Changeset 207

Timestamp:

Jan 16, 2009, 11:52:26 PM (16 years ago)

Author:

katerina

Message:

Fix for ticket #134 (size may get truncated to INT_MAX)

Location:

trunk

Files:

• configure.ac (modified) (5 diffs)
• docs/Changelog (modified) (2 diffs)
• include/samhain.h (modified) (1 diff)
• src/samhain.c (modified) (3 diffs)
• src/sh_database.c (modified) (5 diffs)
• test/testrun_1.sh (modified) (4 diffs)
• test/testrun_2a.sh (modified) (1 diff)
• test/testrun_2d.sh (modified) (1 diff)

trunk/configure.ac

@@ -1229 +1229 @@
             if test -z "$PGSQL_DIR"; then
               for i in $pgsql_directory; do 
+                if test -r $i/include/postgresql/libpq-fe.h; then
+                  PGSQL_INC_DIR=$i/include
+                  PGSQL_DIR=$i
+                fi
+              done
+            fi
+            if test -z "$PGSQL_DIR"; then
+              for i in $pgsql_directory; do 
                 if test -r $i/include/libpq-fe.h; then
                   PGSQL_INC_DIR=$i/include
@@ -1239 +1247 @@
               tmp=""
               for i in $pgsql_directory; do
-                tmp="$tmp $i/include $i/include/pgsql"
+                tmp="$tmp $i/include $i/include/pgsql $i/include/postgresql"
               done
               FAIL_MESSAGE("PostgreSQL header file (libpq-fe.h)", $tmp)
             fi
 
-            for i in lib lib/pgsql; do
+            for i in lib lib/pgsql lib/postgresql; do
                 str="$PGSQL_DIR/$i/libpq.*"
                 for j in `echo $str`; do
@@ -1256 +1264 @@
             if test -z "$PGSQL_LIB_DIR"; then
               for ff in $pgsql_directory; do
-                for i in lib lib/pgsql; do
+                for i in lib lib/pgsql lib/postgresql; do
                   str="$ff/$i/libpq.*"
                   for j in `echo $str`; do
@@ -1271 +1279 @@
                tmp=""
                for i in $pgsql_directory; do
-                   tmp="$i/lib $i/lib/pgsql"
+                   tmp="$i/lib $i/lib/pgsql $i/lib/postgresql"
                done
                FAIL_MESSAGE("postgresql library libpq", $tmp)
@@ -1287 +1295 @@
             CPPFLAGS="$CPPFLAGS -I${PGSQL_INC_DIR}"
             AC_CHECK_HEADERS(pgsql/libpq-fe.h)
+            AC_CHECK_HEADERS(postgresql/libpq-fe.h)
           else
             pg_lib_dir=`${PGCONF} --libdir`

trunk/docs/Changelog

@@ -1 +1 @@
 2.5.2:
+        * samhain.c: report module failure with positive offset
+        * sh_database.c: parse numerical fields into ulong
+        * fix regression test script for postgresql
+        * fix regression test script for SELinux/ACL test
         * fix reporting of user for open ports to prelude
         * report process pid for open ports
@@ -7 +11 @@
         * improved help output of samhain_stealth (as suggested
           by Michael Athanasiou)
-        * new option ProcessCheckIsOpenvz ([false]/true)
+        * new option ProcessCheckIsOpenVZ ([false]/true)
         
 2.5.1:

trunk/include/samhain.h

@@ -138 +138 @@
 #define SH_MOD_ACTIVE  0
 #define SH_MOD_FAILED -1
+#define SH_MOD_OFFSET 10
 
 /* Flags for file status

trunk/src/samhain.c

@@ -1664 +1664 @@
                              MSG_MOD_FAIL,
                              _(modList[modnum].name),
-                             status);
+                             status+SH_MOD_OFFSET);
           } else {
             sh_error_handle ((-1), FIL__, __LINE__, status, MSG_MOD_FAIL,
                              _(modList[modnum].name),
-                             status);
+                             status+SH_MOD_OFFSET);
           }
           modList[modnum].initval = SH_MOD_FAILED;
@@ -1832 +1832 @@
                                          status, MSG_MOD_FAIL,
                                          _(modList[modnum].name),
-                                         status);
+                                         status+SH_MOD_OFFSET);
                       } else {
                         sh_error_handle ((-1), FIL__, __LINE__, 
                                          status, MSG_MOD_FAIL,
                                          _(modList[modnum].name),
-                                         status);
+                                         status+SH_MOD_OFFSET);
                       }
                       modList[modnum].initval = SH_MOD_FAILED;
@@ -2073 +2073 @@
             if (0 != (status = modList[modnum].mod_check()))
               sh_error_handle ((-1), FIL__, __LINE__, status, MSG_MOD_EXEC,
-                               _(modList[modnum].name), (long) status);
+                               _(modList[modnum].name), (long) (status+SH_MOD_OFFSET));
         }
       

trunk/src/sh_database.c

@@ -112 +112 @@
   char            acl_new[1024];
 
-  long            long_data[20];
+  unsigned long   ulong_data[20];
 
   /*
@@ -870 +870 @@
  ******************************************************************/
 
-#ifdef HAVE_PGSQL_LIBPQ_FE_H
+#if defined(HAVE_PGSQL_LIBPQ_FE_H)
 #include <pgsql/libpq-fe.h>
+#elif defined(HAVE_POSTGRESQL_LIBPQ_FE_H)
+#include <postgresql/libpq-fe.h>
 #else
+#if !defined(USE_UNO)
 #include <libpq-fe.h>
+#else
+#include <postgresql/libpq-fe.h>
+#endif
 #endif
 
@@ -1395 +1401 @@
         {
           (void)
-          sl_snprintf(end, (size_t)(size-1), _(",\'%ld\'"), 
-                      db_entry->long_data[attr_tab[i].val-START_SEC_LONGS]);
+          sl_snprintf(end, (size_t)(size-1), _(",\'%lu\'"), 
+                      db_entry->ulong_data[attr_tab[i].val-START_SEC_LONGS]);
           while (*end != '\0') { ++end; --size; }
           (void) sl_snprintf(c_end, (size_t)(c_size-1), 
@@ -1406 +1412 @@
               (void)
               md5Update(&crc,
-                        (sh_byte *) db_entry->long_data[attr_tab[i].val-START_SEC_LONGS], 
+                        (sh_byte *) db_entry->ulong_data[attr_tab[i].val-START_SEC_LONGS], 
                         sizeof(long));
               /*@+type@*/
@@ -1718 +1724 @@
                 else if (res->val >= START_SEC_LONGS)
                   {
-                    db_entry->long_data[res->val-START_SEC_LONGS]
-                      = atol(&p[j+2]);
+                    db_entry->ulong_data[res->val-START_SEC_LONGS]
+                      = strtoul(&p[j+2], (char **) NULL, 10); 
+                    /* atol(&p[j+2]); */
                   }
 

trunk/test/testrun_1.sh

@@ -190 +190 @@
 #
 TESTPOLICY_11="
+[Misc]
+UseAclCheck=yes
+UseSelinuxCheck=yes
 [ReadOnly]
 dir=99${BASE}
@@ -231 +234 @@
 
 TESTPOLICY_10="
+[Misc]
+UseAclCheck=yes
+UseSelinuxCheck=yes
 [ReadOnly]
 dir=99${BASE}
@@ -253 +259 @@
     # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
     tmp=`grep CRIT $LOGFILE | wc -l`
-    if [ $tmp -ne 3 ]; then
+    if [ $tmp -ne 5 ]; then
         [ -z "$verbose" ] || log_msg_fail "policy count";
         return 1
@@ -1241 +1247 @@
           let "tcount = tcount + 1" >/dev/null
           #
-          if [ -z "$doall" -a $tcount -eq 10 ]; then
-              log_skip 10 $MAXTEST 'ACL/SELinux test (or use --really-all)'
-              let "tcount = tcount + 1" >/dev/null
-          fi
-          #
-          if [ -z "$doall" -a $tcount -eq 11 ]; then
-              log_skip 11 $MAXTEST 'ACL/SELinux test (or use --really-all)'
-              let "tcount = tcount + 1" >/dev/null
+          if [ $tcount -eq 10 ]; then
+              if [ -z "$doall" ]; then
+                  log_skip 10 $MAXTEST 'ACL/SELinux test (or use --really-all)'
+                  log_skip 11 $MAXTEST 'ACL/SELinux test (or use --really-all)'
+                  let "tcount = tcount + 2" >/dev/null
+              else
+                  # 'id -u' is posix
+                  #
+                  if test -f /usr/xpg4/bin/id
+                  then
+                      my_uid=`/usr/xpg4/bin/id -u`
+                  else
+                      my_uid=`id -u`
+                  fi
+                  #
+                  if [ ${my_uid} -ne 0 ]; then
+                      log_skip 10 $MAXTEST 'ACL/SELinux test (you are not root)'
+                      log_skip 11 $MAXTEST 'ACL/SELinux test (you are not root)'
+                      let "tcount = tcount + 2" >/dev/null
+                  else
+
+                      SETFATTR=`find_path setfattr`
+                      if [ -z "$SETFATTR" ]; then
+                          log_skip 10 $MAXTEST 'ACL/SELinux test (setfattr not in path)'
+                          log_skip 11 $MAXTEST 'ACL/SELinux test (setfattr not in path)'
+                          let "tcount = tcount + 2" >/dev/null
+                      fi
+                  fi
+              fi
           fi
           #

trunk/test/testrun_2a.sh

@@ -221 +221 @@
         cp    ./testrc_2       ./rc.${SH_LOCALHOST}
         mv    ./.samhain_file  ./file.${SH_LOCALHOST}
+        chmod 644 ./rc.${SH_LOCALHOST}
+        chmod 644 ./file.${SH_LOCALHOST}
 
         ALTHOST=`find_hostname`
         cp    ./testrc_2       "./rc.${ALTHOST}"
         cp    ./file.${SH_LOCALHOST} "./file.${ALTHOST}" 2>/dev/null
+        chmod 644 ./rc.${ALTHOST}
+        chmod 644 ./file.${ALTHOST}
 }
 

trunk/test/testrun_2d.sh

@@ -38 +38 @@
     # PGPASSWORD=samhain; export PGPASSWORD
     create_pgpass
-    psql -U samhain -d samhain -c "SELECT * FROM log WHERE entry_status = 'NEW' and log_time > '${DATE}';" >test_log_db
+    psql -o test_log_db -U samhain -d samhain -c "SELECT * FROM log WHERE entry_status = 'NEW' and log_time > '${DATE}';"
     #
     egrep "START.*Yule" test_log_db >/dev/null 2>&1
     if [ $? -ne 0 ]; then
-        [ -z "$verbose" ] || log_msg_fail "Server start";
+        [ -z "$verbose" ] || log_msg_fail "Server start (psql)";
         return 1
     fi
     egrep "NEW CLIENT" test_log_db >/dev/null 2>&1
     if [ $? -ne 0 ]; then
-        [ -z "$verbose" ] || log_msg_fail "Client connect";
+        [ -z "$verbose" ] || log_msg_fail "Client connect (psql)";
         return 1
     fi
     egrep "Checking.*/bin" test_log_db >/dev/null 2>&1
     if [ $? -ne 0 ]; then
-        [ -z "$verbose" ] || log_msg_fail "Client file check";
+        [ -z "$verbose" ] || log_msg_fail "Client file check (psql)";
         return 1
     fi
     egrep "EXIT.*Samhain" test_log_db >/dev/null 2>&1
     if [ $? -ne 0 ]; then
-        [ -z "$verbose" ] || log_msg_fail "Client exit";
+        [ -z "$verbose" ] || log_msg_fail "Client exit (psql)";
         return 1
     fi
     egrep "EXIT.*Yule.*SIGTERM" test_log_db >/dev/null 2>&1
     if [ $? -ne 0 ]; then
-        [ -z "$verbose" ] || log_msg_fail "Server exit";
+        [ -z "$verbose" ] || log_msg_fail "Server exit (psql)";
         return 1
     fi