bs);
 			if((r = rsgt_getBlockParams(sigfp, 1, &bs, &bHasRecHashes,
 							&bHasIntermedHashes)) != 0)
-				goto err;
+				goto done;
 			rsgt_vrfyBlkInit(gf, bs, bHasRecHashes, bHasIntermedHashes);
 			ectx.recNum = 0;
 			++ectx.blkNum;
 		}
 		++ectx.recNum, ++ectx.recNumInFile;
 		if((r = doVerifyRec(logfp, sigfp, nsigfp, bs, gf, &ectx, bInBlock)) != 0)
-			goto err;
+			goto done;
 		if(ectx.recNum == bs->recCount) {
-			verifyBLOCK_SIG(bs, gf, sigfp, nsigfp, 
-					(mode == MD_EXTEND) ? 1 : 0, &ectx);
+			if((r = verifyBLOCK_SIG(bs, gf, sigfp, nsigfp, 
+			    (mode == MD_EXTEND) ? 1 : 0, &ectx)) != 0)
+				goto done;
 			bInBlock = 0;
 		} else	bInBlock = 1;
 	}
 
-	fclose(logfp);
-	fclose(sigfp);
-	fclose(nsigfp);
+done:
+	if(r != RSGTE_EOF)
+		goto err;
+
+	fclose(logfp); logfp = NULL;
+	fclose(sigfp); sigfp = NULL;
+	fclose(nsigfp); nsigfp = NULL;
+
+	/* everything went fine, so we rename files if we updated them */
+	if(mode == MD_EXTEND) {
+		if(unlink(oldsigfname) != 0) {
+			if(errno != ENOENT) {
+				perror("unlink oldsig");
+				r = RSGTE_IO;
+				goto err;
+			}
+		}
+		if(link(sigfname, oldsigfname) != 0) {
+			perror("link oldsig");
+			r = RSGTE_IO;
+			goto err;
+		}
+		if(unlink(sigfname) != 0) {
+			perror("unlink cursig");
+			r = RSGTE_IO;
+			goto err;
+		}
+		if(link(nsigfname, sigfname) != 0) {
+			perror("link  newsig");
+			fprintf(stderr, "WARNING: current sig file has been "
+			        "renamed to %s - you need to manually recover "
+				"it.\n", oldsigfname);
+			r = RSGTE_IO;
+			goto err;
+		}
+		if(unlink(nsigfname) != 0) {
+			perror("unlink newsig");
+			fprintf(stderr, "WARNING: current sig file has been "
+			        "renamed to %s - you need to manually recover "
+				"it.\n", oldsigfname);
+			r = RSGTE_IO;
+			goto err;
+		}
+	}
 	rsgtExit();
 	rsgt_errctxExit(&ectx);
 	return;
+
 err:
+	fprintf(stderr, "error %d processing file %s\n", r, name);
 	if(logfp != NULL)
 		fclose(logfp);
 	if(sigfp != NULL)
 		fclose(sigfp);
-	if(nsigfp != NULL)
+	if(nsigfp != NULL) {
 		fclose(nsigfp);
-	if(r != RSGTE_EOF)
-		fprintf(stderr, "error %d processing file %s\n", r, name);
+		unlink(nsigfname);
+	}
 	rsgtExit();
 	rsgt_errctxExit(&ectx);
 }
-- 
cgit v1.2.3


From 95e2ffec16c925097e1a478b44e031cd1348164a Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Mon, 25 Mar 2013 16:09:31 +0100
Subject: doc: update rsgtutil man page with new --extend option

---
 tools/rsgtutil.rst | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/tools/rsgtutil.rst b/tools/rsgtutil.rst
index c5782c5a..37958450 100644
--- a/tools/rsgtutil.rst
+++ b/tools/rsgtutil.rst
@@ -7,7 +7,7 @@ Manage (GuardTime) Signed Log Files
 -----------------------------------
 
 :Author: Rainer Gerhards <rgerhards@adiscon.com>
-:Date: 2013-03-22
+:Date: 2013-03-25
 :Manual section: 1
 
 SYNOPSIS
@@ -61,6 +61,11 @@ OPTIONS
   Select verbose mode. Most importantly, hashes and signatures are printed
   in full length (can be **very** lengthy) rather than the usual abbreviation.
 
+-e, --extend
+  Select extend mode. This extends the RFC3161 signatures. Note that this
+  mode also implies a full verification. If there are verify errors, extending
+  will also fail.
+
 -P <URL>, --publications-server <URL>
   Sets the publications server. If not set but required by the operation a
   default server is used. The default server is not necessarily optimal
@@ -104,6 +109,28 @@ By default, only errors are printed. To also print successful verifications, use
 **--show-verified** option.
 
 
+extend
+------
+This extends the RFC3161 signatures. This includes a full verification
+of the file. If there are verification errors, extending will also fail.
+Note that a signature can only be extended when the required hash has been
+published. Currently, these hashes are created at the 15th of each month at
+0:00hrs UTC. It takes another few days to get them finally published. As such,
+it can be assumed that extending is only possible after this happend (which
+means it may take slightly above a month).
+
+To prevent data corruption, a copy of the signature file is created during
+extension. So there must be enough disk space available for both files,
+otherwise the operation will fail. If the log file is named logfile, the
+signature file is logfile.gtsig and the temporary work file is named
+logfile.gtsig.new. When extending finished successfully, the original
+signature file (logfile.gtsig in our example) is renamed with the .old
+postfix (logfile.gtsig.old) and the temporary file written under the
+original name. The .old file can be deleted. It is just kept as a 
+precaution to prevent signature loss. Note that any already existing
+.old or .new files are overwritten by these operations.
+
+
 detect-file-type
 ----------------
 This mode is used to detect the type of some well-know files used inside the 
-- 
cgit v1.2.3


From cadf16e7e941c5aa3e5a905df7ce7bf4988fd59b Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Tue, 26 Mar 2013 11:12:10 +0100
Subject: imudp: support user-selectable inputname

---
 ChangeLog             |  5 +++--
 doc/imudp.html        | 62 +++++++++++++++++++++++++++++++++++++++++----------
 plugins/imudp/imudp.c | 42 +++++++++++++++++++++++++---------
 runtime/Makefile.am   |  3 +--
 4 files changed, 85 insertions(+), 27 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index d75b79c1..6f258fa9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,7 +1,6 @@
 ---------------------------------------------------------------------------
 Version 7.3.9  [devel] 2013-03-??
-- bugfix: imudp scheduling parameters did affect main thread, not imudp
-  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=409
+- imudp: now supports user-selectable inputname
 - omlibdbi: now supports transaction interface
   if recent enough lbdbi is present
 - imuxsock: add ability to NOT create/delete sockets during startup and
@@ -16,6 +15,8 @@ Version 7.3.9  [devel] 2013-03-??
   beginning.
   closes: http://bugzilla.adiscon.com/show_bug.cgi?id=228
 - updated systemd files to match current systemd source
+- bugfix: imudp scheduling parameters did affect main thread, not imudp
+  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=409
 - bugfix: build problem on platforms without GLOB_NOMAGIC
 - bugfix: build problems on non-Linux platforms
 - bugfix: stdout/stderr were not closed on forking
diff --git a/doc/imudp.html b/doc/imudp.html
index a86c9939..6c949536 100644
--- a/doc/imudp.html
+++ b/doc/imudp.html
@@ -18,8 +18,8 @@
 multiple input actions.
 </p>
 
-<p><b>Configuration Directives</b>:</p>
-<p><b>Global Directives</b>:</p>
+<p><b>Configuration Parameters</b>:</p>
+<p><b>Module Parameters</b>:</p>
 <ul>
 <li><b>TimeRequery</b> &lt;nbr-of-times&gt;<br>
 this is a performance
@@ -37,7 +37,7 @@ processing under Linux (and thus reduce chance of packet loss).
 <li><b>SchedulingPriority</b> &lt;number&gt;<br>
 Scheduling priority to use. 
 </ul>
-<p><b>Action Directives</b>:</p>
+<p><b>Input Parameters</b>:</p>
 <ul>
 <li><b>Address</b> &lt;IP&gt;<br>
 local IP address (or name) the UDP listens should bind to</li>
@@ -54,6 +54,27 @@ of seconds (5 recommended) to activate rate-limiting.
 <li><b>RateLimit.Burst</b> [number] - (available since 7.3.1) specifies the rate-limiting
 burst in number of messages. Default is 10,000.
 </li>
+<li><b>InputName</b> [name] - (available since 7.3.9) specifies the value of
+the inputname. In older versions, this was always "imudp" for all listeners,
+which still i the default.
+Starting with 7.3.9 it can be set to different values for each listener.
+Note that when a single input statement defines multipe listner ports, the
+inputname will be the same for all of them. If you want to differentiate in that
+case, use "InputName.AppendPort" to make them unique.
+Note that the "InputName" parameter can be an empty string. In that case, the
+corresponding inputname property will obviously also be the empty string. This
+is primarily meant to be used togehter with "InputName.AppendPort" to set the
+inputname equal to the port.
+</li>
+<li><b>InputName.AppendPort</b> [on/<b>off</b>] - (available since 7.3.9)
+appends the port the the inputname. Note that when no inputname is specified,
+the default of "imudp" is used and the port is appended to that default. So,
+for example, a listner port of 514 in that case will lead to an inputname
+of "imudp514". The ability to append a port is most useful when multiple ports
+are defined for a single input and each of the inputnames shall be unique.
+Note that there currently is no differentiation between IPv4/v6 listners on
+the same port.
+</li>
 </ul>
 <b>Caveats/Known Bugs:</b>
 <ul>
@@ -63,13 +84,33 @@ privilege drop. This may be worked around by using a sufficiently-privileged
 user account.
 </li>
 </ul>
-<p><b>Sample:</b></p>
+<p><b>Samples:</b></p>
 <p>This sets up an UPD server on port 514:<br>
 </p>
-<textarea rows="15" cols="60">module(load="imudp") # needs to be done just once
+<textarea rows="3" cols="60">module(load="imudp") # needs to be done just once
 input(type="imudp" port="514")
 </textarea>
 
+<p>In the next example, we set up three listners at ports 10514, 10515 and 10516
+and assign a listner name of "udp" to it, followed by the port number:
+</p>
+<textarea rows="4" cols="60">module(load="imudp")
+input(type="imudp" port=["10514","10515","10516"]
+      inputname="udp" inputname.appendPort="on")
+</textarea>
+
+<p>The next example is almost equal to the previous one, but
+now the inputname property will just be set to the port number.
+So if a message was received on port 10515, the input name will be
+"10515" in this example whereas it was "udp10515" in the previous one.
+Note that to do that we set the inputname to the empty string.
+</p>
+<textarea rows="4" cols="60">module(load="imudp")
+input(type="imudp" port=["10514","10515","10516"]
+      inputname="" inputname.appendPort="on")
+</textarea>
+
+
 <p><b>Legacy Configuration Directives</b>:</p>
 <p>Multiple receivers may be configured by specifying
 $UDPServerRun multiple times.
@@ -88,23 +129,20 @@ equivalent to: SchedulingPolicy
 <li>$IMUDPSchedulingPriority &lt;number&gt; Available since 4.7.4+, 5.7.3+, 6.1.3+.<br>
 equivalent to: SchedulingPriority 
 </ul>
-<b>Caveats/Known Bugs:</b>
-<ul>
-<li>currently none known</li>
-</ul>
 <p><b>Sample:</b></p>
 <p>This sets up an UPD server on port 514:<br>
 </p>
-<textarea rows="15" cols="60">$ModLoad imudp # needs to be done just once
+<textarea rows="3" cols="60">$ModLoad imudp # needs to be done just once
 $UDPServerRun 514
 </textarea>
+
 <p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>]
 [<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p>
 <p><font size="2">This documentation is part of the
 <a href="http://www.rsyslog.com/">rsyslog</a>
 project.<br>
-Copyright &copy; 2009 by <a href="http://www.gerhards.net/rainer">Rainer
-Gerhards</a> and
+Copyright &copy; 2009-2013 by
+<a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> and
 <a href="http://www.adiscon.com/">Adiscon</a>.
 Released under the GNU GPL version 3 or higher.</font></p>
 </body></html>
diff --git a/plugins/imudp/imudp.c b/plugins/imudp/imudp.c
index 7e11a80e..7bf1473a 100644
--- a/plugins/imudp/imudp.c
+++ b/plugins/imudp/imudp.c
@@ -75,6 +75,7 @@ static struct lstn_s {
 	struct lstn_s *next;
 	int sock;		/* socket */
 	ruleset_t *pRuleset;	/* bound ruleset */
+	prop_t *pInputName;
 	statsobj_t *stats;	/* listener stats */
 	ratelimit_t *ratelimiter;
 	STATSCOUNTER_DEF(ctrSubmit, mutCtrSubmit)
@@ -91,7 +92,6 @@ static uchar *pRcvBuf = NULL;		/* receive buffer (for a single packet). We use a
 					 * it so that we can check available memory in willRun() and request
 					 * termination if we can not get it. -- rgerhards, 2007-12-27
 					 */
-static prop_t *pInputName = NULL;	/* our inputName currently is always "imudp", and this will hold it */
 
 #define TIME_REQUERY_DFLT 2
 #define SCHED_PRIO_UNSET -12345678	/* a value that indicates that the scheduling priority has not been set */
@@ -108,10 +108,12 @@ struct instanceConf_s {
 	uchar *pszBindAddr;		/* IP to bind socket to */
 	uchar *pszBindPort;		/* Port to bind socket to */
 	uchar *pszBindRuleset;		/* name of ruleset to bind to */
+	uchar *inputname;
 	ruleset_t *pBindRuleset;	/* ruleset to bind listener to (use system default if unspecified) */
 	int ratelimitInterval;
 	int ratelimitBurst;
 	struct instanceConf_s *next;
+	sbool bAppendPortToInpname;
 };
 
 struct modConfData_s {
@@ -141,6 +143,8 @@ static struct cnfparamblk modpblk =
 /* input instance parameters */
 static struct cnfparamdescr inppdescr[] = {
 	{ "port", eCmdHdlrArray, CNFPARAM_REQUIRED }, /* legacy: InputTCPServerRun */
+	{ "inputname", eCmdHdlrGetWord, 0 },
+	{ "inputname.appendport", eCmdHdlrBinary, 0 },
 	{ "address", eCmdHdlrString, 0 },
 	{ "ruleset", eCmdHdlrString, 0 },
 	{ "ratelimit.interval", eCmdHdlrInt, 0 },
@@ -169,6 +173,8 @@ createInstance(instanceConf_t **pinst)
 	inst->pszBindPort = NULL;
 	inst->pszBindAddr = NULL;
 	inst->pszBindRuleset = NULL;
+	inst->inputname = NULL;
+	inst->bAppendPortToInpname = 0;
 	inst->ratelimitBurst = 10000; /* arbitrary high limit */
 	inst->ratelimitInterval = 0; /* off */
 
@@ -229,7 +235,8 @@ addListner(instanceConf_t *inst)
 	struct lstn_s *newlcnfinfo;
 	uchar *bindName;
 	uchar *port;
-	uchar dispname[64];
+	uchar dispname[64], inpnameBuf[128];
+	uchar *inputname;
 
 	/* check which address to bind to. We could do this more compact, but have not
 	 * done so in order to make the code more readable. -- rgerhards, 2007-12-27
@@ -257,6 +264,21 @@ addListner(instanceConf_t *inst)
 			snprintf((char*)dispname, sizeof(dispname), "imudp(%s:%s)", bindName, port);
 			dispname[sizeof(dispname)-1] = '\0'; /* just to be on the save side... */
 			CHKiRet(ratelimitNew(&newlcnfinfo->ratelimiter, (char*)dispname, NULL));
+			if(inst->inputname == NULL) {
+				inputname = (uchar*)"imudp";
+			} else {
+				inputname = inst->inputname;
+			}
+			if(inst->bAppendPortToInpname) {
+				snprintf((char*)inpnameBuf, sizeof(inpnameBuf), "%s%s",
+					inputname, port);
+				inpnameBuf[sizeof(inpnameBuf)-1] = '\0';
+				inputname = inpnameBuf;
+			}
+			CHKiRet(prop.Construct(&newlcnfinfo->pInputName));
+			CHKiRet(prop.SetString(newlcnfinfo->pInputName,
+				inputname, ustrlen(inputname)));
+			CHKiRet(prop.ConstructFinalize(newlcnfinfo->pInputName));
 			ratelimitSetLinuxLike(newlcnfinfo->ratelimiter, inst->ratelimitInterval,
 					      inst->ratelimitBurst);
 			/* support statistics gathering */
@@ -390,7 +412,7 @@ processSocket(thrdInfo_t *pThrd, struct lstn_s *lstn, struct sockaddr_storage *f
 			/* we now create our own message object and submit it to the queue */
 			CHKiRet(msgConstructWithTime(&pMsg, &stTime, ttGenTime));
 			MsgSetRawMsg(pMsg, (char*)pRcvBuf, lenRcvBuf);
-			MsgSetInputName(pMsg, pInputName);
+			MsgSetInputName(pMsg, lstn->pInputName);
 			MsgSetRuleset(pMsg, lstn->pRuleset);
 			MsgSetFlowControlType(pMsg, eFLOWCTL_NO_DELAY);
 			pMsg->msgFlags  = NEEDS_PARSING | PARSE_HOSTNAME | NEEDS_DNSRESOL;
@@ -695,6 +717,10 @@ createListner(es_str_t *port, struct cnfparamvals *pvals)
 			continue;
 		if(!strcmp(inppblk.descr[i].name, "port")) {
 			continue;	/* array, handled by caller */
+		} else if(!strcmp(inppblk.descr[i].name, "inputname")) {
+			inst->inputname = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+		} else if(!strcmp(inppblk.descr[i].name, "inputname.appendport")) {
+			inst->bAppendPortToInpname = (int) pvals[i].val.d.n;
 		} else if(!strcmp(inppblk.descr[i].name, "address")) {
 			inst->pszBindAddr = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
 		} else if(!strcmp(inppblk.descr[i].name, "ruleset")) {
@@ -873,6 +899,7 @@ CODESTARTfreeCnf
 		free(inst->pszBindPort);
 		free(inst->pszBindAddr);
 		free(inst->pBindRuleset);
+		free(inst->inputname);
 		del = inst;
 		inst = inst->next;
 		free(del);
@@ -915,6 +942,7 @@ CODESTARTafterRun
 		statsobj.Destruct(&(lstn->stats));
 		ratelimitDestruct(lstn->ratelimiter);
 		close(lstn->sock);
+		prop.Destruct(&lstn->pInputName);
 		lstnDel = lstn;
 		lstn = lstn->next;
 		free(lstnDel);
@@ -929,9 +957,6 @@ ENDafterRun
 
 BEGINmodExit
 CODESTARTmodExit
-	if(pInputName != NULL)
-		prop.Destruct(&pInputName);
-
 	/* release what we no longer need */
 	objRelease(errmsg, CORE_COMPONENT);
 	objRelease(glbl, CORE_COMPONENT);
@@ -986,11 +1011,6 @@ CODEmodInit_QueryRegCFSLineHdlr
 	CHKiRet(objUse(ruleset, CORE_COMPONENT));
 	CHKiRet(objUse(net, LM_NET_FILENAME));
 
-	/* we need to create the inputName property (only once during our lifetime) */
-	CHKiRet(prop.Construct(&pInputName));
-	CHKiRet(prop.SetString(pInputName, UCHAR_CONSTANT("imudp"), sizeof("imudp") - 1));
-	CHKiRet(prop.ConstructFinalize(pInputName));
-
 	/* register config file handlers */
 	CHKiRet(omsdRegCFSLineHdlr((uchar *)"inputudpserverbindruleset", 0, eCmdHdlrGetWord,
 		NULL, &cs.pszBindRuleset, STD_LOADABLE_MODULE_ID));
diff --git a/runtime/Makefile.am b/runtime/Makefile.am
index 8f969512..c05cc773 100644
--- a/runtime/Makefile.am
+++ b/runtime/Makefile.am
@@ -179,9 +179,8 @@ endif
 #
 if ENABLE_GUARDTIME
    librsgt_la_SOURCES = librsgt.c librsgt_read.c librsgt.h
-
    pkglib_LTLIBRARIES += lmsig_gt.la
-   lmsig_gt_la_SOURCES = lmsig_gt.c
+   lmsig_gt_la_SOURCES = lmsig_gt.c lmsig_gt.h
    lmsig_gt_la_CPPFLAGS = $(RSRT_CFLAGS) $(GUARDTIME_CFLAGS)
    lmsig_gt_la_LDFLAGS = -module -avoid-version
    lmsig_gt_la_LIBADD = librsgt.la $(GUARDTIME_LIBS)
-- 
cgit v1.2.3


From 7e0ab0a1fb8cbbf83ef6e8613b2051b7a0f49803 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Tue, 26 Mar 2013 15:33:54 +0100
Subject: logsig: handle error cases

---
 runtime/librsgt.c  | 359 ++++++++++++++++++++++++++++++++++++-----------------
 runtime/librsgt.h  |  23 ++--
 runtime/lmsig_gt.c |  21 +++-
 tools/rsgtutil.c   |   4 +-
 4 files changed, 281 insertions(+), 126 deletions(-)

diff --git a/runtime/librsgt.c b/runtime/librsgt.c
index adcc2a8a..50b94b79 100644
--- a/runtime/librsgt.c
+++ b/runtime/librsgt.c
@@ -60,24 +60,50 @@ typedef unsigned char uchar;
 #endif
 
 
+static void
+reportErr(gtctx ctx, char *errmsg)
+{
+	if(ctx->errFunc == NULL)
+		goto done;
+	ctx->errFunc(ctx->usrptr, (uchar*)errmsg);
+done:	return;
+}
+
+static void
+reportGTAPIErr(gtctx ctx, gtfile gf, char *apiname, int ecode)
+{
+	char errbuf[4096];
+	snprintf(errbuf, sizeof(errbuf), "%s[%s:%d]: %s",
+		 (gf == NULL) ? (uchar*)"" : gf->sigfilename,
+		 apiname, ecode, GT_getErrorString(ecode));
+	errbuf[sizeof(errbuf)-1] = '\0';
+	reportErr(ctx, errbuf);
+}
+
 void
+rsgtsetErrFunc(gtctx ctx, void (*func)(void*, uchar *), void *usrptr)
+{
+	ctx->usrptr = usrptr;
+	ctx->errFunc = func;
+}
+
+int
 rsgtInit(char *usragent)
 {
+	int r = 0;
 	int ret = GT_OK;
 
 	ret = GT_init();
 	if(ret != GT_OK) {
-		fprintf(stderr, "GT_init() failed: %d (%s)\n",
-				ret, GT_getErrorString(ret));
+		r = 1;
 		goto done;
 	}
 	ret = GTHTTP_init(usragent, 1);
 	if(ret != GT_OK) {
-		fprintf(stderr, "GTHTTP_init() failed: %d (%s)\n",
-				ret, GTHTTP_getErrorString(ret));
+		r = 1;
 		goto done;
 	}
-done:	return;
+done:	return r;
 }
 
 void
@@ -103,13 +129,14 @@ rsgtfileConstruct(gtctx ctx)
 done:	return gf;
 }
 
-static inline void
+static inline int
 tlvbufPhysWrite(gtfile gf)
 {
 	ssize_t lenBuf;
 	ssize_t iTotalWritten;
 	ssize_t iWritten;
 	char *pWriteBuf;
+	int r = 0;
 
 	lenBuf = gf->tlvIdx;
 	pWriteBuf = gf->tlvBuf;
@@ -117,17 +144,13 @@ tlvbufPhysWrite(gtfile gf)
 	do {
 		iWritten = write(gf->fd, pWriteBuf, lenBuf);
 		if(iWritten < 0) {
-			//char errStr[1024];
-			int err = errno;
 			iWritten = 0; /* we have written NO bytes! */
-		/*	rs_strerror_r(err, errStr, sizeof(errStr));
-			DBGPRINTF("log file (%d) write error %d: %s\n", pThis->fd, err, errStr);
-			*/
-			if(err == EINTR) {
+			if(errno == EINTR) {
 				/*NO ERROR, just continue */;
 			} else {
-				goto finalize_it; //ABORT_FINALIZE(RS_RET_IO_ERROR);
-				/* FIXME: flag error */
+				reportErr(gf->ctx, "signature file write error");
+				r = RSGTE_IO;
+				goto finalize_it;
 			}
 	 	} 
 		/* advance buffer to next write position */
@@ -138,32 +161,40 @@ tlvbufPhysWrite(gtfile gf)
 
 finalize_it:
 	gf->tlvIdx = 0;
+	return r;
 }
 
-static inline void
+static inline int
 tlvbufChkWrite(gtfile gf)
 {
 	if(gf->tlvIdx == sizeof(gf->tlvBuf)) {
-		tlvbufPhysWrite(gf);
+		return tlvbufPhysWrite(gf);
 	}
+	return 0;
 }
 
 
 /* write to TLV file buffer. If buffer is full, an actual call occurs. Else
  * output is written only on flush or close.
  */
-static inline void
+static inline int
 tlvbufAddOctet(gtfile gf, int8_t octet)
 {
-	tlvbufChkWrite(gf);
+	int r;
+	r = tlvbufChkWrite(gf);
+	if(r != 0) goto done;
 	gf->tlvBuf[gf->tlvIdx++] = octet;
+done:	return r;
 }
-static inline void
+static inline int
 tlvbufAddOctetString(gtfile gf, uint8_t *octet, int size)
 {
-	int i;
-	for(i = 0 ; i < size ; ++i)
-		tlvbufAddOctet(gf, octet[i]);
+	int i, r = 0;
+	for(i = 0 ; i < size ; ++i) {
+		r = tlvbufAddOctet(gf, octet[i]);
+		if(r != 0) goto done;
+	}
+done:	return r;
 }
 /* return the actual length in to-be-written octets of an integer */
 static inline uint8_t
@@ -185,69 +216,96 @@ tlvbufGetInt64OctetSize(uint64_t val)
 		return 2;
 	return 1;
 }
-static inline void
+static inline int
 tlvbufAddInt64(gtfile gf, uint64_t val)
 {
 	uint8_t doWrite = 0;
-	if(val >> 56)
-		tlvbufAddOctet(gf, (val >> 56) & 0xff), doWrite = 1;
-	if(doWrite || ((val >> 48) & 0xff))
-		tlvbufAddOctet(gf, (val >> 48) & 0xff), doWrite = 1;
-	if(doWrite || ((val >> 40) & 0xff))
-		tlvbufAddOctet(gf, (val >> 40) & 0xff), doWrite = 1;
-	if(doWrite || ((val >> 32) & 0xff))
-		tlvbufAddOctet(gf, (val >> 32) & 0xff), doWrite = 1;
-	if(doWrite || ((val >> 24) & 0xff))
-		tlvbufAddOctet(gf, (val >> 24) & 0xff), doWrite = 1;
-	if(doWrite || ((val >> 16) & 0xff))
-		tlvbufAddOctet(gf, (val >> 16) & 0xff), doWrite = 1;
-	if(doWrite || ((val >> 8) & 0xff))
-		tlvbufAddOctet(gf, (val >>  8) & 0xff), doWrite = 1;
-	tlvbufAddOctet(gf, val & 0xff);
+	int r;
+	if(val >> 56) {
+		r = tlvbufAddOctet(gf, (val >> 56) & 0xff), doWrite = 1;
+		if(r != 0) goto done;
+	}
+	if(doWrite || ((val >> 48) & 0xff)) {
+		r = tlvbufAddOctet(gf, (val >> 48) & 0xff), doWrite = 1;
+		if(r != 0) goto done;
+	}
+	if(doWrite || ((val >> 40) & 0xff)) {
+		r = tlvbufAddOctet(gf, (val >> 40) & 0xff), doWrite = 1;
+		if(r != 0) goto done;
+	}
+	if(doWrite || ((val >> 32) & 0xff)) {
+		r = tlvbufAddOctet(gf, (val >> 32) & 0xff), doWrite = 1;
+		if(r != 0) goto done;
+	}
+	if(doWrite || ((val >> 24) & 0xff)) {
+		r = tlvbufAddOctet(gf, (val >> 24) & 0xff), doWrite = 1;
+		if(r != 0) goto done;
+	}
+	if(doWrite || ((val >> 16) & 0xff)) {
+		r = tlvbufAddOctet(gf, (val >> 16) & 0xff), doWrite = 1;
+		if(r != 0) goto done;
+	}
+	if(doWrite || ((val >> 8) & 0xff)) {
+		r = tlvbufAddOctet(gf, (val >>  8) & 0xff), doWrite = 1;
+		if(r != 0) goto done;
+	}
+	r = tlvbufAddOctet(gf, val & 0xff);
+done:	return r;
 }
 
 
-void
+int
 tlv8Write(gtfile gf, int flags, int tlvtype, int len)
 {
-	tlvbufAddOctet(gf, (flags << 5)|tlvtype);
-	tlvbufAddOctet(gf, len & 0xff);
+	int r;
+	r = tlvbufAddOctet(gf, (flags << 5)|tlvtype);
+	if(r != 0) goto done;
+	r = tlvbufAddOctet(gf, len & 0xff);
+done:	return r;
 } 
 
-void
+int
 tlv16Write(gtfile gf, int flags, int tlvtype, uint16_t len)
 {
 	uint16_t typ;
+	int r;
 	typ = ((flags|1) << 13)|tlvtype;
-	tlvbufAddOctet(gf, typ >> 8);
-	tlvbufAddOctet(gf, typ & 0xff);
-	tlvbufAddOctet(gf, (len >> 8) & 0xff);
-	tlvbufAddOctet(gf, len & 0xff);
+	r = tlvbufAddOctet(gf, typ >> 8);
+	if(r != 0) goto done;
+	r = tlvbufAddOctet(gf, typ & 0xff);
+	if(r != 0) goto done;
+	r = tlvbufAddOctet(gf, (len >> 8) & 0xff);
+	if(r != 0) goto done;
+	r = tlvbufAddOctet(gf, len & 0xff);
+done:	return r;
 } 
 
-void
+int
 tlvFlush(gtfile gf)
 {
-	if(gf->tlvIdx != 0)
-		tlvbufPhysWrite(gf);
+	return (gf->tlvIdx == 0) ? 0 : tlvbufPhysWrite(gf);
 }
 
-void
-tlvWriteHash(gtfile gf, uint16_t tlvtype, GTDataHash *r)
+int
+tlvWriteHash(gtfile gf, uint16_t tlvtype, GTDataHash *rec)
 {
 	unsigned tlvlen;
-
-	tlvlen = 1 + r->digest_length;
-	tlv16Write(gf, 0x00, tlvtype, tlvlen);
-	tlvbufAddOctet(gf, hashIdentifier(gf->hashAlg));
-	tlvbufAddOctetString(gf, r->digest, r->digest_length);
+	int r;
+	tlvlen = 1 + rec->digest_length;
+	r = tlv16Write(gf, 0x00, tlvtype, tlvlen);
+	if(r != 0) goto done;
+	r = tlvbufAddOctet(gf, hashIdentifier(gf->hashAlg));
+	if(r != 0) goto done;
+	r = tlvbufAddOctetString(gf, rec->digest, rec->digest_length);
+done:	return r;
 }
 
-void
+int
 tlvWriteBlockSig(gtfile gf, uchar *der, uint16_t lenDer)
 {
 	unsigned tlvlen;
 	uint8_t tlvlenRecords;
+	int r;
 
 	tlvlenRecords = tlvbufGetInt64OctetSize(gf->nRecords);
 	tlvlen  = 2 + 1 /* hash algo TLV */ +
@@ -256,25 +314,37 @@ tlvWriteBlockSig(gtfile gf, uchar *der, uint16_t lenDer)
 		  2 + tlvlenRecords /* rec-count */ +
 		  4 + lenDer /* rfc-3161 */;
 	/* write top-level TLV object (block-sig */
-	tlv16Write(gf, 0x00, 0x0902, tlvlen);
+	r = tlv16Write(gf, 0x00, 0x0902, tlvlen);
+	if(r != 0) goto done;
 	/* and now write the children */
 	//FIXME: flags???
 	/* hash-algo */
-	tlv8Write(gf, 0x00, 0x00, 1);
-	tlvbufAddOctet(gf, hashIdentifier(gf->hashAlg));
+	r = tlv8Write(gf, 0x00, 0x00, 1);
+	if(r != 0) goto done;
+	r = tlvbufAddOctet(gf, hashIdentifier(gf->hashAlg));
+	if(r != 0) goto done;
 	/* block-iv */
-	tlv8Write(gf, 0x00, 0x01, hashOutputLengthOctets(gf->hashAlg));
-	tlvbufAddOctetString(gf, gf->IV, hashOutputLengthOctets(gf->hashAlg));
+	r = tlv8Write(gf, 0x00, 0x01, hashOutputLengthOctets(gf->hashAlg));
+	if(r != 0) goto done;
+	r = tlvbufAddOctetString(gf, gf->IV, hashOutputLengthOctets(gf->hashAlg));
+	if(r != 0) goto done;
 	/* last-hash */
-	tlv8Write(gf, 0x00, 0x02, gf->lenBlkStrtHash+1);
-	tlvbufAddOctet(gf, hashIdentifier(gf->hashAlg));
-	tlvbufAddOctetString(gf, gf->blkStrtHash, gf->lenBlkStrtHash);
+	r = tlv8Write(gf, 0x00, 0x02, gf->lenBlkStrtHash+1);
+	if(r != 0) goto done;
+	r = tlvbufAddOctet(gf, hashIdentifier(gf->hashAlg));
+	if(r != 0) goto done;
+	r = tlvbufAddOctetString(gf, gf->blkStrtHash, gf->lenBlkStrtHash);
+	if(r != 0) goto done;
 	/* rec-count */
-	tlv8Write(gf, 0x00, 0x03, tlvlenRecords);
-	tlvbufAddInt64(gf, gf->nRecords);
+	r = tlv8Write(gf, 0x00, 0x03, tlvlenRecords);
+	if(r != 0) goto done;
+	r = tlvbufAddInt64(gf, gf->nRecords);
+	if(r != 0) goto done;
 	/* rfc-3161 */
-	tlv16Write(gf, 0x00, 0x906, lenDer);
-	tlvbufAddOctetString(gf, der, lenDer);
+	r = tlv16Write(gf, 0x00, 0x906, lenDer);
+	if(r != 0) goto done;
+	r = tlvbufAddOctetString(gf, der, lenDer);
+done:	return r;
 }
 
 /* support for old platforms - graceful degrade */
@@ -339,36 +409,46 @@ done:	return;
 }
 
 
-void tlvClose(gtfile gf)
+int
+tlvClose(gtfile gf)
 {
-	tlvFlush(gf);
+	int r;
+	r = tlvFlush(gf);
 	close(gf->fd);
 	gf->fd = -1;
 	writeStateFile(gf);
+	return r;
 }
 
 
 /* note: if file exists, the last hash for chaining must
  * be read from file.
  */
-void tlvOpen(gtfile gf, char *hdr, unsigned lenHdr)
+int
+tlvOpen(gtfile gf, char *hdr, unsigned lenHdr)
 {
+	int r = 0;
 	gf->fd = open((char*)gf->sigfilename,
 		       O_WRONLY|O_APPEND|O_NOCTTY|O_CLOEXEC, 0600);
 	if(gf->fd == -1) {
 		/* looks like we need to create a new file */
 		gf->fd = open((char*)gf->sigfilename,
 			       O_WRONLY|O_CREAT|O_NOCTTY|O_CLOEXEC, 0600);
-		// FIXME: check fd == -1
+		if(gf->fd == -1) {
+			r = RSGTE_IO;
+			goto done;
+		}
 		memcpy(gf->tlvBuf, hdr, lenHdr);
 		gf->tlvIdx = lenHdr;
 	} else {
 		gf->tlvIdx = 0; /* header already present! */
 	}
 	/* we now need to obtain the last previous hash, so that
-	 * we can continue the hash chain.
+	 * we can continue the hash chain. We do not check for error
+	 * as a state file error can be recovered by graceful degredation.
 	 */
 	readStateFile(gf);
+done:	return r;
 }
 
 /*
@@ -405,6 +485,8 @@ rsgtCtxNew(void)
 	gtctx ctx;
 	ctx = calloc(1, sizeof(struct gtctx_s));
 	ctx->hashAlg = GT_HASHALG_SHA256;
+	ctx->errFunc = NULL;
+	ctx->usrptr = NULL;
 	ctx->timestamper = strdup(
 			   "http://stamper.guardtime.net/gt-signingservice");
 	return ctx;
@@ -426,7 +508,10 @@ rsgtCtxOpenFile(gtctx ctx, unsigned char *logfn)
 	snprintf(fn, sizeof(fn), "%s.gtstate", logfn);
 	fn[MAXFNAME] = '\0'; /* be on save side */
 	gf->statefilename = (uchar*) strdup(fn);
-	tlvOpen(gf, LOGSIGHDR, sizeof(LOGSIGHDR)-1);
+	if(tlvOpen(gf, LOGSIGHDR, sizeof(LOGSIGHDR)-1) != 0) {
+		reportErr(ctx, "signature file open failed");
+		gf = NULL;
+	}
 done:	return gf;
 }
  
@@ -453,36 +538,47 @@ rsgtSetHashFunction(gtctx ctx, char *algName)
 	return r;
 }
 
-void
+int
 rsgtfileDestruct(gtfile gf)
 {
+	int r = 0;
 	if(gf == NULL)
 		goto done;
 
-	if(gf->bInBlk)
-		sigblkFinish(gf);
-	tlvClose(gf);
+	if(!gf->disabled && gf->bInBlk) {
+		r = sigblkFinish(gf);
+		if(r != 0) gf->disabled = 1;
+	}
+	if(!gf->disabled)
+		r = tlvClose(gf);
 	free(gf->sigfilename);
+	free(gf->statefilename);
+	free(gf->IV);
+	free(gf->blkStrtHash);
 	free(gf);
-done:	return;
+done:	return r;
 }
 
 void
 rsgtCtxDel(gtctx ctx)
 {
-	if(ctx != NULL)
+	if(ctx != NULL) {
+		free(ctx->timestamper);
 		free(ctx);
+	}
 }
 
 /* new sigblk is initialized, but maybe in existing ctx */
 void
 sigblkInit(gtfile gf)
 {
+	if(gf == NULL) goto done;
 	seedIV(gf);
 	memset(gf->roots_valid, 0, sizeof(gf->roots_valid)/sizeof(char));
 	gf->nRoots = 0;
 	gf->nRecords = 0;
 	gf->bInBlk = 1;
+done:	return;
 }
 
 
@@ -500,7 +596,7 @@ static inline void
 bufAddHash(gtfile gf, uchar *buf, size_t *len, GTDataHash *hash)
 {
 	if(hash == NULL) {
-	// TODO: how to get the REAL HASH ID? --> add field!
+	/* TODO: how to get the REAL HASH ID? --> add field? */
 		buf[*len] = hashIdentifier(gf->hashAlg);
 		++(*len);
 		memcpy(buf+*len, gf->blkStrtHash, gf->lenBlkStrtHash);
@@ -521,53 +617,73 @@ bufAddLevel(uchar *buf, size_t *len, uint8_t level)
 }
 
 
-void
+int
 hash_m(gtfile gf, GTDataHash **m)
 {
-#warning Overall: check GT API return states!
-	// m = hash(concat(gf->x_prev, IV));
+	int rgt;
 	uchar concatBuf[16*1024];
 	size_t len = 0;
+	int r = 0;
 
 	bufAddHash(gf, concatBuf, &len, gf->x_prev);
 	bufAddIV(gf, concatBuf, &len);
-	GTDataHash_create(gf->hashAlg, concatBuf, len, m);
+	rgt = GTDataHash_create(gf->hashAlg, concatBuf, len, m);
+	if(rgt != GT_OK) {
+		reportGTAPIErr(gf->ctx, gf, "GTDataHash_create", rgt);
+		r = RSGTE_HASH_CREATE;
+		goto done;
+	}
+done:	return r;
 }
 
-void
+int
 hash_r(gtfile gf, GTDataHash **r, const uchar *rec, const size_t len)
 {
-	// r = hash(canonicalize(rec));
-	GTDataHash_create(gf->hashAlg, rec, len, r);
+	int ret = 0, rgt;
+	rgt = GTDataHash_create(gf->hashAlg, rec, len, r);
+	if(rgt != GT_OK) {
+		reportGTAPIErr(gf->ctx, gf, "GTDataHash_create", rgt);
+		ret = RSGTE_HASH_CREATE;
+		goto done;
+	}
+done:	return ret;
 }
 
 
-void
-hash_node(gtfile gf, GTDataHash **node, GTDataHash *m, GTDataHash *r,
+int
+hash_node(gtfile gf, GTDataHash **node, GTDataHash *m, GTDataHash *rec,
           uint8_t level)
 {
-	// x = hash(concat(m, r, 0)); /* hash leaf */
+	int r = 0, rgt;
 	uchar concatBuf[16*1024];
 	size_t len = 0;
 
 	bufAddHash(gf, concatBuf, &len, m);
-	bufAddHash(gf, concatBuf, &len, r);
+	bufAddHash(gf, concatBuf, &len, rec);
 	bufAddLevel(concatBuf, &len, level);
-	GTDataHash_create(gf->hashAlg, concatBuf, len, node);
+	rgt = GTDataHash_create(gf->hashAlg, concatBuf, len, node);
+	if(rgt != GT_OK) {
+		reportGTAPIErr(gf->ctx, gf, "GTDataHash_create", rgt);
+		r = RSGTE_HASH_CREATE;
+		goto done;
+	}
+done:	return r;
 }
 
-void
+int
 sigblkAddRecord(gtfile gf, const uchar *rec, const size_t len)
 {
 	GTDataHash *x; /* current hash */
 	GTDataHash *m, *r, *t;
 	uint8_t j;
+	int ret = 0;
 
-	hash_m(gf, &m);
-	hash_r(gf, &r, rec, len);
+	if(gf == NULL || gf->disabled) goto done;
+	if((ret = hash_m(gf, &m)) != 0) goto done;
+	if((ret = hash_r(gf, &r, rec, len)) != 0) goto done;
 	if(gf->bKeepRecordHashes)
 		tlvWriteHash(gf, 0x0900, r);
-	hash_node(gf, &x, m, r, 1); /* hash leaf */
+	if((ret = hash_node(gf, &x, m, r, 1)) != 0) goto done; /* hash leaf */
 	/* persists x here if Merkle tree needs to be persisted! */
 	if(gf->bKeepTreeHashes)
 		tlvWriteHash(gf, 0x0901, x);
@@ -581,10 +697,10 @@ sigblkAddRecord(gtfile gf, const uchar *rec, const size_t len)
 			break;
 		} else if(t != NULL) {
 			/* hash interim node */
-			hash_node(gf, &t, gf->roots_hash[j], t, j+2);
+			ret = hash_node(gf, &t, gf->roots_hash[j], t, j+2);
+			if(ret != 0) goto done;
 			gf->roots_valid[j] = 0;
 			GTDataHash_free(gf->roots_hash[j]);
-			// TODO: check if this is correct location (paper!)
 			if(gf->bKeepTreeHashes)
 				tlvWriteHash(gf, 0x0901, t);
 		}
@@ -606,34 +722,41 @@ sigblkAddRecord(gtfile gf, const uchar *rec, const size_t len)
 	GTDataHash_free(r);
 
 	if(gf->nRecords == gf->blockSizeLimit) {
-		sigblkFinish(gf);
+		ret = sigblkFinish(gf);
+		if(ret != 0) goto done;
 		sigblkInit(gf);
 	}
+done:	
+	if(ret != 0) {
+		gf->disabled = 1;
+printf("DDDD: disabling ...\n");fflush(stdout);
+	}
+	return ret;
 }
 
-static void
+static int
 timestampIt(gtfile gf, GTDataHash *hash)
 {
 	unsigned char *der;
 	size_t lenDer;
 	int r = GT_OK;
+	int ret = 0;
 	GTTimestamp *timestamp = NULL;
 
 	/* Get the timestamp. */
 	r = GTHTTP_createTimestampHash(hash, gf->ctx->timestamper, &timestamp);
 
 	if(r != GT_OK) {
-		fprintf(stderr, "GTHTTP_createTimestampHash() failed: %d (%s)\n",
-				r, GTHTTP_getErrorString(r));
+		reportGTAPIErr(gf->ctx, gf, "GTHTTP_createTimestampHash", r);
+		ret = 1;
 		goto done;
 	}
 
 	/* Encode timestamp. */
 	r = GTTimestamp_getDEREncoded(timestamp, &der, &lenDer);
 	if(r != GT_OK) {
-		// TODO: use rsyslog error reporting!
-		fprintf(stderr, "GTTimestamp_getDEREncoded() failed: %d (%s)\n",
-				r, GT_getErrorString(r));
+		reportGTAPIErr(gf->ctx, gf, "GTTimestamp_getDEREncoded", r);
+		ret = 1;
 		goto done;
 	}
 
@@ -642,14 +765,16 @@ timestampIt(gtfile gf, GTDataHash *hash)
 done:
 	GT_free(der);
 	GTTimestamp_free(timestamp);
+	return ret;
 }
 
 
-void
+int
 sigblkFinish(gtfile gf)
 {
 	GTDataHash *root, *rootDel;
 	int8_t j;
+	int ret = 0;
 
 	if(gf->nRecords == 0)
 		goto done;
@@ -658,15 +783,22 @@ sigblkFinish(gtfile gf)
 	for(j = 0 ; j < gf->nRoots ; ++j) {
 		if(root == NULL) {
 			root = gf->roots_valid[j] ? gf->roots_hash[j] : NULL;
-			gf->roots_valid[j] = 0; /* guess this is redundant with init, maybe del */
+			gf->roots_valid[j] = 0;
 		} else if(gf->roots_valid[j]) {
 			rootDel = root;
-			hash_node(gf, &root, gf->roots_hash[j], root, j+2);
-			gf->roots_valid[j] = 0; /* guess this is redundant with init, maybe del */
-			GTDataHash_free(rootDel);
+			ret = hash_node(gf, &root, gf->roots_hash[j], rootDel, j+2);
+			gf->roots_valid[j] = 0;
+			GTDataHash_free(gf->roots_hash[j]);
+			/* there is no API to duplicate a hash, so we need
+			 * to make sure we do not delete one that we still need!
+			 */
+			if(rootDel != gf->x_prev)
+				GTDataHash_free(rootDel);
+			if(ret != 0) goto done;
 		}
 	}
-	timestampIt(gf, root);
+	if((ret = timestampIt(gf, root)) != 0) goto done;
+
 
 	free(gf->blkStrtHash);
 	gf->lenBlkStrtHash = gf->x_prev->digest_length;
@@ -674,4 +806,5 @@ sigblkFinish(gtfile gf)
 	memcpy(gf->blkStrtHash, gf->x_prev->digest, gf->lenBlkStrtHash);
 done:
 	gf->bInBlk = 0;
+	return ret;
 }
diff --git a/runtime/librsgt.h b/runtime/librsgt.h
index d308d4c3..7eb63c11 100644
--- a/runtime/librsgt.h
+++ b/runtime/librsgt.h
@@ -39,12 +39,13 @@ struct gtctx_s {
 	uint8_t bKeepTreeHashes;
 	uint64_t blockSizeLimit;
 	char *timestamper;
+	void (*errFunc)(void *, unsigned char*);
+	void *usrptr; /* for error function */
 };
 typedef struct gtctx_s *gtctx;
 
 /* this describes a file, as far as librsgt is concerned */
 struct gtfile_s {
-	gtctx ctx;
 	/* the following data items are mirrored from gtctx to
 	 * increase cache hit ratio (they are frequently accesed).
 	 */
@@ -52,6 +53,7 @@ struct gtfile_s {
 	uint8_t bKeepRecordHashes;
 	uint8_t bKeepTreeHashes;
 	/* end mirrored properties */
+	uint8_t disabled; /* permits to disable this file --> set to 1 */
 	uint64_t blockSizeLimit;
 	uint8_t *IV; /* initial value for blinding masks */
 	GTDataHash *x_prev; /* last leaf hash (maybe of previous block) --> preserve on term */
@@ -71,6 +73,7 @@ struct gtfile_s {
 	/* data members for the associated TLV file */
 	char	tlvBuf[4096];
 	int	tlvIdx; /* current index into tlvBuf */
+	gtctx ctx;
 };
 typedef struct gtfile_s *gtfile;
 typedef struct gterrctx_s gterrctx_t;
@@ -171,6 +174,7 @@ struct rsgtstatefile {
 #define RSGTE_INVLD_TIMESTAMP 17 /* RFC3161 timestamp is invalid */
 #define RSGTE_TS_DERDECODE 18 /* error DER-Decoding a timestamp */
 #define RSGTE_TS_DERENCODE 19 /* error DER-Encoding a timestamp */
+#define RSGTE_HASH_CREATE 20 /* error creating a hash */
 
 /* the following function maps RSGTE_* state to a string - must be updated
  * whenever a new state is added.
@@ -221,6 +225,8 @@ RSGTE2String(int err)
 		return "error DER-decoding RFC3161 timestamp";
 	case RSGTE_TS_DERENCODE:
 		return "error DER-encoding RFC3161 timestamp";
+	case RSGTE_HASH_CREATE:
+		return "error creating hash";
 	default:
 		return "unknown error";
 	}
@@ -342,15 +348,16 @@ rsgtSetKeepTreeHashes(gtctx ctx, int val)
 }
 
 int rsgtSetHashFunction(gtctx ctx, char *algName);
-void rsgtInit(char *usragent);
+int rsgtInit(char *usragent);
 void rsgtExit(void);
 gtctx rsgtCtxNew(void);
+void rsgtsetErrFunc(gtctx ctx, void (*func)(void*, unsigned char *), void *usrptr);
 gtfile rsgtCtxOpenFile(gtctx ctx, unsigned char *logfn);
-void rsgtfileDestruct(gtfile gf);
+int rsgtfileDestruct(gtfile gf);
 void rsgtCtxDel(gtctx ctx);
 void sigblkInit(gtfile gf);
-void sigblkAddRecord(gtfile gf, const unsigned char *rec, const size_t len);
-void sigblkFinish(gtfile gf);
+int sigblkAddRecord(gtfile gf, const unsigned char *rec, const size_t len);
+int sigblkFinish(gtfile gf);
 /* reader functions */
 int rsgt_tlvrdHeader(FILE *fp, unsigned char *hdr);
 int rsgt_tlvrd(FILE *fp, tlvrecord_t *rec, void *obj);
@@ -370,9 +377,9 @@ void rsgt_objfree(uint16_t tlvtype, void *obj);
 
 
 /* TODO: replace these? */
-void hash_m(gtfile gf, GTDataHash **m);
-void hash_r(gtfile gf, GTDataHash **r, const unsigned char *rec, const size_t len);
-void hash_node(gtfile gf, GTDataHash **node, GTDataHash *m, GTDataHash *r, uint8_t level);
+int hash_m(gtfile gf, GTDataHash **m);
+int hash_r(gtfile gf, GTDataHash **r, const unsigned char *rec, const size_t len);
+int hash_node(gtfile gf, GTDataHash **node, GTDataHash *m, GTDataHash *r, uint8_t level);
 extern char *rsgt_read_puburl; /**< url of publication server */
 extern uint8_t rsgt_read_showVerified;
 
diff --git a/runtime/lmsig_gt.c b/runtime/lmsig_gt.c
index d61f3a86..09691292 100644
--- a/runtime/lmsig_gt.c
+++ b/runtime/lmsig_gt.c
@@ -55,11 +55,20 @@ static struct cnfparamblk pblk =
 	  cnfpdescr
 	};
 
+
+static void
+errfunc(__attribute__((unused)) void *usrptr, uchar *emsg)
+{
+	errmsg.LogError(0, RS_RET_SIGPROV_ERR, "Signature Provider"
+		"Error: %s - disabling signatures", emsg);
+}
+
 /* Standard-Constructor
  */
 BEGINobjConstruct(lmsig_gt)
 	dbgprintf("DDDD: lmsig_gt: called construct\n");
 	pThis->ctx = rsgtCtxNew();
+	rsgtsetErrFunc(pThis->ctx, errfunc, NULL);
 ENDobjConstruct(lmsig_gt)
 
 
@@ -67,6 +76,7 @@ ENDobjConstruct(lmsig_gt)
 BEGINobjDestruct(lmsig_gt) /* be sure to specify the object type also in END and CODESTART macros! */
 CODESTARTobjDestruct(lmsig_gt)
 	dbgprintf("DDDD: lmsig_gt: called destruct\n");
+	rsgtCtxDel(pThis->ctx);
 ENDobjDestruct(lmsig_gt)
 
 
@@ -124,10 +134,9 @@ OnFileOpen(void *pT, uchar *fn, void *pGF)
 	gtfile *pgf = (gtfile*) pGF;
 	DEFiRet;
 dbgprintf("DDDD: onFileOpen: %s\n", fn);
-	
+	/* note: if *pgf is set to NULL, this auto-disables GT functions */
 	*pgf = rsgtCtxOpenFile(pThis->ctx, fn);
 	sigblkInit(*pgf);
-
 	RETiRet;
 }
 
@@ -161,7 +170,7 @@ dbgprintf("DDDD: onFileClose\n");
 
 BEGINobjQueryInterface(lmsig_gt)
 CODESTARTobjQueryInterface(lmsig_gt)
-	if(pIf->ifVersion != sigprovCURR_IF_VERSION) {/* check for current version, increment on each change */
+	 if(pIf->ifVersion != sigprovCURR_IF_VERSION) {/* check for current version, increment on each change */
 		ABORT_FINALIZE(RS_RET_INTERFACE_NOT_SUPPORTED);
 	}
 	pIf->Construct = (rsRetVal(*)(void*)) lmsig_gtConstruct;
@@ -189,7 +198,11 @@ BEGINObjClassInit(lmsig_gt, 1, OBJ_IS_LOADABLE_MODULE) /* class, version */
 	CHKiRet(objUse(errmsg, CORE_COMPONENT));
 	CHKiRet(objUse(glbl, CORE_COMPONENT));
 
-	rsgtInit("rsyslogd " VERSION);
+	if(rsgtInit("rsyslogd " VERSION) != 0) {
+		errmsg.LogError(0, RS_RET_SIGPROV_ERR, "error initializing "
+			"signature provider - cannot sign");
+		ABORT_FINALIZE(RS_RET_SIGPROV_ERR);
+	}
 ENDObjClassInit(lmsig_gt)
 
 
diff --git a/tools/rsgtutil.c b/tools/rsgtutil.c
index 45106c00..095b8066 100644
--- a/tools/rsgtutil.c
+++ b/tools/rsgtutil.c
@@ -282,7 +282,9 @@ done:
 
 	fclose(logfp); logfp = NULL;
 	fclose(sigfp); sigfp = NULL;
-	fclose(nsigfp); nsigfp = NULL;
+	if(nsigfp != NULL) {
+		fclose(nsigfp); nsigfp = NULL;
+	}
 
 	/* everything went fine, so we rename files if we updated them */
 	if(mode == MD_EXTEND) {
-- 
cgit v1.2.3


From c855e5ce04cbdae4767114b24238c8a9eb15b0ff Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Tue, 26 Mar 2013 16:44:42 +0100
Subject: logsig: fix memory leak

---
 runtime/librsgt.c | 42 +++++++++++++++++++++++++++++-------------
 1 file changed, 29 insertions(+), 13 deletions(-)

diff --git a/runtime/librsgt.c b/runtime/librsgt.c
index 50b94b79..f99a8357 100644
--- a/runtime/librsgt.c
+++ b/runtime/librsgt.c
@@ -555,6 +555,7 @@ rsgtfileDestruct(gtfile gf)
 	free(gf->statefilename);
 	free(gf->IV);
 	free(gf->blkStrtHash);
+	GTDataHash_free(gf->x_prev);
 	free(gf);
 done:	return r;
 }
@@ -670,11 +671,29 @@ hash_node(gtfile gf, GTDataHash **node, GTDataHash *m, GTDataHash *rec,
 done:	return r;
 }
 
+
+/* TODO: replace this once libgt provides a native function
+ * for this!
+ */
+static inline GTDataHash*
+GTDataHash_dup(GTDataHash *in)
+{
+	GTDataHash *out;
+
+	out = (GTDataHash*) calloc(1, sizeof(GTDataHash));
+	if(out == NULL) goto done;
+	out->algorithm = in->algorithm,
+	out->digest_length = in->digest_length,
+	out->digest = malloc(in->digest_length);
+	memcpy(out->digest, in->digest, in->digest_length);
+done:	return out;
+}
+
 int
 sigblkAddRecord(gtfile gf, const uchar *rec, const size_t len)
 {
 	GTDataHash *x; /* current hash */
-	GTDataHash *m, *r, *t;
+	GTDataHash *m, *r, *t, *t_del;
 	uint8_t j;
 	int ret = 0;
 
@@ -688,7 +707,7 @@ sigblkAddRecord(gtfile gf, const uchar *rec, const size_t len)
 	if(gf->bKeepTreeHashes)
 		tlvWriteHash(gf, 0x0901, x);
 	/* add x to the forest as new leaf, update roots list */
-	t = x;
+	t = GTDataHash_dup(x);
 	for(j = 0 ; j < gf->nRoots ; ++j) {
 		if(gf->roots_valid[j] == 0) {
 			gf->roots_hash[j] = t;
@@ -697,10 +716,12 @@ sigblkAddRecord(gtfile gf, const uchar *rec, const size_t len)
 			break;
 		} else if(t != NULL) {
 			/* hash interim node */
-			ret = hash_node(gf, &t, gf->roots_hash[j], t, j+2);
-			if(ret != 0) goto done;
+			t_del = t;
+			ret = hash_node(gf, &t, gf->roots_hash[j], t_del, j+2);
 			gf->roots_valid[j] = 0;
 			GTDataHash_free(gf->roots_hash[j]);
+			GTDataHash_free(t_del);
+			if(ret != 0) goto done;
 			if(gf->bKeepTreeHashes)
 				tlvWriteHash(gf, 0x0901, t);
 		}
@@ -713,6 +734,7 @@ sigblkAddRecord(gtfile gf, const uchar *rec, const size_t len)
 		assert(gf->nRoots < MAX_ROOTS);
 		t = NULL;
 	}
+	GTDataHash_free(gf->x_prev);
 	gf->x_prev = x; /* single var may be sufficient */
 	++gf->nRecords;
 
@@ -729,7 +751,6 @@ sigblkAddRecord(gtfile gf, const uchar *rec, const size_t len)
 done:	
 	if(ret != 0) {
 		gf->disabled = 1;
-printf("DDDD: disabling ...\n");fflush(stdout);
 	}
 	return ret;
 }
@@ -789,17 +810,12 @@ sigblkFinish(gtfile gf)
 			ret = hash_node(gf, &root, gf->roots_hash[j], rootDel, j+2);
 			gf->roots_valid[j] = 0;
 			GTDataHash_free(gf->roots_hash[j]);
-			/* there is no API to duplicate a hash, so we need
-			 * to make sure we do not delete one that we still need!
-			 */
-			if(rootDel != gf->x_prev)
-				GTDataHash_free(rootDel);
-			if(ret != 0) goto done;
-		}
+			GTDataHash_free(rootDel);
+			if(ret != 0) goto done; /* checks hash_node() result! */
 	}
 	if((ret = timestampIt(gf, root)) != 0) goto done;
 
-
+	GTDataHash_free(root);
 	free(gf->blkStrtHash);
 	gf->lenBlkStrtHash = gf->x_prev->digest_length;
 	gf->blkStrtHash = malloc(gf->lenBlkStrtHash);
-- 
cgit v1.2.3


From 113c5e20ca6bc0fab6c77c7a4d5d5b2362817b26 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Tue, 26 Mar 2013 17:14:41 +0100
Subject: logsig: refactor code to not reley on undocumented libgt parts

---
 runtime/librsgt.c | 86 +++++++++++++++++++++++++++++++++----------------------
 runtime/librsgt.h | 14 ++++-----
 2 files changed, 59 insertions(+), 41 deletions(-)

diff --git a/runtime/librsgt.c b/runtime/librsgt.c
index f99a8357..f947dc19 100644
--- a/runtime/librsgt.c
+++ b/runtime/librsgt.c
@@ -87,6 +87,32 @@ rsgtsetErrFunc(gtctx ctx, void (*func)(void*, uchar *), void *usrptr)
 	ctx->errFunc = func;
 }
 
+static imprint_t *
+rsgtImprintFromGTDataHash(GTDataHash *hash)
+{
+	imprint_t *imp;
+
+	if((imp = calloc(1, sizeof(imprint_t))) == NULL) {
+		goto done;
+	}
+	imp->hashID = hashIdentifier(hash->algorithm),
+	imp->len = hash->digest_length;
+	if((imp->data = (uint8_t*)malloc(imp->len)) == NULL) {
+		free(imp); imp = NULL; goto done;
+	}
+	memcpy(imp->data, hash->digest, imp->len);
+done:	return imp;
+}
+
+static void
+rsgtimprintDel(imprint_t *imp)
+{
+	if(imp != NULL) {
+		free(imp->data),
+		free(imp);
+	}
+}
+
 int
 rsgtInit(char *usragent)
 {
@@ -398,12 +424,12 @@ writeStateFile(gtfile gf)
 
 	memcpy(sf.hdr, "GTSTAT10", 8);
 	sf.hashID = hashIdentifier(gf->hashAlg);
-	sf.lenHash = gf->x_prev->digest_length;
+	sf.lenHash = gf->x_prev->len;
 	/* if the write fails, we cannot do anything against that. We check
 	 * the condition just to keep the compiler happy.
 	 */
 	if(write(fd, &sf, sizeof(sf))){};
-	if(write(fd, gf->x_prev->digest, gf->x_prev->digest_length)){};
+	if(write(fd, gf->x_prev->data, gf->x_prev->len)){};
 	close(fd);
 done:	return;
 }
@@ -555,7 +581,7 @@ rsgtfileDestruct(gtfile gf)
 	free(gf->statefilename);
 	free(gf->IV);
 	free(gf->blkStrtHash);
-	GTDataHash_free(gf->x_prev);
+	rsgtimprintDel(gf->x_prev);
 	free(gf);
 done:	return r;
 }
@@ -592,23 +618,32 @@ bufAddIV(gtfile gf, uchar *buf, size_t *len)
 }
 
 
-/* concat: add hash to buffer */
+/* concat: add imprint to buffer */
 static inline void
-bufAddHash(gtfile gf, uchar *buf, size_t *len, GTDataHash *hash)
+bufAddImprint(gtfile gf, uchar *buf, size_t *len, imprint_t *imp)
 {
-	if(hash == NULL) {
+	if(imp == NULL) {
 	/* TODO: how to get the REAL HASH ID? --> add field? */
 		buf[*len] = hashIdentifier(gf->hashAlg);
 		++(*len);
 		memcpy(buf+*len, gf->blkStrtHash, gf->lenBlkStrtHash);
 		*len += gf->lenBlkStrtHash;
 	} else {
-		buf[*len] = hashIdentifier(gf->hashAlg);
+		buf[*len] = imp->hashID;
 		++(*len);
-		memcpy(buf+*len, hash->digest, hash->digest_length);
-		*len += hash->digest_length;
+		memcpy(buf+*len, imp->data, imp->len);
+		*len += imp->len;
 	}
 }
+/* concat: add hash to buffer */
+static inline void
+bufAddHash(gtfile gf, uchar *buf, size_t *len, GTDataHash *hash)
+{
+	buf[*len] = hashIdentifier(gf->hashAlg);
+	++(*len);
+	memcpy(buf+*len, hash->digest, hash->digest_length);
+	*len += hash->digest_length;
+}
 /* concat: add tree level to buffer */
 static inline void
 bufAddLevel(uchar *buf, size_t *len, uint8_t level)
@@ -626,7 +661,7 @@ hash_m(gtfile gf, GTDataHash **m)
 	size_t len = 0;
 	int r = 0;
 
-	bufAddHash(gf, concatBuf, &len, gf->x_prev);
+	bufAddImprint(gf, concatBuf, &len, gf->x_prev);
 	bufAddIV(gf, concatBuf, &len);
 	rgt = GTDataHash_create(gf->hashAlg, concatBuf, len, m);
 	if(rgt != GT_OK) {
@@ -672,23 +707,6 @@ done:	return r;
 }
 
 
-/* TODO: replace this once libgt provides a native function
- * for this!
- */
-static inline GTDataHash*
-GTDataHash_dup(GTDataHash *in)
-{
-	GTDataHash *out;
-
-	out = (GTDataHash*) calloc(1, sizeof(GTDataHash));
-	if(out == NULL) goto done;
-	out->algorithm = in->algorithm,
-	out->digest_length = in->digest_length,
-	out->digest = malloc(in->digest_length);
-	memcpy(out->digest, in->digest, in->digest_length);
-done:	return out;
-}
-
 int
 sigblkAddRecord(gtfile gf, const uchar *rec, const size_t len)
 {
@@ -706,8 +724,10 @@ sigblkAddRecord(gtfile gf, const uchar *rec, const size_t len)
 	/* persists x here if Merkle tree needs to be persisted! */
 	if(gf->bKeepTreeHashes)
 		tlvWriteHash(gf, 0x0901, x);
+	rsgtimprintDel(gf->x_prev);
+	gf->x_prev = rsgtImprintFromGTDataHash(x);
 	/* add x to the forest as new leaf, update roots list */
-	t = GTDataHash_dup(x);
+	t = x;
 	for(j = 0 ; j < gf->nRoots ; ++j) {
 		if(gf->roots_valid[j] == 0) {
 			gf->roots_hash[j] = t;
@@ -734,12 +754,9 @@ sigblkAddRecord(gtfile gf, const uchar *rec, const size_t len)
 		assert(gf->nRoots < MAX_ROOTS);
 		t = NULL;
 	}
-	GTDataHash_free(gf->x_prev);
-	gf->x_prev = x; /* single var may be sufficient */
 	++gf->nRecords;
 
-	/* cleanup */
-	/* note: x is freed later as part of roots cleanup */
+	/* cleanup (x is cleared as part of the roots array) */
 	GTDataHash_free(m);
 	GTDataHash_free(r);
 
@@ -812,14 +829,15 @@ sigblkFinish(gtfile gf)
 			GTDataHash_free(gf->roots_hash[j]);
 			GTDataHash_free(rootDel);
 			if(ret != 0) goto done; /* checks hash_node() result! */
+		}
 	}
 	if((ret = timestampIt(gf, root)) != 0) goto done;
 
 	GTDataHash_free(root);
 	free(gf->blkStrtHash);
-	gf->lenBlkStrtHash = gf->x_prev->digest_length;
+	gf->lenBlkStrtHash = gf->x_prev->len;
 	gf->blkStrtHash = malloc(gf->lenBlkStrtHash);
-	memcpy(gf->blkStrtHash, gf->x_prev->digest, gf->lenBlkStrtHash);
+	memcpy(gf->blkStrtHash, gf->x_prev->data, gf->x_prev->len);
 done:
 	gf->bInBlk = 0;
 	return ret;
diff --git a/runtime/librsgt.h b/runtime/librsgt.h
index 7eb63c11..bc20194f 100644
--- a/runtime/librsgt.h
+++ b/runtime/librsgt.h
@@ -43,6 +43,11 @@ struct gtctx_s {
 	void *usrptr; /* for error function */
 };
 typedef struct gtctx_s *gtctx;
+typedef struct gtfile_s *gtfile;
+typedef struct gterrctx_s gterrctx_t;
+typedef struct imprint_s imprint_t;
+typedef struct block_sig_s block_sig_t;
+typedef struct tlvrecord_s tlvrecord_t;
 
 /* this describes a file, as far as librsgt is concerned */
 struct gtfile_s {
@@ -56,7 +61,7 @@ struct gtfile_s {
 	uint8_t disabled; /* permits to disable this file --> set to 1 */
 	uint64_t blockSizeLimit;
 	uint8_t *IV; /* initial value for blinding masks */
-	GTDataHash *x_prev; /* last leaf hash (maybe of previous block) --> preserve on term */
+	imprint_t *x_prev; /* last leaf hash (maybe of previous block) --> preserve on term */
 	unsigned char *sigfilename;
 	unsigned char *statefilename;
 	int fd;
@@ -75,11 +80,6 @@ struct gtfile_s {
 	int	tlvIdx; /* current index into tlvBuf */
 	gtctx ctx;
 };
-typedef struct gtfile_s *gtfile;
-typedef struct gterrctx_s gterrctx_t;
-typedef struct imprint_s imprint_t;
-typedef struct block_sig_s block_sig_t;
-typedef struct tlvrecord_s tlvrecord_t;
 
 struct tlvrecord_s {
 	uint16_t tlvtype;
@@ -254,7 +254,7 @@ hashOutputLengthOctets(uint8_t hashID)
 }
 
 static inline uint8_t
-hashIdentifier(uint8_t hashID)
+hashIdentifier(enum GTHashAlgorithm hashID)
 {
 	switch(hashID) {
 	case GT_HASHALG_SHA1:	/* paper: SHA1 */
-- 
cgit v1.2.3


From 3a03b9b9213b9cd76b32a5d13f92bd228453322f Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Tue, 26 Mar 2013 17:27:10 +0100
Subject: logsig: needed to refactor parts of the reader as well

the previous refactoring broke that code
---
 runtime/librsgt.c      |  4 ++--
 runtime/librsgt.h      |  2 ++
 runtime/librsgt_read.c | 11 +++++++----
 3 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/runtime/librsgt.c b/runtime/librsgt.c
index f947dc19..afafe2f2 100644
--- a/runtime/librsgt.c
+++ b/runtime/librsgt.c
@@ -87,7 +87,7 @@ rsgtsetErrFunc(gtctx ctx, void (*func)(void*, uchar *), void *usrptr)
 	ctx->errFunc = func;
 }
 
-static imprint_t *
+imprint_t *
 rsgtImprintFromGTDataHash(GTDataHash *hash)
 {
 	imprint_t *imp;
@@ -104,7 +104,7 @@ rsgtImprintFromGTDataHash(GTDataHash *hash)
 done:	return imp;
 }
 
-static void
+void
 rsgtimprintDel(imprint_t *imp)
 {
 	if(imp != NULL) {
diff --git a/runtime/librsgt.h b/runtime/librsgt.h
index bc20194f..bfcc4628 100644
--- a/runtime/librsgt.h
+++ b/runtime/librsgt.h
@@ -358,6 +358,8 @@ void rsgtCtxDel(gtctx ctx);
 void sigblkInit(gtfile gf);
 int sigblkAddRecord(gtfile gf, const unsigned char *rec, const size_t len);
 int sigblkFinish(gtfile gf);
+imprint_t * rsgtImprintFromGTDataHash(GTDataHash *hash);
+void rsgtimprintDel(imprint_t *imp);
 /* reader functions */
 int rsgt_tlvrdHeader(FILE *fp, unsigned char *hdr);
 int rsgt_tlvrd(FILE *fp, tlvrecord_t *rec, void *obj);
diff --git a/runtime/librsgt_read.c b/runtime/librsgt_read.c
index 29a07e54..25c0db4d 100644
--- a/runtime/librsgt_read.c
+++ b/runtime/librsgt_read.c
@@ -95,6 +95,7 @@ rsgt_errctxInit(gterrctx_t *ectx)
 	ectx->fp = NULL;
 	ectx->filename = NULL;
 	ectx->recNum = 0;
+	ectx->gtstate = 0;
 	ectx->recNumInFile = 0;
 	ectx->blkNum = 0;
 	ectx->verbose = 0;
@@ -864,7 +865,7 @@ rsgt_vrfy_nextRec(block_sig_t *bs, gtfile gf, FILE *sigfp, FILE *nsigfp,
 {
 	int r = 0;
 	GTDataHash *x; /* current hash */
-	GTDataHash *m, *recHash = NULL, *t;
+	GTDataHash *m, *recHash = NULL, *t, *t_del;
 	uint8_t j;
 
 	hash_m(gf, &m);
@@ -881,6 +882,8 @@ rsgt_vrfy_nextRec(block_sig_t *bs, gtfile gf, FILE *sigfp, FILE *nsigfp,
 		r = rsgt_vrfy_chkTreeHash(gf, sigfp, nsigfp, x, ectx);
 		if(r != 0) goto done;
 	}
+	rsgtimprintDel(gf->x_prev);
+	gf->x_prev = rsgtImprintFromGTDataHash(x);
 	/* add x to the forest as new leaf, update roots list */
 	t = x;
 	for(j = 0 ; j < gf->nRoots ; ++j) {
@@ -893,7 +896,8 @@ rsgt_vrfy_nextRec(block_sig_t *bs, gtfile gf, FILE *sigfp, FILE *nsigfp,
 			/* hash interim node */
 			ectx->treeLevel = j+1;
 			ectx->righthash = t;
-			hash_node(gf, &t, gf->roots_hash[j], t, j+2);
+			t_del = t;
+			hash_node(gf, &t, gf->roots_hash[j], t_del, j+2);
 			gf->roots_valid[j] = 0;
 			if(gf->bKeepTreeHashes) {
 				ectx->lefthash = gf->roots_hash[j];
@@ -901,6 +905,7 @@ rsgt_vrfy_nextRec(block_sig_t *bs, gtfile gf, FILE *sigfp, FILE *nsigfp,
 				if(r != 0) goto done; /* mem leak ok, we terminate! */
 			}
 			GTDataHash_free(gf->roots_hash[j]);
+			GTDataHash_free(t_del);
 		}
 	}
 	if(t != NULL) {
@@ -911,11 +916,9 @@ rsgt_vrfy_nextRec(block_sig_t *bs, gtfile gf, FILE *sigfp, FILE *nsigfp,
 		assert(gf->nRoots < MAX_ROOTS);
 		t = NULL;
 	}
-	gf->x_prev = x; /* single var may be sufficient */
 	++gf->nRecords;
 
 	/* cleanup */
-	/* note: x is freed later as part of roots cleanup */
 	GTDataHash_free(m);
 done:
 	if(recHash != NULL)
-- 
cgit v1.2.3


From ed775041623e24bd41db50da1e0b099f819b929f Mon Sep 17 00:00:00 2001
From: Martin Carpenter <mcarpenter@free.fr>
Date: Tue, 26 Mar 2013 17:15:07 +0100
Subject: Check libsocket for getifaddrs()

---
 configure.ac | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index f444e5eb..96a9e80f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -117,7 +117,10 @@ AC_TYPE_SIGNAL
 AC_FUNC_STAT
 AC_FUNC_STRERROR_R
 AC_FUNC_VPRINTF
-AC_CHECK_FUNCS([flock basename alarm clock_gettime getifaddrs gethostbyname gethostname gettimeofday localtime_r memset mkdir regcomp select setid socket strcasecmp strchr strdup strerror strndup strnlen strrchr strstr strtol strtoul uname ttyname_r getline malloc_trim prctl epoll_create epoll_create1 fdatasync syscall lseek64])
+AC_CHECK_FUNCS([flock basename alarm clock_gettime gethostbyname gethostname gettimeofday localtime_r memset mkdir regcomp select setid socket strcasecmp strchr strdup strerror strndup strnlen strrchr strstr strtol strtoul uname ttyname_r getline malloc_trim prctl epoll_create epoll_create1 fdatasync syscall lseek64])
+
+# getifaddrs is in libc (mostly) or in libsocket (eg Solaris 11) or not defined (eg Solaris 10)
+AC_SEARCH_LIBS([getifaddrs], [socket], [AC_DEFINE(HAVE_GETIFADDRS, [1], [set define])])
 
 # the check below is probably ugly. If someone knows how to do it in a better way, please
 # let me know! -- rgerhards, 2010-10-06
-- 
cgit v1.2.3


From d1b8821be796694f123f3e469eaaedbe228fde66 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Tue, 26 Mar 2013 18:39:28 +0100
Subject: logsig: minimal end-user doc

---
 ChangeLog           |   3 +-
 configure.ac        |   2 +-
 doc/Makefile.am     |   1 +
 doc/manual.html     |   2 +-
 doc/omfile.html     |   9 +++--
 doc/sigprov_gt.html | 100 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 6 files changed, 112 insertions(+), 5 deletions(-)
 create mode 100644 doc/sigprov_gt.html

diff --git a/ChangeLog b/ChangeLog
index 6f258fa9..c64fe0f9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
 ---------------------------------------------------------------------------
-Version 7.3.9  [devel] 2013-03-??
+Version 7.3.9  [devel] 2013-03-27
+- support for signing logs added
 - imudp: now supports user-selectable inputname
 - omlibdbi: now supports transaction interface
   if recent enough lbdbi is present
diff --git a/configure.ac b/configure.ac
index 96a9e80f..0c877eea 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ(2.61)
-AC_INIT([rsyslog],[7.3.8],[rsyslog@lists.adiscon.com])
+AC_INIT([rsyslog],[7.3.9],[rsyslog@lists.adiscon.com])
 AM_INIT_AUTOMAKE
 
 m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
diff --git a/doc/Makefile.am b/doc/Makefile.am
index de2e1df5..46afd900 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -41,6 +41,7 @@ html_files = \
 	omudpspoof.html \
 	omruleset.html \
 	omsnmp.html \
+	sigprov_gt.html \
 	ommysql.html \
 	omoracle.html \
 	omlibdbi.html \
diff --git a/doc/manual.html b/doc/manual.html
index ca54a04a..6fba9a05 100644
--- a/doc/manual.html
+++ b/doc/manual.html
@@ -19,7 +19,7 @@ professional services</a> available directly from the source!</p>
 <p><b>Please visit the <a href="http://www.rsyslog.com/sponsors">rsyslog sponsor's page</a>
 to honor the project sponsors or become one yourself!</b> We are very grateful for any help towards the
 project goals.</p>
-<p><b>This documentation is for version 7.3.8 (devel branch) of rsyslog.</b>
+<p><b>This documentation is for version 7.3.9 (devel branch) of rsyslog.</b>
 Visit the <i><a href="http://www.rsyslog.com/status">rsyslog status page</a></i></b>
 to obtain current version information and project status.
 </p><p><b>If you like rsyslog, you might
diff --git a/doc/omfile.html b/doc/omfile.html
index 2c5ab97a..a980d37f 100644
--- a/doc/omfile.html
+++ b/doc/omfile.html
@@ -13,14 +13,14 @@
 <p>The omfile plug-in provides the core functionality of writing messages to files residing inside the local file system (which may actually be remote if methods like NFS are used). Both files named with static names as well files with names based on message content are supported by this module. It is a built-in module that does not need to be loaded. </p>
 <p>&nbsp;</p>
 
-<p><b>Module Configuration Parameters</b>:</p>
+<p><b>Module Parameters</b>:</p>
 <ul>
 	<li><strong>Template </strong>[templateName]<br>
 	sets a new default template for file actions.<br></li>
 	
 </ul>
 <p>&nbsp;</p>
-<p><b>Action Confguration Parameters</b>:</p>
+<p><b>Action Parameters</b>:</p>
 <ul>
 	<li><strong>DynaFileCacheSize </strong>(not mandatory, default will be used)<br>
 	Defines a template to be used for the output. <br></li><br>
@@ -83,6 +83,11 @@
 	<li><strong>DynaFile </strong><br>
 	For each message, the file name is generated based on the given template. Then, this file is opened. As with the ``file'' property, data is appended if the file already exists. If the file does not exist, a new file is created. A cache of recent files is kept. Note that this cache can consume quite some memory (especially if large buffer sizes are used). Files are kept open as long as they stay inside the cache. Currently, files are only evicted from the cache when there is need to do so (due to insufficient cache size). To force-close (and evict) a dynafile from cache, send a HUP signal to rsyslogd. <br></li><br>
 
+	<li><strong>Sig.Provider </strong>[ProviderName]<br>
+	Selects a signature provider for log signing. Currently,
+	there only is one provider called
+	"<a href="sigprov_gt.html">gt</a>".<br></li><br>
+
 	<li><strong>Template </strong>[templateName]<br>
 	sets a new default template for file actions.<br></li><br>
 	
diff --git a/doc/sigprov_gt.html b/doc/sigprov_gt.html
new file mode 100644
index 00000000..18b0ed10
--- /dev/null
+++ b/doc/sigprov_gt.html
@@ -0,0 +1,100 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<meta http-equiv="Content-Language" content="en">
+<title>GuardTime Log Signature Provider (gt)</title>
+</head>
+
+<body>
+<a href="rsyslog_conf_modules.html">back to rsyslog module overview</a>
+
+<h1>GuardTime Log Signature Provider (gt)</h1>
+<p><b>Signature Provider Name:&nbsp;&nbsp;&nbsp; gt</b></p>
+<p><b>Author: </b>Rainer Gerhards &lt;rgerhards@adiscon.com&gt;</p>
+<p><b>Multi-Ruleset Support: </b>since 7.3.9
+<p><b>Description</b>:</p>
+<p>Provides the ability to sign syslog messages via the
+GuardTime signature services.
+</p>
+
+<p><b>Configuration Parameters</b>:</p>
+<p>Signature providers are loaded by omfile, when the
+provider is selected in its "sig.providerName" parameter.
+Parameters for the provider are given in the omfile action instance
+line.
+<p>This provider creates a signature file with the same base name but
+the extension ".gtsig" for each log file (both for fixed-name files
+as well as dynafiles). Both files together form a set. So you need to
+archive both in order to prove integrity.
+<ul>
+<li><b>sig.hashFunction</b> &lt;Hash Algorithm&gt;<br>
+The following hash algorithms are currently supported:
+  <ul>
+	<li>SHA1
+	<li>RIPEMD-160
+	<li>SHA2-224
+	<li>SHA2-256
+	<li>SHA2-384
+	<li>SHA2-512
+  </ul>
+</li>
+<li><b>sig.timestampService</b> &lt;timestamper URL&gt;<br>
+This provides the URL of the timestamper service. If not selected,
+a default server is selected. This may not necessarily be a good
+one for your region.
+</li>
+<li><b>sig.block.sizeLimit</b> &lt;nbr-records&gt;<br>
+The maximum number of records inside a single signature block. By
+default, there is no size limit, so the signature is only written
+on file closure. Note that a signature request typically takes between
+one and two seconds. So signing to frequently is probably not a good
+idea.
+</li>
+<li><b>sig.keepRecordHashes</b> &lt;on/<b>off</b>&gt;<br>
+Controls if record hashes are written to the .gtsig file. This
+enhances the ability to spot the location of a signature breach,
+but costs considerable disk space (65 bytes for each log record
+for SHA2-512 hashes, for example).
+</li>
+<li><b>sig.keepTreeHashes</b> &lt;on/<b>off</b>&gt;<br>
+Controls if tree (intermediate) hashes are written to the .gtsig file. This
+enhances the ability to spot the location of a signature breach,
+but costs considerable disk space (a bit mire than the amount
+sig.keepRecordHashes requries). Note that both Tree and Record 
+hashes can be kept inside the signature file.
+</li>
+</ul>
+<b>Caveats/Known Bugs:</b>
+<ul>
+<li>currently none known
+</li>
+</ul>
+<p><b>Samples:</b></p>
+<p>This writes a log file with it's associated signature file. Default
+parameters are used.
+</p>
+<textarea rows="3" cols="60">
+action(type="omfile" file="/var/log/somelog"
+	sig.provider="gt")
+</textarea>
+
+<p>In the next sample, we use the more secure SHA2-512 hash function,
+sign every 10,000 records and Tree and Record hashes are kept.
+<textarea rows="3" cols="60">
+action(type="omfile" file="/var/log/somelog"
+	sig.provider="gt" sig.hashfunction="SHA2-512"
+	sig.block.sizelimit="10000"
+	sig.keepTreeHashes="on" sig.keepRecordHashes="on")
+</textarea>
+
+
+<p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>]
+[<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p>
+<p><font size="2">This documentation is part of the
+<a href="http://www.rsyslog.com/">rsyslog</a>
+project.<br>
+Copyright &copy; 2013 by
+<a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> and
+<a href="http://www.adiscon.com/">Adiscon</a>.
+Released under the GNU GPL version 3 or higher.</font></p>
+</body></html>
-- 
cgit v1.2.3


From 05478639e36aa588f6033f0664a448aa04f16c32 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Wed, 27 Mar 2013 15:14:45 +0100
Subject: bugfix: imuxsock aborted under some conditions

regression from ratelimiting enhancements
---
 ChangeLog                   | 4 ++++
 plugins/imuxsock/imuxsock.c | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index c64fe0f9..01ba0f45 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,8 @@
 ---------------------------------------------------------------------------
+Version 7.3.10  [devel] 2013-04-??
+- bugfix: imuxsock aborted under some conditions
+  regression from ratelimiting enhancements
+---------------------------------------------------------------------------
 Version 7.3.9  [devel] 2013-03-27
 - support for signing logs added
 - imudp: now supports user-selectable inputname
diff --git a/plugins/imuxsock/imuxsock.c b/plugins/imuxsock/imuxsock.c
index f15773fc..0f4ded1d 100644
--- a/plugins/imuxsock/imuxsock.c
+++ b/plugins/imuxsock/imuxsock.c
@@ -570,6 +570,10 @@ findRatelimiter(lstn_t *pLstn, struct ucred *cred, ratelimit_t **prl)
 		FINALIZE;
 	}
 #endif
+	if(pLstn->ht == NULL) {
+		*prl = NULL;
+		FINALIZE;
+	}
 
 	rl = hashtable_search(pLstn->ht, &cred->pid);
 	if(rl == NULL) {
-- 
cgit v1.2.3


From 1b2f93da31d0331244aa7c72068f4ec324e2cb71 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Wed, 27 Mar 2013 17:05:26 +0100
Subject: add RainerScript re_extract() function

---
 ChangeLog              |   1 +
 doc/rainerscript.html  |   9 +++++
 grammar/rainerscript.c | 105 ++++++++++++++++++++++++++++++++++++++++++++++++-
 grammar/rainerscript.h |   1 +
 4 files changed, 114 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 01ba0f45..54aacf0c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
 ---------------------------------------------------------------------------
 Version 7.3.10  [devel] 2013-04-??
+- added RainerScript re_extract() function
 - bugfix: imuxsock aborted under some conditions
   regression from ratelimiting enhancements
 ---------------------------------------------------------------------------
diff --git a/doc/rainerscript.html b/doc/rainerscript.html
index d76316ed..7cbbfa9f 100644
--- a/doc/rainerscript.html
+++ b/doc/rainerscript.html
@@ -66,6 +66,15 @@ variable, if it exists. Returns an empty string if it does not exist.
 <li>cstr(expr) - converts expr to a string value
 <li>cnum(expr) - converts expr to a number (integer)
 <li>re_match(expr, re) - returns 1, if expr matches re, 0 otherwise
+<li>re_extract(expr, re, match, submatch, no-found) - extracts
+data from a string (property) via a regular expression match.
+POSIX ERE regular expressions are used. The variable "match" contains
+the number of the match to use. This permits to pick up more than the
+first expression match. Submatch is the submatch to match (max 50 supported).
+The "no-found" parameter specifies which string is to be returned in case when
+the regular expression is not found. Note that match and submatch start with
+zero. It currently is not possible to extract more than one submatch with
+a single call.
 <li>field(str, delim, matchnbr) - returns a field-based substring. str is the string
 to search, delim is the delimiter and matchnbr is the match to search
 for (the first match starts at 1). This works similar as the field based
diff --git a/grammar/rainerscript.c b/grammar/rainerscript.c
index 8ef7429d..00e1e835 100644
--- a/grammar/rainerscript.c
+++ b/grammar/rainerscript.c
@@ -1228,6 +1228,96 @@ finalize_it:
 	RETiRet;
 }
 
+static inline void
+doFunc_re_extract(struct cnffunc *func, struct var *ret, void* usrptr)
+{
+	size_t submatchnbr;
+	short matchnbr;
+	regmatch_t pmatch[50];
+	int bMustFree;
+	es_str_t *estr;
+	char *str;
+	struct var r[CNFFUNC_MAX_ARGS];
+	int iLenBuf;
+	unsigned iOffs;
+	short iTry = 0;
+	uchar bFound = 0;
+	iOffs = 0;
+	sbool bHadNoMatch = 0;
+
+	cnfexprEval(func->expr[0], &r[0], usrptr);
+	/* search string is already part of the compiled regex, so we don't
+	 * need it here!
+	 */
+	cnfexprEval(func->expr[2], &r[2], usrptr);
+	cnfexprEval(func->expr[3], &r[3], usrptr);
+	str = (char*) var2CString(&r[0], &bMustFree);
+	matchnbr = (short) var2Number(&r[2], NULL);
+	submatchnbr = (size_t) var2Number(&r[3], NULL);
+	if(submatchnbr > sizeof(pmatch)/sizeof(regmatch_t)) {
+		DBGPRINTF("re_extract() submatch %d is too large\n", submatchnbr);
+		bHadNoMatch = 1;
+		goto finalize_it;
+	}
+
+	/* first see if we find a match, iterating through the series of
+	 * potential matches over the string.
+	 */
+	while(!bFound) {
+		int iREstat;
+		iREstat = regexp.regexec(func->funcdata, (char*)(str + iOffs),
+					 submatchnbr+1, pmatch, 0);
+		dbgprintf("re_extract: regexec return is %d\n", iREstat);
+		if(iREstat == 0) {
+			if(pmatch[0].rm_so == -1) {
+				dbgprintf("oops ... start offset of successful regexec is -1\n");
+				break;
+			}
+			if(iTry == matchnbr) {
+				bFound = 1;
+			} else {
+				dbgprintf("re_extract: regex found at offset %d, new offset %d, tries %d\n",
+					  iOffs, (int) (iOffs + pmatch[0].rm_eo), iTry);
+				iOffs += pmatch[0].rm_eo;
+				++iTry;
+			}
+		} else {
+			break;
+		}
+	}
+	dbgprintf("re_extract: regex: end search, found %d\n", bFound);
+	if(!bFound) {
+		bHadNoMatch = 1;
+		goto finalize_it;
+	} else {
+		/* Match- but did it match the one we wanted? */
+		/* we got no match! */
+		if(pmatch[submatchnbr].rm_so == -1) {
+			bHadNoMatch = 1;
+			goto finalize_it;
+		}
+		/* OK, we have a usable match - we now need to malloc pB */
+		iLenBuf = pmatch[submatchnbr].rm_eo - pmatch[submatchnbr].rm_so;
+		estr = es_newStrFromBuf(str + iOffs + pmatch[submatchnbr].rm_so,
+					iLenBuf);
+	}
+
+	if(bMustFree) free(str);
+	if(r[0].datatype == 'S') es_deleteStr(r[0].d.estr);
+	if(r[2].datatype == 'S') es_deleteStr(r[2].d.estr);
+	if(r[3].datatype == 'S') es_deleteStr(r[3].d.estr);
+finalize_it:
+	if(bHadNoMatch) {
+		cnfexprEval(func->expr[4], &r[4], usrptr);
+		estr = var2String(&r[4], &bMustFree);
+		if(r[4].datatype == 'S') es_deleteStr(r[4].d.estr);
+	}
+	ret->datatype = 'S';
+	ret->d.estr = estr;
+	return;
+}
+
+
 /* Perform a function call. This has been moved out of cnfExprEval in order
  * to keep the code small and easier to maintain.
  */
@@ -1331,6 +1421,9 @@ doFuncCall(struct cnffunc *func, struct var *ret, void* usrptr)
 		if(bMustFree) free(str);
 		if(r[0].datatype == 'S') es_deleteStr(r[0].d.estr);
 		break;
+	case CNFFUNC_RE_EXTRACT:
+		doFunc_re_extract(func, ret, usrptr);
+		break;
 	case CNFFUNC_FIELD:
 		cnfexprEval(func->expr[0], &r[0], usrptr);
 		cnfexprEval(func->expr[1], &r[1], usrptr);
@@ -1908,6 +2001,7 @@ cnffuncDestruct(struct cnffunc *func)
 	/* some functions require special destruction */
 	switch(func->fID) {
 		case CNFFUNC_RE_MATCH:
+		case CNFFUNC_RE_EXTRACT:
 			if(func->funcdata != NULL)
 				regexp.regfree(func->funcdata);
 			break;
@@ -2988,7 +3082,6 @@ cnfstmtOptimize(struct cnfstmt *root)
 	struct cnfstmt *stmt;
 	if(root == NULL) goto done;
 	for(stmt = root ; stmt != NULL ; stmt = stmt->next) {
-dbgprintf("RRRR: stmtOptimize: stmt %p, nodetype %u\n", stmt, stmt->nodetype);
 		switch(stmt->nodetype) {
 		case S_IF:
 			cnfstmtOptimizeIf(stmt);
@@ -3088,6 +3181,13 @@ funcName2ID(es_str_t *fname, unsigned short nParams)
 			return CNFFUNC_INVALID;
 		}
 		return CNFFUNC_RE_MATCH;
+	} else if(!es_strbufcmp(fname, (unsigned char*)"re_extract", sizeof("re_extract") - 1)) {
+		if(nParams != 5) {
+			parser_errmsg("number of parameters for re_extract() must be five "
+				      "but is %d.", nParams);
+			return CNFFUNC_INVALID;
+		}
+		return CNFFUNC_RE_EXTRACT;
 	} else if(!es_strbufcmp(fname, (unsigned char*)"field", sizeof("field") - 1)) {
 		if(nParams != 3) {
 			parser_errmsg("number of parameters for field() must be three "
@@ -3118,7 +3218,7 @@ initFunc_re_match(struct cnffunc *func)
 
 	func->funcdata = NULL;
 	if(func->expr[1]->nodetype != 'S') {
-		parser_errmsg("param 2 of re_match() must be a constant string");
+		parser_errmsg("param 2 of re_match/extract() must be a constant string");
 		FINALIZE;
 	}
 
@@ -3196,6 +3296,7 @@ cnffuncNew(es_str_t *fname, struct cnffparamlst* paramlst)
 		/* some functions require special initialization */
 		switch(func->fID) {
 			case CNFFUNC_RE_MATCH:
+			case CNFFUNC_RE_EXTRACT:
 				/* need to compile the regexp in param 2, so this MUST be a constant */
 				initFunc_re_match(func);
 				break;
diff --git a/grammar/rainerscript.h b/grammar/rainerscript.h
index 59ce53f3..4816951b 100644
--- a/grammar/rainerscript.h
+++ b/grammar/rainerscript.h
@@ -226,6 +226,7 @@ enum cnffuncid {
 	CNFFUNC_CSTR,
 	CNFFUNC_CNUM,
 	CNFFUNC_RE_MATCH,
+	CNFFUNC_RE_EXTRACT,
 	CNFFUNC_FIELD,
 	CNFFUNC_PRIFILT
 };
-- 
cgit v1.2.3


From 474877b9d7912a3d2abc2a350dbc41e4c3b050e4 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 29 Mar 2013 16:04:21 +0100
Subject: permit substring extraction relative to end-of-string in templates

---
 ChangeLog                       |  1 +
 doc/property_replacer.html      |  6 ++++++
 doc/rsyslog_conf_templates.html |  2 ++
 runtime/msg.c                   | 17 +++++++++++-----
 template.c                      | 44 +++++++++++++++++++++++++++++++----------
 template.h                      |  1 +
 6 files changed, 56 insertions(+), 15 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 405e8b18..ef67fdfd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,4 @@
+- templates now permit substring extraction relative to end-of-string
 ----------------------------------------------------------------------------
 Version 7.2.7  [v7-stable] 2013-03-??
 - rsyslogd startup information is now properly conveyed back to init
diff --git a/doc/property_replacer.html b/doc/property_replacer.html
index c7624b2d..13ff41c3 100644
--- a/doc/property_replacer.html
+++ b/doc/property_replacer.html
@@ -413,6 +413,12 @@ option when forwarding to remote hosts - they may treat the date as invalid
 <td>just the subseconds of a timestamp (always 0 for a low precision timestamp)</td>
 </tr>
 <tr>
+<td>pos-end-relative</td>
+  <td>the from and to position is relative to the end of the string
+      instead of the usual start of string. (available since rsyslog v7.3.10)
+  </td>
+</tr>
+<tr>
 <td><b>ControlCharacters</b></td>
 <td>Option values for how to process control characters</td>
 </tr>
diff --git a/doc/rsyslog_conf_templates.html b/doc/rsyslog_conf_templates.html
index 0c189100..9a6e1619 100644
--- a/doc/rsyslog_conf_templates.html
+++ b/doc/rsyslog_conf_templates.html
@@ -134,6 +134,8 @@ csv-data is generated, "json", which formats proper json content (but without a
 header) and "jsonf", which formats as a complete json field.
 <li>position.from - obtain substring starting from this position (1 is the first position)
 <li>position.to - obtain substring up to this position
+<li>position.relativeToEnd - the from and to position is relative to the end of the string
+   instead of the usual start of string. (available since rsyslog v7.3.10)
 <li>field.number - obtain this field match
 <li>field.delimiter - decimal value of delimiter character for field extraction
 <li>regex.expression - expression to use
diff --git a/runtime/msg.c b/runtime/msg.c
index 32a02424..9afd46cf 100644
--- a/runtime/msg.c
+++ b/runtime/msg.c
@@ -3017,13 +3017,20 @@ uchar *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe,
 		uchar *pSb;
 		iFrom = pTpe->data.field.iFromPos;
 		iTo = pTpe->data.field.iToPos;
-		/* need to zero-base to and from (they are 1-based!) */
-		if(iFrom > 0)
-			--iFrom;
-		if(iTo > 0)
-			--iTo;
 		if(bufLen == -1)
 			bufLen = ustrlen(pRes);
+dbgprintf("DDDD: orginal iFrom %u, iTo %u, len %u\n", iFrom, iTo, bufLen);
+		if(pTpe->data.field.options.bFromPosEndRelative) {
+			iFrom = (bufLen < iFrom) ? 0 : bufLen - iFrom;
+			iTo = (bufLen < iTo)? 0 : bufLen - iTo;
+dbgprintf("DDDD: now iFrom %u, iTo %u\n", iFrom, iTo);
+		} else {
+			/* need to zero-base to and from (they are 1-based!) */
+			if(iFrom > 0)
+				--iFrom;
+			if(iTo > 0)
+				--iTo;
+		}
 		if(iFrom == 0 && iTo >=  bufLen) { 
 			/* in this case, the requested string is a superset of what we already have,
 			 * so there is no need to do any processing. This is a frequent case for size-limited
diff --git a/template.c b/template.c
index 8427e85c..09b9612c 100644
--- a/template.c
+++ b/template.c
@@ -79,6 +79,7 @@ static struct cnfparamdescr cnfparamdescrProperty[] = {
 	{ "format", eCmdHdlrString, 0 },
 	{ "position.from", eCmdHdlrInt, 0 },
 	{ "position.to", eCmdHdlrInt, 0 },
+	{ "position.relativetoend", eCmdHdlrBinary, 0 },
 	{ "field.number", eCmdHdlrInt, 0 },
 	{ "field.delimiter", eCmdHdlrInt, 0 },
 	{ "regex.expression", eCmdHdlrString, 0 },
@@ -707,6 +708,8 @@ static void doOptions(unsigned char **pp, struct templateEntry *pTpe)
 			pTpe->data.field.options.bSecPathDrop = 1;
 		 } else if(!strcmp((char*)Buf, "secpath-replace")) {
 			pTpe->data.field.options.bSecPathReplace = 1;
+		 } else if(!strcmp((char*)Buf, "pos-end-relative")) {
+			pTpe->data.field.options.bFromPosEndRelative = 1;
 		 } else if(!strcmp((char*)Buf, "csv")) {
 		 	if(pTpe->data.field.options.bJSON || pTpe->data.field.options.bJSONf) {
 				errmsg.LogError(0, NO_ERRCODE, "error: can only specify "
@@ -1060,18 +1063,27 @@ static int do_Parameter(unsigned char **pp, struct template *pTpl)
 #endif /* #ifdef FEATURE_REGEXP */
 	}
 
-	if(pTpe->data.field.iToPos < pTpe->data.field.iFromPos) {
-		iNum = pTpe->data.field.iToPos;
-		pTpe->data.field.iToPos = pTpe->data.field.iFromPos;
-		pTpe->data.field.iFromPos = iNum;
-	}
-
 	/* check options */
 	if(*p == ':') {
 		++p; /* eat ':' */
 		doOptions(&p, pTpe);
 	}
 
+	if(pTpe->data.field.options.bFromPosEndRelative) {
+		if(pTpe->data.field.iToPos > pTpe->data.field.iFromPos) {
+			iNum = pTpe->data.field.iToPos;
+			pTpe->data.field.iToPos = pTpe->data.field.iFromPos;
+			pTpe->data.field.iFromPos = iNum;
+		}
+	} else {
+		if(pTpe->data.field.iToPos < pTpe->data.field.iFromPos) {
+			iNum = pTpe->data.field.iToPos;
+			pTpe->data.field.iToPos = pTpe->data.field.iFromPos;
+			pTpe->data.field.iFromPos = iNum;
+		}
+	}
+
+
 	/* check field name */
 	if(*p == ':') {
 		++p; /* eat ':' */
@@ -1357,6 +1369,7 @@ createPropertyTpe(struct template *pTpl, struct cnfobj *o)
 	int fielddelim = 9; /* default is HT (USACSII 9) */
 	int re_matchToUse = 0;
 	int re_submatchToUse = 0;
+	int bPosRelativeToEnd = 0;
 	char *re_expr = NULL;
 	struct cnfparamvals *pvals = NULL;
 	enum {F_NONE, F_CSV, F_JSON, F_JSONF} formatType = F_NONE;
@@ -1392,6 +1405,8 @@ createPropertyTpe(struct template *pTpl, struct cnfobj *o)
 			frompos = pvals[i].val.d.n;
 		} else if(!strcmp(pblkProperty.descr[i].name, "position.to")) {
 			topos = pvals[i].val.d.n;
+		} else if(!strcmp(pblkProperty.descr[i].name, "position.relativetoend")) {
+			bPosRelativeToEnd = pvals[i].val.d.n;
 		} else if(!strcmp(pblkProperty.descr[i].name, "field.number")) {
 			fieldnum = pvals[i].val.d.n;
 		} else if(!strcmp(pblkProperty.descr[i].name, "field.delimiter")) {
@@ -1523,10 +1538,18 @@ createPropertyTpe(struct template *pTpl, struct cnfobj *o)
 		topos = 2000000000; /* large enough ;) */
 	if(frompos == -1 && topos != -1)
 		frompos = 0;
-	if(topos < frompos) {
-		errmsg.LogError(0, RS_RET_ERR, "position.to=%d is lower than postion.from=%d\n",
-			topos, frompos);
-		ABORT_FINALIZE(RS_RET_ERR);
+	if(bPosRelativeToEnd) {
+		if(topos > frompos) {
+			errmsg.LogError(0, RS_RET_ERR, "position.to=%d is higher than postion.from=%d in 'relativeToEnd' mode\n",
+				topos, frompos);
+			ABORT_FINALIZE(RS_RET_ERR);
+		}
+	} else {
+		if(topos < frompos) {
+			errmsg.LogError(0, RS_RET_ERR, "position.to=%d is lower than postion.from=%d\n",
+				topos, frompos);
+			ABORT_FINALIZE(RS_RET_ERR);
+		}
 	}
 	if(fieldnum != -1 && re_expr != NULL) {
 		errmsg.LogError(0, RS_RET_ERR, "both field extraction and regex extraction "
@@ -1598,6 +1621,7 @@ createPropertyTpe(struct template *pTpl, struct cnfobj *o)
 	if(frompos != -1) {
 		pTpe->data.field.iFromPos = frompos;
 		pTpe->data.field.iToPos = topos;
+		pTpe->data.field.options.bFromPosEndRelative = bPosRelativeToEnd;
 	}
 	if(re_expr != NULL) {
 		rsRetVal iRetLocal;
diff --git a/template.h b/template.h
index 5a35d274..9d27752c 100644
--- a/template.h
+++ b/template.h
@@ -118,6 +118,7 @@ struct templateEntry {
 				unsigned bJSON: 1;		/* format field JSON escaped */
 				unsigned bJSONf: 1;		/* format field JSON *field* (n/v pair) */
 				unsigned bMandatory: 1;		/* mandatory field - emit even if empty */
+				unsigned bFromPosEndRelative: 1;/* is From/To-Pos relative to end of string? */
 			} options;		/* options as bit fields */
 		} field;
 	} data;
-- 
cgit v1.2.3


From f6da383e1c9d3ccfc5742d972c23dc3c718a0b88 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 29 Mar 2013 16:10:50 +0100
Subject: cleanup

---
 runtime/msg.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/runtime/msg.c b/runtime/msg.c
index 1e61e632..a5c52810 100644
--- a/runtime/msg.c
+++ b/runtime/msg.c
@@ -3232,11 +3232,9 @@ uchar *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe,
 		iTo = pTpe->data.field.iToPos;
 		if(bufLen == -1)
 			bufLen = ustrlen(pRes);
-dbgprintf("DDDD: orginal iFrom %u, iTo %u, len %u\n", iFrom, iTo, bufLen);
 		if(pTpe->data.field.options.bFromPosEndRelative) {
 			iFrom = (bufLen < iFrom) ? 0 : bufLen - iFrom;
 			iTo = (bufLen < iTo)? 0 : bufLen - iTo;
-dbgprintf("DDDD: now iFrom %u, iTo %u\n", iFrom, iTo);
 		} else {
 			/* need to zero-base to and from (they are 1-based!) */
 			if(iFrom > 0)
-- 
cgit v1.2.3


From 0f87c631e7eac2ccbd36cd875d64de29dd7c714c Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Tue, 2 Apr 2013 11:31:09 +0200
Subject: add configure check for libgcrypt

---
 configure.ac | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/configure.ac b/configure.ac
index 0c877eea..d6d4c203 100644
--- a/configure.ac
+++ b/configure.ac
@@ -755,6 +755,38 @@ if test "x$enable_gnutls" = "xyes"; then
 fi
 AM_CONDITIONAL(ENABLE_GNUTLS, test x$enable_gnutls = xyes)
 
+# libgcrypt support
+AC_ARG_ENABLE(libgcrypt,
+        [AS_HELP_STRING([--enable-libgcrypt],[Enable libgcrypt support @<:@default=yes@:>@])],
+        [case "${enableval}" in
+         yes) enable_libgcrypt="yes" ;;
+          no) enable_libgcrypt="no" ;;
+           *) AC_MSG_ERROR(bad value ${enableval} for --enable-libgcrypt) ;;
+         esac],
+        [enable_libgcrypt=yes]
+)
+if test "x$enable_libgcrypt" = "xyes"; then
+        AC_CHECK_PROG(
+      	    [HAVE_LIBGCRYPT_CONFIG],
+            [libgcrypt-config],
+            [yes],,,
+            )
+        if test "x${HAVE_LIBGCRYPT_CONFIG}" != "xyes"; then
+           AC_MSG_FAILURE([libgcrypt-config not found in PATH])
+        fi
+        AC_CHECK_LIB(
+		[gcrypt],
+        	[gcry_cipher_open],
+        	[LIBGCRYPT_CFLAGS="`libgcrypt-config --cflags`"
+        	LIBGCRYPT_LIBS="`libgcrypt-config --libs`"
+        	],
+        	[AC_MSG_FAILURE([libgrypt is missing])],
+        	[`libgcrypt-config --libs --cflags`]
+        	)
+	AC_DEFINE([ENABLE_LIBGCRYPT], [1], [Indicator that LIBGCRYPT is present])
+fi
+AM_CONDITIONAL(ENABLE_GNUTLS, test x$enable_gnutls = xyes)
+
 
 # support for building the rsyslogd runtime
 AC_ARG_ENABLE(rsyslogrt,
@@ -1406,6 +1438,7 @@ echo "    GUI components will be built:             $enable_gui"
 echo "    Unlimited select() support enabled:       $enable_unlimited_select"
 echo "    uuid support enabled:                     $enable_uuid"
 echo "    GuardTime signature support enabled:      $enable_guardtime"
+echo "    libgcrypt support enabled:                $enable_libgcrypt"
 echo "    anonymization support enabled:            $enable_mmanon"
 echo
 echo "---{ input plugins }---"
-- 
cgit v1.2.3


From cbf0ed9541fee2a480dda3533d1604a9df4ae9bb Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Thu, 4 Apr 2013 10:07:49 +0200
Subject: bugfix: script == comparison did not work properly on JSON objects

backport from 7.3 branch
---
 ChangeLog              |  2 ++
 grammar/rainerscript.c | 23 +++++++++++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 405e8b18..39b5a8ef 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,8 @@ Version 7.2.7  [v7-stable] 2013-03-??
   The rsyslog debug log file is now continued to be written across the
   fork.
 - updated systemd files to match current systemd source
+- bugfix: script == comparison did not work properly on JSON objects
+  [backport from 7.3 branch]
 - bugfix: imudp scheduling parameters did affect main thread, not imudp
   closes: http://bugzilla.adiscon.com/show_bug.cgi?id=409
 - bugfix: imuxsock rate-limiting could not be configured via legacy conf
diff --git a/grammar/rainerscript.c b/grammar/rainerscript.c
index b04e53b5..c14295af 100644
--- a/grammar/rainerscript.c
+++ b/grammar/rainerscript.c
@@ -1317,6 +1317,29 @@ cnfexprEval(struct cnfexpr *expr, struct var *ret, void* usrptr)
 				}
 				if(r.datatype == 'S') es_deleteStr(r.d.estr);
 			}
+		} else if(l.datatype == 'J') {
+			estr_l = var2String(&l, &bMustFree);
+			if(expr->r->nodetype == 'S') {
+				ret->d.n = !es_strcmp(estr_l, ((struct cnfstringval*)expr->r)->estr); /*CMP*/
+			} else if(expr->r->nodetype == 'A') {
+				ret->d.n = evalStrArrayCmp(estr_l,  (struct cnfarray*) expr->r, CMP_EQ);
+			} else {
+				cnfexprEval(expr->r, &r, usrptr);
+				if(r.datatype == 'S') {
+					ret->d.n = !es_strcmp(estr_l, r.d.estr); /*CMP*/
+				} else {
+					n_l = var2Number(&l, &convok_l);
+					if(convok_l) {
+						ret->d.n = (n_l == r.d.n); /*CMP*/
+					} else {
+						estr_r = var2String(&r, &bMustFree);
+						ret->d.n = !es_strcmp(estr_l, estr_r); /*CMP*/
+						if(bMustFree) es_deleteStr(estr_r);
+					}
+				}
+				if(r.datatype == 'S') es_deleteStr(r.d.estr);
+			}
+			if(bMustFree) es_deleteStr(estr_l);
 		} else {
 			cnfexprEval(expr->r, &r, usrptr);
 			if(r.datatype == 'S') {
-- 
cgit v1.2.3


From 9b85b24d1323c91a06aeef08bbbde7a96afd46d6 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Thu, 4 Apr 2013 16:01:00 +0200
Subject: bugfix: nested if/prifilt conditions did not work properly

closes: http://bugzilla.adiscon.com/show_bug.cgi?id=415
---
 ChangeLog              |   2 +
 grammar/rainerscript.c | 188 +++++++++++++++++++++++++++++++++----------------
 grammar/rainerscript.h |   2 +
 runtime/ruleset.c      |  21 ++++--
 4 files changed, 148 insertions(+), 65 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 39b5a8ef..854a14d3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,8 @@ Version 7.2.7  [v7-stable] 2013-03-??
   The rsyslog debug log file is now continued to be written across the
   fork.
 - updated systemd files to match current systemd source
+- bugfix: nested if/prifilt conditions did not work properly
+  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=415
 - bugfix: script == comparison did not work properly on JSON objects
   [backport from 7.3 branch]
 - bugfix: imudp scheduling parameters did affect main thread, not imudp
diff --git a/grammar/rainerscript.c b/grammar/rainerscript.c
index c14295af..186887b4 100644
--- a/grammar/rainerscript.c
+++ b/grammar/rainerscript.c
@@ -1285,7 +1285,9 @@ cnfexprEval(struct cnfexpr *expr, struct var *ret, void* usrptr)
 	int bMustFree, bMustFree2;
 	long long n_r, n_l;
 
-	dbgprintf("eval expr %p, type '%c'(%u)\n", expr, expr->nodetype, expr->nodetype);
+	DBGPRINTF("eval expr %p, type '%c'[%s](%u)\n", expr, expr->nodetype,
+
+		  tokenval2str(expr->nodetype), expr->nodetype);
 	switch(expr->nodetype) {
 	/* note: comparison operations are extremely similar. The code can be copyied, only
 	 * places flagged with "CMP" need to be changed.
@@ -1939,31 +1941,33 @@ cnfexprPrint(struct cnfexpr *expr, int indent)
 		break;
 	}
 }
+/* print only the given stmt 
+ * if "subtree" equals 1, the full statement subtree is printed, else
+ * really only the statement.
+ */
 void
-cnfstmtPrint(struct cnfstmt *root, int indent)
+cnfstmtPrintOnly(struct cnfstmt *stmt, int indent, sbool subtree)
 {
-	struct cnfstmt *stmt;
 	char *cstr;
-	//dbgprintf("stmt %p, indent %d, type '%c'\n", expr, indent, expr->nodetype);
-	for(stmt = root ; stmt != NULL ; stmt = stmt->next) {
-		switch(stmt->nodetype) {
-		case S_NOP:
-			doIndent(indent); dbgprintf("NOP\n");
-			break;
-		case S_STOP:
-			doIndent(indent); dbgprintf("STOP\n");
-			break;
-		case S_CALL:
-			cstr = es_str2cstr(stmt->d.s_call.name, NULL);
-			doIndent(indent); dbgprintf("CALL [%s]\n", cstr);
-			free(cstr);
-			break;
-		case S_ACT:
-			doIndent(indent); dbgprintf("ACTION %p [%s]\n", stmt->d.act, stmt->printable);
-			break;
-		case S_IF:
-			doIndent(indent); dbgprintf("IF\n");
-			cnfexprPrint(stmt->d.s_if.expr, indent+1);
+	switch(stmt->nodetype) {
+	case S_NOP:
+		doIndent(indent); dbgprintf("NOP\n");
+		break;
+	case S_STOP:
+		doIndent(indent); dbgprintf("STOP\n");
+		break;
+	case S_CALL:
+		cstr = es_str2cstr(stmt->d.s_call.name, NULL);
+		doIndent(indent); dbgprintf("CALL [%s]\n", cstr);
+		free(cstr);
+		break;
+	case S_ACT:
+		doIndent(indent); dbgprintf("ACTION %p [%s]\n", stmt->d.act, stmt->printable);
+		break;
+	case S_IF:
+		doIndent(indent); dbgprintf("IF\n");
+		cnfexprPrint(stmt->d.s_if.expr, indent+1);
+		if(subtree) {
 			doIndent(indent); dbgprintf("THEN\n");
 			cnfstmtPrint(stmt->d.s_if.t_then, indent+1);
 			if(stmt->d.s_if.t_else != NULL) {
@@ -1971,54 +1975,67 @@ cnfstmtPrint(struct cnfstmt *root, int indent)
 				cnfstmtPrint(stmt->d.s_if.t_else, indent+1);
 			}
 			doIndent(indent); dbgprintf("END IF\n");
-			break;
-		case S_SET:
-			doIndent(indent); dbgprintf("SET %s =\n",
-				          stmt->d.s_set.varname);
-			cnfexprPrint(stmt->d.s_set.expr, indent+1);
-			doIndent(indent); dbgprintf("END SET\n");
-			break;
-		case S_UNSET:
-			doIndent(indent); dbgprintf("UNSET %s\n",
-				          stmt->d.s_unset.varname);
-			break;
-		case S_PRIFILT:
-			doIndent(indent); dbgprintf("PRIFILT '%s'\n", stmt->printable);
-			pmaskPrint(stmt->d.s_prifilt.pmask, indent);
+		}
+		break;
+	case S_SET:
+		doIndent(indent); dbgprintf("SET %s =\n",
+				  stmt->d.s_set.varname);
+		cnfexprPrint(stmt->d.s_set.expr, indent+1);
+		doIndent(indent); dbgprintf("END SET\n");
+		break;
+	case S_UNSET:
+		doIndent(indent); dbgprintf("UNSET %s\n",
+				  stmt->d.s_unset.varname);
+		break;
+	case S_PRIFILT:
+		doIndent(indent); dbgprintf("PRIFILT '%s'\n", stmt->printable);
+		pmaskPrint(stmt->d.s_prifilt.pmask, indent);
+		if(subtree) {
 			cnfstmtPrint(stmt->d.s_prifilt.t_then, indent+1);
 			if(stmt->d.s_prifilt.t_else != NULL) {
 				doIndent(indent); dbgprintf("ELSE\n");
 				cnfstmtPrint(stmt->d.s_prifilt.t_else, indent+1);
 			}
 			doIndent(indent); dbgprintf("END PRIFILT\n");
-			break;
-		case S_PROPFILT:
-			doIndent(indent); dbgprintf("PROPFILT\n");
-			doIndent(indent); dbgprintf("\tProperty.: '%s'\n",
-				propIDToName(stmt->d.s_propfilt.propID));
-			if(stmt->d.s_propfilt.propName != NULL) {
-				cstr = es_str2cstr(stmt->d.s_propfilt.propName, NULL);
-				doIndent(indent);
-				dbgprintf("\tCEE-Prop.: '%s'\n", cstr);
-				free(cstr);
-			}
-			doIndent(indent); dbgprintf("\tOperation: ");
-			if(stmt->d.s_propfilt.isNegated)
-				dbgprintf("NOT ");
-			dbgprintf("'%s'\n", getFIOPName(stmt->d.s_propfilt.operation));
-			if(stmt->d.s_propfilt.pCSCompValue != NULL) {
-				doIndent(indent); dbgprintf("\tValue....: '%s'\n",
-				       rsCStrGetSzStrNoNULL(stmt->d.s_propfilt.pCSCompValue));
-			}
+		}
+		break;
+	case S_PROPFILT:
+		doIndent(indent); dbgprintf("PROPFILT\n");
+		doIndent(indent); dbgprintf("\tProperty.: '%s'\n",
+			propIDToName(stmt->d.s_propfilt.propID));
+		if(stmt->d.s_propfilt.propName != NULL) {
+			cstr = es_str2cstr(stmt->d.s_propfilt.propName, NULL);
+			doIndent(indent);
+			dbgprintf("\tCEE-Prop.: '%s'\n", cstr);
+			free(cstr);
+		}
+		doIndent(indent); dbgprintf("\tOperation: ");
+		if(stmt->d.s_propfilt.isNegated)
+			dbgprintf("NOT ");
+		dbgprintf("'%s'\n", getFIOPName(stmt->d.s_propfilt.operation));
+		if(stmt->d.s_propfilt.pCSCompValue != NULL) {
+			doIndent(indent); dbgprintf("\tValue....: '%s'\n",
+			       rsCStrGetSzStrNoNULL(stmt->d.s_propfilt.pCSCompValue));
+		}
+		if(subtree) {
 			doIndent(indent); dbgprintf("THEN\n");
 			cnfstmtPrint(stmt->d.s_propfilt.t_then, indent+1);
 			doIndent(indent); dbgprintf("END PROPFILT\n");
-			break;
-		default:
-			dbgprintf("error: unknown stmt type %u\n",
-				(unsigned) stmt->nodetype);
-			break;
 		}
+		break;
+	default:
+		dbgprintf("error: unknown stmt type %u\n",
+			(unsigned) stmt->nodetype);
+		break;
+	}
+}
+void
+cnfstmtPrint(struct cnfstmt *root, int indent)
+{
+	struct cnfstmt *stmt;
+	//dbgprintf("stmt %p, indent %d, type '%c'\n", expr, indent, expr->nodetype);
+	for(stmt = root ; stmt != NULL ; stmt = stmt->next) {
+		cnfstmtPrintOnly(stmt, indent, 1);
 	}
 }
 
@@ -3099,3 +3116,52 @@ unescapeStr(uchar *s, int len)
 		s[iDst] = '\0';
 	}
 }
+
+char *
+tokenval2str(int tok)
+{
+	if(tok < 256) return "";
+	switch(tok) {
+	case NAME: return "NAME";
+	case FUNC: return "FUNC";
+	case BEGINOBJ: return "BEGINOBJ";
+	case ENDOBJ: return "ENDOBJ";
+	case BEGIN_ACTION: return "BEGIN_ACTION";
+	case BEGIN_PROPERTY: return "BEGIN_PROPERTY";
+	case BEGIN_CONSTANT: return "BEGIN_CONSTANT";
+	case BEGIN_TPL: return "BEGIN_TPL";
+	case BEGIN_RULESET: return "BEGIN_RULESET";
+	case STOP: return "STOP";
+	case SET: return "SET";
+	case UNSET: return "UNSET";
+	case CONTINUE: return "CONTINUE";
+	case CALL: return "CALL";
+	case LEGACY_ACTION: return "LEGACY_ACTION";
+	case LEGACY_RULESET: return "LEGACY_RULESET";
+	case PRIFILT: return "PRIFILT";
+	case PROPFILT: return "PROPFILT";
+	case BSD_TAG_SELECTOR: return "BSD_TAG_SELECTOR";
+	case BSD_HOST_SELECTOR: return "BSD_HOST_SELECTOR";
+	case IF: return "IF";
+	case THEN: return "THEN";
+	case ELSE: return "ELSE";
+	case OR: return "OR";
+	case AND: return "AND";
+	case NOT: return "NOT";
+	case VAR: return "VAR";
+	case STRING: return "STRING";
+	case NUMBER: return "NUMBER";
+	case CMP_EQ: return "CMP_EQ";
+	case CMP_NE: return "CMP_NE";
+	case CMP_LE: return "CMP_LE";
+	case CMP_GE: return "CMP_GE";
+	case CMP_LT: return "CMP_LT";
+	case CMP_GT: return "CMP_GT";
+	case CMP_CONTAINS: return "CMP_CONTAINS";
+	case CMP_CONTAINSI: return "CMP_CONTAINSI";
+	case CMP_STARTSWITH: return "CMP_STARTSWITH";
+	case CMP_STARTSWITHI: return "CMP_STARTSWITHI";
+	case UMINUS: return "UMINUS";
+	default: return "UNKNOWN TOKEN";
+	}
+}
diff --git a/grammar/rainerscript.h b/grammar/rainerscript.h
index 59ce53f3..c9bcbcc9 100644
--- a/grammar/rainerscript.h
+++ b/grammar/rainerscript.h
@@ -317,6 +317,7 @@ int cnfparamvalsIsSet(struct cnfparamblk *params, struct cnfparamvals *vals);
 void varDelete(struct var *v);
 void cnfparamvalsDestruct(struct cnfparamvals *paramvals, struct cnfparamblk *blk);
 struct cnfstmt * cnfstmtNew(unsigned s_type);
+void cnfstmtPrintOnly(struct cnfstmt *stmt, int indent, sbool subtree);
 void cnfstmtPrint(struct cnfstmt *stmt, int indent);
 struct cnfstmt* scriptAddStmt(struct cnfstmt *root, struct cnfstmt *s);
 struct objlst* objlstAdd(struct objlst *root, struct cnfobj *o);
@@ -338,6 +339,7 @@ void cnfarrayContentDestruct(struct cnfarray *ar);
 char* getFIOPName(unsigned iFIOP);
 rsRetVal initRainerscript(void);
 void unescapeStr(uchar *s, int len);
+char * tokenval2str(int tok);
 
 /* debug helper */
 void cstrPrint(char *text, es_str_t *estr);
diff --git a/runtime/ruleset.c b/runtime/ruleset.c
index b74f8ec8..79d2c09d 100644
--- a/runtime/ruleset.c
+++ b/runtime/ruleset.c
@@ -297,6 +297,7 @@ execIf(struct cnfstmt *stmt, batch_t *pBatch, sbool *active)
 	sbool *newAct;
 	int i;
 	sbool bRet;
+	sbool allInactive = 1;
 	DEFiRet;
 	newAct = newActive(pBatch);
 	for(i = 0 ; i < batchNumMsgs(pBatch) ; ++i) {
@@ -307,12 +308,19 @@ execIf(struct cnfstmt *stmt, batch_t *pBatch, sbool *active)
 		if(active == NULL || active[i]) {
 			bRet = cnfexprEvalBool(stmt->d.s_if.expr,
 					       (msg_t*)(pBatch->pElem[i].pUsrp));
+			allInactive = 0;
 		} else 
 			bRet = 0;
 		newAct[i] = bRet;
 		DBGPRINTF("batch: item %d: expr eval: %d\n", i, bRet);
 	}
 
+	if(allInactive) {
+		DBGPRINTF("execIf: all batch elements are inactive, holding execution\n");
+		freeActive(newAct);
+		FINALIZE;
+	}
+
 	if(stmt->d.s_if.t_then != NULL) {
 		scriptExec(stmt->d.s_if.t_then, pBatch, newAct);
 	}
@@ -320,7 +328,8 @@ execIf(struct cnfstmt *stmt, batch_t *pBatch, sbool *active)
 		for(i = 0 ; i < batchNumMsgs(pBatch) ; ++i) {
 			if(*(pBatch->pbShutdownImmediate))
 				FINALIZE;
-			if(pBatch->pElem[i].state != BATCH_STATE_DISC)
+			if(pBatch->pElem[i].state != BATCH_STATE_DISC
+			   && (active == NULL || active[i]))
 				newAct[i] = !newAct[i];
 			}
 		scriptExec(stmt->d.s_if.t_else, pBatch, newAct);
@@ -365,7 +374,8 @@ execPRIFILT(struct cnfstmt *stmt, batch_t *pBatch, sbool *active)
 		for(i = 0 ; i < batchNumMsgs(pBatch) ; ++i) {
 			if(*(pBatch->pbShutdownImmediate))
 				return;
-			if(pBatch->pElem[i].state != BATCH_STATE_DISC)
+			if(pBatch->pElem[i].state != BATCH_STATE_DISC
+			   && (active == NULL || active[i]))
 				newAct[i] = !newAct[i];
 			}
 		scriptExec(stmt->d.s_prifilt.t_else, pBatch, newAct);
@@ -504,7 +514,11 @@ scriptExec(struct cnfstmt *root, batch_t *pBatch, sbool *active)
 	struct cnfstmt *stmt;
 
 	for(stmt = root ; stmt != NULL ; stmt = stmt->next) {
-dbgprintf("RRRR: scriptExec: batch of %d elements, active %p, stmt %p, nodetype %u\n", batchNumMsgs(pBatch), active, stmt, stmt->nodetype);
+		if(Debug) {
+			dbgprintf("scriptExec: batch of %d elements, active %p, active[0]:%d\n",
+				  batchNumMsgs(pBatch), active, (active == NULL ? 1 : active[0]));
+			cnfstmtPrintOnly(stmt, 2, 0);
+		}
 		switch(stmt->nodetype) {
 		case S_NOP:
 			break;
@@ -521,7 +535,6 @@ dbgprintf("RRRR: scriptExec: batch of %d elements, active %p, stmt %p, nodetype
 			execUnset(stmt, pBatch, active);
 			break;
 		case S_CALL:
-			DBGPRINTF("calling ruleset\n"); // TODO: add Name
 			scriptExec(stmt->d.s_call.stmt, pBatch, active);
 			break;
 		case S_IF:
-- 
cgit v1.2.3


From 0cee769fcdc9716ccb2a60b6473062a60f640bb3 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 5 Apr 2013 12:08:49 +0200
Subject: log encryption: initial PoC implementation

rough baseline, needs to be extended for actual use.
---
 configure.ac         |   2 +-
 runtime/Makefile.am  |  22 ++++-
 runtime/cryprov.h    |  41 ++++++++++
 runtime/libgcry.c    | 224 +++++++++++++++++++++++++++++++++++++++++++++++++++
 runtime/libgcry.h    |  47 +++++++++++
 runtime/lmcry_gcry.c | 224 +++++++++++++++++++++++++++++++++++++++++++++++++++
 runtime/lmcry_gcry.h |  39 +++++++++
 runtime/rsyslog.h    |   1 +
 runtime/stream.c     |  27 ++++++-
 runtime/stream.h     |  11 ++-
 tools/Makefile.am    |   2 +-
 tools/omfile.c       |  71 +++++++++++++++-
 12 files changed, 701 insertions(+), 10 deletions(-)
 create mode 100644 runtime/cryprov.h
 create mode 100644 runtime/libgcry.c
 create mode 100644 runtime/libgcry.h
 create mode 100644 runtime/lmcry_gcry.c
 create mode 100644 runtime/lmcry_gcry.h

diff --git a/configure.ac b/configure.ac
index d6d4c203..0ec29f0d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -785,7 +785,7 @@ if test "x$enable_libgcrypt" = "xyes"; then
         	)
 	AC_DEFINE([ENABLE_LIBGCRYPT], [1], [Indicator that LIBGCRYPT is present])
 fi
-AM_CONDITIONAL(ENABLE_GNUTLS, test x$enable_gnutls = xyes)
+AM_CONDITIONAL(ENABLE_LIBGCRYPT, test x$enable_libgcrypt = xyes)
 
 
 # support for building the rsyslogd runtime
diff --git a/runtime/Makefile.am b/runtime/Makefile.am
index c05cc773..be68ce60 100644
--- a/runtime/Makefile.am
+++ b/runtime/Makefile.am
@@ -96,12 +96,12 @@ librsyslog_la_SOURCES = \
 #
 
 if WITH_MODDIRS
-librsyslog_la_CPPFLAGS = -DSD_EXPORT_SYMBOLS -D_PATH_MODDIR=\"$(pkglibdir)/:$(moddirs)\" $(PTHREADS_CFLAGS) $(LIBEE_CFLAGS) -I\$(top_srcdir)/tools
+librsyslog_la_CPPFLAGS = -DSD_EXPORT_SYMBOLS -D_PATH_MODDIR=\"$(pkglibdir)/:$(moddirs)\" $(PTHREADS_CFLAGS) $(LIBEE_CFLAGS) $(LIBGCRYPT_CFLAGS) -I\$(top_srcdir)/tools
 else
-librsyslog_la_CPPFLAGS = -DSD_EXPORT_SYMBOLS -D_PATH_MODDIR=\"$(pkglibdir)/\" -I$(top_srcdir) $(PTHREADS_CFLAGS) $(LIBEE_CFLAGS) -I\$(top_srcdir)/tools -I\$(top_srcdir)/grammar
+librsyslog_la_CPPFLAGS = -DSD_EXPORT_SYMBOLS -D_PATH_MODDIR=\"$(pkglibdir)/\" -I$(top_srcdir) $(PTHREADS_CFLAGS) $(LIBEE_CFLAGS) $(LIBGCRYPT_CFLAGS) -I\$(top_srcdir)/tools -I\$(top_srcdir)/grammar
 endif
 #librsyslog_la_LDFLAGS = -module -avoid-version
-librsyslog_la_LIBADD =  $(DL_LIBS) $(RT_LIBS) $(LIBEE_LIBS)
+librsyslog_la_LIBADD =  $(DL_LIBS) $(RT_LIBS) $(LIBGCRYPT_LIBS) $(LIBEE_LIBS)
 
 #
 # regular expression support
@@ -174,6 +174,22 @@ lmnsd_gtls_la_LDFLAGS = -module -avoid-version
 lmnsd_gtls_la_LIBADD = $(GNUTLS_LIBS)
 endif
 
+#
+# support library for libgcrypt
+#
+if ENABLE_LIBGCRYPT
+#noinst_LTLIBRARIES += libgcry.la
+#libgcry_la_SOURCES = libgcry.c libgcry.h
+#libcgry_la_CPPFLAGS = $(RSRT_CFLAGS) $(LIBGCRYPT_CFLAGS)
+   pkglib_LTLIBRARIES += lmcry_gcry.la
+   lmcry_gcry_la_SOURCES = lmcry_gcry.c lmcry_gcry.h libgcry.c libgcry.h
+   lmcry_gcry_la_CPPFLAGS = $(RSRT_CFLAGS) $(LIBGCRYPT_CFLAGS)
+   lmcry_gcry_la_LDFLAGS = -module -avoid-version
+#lmcry_gcry_la_LIBADD = libgcry.la $(LIBGCRYPT_LIBS)
+   lmcry_gcry_la_LIBADD = $(LIBGCRYPT_LIBS)
+endif
+
+
 #
 # support library for guardtime
 #
diff --git a/runtime/cryprov.h b/runtime/cryprov.h
new file mode 100644
index 00000000..c5ee95a0
--- /dev/null
+++ b/runtime/cryprov.h
@@ -0,0 +1,41 @@
+/* The interface definition for (file) crypto providers.
+ *
+ * This is just an abstract driver interface, which needs to be
+ * implemented by concrete classes.
+ *
+ * Copyright 2013 Adiscon GmbH.
+ *
+ * This file is part of the rsyslog runtime library.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *       -or-
+ *       see COPYING.ASL20 in the source distribution
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef INCLUDED_CRYPROV_H
+#define INCLUDED_CRYPROV_H
+
+#include <gcrypt.h>
+
+/* interface */
+BEGINinterface(cryprov) /* name must also be changed in ENDinterface macro! */
+	rsRetVal (*Construct)(void *ppThis);
+	rsRetVal (*SetCnfParam)(void *ppThis, struct nvlst *lst);
+	rsRetVal (*Destruct)(void *ppThis);
+	rsRetVal (*OnFileOpen)(void *pThis, uchar *fn, void *pFileInstData);
+	rsRetVal (*Encrypt)(void *pFileInstData, uchar *buf, size_t *lenBuf);
+	rsRetVal (*OnFileClose)(void *pFileInstData);
+ENDinterface(cryprov)
+#define cryprovCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */
+rsRetVal initCrypt(int gcry_mode, char * iniVector);
+rsRetVal doCrypt(char *buf, size_t *len);
+#endif /* #ifndef INCLUDED_CRYPROV_H */
diff --git a/runtime/libgcry.c b/runtime/libgcry.c
new file mode 100644
index 00000000..8184c160
--- /dev/null
+++ b/runtime/libgcry.c
@@ -0,0 +1,224 @@
+/* gcry.c - rsyslog's libgcrypt based crypto provider
+ *
+ * Copyright 2013 Adiscon GmbH.
+ *
+ * This file is part of rsyslog.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *       -or-
+ *       see COPYING.ASL20 in the source distribution
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#if HAVE_CONFIG_H
+#include "config.h"
+#endif
+#include <stdio.h>
+#include <gcrypt.h>
+
+#include "rsyslog.h"
+#include "libgcry.h"
+
+
+static inline gcryfile
+gcryfileConstruct(gcryctx ctx)
+{
+	gcryfile gf;
+	if((gf = calloc(1, sizeof(struct gcryfile_s))) == NULL)
+		goto done;
+	gf->ctx = ctx;
+done:	return gf;
+}
+gcryctx
+gcryCtxNew(void)
+{
+	gcryctx ctx;
+	ctx = calloc(1, sizeof(struct gcryctx_s));
+	return ctx;
+}
+
+int
+gcryfileDestruct(gcryfile gf)
+{
+	int r = 0;
+	if(gf == NULL)
+		goto done;
+
+	free(gf);
+done:	return r;
+}
+void
+rsgcryCtxDel(gcryctx ctx)
+{
+	if(ctx != NULL) {
+		free(ctx);
+	}
+}
+
+static inline void
+addPadding(gcryfile pF, uchar *buf, size_t *plen)
+{
+	unsigned i;
+	size_t nPad;
+	nPad = (pF->blkLength - *plen % pF->blkLength) % pF->blkLength;
+	dbgprintf("DDDD: addPadding %d chars, blkLength %d, mod %d, pad %d\n",
+		  *plen, pF->blkLength, *plen % pF->blkLength, nPad);
+	for(i = 0 ; i < nPad ; ++i)
+		buf[(*plen)+i] = 0x00;
+	(*plen)+= nPad;
+}
+
+static inline void
+removePadding(char *buf, size_t *plen)
+{
+	unsigned len = (unsigned) *plen;
+	unsigned iSrc, iDst;
+	char *frstNUL;
+
+	frstNUL = strchr(buf, 0x00);
+	if(frstNUL == NULL)
+		goto done;
+	iDst = iSrc = frstNUL - buf;
+
+	while(iSrc < len) {
+		if(buf[iSrc] != 0x00)
+			buf[iDst++] = buf[iSrc];
+		++iSrc;
+	}
+
+	*plen = iDst;
+done:	return;
+}
+
+rsRetVal
+rsgcryInitCrypt(gcryctx ctx, gcryfile *pgf, int gcry_mode, char *iniVector)
+{
+	#define GCRY_CIPHER GCRY_CIPHER_3DES  // TODO: make configurable
+	size_t keyLength;
+	char *aesSymKey = "123456789012345678901234"; // TODO: TEST ONLY
+	gcry_error_t     gcryError;
+	gcryfile gf = NULL;
+	DEFiRet;
+
+	CHKmalloc(gf = gcryfileConstruct(ctx));
+
+	gf->blkLength = gcry_cipher_get_algo_blklen(GCRY_CIPHER);
+	keyLength = gcry_cipher_get_algo_keylen(GCRY_CIPHER);
+
+	gcryError = gcry_cipher_open(
+		&gf->chd, // gcry_cipher_hd_t *
+		GCRY_CIPHER,   // int
+		gcry_mode,     // int
+		0);            // unsigned int
+	if (gcryError) {
+		dbgprintf("gcry_cipher_open failed:  %s/%s\n",
+			gcry_strsource(gcryError),
+			gcry_strerror(gcryError));
+		ABORT_FINALIZE(RS_RET_ERR);
+	}
+
+	gcryError = gcry_cipher_setkey(gf->chd, aesSymKey, keyLength);
+	if (gcryError) {
+		dbgprintf("gcry_cipher_setkey failed:  %s/%s\n",
+			gcry_strsource(gcryError),
+			gcry_strerror(gcryError));
+		ABORT_FINALIZE(RS_RET_ERR);
+	}
+
+	gcryError = gcry_cipher_setiv(gf->chd, iniVector, gf->blkLength);
+	if (gcryError) {
+		dbgprintf("gcry_cipher_setiv failed:  %s/%s\n",
+			gcry_strsource(gcryError),
+			gcry_strerror(gcryError));
+		ABORT_FINALIZE(RS_RET_ERR);
+	}
+	*pgf = gf;
+finalize_it:
+	if(iRet != RS_RET_OK && gf != NULL)
+		gcryfileDestruct(gf);
+	RETiRet;
+}
+
+int
+rsgcryEncrypt(gcryfile pF, uchar *buf, size_t *len)
+{
+	int gcryError;
+	DEFiRet;
+	
+	if(*len == 0)
+		FINALIZE;
+
+	addPadding(pF, buf, len);
+	gcryError = gcry_cipher_encrypt(pF->chd, buf, *len, NULL, 0);
+	if(gcryError) {
+		dbgprintf("gcry_cipher_encrypt failed:  %s/%s\n",
+			gcry_strsource(gcryError),
+			gcry_strerror(gcryError));
+		ABORT_FINALIZE(RS_RET_ERR);
+	}
+finalize_it:
+	RETiRet;
+}
+
+
+/* module-init dummy for potential later use */
+int
+rsgcryInit(void)
+{
+	return 0;
+}
+
+/* module-deinit dummy for potential later use */
+void
+rsgcryExit(void)
+{
+	return;
+}
+
+#if 0 // we use this for the tool, only!
+static void
+doDeCrypt(FILE *fpin, FILE *fpout)
+{
+	gcry_error_t     gcryError;
+	char	buf[64*1024];
+	size_t	nRead, nWritten;
+	size_t nPad;
+	
+	while(1) {
+		nRead = fread(buf, 1, sizeof(buf), fpin);
+		if(nRead == 0)
+			break;
+		nPad = (blkLength - nRead % blkLength) % blkLength;
+		fprintf(stderr, "read %d chars, blkLength %d, mod %d, pad %d\n", nRead, blkLength,
+			nRead % blkLength, nPad);
+		gcryError = gcry_cipher_decrypt(
+				gcryCipherHd, // gcry_cipher_hd_t
+				buf,    // void *
+				nRead,    // size_t
+				NULL,    // const void *
+				0);   // size_t
+		if (gcryError) {
+			fprintf(stderr, "gcry_cipher_encrypt failed:  %s/%s\n",
+			gcry_strsource(gcryError),
+			gcry_strerror(gcryError));
+			return;
+		}
+fprintf(stderr, "in remove pad, %d\n", nRead);
+		removePadding(buf, &nRead);
+fprintf(stderr, "out remove pad %d\n", nRead);
+		nWritten = fwrite(buf, 1, nRead, fpout);
+		if(nWritten != nRead) {
+			perror("fpout");
+			return;
+		}
+	}
+}
+#endif
diff --git a/runtime/libgcry.h b/runtime/libgcry.h
new file mode 100644
index 00000000..0405162f
--- /dev/null
+++ b/runtime/libgcry.h
@@ -0,0 +1,47 @@
+/* libgcry.h - rsyslog's guardtime support library
+ *
+ * Copyright 2013 Adiscon GmbH.
+ *
+ * This file is part of rsyslog.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *       -or-
+ *       see COPYING.ASL20 in the source distribution
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef INCLUDED_LIBGCRY_H
+#define INCLUDED_LIBGCRY_H
+#include <gt_base.h>
+
+
+struct gcryctx_s {
+	void *usrptr; /* for error function */
+};
+typedef struct gcryctx_s *gcryctx;
+typedef struct gcryfile_s *gcryfile;
+
+/* this describes a file, as far as libgcry is concerned */
+struct gcryfile_s {
+	gcry_cipher_hd_t chd; /* cypher handle */
+	size_t blkLength; /* size of low-level crypto block */
+	gcryctx ctx;
+};
+
+int rsgcryInit(void);
+void rsgcryExit(void);
+gcryctx gcryCtxNew(void);
+void rsgcryCtxDel(gcryctx ctx);
+int gcryfileDestruct(gcryfile gf);
+rsRetVal rsgcryInitCrypt(gcryctx ctx, gcryfile *pgf, int gcry_mode, char * iniVector);
+int rsgcryEncrypt(gcryfile pF, uchar *buf, size_t *len);
+
+#endif  /* #ifndef INCLUDED_LIBGCRY_H */
diff --git a/runtime/lmcry_gcry.c b/runtime/lmcry_gcry.c
new file mode 100644
index 00000000..6800055d
--- /dev/null
+++ b/runtime/lmcry_gcry.c
@@ -0,0 +1,224 @@
+/* lmcry_gcry.c
+ *
+ * An implementation of the cryprov interface for libgcrypt.
+ * 
+ * Copyright 2013 Rainer Gerhards and Adiscon GmbH.
+ *
+ * This file is part of the rsyslog runtime library.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *       -or-
+ *       see COPYING.ASL20 in the source distribution
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "config.h"
+
+#include "rsyslog.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "module-template.h"
+#include "glbl.h"
+#include "errmsg.h"
+#include "cryprov.h"
+#include "libgcry.h"
+#include "lmcry_gcry.h"
+
+MODULE_TYPE_LIB
+MODULE_TYPE_NOKEEP
+
+/* static data */
+DEFobjStaticHelpers
+DEFobjCurrIf(errmsg)
+DEFobjCurrIf(glbl)
+
+/* tables for interfacing with the v6 config system */
+static struct cnfparamdescr cnfpdescr[] = {
+	{ "cry.mode", eCmdHdlrGetWord, 0 }, /* CBC, ECB, etc */
+	{ "cry.algo", eCmdHdlrGetWord, 0 }
+};
+static struct cnfparamblk pblk =
+	{ CNFPARAMBLK_VERSION,
+	  sizeof(cnfpdescr)/sizeof(struct cnfparamdescr),
+	  cnfpdescr
+	};
+
+
+#if 0
+static void
+errfunc(__attribute__((unused)) void *usrptr, uchar *emsg)
+{
+	errmsg.LogError(0, RS_RET_CRYPROV_ERR, "Crypto Provider"
+		"Error: %s - disabling encryption", emsg);
+}
+#endif
+
+/* Standard-Constructor
+ */
+BEGINobjConstruct(lmcry_gcry)
+	dbgprintf("DDDD: lmcry_gcry: called construct\n");
+	pThis->ctx = gcryCtxNew();
+ENDobjConstruct(lmcry_gcry)
+
+
+/* destructor for the lmcry_gcry object */
+BEGINobjDestruct(lmcry_gcry) /* be sure to specify the object type also in END and CODESTART macros! */
+CODESTARTobjDestruct(lmcry_gcry)
+	dbgprintf("DDDD: lmcry_gcry: called destruct\n");
+	rsgcryCtxDel(pThis->ctx);
+ENDobjDestruct(lmcry_gcry)
+
+
+/* apply all params from param block to us. This must be called
+ * after construction, but before the OnFileOpen() entry point.
+ * Defaults are expected to have been set during construction.
+ */
+rsRetVal
+SetCnfParam(void *pT, struct nvlst *lst)
+{
+	lmcry_gcry_t *pThis = (lmcry_gcry_t*) pT;
+	int i;
+	uchar *cstr;
+	struct cnfparamvals *pvals;
+	pvals = nvlstGetParams(lst, &pblk, NULL);
+	if(Debug) {
+		dbgprintf("param blk in lmcry_gcry:\n");
+		cnfparamsPrint(&pblk, pvals);
+	}
+
+	for(i = 0 ; i < pblk.nParams ; ++i) {
+		if(!pvals[i].bUsed)
+			continue;
+#if 0
+		if(!strcmp(pblk.descr[i].name, "sig.hashfunction")) {
+			cstr = (uchar*) es_str2cstr(pvals[i].val.d.estr, NULL);
+			if(gcrySetHashFunction(pThis->ctx, (char*)cstr) != 0) {
+				errmsg.LogError(0, RS_RET_ERR, "Hash function "
+					"'%s' unknown - using default", cstr);
+			}
+			free(cstr);
+		} else if(!strcmp(pblk.descr[i].name, "sig.timestampservice")) {
+			cstr = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+			gcrySetTimestamper(pThis->ctx, (char*) cstr);
+			free(cstr);
+		} else if(!strcmp(pblk.descr[i].name, "sig.block.sizelimit")) {
+			gcrySetBlockSizeLimit(pThis->ctx, pvals[i].val.d.n);
+		} else if(!strcmp(pblk.descr[i].name, "sig.keeprecordhashes")) {
+			gcrySetKeepRecordHashes(pThis->ctx, pvals[i].val.d.n);
+		} else if(!strcmp(pblk.descr[i].name, "sig.keeptreehashes")) {
+			gcrySetKeepTreeHashes(pThis->ctx, pvals[i].val.d.n);
+		} else {
+			DBGPRINTF("lmcry_gcry: program error, non-handled "
+			  "param '%s'\n", pblk.descr[i].name);
+		}
+#endif
+	}
+	cnfparamvalsDestruct(pvals, &pblk);
+	return RS_RET_OK;
+}
+
+
+static rsRetVal
+OnFileOpen(void *pT, uchar *fn, void *pGF)
+{
+	lmcry_gcry_t *pThis = (lmcry_gcry_t*) pT;
+	gcryfile *pgf = (gcryfile*) pGF;
+	DEFiRet;
+dbgprintf("DDDD: cry: onFileOpen: %s\n", fn);
+	/* note: if *pgf is set to NULL, this auto-disables GT functions */
+	//*pgf = gcryCtxOpenFile(pThis->ctx, fn);
+
+	CHKiRet(rsgcryInitCrypt(pThis->ctx, pgf, GCRY_CIPHER_MODE_CBC, "TODO: init value"));
+finalize_it:
+	RETiRet;
+}
+
+static rsRetVal
+Encrypt(void *pF, uchar *rec, size_t *lenRec)
+{
+	DEFiRet;
+dbgprintf("DDDD: Encrypt (%u): %s\n", *lenRec-1, rec);
+	iRet = rsgcryEncrypt(pF, rec, lenRec);
+
+	RETiRet;
+}
+
+static rsRetVal
+OnFileClose(void *pF)
+{
+	DEFiRet;
+dbgprintf("DDDD: onFileClose\n");
+	gcryfileDestruct(pF);
+
+	RETiRet;
+}
+
+BEGINobjQueryInterface(lmcry_gcry)
+CODESTARTobjQueryInterface(lmcry_gcry)
+	 if(pIf->ifVersion != cryprovCURR_IF_VERSION) {/* check for current version, increment on each change */
+		ABORT_FINALIZE(RS_RET_INTERFACE_NOT_SUPPORTED);
+	}
+	pIf->Construct = (rsRetVal(*)(void*)) lmcry_gcryConstruct;
+	pIf->SetCnfParam = SetCnfParam;
+	pIf->Destruct = (rsRetVal(*)(void*)) lmcry_gcryDestruct;
+	pIf->OnFileOpen = OnFileOpen;
+	pIf->Encrypt = Encrypt;
+	pIf->OnFileClose = OnFileClose;
+finalize_it:
+ENDobjQueryInterface(lmcry_gcry)
+
+
+BEGINObjClassExit(lmcry_gcry, OBJ_IS_LOADABLE_MODULE) /* CHANGE class also in END MACRO! */
+CODESTARTObjClassExit(lmcry_gcry)
+	/* release objects we no longer need */
+	objRelease(errmsg, CORE_COMPONENT);
+	objRelease(glbl, CORE_COMPONENT);
+
+	rsgcryExit();
+ENDObjClassExit(lmcry_gcry)
+
+
+BEGINObjClassInit(lmcry_gcry, 1, OBJ_IS_LOADABLE_MODULE) /* class, version */
+	/* request objects we use */
+	CHKiRet(objUse(errmsg, CORE_COMPONENT));
+	CHKiRet(objUse(glbl, CORE_COMPONENT));
+
+	if(rsgcryInit() != 0) {
+		errmsg.LogError(0, RS_RET_CRYPROV_ERR, "error initializing "
+			"crypto provider - cannot encrypt");
+		ABORT_FINALIZE(RS_RET_CRYPROV_ERR);
+	}
+ENDObjClassInit(lmcry_gcry)
+
+
+/* --------------- here now comes the plumbing that makes as a library module --------------- */
+
+
+BEGINmodExit
+CODESTARTmodExit
+	lmcry_gcryClassExit();
+ENDmodExit
+
+
+BEGINqueryEtryPt
+CODESTARTqueryEtryPt
+CODEqueryEtryPt_STD_LIB_QUERIES
+ENDqueryEtryPt
+
+
+BEGINmodInit()
+CODESTARTmodInit
+	*ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */
+	/* Initialize all classes that are in our module - this includes ourselfs */
+	CHKiRet(lmcry_gcryClassInit(pModInfo)); /* must be done after tcps_sess, as we use it */
+ENDmodInit
diff --git a/runtime/lmcry_gcry.h b/runtime/lmcry_gcry.h
new file mode 100644
index 00000000..c0205ab9
--- /dev/null
+++ b/runtime/lmcry_gcry.h
@@ -0,0 +1,39 @@
+/* An implementation of the cryprov interface for libgcrypt.
+ *
+ * Copyright 2013 Adiscon GmbH.
+ *
+ * This file is part of the rsyslog runtime library.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *       -or-
+ *       see COPYING.ASL20 in the source distribution
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef INCLUDED_LMCRY_GCRY_H
+#define INCLUDED_LMCRY_GCRY_H
+#include "cryprov.h"
+
+/* interface is defined in cryprov.h, we just implement it! */
+#define lmcry_gcryCURR_IF_VERSION cryprovCURR_IF_VERSION
+typedef cryprov_if_t lmcry_gcry_if_t;
+
+/* the lmcry_gcry object */
+struct lmcry_gcry_s {
+	BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */
+	gcryctx ctx;
+};
+typedef struct lmcry_gcry_s lmcry_gcry_t;
+
+/* prototypes */
+PROTOTYPEObj(lmcry_gcry);
+
+#endif /* #ifndef INCLUDED_LMCRY_GCRY_H */
diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h
index 5ba6ede7..cbc0401b 100644
--- a/runtime/rsyslog.h
+++ b/runtime/rsyslog.h
@@ -403,6 +403,7 @@ enum rsRetVal_				/** return value. All methods return this if not specified oth
 	RS_RET_INVLD_ANON_BITS = -2312,/**< mmanon: invalid number of bits to anonymize specified */
 	RS_RET_REPLCHAR_IGNORED = -2313,/**< mmanon: replacementChar parameter is ignored */
 	RS_RET_SIGPROV_ERR = -2320,/**< error in signature provider */
+	RS_RET_CRYPROV_ERR = -2321,/**< error in cryptography encryption provider */
 
 	/* RainerScript error messages (range 1000.. 1999) */
 	RS_RET_SYSVAR_NOT_FOUND = 1001, /**< system variable could not be found (maybe misspelled) */
diff --git a/runtime/stream.c b/runtime/stream.c
index 00afcdaa..941fc39d 100644
--- a/runtime/stream.c
+++ b/runtime/stream.c
@@ -16,7 +16,7 @@
  * it turns out to be problematic. Then, we need to quasi-refcount the number of accesses
  * to the object.
  *
- * Copyright 2008-2012 Rainer Gerhards and Adiscon GmbH.
+ * Copyright 2008-2013 Rainer Gerhards and Adiscon GmbH.
  *
  * This file is part of the rsyslog runtime library.
  *
@@ -56,6 +56,7 @@
 #include "stream.h"
 #include "unicode-helper.h"
 #include "module-template.h"
+#include "cryprov.h"
 #if HAVE_SYS_PRCTL_H
 #  include <sys/prctl.h>
 #endif
@@ -253,6 +254,12 @@ doPhysOpen(strm_t *pThis)
 		pThis->bIsTTY = 0;
 	}
 
+dbgprintf("DDDD: cryprov %p\n", pThis->cryprov);
+	if(pThis->cryprov != NULL) {
+		iRet = pThis->cryprov->OnFileOpen(pThis->cryprovData,
+		 	pThis->pszCurrFName, &pThis->cryprovFileData);
+dbgprintf("DDDD: iREt cryprov->onFileOpen: %d\n", iRet);
+	}
 finalize_it:
 	RETiRet;
 }
@@ -405,6 +412,10 @@ static rsRetVal strmCloseFile(strm_t *pThis)
 		close(pThis->fd);
 		pThis->fd = -1;
 		pThis->inode = 0;
+		if(pThis->cryprov != NULL) {
+			pThis->cryprov->OnFileClose(pThis->cryprovFileData);
+			pThis->cryprovFileData = NULL;
+		}
 	}
 
 	if(pThis->fdDir != -1) {
@@ -1200,10 +1211,18 @@ strmPhysWrite(strm_t *pThis, uchar *pBuf, size_t lenBuf)
 	DEFiRet;
 	ISOBJ_TYPE_assert(pThis, strm);
 
-	DBGPRINTF("strmPhysWrite, stream %p, len %d\n", pThis, (int) lenBuf);
+	DBGPRINTF("strmPhysWrite, stream %p, len %u\n", pThis, (unsigned)lenBuf);
 	if(pThis->fd == -1)
 		CHKiRet(strmOpenFile(pThis));
 
+	/* here we place our crypto interface */
+dbgprintf("DDDD: doing crypto, len %d\n", lenBuf);
+	if(pThis->cryprov != NULL) {
+		pThis->cryprov->Encrypt(pThis->cryprovFileData, pBuf, &lenBuf);
+	}
+dbgprintf("DDDD: done crypto, len %d\n", lenBuf);
+	/* end crypto */
+
 	iWritten = lenBuf;
 	CHKiRet(doWriteCall(pThis, pBuf, &iWritten));
 
@@ -1600,6 +1619,8 @@ DEFpropSetMeth(strm, sIOBufSize, size_t)
 DEFpropSetMeth(strm, iSizeLimit, off_t)
 DEFpropSetMeth(strm, iFlushInterval, int)
 DEFpropSetMeth(strm, pszSizeLimitCmd, uchar*)
+DEFpropSetMeth(strm, cryprov, cryprov_if_t*)
+DEFpropSetMeth(strm, cryprovData, void*)
 
 static rsRetVal strmSetiMaxFiles(strm_t *pThis, int iNewVal)
 {
@@ -1935,6 +1956,8 @@ CODESTARTobjQueryInterface(strm)
 	pIf->SetiSizeLimit = strmSetiSizeLimit;
 	pIf->SetiFlushInterval = strmSetiFlushInterval;
 	pIf->SetpszSizeLimitCmd = strmSetpszSizeLimitCmd;
+	pIf->Setcryprov = strmSetcryprov;
+	pIf->SetcryprovData = strmSetcryprovData;
 finalize_it:
 ENDobjQueryInterface(strm)
 
diff --git a/runtime/stream.h b/runtime/stream.h
index b7cc6d36..61d5ede2 100644
--- a/runtime/stream.h
+++ b/runtime/stream.h
@@ -41,7 +41,7 @@
  * deflateInit2(zstrmptr, 6, Z_DEFLATED, 31, 9, Z_DEFAULT_STRATEGY);
  * --------------------------------------------------------------------------
  * 
- * Copyright 2008, 2009 Rainer Gerhards and Adiscon GmbH.
+ * Copyright 2008-2013 Rainer Gerhards and Adiscon GmbH.
  *
  * This file is part of the rsyslog runtime library.
  *
@@ -70,6 +70,7 @@
 #include "glbl.h"
 #include "stream.h"
 #include "zlibw.h"
+#include "cryprov.h"
 
 /* stream types */
 typedef enum {
@@ -134,6 +135,9 @@ typedef struct strm_s {
 	pthread_cond_t isEmpty;
 	unsigned short iEnq;	/* this MUST be unsigned as we use module arithmetic (else invalid indexing happens!) */
 	unsigned short iDeq;	/* this MUST be unsigned as we use module arithmetic (else invalid indexing happens!) */
+	cryprov_if_t *cryprov;  /* ptr to crypto provider; NULL = do not encrypt */
+	void	*cryprovData;	/* opaque data ptr for provider use */
+	void 	*cryprovFileData;/* opaque data ptr for file instance */
 	short iCnt;	/* current nbr of elements in buffer */
 	z_stream zstrm;	/* zip stream to use */
 	struct {
@@ -190,8 +194,11 @@ BEGINinterface(strm) /* name must also be changed in ENDinterface macro! */
 	INTERFACEpropSetMeth(strm, bVeryReliableZip, int);
 	/* v8 added  2013-03-21 */
 	rsRetVal (*CheckFileChange)(strm_t *pThis);
+	/* v9 added  2013-04-04 */
+	INTERFACEpropSetMeth(strm, cryprov, cryprov_if_t*);
+	INTERFACEpropSetMeth(strm, cryprovData, void*);
 ENDinterface(strm)
-#define strmCURR_IF_VERSION 8 /* increment whenever you change the interface structure! */
+#define strmCURR_IF_VERSION 9 /* increment whenever you change the interface structure! */
 
 static inline int
 strmGetCurrFileNum(strm_t *pStrm) {
diff --git a/tools/Makefile.am b/tools/Makefile.am
index 21a32868..be093957 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -41,7 +41,7 @@ rsyslogd_CPPFLAGS =  $(PTHREADS_CFLAGS) $(RSRT_CFLAGS)
 # otherwise dependencies are not properly calculated (resulting in a 
 # potentially incomplete build, a problem we had several times...)
 rsyslogd_LDADD = ../grammar/libgrammar.la ../runtime/librsyslog.la $(ZLIB_LIBS) $(PTHREADS_LIBS) $(RSRT_LIBS) $(SOL_LIBS) $(LIBEE_LIBS) $(LIBLOGNORM_LIBS) $(LIBUUID_LIBS)
-rsyslogd_LDFLAGS = -export-dynamic
+rsyslogd_LDFLAGS = -export-dynamic `libgcrypt-config --libs`
 
 EXTRA_DIST = $(man_MANS) \
 	rsgtutil.rst \
diff --git a/tools/omfile.c b/tools/omfile.c
index faf3c24f..dfd52d80 100644
--- a/tools/omfile.c
+++ b/tools/omfile.c
@@ -70,6 +70,7 @@
 #include "atomic.h"
 #include "statsobj.h"
 #include "sigprov.h"
+#include "cryprov.h"
 
 MODULE_TYPE_OUTPUT
 MODULE_TYPE_NOKEEP
@@ -151,6 +152,12 @@ typedef struct _instanceData {
 	void	*sigprovData;	/* opaque data ptr for provider use */
 	void 	*sigprovFileData;/* opaque data ptr for file instance */
 	sbool	useSigprov;	/* quicker than checkig ptr (1 vs 8 bytes!) */
+	uchar 	*cryprovName;	/* crypto provider */
+	uchar 	*cryprovNameFull;/* full internal crypto provider name */
+	void	*cryprovData;	/* opaque data ptr for provider use */
+	void 	*cryprovFileData;/* opaque data ptr for file instance */
+	cryprov_if_t cryprov;	/* ptr to crypto provider interface */
+	sbool	useCryprov;	/* quicker than checkig ptr (1 vs 8 bytes!) */
 	int	iCurrElt;	/* currently active cache element (-1 = none) */
 	int	iCurrCacheSize;	/* currently cache size (1-based) */
 	int	iDynaFileCacheSize; /* size of file handle cache */
@@ -237,6 +244,7 @@ static struct cnfparamdescr actpdescr[] = {
 	{ "file", eCmdHdlrString, 0 },     /* either "file" or ... */
 	{ "dynafile", eCmdHdlrString, 0 }, /* "dynafile" MUST be present */
 	{ "sig.provider", eCmdHdlrGetWord, 0 },
+	{ "cry.provider", eCmdHdlrGetWord, 0 },
 	{ "template", eCmdHdlrGetWord, 0 }
 };
 static struct cnfparamblk actpblk =
@@ -589,6 +597,10 @@ prepareFile(instanceData *pData, uchar *newFileName)
 	CHKiRet(strm.SetbSync(pData->pStrm, pData->bSyncFile));
 	CHKiRet(strm.SetsType(pData->pStrm, STREAMTYPE_FILE_SINGLE));
 	CHKiRet(strm.SetiSizeLimit(pData->pStrm, pData->iSizeLimit));
+	if(pData->useCryprov) {
+		CHKiRet(strm.Setcryprov(pData->pStrm, &pData->cryprov));
+		CHKiRet(strm.SetcryprovData(pData->pStrm, pData->cryprovData));
+	}
 	/* set the flush interval only if we actually use it - otherwise it will activate
 	 * async processing, which is a real performance waste if we do not do buffered
 	 * writes! -- rgerhards, 2009-07-06
@@ -689,7 +701,7 @@ prepareDynFile(instanceData *pData, uchar *newFileName, unsigned iMsgOpts)
 	 * but it could be triggered in the common case of a failed open() system call.
 	 * rgerhards, 2010-03-22
 	 */
-	pData->pStrm = pData->sigprovFileData = NULL;
+	pData->pStrm = NULL, pData->sigprovFileData = NULL;
 
 	if(iFirstFree == -1 && (pData->iCurrCacheSize < pData->iDynaFileCacheSize)) {
 		/* there is space left, so set it to that index */
@@ -885,6 +897,13 @@ CODESTARTfreeInstance
 		free(pData->sigprovName);
 		free(pData->sigprovNameFull);
 	}
+	if(pData->useCryprov) {
+		pData->cryprov.Destruct(&pData->cryprovData);
+		obj.ReleaseObj(__FILE__, pData->cryprovNameFull+2, pData->cryprovNameFull,
+			       (void*) &pData->cryprov);
+		free(pData->cryprovName);
+		free(pData->cryprovNameFull);
+	}
 ENDfreeInstance
 
 
@@ -951,7 +970,9 @@ setInstParamDefaults(instanceData *pData)
 	pData->iFlushInterval = FLUSH_INTRVL_DFLT;
 	pData->bUseAsyncWriter = USE_ASYNCWRITER_DFLT;
 	pData->sigprovName = NULL;
+	pData->cryprovName = NULL;
 	pData->useSigprov = 0;
+	pData->useCryprov = 0;
 }
 
 
@@ -1033,6 +1054,48 @@ initSigprov(instanceData *pData, struct nvlst *lst)
 done:	return;
 }
 
+static inline void
+initCryprov(instanceData *pData, struct nvlst *lst)
+{
+	uchar szDrvrName[1024];
+
+	if(snprintf((char*)szDrvrName, sizeof(szDrvrName), "lmcry_%s", pData->cryprovName)
+		== sizeof(szDrvrName)) {
+		errmsg.LogError(0, RS_RET_ERR, "omfile: crypto provider "
+				"name is too long: '%s' - encryption disabled",
+				pData->cryprovName);
+		goto done;
+	}
+	pData->cryprovNameFull = ustrdup(szDrvrName);
+
+	pData->cryprov.ifVersion = cryprovCURR_IF_VERSION;
+	/* The pDrvrName+2 below is a hack to obtain the object name. It 
+	 * safes us to have yet another variable with the name without "lm" in
+	 * front of it. If we change the module load interface, we may re-think
+	 * about this hack, but for the time being it is efficient and clean enough.
+	 */
+	if(obj.UseObj(__FILE__, szDrvrName, szDrvrName, (void*) &pData->cryprov)
+		!= RS_RET_OK) {
+		errmsg.LogError(0, RS_RET_LOAD_ERROR, "omfile: could not load "
+				"crypto provider '%s' - encryption disabled",
+				szDrvrName);
+		goto done;
+	}
+
+	if(pData->cryprov.Construct(&pData->cryprovData) != RS_RET_OK) {
+		errmsg.LogError(0, RS_RET_SIGPROV_ERR, "omfile: error constructing "
+				"crypto provider %s dataset - encryption disabled",
+				szDrvrName);
+		goto done;
+	}
+	pData->cryprov.SetCnfParam(pData->cryprovData, lst);
+
+	dbgprintf("loaded crypto provider %s, data instance at %p\n",
+		  szDrvrName, pData->cryprovData);
+	pData->useCryprov = 1;
+done:	return;
+}
+
 BEGINnewActInst
 	struct cnfparamvals *pvals;
 	uchar *tplToUse;
@@ -1102,6 +1165,8 @@ CODESTARTnewActInst
 			pData->tplName = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
 		} else if(!strcmp(actpblk.descr[i].name, "sig.provider")) {
 			pData->sigprovName = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+		} else if(!strcmp(actpblk.descr[i].name, "cry.provider")) {
+			pData->cryprovName = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
 		} else {
 			dbgprintf("omfile: program error, non-handled "
 			  "param '%s'\n", actpblk.descr[i].name);
@@ -1118,6 +1183,10 @@ CODESTARTnewActInst
 		initSigprov(pData, lst);
 	}
 
+	if(pData->cryprovName != NULL) {
+		initCryprov(pData, lst);
+	}
+
 	tplToUse = ustrdup((pData->tplName == NULL) ? getDfltTpl() : pData->tplName);
 	CHKiRet(OMSRsetEntry(*ppOMSR, 0, tplToUse, OMSR_NO_RQD_TPL_OPTS));
 
-- 
cgit v1.2.3


From 5242a0b4a351d41ea6f20adc359bbcde8e1b3cfe Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 5 Apr 2013 18:52:52 +0200
Subject: log encryption: add rscrytool to decrypt log files

also add test parameter to be able to set key
---
 runtime/libgcry.c    |  27 ++++--
 runtime/libgcry.h    |   4 +-
 runtime/lmcry_gcry.c |  31 ++++---
 runtime/stream.c     |   5 +-
 tools/Makefile.am    |  17 +++-
 tools/omfile.c       |  18 ++--
 tools/rscryutil.c    | 236 +++++++++++++++++++++++++++++++++++++++++++++++++++
 tools/rscryutil.rst  |  80 +++++++++++++++++
 8 files changed, 386 insertions(+), 32 deletions(-)
 create mode 100644 tools/rscryutil.c
 create mode 100644 tools/rscryutil.rst

diff --git a/runtime/libgcry.c b/runtime/libgcry.c
index 8184c160..5f1dbf58 100644
--- a/runtime/libgcry.c
+++ b/runtime/libgcry.c
@@ -27,6 +27,7 @@
 #include "rsyslog.h"
 #include "libgcry.h"
 
+#define GCRY_CIPHER GCRY_CIPHER_3DES  // TODO: make configurable
 
 static inline gcryfile
 gcryfileConstruct(gcryctx ctx)
@@ -98,20 +99,34 @@ removePadding(char *buf, size_t *plen)
 done:	return;
 }
 
+/* returns 0 on succes, positive if key length does not match and key
+ * of return value size is required.
+ */
+int
+rsgcrySetKey(gcryctx ctx, unsigned char *key, uint16_t keyLen)
+{
+	uint16_t reqKeyLen = gcry_cipher_get_algo_keylen(GCRY_CIPHER);
+	int r;
+
+	if(keyLen != reqKeyLen)
+		r = reqKeyLen;
+	ctx->keyLen = keyLen;
+	ctx->key = malloc(keyLen);
+	memcpy(ctx->key, key, keyLen);
+	r = 0;
+done:	return r;
+}
+
 rsRetVal
 rsgcryInitCrypt(gcryctx ctx, gcryfile *pgf, int gcry_mode, char *iniVector)
 {
-	#define GCRY_CIPHER GCRY_CIPHER_3DES  // TODO: make configurable
-	size_t keyLength;
-	char *aesSymKey = "123456789012345678901234"; // TODO: TEST ONLY
-	gcry_error_t     gcryError;
+	gcry_error_t gcryError;
 	gcryfile gf = NULL;
 	DEFiRet;
 
 	CHKmalloc(gf = gcryfileConstruct(ctx));
 
 	gf->blkLength = gcry_cipher_get_algo_blklen(GCRY_CIPHER);
-	keyLength = gcry_cipher_get_algo_keylen(GCRY_CIPHER);
 
 	gcryError = gcry_cipher_open(
 		&gf->chd, // gcry_cipher_hd_t *
@@ -125,7 +140,7 @@ rsgcryInitCrypt(gcryctx ctx, gcryfile *pgf, int gcry_mode, char *iniVector)
 		ABORT_FINALIZE(RS_RET_ERR);
 	}
 
-	gcryError = gcry_cipher_setkey(gf->chd, aesSymKey, keyLength);
+	gcryError = gcry_cipher_setkey(gf->chd, gf->ctx->key, gf->ctx->keyLen);
 	if (gcryError) {
 		dbgprintf("gcry_cipher_setkey failed:  %s/%s\n",
 			gcry_strsource(gcryError),
diff --git a/runtime/libgcry.h b/runtime/libgcry.h
index 0405162f..608abd6c 100644
--- a/runtime/libgcry.h
+++ b/runtime/libgcry.h
@@ -24,7 +24,8 @@
 
 
 struct gcryctx_s {
-	void *usrptr; /* for error function */
+	uchar *key;
+	size_t keyLen;
 };
 typedef struct gcryctx_s *gcryctx;
 typedef struct gcryfile_s *gcryfile;
@@ -38,6 +39,7 @@ struct gcryfile_s {
 
 int rsgcryInit(void);
 void rsgcryExit(void);
+int rsgcrySetKey(gcryctx ctx, unsigned char *key, uint16_t keyLen);
 gcryctx gcryCtxNew(void);
 void rsgcryCtxDel(gcryctx ctx);
 int gcryfileDestruct(gcryfile gf);
diff --git a/runtime/lmcry_gcry.c b/runtime/lmcry_gcry.c
index 6800055d..ce0fef2f 100644
--- a/runtime/lmcry_gcry.c
+++ b/runtime/lmcry_gcry.c
@@ -44,6 +44,7 @@ DEFobjCurrIf(glbl)
 
 /* tables for interfacing with the v6 config system */
 static struct cnfparamdescr cnfpdescr[] = {
+	{ "cry.key", eCmdHdlrGetWord, 0 },
 	{ "cry.mode", eCmdHdlrGetWord, 0 }, /* CBC, ECB, etc */
 	{ "cry.algo", eCmdHdlrGetWord, 0 }
 };
@@ -83,12 +84,13 @@ ENDobjDestruct(lmcry_gcry)
  * after construction, but before the OnFileOpen() entry point.
  * Defaults are expected to have been set during construction.
  */
-rsRetVal
+static rsRetVal
 SetCnfParam(void *pT, struct nvlst *lst)
 {
 	lmcry_gcry_t *pThis = (lmcry_gcry_t*) pT;
-	int i;
+	int i, r;
 	uchar *cstr;
+	uchar *key = NULL;
 	struct cnfparamvals *pvals;
 	pvals = nvlstGetParams(lst, &pblk, NULL);
 	if(Debug) {
@@ -99,14 +101,9 @@ SetCnfParam(void *pT, struct nvlst *lst)
 	for(i = 0 ; i < pblk.nParams ; ++i) {
 		if(!pvals[i].bUsed)
 			continue;
+		if(!strcmp(pblk.descr[i].name, "cry.key")) {
+			key = (uchar*) es_str2cstr(pvals[i].val.d.estr, NULL);
 #if 0
-		if(!strcmp(pblk.descr[i].name, "sig.hashfunction")) {
-			cstr = (uchar*) es_str2cstr(pvals[i].val.d.estr, NULL);
-			if(gcrySetHashFunction(pThis->ctx, (char*)cstr) != 0) {
-				errmsg.LogError(0, RS_RET_ERR, "Hash function "
-					"'%s' unknown - using default", cstr);
-			}
-			free(cstr);
 		} else if(!strcmp(pblk.descr[i].name, "sig.timestampservice")) {
 			cstr = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
 			gcrySetTimestamper(pThis->ctx, (char*) cstr);
@@ -120,10 +117,24 @@ SetCnfParam(void *pT, struct nvlst *lst)
 		} else {
 			DBGPRINTF("lmcry_gcry: program error, non-handled "
 			  "param '%s'\n", pblk.descr[i].name);
-		}
 #endif
+		}
 	}
+	if(key != NULL) {
+		errmsg.LogError(0, RS_RET_ERR, "Note: specifying an actual key directly from the "
+			"config file is highly insecure - DO NOT USE FOR PRODUCTION");
+		r = rsgcrySetKey(pThis->ctx, key, strlen((char*)key));
+		if(r > 0) {
+			errmsg.LogError(0, RS_RET_ERR, "Key length %d expected, but "
+				"key of length %d given", r, strlen((char*)key));
+		}
+	}
+
 	cnfparamvalsDestruct(pvals, &pblk);
+	if(key != NULL) {
+		memset(key, 0, strlen((char*)key));
+		free(key);
+	}
 	return RS_RET_OK;
 }
 
diff --git a/runtime/stream.c b/runtime/stream.c
index 941fc39d..b31520b0 100644
--- a/runtime/stream.c
+++ b/runtime/stream.c
@@ -256,9 +256,8 @@ doPhysOpen(strm_t *pThis)
 
 dbgprintf("DDDD: cryprov %p\n", pThis->cryprov);
 	if(pThis->cryprov != NULL) {
-		iRet = pThis->cryprov->OnFileOpen(pThis->cryprovData,
-		 	pThis->pszCurrFName, &pThis->cryprovFileData);
-dbgprintf("DDDD: iREt cryprov->onFileOpen: %d\n", iRet);
+		CHKiRet(pThis->cryprov->OnFileOpen(pThis->cryprovData,
+		 	pThis->pszCurrFName, &pThis->cryprovFileData));
 	}
 finalize_it:
 	RETiRet;
diff --git a/tools/Makefile.am b/tools/Makefile.am
index be093957..8957d713 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -42,6 +42,7 @@ rsyslogd_CPPFLAGS =  $(PTHREADS_CFLAGS) $(RSRT_CFLAGS)
 # potentially incomplete build, a problem we had several times...)
 rsyslogd_LDADD = ../grammar/libgrammar.la ../runtime/librsyslog.la $(ZLIB_LIBS) $(PTHREADS_LIBS) $(RSRT_LIBS) $(SOL_LIBS) $(LIBEE_LIBS) $(LIBLOGNORM_LIBS) $(LIBUUID_LIBS)
 rsyslogd_LDFLAGS = -export-dynamic `libgcrypt-config --libs`
+#rsyslogd_LDFLAGS = -export-dynamic $(LIBGCRYPT_LIBS)
 
 EXTRA_DIST = $(man_MANS) \
 	rsgtutil.rst \
@@ -64,10 +65,6 @@ logctl_LDADD = $(LIBMONGO_CLIENT_LIBS)
 endif
 if ENABLE_GUARDTIME
 bin_PROGRAMS += rsgtutil
-#bin_PROGRAMS += logsigner rsgtutil
-#logsigner = logsigner.c
-#logsigner_CPPFLAGS =  $(RSRT_CFLAGS) $(GUARDTIME_CFLAGS)
-#logsigner_LDADD = ../runtime/librsgt.la $(GUARDTIME_LIBS)
 rsgtutil = rsgtutil.c
 rsgtutil_CPPFLAGS =  $(RSRT_CFLAGS) $(GUARDTIME_CFLAGS)
 rsgtutil_LDADD = ../runtime/librsgt.la $(GUARDTIME_LIBS)
@@ -77,4 +74,16 @@ man1_MANS = rsgtutil.1
 CLEANFILES = rsgtutil.1
 EXTRA_DIST+= rsgtutil.1
 endif
+if ENABLE_LIBGCRYPT
+bin_PROGRAMS += rscryutil
+rscryutil = rscryutil.c
+rscryutil_CPPFLAGS = $(RSRT_CFLAGS) $(LIBGCRYPT_CFLAGS)
+rscryutil_LDFLAGS = `libgcrypt-config --libs`
+#rscryutil_LDFLAGS = $(LIBGCRYPT_LIBS)
+rscryutil.1: rscryutil.rst
+	$(AM_V_GEN) $(RST2MAN) $< $@
+man1_MANS = rscryutil.1
+CLEANFILES = rscryutil.1
+EXTRA_DIST+= rscryutil.1
+endif
 endif
diff --git a/tools/omfile.c b/tools/omfile.c
index dfd52d80..46d882bf 100644
--- a/tools/omfile.c
+++ b/tools/omfile.c
@@ -1054,17 +1054,18 @@ initSigprov(instanceData *pData, struct nvlst *lst)
 done:	return;
 }
 
-static inline void
+static inline rsRetVal
 initCryprov(instanceData *pData, struct nvlst *lst)
 {
 	uchar szDrvrName[1024];
+	DEFiRet;
 
 	if(snprintf((char*)szDrvrName, sizeof(szDrvrName), "lmcry_%s", pData->cryprovName)
 		== sizeof(szDrvrName)) {
 		errmsg.LogError(0, RS_RET_ERR, "omfile: crypto provider "
 				"name is too long: '%s' - encryption disabled",
 				pData->cryprovName);
-		goto done;
+		ABORT_FINALIZE(RS_RET_ERR);
 	}
 	pData->cryprovNameFull = ustrdup(szDrvrName);
 
@@ -1079,21 +1080,22 @@ initCryprov(instanceData *pData, struct nvlst *lst)
 		errmsg.LogError(0, RS_RET_LOAD_ERROR, "omfile: could not load "
 				"crypto provider '%s' - encryption disabled",
 				szDrvrName);
-		goto done;
+		ABORT_FINALIZE(RS_RET_CRYPROV_ERR);
 	}
 
 	if(pData->cryprov.Construct(&pData->cryprovData) != RS_RET_OK) {
-		errmsg.LogError(0, RS_RET_SIGPROV_ERR, "omfile: error constructing "
+		errmsg.LogError(0, RS_RET_CRYPROV_ERR, "omfile: error constructing "
 				"crypto provider %s dataset - encryption disabled",
 				szDrvrName);
-		goto done;
+		ABORT_FINALIZE(RS_RET_CRYPROV_ERR);
 	}
-	pData->cryprov.SetCnfParam(pData->cryprovData, lst);
+	CHKiRet(pData->cryprov.SetCnfParam(pData->cryprovData, lst));
 
 	dbgprintf("loaded crypto provider %s, data instance at %p\n",
 		  szDrvrName, pData->cryprovData);
 	pData->useCryprov = 1;
-done:	return;
+finalize_it:
+	RETiRet;
 }
 
 BEGINnewActInst
@@ -1184,7 +1186,7 @@ CODESTARTnewActInst
 	}
 
 	if(pData->cryprovName != NULL) {
-		initCryprov(pData, lst);
+		CHKiRet(initCryprov(pData, lst));
 	}
 
 	tplToUse = ustrdup((pData->tplName == NULL) ? getDfltTpl() : pData->tplName);
diff --git a/tools/rscryutil.c b/tools/rscryutil.c
new file mode 100644
index 00000000..755371f2
--- /dev/null
+++ b/tools/rscryutil.c
@@ -0,0 +1,236 @@
+/* This is a tool for dumpoing the content of GuardTime TLV
+ * files in a (somewhat) human-readable manner.
+ * 
+ * Copyright 2013 Adiscon GmbH
+ *
+ * This file is part of rsyslog.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *       -or-
+ *       see COPYING.ASL20 in the source distribution
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either exprs or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <getopt.h>
+#include <gcrypt.h>
+
+
+static enum { MD_DECRYPT
+} mode = MD_DECRYPT;
+static int verbose = 0;
+static gcry_cipher_hd_t gcry_chd;
+static size_t blkLength;
+
+static int
+initCrypt(int gcry_mode, char *iv, char *key)
+{
+	#define GCRY_CIPHER GCRY_CIPHER_3DES  // TODO: make configurable
+ 	int r = 0;
+	gcry_error_t     gcryError;
+
+	blkLength = gcry_cipher_get_algo_blklen(GCRY_CIPHER);
+	size_t keyLength = gcry_cipher_get_algo_keylen(GCRY_CIPHER);
+	if(strlen(key) != keyLength) {
+		fprintf(stderr, "invalid key lengtjh; key is %u characters, but "
+			"exactly %u characters are required\n", strlen(key),
+			keyLength);
+		r = 1; goto done;
+	}
+
+	gcryError = gcry_cipher_open(&gcry_chd, GCRY_CIPHER, gcry_mode, 0);
+	if (gcryError) {
+		printf("gcry_cipher_open failed:  %s/%s\n",
+			gcry_strsource(gcryError),
+			gcry_strerror(gcryError));
+		r = 1; goto done;
+	}
+
+	gcryError = gcry_cipher_setkey(gcry_chd, key, keyLength);
+	if (gcryError) {
+		printf("gcry_cipher_setkey failed:  %s/%s\n",
+			gcry_strsource(gcryError),
+			gcry_strerror(gcryError));
+		r = 1; goto done;
+	}
+
+	gcryError = gcry_cipher_setiv(gcry_chd, iv, blkLength);
+	if (gcryError) {
+		printf("gcry_cipher_setiv failed:  %s/%s\n",
+			gcry_strsource(gcryError),
+			gcry_strerror(gcryError));
+		r = 1; goto done;
+	}
+done: return r;
+}
+
+static inline void
+removePadding(char *buf, size_t *plen)
+{
+	unsigned len = (unsigned) *plen;
+	unsigned iSrc, iDst;
+	char *frstNUL;
+
+	frstNUL = strchr(buf, 0x00);
+	if(frstNUL == NULL)
+		goto done;
+	iDst = iSrc = frstNUL - buf;
+
+	while(iSrc < len) {
+		if(buf[iSrc] != 0x00)
+			buf[iDst++] = buf[iSrc];
+		++iSrc;
+	}
+
+	*plen = iDst;
+done:	return;
+}
+
+static void
+doDeCrypt(FILE *fpin, FILE *fpout)
+{
+	gcry_error_t     gcryError;
+	char	buf[64*1024];
+	size_t	nRead, nWritten;
+	size_t nPad;
+	
+	while(1) {
+		nRead = fread(buf, 1, sizeof(buf), fpin);
+		if(nRead == 0)
+			break;
+		nPad = (blkLength - nRead % blkLength) % blkLength;
+		fprintf(stderr, "--->read %d chars, blkLength %d, mod %d, pad %d\n", nRead, blkLength,
+			nRead % blkLength, nPad);
+		gcryError = gcry_cipher_decrypt(
+				gcry_chd, // gcry_cipher_hd_t
+				buf,    // void *
+				nRead,    // size_t
+				NULL,    // const void *
+				0);   // size_t
+		if (gcryError) {
+			fprintf(stderr, "gcry_cipher_encrypt failed:  %s/%s\n",
+			gcry_strsource(gcryError),
+			gcry_strerror(gcryError));
+			return;
+		}
+		removePadding(buf, &nRead);
+		nWritten = fwrite(buf, 1, nRead, fpout);
+		if(nWritten != nRead) {
+			perror("fpout");
+			return;
+		}
+	}
+}
+
+
+static void
+decrypt(char *name, char *key)
+{
+	FILE *logfp = NULL;
+	//, *sigfp = NULL;
+	int r = 0;
+	//char sigfname[4096];
+	
+	if(!strcmp(name, "-")) {
+		fprintf(stderr, "decrypt mode cannot work on stdin\n");
+		goto err;
+	} else {
+		if((logfp = fopen(name, "r")) == NULL) {
+			perror(name);
+			goto err;
+		}
+#if 0
+		snprintf(sigfname, sizeof(sigfname), "%s.gtsig", name);
+		sigfname[sizeof(sigfname)-1] = '\0';
+		if((sigfp = fopen(sigfname, "r")) == NULL) {
+			perror(sigfname);
+			goto err;
+		}
+#endif
+	}
+
+	if(initCrypt(GCRY_CIPHER_MODE_CBC, "TODO: init value", key) != 0)
+		goto err;
+	doDeCrypt(logfp, stdout);
+	gcry_cipher_close(gcry_chd);
+	fclose(logfp); logfp = NULL;
+	return;
+
+err:
+	fprintf(stderr, "error %d processing file %s\n", r, name);
+	if(logfp != NULL)
+		fclose(logfp);
+}
+
+
+static struct option long_options[] = 
+{ 
+	{"verbose", no_argument, NULL, 'v'},
+	{"version", no_argument, NULL, 'V'},
+	{"decrypt", no_argument, NULL, 'd'},
+	{"key", required_argument, NULL, 'k'},
+	{NULL, 0, NULL, 0} 
+}; 
+
+int
+main(int argc, char *argv[])
+{
+	int i;
+	int opt;
+	char *key = "";
+
+	while(1) {
+		opt = getopt_long(argc, argv, "dk:vV", long_options, NULL);
+		if(opt == -1)
+			break;
+		switch(opt) {
+		case 'd':
+			mode = MD_DECRYPT;
+			break;
+		case 'k':
+			fprintf(stderr, "WARNING: specifying the actual key "
+				"via the command line is highly insecure\n"
+				"Do NOT use this for PRODUCTION use.\n");
+			key = optarg;
+			break;
+		case 'v':
+			verbose = 1;
+			break;
+		case 'V':
+			fprintf(stderr, "rsgtutil " VERSION "\n");
+			exit(0);
+			break;
+		case '?':
+			break;
+		default:fprintf(stderr, "getopt_long() returns unknown value %d\n", opt);
+			return 1;
+		}
+	}
+
+	if(optind == argc)
+		decrypt("-", key);
+	else {
+		for(i = optind ; i < argc ; ++i)
+			decrypt(argv[i], key); /* currently only mode ;) */
+	}
+
+	memset(key, 0, strlen(key)); /* zero-out key store */
+	return 0;
+}
+	//char *aesSymKey = "123456789012345678901234"; // TODO: TEST ONLY
diff --git a/tools/rscryutil.rst b/tools/rscryutil.rst
new file mode 100644
index 00000000..7e3ab5b4
--- /dev/null
+++ b/tools/rscryutil.rst
@@ -0,0 +1,80 @@
+=========
+rscryutil
+=========
+
+--------------------------
+Manage Encrypted Log Files
+--------------------------
+
+:Author: Rainer Gerhards <rgerhards@adiscon.com>
+:Date: 2013-04-08
+:Manual section: 1
+
+SYNOPSIS
+========
+
+::
+
+   rscryutil [OPTIONS] [FILE] ...
+
+
+DESCRIPTION
+===========
+
+This tool performs various operations on encrypted log files.
+Most importantly, it provides the ability to decrypt them.
+
+
+OPTIONS
+=======
+
+-d, --decrypt
+  Select decryption mode. This is the default mode.
+
+-v, --verbose
+  Select verbose mode.
+
+-k, --key <KEY>
+  TESTING AID, NOT FOR PRODUCTION USE. This uses the KEY specified
+  on the command line. This is the actual key, and as such this mode
+  is highly insecure. However, it can be useful for intial testing
+  steps. This option may be removed in the future.
+
+
+OPERATION MODES
+===============
+
+The operation mode specifies what exactly the tool does with the provided
+files. The default operation mode is "dump", but this may change in the future.
+Thus, it is recommended to always set the operations mode explicitely. If 
+multiple operations mode are set on the command line, results are 
+unpredictable.
+
+decrypt
+-------
+
+The provided log files are decrypted.
+
+EXIT CODES
+==========
+
+The command returns an exit code of 0 if everything went fine, and some 
+other code in case of failures.
+
+
+EXAMPLES
+========
+
+**rscryutil logfile**
+
+Decrypts "logfile" and sends data to stdout.
+
+SEE ALSO
+========
+**rsyslogd(8)**
+
+COPYRIGHT
+=========
+
+This page is part of the *rsyslog* project, and is available under
+LGPLv2.
-- 
cgit v1.2.3


From 2de4a04b7e728f533382c9839345a89cbf73db89 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Sun, 7 Apr 2013 18:48:48 +0200
Subject: bugfix: failover/action suspend did not work correctly

This was experienced if the retry action took more than one second
to complete. For suspending, a cached timestamp was used, and if the
retry took longer, that timestamp was already in the past. As a
result, the action never was kept in suspended state, and as such
no failover happened. The suspend functionalit now does no longer use
the cached timestamp (should not have any performance implication, as
action suspend occurs very infrequently).

Also added some better debug logging for the action engine.
---
 ChangeLog |  8 ++++++++
 action.c  | 30 ++++++++++++++++++++----------
 2 files changed, 28 insertions(+), 10 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 854a14d3..c4546db6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,14 @@ Version 7.2.7  [v7-stable] 2013-03-??
   The rsyslog debug log file is now continued to be written across the
   fork.
 - updated systemd files to match current systemd source
+- bugfix: failover/action suspend did not work correctly
+  This was experienced if the retry action took more than one second
+  to complete. For suspending, a cached timestamp was used, and if the
+  retry took longer, that timestamp was already in the past. As a 
+  result, the action never was kept in suspended state, and as such
+  no failover happened. The suspend functionalit now does no longer use
+  the cached timestamp (should not have any performance implication, as
+  action suspend occurs very infrequently).
 - bugfix: nested if/prifilt conditions did not work properly
   closes: http://bugzilla.adiscon.com/show_bug.cgi?id=415
 - bugfix: script == comparison did not work properly on JSON objects
diff --git a/action.c b/action.c
index fd8727ee..8fc92e56 100644
--- a/action.c
+++ b/action.c
@@ -613,13 +613,17 @@ static void actionDisable(action_t *pThis)
  * CPU time. TODO: maybe a config option for that?
  * rgerhards, 2007-08-02
  */
-static inline void actionSuspend(action_t *pThis, time_t ttNow)
+static inline void actionSuspend(action_t *pThis)
 {
-	if(ttNow == NO_TIME_PROVIDED)
-		datetime.GetTime(&ttNow);
+	time_t ttNow;
+
+	/* note: we can NOT use a cached timestamp, as time may have evolved
+	 * since caching, and this would break logic (and it actually did so!)
+	 */
+	datetime.GetTime(&ttNow);
 	pThis->ttResumeRtry = ttNow + pThis->iResumeInterval * (pThis->iNbrResRtry / 10 + 1);
 	actionSetState(pThis, ACT_STATE_SUSP);
-	DBGPRINTF("earliest retry=%d\n", (int) pThis->ttResumeRtry);
+	DBGPRINTF("action suspended, earliest retry=%d\n", (int) pThis->ttResumeRtry);
 }
 
 
@@ -639,7 +643,7 @@ static inline void actionSuspend(action_t *pThis, time_t ttNow)
  * of its inability to recover. -- rgerhards, 2010-04-26.
  */
 static inline rsRetVal
-actionDoRetry(action_t *pThis, time_t ttNow, int *pbShutdownImmediate)
+actionDoRetry(action_t *pThis, int *pbShutdownImmediate)
 {
 	int iRetries;
 	int iSleepPeriod;
@@ -650,7 +654,9 @@ actionDoRetry(action_t *pThis, time_t ttNow, int *pbShutdownImmediate)
 
 	iRetries = 0;
 	while((*pbShutdownImmediate == 0) && pThis->eState == ACT_STATE_RTRY) {
+		DBGPRINTF("actionDoRetry: enter loop, iRetries=%d\n", iRetries);
 		iRet = pThis->pMod->tryResume(pThis->pModData);
+		DBGPRINTF("actionDoRetry: action->tryResume returned %d\n", iRet);
 		if((pThis->iResumeOKinRow > 9) && (pThis->iResumeOKinRow % 10 == 0)) {
 			bTreatOKasSusp = 1;
 			pThis->iResumeOKinRow = 0;
@@ -658,16 +664,18 @@ actionDoRetry(action_t *pThis, time_t ttNow, int *pbShutdownImmediate)
 			bTreatOKasSusp = 0;
 		}
 		if((iRet == RS_RET_OK) && (!bTreatOKasSusp)) {
+			DBGPRINTF("actionDoRetry: had success RDY again (iRet=%d)\n", iRet);
 			actionSetState(pThis, ACT_STATE_RDY);
 		} else if(iRet == RS_RET_SUSPENDED || bTreatOKasSusp) {
 			/* max retries reached? */
+			DBGPRINTF("actionDoRetry: check for max retries, iResumeRetryCount %d, iRetries %d\n",
+				  pThis->iResumeRetryCount, iRetries);
 			if((pThis->iResumeRetryCount != -1 && iRetries >= pThis->iResumeRetryCount)) {
-				actionSuspend(pThis, ttNow);
+				actionSuspend(pThis);
 			} else {
 				++pThis->iNbrResRtry;
 				++iRetries;
 				iSleepPeriod = pThis->iResumeInterval;
-				ttNow += iSleepPeriod; /* not truly exact, but sufficiently... */
 				srSleep(iSleepPeriod, 0);
 				if(*pbShutdownImmediate) {
 					ABORT_FINALIZE(RS_RET_FORCE_TERM);
@@ -714,7 +722,7 @@ static rsRetVal actionTryResume(action_t *pThis, int *pbShutdownImmediate)
 	if(pThis->eState == ACT_STATE_RTRY) {
 		if(ttNow == NO_TIME_PROVIDED) /* use cached result if we have it */
 			datetime.GetTime(&ttNow);
-		CHKiRet(actionDoRetry(pThis, ttNow, pbShutdownImmediate));
+		CHKiRet(actionDoRetry(pThis, pbShutdownImmediate));
 	}
 
 	if(Debug && (pThis->eState == ACT_STATE_RTRY ||pThis->eState == ACT_STATE_SUSP)) {
@@ -1125,6 +1133,7 @@ submitBatch(action_t *pAction, batch_t *pBatch, int nElem)
 
 	assert(pBatch != NULL);
 
+	DBGPRINTF("submitBatch: enter, nElem %d\n", nElem);
 	wasDoneTo = pBatch->iDoneUpTo;
 	bDone = 0;
 	do {
@@ -1146,7 +1155,8 @@ submitBatch(action_t *pAction, batch_t *pBatch, int nElem)
 		   || localRet == RS_RET_DEFER_COMMIT) {
 			bDone = 1;
 		} else if(localRet == RS_RET_SUSPENDED) {
-			; /* do nothing, this will retry the full batch */
+			DBGPRINTF("action ret RS_RET_SUSPENDED - retry full batch\n");
+			/* do nothing, this will retry the full batch */
 		} else if(localRet == RS_RET_ACTION_FAILED) {
 			/* in this case, everything not yet committed is BAD */
 			for(i = pBatch->iDoneUpTo ; i < wasDoneTo + nElem ; ++i) {
@@ -1974,7 +1984,7 @@ addAction(action_t **ppAction, modInfo_t *pMod, void *pModData,
 	pAction->eState = ACT_STATE_RDY; /* action is enabled */
 
 	if(bSuspended)
-		actionSuspend(pAction, datetime.GetTime(NULL)); /* "good" time call, only during init and unavoidable */
+		actionSuspend(pAction);
 
 	CHKiRet(actionConstructFinalize(pAction, queueParams));
 	
-- 
cgit v1.2.3


From 610137b49d5e4f8a0d448d8d361c042cf451a550 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Mon, 8 Apr 2013 09:37:10 +0200
Subject: omrelp: add support for RainerScript-based configuration

---
 ChangeLog               |   1 +
 doc/omrelp.html         |  37 ++++++++++----
 plugins/omrelp/omrelp.c | 132 +++++++++++++++++++++++++++++++++++-------------
 runtime/rsyslog.h       |   4 +-
 4 files changed, 128 insertions(+), 46 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index c4546db6..e10f6c5d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,4 @@
+- omrelp: added support for RainerScript-based configuration
 ----------------------------------------------------------------------------
 Version 7.2.7  [v7-stable] 2013-03-??
 - rsyslogd startup information is now properly conveyed back to init
diff --git a/doc/omrelp.html b/doc/omrelp.html
index 22e6845f..4b28bdda 100644
--- a/doc/omrelp.html
+++ b/doc/omrelp.html
@@ -16,10 +16,30 @@ RELP protocol. For RELP's advantages over plain tcp syslog, please see
 the documentation for <a href="imrelp.html">imrelp</a>
 (the server counterpart).&nbsp;</p>
 <span style="font-weight: bold;">Setup</span>
-<p>Please note the <a href="http://www.librelp.com">librelp</a>
+<p>Please note that <a href="http://www.librelp.com">librelp</a>
 is required for imrelp (it provides the core relp protocol
 implementation).</p>
-<p><b>Configuration Directives</b>:</p>
+<p><b>Action Configuration Parameters</b>:</p>
+<p>This module supports RainerScript configuration starting with
+rsyslog 7.3.10. For older versions, legacy configuration directives
+must be used.
+<ul>
+	<li><b>target </b>(mandatory)<br>
+	The target server to connect to.
+	</li>
+	<li><b>template </b>(not mandatory, default "RSYSLOG_ForwardFormat")<br>
+	Defines the template to be used for the output.
+	</li>
+</ul>
+<p><b>Sample:</b></p>
+<p>The following sample sends all messages to the central server
+"centralserv" at port 2514 (note that that server must run imrelp on
+port 2514).
+</p>
+<textarea rows="3" cols="60">module(load="omrelp")
+action(type="omrelp" target="centralserv" port="2514")
+</textarea>
+<p><b>Legacy Configuration Directives</b>:</p>
 <p>This module uses old-style action configuration to keep
 consistent with the forwarding rule. So far, no additional
 configuration directives can be specified. To send a message via RELP,
@@ -33,18 +53,15 @@ use</p>
 <b>Caveats/Known Bugs:</b>
 <p>See <a href="imrelp.html">imrelp</a>,
 which documents them.&nbsp;</p>
-<p><b>Sample:</b></p>
+<p><b>Legacy Sample:</b></p>
 <p>The following sample sends all messages to the central server
 "centralserv" at port 2514 (note that that server must run imrelp on
-port 2514). Rsyslog's high-precision timestamp format is used, thus the
-special "RSYSLOG_ForwardFormat" (case sensitive!) template is used.<br>
+port 2514).
 </p>
-<textarea rows="15" cols="60">$ModLoad omrelp
-# forward messages to the remote server "myserv" on
-# port 2514
-*.* :omrelp:centralserv:2514;RSYSLOG_ForwardFormat
+<textarea rows="3" cols="60">$ModLoad omrelp
+*.* :omrelp:centralserv:2514
 </textarea>
-Note: to use IPv6 addresses, encode them in [::1] format.
+<p>Note: to use IPv6 addresses, encode them in [::1] format.
 <p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>]
 [<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p>
 <p><font size="2">This documentation is part of the
diff --git a/plugins/omrelp/omrelp.c b/plugins/omrelp/omrelp.c
index e55836c5..0c296673 100644
--- a/plugins/omrelp/omrelp.c
+++ b/plugins/omrelp/omrelp.c
@@ -7,7 +7,7 @@
  *
  * File begun on 2008-03-13 by RGerhards
  *
- * Copyright 2008-2012 Adiscon GmbH.
+ * Copyright 2008-2013 Adiscon GmbH.
  *
  * This file is part of rsyslog.
  *
@@ -43,6 +43,7 @@
 #include "glbl.h"
 #include "errmsg.h"
 #include "debug.h"
+#include "unicode-helper.h"
 
 MODULE_TYPE_OUTPUT
 MODULE_TYPE_NOKEEP
@@ -57,12 +58,13 @@ DEFobjCurrIf(glbl)
 static relpEngine_t *pRelpEngine;	/* our relp engine */
 
 typedef struct _instanceData {
-	char *f_hname;
+	uchar *target;
 	int compressionLevel; /* 0 - no compression, else level for zlib */
-	char *port;
+	uchar *port;
 	int bInitialConnect; /* is this the initial connection request of our module? (0-no, 1-yes) */
 	int bIsConnected; /* currently connected to server? 0 - no, 1 - yes */
 	relpClt_t *pRelpClt;		/* relp client for this instance */
+	uchar *tplName;
 } instanceData;
 
 typedef struct configSettings_s {
@@ -70,56 +72,119 @@ typedef struct configSettings_s {
 } configSettings_t;
 static configSettings_t __attribute__((unused)) cs;
 
+
+/* tables for interfacing with the v6 config system */
+/* action (instance) parameters */
+static struct cnfparamdescr actpdescr[] = {
+	{ "target", eCmdHdlrGetWord, 0 },
+	{ "port", eCmdHdlrGetWord, 0 },
+	{ "template", eCmdHdlrGetWord, 1 }
+};
+static struct cnfparamblk actpblk =
+	{ CNFPARAMBLK_VERSION,
+	  sizeof(actpdescr)/sizeof(struct cnfparamdescr),
+	  actpdescr
+	};
+
 BEGINinitConfVars		/* (re)set config variables to default values */
 CODESTARTinitConfVars 
 ENDinitConfVars
 
-/* get the syslog forward port from selector_t. The passed in
- * struct must be one that is setup for forwarding.
- * rgerhards, 2007-06-28
- * We may change the implementation to try to lookup the port
- * if it is unspecified. So far, we use the IANA default auf 514.
+/* We may change the implementation to try to lookup the port
+ * if it is unspecified. So far, we use 514 as default (what probably
+ * is not a really bright idea, but kept for backward compatibility).
  */
-static char *getRelpPt(instanceData *pData)
+static uchar *getRelpPt(instanceData *pData)
 {
 	assert(pData != NULL);
 	if(pData->port == NULL)
-		return("514");
+		return((uchar*)"514");
 	else
 		return(pData->port);
 }
 
+static inline rsRetVal
+doCreateRelpClient(instanceData *pData)
+{
+	DEFiRet;
+	if(relpEngineCltConstruct(pRelpEngine, &pData->pRelpClt) != RELP_RET_OK)
+		ABORT_FINALIZE(RS_RET_RELP_ERR);
+finalize_it:
+	RETiRet;
+}
+
+
 BEGINcreateInstance
 CODESTARTcreateInstance
 	pData->bInitialConnect = 1;
 ENDcreateInstance
 
-
-BEGINisCompatibleWithFeature
-CODESTARTisCompatibleWithFeature
-	if(eFeat == sFEATURERepeatedMsgReduction)
-		iRet = RS_RET_OK;
-ENDisCompatibleWithFeature
-
-
 BEGINfreeInstance
 CODESTARTfreeInstance
-	if(pData->port != NULL)
-		free(pData->port);
-
-	/* final cleanup */
 	if(pData->pRelpClt != NULL)
 		relpEngineCltDestruct(pRelpEngine, &pData->pRelpClt);
+	free(pData->target);
+	free(pData->port);
+	free(pData->tplName);
+ENDfreeInstance
 
-	if(pData->f_hname != NULL)
-		free(pData->f_hname);
+static inline void
+setInstParamDefaults(instanceData *pData)
+{
+	pData->target = NULL;
+	pData->port = NULL;
+	pData->tplName = NULL;
+}
 
-ENDfreeInstance
+
+BEGINnewActInst
+	struct cnfparamvals *pvals;
+	int i;
+CODESTARTnewActInst
+	if((pvals = nvlstGetParams(lst, &actpblk, NULL)) == NULL) {
+		ABORT_FINALIZE(RS_RET_MISSING_CNFPARAMS);
+	}
+
+	CHKiRet(createInstance(&pData));
+	setInstParamDefaults(pData);
+
+	for(i = 0 ; i < actpblk.nParams ; ++i) {
+		if(!pvals[i].bUsed)
+			continue;
+		if(!strcmp(actpblk.descr[i].name, "target")) {
+			pData->target = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+		} else if(!strcmp(actpblk.descr[i].name, "port")) {
+			pData->port = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+		} else if(!strcmp(actpblk.descr[i].name, "template")) {
+			pData->tplName = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+		} else {
+			dbgprintf("omrelp: program error, non-handled "
+			  "param '%s'\n", actpblk.descr[i].name);
+		}
+	}
+	
+	CODE_STD_STRING_REQUESTnewActInst(1)
+
+	CHKiRet(OMSRsetEntry(*ppOMSR, 0, (uchar*)strdup((pData->tplName == NULL) ?
+			    "RSYSLOG_ForwardFormat" : (char*)pData->tplName),
+	   		    OMSR_NO_RQD_TPL_OPTS));
+
+	CHKiRet(doCreateRelpClient(pData));
+
+CODE_STD_FINALIZERnewActInst
+	cnfparamvalsDestruct(pvals, &actpblk);
+ENDnewActInst
+
+BEGINisCompatibleWithFeature
+CODESTARTisCompatibleWithFeature
+	if(eFeat == sFEATURERepeatedMsgReduction)
+		iRet = RS_RET_OK;
+ENDisCompatibleWithFeature
 
 
 BEGINdbgPrintInstInfo
 CODESTARTdbgPrintInstInfo
-	printf("RELP/%s", pData->f_hname);
+	dbgprintf("RELP/%s", pData->target);
 ENDdbgPrintInstInfo
 
 
@@ -131,7 +196,7 @@ static rsRetVal doConnect(instanceData *pData)
 	DEFiRet;
 
 	if(pData->bInitialConnect) {
-		iRet = relpCltConnect(pData->pRelpClt, glbl.GetDefPFFamily(), (uchar*) pData->port, (uchar*) pData->f_hname);
+		iRet = relpCltConnect(pData->pRelpClt, glbl.GetDefPFFamily(), pData->port, pData->target);
 		if(iRet == RELP_RET_OK)
 			pData->bInitialConnect = 0;
 	} else {
@@ -160,7 +225,7 @@ BEGINdoAction
 	size_t lenMsg;
 	relpRetVal ret;
 CODESTARTdoAction
-	dbgprintf(" %s:%s/RELP\n", pData->f_hname, getRelpPt(pData));
+	dbgprintf(" %s:%s/RELP\n", pData->target, getRelpPt(pData));
 
 	if(!pData->bIsConnected) {
 		CHKiRet(doConnect(pData));
@@ -309,21 +374,17 @@ CODE_STD_STRING_REQUESTparseSelectorAct(1)
 	/* TODO: make this if go away! */
 	if(*p == ';') {
 		*p = '\0'; /* trick to obtain hostname (later)! */
-		CHKmalloc(pData->f_hname = strdup((char*) q));
+		CHKmalloc(pData->target = ustrdup(q));
 		*p = ';';
 	} else {
-		CHKmalloc(pData->f_hname = strdup((char*) q));
+		CHKmalloc(pData->target = ustrdup(q));
 	}
 
 	/* process template */
 	CHKiRet(cflineParseTemplateName(&p, *ppOMSR, 0, OMSR_NO_RQD_TPL_OPTS, (uchar*) "RSYSLOG_ForwardFormat"));
 
-	/* create our relp client  */
-	CHKiRet(relpEngineCltConstruct(pRelpEngine, &pData->pRelpClt)); /* we use CHKiRet as librelp has a similar return value range */
+	CHKiRet(doCreateRelpClient(pData));
 
-	/* TODO: do we need to call freeInstance if we failed - this is a general question for
-	 * all output modules. I'll address it later as the interface evolves. rgerhards, 2007-07-25
-	 */
 CODE_STD_FINALIZERparseSelectorAct
 ENDparseSelectorAct
 
@@ -342,6 +403,7 @@ BEGINqueryEtryPt
 CODESTARTqueryEtryPt
 CODEqueryEtryPt_STD_OMOD_QUERIES
 CODEqueryEtryPt_STD_CONF2_CNFNAME_QUERIES 
+CODEqueryEtryPt_STD_CONF2_OMOD_QUERIES
 ENDqueryEtryPt
 
 
diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h
index 07d58d68..53eb1edb 100644
--- a/runtime/rsyslog.h
+++ b/runtime/rsyslog.h
@@ -384,7 +384,9 @@ enum rsRetVal_				/** return value. All methods return this if not specified oth
 	RS_RET_MOD_NO_INPUT_STMT = -2224, /**< (input) module does not support input() statement */
 	RS_RET_NO_CEE_MSG = -2225, /**< the message being processed is NOT CEE-enhanced */
 
-	/**** up to 2300 is reserved for v6 use ****/
+	/**** up to 2290 is reserved for v6 use ****/
+	RS_RET_RELP_ERR = -2291,	/**<< error in RELP processing */
+	/**** up to 3000 is reserved for c7 use ****/
 	RS_RET_JNAME_NO_ROOT = -2301, /**< root element is missing in JSON path */
 	RS_RET_JNAME_INVALID = -2302, /**< JSON path is invalid */
 	RS_RET_JSON_PARSE_ERR = -2303, /**< we had a problem parsing JSON (or extra data) */
-- 
cgit v1.2.3


From ba592431e279b3dafb74b93824a1478ff0d9724f Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Mon, 8 Apr 2013 14:20:34 +0200
Subject: omrelp: add ability to specify session timeout

---
 ChangeLog               |  1 +
 configure.ac            |  2 +-
 doc/omrelp.html         |  4 ++++
 plugins/omrelp/omrelp.c | 11 +++++++++--
 4 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index e10f6c5d..1cd37361 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,5 @@
 - omrelp: added support for RainerScript-based configuration
+- omrelp: added ability to specify session timeout
 ----------------------------------------------------------------------------
 Version 7.2.7  [v7-stable] 2013-03-??
 - rsyslogd startup information is now properly conveyed back to init
diff --git a/configure.ac b/configure.ac
index 5c1fa991..e33a3d85 100644
--- a/configure.ac
+++ b/configure.ac
@@ -905,7 +905,7 @@ AC_ARG_ENABLE(relp,
         [enable_relp=no]
 )
 if test "x$enable_relp" = "xyes"; then
-	PKG_CHECK_MODULES(RELP, relp >= 1.0.1)
+	PKG_CHECK_MODULES(RELP, relp >= 1.0.3)
 fi
 AM_CONDITIONAL(ENABLE_RELP, test x$enable_relp = xyes)
 
diff --git a/doc/omrelp.html b/doc/omrelp.html
index 4b28bdda..8858f884 100644
--- a/doc/omrelp.html
+++ b/doc/omrelp.html
@@ -30,6 +30,10 @@ must be used.
 	<li><b>template </b>(not mandatory, default "RSYSLOG_ForwardFormat")<br>
 	Defines the template to be used for the output.
 	</li>
+	<li><b>timeout </b>(not mandatory, default 90)<br>
+	Timeout for relp sessions. If set too low, valid sessions
+	may be considered dead and tried to recover.
+	</li>
 </ul>
 <p><b>Sample:</b></p>
 <p>The following sample sends all messages to the central server
diff --git a/plugins/omrelp/omrelp.c b/plugins/omrelp/omrelp.c
index 0c296673..7d536cbc 100644
--- a/plugins/omrelp/omrelp.c
+++ b/plugins/omrelp/omrelp.c
@@ -63,7 +63,8 @@ typedef struct _instanceData {
 	uchar *port;
 	int bInitialConnect; /* is this the initial connection request of our module? (0-no, 1-yes) */
 	int bIsConnected; /* currently connected to server? 0 - no, 1 - yes */
-	relpClt_t *pRelpClt;		/* relp client for this instance */
+	unsigned timeout;
+	relpClt_t *pRelpClt; /* relp client for this instance */
 	uchar *tplName;
 } instanceData;
 
@@ -76,8 +77,9 @@ static configSettings_t __attribute__((unused)) cs;
 /* tables for interfacing with the v6 config system */
 /* action (instance) parameters */
 static struct cnfparamdescr actpdescr[] = {
-	{ "target", eCmdHdlrGetWord, 0 },
+	{ "target", eCmdHdlrGetWord, 1 },
 	{ "port", eCmdHdlrGetWord, 0 },
+	{ "timeout", eCmdHdlrInt, 0 },
 	{ "template", eCmdHdlrGetWord, 1 }
 };
 static struct cnfparamblk actpblk =
@@ -109,6 +111,8 @@ doCreateRelpClient(instanceData *pData)
 	DEFiRet;
 	if(relpEngineCltConstruct(pRelpEngine, &pData->pRelpClt) != RELP_RET_OK)
 		ABORT_FINALIZE(RS_RET_RELP_ERR);
+	if(relpCltSetTimeout(pData->pRelpClt, pData->timeout) != RELP_RET_OK)
+		ABORT_FINALIZE(RS_RET_RELP_ERR);
 finalize_it:
 	RETiRet;
 }
@@ -134,6 +138,7 @@ setInstParamDefaults(instanceData *pData)
 	pData->target = NULL;
 	pData->port = NULL;
 	pData->tplName = NULL;
+	pData->timeout = 90;
 }
 
 
@@ -157,6 +162,8 @@ CODESTARTnewActInst
 			pData->port = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
 		} else if(!strcmp(actpblk.descr[i].name, "template")) {
 			pData->tplName = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+		} else if(!strcmp(actpblk.descr[i].name, "timeout")) {
+			pData->timeout = (unsigned) pvals[i].val.d.n;
 		} else {
 			dbgprintf("omrelp: program error, non-handled "
 			  "param '%s'\n", actpblk.descr[i].name);
-- 
cgit v1.2.3


From d9cde56eb8532bd660d6feb2249562afac0c40f6 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Mon, 8 Apr 2013 17:55:52 +0200
Subject: add output module interface to facilitate cooperative shutdown

... in more complex cases (where receiving SIGTTIN is not sufficient).
See also:
http://blog.gerhards.net/2013/04/rsyslog-output-plugin-wrangling.html
---
 action.c                  |  2 ++
 plugins/omrelp/omrelp.c   |  6 ++++++
 runtime/module-template.h | 22 ++++++++++++++++++++++
 runtime/modules.c         |  4 ++++
 runtime/modules.h         |  1 +
 runtime/queue.c           |  2 --
 6 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/action.c b/action.c
index 8fc92e56..42d0e0ad 100644
--- a/action.c
+++ b/action.c
@@ -975,6 +975,8 @@ actionProcessMessage(action_t *pThis, msg_t *pMsg, void *actParams, int *pbShutd
 	ISOBJ_TYPE_assert(pMsg, msg);
 
 	CHKiRet(actionPrepare(pThis, pbShutdownImmediate));
+	if(pThis->pMod->mod.om.SetShutdownImmdtPtr != NULL)
+		pThis->pMod->mod.om.SetShutdownImmdtPtr(pThis->pModData, pbShutdownImmediate);
 	if(pThis->eState == ACT_STATE_ITX)
 		CHKiRet(actionCallDoAction(pThis, pMsg, actParams));
 
diff --git a/plugins/omrelp/omrelp.c b/plugins/omrelp/omrelp.c
index 7d536cbc..0374b697 100644
--- a/plugins/omrelp/omrelp.c
+++ b/plugins/omrelp/omrelp.c
@@ -188,6 +188,11 @@ CODESTARTisCompatibleWithFeature
 		iRet = RS_RET_OK;
 ENDisCompatibleWithFeature
 
+BEGINSetShutdownImmdtPtr
+CODESTARTSetShutdownImmdtPtr
+	DBGPRINTF("omrelp: shutdownImmediate ptr now is %p\n", pPtr);
+ENDSetShutdownImmdtPtr
+
 
 BEGINdbgPrintInstInfo
 CODESTARTdbgPrintInstInfo
@@ -411,6 +416,7 @@ CODESTARTqueryEtryPt
 CODEqueryEtryPt_STD_OMOD_QUERIES
 CODEqueryEtryPt_STD_CONF2_CNFNAME_QUERIES 
 CODEqueryEtryPt_STD_CONF2_OMOD_QUERIES
+CODEqueryEtryPt_SetShutdownImmdtPtr
 ENDqueryEtryPt
 
 
diff --git a/runtime/module-template.h b/runtime/module-template.h
index fe74bac9..8a958f90 100644
--- a/runtime/module-template.h
+++ b/runtime/module-template.h
@@ -938,6 +938,28 @@ static rsRetVal doHUP(instanceData __attribute__((unused)) *pData)\
 }
 
 
+/* SetShutdownImmdtPtr()
+ * This function is optional. If defined by an output plugin, it is called 
+ * each time the action is invoked to set the "ShutdownImmediate" pointer,
+ * which is used during termination to indicate the action should shutdown
+ * as quickly as possible.
+ */
+#define CODEqueryEtryPt_SetShutdownImmdtPtr \
+	else if(!strcmp((char*) name, "SetShutdownImmdtPtr")) {\
+		*pEtryPoint = SetShutdownImmdtPtr;\
+	}
+#define BEGINSetShutdownImmdtPtr \
+static rsRetVal SetShutdownImmdtPtr(instanceData __attribute__((unused)) *pData, int *pPtr)\
+{\
+	DEFiRet;
+
+#define CODESTARTSetShutdownImmdtPtr 
+
+#define ENDSetShutdownImmdtPtr \
+	RETiRet;\
+}
+
+
 /* parse() - main entry point of parser modules
  */
 #define BEGINparse \
diff --git a/runtime/modules.c b/runtime/modules.c
index 9f7ff31c..e9d8d959 100644
--- a/runtime/modules.c
+++ b/runtime/modules.c
@@ -657,6 +657,10 @@ doModInit(rsRetVal (*modInit)(int, int*, rsRetVal(**)(), rsRetVal(*)(), modInfo_
 			if(localRet != RS_RET_OK && localRet != RS_RET_MODULE_ENTRY_POINT_NOT_FOUND)
 				ABORT_FINALIZE(localRet);
 
+			localRet = (*pNew->modQueryEtryPt)((uchar*)"SetShutdownImmdtPtr", &pNew->mod.om.SetShutdownImmdtPtr);
+			if(localRet != RS_RET_OK && localRet != RS_RET_MODULE_ENTRY_POINT_NOT_FOUND)
+				ABORT_FINALIZE(localRet);
+
 			localRet = (*pNew->modQueryEtryPt)((uchar*)"beginTransaction", &pNew->mod.om.beginTransaction);
 			if(localRet == RS_RET_MODULE_ENTRY_POINT_NOT_FOUND)
 				pNew->mod.om.beginTransaction = dummyBeginTransaction;
diff --git a/runtime/modules.h b/runtime/modules.h
index e42d19e1..64644be2 100644
--- a/runtime/modules.h
+++ b/runtime/modules.h
@@ -142,6 +142,7 @@ struct modInfo_s {
 			rsRetVal (*endTransaction)(void*);
 			rsRetVal (*parseSelectorAct)(uchar**, void**,omodStringRequest_t**);
 			rsRetVal (*newActInst)(uchar *modName, struct nvlst *lst, void **, omodStringRequest_t **);
+			rsRetVal (*SetShutdownImmdtPtr)(void *pData, void *pPtr);
 		} om;
 		struct { /* data for library modules */
 		    	char dummy;
diff --git a/runtime/queue.c b/runtime/queue.c
index 8d8d8e0a..a464c2d7 100644
--- a/runtime/queue.c
+++ b/runtime/queue.c
@@ -1332,8 +1332,6 @@ finalize_it:
 	RETiRet;
 }
 
-
-
 /* Constructor for the queue object
  * This constructs the data structure, but does not yet start the queue. That
  * is done by queueStart(). The reason is that we want to give the caller a chance
-- 
cgit v1.2.3


From 86e34c6985da29c62f13ab83e44548f1fd21849d Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Tue, 9 Apr 2013 10:54:04 +0200
Subject: make imrelp properly terminate on system shutdown

it didn't do so if it was inside a retry loop
---
 action.c                | 10 +++++++---
 plugins/omrelp/omrelp.c |  1 +
 runtime/queue.c         |  5 ++++-
 tools/syslogd.c         |  1 +
 4 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/action.c b/action.c
index 42d0e0ad..4e1a8713 100644
--- a/action.c
+++ b/action.c
@@ -1284,8 +1284,11 @@ processBatchMain(action_t *pAction, batch_t *pBatch, int *pbShutdownImmediate)
 
 	assert(pBatch != NULL);
 
-	pbShutdownImmdtSave = pBatch->pbShutdownImmediate;
-	pBatch->pbShutdownImmediate = pbShutdownImmediate;
+	if(pbShutdownImmediate != NULL) {
+		pbShutdownImmdtSave = pBatch->pbShutdownImmediate;
+		pBatch->pbShutdownImmediate = pbShutdownImmediate;
+dbgprintf("DDDD: processBatchMain ShutdownImmediate is %p, was %p\n", pBatch->pbShutdownImmediate, pbShutdownImmdtSave);
+	}
 	CHKiRet(prepareBatch(pAction, pBatch, &activeSave, &bMustRestoreActivePtr));
 
 	/* We now must guard the output module against execution by multiple threads. The
@@ -1316,7 +1319,8 @@ processBatchMain(action_t *pAction, batch_t *pBatch, int *pbShutdownImmediate)
 	}
 
 finalize_it:
-	pBatch->pbShutdownImmediate = pbShutdownImmdtSave;
+	if(pbShutdownImmediate != NULL)
+		pBatch->pbShutdownImmediate = pbShutdownImmdtSave;
 	RETiRet;
 }
 #pragma GCC diagnostic warning "-Wempty-body"
diff --git a/plugins/omrelp/omrelp.c b/plugins/omrelp/omrelp.c
index 0374b697..c9e32444 100644
--- a/plugins/omrelp/omrelp.c
+++ b/plugins/omrelp/omrelp.c
@@ -190,6 +190,7 @@ ENDisCompatibleWithFeature
 
 BEGINSetShutdownImmdtPtr
 CODESTARTSetShutdownImmdtPtr
+	relpEngineSetShutdownImmdtPtr(pRelpEngine, pPtr);
 	DBGPRINTF("omrelp: shutdownImmediate ptr now is %p\n", pPtr);
 ENDSetShutdownImmdtPtr
 
diff --git a/runtime/queue.c b/runtime/queue.c
index a464c2d7..5c736d2c 100644
--- a/runtime/queue.c
+++ b/runtime/queue.c
@@ -1032,7 +1032,8 @@ rsRetVal qqueueEnqObjDirectBatch(qqueue_t *pThis, batch_t *pBatch)
 	 * We use our knowledge about the batch_t structure below, but without that, we
 	 * pay a too-large performance toll... -- rgerhards, 2009-04-22
 	 */
-	iRet = pThis->pConsumer(pThis->pUsr, pBatch, &pThis->bShutdownImmediate);
+dbgprintf("DDDD: qqueueEnqObjDirectBatch\n");
+	iRet = pThis->pConsumer(pThis->pUsr, pBatch, NULL);
 
 	RETiRet;
 }
@@ -1191,6 +1192,7 @@ RUNLOG_STR("trying to shutdown workers within Action Timeout");
 	/* instruct workers to finish ASAP, even if still work exists */
 	DBGOPRINT((obj_t*) pThis, "setting EnqOnly mode\n");
 	pThis->bEnqOnly = 1;
+dbgprintf("DDDD: setting shutdownImmediate mode, ptr %p!\n", &pThis->bShutdownImmediate);
 	pThis->bShutdownImmediate = 1;
 	/* now DA queue */
 	if(pThis->bIsDA) {
@@ -1872,6 +1874,7 @@ ConsumerReg(qqueue_t *pThis, wti_t *pWti)
 	/* at this spot, we may be cancelled */
 	pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &iCancelStateSave);
 
+dbgprintf("DDDD: calling consumer with shutdownImmeditate ptr %p\n", &pThis->bShutdownImmediate);
 	CHKiRet(pThis->pConsumer(pThis->pUsr, &pWti->batch, &pThis->bShutdownImmediate));
 
 	/* we now need to check if we should deliberately delay processing a bit
diff --git a/tools/syslogd.c b/tools/syslogd.c
index e2776c11..a0c01bf7 100644
--- a/tools/syslogd.c
+++ b/tools/syslogd.c
@@ -604,6 +604,7 @@ msgConsumer(void __attribute__((unused)) *notNeeded, batch_t *pBatch, int *pbShu
 	assert(pBatch != NULL);
 	pBatch->pbShutdownImmediate = pbShutdownImmediate; /* TODO: move this to batch creation! */
 	preprocessBatch(pBatch);
+dbgprintf("DDDD: batches ShutdownImmediate is %p\n", pBatch->pbShutdownImmediate);
 	ruleset.ProcessBatch(pBatch);
 //TODO: the BATCH_STATE_COMM must be set somewhere down the road, but we 
 //do not have this yet and so we emulate -- 2010-06-10
-- 
cgit v1.2.3


From c020cf51d14a9b80fbde9296ed4beb6d4c66e55e Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Tue, 9 Apr 2013 16:03:14 +0200
Subject: bugfix in testbench

I initially thought the testbench had found some regression, but it
turned out that a bugfix fixed a situation that the testbench had
(invalidly) relied on. I have now adapted the testbench to how
things really need to be.
---
 tests/queue-persist-drvr.sh | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/tests/queue-persist-drvr.sh b/tests/queue-persist-drvr.sh
index de597308..823fed6c 100755
--- a/tests/queue-persist-drvr.sh
+++ b/tests/queue-persist-drvr.sh
@@ -26,5 +26,10 @@ source $srcdir/diag.sh startup queue-persist.conf
 source $srcdir/diag.sh shutdown-when-empty # shut down rsyslogd when done processing messages
 ./msleep 500
 $srcdir/diag.sh wait-shutdown
-source $srcdir/diag.sh seq-check 0 4999
+# note: we need to permit duplicate messages, as due to the forced
+# shutdown some messages may be flagged as "unprocessed" while they
+# actually were processed. This is inline with rsyslog's philosophy
+# to better duplicate than loose messages. Duplicate messages are
+# permitted by the -d seq-check option.
+source $srcdir/diag.sh seq-check 0 4999 -d
 source $srcdir/diag.sh exit
-- 
cgit v1.2.3


From 9959f80ee64c0beb86338f94f41ef8a873ab38d1 Mon Sep 17 00:00:00 2001
From: Tomas Heinrich <theinric@redhat.com>
Date: Wed, 20 Mar 2013 19:13:59 +0100
Subject: Add new string functions that take a printf-style fmt

---
 runtime/stringbuf.c | 72 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 runtime/stringbuf.h |  7 ++++++
 2 files changed, 79 insertions(+)

diff --git a/runtime/stringbuf.c b/runtime/stringbuf.c
index d9f80231..75d2eac4 100644
--- a/runtime/stringbuf.c
+++ b/runtime/stringbuf.c
@@ -32,6 +32,7 @@
 #include <assert.h>
 #include <string.h>
 #include <ctype.h>
+#include <stdarg.h>
 #include <sys/types.h>
 #include <libestr.h>
 #include "rsyslog.h"
@@ -104,6 +105,56 @@ finalize_it:
 }
 
 
+/* a helper function for rsCStr*Strf()
+ */
+static rsRetVal rsCStrConstructFromszStrv(cstr_t **ppThis, uchar *fmt, va_list ap)
+{
+	DEFiRet;
+	cstr_t *pThis;
+	va_list ap2;
+	uchar *sz;
+	int len;
+
+	assert(ppThis != NULL);
+
+	va_copy(ap2, ap);
+	len = vsnprintf(NULL, 0, fmt, ap2);
+	va_end(ap2);
+
+	if(len < 0)
+		ABORT_FINALIZE(RS_RET_ERR);
+
+	CHKiRet(rsCStrConstruct(&pThis));
+
+	pThis->iBufSize = pThis->iStrLen = len;
+	len++; /* account for the \0 written by vsnprintf */
+	if((pThis->pBuf = (uchar*) MALLOC(sizeof(uchar) * len)) == NULL) {
+		RSFREEOBJ(pThis);
+		ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY);
+	}
+
+	vsnprintf(pThis->pBuf, len, fmt, ap);
+	*ppThis = pThis;
+finalize_it:
+	RETiRet;
+}
+
+
+/* construct from a printf-style formated string
+ */
+rsRetVal rsCStrConstructFromszStrf(cstr_t **ppThis, uchar *fmt, ...)
+{
+	DEFiRet;
+	va_list ap;
+
+	va_start(ap, fmt);
+	iRet = rsCStrConstructFromszStrv(ppThis, fmt, ap);
+	va_end(ap);
+
+	RETiRet;
+}
+
+
 /* construct from es_str_t string
  * rgerhards 2010-12-03
  */
@@ -256,6 +307,27 @@ rsRetVal cstrAppendCStr(cstr_t *pThis, cstr_t *pstrAppend)
 }
 
 
+/* append a printf-style formated string
+ */
+rsRetVal rsCStrAppendStrf(cstr_t *pThis, uchar *fmt, ...)
+{
+	DEFiRet;
+	va_list ap;
+	cstr_t *pStr;
+
+	va_start(ap, fmt);
+	iRet = rsCStrConstructFromszStrv(&pStr, fmt, ap);
+	va_end(ap);
+
+	CHKiRet(iRet);
+
+	iRet = cstrAppendCStr(pThis, pStr);
+	rsCStrDestruct(pStr);
+finalize_it:
+	RETiRet;
+}
+
+
 rsRetVal rsCStrAppendInt(cstr_t *pThis, long i)
 {
 	DEFiRet;
diff --git a/runtime/stringbuf.h b/runtime/stringbuf.h
index bba004a0..b301f4b9 100644
--- a/runtime/stringbuf.h
+++ b/runtime/stringbuf.h
@@ -58,6 +58,7 @@ rsRetVal cstrConstruct(cstr_t **ppThis);
 rsRetVal cstrConstructFromESStr(cstr_t **ppThis, es_str_t *str);
 rsRetVal rsCStrConstructFromszStr(cstr_t **ppThis, uchar *sz);
 rsRetVal rsCStrConstructFromCStr(cstr_t **ppThis, cstr_t *pFrom);
+rsRetVal rsCStrConstructFromszStrf(cstr_t **ppThis, uchar *fmt, ...);
 
 /**
  * Destruct the string buffer object.
@@ -173,6 +174,12 @@ rsRetVal rsCStrAppendStr(cstr_t *pThis, uchar* psz);
  */
 rsRetVal rsCStrAppendStrWithLen(cstr_t *pThis, uchar* psz, size_t iStrLen);
 
+/**
+ * Append a printf-style formated string to the buffer.
+ *
+ * \param fmt pointer to the format string (see man 3 printf for details). Must not be NULL.
+ */
+rsRetVal rsCStrAppendStrf(cstr_t *pThis, uchar *fmt, ...);
 
 /**
  * Append an integer to the string. No special formatting is
-- 
cgit v1.2.3


From 6923b9a4a7f86f6196d28b96e2ef5e8d1c2dceee Mon Sep 17 00:00:00 2001
From: Tomas Heinrich <theinric@redhat.com>
Date: Wed, 20 Mar 2013 16:40:01 +0100
Subject: Check return code from gnutls_x509_crt_get_*_dn

Enlarge the supplied buffer if necessary.
---
 runtime/nsd_gtls.c | 55 ++++++++++++++++++++++++++++++++++--------------------
 1 file changed, 35 insertions(+), 20 deletions(-)

diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c
index 0f66c766..cd1b336c 100644
--- a/runtime/nsd_gtls.c
+++ b/runtime/nsd_gtls.c
@@ -259,9 +259,10 @@ gtlsClientCertCallback(gnutls_session session,
 static rsRetVal
 gtlsGetCertInfo(nsd_gtls_t *pThis, cstr_t **ppStr)
 {
-	char dn[128];
 	uchar lnBuf[256];
-	size_t size;
+	uchar szBufA[1024];
+	uchar *szBuf = szBufA;
+	size_t szBufLen = sizeof(szBufA), tmp;
 	unsigned int algo, bits;
 	time_t expiration_time, activation_time;
 	const gnutls_datum *cert_list;
@@ -271,8 +272,6 @@ gtlsGetCertInfo(nsd_gtls_t *pThis, cstr_t **ppStr)
 	int gnuRet;
 	DEFiRet;
 	unsigned iAltName;
-	size_t szAltNameLen;
-	char szAltName[1024]; /* this is sufficient for the DNSNAME... */
 
 	assert(ppStr != NULL);
 	ISOBJ_TYPE_assert(pThis, nsd_gtls);
@@ -296,14 +295,14 @@ gtlsGetCertInfo(nsd_gtls_t *pThis, cstr_t **ppStr)
 
 		expiration_time = gnutls_x509_crt_get_expiration_time(cert);
 		activation_time = gnutls_x509_crt_get_activation_time(cert);
-		ctime_r(&activation_time, dn);
-		dn[strlen(dn) - 1] = '\0'; /* strip linefeed */
-		snprintf((char*)lnBuf, sizeof(lnBuf), "certificate valid from %s ", dn);
+		ctime_r(&activation_time, szBuf);
+		szBuf[strlen(szBuf) - 1] = '\0'; /* strip linefeed */
+		snprintf((char*)lnBuf, sizeof(lnBuf), "certificate valid from %s ", szBuf);
 		CHKiRet(rsCStrAppendStr(pStr, lnBuf));
 
-		ctime_r(&expiration_time, dn);
-		dn[strlen(dn) - 1] = '\0'; /* strip linefeed */
-		snprintf((char*)lnBuf, sizeof(lnBuf), "to %s; ", dn);
+		ctime_r(&expiration_time, szBuf);
+		szBuf[strlen(szBuf) - 1] = '\0'; /* strip linefeed */
+		snprintf((char*)lnBuf, sizeof(lnBuf), "to %s; ", szBuf);
 		CHKiRet(rsCStrAppendStr(pStr, lnBuf));
 
 		/* Extract some of the public key algorithm's parameters */
@@ -314,27 +313,41 @@ gtlsGetCertInfo(nsd_gtls_t *pThis, cstr_t **ppStr)
 		CHKiRet(rsCStrAppendStr(pStr, lnBuf));
 
 		/* names */
-		size = sizeof(dn);
-		gnutls_x509_crt_get_dn(cert, dn, &size);
-		snprintf((char*)lnBuf, sizeof(lnBuf), "DN: %s; ", dn);
+		tmp = szBufLen;
+		if(gnutls_x509_crt_get_dn(cert, szBuf, &tmp)
+		    == GNUTLS_E_SHORT_MEMORY_BUFFER) {
+			szBufLen = tmp;
+			szBuf = malloc(tmp);
+			gnutls_x509_crt_get_dn(cert, szBuf, &tmp);
+		}
+		snprintf((char*)lnBuf, sizeof(lnBuf), "DN: %s; ", szBuf);
 		CHKiRet(rsCStrAppendStr(pStr, lnBuf));
 
-		size = sizeof(dn);
-		gnutls_x509_crt_get_issuer_dn(cert, dn, &size);
-		snprintf((char*)lnBuf, sizeof(lnBuf), "Issuer DN: %s; ", dn);
+		tmp = szBufLen;
+		if(gnutls_x509_crt_get_issuer_dn(cert, szBuf, &tmp)
+		    == GNUTLS_E_SHORT_MEMORY_BUFFER) {
+			szBufLen = tmp;
+			szBuf = realloc((szBuf == szBufA) ? NULL : szBuf, tmp);
+			gnutls_x509_crt_get_issuer_dn(cert, szBuf, &tmp);
+		}
+		snprintf((char*)lnBuf, sizeof(lnBuf), "Issuer DN: %s; ", szBuf);
 		CHKiRet(rsCStrAppendStr(pStr, lnBuf));
 
 		/* dNSName alt name */
 		iAltName = 0;
 		while(1) { /* loop broken below */
-			szAltNameLen = sizeof(szAltName);
+			tmp = szBufLen;
 			gnuRet = gnutls_x509_crt_get_subject_alt_name(cert, iAltName,
-					szAltName, &szAltNameLen, NULL);
-			if(gnuRet < 0)
+					szBuf, &tmp, NULL);
+			if(gnuRet == GNUTLS_E_SHORT_MEMORY_BUFFER) {
+				szBufLen = tmp;
+				szBuf = realloc((szBuf == szBufA) ? NULL : szBuf, tmp);
+				continue;
+			} else if(gnuRet < 0)
 				break;
 			else if(gnuRet == GNUTLS_SAN_DNSNAME) {
 				/* we found it! */
-				snprintf((char*)lnBuf, sizeof(lnBuf), "SAN:DNSname: %s; ", szAltName);
+				snprintf((char*)lnBuf, sizeof(lnBuf), "SAN:DNSname: %s; ", szBuf);
 				CHKiRet(rsCStrAppendStr(pStr, lnBuf));
 				/* do NOT break, because there may be multiple dNSName's! */
 			}
@@ -352,6 +365,8 @@ finalize_it:
 		if(pStr != NULL)
 			rsCStrDestruct(&pStr);
 	}
+	if(szBuf != szBufA)
+		free(szBuf);
 
 	RETiRet;
 }
-- 
cgit v1.2.3


From 4d831391925f29f82464aa0223e6f40ac8e1f9b1 Mon Sep 17 00:00:00 2001
From: Tomas Heinrich <theinric@redhat.com>
Date: Thu, 21 Mar 2013 10:04:59 +0100
Subject: Utilize the new rsCStr*Strf() functions

---
 runtime/nsd_gtls.c | 32 +++++++++-----------------------
 1 file changed, 9 insertions(+), 23 deletions(-)

diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c
index cd1b336c..6ef4feba 100644
--- a/runtime/nsd_gtls.c
+++ b/runtime/nsd_gtls.c
@@ -259,7 +259,6 @@ gtlsClientCertCallback(gnutls_session session,
 static rsRetVal
 gtlsGetCertInfo(nsd_gtls_t *pThis, cstr_t **ppStr)
 {
-	uchar lnBuf[256];
 	uchar szBufA[1024];
 	uchar *szBuf = szBufA;
 	size_t szBufLen = sizeof(szBufA), tmp;
@@ -280,37 +279,27 @@ gtlsGetCertInfo(nsd_gtls_t *pThis, cstr_t **ppStr)
 		return RS_RET_TLS_CERT_ERR;
 
 	cert_list = gnutls_certificate_get_peers(pThis->sess, &cert_list_size);
-
-	CHKiRet(rsCStrConstruct(&pStr));
-
-	snprintf((char*)lnBuf, sizeof(lnBuf), "peer provided %d certificate(s). ", cert_list_size);
-	CHKiRet(rsCStrAppendStr(pStr, lnBuf));
+	CHKiRet(rsCStrConstructFromszStrf(&pStr, "peer provided %d certificate(s). ", cert_list_size));
 
 	if(cert_list_size > 0) {
 		/* we only print information about the first certificate */
 		CHKgnutls(gnutls_x509_crt_init(&cert));
 		CHKgnutls(gnutls_x509_crt_import(cert, &cert_list[0], GNUTLS_X509_FMT_DER));
 
-		CHKiRet(rsCStrAppendStr(pStr, (uchar*)"Certificate 1 info: "));
-
 		expiration_time = gnutls_x509_crt_get_expiration_time(cert);
 		activation_time = gnutls_x509_crt_get_activation_time(cert);
 		ctime_r(&activation_time, szBuf);
 		szBuf[strlen(szBuf) - 1] = '\0'; /* strip linefeed */
-		snprintf((char*)lnBuf, sizeof(lnBuf), "certificate valid from %s ", szBuf);
-		CHKiRet(rsCStrAppendStr(pStr, lnBuf));
-
+		CHKiRet(rsCStrAppendStrf(pStr, (uchar*)"Certificate 1 info: "
+			"certificate valid from %s ", szBuf));
 		ctime_r(&expiration_time, szBuf);
 		szBuf[strlen(szBuf) - 1] = '\0'; /* strip linefeed */
-		snprintf((char*)lnBuf, sizeof(lnBuf), "to %s; ", szBuf);
-		CHKiRet(rsCStrAppendStr(pStr, lnBuf));
+		CHKiRet(rsCStrAppendStrf(pStr, "to %s; ", szBuf));
 
 		/* Extract some of the public key algorithm's parameters */
 		algo = gnutls_x509_crt_get_pk_algorithm(cert, &bits);
-
-		snprintf((char*)lnBuf, sizeof(lnBuf), "Certificate public key: %s; ",
-			 gnutls_pk_algorithm_get_name(algo));
-		CHKiRet(rsCStrAppendStr(pStr, lnBuf));
+		CHKiRet(rsCStrAppendStrf(pStr, "Certificate public key: %s; ",
+			gnutls_pk_algorithm_get_name(algo)));
 
 		/* names */
 		tmp = szBufLen;
@@ -320,8 +309,7 @@ gtlsGetCertInfo(nsd_gtls_t *pThis, cstr_t **ppStr)
 			szBuf = malloc(tmp);
 			gnutls_x509_crt_get_dn(cert, szBuf, &tmp);
 		}
-		snprintf((char*)lnBuf, sizeof(lnBuf), "DN: %s; ", szBuf);
-		CHKiRet(rsCStrAppendStr(pStr, lnBuf));
+		CHKiRet(rsCStrAppendStrf(pStr, "DN: %s; ", szBuf));
 
 		tmp = szBufLen;
 		if(gnutls_x509_crt_get_issuer_dn(cert, szBuf, &tmp)
@@ -330,8 +318,7 @@ gtlsGetCertInfo(nsd_gtls_t *pThis, cstr_t **ppStr)
 			szBuf = realloc((szBuf == szBufA) ? NULL : szBuf, tmp);
 			gnutls_x509_crt_get_issuer_dn(cert, szBuf, &tmp);
 		}
-		snprintf((char*)lnBuf, sizeof(lnBuf), "Issuer DN: %s; ", szBuf);
-		CHKiRet(rsCStrAppendStr(pStr, lnBuf));
+		CHKiRet(rsCStrAppendStrf(pStr, "Issuer DN: %s; ", szBuf));
 
 		/* dNSName alt name */
 		iAltName = 0;
@@ -347,8 +334,7 @@ gtlsGetCertInfo(nsd_gtls_t *pThis, cstr_t **ppStr)
 				break;
 			else if(gnuRet == GNUTLS_SAN_DNSNAME) {
 				/* we found it! */
-				snprintf((char*)lnBuf, sizeof(lnBuf), "SAN:DNSname: %s; ", szBuf);
-				CHKiRet(rsCStrAppendStr(pStr, lnBuf));
+				CHKiRet(rsCStrAppendStrf(pStr, "SAN:DNSname: %s; ", szBuf));
 				/* do NOT break, because there may be multiple dNSName's! */
 			}
 			++iAltName;
-- 
cgit v1.2.3


From d27e726d6b0e071fc9077e18a795025b3571e032 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Tue, 9 Apr 2013 17:30:12 +0200
Subject: doc: add recent patch to ChangeLog

---
 ChangeLog | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 3c532059..c28e2dbb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,8 @@ Version 7.3.10  [devel] 2013-04-??
   no failover happened. The suspend functionalit now does no longer use
   the cached timestamp (should not have any performance implication, as
   action suspend occurs very infrequently).
+- bugfix: gnutls RFC5425 driver had some undersized buffers
+  Thanks to Tomas Heinrich for the patch.
 - bugfix: nested if/prifilt conditions did not work properly
   closes: http://bugzilla.adiscon.com/show_bug.cgi?id=415
 - templates now permit substring extraction relative to end-of-string
-- 
cgit v1.2.3


From 08a63f4987b7bfd694a85b53b3385af3bda3ad2f Mon Sep 17 00:00:00 2001
From: Martin Carpenter <mcarpenter@free.fr>
Date: Wed, 27 Mar 2013 11:12:50 +0100
Subject: Set pkgconfig variables for libuuid on Solaris

---
 configure.ac | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/configure.ac b/configure.ac
index 5c1fa991..1df9e7d4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -55,6 +55,10 @@ case "${host}" in
     AC_DEFINE([OS_SOLARIS], [1], [Indicator for a Solaris OS])
     AC_DEFINE([_POSIX_PTHREAD_SEMANTICS], [1], [Use POSIX pthread semantics])
     SOL_LIBS="-lsocket -lnsl"
+    # Solaris libuuid does not ship with a pkgconfig file so override the appropriate
+    # variables (but only if they have not been set by the user).
+    LIBUUID_CFLAGS=${LIBUUID_CFLAGS:= }
+    LIBUUID_LIBS=${LIBUUID_LIBS:=-luuid}
     AC_SUBST(SOL_LIBS)
   ;;
 esac
-- 
cgit v1.2.3


From e523107a96f569825879d5713ed4c5a56180eb2f Mon Sep 17 00:00:00 2001
From: Martin Carpenter <mcarpenter@free.fr>
Date: Wed, 27 Mar 2013 12:07:33 +0100
Subject: Update u_int8_t to uint8_t

---
 plugins/omudpspoof/omudpspoof.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/omudpspoof/omudpspoof.c b/plugins/omudpspoof/omudpspoof.c
index 4f37fd8c..9c4c80ba 100644
--- a/plugins/omudpspoof/omudpspoof.c
+++ b/plugins/omudpspoof/omudpspoof.c
@@ -481,7 +481,7 @@ UDPSend(instanceData *pData, uchar *pszSourcename, char *msg, size_t len)
 				0,				/* checksum */
 				source_ip.sin_addr.s_addr,
 				tempaddr->sin_addr.s_addr,
-				(u_int8_t*)(msg+msgOffs),	/* payload */
+				(uint8_t*)(msg+msgOffs),	/* payload */
 				pktLen, 			/* payload size */
 				pData->libnet_handle,		/* libnet handle */
 				ip);				/* libnet id */
-- 
cgit v1.2.3


From 980523a7de83f6a492e633648467118c84adbe12 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Wed, 10 Apr 2013 08:57:37 +0200
Subject: doc: complete ChangeLog

---
 ChangeLog | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index c28e2dbb..670a39a6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,7 @@ Version 7.3.10  [devel] 2013-04-??
 - added RainerScript re_extract() function
 - omrelp: added support for RainerScript-based configuration
 - omrelp: added ability to specify session timeout
+- templates now permit substring extraction relative to end-of-string
 - bugfix: failover/action suspend did not work correctly
   This was experienced if the retry action took more than one second
   to complete. For suspending, a cached timestamp was used, and if the
@@ -15,9 +16,10 @@ Version 7.3.10  [devel] 2013-04-??
   Thanks to Tomas Heinrich for the patch.
 - bugfix: nested if/prifilt conditions did not work properly
   closes: http://bugzilla.adiscon.com/show_bug.cgi?id=415
-- templates now permit substring extraction relative to end-of-string
 - bugfix: imuxsock aborted under some conditions
   regression from ratelimiting enhancements
+- bugfix: build problems on Solaris
+  Thanks to Martin Carpenter for the patches.
 ---------------------------------------------------------------------------
 Version 7.3.9  [devel] 2013-03-27
 - support for signing logs added
-- 
cgit v1.2.3


From a5d33140aae708f71939bcde5f4db5655856e7dc Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Wed, 10 Apr 2013 10:05:49 +0200
Subject: prepare for 7.3.10 release

---
 ChangeLog       | 2 +-
 configure.ac    | 2 +-
 doc/manual.html | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 670a39a6..84c5db7b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,5 @@
 ---------------------------------------------------------------------------
-Version 7.3.10  [devel] 2013-04-??
+Version 7.3.10  [devel] 2013-04-10
 - added RainerScript re_extract() function
 - omrelp: added support for RainerScript-based configuration
 - omrelp: added ability to specify session timeout
diff --git a/configure.ac b/configure.ac
index 915821f0..c0712a5e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ(2.61)
-AC_INIT([rsyslog],[7.3.9],[rsyslog@lists.adiscon.com])
+AC_INIT([rsyslog],[7.3.10],[rsyslog@lists.adiscon.com])
 AM_INIT_AUTOMAKE
 
 m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
diff --git a/doc/manual.html b/doc/manual.html
index 6fba9a05..a1e39c9d 100644
--- a/doc/manual.html
+++ b/doc/manual.html
@@ -19,7 +19,7 @@ professional services</a> available directly from the source!</p>
 <p><b>Please visit the <a href="http://www.rsyslog.com/sponsors">rsyslog sponsor's page</a>
 to honor the project sponsors or become one yourself!</b> We are very grateful for any help towards the
 project goals.</p>
-<p><b>This documentation is for version 7.3.9 (devel branch) of rsyslog.</b>
+<p><b>This documentation is for version 7.3.10 (devel branch) of rsyslog.</b>
 Visit the <i><a href="http://www.rsyslog.com/status">rsyslog status page</a></i></b>
 to obtain current version information and project status.
 </p><p><b>If you like rsyslog, you might
-- 
cgit v1.2.3


From 078b010af6317ad325a9f10a901f8a279c8d0899 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Thu, 11 Apr 2013 09:57:18 +0200
Subject: log encryption: check length of "key" parameter

---
 runtime/Makefile.am  | 2 +-
 runtime/libgcry.c    | 4 +++-
 runtime/lmcry_gcry.c | 8 ++++++--
 3 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/runtime/Makefile.am b/runtime/Makefile.am
index be68ce60..e1f0673c 100644
--- a/runtime/Makefile.am
+++ b/runtime/Makefile.am
@@ -184,7 +184,7 @@ if ENABLE_LIBGCRYPT
    pkglib_LTLIBRARIES += lmcry_gcry.la
    lmcry_gcry_la_SOURCES = lmcry_gcry.c lmcry_gcry.h libgcry.c libgcry.h
    lmcry_gcry_la_CPPFLAGS = $(RSRT_CFLAGS) $(LIBGCRYPT_CFLAGS)
-   lmcry_gcry_la_LDFLAGS = -module -avoid-version
+   lmcry_gcry_la_LDFLAGS = -module -avoid-version `libgcrypt-config --libs`
 #lmcry_gcry_la_LIBADD = libgcry.la $(LIBGCRYPT_LIBS)
    lmcry_gcry_la_LIBADD = $(LIBGCRYPT_LIBS)
 endif
diff --git a/runtime/libgcry.c b/runtime/libgcry.c
index 5f1dbf58..c1ab3abf 100644
--- a/runtime/libgcry.c
+++ b/runtime/libgcry.c
@@ -108,8 +108,10 @@ rsgcrySetKey(gcryctx ctx, unsigned char *key, uint16_t keyLen)
 	uint16_t reqKeyLen = gcry_cipher_get_algo_keylen(GCRY_CIPHER);
 	int r;
 
-	if(keyLen != reqKeyLen)
+	if(keyLen != reqKeyLen) {
 		r = reqKeyLen;
+		goto done;
+	}
 	ctx->keyLen = keyLen;
 	ctx->key = malloc(keyLen);
 	memcpy(ctx->key, key, keyLen);
diff --git a/runtime/lmcry_gcry.c b/runtime/lmcry_gcry.c
index ce0fef2f..31e648fc 100644
--- a/runtime/lmcry_gcry.c
+++ b/runtime/lmcry_gcry.c
@@ -92,6 +92,8 @@ SetCnfParam(void *pT, struct nvlst *lst)
 	uchar *cstr;
 	uchar *key = NULL;
 	struct cnfparamvals *pvals;
+	DEFiRet;
+
 	pvals = nvlstGetParams(lst, &pblk, NULL);
 	if(Debug) {
 		dbgprintf("param blk in lmcry_gcry:\n");
@@ -125,8 +127,9 @@ SetCnfParam(void *pT, struct nvlst *lst)
 			"config file is highly insecure - DO NOT USE FOR PRODUCTION");
 		r = rsgcrySetKey(pThis->ctx, key, strlen((char*)key));
 		if(r > 0) {
-			errmsg.LogError(0, RS_RET_ERR, "Key length %d expected, but "
+			errmsg.LogError(0, RS_RET_INVALID_PARAMS, "Key length %d expected, but "
 				"key of length %d given", r, strlen((char*)key));
+			ABORT_FINALIZE(RS_RET_INVALID_PARAMS);
 		}
 	}
 
@@ -135,7 +138,8 @@ SetCnfParam(void *pT, struct nvlst *lst)
 		memset(key, 0, strlen((char*)key));
 		free(key);
 	}
-	return RS_RET_OK;
+finalize_it:
+	RETiRet;
 }
 
 
-- 
cgit v1.2.3


From 7ab02dce5c60453c454dd8645a63a5ef33f6a546 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Thu, 11 Apr 2013 10:08:05 +0200
Subject: cleanup

---
 runtime/libgcry.c | 40 ----------------------------------------
 1 file changed, 40 deletions(-)

diff --git a/runtime/libgcry.c b/runtime/libgcry.c
index c1ab3abf..af70e581 100644
--- a/runtime/libgcry.c
+++ b/runtime/libgcry.c
@@ -199,43 +199,3 @@ rsgcryExit(void)
 {
 	return;
 }
-
-#if 0 // we use this for the tool, only!
-static void
-doDeCrypt(FILE *fpin, FILE *fpout)
-{
-	gcry_error_t     gcryError;
-	char	buf[64*1024];
-	size_t	nRead, nWritten;
-	size_t nPad;
-	
-	while(1) {
-		nRead = fread(buf, 1, sizeof(buf), fpin);
-		if(nRead == 0)
-			break;
-		nPad = (blkLength - nRead % blkLength) % blkLength;
-		fprintf(stderr, "read %d chars, blkLength %d, mod %d, pad %d\n", nRead, blkLength,
-			nRead % blkLength, nPad);
-		gcryError = gcry_cipher_decrypt(
-				gcryCipherHd, // gcry_cipher_hd_t
-				buf,    // void *
-				nRead,    // size_t
-				NULL,    // const void *
-				0);   // size_t
-		if (gcryError) {
-			fprintf(stderr, "gcry_cipher_encrypt failed:  %s/%s\n",
-			gcry_strsource(gcryError),
-			gcry_strerror(gcryError));
-			return;
-		}
-fprintf(stderr, "in remove pad, %d\n", nRead);
-		removePadding(buf, &nRead);
-fprintf(stderr, "out remove pad %d\n", nRead);
-		nWritten = fwrite(buf, 1, nRead, fpout);
-		if(nWritten != nRead) {
-			perror("fpout");
-			return;
-		}
-	}
-}
-#endif
-- 
cgit v1.2.3


From 5f72832b3d6c2acd076b9ebfd3484877fc506ebc Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Thu, 11 Apr 2013 14:49:06 +0200
Subject: logenc: milestone: rsyslog writes .encinfo side files

---
 runtime/cryprov.h    |   2 +-
 runtime/libgcry.c    | 213 ++++++++++++++++++++++++++++++++++++++++++++++++---
 runtime/libgcry.h    |  12 ++-
 runtime/lmcry_gcry.c |  12 +--
 runtime/rsyslog.h    |   4 +
 runtime/stream.c     |   5 +-
 6 files changed, 229 insertions(+), 19 deletions(-)

diff --git a/runtime/cryprov.h b/runtime/cryprov.h
index c5ee95a0..5b694f46 100644
--- a/runtime/cryprov.h
+++ b/runtime/cryprov.h
@@ -33,7 +33,7 @@ BEGINinterface(cryprov) /* name must also be changed in ENDinterface macro! */
 	rsRetVal (*Destruct)(void *ppThis);
 	rsRetVal (*OnFileOpen)(void *pThis, uchar *fn, void *pFileInstData);
 	rsRetVal (*Encrypt)(void *pFileInstData, uchar *buf, size_t *lenBuf);
-	rsRetVal (*OnFileClose)(void *pFileInstData);
+	rsRetVal (*OnFileClose)(void *pFileInstData, off64_t offsLogfile);
 ENDinterface(cryprov)
 #define cryprovCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */
 rsRetVal initCrypt(int gcry_mode, char * iniVector);
diff --git a/runtime/libgcry.c b/runtime/libgcry.c
index af70e581..94e087ac 100644
--- a/runtime/libgcry.c
+++ b/runtime/libgcry.c
@@ -2,6 +2,22 @@
  *
  * Copyright 2013 Adiscon GmbH.
  *
+ * We need to store some additional information in support of encryption.
+ * For this, we create a side-file, which is named like the actual log
+ * file, but with the suffix ".encinfo" appended. It contains the following
+ * records:
+ * IV:<hex>   The initial vector used at block start. Also indicates start
+ *            start of block.
+ * END:<int>  The end offset of the block, as uint64_t in decimal notation.
+ *            This is used during encryption to know when the current
+ *            encryption block ends.
+ * For the current implementation, there must always be an IV record
+ * followed by an END record. Each records is LF-terminated. Record
+ * types can simply be extended in the future by specifying new 
+ * keywords (like "IV") before the colon.
+ * To identify a file as rsyslog encryption info file, it must start with
+ * the line "FILETYPE:rsyslog-enrcyption-info"
+ *
  * This file is part of rsyslog.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -23,21 +39,166 @@
 #endif
 #include <stdio.h>
 #include <gcrypt.h>
+#include <sys/stat.h>
+#include <sys/uio.h>
+#include <fcntl.h>
+#include <errno.h>
 
 #include "rsyslog.h"
 #include "libgcry.h"
 
 #define GCRY_CIPHER GCRY_CIPHER_3DES  // TODO: make configurable
 
-static inline gcryfile
-gcryfileConstruct(gcryctx ctx)
+
+static rsRetVal
+eiWriteRec(gcryfile gf, char *recHdr, size_t lenRecHdr, char *buf, size_t lenBuf)
+{
+	struct iovec iov[3];
+	ssize_t nwritten, towrite;
+	DEFiRet;
+
+	iov[0].iov_base = recHdr;
+	iov[0].iov_len = lenRecHdr;
+	iov[1].iov_base = buf;
+	iov[1].iov_len = lenBuf;
+	iov[2].iov_base = "\n";
+	iov[2].iov_len = 1;
+	towrite = iov[0].iov_len + iov[1].iov_len + iov[2].iov_len;
+	nwritten = writev(gf->fd, iov, sizeof(iov)/sizeof(struct iovec));
+	if(nwritten != towrite) {
+		DBGPRINTF("eiWrite%s: error writing file, towrite %d, "
+			"nwritten %d\n", recHdr, (int) towrite, (int) nwritten);
+		ABORT_FINALIZE(RS_RET_EI_WR_ERR);
+	}
+	DBGPRINTF("encryption info file %s: written %s, len %d\n",
+		  recHdr, gf->eiName, (int) nwritten);
+finalize_it:
+	RETiRet;
+}
+
+static rsRetVal
+eiOpenRead(gcryfile gf)
+{
+	DEFiRet;
+	gf->fd = open((char*)gf->eiName, O_RDONLY|O_NOCTTY|O_CLOEXEC);
+	if(gf->fd == -1) {
+		ABORT_FINALIZE(errno == ENOENT ? RS_RET_EI_NO_EXISTS : RS_RET_EI_OPN_ERR);
+	}
+finalize_it:
+	RETiRet;
+}
+
+
+static rsRetVal
+eiCheckFiletype(gcryfile gf)
+{
+	char hdrBuf[128];
+	size_t toRead, didRead;
+	DEFiRet;
+
+	CHKiRet(eiOpenRead(gf));
+	if(Debug) memset(hdrBuf, 0, sizeof(hdrBuf)); /* for dbgprintf below! */
+	toRead = sizeof("FILETYPE:")-1 + sizeof(RSGCRY_FILETYPE_NAME)-1 + 1;
+	didRead = read(gf->fd, hdrBuf, toRead);
+	close(gf->fd);
+	DBGPRINTF("eiCheckFiletype read %d bytes: '%s'\n", didRead, hdrBuf);
+	if(   didRead != toRead
+	   || strncmp(hdrBuf, "FILETYPE:" RSGCRY_FILETYPE_NAME "\n", toRead))
+		iRet = RS_RET_EI_INVLD_FILE;
+finalize_it:
+	RETiRet;
+}
+
+static rsRetVal
+eiOpenAppend(gcryfile gf)
+{
+	rsRetVal localRet;
+	DEFiRet;
+	localRet = eiCheckFiletype(gf);
+	if(localRet == RS_RET_OK) {
+		gf->fd = open((char*)gf->eiName,
+			       O_WRONLY|O_APPEND|O_NOCTTY|O_CLOEXEC, 0600);
+		if(gf->fd == -1) {
+			ABORT_FINALIZE(RS_RET_EI_OPN_ERR);
+		}
+	} else if(localRet == RS_RET_EI_NO_EXISTS) {
+		/* looks like we need to create a new file */
+		gf->fd = open((char*)gf->eiName,
+			       O_WRONLY|O_CREAT|O_NOCTTY|O_CLOEXEC, 0600);
+		if(gf->fd == -1) {
+			ABORT_FINALIZE(RS_RET_EI_OPN_ERR);
+		}
+		CHKiRet(eiWriteRec(gf, "FILETYPE:", 9, RSGCRY_FILETYPE_NAME,
+			    sizeof(RSGCRY_FILETYPE_NAME)-1));
+	} else {
+		gf->fd = -1;
+		ABORT_FINALIZE(localRet);
+	}
+	DBGPRINTF("encryption info file %s: opened as #%d\n",
+		gf->eiName, gf->fd);
+finalize_it:
+	RETiRet;
+}
+
+static rsRetVal
+eiWriteIV(gcryfile gf, uchar *iv)
 {
+	static const char hexchars[16] =
+	   {'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'};
+	unsigned iSrc, iDst;
+	char hex[4096];
+	DEFiRet;
+
+	if(gf->blkLength > sizeof(hex)/2) {
+		DBGPRINTF("eiWriteIV: crypto block len way too large, aborting "
+			  "write");
+		ABORT_FINALIZE(RS_RET_ERR);
+	}
+
+	for(iSrc = iDst = 0 ; iSrc < gf->blkLength ; ++iSrc) {
+		hex[iDst++] = hexchars[iv[iSrc]>>4];
+		hex[iDst++] = hexchars[iv[iSrc]&0x0f];
+	}
+
+	iRet = eiWriteRec(gf, "IV:", 3, hex, gf->blkLength*2);
+finalize_it:
+	RETiRet;
+}
+
+/* we do not return an error state, as we MUST close the file,
+ * no matter what happens.
+ */
+static void
+eiClose(gcryfile gf, off64_t offsLogfile)
+{
+	char offs[21];
+	size_t len;
+	if(gf->fd == -1)
+		return;
+	/* 2^64 is 20 digits, so the snprintf buffer is large enough */
+	len = snprintf(offs, sizeof(offs), "%lld", offsLogfile);
+	eiWriteRec(gf, "END:", 4, offs, len);
+	close(gf->fd);
+	DBGPRINTF("encryption info file %s: closed\n", gf->eiName);
+}
+
+static rsRetVal
+gcryfileConstruct(gcryctx ctx, gcryfile *pgf, uchar *logfn)
+{
+	char fn[MAXFNAME+1];
 	gcryfile gf;
-	if((gf = calloc(1, sizeof(struct gcryfile_s))) == NULL)
-		goto done;
+	DEFiRet;
+
+	CHKmalloc(gf = calloc(1, sizeof(struct gcryfile_s)));
 	gf->ctx = ctx;
-done:	return gf;
+	snprintf(fn, sizeof(fn), "%s.encinfo", logfn);
+	fn[MAXFNAME] = '\0'; /* be on save side */
+	gf->eiName = (uchar*) strdup(fn);
+	*pgf = gf;
+finalize_it:
+	RETiRet;
 }
+
 gcryctx
 gcryCtxNew(void)
 {
@@ -47,12 +208,14 @@ gcryCtxNew(void)
 }
 
 int
-gcryfileDestruct(gcryfile gf)
+gcryfileDestruct(gcryfile gf, off64_t offsLogfile)
 {
 	int r = 0;
 	if(gf == NULL)
 		goto done;
 
+	eiClose(gf, offsLogfile);
+	free(gf->eiName);
 	free(gf);
 done:	return r;
 }
@@ -119,14 +282,40 @@ rsgcrySetKey(gcryctx ctx, unsigned char *key, uint16_t keyLen)
 done:	return r;
 }
 
+/* As of some Linux and security expert I spoke to, /dev/urandom
+ * provides very strong random numbers, even if it runs out of
+ * entropy. As far as he knew, this is save for all applications
+ * (and he had good proof that I currently am not permitted to
+ * reproduce). -- rgerhards, 2013-03-04
+ */
+void
+seedIV(gcryfile gf, uchar **iv)
+{
+	int fd;
+
+	*iv = malloc(gf->blkLength); /* do NOT zero-out! */
+	/* if we cannot obtain data from /dev/urandom, we use whatever
+	 * is present at the current memory location as random data. Of
+	 * course, this is very weak and we should consider a different
+	 * option, especially when not running under Linux (for Linux,
+	 * unavailability of /dev/urandom is just a theoretic thing, it
+	 * will always work...).  -- TODO -- rgerhards, 2013-03-06
+	 */
+	if((fd = open("/dev/urandom", O_RDONLY)) > 0) {
+		if(read(fd, *iv, gf->blkLength)) {}; /* keep compiler happy */
+		close(fd);
+	}
+}
+
 rsRetVal
-rsgcryInitCrypt(gcryctx ctx, gcryfile *pgf, int gcry_mode, char *iniVector)
+rsgcryInitCrypt(gcryctx ctx, gcryfile *pgf, int gcry_mode, uchar *fname)
 {
 	gcry_error_t gcryError;
 	gcryfile gf = NULL;
+	uchar *iv = NULL;
 	DEFiRet;
 
-	CHKmalloc(gf = gcryfileConstruct(ctx));
+	CHKiRet(gcryfileConstruct(ctx, &gf, fname));
 
 	gf->blkLength = gcry_cipher_get_algo_blklen(GCRY_CIPHER);
 
@@ -150,17 +339,21 @@ rsgcryInitCrypt(gcryctx ctx, gcryfile *pgf, int gcry_mode, char *iniVector)
 		ABORT_FINALIZE(RS_RET_ERR);
 	}
 
-	gcryError = gcry_cipher_setiv(gf->chd, iniVector, gf->blkLength);
+	seedIV(gf, &iv);
+	gcryError = gcry_cipher_setiv(gf->chd, iv, gf->blkLength);
 	if (gcryError) {
 		dbgprintf("gcry_cipher_setiv failed:  %s/%s\n",
 			gcry_strsource(gcryError),
 			gcry_strerror(gcryError));
 		ABORT_FINALIZE(RS_RET_ERR);
 	}
+	CHKiRet(eiOpenAppend(gf));
+	CHKiRet(eiWriteIV(gf, iv));
 	*pgf = gf;
 finalize_it:
+	free(iv);
 	if(iRet != RS_RET_OK && gf != NULL)
-		gcryfileDestruct(gf);
+		gcryfileDestruct(gf, -1);
 	RETiRet;
 }
 
diff --git a/runtime/libgcry.h b/runtime/libgcry.h
index 608abd6c..6e677130 100644
--- a/runtime/libgcry.h
+++ b/runtime/libgcry.h
@@ -34,6 +34,8 @@ typedef struct gcryfile_s *gcryfile;
 struct gcryfile_s {
 	gcry_cipher_hd_t chd; /* cypher handle */
 	size_t blkLength; /* size of low-level crypto block */
+	uchar *eiName; /* name of .encinfo file */
+	int fd; /* descriptor of .encinfo file (-1 if not open) */
 	gcryctx ctx;
 };
 
@@ -42,8 +44,14 @@ void rsgcryExit(void);
 int rsgcrySetKey(gcryctx ctx, unsigned char *key, uint16_t keyLen);
 gcryctx gcryCtxNew(void);
 void rsgcryCtxDel(gcryctx ctx);
-int gcryfileDestruct(gcryfile gf);
-rsRetVal rsgcryInitCrypt(gcryctx ctx, gcryfile *pgf, int gcry_mode, char * iniVector);
+int gcryfileDestruct(gcryfile gf, off64_t offsLogfile);
+rsRetVal rsgcryInitCrypt(gcryctx ctx, gcryfile *pgf, int gcry_mode, uchar *fname);
 int rsgcryEncrypt(gcryfile pF, uchar *buf, size_t *len);
 
+/* error states */
+#define RSGCRYE_EI_OPEN 1 	/* error opening .encinfo file */
+#define RSGCRYE_OOM 4	/* ran out of memory */
+
+#define RSGCRY_FILETYPE_NAME "rsyslog-enrcyption-info"
+
 #endif  /* #ifndef INCLUDED_LIBGCRY_H */
diff --git a/runtime/lmcry_gcry.c b/runtime/lmcry_gcry.c
index 31e648fc..881d047d 100644
--- a/runtime/lmcry_gcry.c
+++ b/runtime/lmcry_gcry.c
@@ -150,11 +150,13 @@ OnFileOpen(void *pT, uchar *fn, void *pGF)
 	gcryfile *pgf = (gcryfile*) pGF;
 	DEFiRet;
 dbgprintf("DDDD: cry: onFileOpen: %s\n", fn);
-	/* note: if *pgf is set to NULL, this auto-disables GT functions */
-	//*pgf = gcryCtxOpenFile(pThis->ctx, fn);
 
-	CHKiRet(rsgcryInitCrypt(pThis->ctx, pgf, GCRY_CIPHER_MODE_CBC, "TODO: init value"));
+	CHKiRet(rsgcryInitCrypt(pThis->ctx, pgf, GCRY_CIPHER_MODE_CBC, fn));
 finalize_it:
+	/* TODO: enable this error message (need to cleanup loop first ;))
+	errmsg.LogError(0, iRet, "Encryption Provider"
+		"Error: cannot open .encinfo file - disabling log file");
+	*/
 	RETiRet;
 }
 
@@ -169,11 +171,11 @@ dbgprintf("DDDD: Encrypt (%u): %s\n", *lenRec-1, rec);
 }
 
 static rsRetVal
-OnFileClose(void *pF)
+OnFileClose(void *pF, off64_t offsLogfile)
 {
 	DEFiRet;
 dbgprintf("DDDD: onFileClose\n");
-	gcryfileDestruct(pF);
+	gcryfileDestruct(pF, offsLogfile);
 
 	RETiRet;
 }
diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h
index cbc0401b..ab57eace 100644
--- a/runtime/rsyslog.h
+++ b/runtime/rsyslog.h
@@ -404,6 +404,10 @@ enum rsRetVal_				/** return value. All methods return this if not specified oth
 	RS_RET_REPLCHAR_IGNORED = -2313,/**< mmanon: replacementChar parameter is ignored */
 	RS_RET_SIGPROV_ERR = -2320,/**< error in signature provider */
 	RS_RET_CRYPROV_ERR = -2321,/**< error in cryptography encryption provider */
+	RS_RET_EI_OPN_ERR = -2322,/**< error opening an .encinfo file */
+	RS_RET_EI_NO_EXISTS = -2323,/**< .encinfo file does not exist (status, not necessarily error!)*/
+	RS_RET_EI_WR_ERR = -2324,/**< error writing an .encinfo file */
+	RS_RET_EI_INVLD_FILE = -2325,/**< header indicates the file is no .encinfo file */
 
 	/* RainerScript error messages (range 1000.. 1999) */
 	RS_RET_SYSVAR_NOT_FOUND = 1001, /**< system variable could not be found (maybe misspelled) */
diff --git a/runtime/stream.c b/runtime/stream.c
index b31520b0..b0df8418 100644
--- a/runtime/stream.c
+++ b/runtime/stream.c
@@ -45,6 +45,7 @@
 #include <pthread.h>
 #include <fcntl.h>
 #include <unistd.h>
+#include <sys/types.h>
 #include <sys/stat.h>	 /* required for HP UX */
 #include <errno.h>
 #include <pthread.h>
@@ -388,6 +389,7 @@ strmWaitAsyncWriterDone(strm_t *pThis)
  */
 static rsRetVal strmCloseFile(strm_t *pThis)
 {
+	off64_t currOffs;
 	DEFiRet;
 
 	ASSERT(pThis != NULL);
@@ -408,11 +410,12 @@ static rsRetVal strmCloseFile(strm_t *pThis)
 	 * against this. -- rgerhards, 2010-03-19
 	 */
 	if(pThis->fd != -1) {
+		currOffs = lseek64(pThis->fd, 0, SEEK_CUR);
 		close(pThis->fd);
 		pThis->fd = -1;
 		pThis->inode = 0;
 		if(pThis->cryprov != NULL) {
-			pThis->cryprov->OnFileClose(pThis->cryprovFileData);
+			pThis->cryprov->OnFileClose(pThis->cryprovFileData, currOffs);
 			pThis->cryprovFileData = NULL;
 		}
 	}
-- 
cgit v1.2.3


From 2679dd4af107290845711c4e265ed1e8b0c051a8 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 12 Apr 2013 08:49:04 +0200
Subject: logenc: rscryutil can now decrypt multi-block logfiles

---
 runtime/cryprov.h |   2 -
 runtime/libgcry.c |   6 +-
 runtime/libgcry.h |   3 +
 tools/Makefile.am |   2 +-
 tools/rscryutil.c | 189 +++++++++++++++++++++++++++++++++++++++++++++++-------
 5 files changed, 173 insertions(+), 29 deletions(-)

diff --git a/runtime/cryprov.h b/runtime/cryprov.h
index 5b694f46..8496b745 100644
--- a/runtime/cryprov.h
+++ b/runtime/cryprov.h
@@ -36,6 +36,4 @@ BEGINinterface(cryprov) /* name must also be changed in ENDinterface macro! */
 	rsRetVal (*OnFileClose)(void *pFileInstData, off64_t offsLogfile);
 ENDinterface(cryprov)
 #define cryprovCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */
-rsRetVal initCrypt(int gcry_mode, char * iniVector);
-rsRetVal doCrypt(char *buf, size_t *len);
 #endif /* #ifndef INCLUDED_CRYPROV_H */
diff --git a/runtime/libgcry.c b/runtime/libgcry.c
index 94e087ac..5fd55360 100644
--- a/runtime/libgcry.c
+++ b/runtime/libgcry.c
@@ -14,9 +14,11 @@
  * For the current implementation, there must always be an IV record
  * followed by an END record. Each records is LF-terminated. Record
  * types can simply be extended in the future by specifying new 
- * keywords (like "IV") before the colon.
+ * types (like "IV") before the colon.
  * To identify a file as rsyslog encryption info file, it must start with
  * the line "FILETYPE:rsyslog-enrcyption-info"
+ * There are some size constraints: the recordtype must be 31 bytes at
+ * most and the actual value (between : and LF) must be 1023 bytes at most.
  *
  * This file is part of rsyslog.
  *
@@ -191,7 +193,7 @@ gcryfileConstruct(gcryctx ctx, gcryfile *pgf, uchar *logfn)
 
 	CHKmalloc(gf = calloc(1, sizeof(struct gcryfile_s)));
 	gf->ctx = ctx;
-	snprintf(fn, sizeof(fn), "%s.encinfo", logfn);
+	snprintf(fn, sizeof(fn), "%s%s", logfn, ENCINFO_SUFFIX);
 	fn[MAXFNAME] = '\0'; /* be on save side */
 	gf->eiName = (uchar*) strdup(fn);
 	*pgf = gf;
diff --git a/runtime/libgcry.h b/runtime/libgcry.h
index 6e677130..857d2352 100644
--- a/runtime/libgcry.h
+++ b/runtime/libgcry.h
@@ -52,6 +52,9 @@ int rsgcryEncrypt(gcryfile pF, uchar *buf, size_t *len);
 #define RSGCRYE_EI_OPEN 1 	/* error opening .encinfo file */
 #define RSGCRYE_OOM 4	/* ran out of memory */
 
+#define EIF_MAX_RECTYPE_LEN 31 /* max length of record types */
+#define EIF_MAX_VALUE_LEN 1023 /* max length of value types */
 #define RSGCRY_FILETYPE_NAME "rsyslog-enrcyption-info"
+#define ENCINFO_SUFFIX ".encinfo"
 
 #endif  /* #ifndef INCLUDED_LIBGCRY_H */
diff --git a/tools/Makefile.am b/tools/Makefile.am
index 8957d713..0f2bb57e 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -77,7 +77,7 @@ endif
 if ENABLE_LIBGCRYPT
 bin_PROGRAMS += rscryutil
 rscryutil = rscryutil.c
-rscryutil_CPPFLAGS = $(RSRT_CFLAGS) $(LIBGCRYPT_CFLAGS)
+rscryutil_CPPFLAGS = -I../runtime $(RSRT_CFLAGS) $(LIBGCRYPT_CFLAGS)
 rscryutil_LDFLAGS = `libgcrypt-config --libs`
 #rscryutil_LDFLAGS = $(LIBGCRYPT_LIBS)
 rscryutil.1: rscryutil.rst
diff --git a/tools/rscryutil.c b/tools/rscryutil.c
index 755371f2..e57eb625 100644
--- a/tools/rscryutil.c
+++ b/tools/rscryutil.c
@@ -1,5 +1,4 @@
-/* This is a tool for dumpoing the content of GuardTime TLV
- * files in a (somewhat) human-readable manner.
+/* This is a tool for processing rsyslog encrypted log files.
  * 
  * Copyright 2013 Adiscon GmbH
  *
@@ -31,6 +30,9 @@
 #include <getopt.h>
 #include <gcrypt.h>
 
+#include "rsyslog.h"
+#include "libgcry.h"
+
 
 static enum { MD_DECRYPT
 } mode = MD_DECRYPT;
@@ -38,17 +40,135 @@ static int verbose = 0;
 static gcry_cipher_hd_t gcry_chd;
 static size_t blkLength;
 
+
+/* rectype/value must be EIF_MAX_*_LEN+1 long!
+ * returns 0 on success or something else on error/EOF
+ */
+static int
+eiGetRecord(FILE *eifp, char *rectype, char *value)
+{
+	int r;
+	unsigned short i, j;
+	char buf[EIF_MAX_RECTYPE_LEN+EIF_MAX_VALUE_LEN+128];
+	     /* large enough for any valid record */
+
+	if(fgets(buf, sizeof(buf), eifp) == NULL) {
+		r = 1; goto done;
+	}
+
+	for(i = 0 ; i < EIF_MAX_RECTYPE_LEN && buf[i] != ':' ; ++i)
+		if(buf[i] == '\0') {
+			r = 2; goto done;
+		} else 
+			rectype[i] = buf[i];
+	rectype[i] = '\0';
+	j = 0;
+	for(++i ; i < EIF_MAX_VALUE_LEN && buf[i] != '\n' ; ++i, ++j)
+		if(buf[i] == '\0') {
+			r = 3; goto done;
+		} else 
+			value[j] = buf[i];
+	value[j] = '\0';
+	r = 0;
+done:	return r;
+}
+
+static int
+eiCheckFiletype(FILE *eifp)
+{
+	char rectype[EIF_MAX_RECTYPE_LEN+1];
+	char value[EIF_MAX_VALUE_LEN+1];
+	int r;
+
+	if((r = eiGetRecord(eifp, rectype, value)) != 0) goto done;
+	if(strcmp(rectype, "FILETYPE") || strcmp(value, RSGCRY_FILETYPE_NAME)) {
+		fprintf(stderr, "invalid filetype \"cookie\" in encryption "
+			"info file\n");
+		fprintf(stderr, "\trectype: '%s', value: '%s'\n", rectype, value);
+		r = 1; goto done;
+	}
+	r = 0;
+done:	return r;
+}
+
 static int
-initCrypt(int gcry_mode, char *iv, char *key)
+eiGetIV(FILE *eifp, char *iv, size_t leniv)
+{
+	char rectype[EIF_MAX_RECTYPE_LEN+1];
+	char value[EIF_MAX_VALUE_LEN+1];
+	size_t valueLen;
+	unsigned short i, j;
+	int r;
+	unsigned char nibble;
+
+	if((r = eiGetRecord(eifp, rectype, value)) != 0) goto done;
+	if(strcmp(rectype, "IV")) {
+		fprintf(stderr, "no IV record found when expected, record type "
+			"seen is '%s'\n", rectype);
+		r = 1; goto done;
+	}
+	valueLen = strlen(value);
+	if(valueLen/2 != leniv) {
+		fprintf(stderr, "length of IV is %d, expected %d\n",
+			valueLen/2, leniv);
+		r = 1; goto done;
+	}
+
+	for(i = j = 0 ; i < valueLen ; ++i) {
+		if(value[i] >= '0' && value[i] <= '9')
+			nibble = value[i] - '0';
+		else if(value[i] >= 'a' && value[i] <= 'f')
+			nibble = value[i] - 'a' + 10;
+		else {
+			fprintf(stderr, "invalid IV '%s'\n", value);
+			r = 1; goto done;
+		}
+		if(i % 2 == 0)
+			iv[j] = nibble << 4;
+		else
+			iv[j++] |= nibble;
+	}
+	r = 0;
+done:	return r;
+}
+
+static int
+eiGetEND(FILE *eifp, off64_t *offs)
+{
+	char rectype[EIF_MAX_RECTYPE_LEN+1];
+	char value[EIF_MAX_VALUE_LEN+1];
+	int r;
+
+	if((r = eiGetRecord(eifp, rectype, value)) != 0) goto done;
+	if(strcmp(rectype, "END")) {
+		fprintf(stderr, "no END record found when expected, record type "
+			"seen is '%s'\n", rectype);
+		r = 1; goto done;
+	}
+	*offs = atoll(value);
+	r = 0;
+done:	return r;
+}
+
+static int
+initCrypt(FILE *eifp, int gcry_mode, char *key)
 {
 	#define GCRY_CIPHER GCRY_CIPHER_3DES  // TODO: make configurable
  	int r = 0;
 	gcry_error_t     gcryError;
+	char iv[4096];
 
 	blkLength = gcry_cipher_get_algo_blklen(GCRY_CIPHER);
+	if(blkLength > sizeof(iv)) {
+		fprintf(stderr, "internal error[%s:%d]: block length %d too large for "
+			"iv buffer\n", __FILE__, __LINE__, blkLength);
+		r = 1; goto done;
+	}
+	if((r = eiGetIV(eifp, iv, blkLength)) != 0) goto done;
+
 	size_t keyLength = gcry_cipher_get_algo_keylen(GCRY_CIPHER);
 	if(strlen(key) != keyLength) {
-		fprintf(stderr, "invalid key lengtjh; key is %u characters, but "
+		fprintf(stderr, "invalid key length; key is %u characters, but "
 			"exactly %u characters are required\n", strlen(key),
 			keyLength);
 		r = 1; goto done;
@@ -87,7 +207,7 @@ removePadding(char *buf, size_t *plen)
 	unsigned iSrc, iDst;
 	char *frstNUL;
 
-	frstNUL = strchr(buf, 0x00);
+	frstNUL = memchr(buf, 0x00, *plen);
 	if(frstNUL == NULL)
 		goto done;
 	iDst = iSrc = frstNUL - buf;
@@ -103,20 +223,24 @@ done:	return;
 }
 
 static void
-doDeCrypt(FILE *fpin, FILE *fpout)
+decryptBlock(FILE *fpin, FILE *fpout, off64_t blkEnd, off64_t *pCurrOffs)
 {
 	gcry_error_t     gcryError;
-	char	buf[64*1024];
-	size_t	nRead, nWritten;
+	size_t nRead, nWritten;
+	size_t toRead;
 	size_t nPad;
+	size_t leftTillBlkEnd;
+	char buf[64*1024];
 	
+	leftTillBlkEnd = blkEnd - *pCurrOffs;
 	while(1) {
-		nRead = fread(buf, 1, sizeof(buf), fpin);
+		toRead = sizeof(buf) <= leftTillBlkEnd ? sizeof(buf) : leftTillBlkEnd;
+		toRead = toRead - toRead % blkLength;
+		nRead = fread(buf, 1, toRead, fpin);
 		if(nRead == 0)
 			break;
+		leftTillBlkEnd -= nRead, *pCurrOffs += nRead;
 		nPad = (blkLength - nRead % blkLength) % blkLength;
-		fprintf(stderr, "--->read %d chars, blkLength %d, mod %d, pad %d\n", nRead, blkLength,
-			nRead % blkLength, nPad);
 		gcryError = gcry_cipher_decrypt(
 				gcry_chd, // gcry_cipher_hd_t
 				buf,    // void *
@@ -139,13 +263,31 @@ doDeCrypt(FILE *fpin, FILE *fpout)
 }
 
 
+static int
+doDecrypt(FILE *logfp, FILE *eifp, FILE *outfp, char *key)
+{
+	off64_t blkEnd;
+	off64_t currOffs = 0;
+	int r;
+
+	while(1) {
+		/* process block */
+		if(initCrypt(eifp, GCRY_CIPHER_MODE_CBC, key) != 0)
+			goto done;
+		if((r = eiGetEND(eifp, &blkEnd)) != 0) goto done;
+		decryptBlock(logfp, outfp, blkEnd, &currOffs);
+		gcry_cipher_close(gcry_chd);
+	}
+	r = 0;
+done:	return r;
+}
+
 static void
 decrypt(char *name, char *key)
 {
-	FILE *logfp = NULL;
-	//, *sigfp = NULL;
+	FILE *logfp = NULL, *eifp = NULL;
 	int r = 0;
-	//char sigfname[4096];
+	char eifname[4096];
 	
 	if(!strcmp(name, "-")) {
 		fprintf(stderr, "decrypt mode cannot work on stdin\n");
@@ -155,21 +297,20 @@ decrypt(char *name, char *key)
 			perror(name);
 			goto err;
 		}
-#if 0
-		snprintf(sigfname, sizeof(sigfname), "%s.gtsig", name);
-		sigfname[sizeof(sigfname)-1] = '\0';
-		if((sigfp = fopen(sigfname, "r")) == NULL) {
-			perror(sigfname);
+		snprintf(eifname, sizeof(eifname), "%s%s", name, ENCINFO_SUFFIX);
+		eifname[sizeof(eifname)-1] = '\0';
+		if((eifp = fopen(eifname, "r")) == NULL) {
+			perror(eifname);
 			goto err;
 		}
-#endif
+		if(eiCheckFiletype(eifp) != 0)
+			goto err;
 	}
 
-	if(initCrypt(GCRY_CIPHER_MODE_CBC, "TODO: init value", key) != 0)
-		goto err;
-	doDeCrypt(logfp, stdout);
-	gcry_cipher_close(gcry_chd);
+	doDecrypt(logfp, eifp, stdout, key);
+
 	fclose(logfp); logfp = NULL;
+	fclose(eifp); eifp = NULL;
 	return;
 
 err:
-- 
cgit v1.2.3


From 6773add66a5b369c33740b794f1a81b1a3bd1aa2 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 12 Apr 2013 09:12:05 +0200
Subject: bugfix: parameter action.execOnlyWhenPreviousIsSuspended was
 accidently of integer-type

For obvious reasons, it needs to be boolean. Note that this change
can break existing configurations if they circumvented
the problem by using 0/1 values.
---
 ChangeLog | 4 ++++
 action.c  | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index c4546db6..0fe084ee 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -46,6 +46,10 @@ Version 7.2.7  [v7-stable] 2013-03-??
   To use that functionality, legacy rsyslog.conf syntax had to be used.
   Also, the doc was missing information on the "ParseTrusted" set of
   config directives.
+- bugfix: parameter action.execOnlyWhenPreviousIsSuspended was accidently 
+  of integer-type. For obvious reasons, it needs to be boolean. Note
+  that this change can break existing configurations if they circumvented
+  the problem by using 0/1 values.
 - doc bugfix: rsyslog.conf man page had invalid file format info
   closes: http://bugzilla.adiscon.com/show_bug.cgi?id=418
 ----------------------------------------------------------------------------
diff --git a/action.c b/action.c
index 8fc92e56..7e228767 100644
--- a/action.c
+++ b/action.c
@@ -188,7 +188,7 @@ static struct cnfparamdescr cnfparamdescr[] = {
 	{ "action.execonlyeverynthtime", eCmdHdlrInt, 0 }, /* legacy: actionexeconlyeverynthtime */
 	{ "action.execonlyeverynthtimetimeout", eCmdHdlrInt, 0 }, /* legacy: actionexeconlyeverynthtimetimeout */
 	{ "action.execonlyonceeveryinterval", eCmdHdlrInt, 0 }, /* legacy: actionexeconlyonceeveryinterval */
-	{ "action.execonlywhenpreviousissuspended", eCmdHdlrInt, 0 }, /* legacy: actionexeconlywhenpreviousissuspended */
+	{ "action.execonlywhenpreviousissuspended", eCmdHdlrBinary, 0 }, /* legacy: actionexeconlywhenpreviousissuspended */
 	{ "action.repeatedmsgcontainsoriginalmsg", eCmdHdlrBinary, 0 }, /* legacy: repeatedmsgcontainsoriginalmsg */
 	{ "action.resumeretrycount", eCmdHdlrInt, 0 }, /* legacy: actionresumeretrycount */
 	{ "action.resumeinterval", eCmdHdlrInt, 0 }
-- 
cgit v1.2.3


From 815bae1f35c67ff7b8caf7b446a9e4cf1c870aa3 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 12 Apr 2013 11:22:04 +0200
Subject: logenc: add parameters to select cipher algo and mode

---
 runtime/libgcry.c    | 47 ++++++++++++++++++++++++++++--------
 runtime/libgcry.h    | 40 ++++++++++++++++++++++++++++++-
 runtime/lmcry_gcry.c | 38 ++++++++++++++++++-----------
 runtime/rsyslog.h    |  2 ++
 tools/rscryutil.c    | 67 +++++++++++++++++++++++++++++++++-------------------
 tools/rscryutil.rst  | 43 +++++++++++++++++++++++++++++++++
 6 files changed, 188 insertions(+), 49 deletions(-)

diff --git a/runtime/libgcry.c b/runtime/libgcry.c
index 5fd55360..ef94e8ac 100644
--- a/runtime/libgcry.c
+++ b/runtime/libgcry.c
@@ -49,8 +49,6 @@
 #include "rsyslog.h"
 #include "libgcry.h"
 
-#define GCRY_CIPHER GCRY_CIPHER_3DES  // TODO: make configurable
-
 
 static rsRetVal
 eiWriteRec(gcryfile gf, char *recHdr, size_t lenRecHdr, char *buf, size_t lenBuf)
@@ -206,6 +204,8 @@ gcryCtxNew(void)
 {
 	gcryctx ctx;
 	ctx = calloc(1, sizeof(struct gcryctx_s));
+	ctx->algo = GCRY_CIPHER_AES128;
+	ctx->mode = GCRY_CIPHER_MODE_CBC;
 	return ctx;
 }
 
@@ -270,9 +270,10 @@ done:	return;
 int
 rsgcrySetKey(gcryctx ctx, unsigned char *key, uint16_t keyLen)
 {
-	uint16_t reqKeyLen = gcry_cipher_get_algo_keylen(GCRY_CIPHER);
+	uint16_t reqKeyLen;
 	int r;
 
+	reqKeyLen = gcry_cipher_get_algo_keylen(ctx->algo);
 	if(keyLen != reqKeyLen) {
 		r = reqKeyLen;
 		goto done;
@@ -284,6 +285,36 @@ rsgcrySetKey(gcryctx ctx, unsigned char *key, uint16_t keyLen)
 done:	return r;
 }
 
+rsRetVal
+rsgcrySetMode(gcryctx ctx, uchar *modename)
+{
+	int mode;
+	DEFiRet;
+
+	mode = rsgcryModename2Mode((char *)modename);
+	if(mode == GCRY_CIPHER_MODE_NONE) {
+		ABORT_FINALIZE(RS_RET_CRY_INVLD_MODE);
+	}
+	ctx->mode = mode;
+finalize_it:
+	RETiRet;
+}
+
+rsRetVal
+rsgcrySetAlgo(gcryctx ctx, uchar *algoname)
+{
+	int algo;
+	DEFiRet;
+
+	algo = rsgcryAlgoname2Algo((char *)algoname);
+	if(algo == GCRY_CIPHER_NONE) {
+		ABORT_FINALIZE(RS_RET_CRY_INVLD_ALGO);
+	}
+	ctx->algo = algo;
+finalize_it:
+	RETiRet;
+}
+
 /* As of some Linux and security expert I spoke to, /dev/urandom
  * provides very strong random numbers, even if it runs out of
  * entropy. As far as he knew, this is save for all applications
@@ -310,7 +341,7 @@ seedIV(gcryfile gf, uchar **iv)
 }
 
 rsRetVal
-rsgcryInitCrypt(gcryctx ctx, gcryfile *pgf, int gcry_mode, uchar *fname)
+rsgcryInitCrypt(gcryctx ctx, gcryfile *pgf, uchar *fname)
 {
 	gcry_error_t gcryError;
 	gcryfile gf = NULL;
@@ -319,13 +350,9 @@ rsgcryInitCrypt(gcryctx ctx, gcryfile *pgf, int gcry_mode, uchar *fname)
 
 	CHKiRet(gcryfileConstruct(ctx, &gf, fname));
 
-	gf->blkLength = gcry_cipher_get_algo_blklen(GCRY_CIPHER);
+	gf->blkLength = gcry_cipher_get_algo_blklen(ctx->algo);
 
-	gcryError = gcry_cipher_open(
-		&gf->chd, // gcry_cipher_hd_t *
-		GCRY_CIPHER,   // int
-		gcry_mode,     // int
-		0);            // unsigned int
+	gcryError = gcry_cipher_open(&gf->chd, ctx->algo, ctx->mode, 0);
 	if (gcryError) {
 		dbgprintf("gcry_cipher_open failed:  %s/%s\n",
 			gcry_strsource(gcryError),
diff --git a/runtime/libgcry.h b/runtime/libgcry.h
index 857d2352..d699124d 100644
--- a/runtime/libgcry.h
+++ b/runtime/libgcry.h
@@ -26,6 +26,8 @@
 struct gcryctx_s {
 	uchar *key;
 	size_t keyLen;
+	int algo;
+	int mode;
 };
 typedef struct gcryctx_s *gcryctx;
 typedef struct gcryfile_s *gcryfile;
@@ -42,10 +44,12 @@ struct gcryfile_s {
 int rsgcryInit(void);
 void rsgcryExit(void);
 int rsgcrySetKey(gcryctx ctx, unsigned char *key, uint16_t keyLen);
+rsRetVal rsgcrySetMode(gcryctx ctx, uchar *algoname);
+rsRetVal rsgcrySetAlgo(gcryctx ctx, uchar *modename);
 gcryctx gcryCtxNew(void);
 void rsgcryCtxDel(gcryctx ctx);
 int gcryfileDestruct(gcryfile gf, off64_t offsLogfile);
-rsRetVal rsgcryInitCrypt(gcryctx ctx, gcryfile *pgf, int gcry_mode, uchar *fname);
+rsRetVal rsgcryInitCrypt(gcryctx ctx, gcryfile *pgf, uchar *fname);
 int rsgcryEncrypt(gcryfile pF, uchar *buf, size_t *len);
 
 /* error states */
@@ -57,4 +61,38 @@ int rsgcryEncrypt(gcryfile pF, uchar *buf, size_t *len);
 #define RSGCRY_FILETYPE_NAME "rsyslog-enrcyption-info"
 #define ENCINFO_SUFFIX ".encinfo"
 
+static inline int
+rsgcryAlgoname2Algo(char *algoname) {
+	if(!strcmp((char*)algoname, "3DES")) return GCRY_CIPHER_3DES;
+	if(!strcmp((char*)algoname, "CAST5")) return GCRY_CIPHER_CAST5;
+	if(!strcmp((char*)algoname, "BLOWFISH")) return GCRY_CIPHER_BLOWFISH;
+	if(!strcmp((char*)algoname, "AES128")) return GCRY_CIPHER_AES128;
+	if(!strcmp((char*)algoname, "AES192")) return GCRY_CIPHER_AES192;
+	if(!strcmp((char*)algoname, "AES256")) return GCRY_CIPHER_AES256;
+	if(!strcmp((char*)algoname, "TWOFISH")) return GCRY_CIPHER_TWOFISH;
+	if(!strcmp((char*)algoname, "TWOFISH128")) return GCRY_CIPHER_TWOFISH128;
+	if(!strcmp((char*)algoname, "ARCFOUR")) return GCRY_CIPHER_ARCFOUR;
+	if(!strcmp((char*)algoname, "DES")) return GCRY_CIPHER_DES;
+	if(!strcmp((char*)algoname, "SERPENT128")) return GCRY_CIPHER_SERPENT128;
+	if(!strcmp((char*)algoname, "SERPENT192")) return GCRY_CIPHER_SERPENT192;
+	if(!strcmp((char*)algoname, "SERPENT256")) return GCRY_CIPHER_SERPENT256;
+	if(!strcmp((char*)algoname, "RFC2268_40")) return GCRY_CIPHER_RFC2268_40;
+	if(!strcmp((char*)algoname, "SEED")) return GCRY_CIPHER_SEED;
+	if(!strcmp((char*)algoname, "CAMELLIA128")) return GCRY_CIPHER_CAMELLIA128;
+	if(!strcmp((char*)algoname, "CAMELLIA192")) return GCRY_CIPHER_CAMELLIA192;
+	if(!strcmp((char*)algoname, "CAMELLIA256")) return GCRY_CIPHER_CAMELLIA256;
+	return GCRY_CIPHER_NONE;
+}
+
+static inline int
+rsgcryModename2Mode(char *modename) {
+	if(!strcmp((char*)modename, "ECB")) return GCRY_CIPHER_MODE_ECB;
+	if(!strcmp((char*)modename, "CFB")) return GCRY_CIPHER_MODE_CFB;
+	if(!strcmp((char*)modename, "CBC")) return GCRY_CIPHER_MODE_CBC;
+	if(!strcmp((char*)modename, "STREAM")) return GCRY_CIPHER_MODE_STREAM;
+	if(!strcmp((char*)modename, "OFB")) return GCRY_CIPHER_MODE_OFB;
+	if(!strcmp((char*)modename, "CTR")) return GCRY_CIPHER_MODE_CTR;
+	if(!strcmp((char*)modename, "AESWRAP")) return GCRY_CIPHER_MODE_AESWRAP;
+	return GCRY_CIPHER_MODE_NONE;
+}
 #endif  /* #ifndef INCLUDED_LIBGCRY_H */
diff --git a/runtime/lmcry_gcry.c b/runtime/lmcry_gcry.c
index 881d047d..cc65051f 100644
--- a/runtime/lmcry_gcry.c
+++ b/runtime/lmcry_gcry.c
@@ -89,8 +89,9 @@ SetCnfParam(void *pT, struct nvlst *lst)
 {
 	lmcry_gcry_t *pThis = (lmcry_gcry_t*) pT;
 	int i, r;
-	uchar *cstr;
 	uchar *key = NULL;
+	uchar *algo = NULL;
+	uchar *mode = NULL;
 	struct cnfparamvals *pvals;
 	DEFiRet;
 
@@ -105,23 +106,30 @@ SetCnfParam(void *pT, struct nvlst *lst)
 			continue;
 		if(!strcmp(pblk.descr[i].name, "cry.key")) {
 			key = (uchar*) es_str2cstr(pvals[i].val.d.estr, NULL);
-#if 0
-		} else if(!strcmp(pblk.descr[i].name, "sig.timestampservice")) {
-			cstr = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
-			gcrySetTimestamper(pThis->ctx, (char*) cstr);
-			free(cstr);
-		} else if(!strcmp(pblk.descr[i].name, "sig.block.sizelimit")) {
-			gcrySetBlockSizeLimit(pThis->ctx, pvals[i].val.d.n);
-		} else if(!strcmp(pblk.descr[i].name, "sig.keeprecordhashes")) {
-			gcrySetKeepRecordHashes(pThis->ctx, pvals[i].val.d.n);
-		} else if(!strcmp(pblk.descr[i].name, "sig.keeptreehashes")) {
-			gcrySetKeepTreeHashes(pThis->ctx, pvals[i].val.d.n);
+		} else if(!strcmp(pblk.descr[i].name, "cry.mode")) {
+			mode = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+		} else if(!strcmp(pblk.descr[i].name, "cry.algo")) {
+			algo = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
 		} else {
 			DBGPRINTF("lmcry_gcry: program error, non-handled "
 			  "param '%s'\n", pblk.descr[i].name);
-#endif
 		}
 	}
+	if(algo != NULL) {
+		iRet = rsgcrySetAlgo(pThis->ctx, algo);
+		if(iRet != RS_RET_OK) {
+			errmsg.LogError(0, iRet, "cry.algo '%s' is not know/supported", algo);
+			FINALIZE;
+		}
+	}
+	if(mode != NULL) {
+		iRet = rsgcrySetMode(pThis->ctx, mode);
+		if(iRet != RS_RET_OK) {
+			errmsg.LogError(0, iRet, "cry.mode '%s' is not know/supported", mode);
+			FINALIZE;
+		}
+	}
+	/* note: key must be set AFTER algo/mode is set (as it depends on them) */
 	if(key != NULL) {
 		errmsg.LogError(0, RS_RET_ERR, "Note: specifying an actual key directly from the "
 			"config file is highly insecure - DO NOT USE FOR PRODUCTION");
@@ -138,6 +146,8 @@ SetCnfParam(void *pT, struct nvlst *lst)
 		memset(key, 0, strlen((char*)key));
 		free(key);
 	}
+	free(algo);
+	free(mode);
 finalize_it:
 	RETiRet;
 }
@@ -151,7 +161,7 @@ OnFileOpen(void *pT, uchar *fn, void *pGF)
 	DEFiRet;
 dbgprintf("DDDD: cry: onFileOpen: %s\n", fn);
 
-	CHKiRet(rsgcryInitCrypt(pThis->ctx, pgf, GCRY_CIPHER_MODE_CBC, fn));
+	CHKiRet(rsgcryInitCrypt(pThis->ctx, pgf, fn));
 finalize_it:
 	/* TODO: enable this error message (need to cleanup loop first ;))
 	errmsg.LogError(0, iRet, "Encryption Provider"
diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h
index ab57eace..4cdd1c1e 100644
--- a/runtime/rsyslog.h
+++ b/runtime/rsyslog.h
@@ -408,6 +408,8 @@ enum rsRetVal_				/** return value. All methods return this if not specified oth
 	RS_RET_EI_NO_EXISTS = -2323,/**< .encinfo file does not exist (status, not necessarily error!)*/
 	RS_RET_EI_WR_ERR = -2324,/**< error writing an .encinfo file */
 	RS_RET_EI_INVLD_FILE = -2325,/**< header indicates the file is no .encinfo file */
+	RS_RET_CRY_INVLD_ALGO = -2326,/**< user specified invalid (unkonwn) crypto algorithm */
+	RS_RET_CRY_INVLD_MODE = -2327,/**< user specified invalid (unkonwn) crypto mode */
 
 	/* RainerScript error messages (range 1000.. 1999) */
 	RS_RET_SYSVAR_NOT_FOUND = 1001, /**< system variable could not be found (maybe misspelled) */
diff --git a/tools/rscryutil.c b/tools/rscryutil.c
index e57eb625..e1e900a7 100644
--- a/tools/rscryutil.c
+++ b/tools/rscryutil.c
@@ -40,6 +40,9 @@ static int verbose = 0;
 static gcry_cipher_hd_t gcry_chd;
 static size_t blkLength;
 
+static char *cry_key = NULL;
+static int cry_algo = GCRY_CIPHER_AES128;
+static int cry_mode = GCRY_CIPHER_MODE_CBC;
 
 /* rectype/value must be EIF_MAX_*_LEN+1 long!
  * returns 0 on success or something else on error/EOF
@@ -151,14 +154,13 @@ done:	return r;
 }
 
 static int
-initCrypt(FILE *eifp, int gcry_mode, char *key)
+initCrypt(FILE *eifp)
 {
-	#define GCRY_CIPHER GCRY_CIPHER_3DES  // TODO: make configurable
  	int r = 0;
-	gcry_error_t     gcryError;
+	gcry_error_t gcryError;
 	char iv[4096];
 
-	blkLength = gcry_cipher_get_algo_blklen(GCRY_CIPHER);
+	blkLength = gcry_cipher_get_algo_blklen(cry_algo);
 	if(blkLength > sizeof(iv)) {
 		fprintf(stderr, "internal error[%s:%d]: block length %d too large for "
 			"iv buffer\n", __FILE__, __LINE__, blkLength);
@@ -166,15 +168,15 @@ initCrypt(FILE *eifp, int gcry_mode, char *key)
 	}
 	if((r = eiGetIV(eifp, iv, blkLength)) != 0) goto done;
 
-	size_t keyLength = gcry_cipher_get_algo_keylen(GCRY_CIPHER);
-	if(strlen(key) != keyLength) {
+	size_t keyLength = gcry_cipher_get_algo_keylen(cry_algo);
+	if(strlen(cry_key) != keyLength) {
 		fprintf(stderr, "invalid key length; key is %u characters, but "
-			"exactly %u characters are required\n", strlen(key),
+			"exactly %u characters are required\n", strlen(cry_key),
 			keyLength);
 		r = 1; goto done;
 	}
 
-	gcryError = gcry_cipher_open(&gcry_chd, GCRY_CIPHER, gcry_mode, 0);
+	gcryError = gcry_cipher_open(&gcry_chd, cry_algo, cry_mode, 0);
 	if (gcryError) {
 		printf("gcry_cipher_open failed:  %s/%s\n",
 			gcry_strsource(gcryError),
@@ -182,7 +184,7 @@ initCrypt(FILE *eifp, int gcry_mode, char *key)
 		r = 1; goto done;
 	}
 
-	gcryError = gcry_cipher_setkey(gcry_chd, key, keyLength);
+	gcryError = gcry_cipher_setkey(gcry_chd, cry_key, keyLength);
 	if (gcryError) {
 		printf("gcry_cipher_setkey failed:  %s/%s\n",
 			gcry_strsource(gcryError),
@@ -225,10 +227,9 @@ done:	return;
 static void
 decryptBlock(FILE *fpin, FILE *fpout, off64_t blkEnd, off64_t *pCurrOffs)
 {
-	gcry_error_t     gcryError;
+	gcry_error_t gcryError;
 	size_t nRead, nWritten;
 	size_t toRead;
-	size_t nPad;
 	size_t leftTillBlkEnd;
 	char buf[64*1024];
 	
@@ -240,7 +241,6 @@ decryptBlock(FILE *fpin, FILE *fpout, off64_t blkEnd, off64_t *pCurrOffs)
 		if(nRead == 0)
 			break;
 		leftTillBlkEnd -= nRead, *pCurrOffs += nRead;
-		nPad = (blkLength - nRead % blkLength) % blkLength;
 		gcryError = gcry_cipher_decrypt(
 				gcry_chd, // gcry_cipher_hd_t
 				buf,    // void *
@@ -248,7 +248,7 @@ decryptBlock(FILE *fpin, FILE *fpout, off64_t blkEnd, off64_t *pCurrOffs)
 				NULL,    // const void *
 				0);   // size_t
 		if (gcryError) {
-			fprintf(stderr, "gcry_cipher_encrypt failed:  %s/%s\n",
+			fprintf(stderr, "gcry_cipher_decrypt failed:  %s/%s\n",
 			gcry_strsource(gcryError),
 			gcry_strerror(gcryError));
 			return;
@@ -264,7 +264,7 @@ decryptBlock(FILE *fpin, FILE *fpout, off64_t blkEnd, off64_t *pCurrOffs)
 
 
 static int
-doDecrypt(FILE *logfp, FILE *eifp, FILE *outfp, char *key)
+doDecrypt(FILE *logfp, FILE *eifp, FILE *outfp)
 {
 	off64_t blkEnd;
 	off64_t currOffs = 0;
@@ -272,7 +272,7 @@ doDecrypt(FILE *logfp, FILE *eifp, FILE *outfp, char *key)
 
 	while(1) {
 		/* process block */
-		if(initCrypt(eifp, GCRY_CIPHER_MODE_CBC, key) != 0)
+		if(initCrypt(eifp) != 0)
 			goto done;
 		if((r = eiGetEND(eifp, &blkEnd)) != 0) goto done;
 		decryptBlock(logfp, outfp, blkEnd, &currOffs);
@@ -283,7 +283,7 @@ done:	return r;
 }
 
 static void
-decrypt(char *name, char *key)
+decrypt(char *name)
 {
 	FILE *logfp = NULL, *eifp = NULL;
 	int r = 0;
@@ -307,7 +307,7 @@ decrypt(char *name, char *key)
 			goto err;
 	}
 
-	doDecrypt(logfp, eifp, stdout, key);
+	doDecrypt(logfp, eifp, stdout);
 
 	fclose(logfp); logfp = NULL;
 	fclose(eifp); eifp = NULL;
@@ -326,6 +326,8 @@ static struct option long_options[] =
 	{"version", no_argument, NULL, 'V'},
 	{"decrypt", no_argument, NULL, 'd'},
 	{"key", required_argument, NULL, 'k'},
+	{"algo", required_argument, NULL, 'a'},
+	{"mode", required_argument, NULL, 'm'},
 	{NULL, 0, NULL, 0} 
 }; 
 
@@ -334,10 +336,10 @@ main(int argc, char *argv[])
 {
 	int i;
 	int opt;
-	char *key = "";
+	int temp;
 
 	while(1) {
-		opt = getopt_long(argc, argv, "dk:vV", long_options, NULL);
+		opt = getopt_long(argc, argv, "a:dk:m:vV", long_options, NULL);
 		if(opt == -1)
 			break;
 		switch(opt) {
@@ -348,7 +350,25 @@ main(int argc, char *argv[])
 			fprintf(stderr, "WARNING: specifying the actual key "
 				"via the command line is highly insecure\n"
 				"Do NOT use this for PRODUCTION use.\n");
-			key = optarg;
+			cry_key = optarg;
+			break;
+		case 'a':
+			temp = rsgcryAlgoname2Algo(optarg);
+			if(temp == GCRY_CIPHER_NONE) {
+				fprintf(stderr, "ERROR: algorithm \"%s\" is not "
+					"kown/supported\n", optarg);
+				exit(1);
+			}
+			cry_algo = temp;
+			break;
+		case 'm':
+			temp = rsgcryModename2Mode(optarg);
+			if(temp == GCRY_CIPHER_MODE_NONE) {
+				fprintf(stderr, "ERROR: cipher mode \"%s\" is not "
+					"kown/supported\n", optarg);
+				exit(1);
+			}
+			cry_mode = temp;
 			break;
 		case 'v':
 			verbose = 1;
@@ -365,13 +385,12 @@ main(int argc, char *argv[])
 	}
 
 	if(optind == argc)
-		decrypt("-", key);
+		decrypt("-");
 	else {
 		for(i = optind ; i < argc ; ++i)
-			decrypt(argv[i], key); /* currently only mode ;) */
+			decrypt(argv[i]); /* currently only mode ;) */
 	}
 
-	memset(key, 0, strlen(key)); /* zero-out key store */
+	memset(cry_key, 0, strlen(cry_key)); /* zero-out key store */
 	return 0;
 }
-	//char *aesSymKey = "123456789012345678901234"; // TODO: TEST ONLY
diff --git a/tools/rscryutil.rst b/tools/rscryutil.rst
index 7e3ab5b4..3cc54f57 100644
--- a/tools/rscryutil.rst
+++ b/tools/rscryutil.rst
@@ -40,6 +40,13 @@ OPTIONS
   is highly insecure. However, it can be useful for intial testing
   steps. This option may be removed in the future.
 
+-a, --algo <algo>
+  Sets the encryption algorightm (cipher) to be used. See below
+  for supported algorithms. The default is "AES128".
+
+-m, --mode <mode>
+  Sets the ciphermode to be used. See below for supported modes.
+  The default is "CBC".
 
 OPERATION MODES
 ===============
@@ -62,6 +69,42 @@ The command returns an exit code of 0 if everything went fine, and some
 other code in case of failures.
 
 
+SUPPORTED ALGORITHMS
+====================
+
+We basically support what libgcrypt supports. This is:
+	3DES
+	CAST5
+	BLOWFISH
+	AES128
+	AES192
+	AES256
+	TWOFISH
+	TWOFISH128
+	ARCFOUR
+	DES
+	SERPENT128
+	SERPENT192
+	SERPENT256
+	RFC2268_40
+	SEED
+	CAMELLIA128
+	CAMELLIA192
+	CAMELLIA256
+
+
+SUPPORTED CIPHER MODES
+======================
+
+We basically support what libgcrypt supports. This is:
+  	ECB
+	CFB
+	CBC
+	STREAM
+	OFB
+	CTR
+	AESWRAP
+
 EXAMPLES
 ========
 
-- 
cgit v1.2.3


From 7a62ef673f3aea7b0ad34e27a4cfaa5ba6e9efd1 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 12 Apr 2013 12:52:59 +0200
Subject: logenc: support keyfiles in rscryutil

---
 runtime/Makefile.am      | 14 ++++-----
 runtime/libgcry.c        |  3 ++
 runtime/libgcry.h        |  1 +
 runtime/libgcry_common.c | 77 +++++++++++++++++++++++++++++++++++++++++++++
 tools/Makefile.am        |  2 +-
 tools/rscryutil.c        | 81 ++++++++++++++++++++++++++++++++++++++++++------
 tools/rscryutil.rst      |  4 +++
 7 files changed, 164 insertions(+), 18 deletions(-)
 create mode 100644 runtime/libgcry_common.c

diff --git a/runtime/Makefile.am b/runtime/Makefile.am
index e1f0673c..ee5a3ef2 100644
--- a/runtime/Makefile.am
+++ b/runtime/Makefile.am
@@ -1,6 +1,6 @@
 sbin_PROGRAMS =
 man_MANS = 
-noinst_LTLIBRARIES = librsyslog.la librsgt.la
+noinst_LTLIBRARIES = librsyslog.la
 pkglib_LTLIBRARIES =
 #pkglib_LTLIBRARIES = librsyslog.la
 
@@ -178,15 +178,14 @@ endif
 # support library for libgcrypt
 #
 if ENABLE_LIBGCRYPT
-#noinst_LTLIBRARIES += libgcry.la
-#libgcry_la_SOURCES = libgcry.c libgcry.h
-#libcgry_la_CPPFLAGS = $(RSRT_CFLAGS) $(LIBGCRYPT_CFLAGS)
+   noinst_LTLIBRARIES += libgcry.la
+   libgcry_la_SOURCES = libgcry.c libgcry_common.c libgcry.h
+   libgcry_la_CPPFLAGS = $(RSRT_CFLAGS) $(LIBGCRYPT_CFLAGS)
    pkglib_LTLIBRARIES += lmcry_gcry.la
-   lmcry_gcry_la_SOURCES = lmcry_gcry.c lmcry_gcry.h libgcry.c libgcry.h
+   lmcry_gcry_la_SOURCES = lmcry_gcry.c lmcry_gcry.h
    lmcry_gcry_la_CPPFLAGS = $(RSRT_CFLAGS) $(LIBGCRYPT_CFLAGS)
    lmcry_gcry_la_LDFLAGS = -module -avoid-version `libgcrypt-config --libs`
-#lmcry_gcry_la_LIBADD = libgcry.la $(LIBGCRYPT_LIBS)
-   lmcry_gcry_la_LIBADD = $(LIBGCRYPT_LIBS)
+   lmcry_gcry_la_LIBADD = libgcry.la $(LIBGCRYPT_LIBS)
 endif
 
 
@@ -194,6 +193,7 @@ endif
 # support library for guardtime
 #
 if ENABLE_GUARDTIME
+   noinst_LTLIBRARIES +=  librsgt.la
    librsgt_la_SOURCES = librsgt.c librsgt_read.c librsgt.h
    pkglib_LTLIBRARIES += lmsig_gt.la
    lmsig_gt_la_SOURCES = lmsig_gt.c lmsig_gt.h
diff --git a/runtime/libgcry.c b/runtime/libgcry.c
index ef94e8ac..e57ee8bc 100644
--- a/runtime/libgcry.c
+++ b/runtime/libgcry.c
@@ -43,6 +43,8 @@
 #include <gcrypt.h>
 #include <sys/stat.h>
 #include <sys/uio.h>
+#include <sys/types.h>
+#include <unistd.h>
 #include <fcntl.h>
 #include <errno.h>
 
@@ -199,6 +201,7 @@ finalize_it:
 	RETiRet;
 }
 
+
 gcryctx
 gcryCtxNew(void)
 {
diff --git a/runtime/libgcry.h b/runtime/libgcry.h
index d699124d..5dde1576 100644
--- a/runtime/libgcry.h
+++ b/runtime/libgcry.h
@@ -41,6 +41,7 @@ struct gcryfile_s {
 	gcryctx ctx;
 };
 
+int gcryGetKeyFromFile(char *fn, char **key, unsigned *keylen);
 int rsgcryInit(void);
 void rsgcryExit(void);
 int rsgcrySetKey(gcryctx ctx, unsigned char *key, uint16_t keyLen);
diff --git a/runtime/libgcry_common.c b/runtime/libgcry_common.c
new file mode 100644
index 00000000..49a0e669
--- /dev/null
+++ b/runtime/libgcry_common.c
@@ -0,0 +1,77 @@
+/* libgcry_common.c
+ * This file hosts functions both being used by the rsyslog runtime as
+ * well as tools who do not use the runtime (so we can maintain the
+ * code at a single place).
+ *
+ * Copyright 2013 Adiscon GmbH.
+ *
+ * This file is part of rsyslog.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *       -or-
+ *       see COPYING.ASL20 in the source distribution
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#if HAVE_CONFIG_H
+#include "config.h"
+#endif
+#include <stdio.h>
+#include <gcrypt.h>
+#include <sys/stat.h>
+#include <sys/uio.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <errno.h>
+
+#include "rsyslog.h" /* we need data typedefs */
+#include "libgcry.h"
+
+
+/* read a key from a key file
+ * @param[out] key - key buffer, must be freed by caller
+ * @param[out] keylen - length of buffer
+ * @returns 0 if OK, something else otherwise (we do not use
+ *            iRet as this is also called from non-rsyslog w/o runtime)
+ * The key length is limited to 64KiB to prevent DoS.
+ * Note well: key is a blob, not a C string (NUL may be present!)
+ */
+int
+gcryGetKeyFromFile(char *fn, char **key, unsigned *keylen)
+{
+	struct stat sb;
+	int fd;
+	int r;
+
+	if(stat(fn, &sb) == -1) {
+		r = 1; goto done;
+	}
+	if((sb.st_mode & S_IFMT) != S_IFREG) {
+		r = 2; goto done;
+	}
+	if(sb.st_size > 64*1024) {
+		r = 3; goto done;
+	}
+	if((*key = malloc(sb.st_size)) == NULL) {
+		r = -1; goto done;
+	}
+	if((fd = open(fn, O_RDONLY)) < 0) {
+		r = 4; goto done;
+	}
+	if(read(fd, *key, sb.st_size) != sb.st_size) {
+		r = 5; goto done;
+	}
+	*keylen = sb.st_size;
+	close(fd);
+	r = 0;
+done:	return r;
+}
diff --git a/tools/Makefile.am b/tools/Makefile.am
index 0f2bb57e..938782f7 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -79,7 +79,7 @@ bin_PROGRAMS += rscryutil
 rscryutil = rscryutil.c
 rscryutil_CPPFLAGS = -I../runtime $(RSRT_CFLAGS) $(LIBGCRYPT_CFLAGS)
 rscryutil_LDFLAGS = `libgcrypt-config --libs`
-#rscryutil_LDFLAGS = $(LIBGCRYPT_LIBS)
+rscryutil_LDADD = ../runtime/libgcry.la $(LIBGCRYPT_LIBS)
 rscryutil.1: rscryutil.rst
 	$(AM_V_GEN) $(RST2MAN) $< $@
 man1_MANS = rscryutil.1
diff --git a/tools/rscryutil.c b/tools/rscryutil.c
index e1e900a7..9290db4d 100644
--- a/tools/rscryutil.c
+++ b/tools/rscryutil.c
@@ -34,13 +34,14 @@
 #include "libgcry.h"
 
 
-static enum { MD_DECRYPT
+static enum { MD_DECRYPT, MD_WRITE_KEYFILE
 } mode = MD_DECRYPT;
 static int verbose = 0;
 static gcry_cipher_hd_t gcry_chd;
 static size_t blkLength;
 
 static char *cry_key = NULL;
+static unsigned cry_keylen = 0;
 static int cry_algo = GCRY_CIPHER_AES128;
 static int cry_mode = GCRY_CIPHER_MODE_CBC;
 
@@ -171,7 +172,7 @@ initCrypt(FILE *eifp)
 	size_t keyLength = gcry_cipher_get_algo_keylen(cry_algo);
 	if(strlen(cry_key) != keyLength) {
 		fprintf(stderr, "invalid key length; key is %u characters, but "
-			"exactly %u characters are required\n", strlen(cry_key),
+			"exactly %u characters are required\n", cry_keylen,
 			keyLength);
 		r = 1; goto done;
 	}
@@ -319,38 +320,82 @@ err:
 		fclose(logfp);
 }
 
+static void
+write_keyfile(char *keyfile)
+{
+	FILE *fp;
+
+	if(cry_key == NULL) {
+		fprintf(stderr, "ERROR: key must be set via some method\n");
+		exit(1);
+	}
+	if(keyfile == NULL) {
+		fprintf(stderr, "ERROR: keyfile must be set\n");
+		exit(1);
+	}
+	if((fp = fopen(keyfile, "w")) == NULL) {
+		perror(keyfile);
+		exit(1);
+	}
+	if(fwrite(cry_key, cry_keylen, 1, fp) != 1) {
+		perror(keyfile);
+		exit(1);
+	}
+	fclose(fp);
+}
 
 static struct option long_options[] = 
 { 
 	{"verbose", no_argument, NULL, 'v'},
 	{"version", no_argument, NULL, 'V'},
 	{"decrypt", no_argument, NULL, 'd'},
-	{"key", required_argument, NULL, 'k'},
+	{"write-keyfile", no_argument, NULL, 'W'},
+	{"key", required_argument, NULL, 'K'},
+	{"keyfile", required_argument, NULL, 'k'},
 	{"algo", required_argument, NULL, 'a'},
 	{"mode", required_argument, NULL, 'm'},
 	{NULL, 0, NULL, 0} 
 }; 
 
+static void
+getKeyFromFile(char *fn)
+{
+	int r;
+	r = gcryGetKeyFromFile(fn, &cry_key, &cry_keylen);
+	if(r != 0) {
+		fprintf(stderr, "Error %d reading key from file '%s'\n", r, fn);
+		exit(1);
+	}
+}
+
 int
 main(int argc, char *argv[])
 {
 	int i;
 	int opt;
 	int temp;
+	char *keyfile = NULL;
 
 	while(1) {
-		opt = getopt_long(argc, argv, "a:dk:m:vV", long_options, NULL);
+		opt = getopt_long(argc, argv, "a:dk:K:m:vVW", long_options, NULL);
 		if(opt == -1)
 			break;
 		switch(opt) {
 		case 'd':
 			mode = MD_DECRYPT;
 			break;
+		case 'W':
+			mode = MD_WRITE_KEYFILE;
+			break;
 		case 'k':
+			keyfile = optarg;
+			break;
+		case 'K':
 			fprintf(stderr, "WARNING: specifying the actual key "
 				"via the command line is highly insecure\n"
 				"Do NOT use this for PRODUCTION use.\n");
 			cry_key = optarg;
+			cry_keylen = strlen(cry_key);
 			break;
 		case 'a':
 			temp = rsgcryAlgoname2Algo(optarg);
@@ -384,13 +429,29 @@ main(int argc, char *argv[])
 		}
 	}
 
-	if(optind == argc)
-		decrypt("-");
-	else {
-		for(i = optind ; i < argc ; ++i)
-			decrypt(argv[i]); /* currently only mode ;) */
+	if(mode == MD_WRITE_KEYFILE) {
+		if(optind != argc) {
+			fprintf(stderr, "ERROR: no file parameters permitted in "
+				"--write-keyfile mode\n");
+			exit(1);
+		}
+		write_keyfile(keyfile);
+	} else {
+		if(keyfile != NULL)
+			getKeyFromFile(keyfile);
+		if(cry_key == NULL) {
+			fprintf(stderr, "ERROR: key must be set via some method\n");
+			exit(1);
+		}
+		if(optind == argc)
+			decrypt("-");
+		else {
+			for(i = optind ; i < argc ; ++i)
+				decrypt(argv[i]);
+		}
 	}
 
-	memset(cry_key, 0, strlen(cry_key)); /* zero-out key store */
+	memset(cry_key, 0, cry_keylen); /* zero-out key store */
+	cry_keylen = 0;
 	return 0;
 }
diff --git a/tools/rscryutil.rst b/tools/rscryutil.rst
index 3cc54f57..d6381011 100644
--- a/tools/rscryutil.rst
+++ b/tools/rscryutil.rst
@@ -31,6 +31,10 @@ OPTIONS
 -d, --decrypt
   Select decryption mode. This is the default mode.
 
+-W, --write-keyfile
+  Utility function to write a key to a keyfile. The key can be obtained
+  via any method (except via a keyfile for obvious reasons).
+
 -v, --verbose
   Select verbose mode.
 
-- 
cgit v1.2.3


From 97cbbdac13c0e2a08a8f0cb716b0cdce9a2bb3cf Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 12 Apr 2013 15:24:51 +0200
Subject: logenc: full support for keyfiles

including their generation via rscrytool
---
 ChangeLog            |   1 +
 runtime/lmcry_gcry.c |  30 ++++++++++++--
 tools/rscryutil.c    | 114 ++++++++++++++++++++++++++++++++++++---------------
 tools/rscryutil.rst  |  77 +++++++++++++++++++++++++++++++---
 4 files changed, 179 insertions(+), 43 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 97114227..a8f6b475 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,7 @@
 Version 7.3.10  [devel] 2013-04-??
 - added RainerScript re_extract() function
 - templates now permit substring extraction relative to end-of-string
+- added support for encrypting log files
 - bugfix: imuxsock aborted under some conditions
   regression from ratelimiting enhancements
 ---------------------------------------------------------------------------
diff --git a/runtime/lmcry_gcry.c b/runtime/lmcry_gcry.c
index cc65051f..bcc001fc 100644
--- a/runtime/lmcry_gcry.c
+++ b/runtime/lmcry_gcry.c
@@ -45,6 +45,7 @@ DEFobjCurrIf(glbl)
 /* tables for interfacing with the v6 config system */
 static struct cnfparamdescr cnfpdescr[] = {
 	{ "cry.key", eCmdHdlrGetWord, 0 },
+	{ "cry.keyfile", eCmdHdlrGetWord, 0 },
 	{ "cry.mode", eCmdHdlrGetWord, 0 }, /* CBC, ECB, etc */
 	{ "cry.algo", eCmdHdlrGetWord, 0 }
 };
@@ -89,7 +90,9 @@ SetCnfParam(void *pT, struct nvlst *lst)
 {
 	lmcry_gcry_t *pThis = (lmcry_gcry_t*) pT;
 	int i, r;
+	unsigned keylen;
 	uchar *key = NULL;
+	uchar *keyfile = NULL;
 	uchar *algo = NULL;
 	uchar *mode = NULL;
 	struct cnfparamvals *pvals;
@@ -106,6 +109,8 @@ SetCnfParam(void *pT, struct nvlst *lst)
 			continue;
 		if(!strcmp(pblk.descr[i].name, "cry.key")) {
 			key = (uchar*) es_str2cstr(pvals[i].val.d.estr, NULL);
+		} else if(!strcmp(pblk.descr[i].name, "cry.keyfile")) {
+			keyfile = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
 		} else if(!strcmp(pblk.descr[i].name, "cry.mode")) {
 			mode = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
 		} else if(!strcmp(pblk.descr[i].name, "cry.algo")) {
@@ -130,22 +135,39 @@ SetCnfParam(void *pT, struct nvlst *lst)
 		}
 	}
 	/* note: key must be set AFTER algo/mode is set (as it depends on them) */
+	if(key != NULL && keyfile != NULL) {
+		errmsg.LogError(0, RS_RET_INVALID_PARAMS, "only one of the following "
+			"parameters can be specified: cry.key, cry.keyfile\n");
+		ABORT_FINALIZE(RS_RET_INVALID_PARAMS);
+	}
 	if(key != NULL) {
 		errmsg.LogError(0, RS_RET_ERR, "Note: specifying an actual key directly from the "
 			"config file is highly insecure - DO NOT USE FOR PRODUCTION");
-		r = rsgcrySetKey(pThis->ctx, key, strlen((char*)key));
-		if(r > 0) {
-			errmsg.LogError(0, RS_RET_INVALID_PARAMS, "Key length %d expected, but "
-				"key of length %d given", r, strlen((char*)key));
+		keylen = strlen((char*)key);
+	}
+	if(keyfile != NULL) {
+		r = gcryGetKeyFromFile((char*)keyfile, (char**)&key, &keylen);
+		if(r != 0) {
+			errmsg.LogError(0, RS_RET_ERR, "error %d reading keyfile %s\n",
+				r, keyfile);
 			ABORT_FINALIZE(RS_RET_INVALID_PARAMS);
 		}
 	}
 
+	/* if we reach this point, we have a valid key */
+	r = rsgcrySetKey(pThis->ctx, key, keylen);
+	if(r > 0) {
+		errmsg.LogError(0, RS_RET_INVALID_PARAMS, "Key length %d expected, but "
+			"key of length %d given", r, keylen);
+		ABORT_FINALIZE(RS_RET_INVALID_PARAMS);
+	}
+
 	cnfparamvalsDestruct(pvals, &pblk);
 	if(key != NULL) {
 		memset(key, 0, strlen((char*)key));
 		free(key);
 	}
+	free(keyfile);
 	free(algo);
 	free(mode);
 finalize_it:
diff --git a/tools/rscryutil.c b/tools/rscryutil.c
index 9290db4d..be14cde9 100644
--- a/tools/rscryutil.c
+++ b/tools/rscryutil.c
@@ -28,6 +28,9 @@
 #include <unistd.h>
 #include <stdio.h>
 #include <getopt.h>
+#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/stat.h>
 #include <gcrypt.h>
 
 #include "rsyslog.h"
@@ -40,10 +43,13 @@ static int verbose = 0;
 static gcry_cipher_hd_t gcry_chd;
 static size_t blkLength;
 
+static char *keyfile = NULL;
+static int randomKeyLen = -1;
 static char *cry_key = NULL;
 static unsigned cry_keylen = 0;
 static int cry_algo = GCRY_CIPHER_AES128;
 static int cry_mode = GCRY_CIPHER_MODE_CBC;
+static int optionForce = 0;
 
 /* rectype/value must be EIF_MAX_*_LEN+1 long!
  * returns 0 on success or something else on error/EOF
@@ -321,27 +327,70 @@ err:
 }
 
 static void
-write_keyfile(char *keyfile)
+write_keyfile(char *fn)
 {
-	FILE *fp;
-
-	if(cry_key == NULL) {
-		fprintf(stderr, "ERROR: key must be set via some method\n");
+	int fd;
+	int r;
+	mode_t fmode;
+
+	fmode = O_WRONLY|O_CREAT;
+	if(!optionForce)
+		fmode |= O_EXCL;
+	if((fd = open(fn, fmode, S_IRUSR)) == -1) {
+		fprintf(stderr, "error opening keyfile ");
+		perror(fn);
 		exit(1);
 	}
-	if(keyfile == NULL) {
-		fprintf(stderr, "ERROR: keyfile must be set\n");
+	if((r = write(fd, cry_key, cry_keylen)) != (ssize_t)cry_keylen) {
+		fprintf(stderr, "error writing keyfile (ret=%d) ", r);
+		perror(fn);
 		exit(1);
 	}
-	if((fp = fopen(keyfile, "w")) == NULL) {
-		perror(keyfile);
+	close(fd);
+}
+
+static void
+getKeyFromFile(char *fn)
+{
+	int r;
+	r = gcryGetKeyFromFile(fn, &cry_key, &cry_keylen);
+	if(r != 0) {
+		fprintf(stderr, "Error %d reading key from file '%s'\n", r, fn);
 		exit(1);
 	}
-	if(fwrite(cry_key, cry_keylen, 1, fp) != 1) {
-		perror(keyfile);
+}
+
+static void
+getRandomKey(void)
+{
+	int fd;
+	cry_keylen = randomKeyLen;
+	cry_key = malloc(randomKeyLen); /* do NOT zero-out! */
+	/* if we cannot obtain data from /dev/urandom, we use whatever
+	 * is present at the current memory location as random data. Of
+	 * course, this is very weak and we should consider a different
+	 * option, especially when not running under Linux (for Linux,
+	 * unavailability of /dev/urandom is just a theoretic thing, it
+	 * will always work...).  -- TODO -- rgerhards, 2013-03-06
+	 */
+	if((fd = open("/dev/urandom", O_RDONLY)) > 0) {
+		if(read(fd, cry_key, randomKeyLen)) {}; /* keep compiler happy */
+		close(fd);
+	}
+}
+
+
+static void
+setKey()
+{
+	if(randomKeyLen != -1)
+		getRandomKey();
+	else if(keyfile != NULL)
+		getKeyFromFile(keyfile);
+	if(cry_key == NULL) {
+		fprintf(stderr, "ERROR: key must be set via some method\n");
 		exit(1);
 	}
-	fclose(fp);
 }
 
 static struct option long_options[] = 
@@ -349,35 +398,26 @@ static struct option long_options[] =
 	{"verbose", no_argument, NULL, 'v'},
 	{"version", no_argument, NULL, 'V'},
 	{"decrypt", no_argument, NULL, 'd'},
-	{"write-keyfile", no_argument, NULL, 'W'},
+	{"force", no_argument, NULL, 'f'},
+	{"write-keyfile", required_argument, NULL, 'W'},
 	{"key", required_argument, NULL, 'K'},
+	{"generate-random-key", required_argument, NULL, 'r'},
 	{"keyfile", required_argument, NULL, 'k'},
 	{"algo", required_argument, NULL, 'a'},
 	{"mode", required_argument, NULL, 'm'},
 	{NULL, 0, NULL, 0} 
 }; 
 
-static void
-getKeyFromFile(char *fn)
-{
-	int r;
-	r = gcryGetKeyFromFile(fn, &cry_key, &cry_keylen);
-	if(r != 0) {
-		fprintf(stderr, "Error %d reading key from file '%s'\n", r, fn);
-		exit(1);
-	}
-}
-
 int
 main(int argc, char *argv[])
 {
 	int i;
 	int opt;
 	int temp;
-	char *keyfile = NULL;
+	char *newKeyFile = NULL;
 
 	while(1) {
-		opt = getopt_long(argc, argv, "a:dk:K:m:vVW", long_options, NULL);
+		opt = getopt_long(argc, argv, "a:dfk:K:m:r:vVW:", long_options, NULL);
 		if(opt == -1)
 			break;
 		switch(opt) {
@@ -386,10 +426,22 @@ main(int argc, char *argv[])
 			break;
 		case 'W':
 			mode = MD_WRITE_KEYFILE;
+			newKeyFile = optarg;
 			break;
 		case 'k':
 			keyfile = optarg;
 			break;
+		case 'f':
+			optionForce = 1;
+			break;
+		case 'r':
+			randomKeyLen = atoi(optarg);
+			if(randomKeyLen > 64*1024) {
+				fprintf(stderr, "ERROR: keys larger than 64KiB are "
+					"not supported\n");
+				exit(1);
+			}
+			break;
 		case 'K':
 			fprintf(stderr, "WARNING: specifying the actual key "
 				"via the command line is highly insecure\n"
@@ -429,20 +481,16 @@ main(int argc, char *argv[])
 		}
 	}
 
+	setKey();
+
 	if(mode == MD_WRITE_KEYFILE) {
 		if(optind != argc) {
 			fprintf(stderr, "ERROR: no file parameters permitted in "
 				"--write-keyfile mode\n");
 			exit(1);
 		}
-		write_keyfile(keyfile);
+		write_keyfile(newKeyFile);
 	} else {
-		if(keyfile != NULL)
-			getKeyFromFile(keyfile);
-		if(cry_key == NULL) {
-			fprintf(stderr, "ERROR: key must be set via some method\n");
-			exit(1);
-		}
 		if(optind == argc)
 			decrypt("-");
 		else {
diff --git a/tools/rscryutil.rst b/tools/rscryutil.rst
index d6381011..c546d855 100644
--- a/tools/rscryutil.rst
+++ b/tools/rscryutil.rst
@@ -7,7 +7,7 @@ Manage Encrypted Log Files
 --------------------------
 
 :Author: Rainer Gerhards <rgerhards@adiscon.com>
-:Date: 2013-04-08
+:Date: 2013-04-15
 :Manual section: 1
 
 SYNOPSIS
@@ -31,14 +31,22 @@ OPTIONS
 -d, --decrypt
   Select decryption mode. This is the default mode.
 
--W, --write-keyfile
+-W, --write-keyfile <file>
   Utility function to write a key to a keyfile. The key can be obtained
-  via any method (except via a keyfile for obvious reasons).
+  via any method.
 
 -v, --verbose
   Select verbose mode.
 
--k, --key <KEY>
+-f, --force
+  Forces operations that otherwise would fail.
+
+-k, --keyfile <file>
+  Reads the key from <file>. File _must_ contain the key, only, no headers
+  or other meta information. Keyfiles can be generated via the
+  *--write-keyfile* option.
+
+-K, --key <KEY>
   TESTING AID, NOT FOR PRODUCTION USE. This uses the KEY specified
   on the command line. This is the actual key, and as such this mode
   is highly insecure. However, it can be useful for intial testing
@@ -52,6 +60,11 @@ OPTIONS
   Sets the ciphermode to be used. See below for supported modes.
   The default is "CBC".
 
+-r, --generate-random-key <bytes>
+  Generates a random key of length <bytes>. This option is
+  meant to be used together with *--write-keyfile* (and it is hard
+  to envision any other valid use for it).
+
 OPERATION MODES
 ===============
 
@@ -64,7 +77,25 @@ unpredictable.
 decrypt
 -------
 
-The provided log files are decrypted.
+The provided log files are decrypted. Note that the *.encinfo* side files
+must exist and be accessible in order for decryption to to work.
+
+write-keyfile
+-------------
+
+In this mode no log files are processed; thus it is an error to specify
+any on the command line. The specified keyfile is written. The key itself
+is obtained via the usual key commands. If *--keyfile* is used, that
+file is effectively copied.
+
+For security reasons, existing key files are _not_ overwritten. To permit
+this, specify the *--force* option. When doing so, keep in mind that lost
+keys cannot be recovered and data encrypted with them may also be considered
+lost.
+
+Keyfiles are always created with 0400 permission, that is read access for only
+the user. An exception is when an existing file is overwritten via the
+*--force* option, in which case the former permissions still apply.
 
 EXIT CODES
 ==========
@@ -77,6 +108,7 @@ SUPPORTED ALGORITHMS
 ====================
 
 We basically support what libgcrypt supports. This is:
+
 	3DES
 	CAST5
 	BLOWFISH
@@ -101,6 +133,7 @@ SUPPORTED CIPHER MODES
 ======================
 
 We basically support what libgcrypt supports. This is:
+
   	ECB
 	CFB
 	CBC
@@ -116,9 +149,41 @@ EXAMPLES
 
 Decrypts "logfile" and sends data to stdout.
 
+
+**rscryutil --generate-random-key 16 --keyfile /some/secured/path/keyfile**
+
+Generates random key and stores it in the specified keyfile.
+
+LOG SIGNATURES
+==============
+
+Encrypted log files can be used together with signing. To verify such a file,
+it must be decrypted first, and the verification tool **rsgtutil(1)** must be
+run on the decrypted file.
+
+SECURITY CONSIDERATIONS
+=======================
+
+Specifying keys directly on the command line (*--key* option) is very 
+insecure and should
+not be done, except for testing purposes with test keys. Even then it is
+recommended to use keyfiles, which are also easy to handle during testing.
+Keep in mind that command history is usally be kept by bash and can also
+easily be monitored.
+
+Local keyfiles are also a security risk. At a minimum, they should be
+used with very restrictive file permissions. For this reason,
+the *rscryutil* tool creates them with read permissions for the user,
+only, no matter what umask is set to.
+
+When selecting cipher algorithms and modes, care needs to be taken. The
+defaults should be reasonable safe to use, but this tends to change over
+time. Keep up with the most current crypto recommendations.
+
+
 SEE ALSO
 ========
-**rsyslogd(8)**
+**rsgtutil(1)**, **rsyslogd(8)**
 
 COPYRIGHT
 =========
-- 
cgit v1.2.3


From 64102e8cc352ffc542dca1dfcdd50f5ae776dc1f Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 12 Apr 2013 17:50:08 +0200
Subject: logenc: add capability to use key generation program to rscryutil

---
 runtime/libgcry_common.c | 129 +++++++++++++++++++++++++++++++++++++++++++++++
 tools/rscryutil.c        |   9 +++-
 2 files changed, 137 insertions(+), 1 deletion(-)

diff --git a/runtime/libgcry_common.c b/runtime/libgcry_common.c
index 49a0e669..63b5e5d5 100644
--- a/runtime/libgcry_common.c
+++ b/runtime/libgcry_common.c
@@ -75,3 +75,132 @@ gcryGetKeyFromFile(char *fn, char **key, unsigned *keylen)
 	r = 0;
 done:	return r;
 }
+
+
+/* execute the child process (must be called in child context
+ * after fork).
+ */
+
+static void
+execKeyScript(char *cmd, int pipefd[])
+{
+	char *newargv[] = { NULL };
+	char *newenviron[] = { NULL };
+
+	dup2(pipefd[0], STDIN_FILENO);
+	dup2(pipefd[1], STDOUT_FILENO);
+
+	/* finally exec child */
+fprintf(stderr, "pre execve: %s\n", cmd);
+	execve(cmd, newargv, newenviron);
+	/* switch to?
+	execlp((char*)program, (char*) program, (char*)arg, NULL);
+	*/
+
+	/* we should never reach this point, but if we do, we terminate */
+done:	return;
+}
+
+
+static int
+openPipe(char *cmd, int *fd)
+{
+	int pipefd[2];
+	pid_t cpid;
+	int r;
+
+	if(pipe(pipefd) == -1) {
+		r = 1; goto done;
+	}
+
+	cpid = fork();
+	if(cpid == -1) {
+		r = 1; goto done;
+	}
+
+	if(cpid == 0) {    
+		/* we are the child */
+		execKeyScript(cmd, pipefd);
+		exit(1);
+	}
+
+	close(pipefd[1]);
+	*fd = pipefd[0];
+	r = 0;
+done:	return r;
+}
+
+
+/* Read a character from the program's output. */
+// TODO: highly unoptimized version, should be used in buffered
+// mode
+static int
+readProgChar(int fd, char *c)
+{
+	int r;
+	if(read(fd, c, 1) != 1) {
+		r = 1; goto done;
+	}
+	r = 0;
+done:	return r;
+}
+
+/* Read a line from the script. Line is terminated by LF, which
+ * is NOT put into the buffer.
+ * buf must be 64KiB
+ */
+static int
+readProgLine(int fd, char *buf)
+{
+	char c;
+	int r;
+	unsigned i;
+	
+	for(i = 0 ; i < 64*1024 ; ++i) {
+		if((r = readProgChar(fd, &c)) != 0) goto done;
+		if(c == '\n')
+			break;
+		buf[i] = c;
+	};
+	if(i >= 64*1024) {
+		r = 1; goto done;
+	}
+	buf[i] = '\0';
+	r = 0;
+done:	return r;
+}
+static int
+readProgKey(int fd, char *buf, unsigned keylen)
+{
+	char c;
+	int r;
+	unsigned i;
+	
+	for(i = 0 ; i < keylen ; ++i) {
+		if((r = readProgChar(fd, &c)) != 0) goto done;
+		buf[i] = c;
+	};
+	r = 0;
+done:	return r;
+}
+
+int 
+gcryGetKeyFromProg(char *cmd, char **key, unsigned *keylen)
+{
+	int r;
+	int fd;
+	char rcvBuf[64*1024];
+
+	if((r = openPipe(cmd, &fd)) != 0) goto done;
+	if((r = readProgLine(fd, rcvBuf)) != 0) goto done;
+	if(strcmp(rcvBuf, "RSYSLOG-KEY-PROVIDER:0")) {
+		r = 2; goto done;
+	}
+	if((r = readProgLine(fd, rcvBuf)) != 0) goto done;
+	*keylen = atoi(rcvBuf);
+	if((*key = malloc(*keylen)) == NULL) {
+		r = -1; goto done;
+	}
+	if((r = readProgKey(fd, *key, *keylen)) != 0) goto done;
+done:	return r;
+}
diff --git a/tools/rscryutil.c b/tools/rscryutil.c
index be14cde9..2591b2cc 100644
--- a/tools/rscryutil.c
+++ b/tools/rscryutil.c
@@ -44,6 +44,7 @@ static gcry_cipher_hd_t gcry_chd;
 static size_t blkLength;
 
 static char *keyfile = NULL;
+static char *keyprog = NULL;
 static int randomKeyLen = -1;
 static char *cry_key = NULL;
 static unsigned cry_keylen = 0;
@@ -387,6 +388,8 @@ setKey()
 		getRandomKey();
 	else if(keyfile != NULL)
 		getKeyFromFile(keyfile);
+	else if(keyprog != NULL)
+		gcryGetKeyFromProg(keyprog, &cry_key, &cry_keylen);
 	if(cry_key == NULL) {
 		fprintf(stderr, "ERROR: key must be set via some method\n");
 		exit(1);
@@ -403,6 +406,7 @@ static struct option long_options[] =
 	{"key", required_argument, NULL, 'K'},
 	{"generate-random-key", required_argument, NULL, 'r'},
 	{"keyfile", required_argument, NULL, 'k'},
+	{"key-program", required_argument, NULL, 'p'},
 	{"algo", required_argument, NULL, 'a'},
 	{"mode", required_argument, NULL, 'm'},
 	{NULL, 0, NULL, 0} 
@@ -417,7 +421,7 @@ main(int argc, char *argv[])
 	char *newKeyFile = NULL;
 
 	while(1) {
-		opt = getopt_long(argc, argv, "a:dfk:K:m:r:vVW:", long_options, NULL);
+		opt = getopt_long(argc, argv, "a:dfk:K:m:p:r:vVW:", long_options, NULL);
 		if(opt == -1)
 			break;
 		switch(opt) {
@@ -431,6 +435,9 @@ main(int argc, char *argv[])
 		case 'k':
 			keyfile = optarg;
 			break;
+		case 'p':
+			keyprog = optarg;
+			break;
 		case 'f':
 			optionForce = 1;
 			break;
-- 
cgit v1.2.3


From 4e0c339586c5d6741434266810f7f75e632b03ce Mon Sep 17 00:00:00 2001
From: Tomas Heinrich <theinric@redhat.com>
Date: Fri, 12 Apr 2013 10:09:33 +0200
Subject: bugfix: prevent a segfault if ratelimit condition is not met

Move the severity-check logic inside the ratelimiter and add a new
function ratelimitSetSeverity() to manipulate the treshold.
Currently only utilized by the imuxsock module.
---
 plugins/imuxsock/imuxsock.c |  9 +++++----
 runtime/ratelimit.c         | 14 +++++++++++++-
 runtime/ratelimit.h         |  2 ++
 3 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/plugins/imuxsock/imuxsock.c b/plugins/imuxsock/imuxsock.c
index 0f4ded1d..95537475 100644
--- a/plugins/imuxsock/imuxsock.c
+++ b/plugins/imuxsock/imuxsock.c
@@ -412,6 +412,8 @@ addListner(instanceConf_t *inst)
 		ratelimitSetLinuxLike(listeners[nfd].dflt_ratelimiter,
 				      listeners[nfd].ratelimitInterval,
 				      listeners[nfd].ratelimitBurst);
+		ratelimitSetSeverity(listeners[nfd].dflt_ratelimiter,
+				     listeners[nfd].ratelimitSev);
 		nfd++;
 	} else {
 		errmsg.LogError(0, NO_ERRCODE, "Out of unix socket name descriptors, ignoring %s\n",
@@ -586,6 +588,7 @@ findRatelimiter(lstn_t *pLstn, struct ucred *cred, ratelimit_t **prl)
 		pidbuf[sizeof(pidbuf)-1] = '\0'; /* to be on safe side */
 		CHKiRet(ratelimitNew(&rl, "imuxsock", pidbuf));
 		ratelimitSetLinuxLike(rl, pLstn->ratelimitInterval, pLstn->ratelimitBurst);
+		ratelimitSetSeverity(rl, pLstn->ratelimitSev);
 		CHKmalloc(keybuf = malloc(sizeof(pid_t)));
 		*keybuf = cred->pid;
 		r = hashtable_insert(pLstn->ht, keybuf, rl);
@@ -775,10 +778,7 @@ SubmitMsg(uchar *pRcv, int lenRcv, lstn_t *pLstn, struct ucred *cred, struct tim
 	facil = LOG_FAC(pri);
 	sever = LOG_PRI(pri);
 
-	if(sever >= pLstn->ratelimitSev) {
-		/* note: if cred == NULL, then ratelimiter == NULL as well! */
-		findRatelimiter(pLstn, cred, &ratelimiter); /* ignore error, better so than others... */
-	}
+	findRatelimiter(pLstn, cred, &ratelimiter); /* ignore error, better so than others... */
 
 	if(ts == NULL) {
 		datetime.getCurrTime(&st, &tt);
@@ -1075,6 +1075,7 @@ activateListeners()
 		ratelimitSetLinuxLike(listeners[0].dflt_ratelimiter,
 		listeners[0].ratelimitInterval,
 		listeners[0].ratelimitBurst);
+	ratelimitSetSeverity(listeners[0].dflt_ratelimiter,listeners[0].ratelimitSev);
 
 	sd_fds = sd_listen_fds(0);
 	if(sd_fds < 0) {
diff --git a/runtime/ratelimit.c b/runtime/ratelimit.c
index 4b618fb5..d83da2dd 100644
--- a/runtime/ratelimit.c
+++ b/runtime/ratelimit.c
@@ -202,7 +202,9 @@ ratelimitMsg(ratelimit_t *ratelimit, msg_t *pMsg, msg_t **ppRepMsg)
 	DEFiRet;
 
 	*ppRepMsg = NULL;
-	if(ratelimit->interval) {
+	/* Only the messages having severity level at or below the
+	 * treshold (the value is >=) are subject to ratelimiting. */
+	if(ratelimit->interval && (pMsg->iSeverity >= ratelimit->severity)) {
 		if(withinRatelimit(ratelimit, pMsg->ttGenTime) == 0) {
 			msgDestruct(&pMsg);
 			ABORT_FINALIZE(RS_RET_DISCARDMSG);
@@ -284,6 +286,7 @@ ratelimitNew(ratelimit_t **ppThis, char *modname, char *dynname)
 		namebuf[sizeof(namebuf)-1] = '\0'; /* to be on safe side */
 		pThis->name = strdup(namebuf);
 	}
+	/* pThis->severity == 0 - all messages are ratelimited */
 	pThis->bReduceRepeatMsgs = loadConf->globals.bReduceRepeatMsgs;
 	*ppThis = pThis;
 finalize_it:
@@ -316,6 +319,15 @@ ratelimitSetThreadSafe(ratelimit_t *ratelimit)
 	pthread_mutex_init(&ratelimit->mut, NULL);
 }
 
+/* Severity level determines which messages are subject to
+ * ratelimiting. Default (no value set) is all messages.
+ */
+void
+ratelimitSetSeverity(ratelimit_t *ratelimit, intTiny severity)
+{
+	ratelimit->severity = severity;
+}
+
 void
 ratelimitDestruct(ratelimit_t *ratelimit)
 {
diff --git a/runtime/ratelimit.h b/runtime/ratelimit.h
index 820817bc..a058b069 100644
--- a/runtime/ratelimit.h
+++ b/runtime/ratelimit.h
@@ -26,6 +26,7 @@ struct ratelimit_s {
 	/* support for Linux kernel-type ratelimiting */
 	unsigned short interval;
 	unsigned short burst;
+	intTiny severity; /**< ratelimit only equal or lower severity levels (eq or higher values) */
 	unsigned done;
 	unsigned missed;
 	time_t begin;
@@ -41,6 +42,7 @@ struct ratelimit_s {
 rsRetVal ratelimitNew(ratelimit_t **ppThis, char *modname, char *dynname);
 void ratelimitSetThreadSafe(ratelimit_t *ratelimit);
 void ratelimitSetLinuxLike(ratelimit_t *ratelimit, unsigned short interval, unsigned short burst);
+void ratelimitSetSeverity(ratelimit_t *ratelimit, intTiny severity);
 rsRetVal ratelimitMsg(ratelimit_t *ratelimit, msg_t *pMsg, msg_t **ppRep);
 rsRetVal ratelimitAddMsg(ratelimit_t *ratelimit, multi_submit_t *pMultiSub, msg_t *pMsg);
 void ratelimitDestruct(ratelimit_t *pThis);
-- 
cgit v1.2.3


From 0b4ed2c46a9b65e60bc0fb0f2532631a21917467 Mon Sep 17 00:00:00 2001
From: Tomas Heinrich <theinric@redhat.com>
Date: Fri, 12 Apr 2013 14:20:56 +0200
Subject: bugfix: set correct default value

---
 plugins/imuxsock/imuxsock.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/imuxsock/imuxsock.c b/plugins/imuxsock/imuxsock.c
index 95537475..c503852c 100644
--- a/plugins/imuxsock/imuxsock.c
+++ b/plugins/imuxsock/imuxsock.c
@@ -290,7 +290,7 @@ createInstance(instanceConf_t **pinst)
 	inst->sockName = NULL;
 	inst->pLogHostName = NULL;
 	inst->ratelimitInterval = DFLT_ratelimitInterval;
-	inst->ratelimitBurst = DFLT_ratelimitSeverity;
+	inst->ratelimitBurst = DFLT_ratelimitBurst;
 	inst->ratelimitSeverity = DFLT_ratelimitSeverity;
 	inst->bUseFlowCtl = 0;
 	inst->bIgnoreTimestamp = 1;
-- 
cgit v1.2.3


From 2c704e09431de23c245d11d7627127c09a8efee5 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Sat, 13 Apr 2013 11:28:42 +0200
Subject: doc: add recent patch to ChangeLog

---
 ChangeLog | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 85ac344b..1d04020e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,8 @@
 ---------------------------------------------------------------------------
+Version 7.3.11  [devel] 2013-04-??
+- bugfix: imuxsock aborted due to problem in ratelimiting code
+  Thanks to Tomas Heinrich for the patch.
+---------------------------------------------------------------------------
 Version 7.3.10  [devel] 2013-04-10
 - added RainerScript re_extract() function
 - omrelp: added support for RainerScript-based configuration
-- 
cgit v1.2.3


From fc0babb27d9021c103b05eaae0ccc6caef12137e Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Mon, 15 Apr 2013 09:40:34 +0200
Subject: logenc: add key-program support to rsyslog crypto provider

---
 runtime/lmcry_gcry.c | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/runtime/lmcry_gcry.c b/runtime/lmcry_gcry.c
index bcc001fc..2e4cfff3 100644
--- a/runtime/lmcry_gcry.c
+++ b/runtime/lmcry_gcry.c
@@ -46,6 +46,7 @@ DEFobjCurrIf(glbl)
 static struct cnfparamdescr cnfpdescr[] = {
 	{ "cry.key", eCmdHdlrGetWord, 0 },
 	{ "cry.keyfile", eCmdHdlrGetWord, 0 },
+	{ "cry.keyprogram", eCmdHdlrGetWord, 0 },
 	{ "cry.mode", eCmdHdlrGetWord, 0 }, /* CBC, ECB, etc */
 	{ "cry.algo", eCmdHdlrGetWord, 0 }
 };
@@ -93,11 +94,14 @@ SetCnfParam(void *pT, struct nvlst *lst)
 	unsigned keylen;
 	uchar *key = NULL;
 	uchar *keyfile = NULL;
+	uchar *keyprogram = NULL;
 	uchar *algo = NULL;
 	uchar *mode = NULL;
+	int nKeys; /* number of keys (actually methods) specified */
 	struct cnfparamvals *pvals;
 	DEFiRet;
 
+	nKeys = 0;
 	pvals = nvlstGetParams(lst, &pblk, NULL);
 	if(Debug) {
 		dbgprintf("param blk in lmcry_gcry:\n");
@@ -109,8 +113,13 @@ SetCnfParam(void *pT, struct nvlst *lst)
 			continue;
 		if(!strcmp(pblk.descr[i].name, "cry.key")) {
 			key = (uchar*) es_str2cstr(pvals[i].val.d.estr, NULL);
+			++nKeys;
 		} else if(!strcmp(pblk.descr[i].name, "cry.keyfile")) {
 			keyfile = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+			++nKeys;
+		} else if(!strcmp(pblk.descr[i].name, "cry.keyprogram")) {
+			keyprogram = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+			++nKeys;
 		} else if(!strcmp(pblk.descr[i].name, "cry.mode")) {
 			mode = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
 		} else if(!strcmp(pblk.descr[i].name, "cry.algo")) {
@@ -135,9 +144,9 @@ SetCnfParam(void *pT, struct nvlst *lst)
 		}
 	}
 	/* note: key must be set AFTER algo/mode is set (as it depends on them) */
-	if(key != NULL && keyfile != NULL) {
-		errmsg.LogError(0, RS_RET_INVALID_PARAMS, "only one of the following "
-			"parameters can be specified: cry.key, cry.keyfile\n");
+	if(nKeys != 1) {
+		errmsg.LogError(0, RS_RET_INVALID_PARAMS, "excactly one of the following "
+			"parameters can be specified: cry.key, cry.keyfile, cry.keyprogram\n");
 		ABORT_FINALIZE(RS_RET_INVALID_PARAMS);
 	}
 	if(key != NULL) {
@@ -153,6 +162,14 @@ SetCnfParam(void *pT, struct nvlst *lst)
 			ABORT_FINALIZE(RS_RET_INVALID_PARAMS);
 		}
 	}
+	if(keyprogram != NULL) {
+		r = gcryGetKeyFromProg((char*)keyprogram, (char**)&key, &keylen);
+		if(r != 0) {
+			errmsg.LogError(0, RS_RET_ERR, "error %d obtaining key from program %s\n",
+				r, keyprogram);
+			ABORT_FINALIZE(RS_RET_INVALID_PARAMS);
+		}
+	}
 
 	/* if we reach this point, we have a valid key */
 	r = rsgcrySetKey(pThis->ctx, key, keylen);
-- 
cgit v1.2.3


From 15fc65f35079bdac64c48e9ae37833785a6d379d Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Mon, 15 Apr 2013 18:40:06 +0200
Subject: add basic doc for encryption capability

---
 doc/cryprov_gcry.html | 121 ++++++++++++++++++++++++++++++++++++++++++++++++++
 doc/omfile.html       |   7 ++-
 doc/sigprov_gt.html   |   2 +-
 tools/rscryutil.rst   |   7 +++
 4 files changed, 135 insertions(+), 2 deletions(-)
 create mode 100644 doc/cryprov_gcry.html

diff --git a/doc/cryprov_gcry.html b/doc/cryprov_gcry.html
new file mode 100644
index 00000000..2568add9
--- /dev/null
+++ b/doc/cryprov_gcry.html
@@ -0,0 +1,121 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<meta http-equiv="Content-Language" content="en">
+<title>libgcryt Log Crypto Provider (gcry)</title>
+</head>
+
+<body>
+<a href="rsyslog_conf_modules.html">back to rsyslog module overview</a>
+
+<h1>libgcrypt Log Crypto Provider (gcry)</h1>
+<p><b>Signature Provider Name:&nbsp;&nbsp;&nbsp; gt</b></p>
+<p><b>Author: </b>Rainer Gerhards &lt;rgerhards@adiscon.com&gt;</p>
+<p><b>Supported Since: </b>since 7.3.10
+<p><b>Description</b>:</p>
+<p>Provides encryption support to rsyslog.
+</p>
+
+<p><b>Configuration Parameters</b>:</p>
+<p>Crypto providers are loaded by omfile, when the
+provider is selected in its "cry.providerName" parameter.
+Parameters for the provider are given in the omfile action instance
+line.
+<p>This provider creates an encryption information file with the same base name but
+the extension ".encinfo" for each log file (both for fixed-name files
+as well as dynafiles). Both files together form a set. So you need to
+archive both in order to prove integrity.
+<ul>
+<li><b>cry.algo</b> &lt;Encryption Algorithm&gt;<br>
+The algorithm (cipher) to be used for encryption.
+The default algorithm is "AES128".
+<br>Currently, the following Algorithms are supported:
+  <ul>
+	<li>3DES
+	<li>CAST5
+	<li>BLOWFISH
+	<li>AES128
+	<li>AES192
+	<li>AES256
+	<li>TWOFISH
+	<li>TWOFISH128
+	<li>ARCFOUR
+	<li>DES
+	<li>SERPENT128
+	<li>SERPENT192
+	<li>SERPENT256
+	<li>RFC2268_40
+	<li>SEED
+	<li>CAMELLIA128
+	<li>CAMELLIA192
+	<li>CAMELLIA256
+  </ul>
+  <br>
+  The actual availability of an algorithms depends on which ones
+  are compiled into libgcrypt. Note that some versions of libgcrypt
+  simply abort the process (rsyslogd in this case!) if a supported
+  algorithm is select but not available due to libgcrypt build
+  settings. There is nothing rsyslog can do against this. So in
+  order to avoid production downtime, always check carefully when
+  you change the algorithm.
+</li>
+<li><b>cry.mode</b> &lt;Algorithm Mode&gt;<br>
+The encryption mode to be used. Default ist Cipher Block Chaining (CBC).
+Note that not all encryption modes can be used together with all
+algorithms.
+<br>Currently, the following modes are supported:
+  <ul>
+  	<li>ECB
+	<li>CFB
+	<li>CBC
+	<li>STREAM
+	<li>OFB
+	<li>CTR
+	<li>AESWRAP
+  </ul>
+<li><b>cry.key</b> &lt;encryption key&gt;<br>
+  TESTING AID, NOT FOR PRODUCTION USE. This uses the KEY specified
+  inside rsyslog.conf. This is the actual key, and as such this mode
+  is highly insecure. However, it can be useful for intial testing
+  steps. This option may be removed in the future.
+</li>
+<li><b>cry.keyfile</b> &lt;filename&gt;<br>
+  Reads the key from the specified file. The file must contain the key, only,
+  no headers or other meta information. Keyfiles can be generated via the
+  rscrytool utility.
+</li>
+<li><b>cry.keyprogram</b> &lt;path to program&gt;<br>
+ If given, the key is provided by a so-called "key program". This program
+ is executed and must return the key to (as well as some meta information)
+ via stdout. The core idea of key programs is that using this interface the
+ user can implement as complex (and secure) method to obtain keys as
+ desired, all without the need to make modifications to rsyslog.
+</li>
+</ul>
+<b>Caveats/Known Bugs:</b>
+<ul>
+<li>currently none known
+</li>
+</ul>
+<p><b>Samples:</b></p>
+<p>This encrypts a log file. Default parameters are used, they key is
+provided via a keyfile.
+</p>
+<textarea rows="3" cols="60">
+action(type="omfile" file="/var/log/somelog"
+	cry.provider="gcry" keyfile="/secured/path/to/keyfile")
+</textarea>
+Note that the keyfile can be generated via the rscrytool utility (see its
+documentation for how to actually do that).
+
+
+<p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>]
+[<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p>
+<p><font size="2">This documentation is part of the
+<a href="http://www.rsyslog.com/">rsyslog</a>
+project.<br>
+Copyright &copy; 2013 by
+<a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> and
+<a href="http://www.adiscon.com/">Adiscon</a>.
+Released under the GNU GPL version 3 or higher.</font></p>
+</body></html>
diff --git a/doc/omfile.html b/doc/omfile.html
index a980d37f..06b738bb 100644
--- a/doc/omfile.html
+++ b/doc/omfile.html
@@ -83,11 +83,16 @@
 	<li><strong>DynaFile </strong><br>
 	For each message, the file name is generated based on the given template. Then, this file is opened. As with the ``file'' property, data is appended if the file already exists. If the file does not exist, a new file is created. A cache of recent files is kept. Note that this cache can consume quite some memory (especially if large buffer sizes are used). Files are kept open as long as they stay inside the cache. Currently, files are only evicted from the cache when there is need to do so (due to insufficient cache size). To force-close (and evict) a dynafile from cache, send a HUP signal to rsyslogd. <br></li><br>
 
-	<li><strong>Sig.Provider </strong>[ProviderName]<br>
+	<li><b>Sig.Provider </b>[ProviderName]<br>
 	Selects a signature provider for log signing. Currently,
 	there only is one provider called
 	"<a href="sigprov_gt.html">gt</a>".<br></li><br>
 
+	<li><b>Cry.Provider </b>[ProviderName]<br>
+	Selects a crypto provider for log encryption. Currently,
+	there only is one provider called
+	"<a href="cryprov_gcry.html">gcry</a>".<br></li><br>
+
 	<li><strong>Template </strong>[templateName]<br>
 	sets a new default template for file actions.<br></li><br>
 	
diff --git a/doc/sigprov_gt.html b/doc/sigprov_gt.html
index 18b0ed10..caeee116 100644
--- a/doc/sigprov_gt.html
+++ b/doc/sigprov_gt.html
@@ -11,7 +11,7 @@
 <h1>GuardTime Log Signature Provider (gt)</h1>
 <p><b>Signature Provider Name:&nbsp;&nbsp;&nbsp; gt</b></p>
 <p><b>Author: </b>Rainer Gerhards &lt;rgerhards@adiscon.com&gt;</p>
-<p><b>Multi-Ruleset Support: </b>since 7.3.9
+<p><b>Supported Since: </b>since 7.3.9
 <p><b>Description</b>:</p>
 <p>Provides the ability to sign syslog messages via the
 GuardTime signature services.
diff --git a/tools/rscryutil.rst b/tools/rscryutil.rst
index c546d855..dfd447d2 100644
--- a/tools/rscryutil.rst
+++ b/tools/rscryutil.rst
@@ -46,6 +46,13 @@ OPTIONS
   or other meta information. Keyfiles can be generated via the
   *--write-keyfile* option.
 
+-p, --key-program <path-to-program>
+ In this mode, the key is provided by a so-called "key program". This program
+ is executed and must return the key to (as well as some meta information)
+ via stdout. The core idea of key programs is that using this interface the
+ user can implement as complex (and secure) method to obtain keys as
+ desired, all without the need to make modifications to rsyslog.
+
 -K, --key <KEY>
   TESTING AID, NOT FOR PRODUCTION USE. This uses the KEY specified
   on the command line. This is the actual key, and as such this mode
-- 
cgit v1.2.3


From 89ace1e401dc179a20ec283c2f7c2f80becf4700 Mon Sep 17 00:00:00 2001
From: Louis Bouchard <louis.bouchard@canonical.com>
Date: Wed, 17 Apr 2013 08:52:17 +0200
Subject: bugfix:  $PreserveFQDN is not properly working

closes: http://bugzilla.adiscon.com/show_bug.cgi?id=426
---
 ChangeLog       | 3 +++
 tools/syslogd.c | 7 +++++++
 2 files changed, 10 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index a8f6b475..b8027636 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,9 @@ Version 7.3.10  [devel] 2013-04-??
 - added support for encrypting log files
 - bugfix: imuxsock aborted under some conditions
   regression from ratelimiting enhancements
+- bugfix:  $PreserveFQDN is not properly working
+  Thanks to Louis Bouchard for the patch
+  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=426
 ---------------------------------------------------------------------------
 Version 7.3.9  [devel] 2013-03-27
 - support for signing logs added
diff --git a/tools/syslogd.c b/tools/syslogd.c
index e291ba47..fe1205dd 100644
--- a/tools/syslogd.c
+++ b/tools/syslogd.c
@@ -1528,6 +1528,13 @@ queryLocalHostname(void)
 	 */
 	glbl.SetLocalHostName(LocalHostName);
 	glbl.SetLocalDomain(LocalDomain);
+
+	if ( strlen((char*)LocalDomain) )  {
+		CHKmalloc(LocalFQDNName = (uchar*)malloc(strlen((char*)LocalDomain)+strlen((char*)LocalHostName)+1));
+		if ( sprintf((char*)LocalFQDNName,"%s.%s",(char*)LocalHostName,(char*)LocalDomain) )
+			glbl.SetLocalFQDNName(LocalFQDNName);
+		}
+
 	glbl.GenerateLocalHostNameProperty(); /* must be redone after conf processing, FQDN setting may have changed */
 finalize_it:
 	RETiRet;
-- 
cgit v1.2.3


From 8b42f06d338b425f164cb3c534fb2dffe474221c Mon Sep 17 00:00:00 2001
From: Florian Riedl <friedel@adiscon.com>
Date: Wed, 17 Apr 2013 09:12:55 +0200
Subject: doc: improve action doc

---
 doc/rsyslog_conf_actions.html | 118 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 117 insertions(+), 1 deletion(-)

diff --git a/doc/rsyslog_conf_actions.html b/doc/rsyslog_conf_actions.html
index 0c7705f8..a468a403 100644
--- a/doc/rsyslog_conf_actions.html
+++ b/doc/rsyslog_conf_actions.html
@@ -3,6 +3,123 @@
 <body>
 <p>This is a part of the rsyslog.conf documentation.</p>
 <a href="rsyslog_conf.html">back</a>
+<h2>Actions</h2>
+The action describes what to do with a log message. In general, 
+message content is written to a kind of "logfile".
+But also other actions might be done, like writing to a database 
+table or forwarding to another host.<br>
+<br>
+There is a certain base format to configure a action that needs to follow
+either a selector or a filter. If no selector or filter is configured 
+before the action line begins, all messages will be used automatically.<br>
+<br>
+A action line could look like this</p>
+<p><code><b>*.auth action(type="omfwd" file="/var/log/auth")</b></code></p>
+<p>Or a little simpler</p>
+<p><code><b>action(type="omfwd" file="/var/log/auth")</b></code></p>
+<p> without a selector, which will execute the action for all messages.
+The command to initiate a action is always action().
+In the brackets you determine the parameters for the action, like type, 
+destination or special processing parameters. There are two types of action
+parameters. The first are the general action parameters described below. 
+The second type are the module instance parameters. They are described in
+the documentation of the respective module.</p>
+<h3>General Action Parameters</h3>
+<ul>
+	<li><strong>name</strong> word
+	<br>used primarily for documentation, e.g. when generating a configuration graph. </li>
+	<li><strong>type</strong> string
+	<br>Mandatory parameter for every action. The name of the module that should be used. </li>
+	<li><strong>action.writeallmarkmessages</strong> on/off
+	<br>[available since 5.1.5] - Normally, mark messages are written to actions only if the action was not recently executed (by default, recently means within the past 20 minutes). If this setting is switched to "on", mark messages are always sent to actions, no matter how recently they have been executed. In this mode, mark messages can be used as a kind of heartbeat. Note that this option auto-resets to "off", so if you intend to use it with multiple actions, it must be specified in front off all selector lines that should provide this functionality. </li>
+	<li><strong>action.execonlyeverynthtime</strong> integer
+	<br>If configured, the next action will only be executed every n-th time. For example, if configured to 3, the first two messages that go into the action will be dropped, the 3rd will actually cause the action to execute, the 4th and 5th will be dropped, the 6th executed under the action, ... and so on. Note: this setting is automatically re-set when the actual action is defined.</li>
+	<li><strong>action.execonlyeverynthtimeout</strong> integer
+	<br>Has a meaning only if Action.ExecOnlyEveryNthTime is also configured for the same action. If so, the timeout setting specifies after which period the counting of "previous actions" expires and a new action count is begun. Specify 0 (the default) to disable timeouts.
+Why is this option needed? Consider this case: a message comes in at, eg., 10am. That's count 1. Then, nothing happens for the next 10 hours. At 8pm, the next one occurs. That's count 2. Another 5 hours later, the next message occurs, bringing the total count to 3. Thus, this message now triggers the rule.
+The question is if this is desired behavior? Or should the rule only be triggered if the messages occur within an e.g. 20 minute window? If the later is the case, you need a
+<br>Action.ExecOnlyEveryNthTimeTimeout="1200"
+<br>This directive will timeout previous messages seen if they are older than 20 minutes. In the example above, the count would now be always 1 and consequently no rule would ever be triggered. </li>
+	<li><strong>action.execonlyonceeveryinterval</strong> integer
+	<br>Execute action only if the last execute is at last <seconds> seconds in the past (more info in ommail, but may be used with any action)</li>
+	<li><strong>action.execonlywhenpreviousissuspended</strong> on/off
+	<br>This directive allows to specify if actions should always be executed ("off," the default) or only if the previous action is suspended ("on"). This directive works hand-in-hand with the multiple actions per selector feature. It can be used, for example, to create rules that automatically switch destination servers or databases to a (set of) backup(s), if the primary server fails. Note that this feature depends on proper implementation of the suspend feature in the output module. All built-in output modules properly support it (most importantly the database write and the syslog message forwarder).</li>
+	<li><strong>action.repeatedmsgcontainsoriginalmsg</strong> on/off
+	<br>"last message repeated n times" messages, if generated, have a different format that contains the message that is being repeated. Note that only the first "n" characters are included, with n to be at least 80 characters, most probably more (this may change from version to version, thus no specific limit is given). The bottom line is that n is large enough to get a good idea which message was repeated but it is not necessarily large enough for the whole message. (Introduced with 4.1.5). Once set, it affects all following actions.</li>
+	<li><strong>action.resumeretrycount</strong> integer
+	<br>[default 0, -1 means eternal]</li>
+	<li><strong>action.resumeinterval</strong> integer
+	<br>Sets the ActionResumeInterval for the action. The interval provided is always in seconds. Thus, multiply by 60 if you need minutes and 3,600 if you need hours (not recommended).
+When an action is suspended (e.g. destination can not be connected), the action is resumed for the configured interval. Thereafter, it is retried. If multiple retires fail, the interval is automatically extended. This is to prevent excessive ressource use for retires. After each 10 retries, the interval is extended by itself. To be precise, the actual interval is (numRetries / 10 + 1) * Action.ResumeInterval. so after the 10th try, it by default is 60 and after the 100th try it is 330.</li>
+</ul>
+<h3>Action Queues</h3>
+<p>For some types of action it would make sense to have a queue ready which
+will "store" log messages on a interim basis to prevent message loss. This
+commonly applies to the forwarding kind of actions. Here is a list of Parameters
+that are used for a action queue. Queues are described in the <a href="queues.html">respective article</a>.</p>
+<ul>
+	<li><strong>Action.QueueCheckpointInterval</strong> number</li>
+	<li><strong>ActionQueueDequeueBatchSize </strong> number (default 16)</li>
+	<li><strong>ActionQueueDequeueSlowdown </strong> number
+	<br>number is timeout in microseconds (1000000us is 1sec!), default 0 (no delay). Simple rate-limiting!</li>
+	<li><strong>ActionQueueDiscardMark </strong>number (default 9750)</li>
+	<li><strong>ActionQueueDiscardSeverity </strong>number
+	<br>*numerical* severity! default 8 (nothing discarded)</li>
+	<li><strong>ActionQueueFileName </strong>name</li>
+	<li><strong>ActionQueueHighWaterMark </strong>number (default 8000)</li>
+	<li><strong>ActionQueueImmediateShutdown </strong> on/<b>off</b></li>
+	<li><strong>ActionQueueSize </strong> number</li>
+	<li><strong>ActionQueueLowWaterMark </strong> number (default 2000)</li>
+	<li><strong>ActionQueueMaxFileSize </strong>size_nbr (default 1m)</li>
+	<li><strong>ActionQueueTimeoutActionCompletion </strong>number
+	<br>number is timeout in ms (1000ms is 1sec!), default 1000, 0 means immediate!</li>
+	<li><strong>ActionQueueTimeoutEnqueue </strong>number
+	<br>number is timeout in ms (1000ms is 1sec!), default 2000, 0 means indefinite</li>
+	<li><strong>ActionQueueTimeoutShutdown </strong> number
+	<br>number is timeout in ms (1000ms is 1sec!), default 0 (indefinite)</li>
+	<li><strong>ActionQueueWorkerTimeoutThreadShutdown </strong>number
+	<br>number is timeout in ms (1000ms is 1sec!), default 60000 (1 minute)</li>
+	<li><strong>ActionQueueType </strong>FixedArray/LinkedList/<b>Direct</b>/Disk</li>
+	<li><strong>ActionQueueSaveOnShutdown  </strong>on/<b>off</b></li>
+	<li><strong>ActionQueueWorkerThreads </strong>number
+	<br>number of worker threads, default 1, recommended 1</li>
+	<li><strong>ActionQueueWorkerThreadMinumumMessages </strong>number (default 100)</li>
+</ul>
+<h3>Multiple Actions</h3>
+<p>You can have multiple actions for a single selector  (or more precisely 
+a single filter of such a selector line). Each action must be called with 
+it's own action() statement and must all be enclosed by square brackets. 
+An example would be</p>
+<p><code>*.=crit[
+<br>action(type="omfwd" target="10.10.10.1" port="514" transport="udp")
+<br>action(type="omusrmsg" user="rger")
+<br>action(type="omfile" file="/var/log/critmsgs")
+<br>]</code></p>
+<p>These three lines send critical messages to  a host via UDP, the user rger
+and also store them in /var/log/critmsgs. Using multiple actions per selector
+is convenient and also offers a performance benefit. As the filter needs to 
+be evaluated only once, there is less computation required to process 
+the directive</p>
+<h3>Stop/Discard</h3>
+<p>The stop action is no real action. It is basically a trigger to stop
+processing of the message. Though, it is basically used instead of action()
+in a selector line. For obvious reasons, the result of "stop" is depending
+on where in the configuration it is used. Please note, that once processing 
+of a message has been stopped, there is no way to retrieve it in later
+configuration file lines. <br>
+<br>
+Stop can be highly effective if you want to filter out some annoying 
+messages that otherwise would fill your log files. To do that, place the 
+discard actions early in your log files. This often plays well with 
+property-based filters, giving you great freedom in specifying what you 
+do not want.<br>
+<br>
+It can be used like this:</p>
+<p><code>Stop</code></p>
+<p>Here, processing for all messages will be stopped and the messages will
+be discarded. Though, using it this way is obviously stupid, especially at
+the beginning of the configuration.</p>
+
 <h2>Actions (legacy format)</h2>
 <p>The action field of a rule describes what to do with the
 message. In general, message content is written to a kind of "logfile".
@@ -331,7 +448,6 @@ one template name for each given action. The default template is
 specific to each action. For a description of what a template is and
 what you can do with it, see "TEMPLATES" at the top of this document.</p>
 
-
 <p>[<a href="manual.html">manual index</a>]
 [<a href="rsyslog_conf.html">rsyslog.conf</a>]
 [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p>
-- 
cgit v1.2.3


From 1f3b2e2c74dad8ac0eb554372e4128b65ae8e772 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Wed, 17 Apr 2013 09:42:05 +0200
Subject: doc: further improve action doc

---
 doc/rsyslog_conf_actions.html | 167 +++++++++++++++---------------------------
 1 file changed, 60 insertions(+), 107 deletions(-)

diff --git a/doc/rsyslog_conf_actions.html b/doc/rsyslog_conf_actions.html
index a468a403..fa240d97 100644
--- a/doc/rsyslog_conf_actions.html
+++ b/doc/rsyslog_conf_actions.html
@@ -4,129 +4,82 @@
 <p>This is a part of the rsyslog.conf documentation.</p>
 <a href="rsyslog_conf.html">back</a>
 <h2>Actions</h2>
-The action describes what to do with a log message. In general, 
-message content is written to a kind of "logfile".
-But also other actions might be done, like writing to a database 
-table or forwarding to another host.<br>
-<br>
-There is a certain base format to configure a action that needs to follow
-either a selector or a filter. If no selector or filter is configured 
-before the action line begins, all messages will be used automatically.<br>
-<br>
-A action line could look like this</p>
-<p><code><b>*.auth action(type="omfwd" file="/var/log/auth")</b></code></p>
-<p>Or a little simpler</p>
-<p><code><b>action(type="omfwd" file="/var/log/auth")</b></code></p>
-<p> without a selector, which will execute the action for all messages.
-The command to initiate a action is always action().
-In the brackets you determine the parameters for the action, like type, 
-destination or special processing parameters. There are two types of action
-parameters. The first are the general action parameters described below. 
-The second type are the module instance parameters. They are described in
-the documentation of the respective module.</p>
+Action object describe what is to be done with a message. They are
+implemented via <a href="rsyslog_conf_modules.html#om">outpout modules</a>.
+<p>The action object has different parameters:
+<ul>
+<li>those that apply to all actions and are action specific. These
+    are documented below.
+<li>parameters for the action queue. While they also apply to 
+    all parameters, they are queue-specific, not action-specific (they
+    are the same that are used in rulesets, for example).
+<li>action-specific parameters. These are specific to a certain
+    type of actions. They are documented by the output module
+    in question.
+</ul>
 <h3>General Action Parameters</h3>
 <ul>
-	<li><strong>name</strong> word
-	<br>used primarily for documentation, e.g. when generating a configuration graph. </li>
-	<li><strong>type</strong> string
+	<li><b>name</b> word
+	<br>used for statistics gathering and documentation
+	<li><b>type</b> string
 	<br>Mandatory parameter for every action. The name of the module that should be used. </li>
-	<li><strong>action.writeallmarkmessages</strong> on/off
-	<br>[available since 5.1.5] - Normally, mark messages are written to actions only if the action was not recently executed (by default, recently means within the past 20 minutes). If this setting is switched to "on", mark messages are always sent to actions, no matter how recently they have been executed. In this mode, mark messages can be used as a kind of heartbeat. Note that this option auto-resets to "off", so if you intend to use it with multiple actions, it must be specified in front off all selector lines that should provide this functionality. </li>
-	<li><strong>action.execonlyeverynthtime</strong> integer
+	<li><b>action.writeAllMarkMessages</b> on/off
+	<br>Normally, mark messages are written to actions only if the action was not recently executed (by default, recently means within the past 20 minutes). If this setting is switched to "on", mark messages are always sent to actions, no matter how recently they have been executed. In this mode, mark messages can be used as a kind of heartbeat. Note that this option auto-resets to "off", so if you intend to use it with multiple actions, it must be specified in front off all selector lines that should provide this functionality. </li>
+	<li><b>action.execOnlyEveryNthTime</b> integer
 	<br>If configured, the next action will only be executed every n-th time. For example, if configured to 3, the first two messages that go into the action will be dropped, the 3rd will actually cause the action to execute, the 4th and 5th will be dropped, the 6th executed under the action, ... and so on. Note: this setting is automatically re-set when the actual action is defined.</li>
-	<li><strong>action.execonlyeverynthtimeout</strong> integer
+	<li><b>action.execOnlyEveryNthTimeout</b> integer
 	<br>Has a meaning only if Action.ExecOnlyEveryNthTime is also configured for the same action. If so, the timeout setting specifies after which period the counting of "previous actions" expires and a new action count is begun. Specify 0 (the default) to disable timeouts.
 Why is this option needed? Consider this case: a message comes in at, eg., 10am. That's count 1. Then, nothing happens for the next 10 hours. At 8pm, the next one occurs. That's count 2. Another 5 hours later, the next message occurs, bringing the total count to 3. Thus, this message now triggers the rule.
 The question is if this is desired behavior? Or should the rule only be triggered if the messages occur within an e.g. 20 minute window? If the later is the case, you need a
 <br>Action.ExecOnlyEveryNthTimeTimeout="1200"
 <br>This directive will timeout previous messages seen if they are older than 20 minutes. In the example above, the count would now be always 1 and consequently no rule would ever be triggered. </li>
-	<li><strong>action.execonlyonceeveryinterval</strong> integer
+	<li><b>action.execOnlyOnceEveryInterval</b> integer
 	<br>Execute action only if the last execute is at last <seconds> seconds in the past (more info in ommail, but may be used with any action)</li>
-	<li><strong>action.execonlywhenpreviousissuspended</strong> on/off
+	<li><b>action.execOnlyWhenpReviousIsSuspended</b> on/off
 	<br>This directive allows to specify if actions should always be executed ("off," the default) or only if the previous action is suspended ("on"). This directive works hand-in-hand with the multiple actions per selector feature. It can be used, for example, to create rules that automatically switch destination servers or databases to a (set of) backup(s), if the primary server fails. Note that this feature depends on proper implementation of the suspend feature in the output module. All built-in output modules properly support it (most importantly the database write and the syslog message forwarder).</li>
-	<li><strong>action.repeatedmsgcontainsoriginalmsg</strong> on/off
+	<li><b>action.repeatedmsgcontainsoriginalmsg</b> on/off
 	<br>"last message repeated n times" messages, if generated, have a different format that contains the message that is being repeated. Note that only the first "n" characters are included, with n to be at least 80 characters, most probably more (this may change from version to version, thus no specific limit is given). The bottom line is that n is large enough to get a good idea which message was repeated but it is not necessarily large enough for the whole message. (Introduced with 4.1.5). Once set, it affects all following actions.</li>
-	<li><strong>action.resumeretrycount</strong> integer
+	<li><b>action.resumeRetryCount</b> integer
 	<br>[default 0, -1 means eternal]</li>
-	<li><strong>action.resumeinterval</strong> integer
+	<li><b>action.resumeInterval</b> integer
 	<br>Sets the ActionResumeInterval for the action. The interval provided is always in seconds. Thus, multiply by 60 if you need minutes and 3,600 if you need hours (not recommended).
 When an action is suspended (e.g. destination can not be connected), the action is resumed for the configured interval. Thereafter, it is retried. If multiple retires fail, the interval is automatically extended. This is to prevent excessive ressource use for retires. After each 10 retries, the interval is extended by itself. To be precise, the actual interval is (numRetries / 10 + 1) * Action.ResumeInterval. so after the 10th try, it by default is 60 and after the 100th try it is 330.</li>
 </ul>
-<h3>Action Queues</h3>
-<p>For some types of action it would make sense to have a queue ready which
-will "store" log messages on a interim basis to prevent message loss. This
-commonly applies to the forwarding kind of actions. Here is a list of Parameters
-that are used for a action queue. Queues are described in the <a href="queues.html">respective article</a>.</p>
-<ul>
-	<li><strong>Action.QueueCheckpointInterval</strong> number</li>
-	<li><strong>ActionQueueDequeueBatchSize </strong> number (default 16)</li>
-	<li><strong>ActionQueueDequeueSlowdown </strong> number
-	<br>number is timeout in microseconds (1000000us is 1sec!), default 0 (no delay). Simple rate-limiting!</li>
-	<li><strong>ActionQueueDiscardMark </strong>number (default 9750)</li>
-	<li><strong>ActionQueueDiscardSeverity </strong>number
-	<br>*numerical* severity! default 8 (nothing discarded)</li>
-	<li><strong>ActionQueueFileName </strong>name</li>
-	<li><strong>ActionQueueHighWaterMark </strong>number (default 8000)</li>
-	<li><strong>ActionQueueImmediateShutdown </strong> on/<b>off</b></li>
-	<li><strong>ActionQueueSize </strong> number</li>
-	<li><strong>ActionQueueLowWaterMark </strong> number (default 2000)</li>
-	<li><strong>ActionQueueMaxFileSize </strong>size_nbr (default 1m)</li>
-	<li><strong>ActionQueueTimeoutActionCompletion </strong>number
-	<br>number is timeout in ms (1000ms is 1sec!), default 1000, 0 means immediate!</li>
-	<li><strong>ActionQueueTimeoutEnqueue </strong>number
-	<br>number is timeout in ms (1000ms is 1sec!), default 2000, 0 means indefinite</li>
-	<li><strong>ActionQueueTimeoutShutdown </strong> number
-	<br>number is timeout in ms (1000ms is 1sec!), default 0 (indefinite)</li>
-	<li><strong>ActionQueueWorkerTimeoutThreadShutdown </strong>number
-	<br>number is timeout in ms (1000ms is 1sec!), default 60000 (1 minute)</li>
-	<li><strong>ActionQueueType </strong>FixedArray/LinkedList/<b>Direct</b>/Disk</li>
-	<li><strong>ActionQueueSaveOnShutdown  </strong>on/<b>off</b></li>
-	<li><strong>ActionQueueWorkerThreads </strong>number
-	<br>number of worker threads, default 1, recommended 1</li>
-	<li><strong>ActionQueueWorkerThreadMinumumMessages </strong>number (default 100)</li>
-</ul>
-<h3>Multiple Actions</h3>
-<p>You can have multiple actions for a single selector  (or more precisely 
-a single filter of such a selector line). Each action must be called with 
-it's own action() statement and must all be enclosed by square brackets. 
-An example would be</p>
-<p><code>*.=crit[
-<br>action(type="omfwd" target="10.10.10.1" port="514" transport="udp")
-<br>action(type="omusrmsg" user="rger")
-<br>action(type="omfile" file="/var/log/critmsgs")
-<br>]</code></p>
-<p>These three lines send critical messages to  a host via UDP, the user rger
-and also store them in /var/log/critmsgs. Using multiple actions per selector
-is convenient and also offers a performance benefit. As the filter needs to 
-be evaluated only once, there is less computation required to process 
-the directive</p>
-<h3>Stop/Discard</h3>
-<p>The stop action is no real action. It is basically a trigger to stop
-processing of the message. Though, it is basically used instead of action()
-in a selector line. For obvious reasons, the result of "stop" is depending
-on where in the configuration it is used. Please note, that once processing 
-of a message has been stopped, there is no way to retrieve it in later
-configuration file lines. <br>
-<br>
-Stop can be highly effective if you want to filter out some annoying 
-messages that otherwise would fill your log files. To do that, place the 
-discard actions early in your log files. This often plays well with 
-property-based filters, giving you great freedom in specifying what you 
-do not want.<br>
-<br>
-It can be used like this:</p>
-<p><code>Stop</code></p>
-<p>Here, processing for all messages will be stopped and the messages will
-be discarded. Though, using it this way is obviously stupid, especially at
-the beginning of the configuration.</p>
 
-<h2>Actions (legacy format)</h2>
-<p>The action field of a rule describes what to do with the
-message. In general, message content is written to a kind of "logfile".
-But also other actions might be done, like writing to a database table
-or forwarding to another host.<br>
-<br>
-Templates can be used with all actions. If used, the specified template
+
+<h2>Legacy Format</h2>
+<p><b>Be warned that legacy action format is hard to get right. It is
+recommended to use RainerScript-Style action format whenever possible!</b>
+A key problem with legacy format is that a single action is defined via
+multiple configurations lines, which may be spread all across rsyslog.conf.
+Even the definition of multiple actions may be intermixed (often not
+intentional!). If legacy actions format needs to be used (e.g. some modules
+may not yet implement the RainerScript format), it is strongly recommended
+to place all configuration statements pertaining to a single action
+closely together.
+<p>Please also note that legacy action parameters <b>do not</b> affect
+RainerScript action objects. So if you define for example:
+
+<code><pre>
+$actionResumeRetryCount 10
+action(type="omfwd" target="server1.example.net")
+@@server2.example.net
+</pre></code>
+
+server1's "action.resumeRetryCount" parameter is <b>not</b> set, instead
+server2's is!
+<p>A goal of the new RainerScript action format was to avoid confusion
+which parameters are actually used. As such, it would be counter-productive
+to honor legacy action parameters inside a RainerScript definition. As 
+result, both types of action definitions are strictly (and nicely)
+separated from each other. The bottom line is that if RainerScript actions
+are used, one does not need to care about which legacy action parameters may 
+(still...) be in effect.
+<p>
+<p>Note that not all modules necessarily support legacy action format.
+Especially newer modules are recommended to NOT support it.
+<h3>Legacy Description</h3>
+<p>Templates can be used with many actions. If used, the specified template
 is used to generate the message content (instead of the default
 template). To specify a template, write a semicolon after the action
 value immediately followed by the template name.<br>
@@ -453,7 +406,7 @@ what you can do with it, see "TEMPLATES" at the top of this document.</p>
 [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p>
 <p><font size="2">This documentation is part of the
 <a href="http://www.rsyslog.com/">rsyslog</a> project.<br>
-Copyright &copy; 2008-2011 by <a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> and
+Copyright &copy; 2008-2013 by <a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> and
 <a href="http://www.adiscon.com/">Adiscon</a>. Released under the GNU GPL
 version 2 or higher.</font></p>
 </body>
-- 
cgit v1.2.3


From adc8d626535c7c79d723ea2a84146b6c1856316f Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Wed, 17 Apr 2013 10:49:09 +0200
Subject: prepare for 7.2.7 release

---
 ChangeLog       | 2 +-
 configure.ac    | 2 +-
 doc/manual.html | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 0fe084ee..36187cdd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,5 @@
 ----------------------------------------------------------------------------
-Version 7.2.7  [v7-stable] 2013-03-??
+Version 7.2.7  [v7-stable] 2013-04-17
 - rsyslogd startup information is now properly conveyed back to init
   when privileges are beging dropped
   Actually, we have moved termination of the parent in front of the
diff --git a/configure.ac b/configure.ac
index 1df9e7d4..3be549e3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ(2.61)
-AC_INIT([rsyslog],[7.2.6],[rsyslog@lists.adiscon.com])
+AC_INIT([rsyslog],[7.2.7],[rsyslog@lists.adiscon.com])
 AM_INIT_AUTOMAKE
 
 m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
diff --git a/doc/manual.html b/doc/manual.html
index 8b54bd0b..fc14031f 100644
--- a/doc/manual.html
+++ b/doc/manual.html
@@ -19,7 +19,7 @@ rsyslog support</a> available directly from the source!</p>
 <p><b>Please visit the <a href="http://www.rsyslog.com/sponsors">rsyslog sponsor's page</a>
 to honor the project sponsors or become one yourself!</b> We are very grateful for any help towards the
 project goals.</p>
-<p><b>This documentation is for version 7.2.6 (v7.2-stable branch) of rsyslog.</b>
+<p><b>This documentation is for version 7.2.7 (v7.2-stable branch) of rsyslog.</b>
 Visit the <i><a href="http://www.rsyslog.com/status">rsyslog status page</a></i></b>
 to obtain current version information and project status.
 </p><p><b>If you like rsyslog, you might
-- 
cgit v1.2.3