2 files changed, 94 insertions, 18 deletions

diff --git a/tools/omfile.c b/tools/omfile.c
index 2499680d..424dd70f 100644
--- a/tools/omfile.c
+++ b/tools/omfile.c
@@ -123,7 +123,7 @@ static uid_t	dirGID;		/* GID to be used for newly created directories */
 static int	bCreateDirs = 1;/* auto-create directories for dynaFiles: 0 - no, 1 - yes */
 static int	bEnableSync = 0;/* enable syncing of files (no dash in front of pathname in conf): 0 - no, 1 - yes */
 static int	iZipLevel = 0;	/* zip compression mode (0..9 as usual) */
-static bool	bFlushOnTXEnd = 1;/* flush write buffers when transaction has ended? */
+static sbool	bFlushOnTXEnd = 1;/* flush write buffers when transaction has ended? */
 static int64	iIOBufSize = IOBUF_DFLT_SIZE;	/* size of an io buffer */
 static int	iFlushInterval = FLUSH_INTRVL_DFLT; 	/* how often flush the output buffer on inactivity? */
 uchar	*pszFileDfltTplName = NULL; /* name of the default template to use */
@@ -139,7 +139,7 @@ typedef struct _instanceData {
 	int	fDirCreateMode;	/* creation mode for mkdir() */
 	int	bCreateDirs;	/* auto-create directories? */
 	int	bSyncFile;	/* should the file by sync()'ed? 1- yes, 0- no */
-	bool	bForceChown;	/* force chown() on existing files? */
+	sbool	bForceChown;	/* force chown() on existing files? */
 	uid_t	fileUID;	/* IDs for creation */
 	uid_t	dirUID;
 	gid_t	fileGID;
@@ -158,7 +158,7 @@ typedef struct _instanceData {
 	int 	iZipLevel;		/* zip mode to use for this selector */
 	int	iIOBufSize;		/* size of associated io buffer */
 	int	iFlushInterval;		/* how fast flush buffer on inactivity? */
-	bool	bFlushOnTXEnd;		/* flush write buffers when transaction has ended? */
+	sbool	bFlushOnTXEnd;		/* flush write buffers when transaction has ended? */
 } instanceData;
 
 
diff --git a/tools/syslogd.c b/tools/syslogd.c
index b0a5b3ad..1ba3ef2b 100644
--- a/tools/syslogd.c
+++ b/tools/syslogd.c
@@ -574,7 +574,7 @@ logmsgInternal(int iErr, int pri, uchar *msg, int flags)
 	 * permits us to process unmodified config files which otherwise contain a
 	 * supressor statement.
 	 */
-	if(((Debug || NoFork) && bErrMsgToStderr) || iConfigVerify) {
+	if(((Debug == DEBUG_FULL || NoFork) && bErrMsgToStderr) || iConfigVerify) {
 		if(LOG_PRI(pri) == LOG_ERR)
 			fprintf(stderr, "rsyslogd: %s\n", msg);
 	}
@@ -591,6 +591,82 @@ finalize_it:
 	RETiRet;
 }
 
+/* check message against ACL set
+ * rgerhards, 2009-11-16
+ */
+#if 0
+static inline rsRetVal
+chkMsgAgainstACL() {
+	/* if we reach this point, we had a good receive and can process the packet received */
+	/* check if we have a different sender than before, if so, we need to query some new values */
+	if(net.CmpHost(&frominet, frominetPrev, socklen) != 0) {
+		CHKiRet(net.cvthname(&frominet, fromHost, fromHostFQDN, fromHostIP));
+		memcpy(frominetPrev, &frominet, socklen); /* update cache indicator */
+		/* Here we check if a host is permitted to send us
+		* syslog messages. If it isn't, we do not further
+		* process the message but log a warning (if we are
+		* configured to do this).
+		* rgerhards, 2005-09-26
+		*/
+		*pbIsPermitted = net.isAllowedSender((uchar*)"UDP",
+						    (struct sockaddr *)&frominet, (char*)fromHostFQDN);
+
+		if(!*pbIsPermitted) {
+			DBGPRINTF("%s is not an allowed sender\n", (char*)fromHostFQDN);
+			if(glbl.GetOption_DisallowWarning) {
+				time_t tt;
+
+				datetime.GetTime(&tt);
+				if(tt > ttLastDiscard + 60) {
+					ttLastDiscard = tt;
+					errmsg.LogError(0, NO_ERRCODE,
+					"UDP message from disallowed sender %s discarded",
+					(char*)fromHost);
+				}
+			}
+		}
+	}
+}
+#endif
+
+
+/* consumes a single messages - this function is primarily used to shuffle
+ * out some code from msgConsumer(). After this function, the message is
+ * (by definition!) considered committed.
+ * rgerhards, 2009-11-16
+ */
+static inline rsRetVal
+msgConsumeOne(msg_t *pMsg, prop_t **propFromHost, prop_t **propFromHostIP) {
+	uchar fromHost[NI_MAXHOST];
+	uchar fromHostIP[NI_MAXHOST];
+	uchar fromHostFQDN[NI_MAXHOST];
+	int bIsPermitted;
+	DEFiRet;
+
+	if((pMsg->msgFlags & NEEDS_ACLCHK_U) != 0) {
+		dbgprintf("msgConsumer: UDP ACL must be checked for message (hostname-based)\n");
+		CHKiRet(net.cvthname(pMsg->rcvFrom.pfrominet, fromHost, fromHostFQDN, fromHostIP));
+		bIsPermitted = net.isAllowedSender2((uchar*)"UDP",
+		    (struct sockaddr *)pMsg->rcvFrom.pfrominet, (char*)fromHostFQDN, 1);
+		if(!bIsPermitted) {
+			DBGPRINTF("Message from '%s' discarded, not a permitted sender host\n",
+				  fromHostFQDN);
+			ABORT_FINALIZE(RS_RET_ERR);
+		/* save some of the info we obtained */
+		MsgSetRcvFromStr(pMsg, fromHost, ustrlen(fromHost), propFromHost);
+		CHKiRet(MsgSetRcvFromIPStr(pMsg, fromHostIP, ustrlen(fromHostIP), propFromHostIP));
+		pMsg->msgFlags &= ~NEEDS_ACLCHK_U;
+		}
+	}
+
+	if((pMsg->msgFlags & NEEDS_PARSING) != 0)
+		CHKiRet(parser.ParseMsg(pMsg));
+
+	ruleset.ProcessMsg(pMsg);
+finalize_it:
+	RETiRet;
+}
+
 
 /* The consumer of dequeued messages. This function is called by the
  * queue engine on dequeueing of a message. It runs on a SEPARATE
@@ -602,26 +678,22 @@ static rsRetVal
 msgConsumer(void __attribute__((unused)) *notNeeded, batch_t *pBatch, int *pbShutdownImmediate)
 {
 	int i;
-	msg_t *pMsg;
-	rsRetVal localRet;
+	prop_t *propFromHost = NULL;
+	prop_t *propFromHostIP = NULL;
 	DEFiRet;
 
 	assert(pBatch != NULL);
 
 	for(i = 0 ; i < pBatch->nElem  && !*pbShutdownImmediate ; i++) {
-		pMsg = (msg_t*) pBatch->pElem[i].pUsrp;
 		DBGPRINTF("msgConsumer processes msg %d/%d\n", i, pBatch->nElem);
-		if((pMsg->msgFlags & NEEDS_PARSING) != 0) {
-			localRet = parser.ParseMsg(pMsg);
-			if(localRet == RS_RET_OK)
-				ruleset.ProcessMsg(pMsg);
-		} else {
-			ruleset.ProcessMsg(pMsg);
-		}
-		/* if we reach this point, the message is considered committed (by definition!) */
+		msgConsumeOne((msg_t*) pBatch->pElem[i].pUsrp, &propFromHost, &propFromHostIP);
 		pBatch->pElem[i].state = BATCH_STATE_COMM;
 	}
 
+	if(propFromHost != NULL)
+		prop.Destruct(&propFromHost);
+	if(propFromHostIP != NULL)
+		prop.Destruct(&propFromHostIP);
 	RETiRet;
 }
 
@@ -910,9 +982,10 @@ static void doDie(int sig)
 	static int iRetries = 0; /* debug aid */
 	dbgprintf(MSG1);
 	if(Debug)
+	if(Debug == DEBUG_FULL)
 		write(1, MSG1, sizeof(MSG1) - 1);
 	if(iRetries++ == 4) {
-		if(Debug)
+		if(Debug == DEBUG_FULL)
 			write(1, MSG2, sizeof(MSG2) - 1);
 		abort();
 	}
@@ -1091,6 +1164,9 @@ static rsRetVal setMaxFiles(void __attribute__((unused)) *pVal, int iFiles)
 				iFiles, errStr, (long) maxFiles.rlim_max);
 		ABORT_FINALIZE(RS_RET_ERR_RLIM_NOFILE);
 	}
+#ifdef USE_UNLIMITED_SELECT
+	glbl.SetFdSetSize(howmany(iFiles, __NFDBITS) * sizeof (fd_mask));
+#endif
 	DBGPRINTF("Max number of files set to %d [kernel max %ld].\n", iFiles, (long) maxFiles.rlim_max);
 
 finalize_it:
@@ -2102,7 +2178,7 @@ static rsRetVal mainThread()
 	 * is still in its infancy (and not really done), we currently accept this issue.
 	 * rgerhards, 2009-06-29
 	 */
-	if(!(Debug || NoFork)) {
+	if(!(Debug == DEBUG_FULL || NoFork)) {
 		close(1);
 		close(2);
 		bErrMsgToStderr = 0;
@@ -2294,7 +2370,7 @@ doGlblProcessInit(void)
 
 	thrdInit();
 
-	if( !(Debug || NoFork) )
+	if( !(Debug == DEBUG_FULL || NoFork) )
 	{
 		DBGPRINTF("Checking pidfile.\n");
 		if (!check_pid(PidFile))