Changeset 25 for trunk

Timestamp:

Mar 14, 2006, 10:27:38 PM (19 years ago)

Author:

rainer

Message:

More tests; fix for update+schedule issue.

Location:

trunk

Files:

• Makefile.in (modified) (2 diffs)
• docs/Changelog (modified) (2 diffs)
• dsys/comDOWNLOAD (modified) (1 diff)
• include/samhain.h (modified) (1 diff)
• include/sh_unix.h (modified) (1 diff)
• src/samhain.c (modified) (1 diff)
• src/sh_html.c (modified) (1 diff)
• src/sh_unix.c (modified) (2 diffs)
• src/sh_utils.c (modified) (2 diffs)
• src/slib.c (modified) (1 diff)
• test/testrun_1.sh (modified) (2 diffs)
• test/testrun_2a.sh (modified) (4 diffs)

trunk/Makefile.in

@@ -1091 +1091 @@
 CUTEST_SOURCES = $(srcsrc)/cutest_sh_tools.c \
                 $(srcsrc)/cutest_sh_utils.c \
+                $(srcsrc)/cutest_sh_unix.c \
                 $(srcsrc)/cutest_slib.c \
                 $(srcsrc)/cutest_zAVLTree.c \
@@ -1097 +1098 @@
 CUTEST_OBJECTS = cutest_sh_tools.o \
         cutest_sh_utils.o \
+        cutest_sh_unix.o \
         cutest_slib.o \
         cutest_zAVLTree.o \

trunk/docs/Changelog

@@ -1 +1 @@
 2.2.0:
+        * patch by Yoann Vandoorselaere for sh_prelude.c
         * allow --longopt arg as well as --longopt=arg
-        * fix minor problem with dead clienbt detection (problem reported
-          by M. Kustosik)
         * verify checksum of growing log files
         * rewrite of the test suite
         * added a bit of unit testing
-        * improved the windows howto according to suggestions by 
-          Jorge Morgado
         * minor optimizations in various places
         * optimized implementation of tiger checksum algorithm
@@ -20 +17 @@
         * slib.c: remove fcntl's from sl_read_timeout (caller sets O_NONBLOCK),
           add function sl_read_timeout_prep
+
+2.1.3 (13-03-2006):
+        * fix compile problem in slib.c (reported by Lawrence Bowie)
+        * fix bug with combination of one-shot update mode and file check 
+          schedule (reportedby Dan Track)
+        * improved the windows howto according to suggestions by 
+          Jorge Morgado
+        * fix samhain_hide kernel module for new linux kernel versions
+        * fix minor problem with dead client detection (problem reported
+          by Michal Kustosik)
 
 2.1.2 (10-01-2006):

trunk/dsys/comDOWNLOAD

@@ -111 +111 @@
     if test -z "$command"
     then
-        printFATAL "No wget, curl, lynx, links, lwp-request, fetch in your \$PATH, cannot download"
+        printFATAL "No wget, curl, lynx, links, lwp-request, fetch, fget in your \$PATH, cannot download"
     fi
 

trunk/include/samhain.h

@@ -301 +301 @@
 int safe_fatal  (int signal, int method, char * details, char *f, int l);
 
-#define SH_VAL_EQ(a,b) \
+#define SH_VALIDATE_EQ(a,b) \
      do { \
          if ((a) != (b)) safe_fatal(0, 0, #a " != " #b, FIL__, __LINE__);\
      } while (0)
 
+#define SH_VALIDATE_NE(a,b) \
+     do { \
+         if ((a) == (b)) safe_fatal(0, 0, #a " == " #b, FIL__, __LINE__);\
+     } while (0)
 
 #if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)

trunk/include/sh_unix.h

@@ -141 +141 @@
 int sh_unix_munlock(void * addr, size_t len);
 int sh_unix_count_mlock();
+/* public for unit tests */
+int sh_unix_pagesize();
+unsigned long sh_unix_lookup_page(void * in_addr, size_t len, int * num_pages);
 
 /* chroot directory

trunk/src/samhain.c

@@ -1795 +1795 @@
       /* see whether its time to check files
        */
-      if      (sh.flag.checkSum == SH_CHECK_INIT)
+      if      (sh.flag.checkSum == SH_CHECK_INIT ||
+               (sh.flag.checkSum == SH_CHECK_CHECK &&
+                (sh.flag.isdaemon == S_FALSE && sh.flag.loop == S_FALSE)))
         {
           flag_check_1 = 1;

trunk/src/sh_html.c

@@ -313 +313 @@
           sl_strlcat(&entry_orig[entry_size], line, line_size + 1);
           entry_size += add_size;
-          SH_VAL_EQ(entry_orig[entry_size], '\0');
+          SH_VALIDATE_EQ(entry_orig[entry_size], '\0');
         }
       sl_close(fd);

trunk/src/sh_unix.c

@@ -4024 +4024 @@
     {
 #ifdef WITH_TPT
-      sl_snprintf(str, 128, _("file: %s line: %d page: %d"), 
+      sl_snprintf(str, sizeof(str), _("file: %s line: %d page: %d"), 
                   page_list->file, page_list->line, i+1);
       sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, i, MSG_E_SUBGEN,
@@ -4032 +4032 @@
       ++i;
     }
-  sl_snprintf(str, 128, _("%d pages locked"), i);
+  sl_snprintf(str, sizeof(str), _("%d pages locked"), i);
   sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, i, MSG_E_SUBGEN,
                   str, _("sh_unix_count_mlock"));

trunk/src/sh_utils.c

@@ -205 +205 @@
   SL_ENTER(_("sh_util_strdup"));
 
-  if (str != NULL)
-    {
-      len = sl_strlen(str);
-      p   = SH_ALLOC (len + 1);
-      (void) sl_strlcpy (p, str, len+1);
-    }
+  SH_VALIDATE_NE(str, NULL);
+
+  len = sl_strlen(str);
+  p   = SH_ALLOC (len + 1);
+  (void) sl_strlcpy (p, str, len+1);
+
   SL_RETURN( p, _("sh_util_strdup"));
 }
@@ -224 +224 @@
   ret = *str;
 
-  if (ret == NULL) {
-    SL_RETURN(ret, _("sh_util_strsep"));
-  }
+  SH_VALIDATE_NE(ret, NULL);
 
   for (c = *str; *c != '\0'; c++) {

trunk/src/slib.c

@@ -577 +577 @@
 
 #if !defined(HOST_IS_I86SOLARIS)
-#if !defined (_GNU_SOURCE)
+#if !defined (_GNU_SOURCE) && !defined(__linux__)
 /* flawfinder: ignore */
 extern int vsnprintf ( char *str, size_t n,

trunk/test/testrun_1.sh

@@ -22 +22 @@
 testrun1_setup=0
 
-MAXTEST=10; export MAXTEST
+MAXTEST=11; export MAXTEST
 
 test_dirs () {
@@ -46 +46 @@
         fi
     done
+}
+
+# 
+# combine file check schedule with one-shot mode 
+# 
+TESTPOLICY_11="
+[ReadOnly]
+dir=99${BASE}
+"
+
+mod_testdata_11 () {
+    sleep 1
+    echo "foobar" >"${BASE}/c/x"; # bad
+    chmod 0555  "${BASE}/a/y";    # bad
+    ORIGINAL='SetFilecheckTime=60'
+    REPLACEMENT='FileCheckScheduleOne = 6 12 * * *'
+    ex $RCFILE <<EOF
+:%s/${ORIGINAL}/${REPLACEMENT}/g
+:wq
+EOF
+}
+
+chk_testdata_11 () {
+    # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
+    tmp=`grep CRIT $LOGFILE | wc -l`
+    if [ $tmp -ne 2 ]; then
+        [ -z "$verbose" ] || log_msg_fail "policy count";
+        return 1
+    fi
+    egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1
+    if [ $? -ne 0 ]; then
+        [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x";
+        return 1
+    fi
+    egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/a/y" $LOGFILE >/dev/null 2>&1
+    if [ $? -ne 0 ]; then
+        [ -z "$verbose" ] || log_msg_fail "${BASE}/a/y";
+        return 1
+    fi
+    CDIRS="a a/a a/b a/c c b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
+    NDIRS="";
+    test_dirs;
+    return $?
 }
 

trunk/test/testrun_2a.sh

@@ -140 +140 @@
         rm -f ./rc.${SH_LOCALHOST}
         rm -f ./file.${SH_LOCALHOST}
+        rm -f  "./rc.${ALTHOST}"
+        rm -f  "./file.${ALTHOST}"
 
         cp ${SCRIPTDIR}/testrc_2.in testrc_2
@@ -196 +198 @@
 }
 
-MAXTEST=1; export MAXTEST
+MAXTEST=5; export MAXTEST
 
 testrun2a ()
@@ -209 +211 @@
     #
     testrun2a_internal
-    #
     do_test_1_a
     if [ $? -eq 0 ]; then
@@ -215 +216 @@
     else
         [ -z "$quiet" ] && log_fail 1 ${MAXTEST} "Client download+logging";
+    fi
+    #
+    SERVER_BUILDOPTS_ORIG="${SERVER_BUILDOPTS}"
+    CLIENT_BUILDOPTS_ORIG="${CLIENT_BUILDOPTS}"
+    #
+    SERVER_BUILDOPTS="${SERVER_BUILDOPTS_ORIG} --disable-srp"
+    CLIENT_BUILDOPTS="${CLIENT_BUILDOPTS_ORIG} --disable-srp"
+    #
+    testrun2a_internal
+    do_test_1_a
+    if [ $? -eq 0 ]; then
+        [ -z "$quiet" ] && log_ok   2 ${MAXTEST} "SRP disabled";
+    else
+        [ -z "$quiet" ] && log_fail 2 ${MAXTEST} "SRP disabled";
+    fi
+    #
+    SERVER_BUILDOPTS="${SERVER_BUILDOPTS_ORIG} --disable-encrypt"
+    CLIENT_BUILDOPTS="${CLIENT_BUILDOPTS_ORIG} --disable-encrypt"
+    #
+    testrun2a_internal
+    do_test_1_a
+    if [ $? -eq 0 ]; then
+        [ -z "$quiet" ] && log_ok   3 ${MAXTEST} "Encryption disabled";
+    else
+        [ -z "$quiet" ] && log_fail 3 ${MAXTEST} "Encryption disabled";
+    fi
+    #
+    SERVER_BUILDOPTS="${SERVER_BUILDOPTS_ORIG} --enable-encrypt=1"
+    CLIENT_BUILDOPTS="${CLIENT_BUILDOPTS_ORIG} --enable-encrypt=1"
+    #
+    testrun2a_internal
+    do_test_1_a
+    if [ $? -eq 0 ]; then
+        [ -z "$quiet" ] && log_ok   4 ${MAXTEST} "Encryption (v1)";
+    else
+        [ -z "$quiet" ] && log_fail 4 ${MAXTEST} "Encryption (v1)";
+    fi
+    #
+    SERVER_BUILDOPTS="${SERVER_BUILDOPTS_ORIG}"
+    CLIENT_BUILDOPTS="${CLIENT_BUILDOPTS_ORIG} --enable-encrypt=1"
+    #
+    testrun2a_internal
+    do_test_1_a
+    if [ $? -eq 0 ]; then
+        [ -z "$quiet" ] && log_ok   5 ${MAXTEST} "Encryption backward compat";
+    else
+        [ -z "$quiet" ] && log_fail 5 ${MAXTEST} "Encryption backward compat";
     fi
     #