diff -NaBbur stunnel-3.8p4-orig/common.h stunnel-3.8p4/common.h --- stunnel-3.8p4-orig/common.h Sun Jun 25 17:58:24 2000 +++ stunnel-3.8p4/common.h Mon Sep 25 14:26:41 2000 @@ -106,6 +106,25 @@ #endif #include +/* Supported syslog facilities. */ +typedef enum { + SYSLOG_FACILITY_DAEMON, + SYSLOG_FACILITY_USER, + SYSLOG_FACILITY_AUTHPRIV, + SYSLOG_FACILITY_AUTH, + SYSLOG_FACILITY_MAIL, + SYSLOG_FACILITY_NEWS, + SYSLOG_FACILITY_CRON, + SYSLOG_FACILITY_LOCAL0, + SYSLOG_FACILITY_LOCAL1, + SYSLOG_FACILITY_LOCAL2, + SYSLOG_FACILITY_LOCAL3, + SYSLOG_FACILITY_LOCAL4, + SYSLOG_FACILITY_LOCAL5, + SYSLOG_FACILITY_LOCAL6, + SYSLOG_FACILITY_LOCAL7, + SYSLOG_FACILITY_NONE +} SyslogFacility; #endif /* USE_WIN32 */ @@ -173,6 +192,7 @@ int random_bytes; /* how many random bytes to read */ char *pid_dir; int cert_defaults; + SyslogFacility debug_facility; /* defaults to SYSLOG_FACILITY_DAEMON */ } server_options; /* Prototypes for stunnel.c */ @@ -196,6 +216,12 @@ void log_open(); void log_close(); void log(int, char *, ...); +/* name to facility convertor */ +SyslogFacility log_facility_number(char *name); +/* facility to name convertor */ +char *log_facility_name(SyslogFacility val); +/* facility to syslog.h convertor */ +int log_facility_sysval(SyslogFacility val); /* Prototypes for sthreads.c */ diff -NaBbur stunnel-3.8p4-orig/log.c stunnel-3.8p4/log.c --- stunnel-3.8p4-orig/log.c Mon Feb 14 11:16:02 2000 +++ stunnel-3.8p4/log.c Mon Sep 25 14:27:08 2000 @@ -21,9 +21,65 @@ #include "common.h" #include #include +#include extern server_options options; +/* textual representation of log-facilities/levels */ +static struct { + char *name; + int sysval; + SyslogFacility val; +} log_facilities[] = { +#ifdef LOG_DAEMON + { "DAEMON", LOG_DAEMON, SYSLOG_FACILITY_DAEMON }, +#endif +#ifdef LOG_USER + { "USER", LOG_USER, SYSLOG_FACILITY_USER }, +#endif +#ifdef LOG_AUTHPRIV + { "AUTHPRIV", LOG_AUTHPRIV, SYSLOG_FACILITY_AUTHPRIV }, +#endif +#ifdef LOG_AUTH + { "AUTH", LOG_AUTH, SYSLOG_FACILITY_AUTH }, +#endif +#ifdef LOG_MAIL + { "MAIL", LOG_MAIL, SYSLOG_FACILITY_MAIL }, +#endif +#ifdef LOG_NEWS + { "NEWS", LOG_NEWS, SYSLOG_FACILITY_NEWS }, +#endif +#ifdef LOG_CRON + { "CRON", LOG_CRON, SYSLOG_FACILITY_CRON }, +#endif +#ifdef LOG_LOCAL0 + { "LOCAL0", LOG_LOCAL0, SYSLOG_FACILITY_LOCAL0 }, +#endif +#ifdef LOG_LOCAL1 + { "LOCAL1", LOG_LOCAL1, SYSLOG_FACILITY_LOCAL1 }, +#endif +#ifdef LOG_LOCAL2 + { "LOCAL2", LOG_LOCAL2, SYSLOG_FACILITY_LOCAL2 }, +#endif +#ifdef LOG_LOCAL3 + { "LOCAL3", LOG_LOCAL3, SYSLOG_FACILITY_LOCAL3 }, +#endif +#ifdef LOG_LOCAL4 + { "LOCAL4", LOG_LOCAL4, SYSLOG_FACILITY_LOCAL4 }, +#endif +#ifdef LOG_LOCAL5 + { "LOCAL5", LOG_LOCAL5, SYSLOG_FACILITY_LOCAL5 }, +#endif +#ifdef LOG_LOCAL6 + { "LOCAL6", LOG_LOCAL6, SYSLOG_FACILITY_LOCAL6 }, +#endif +#ifdef LOG_LOCAL7 + { "LOCAL7", LOG_LOCAL7, SYSLOG_FACILITY_LOCAL7 }, +#endif + { NULL, -1, SYSLOG_FACILITY_NONE } +}; + + #ifdef USE_WIN32 void log_open() @@ -41,7 +97,7 @@ #ifdef __ultrix__ openlog("stunnel", LOG_PID); #else - openlog("stunnel", LOG_CONS | LOG_NDELAY | LOG_PID, LOG_DAEMON); + openlog("stunnel", LOG_CONS | LOG_NDELAY | LOG_PID, log_facility_sysval(op tions.debug_facility)); #endif /* __ultrix__ */ } @@ -75,4 +131,45 @@ level, process_id(), thread_id(), text); fflush(stderr); } + +/* find "our" log facility for a given logical name */ +SyslogFacility log_facility_number(char *name) +{ + int i; + if (name != NULL) + for (i = 0; log_facilities[i].name; i++) + if (strcasecmp(log_facilities[i].name, name) == 0) + return (log_facilities[i].val); + return (SYSLOG_FACILITY_NONE); +} + +/* find logical name for "our" log facility */ +char *log_facility_name(SyslogFacility val) +{ + int i; + if (&val != NULL) + for (i = 0; log_facilities[i].name; i++) { + if (log_facilities[i].val == val) + return (log_facilities[i].name); + } + return (NULL); +} + +/* map "our" syslog facility onto facilities from syslog.h */ +int log_facility_sysval(SyslogFacility val) +{ + int i; + if (&val != NULL) + for (i = 0; log_facilities[i].name; i++) { + if (log_facilities[i].val == val) + return log_facilities[i].sysval; + } + return (-1); +} + + + + + + diff -NaBbur stunnel-3.8p4-orig/stunnel.8.in stunnel-3.8p4/stunnel.8.in --- stunnel-3.8p4-orig/stunnel.8.in Sat Jun 24 17:37:59 2000 +++ stunnel-3.8p4/stunnel.8.in Mon Sep 25 16:23:45 2000 @@ -4,7 +4,7 @@ .SH SYNOPSIS .B stunnel [-c | -T] -[-D level] +[-D { facility | level | facility.level }] [-C cipherlist] [-p pemfile] [-v level] @@ -46,11 +46,15 @@ .B -V Print stunnel version and compile time defaults .PP -.B -D level -Debugging level +.B -D { facility | level | facility.level } +Debugging facility and level .RS -Level is a number between 0 (no logging at all) and 7 (show -lots of debugging info) +Level is a number between 0 (no logging at all) and 7 (show lots of +debugging info); facility is the name of a syslog(3) facility to which +logging info should be written. Default is "daemon"; other +possibilities may include mail, cron, news, auth, local[0-7], or kern. +Facility names are not case-sensitive. Implementation varies by host +operating system -- some facilities may not be available. .RE .PP .B -C cipherlist @@ -251,6 +255,15 @@ .RS .nf stunnel -d 2020 -L /usr/sbin/pppd -- pppd local +.fi +.RE +.PP +If you want to provide tunneling to your newsserver, and get verbose +logging under the NEWS facility for syslogd(8), use something like +.sp +.RS +.nf +stunnel -D news.7 -d 563 -r localhost:nntp .fi .RE diff -NaBbur stunnel-3.8p4-orig/stunnel.c stunnel-3.8p4/stunnel.c --- stunnel-3.8p4-orig/stunnel.c Sun Jun 25 17:58:34 2000 +++ stunnel-3.8p4/stunnel.c Mon Sep 25 15:50:53 2000 @@ -228,6 +228,7 @@ options.verify_level=0x00; /* SSL_VERIFY_NONE */ options.verify_use_only_my=0; options.debug_level=5; + options.debug_facility=SYSLOG_FACILITY_DAEMON; options.session_timeout=300; options.cipher_list=NULL; options.username=NULL; @@ -366,11 +368,31 @@ options.cipher_list=optarg; break; case 'D': - if(optarg[0]<'0' || optarg[0]>'7' || optarg[1]!='\0') { - log(LOG_ERR, "Illegal debug level: %s", optarg); + /* new functionality (adapted from syslog_fac_olc.patch) + facility.level syntax OLC 9/25/2000 + */ + tmpstr=optarg; + if (strlen(optarg) > 1) { + if ((tmpstr=index(optarg, '.'))) { + *tmpstr++='\0'; /* point tmpstr at piece of optarg past delim and replace delim with EOS */ + options.debug_facility=log_facility_number(optarg); + } + else { + options.debug_facility=log_facility_number(optarg); + } + if (options.debug_facility == SYSLOG_FACILITY_NONE) { + log(LOG_ERR, "-D: Unrecognized/unused log facility \"%s\"", o ptarg); print_help(); } - options.debug_level=optarg[0]-'0'; + } + if (tmpstr) { + if(tmpstr[0]<'0' || tmpstr[0]>'7' || tmpstr[1]!='\0') { + log(LOG_ERR, "Illegal debug level: %s", tmpstr); + print_help(); + } else { + options.debug_level=tmpstr[0]-'0'; + } + } break; case 'V': print_version(); @@ -378,6 +400,8 @@ case 'P': options.pid_dir=optarg; break; + case ':': + log(LOG_ERR, "Option requires argument: '%c'", optopt); case '?': log(LOG_ERR, "Illegal option: '%c'", optopt); case 'h': @@ -499,7 +523,7 @@ close(0); close(1); close(2); -#endif +#endif /* HAVE_DAEMON */ } static void create_pid() @@ -533,7 +557,7 @@ safeconcat(options.pidfile, "stunnel."); safeconcat(options.pidfile, options.servname); safeconcat(options.pidfile, ".pid"); -#endif +#endif /* HAVE_SNPRINTF */ } else { safecopy(options.pidfile, options.pid_dir); } @@ -558,7 +582,7 @@ if(unlink(options.pidfile)<0) ioerror(options.pidfile); /* not critical */ } -#endif /* defined USE_WIN32 */ +#endif /* ndefined USE_WIN32 */ static int listen_local() /* bind and listen on local interface */ { @@ -988,22 +1012,22 @@ "\n"); fprintf(stderr, "Compile time defaults:\n"); - fprintf(stderr, "\t-v level\tno verify\n"); - fprintf(stderr, "\t-a directory\t%s\n", + fprintf(stderr, "\t-v level\t\tno verify\n"); + fprintf(stderr, "\t-a directory\t\t%s\n", strcmp("",CERT_DIR)? CERT_DIR : "(none)"); - fprintf(stderr, "\t-A file\t\t%s\n", + fprintf(stderr, "\t-A file\t\t\t%s\n", strcmp("",CERT_FILE)? CERT_FILE : "(none)" ); - fprintf(stderr, "\t-S sources\t%d\n", CERT_DEFAULTS); - fprintf(stderr, "\t-t timeout\t%ld seconds\n", options.session_timeout) ; - fprintf(stderr, "\t-B bytes\t%d\n", RANDOM_BYTES); - fprintf(stderr, "\t-D level\t%d\n", options.debug_level); + fprintf(stderr, "\t-S sources\t\t%d\n", CERT_DEFAULTS); + fprintf(stderr, "\t-t timeout\t\t%ld seconds\n", options.session_timeou t); + fprintf(stderr, "\t-B bytes\t\t%d\n", RANDOM_BYTES); + fprintf(stderr, "\t-D [facility.]level\t%s.%d\n", log_facility_name(opt ions.debug_facility), options.debug_level); #ifndef USE_WIN32 - fprintf(stderr, "\t-P pid dir\t%s\n", options.pid_dir); + fprintf(stderr, "\t-P pid dir\t\t%s\n", options.pid_dir); #endif - fprintf(stderr, "\t-p pemfile\t" + fprintf(stderr, "\t-p pemfile\t\t" "in server mode: %s\n" - "\t\t\tin client mode: none\n", options.pem); + "\t\t\t\tin client mode: none\n", options.pem); fprintf(stderr, "\n\n"); } @@ -1017,7 +1041,7 @@ "[-h] " "[-V] " "[-c | -T] " - "[-D level] " + "[-D [facility.]level] " "[-C cipherlist] " "[-p pemfile] " "\n\t" @@ -1102,7 +1126,8 @@ "\n\t\t" RANDOM_FILE " is used when this option is not specified." #endif "\n -W\t\tDo not overwrite random seed datafiles with new random data" - "\n -D level\tdebug level (0-7)" + "\n -D [facility.]level\tdebug log facility (see syslog(2)) and level (0-7)" + "\n -F facility\tsyslog(3) facility for log entries (defaults to LOG_ DAEMON)" "\n" "\nSee stunnel -V output for default values\n" "\n"); diff -NaBbur stunnel-3.8p4-orig/stunnel.html stunnel-3.8p4/stunnel.html --- stunnel-3.8p4-orig/stunnel.html Sat Jun 24 17:37:59 2000 +++ stunnel-3.8p4/stunnel.html Mon Sep 25 16:23:12 2000 @@ -7,7 +7,7 @@

SYNOPSIS

stunnel [-c | -T] -[-D level] +[-D { facility | level | facility.level } ] [-C cipherlist] [-p pemfile] [-v level] @@ -49,11 +49,15 @@ -V Print stunnel version and compile options

--D level -Debugging level +-D { facility | level | facility.level } +Debugging facility and/or level

-Level is a number between 0 (no logging at all) and 7 (show -lots of debugging info) +Level is a number between 0 (no logging at all) and 7 (show lots +of debugging info); facility is the name of a syslog(3) facility to +which logging info should be written. Default is "daemon"; +other possibilities may include mail, cron, news, auth, local[0-7], or +kern. Facility names are not case-sensitive. Implementation varies by +host operating system -- some facilities may not be available.

-C cipherlist @@ -245,6 +249,13 @@ 

stunnel -d 2020 -L /usr/sbin/pppd -- pppd local
+
+

+If you want to provide tunneling to your newsserver, and get verbose +logging under the news facility for syslogd(8), use +something like +

+
stunnel -d news.7 -d 563 -r localhost:nntp

CERTIFICATES