Changeset 27

Timestamp:

Apr 6, 2006, 8:55:51 PM (19 years ago)

Author:

rainer

Message:

Support for server-to-server relay and more user policies

Location:

trunk

Files:

• deploy.sh.in (modified) (1 diff)
• docs/Changelog (modified) (1 diff)
• docs/MANUAL-2_0.html.tar (modified) ( previous)
• docs/README.UPGRADE (modified) (1 diff)
• dsys/comBUILD (modified) (1 diff)
• dsys/comCHECKSRC (modified) (1 diff)
• dsys/comCLEAN (modified) (1 diff)
• dsys/comDOWNLOAD (modified) (1 diff)
• dsys/comINSTALL (modified) (1 diff)
• dsys/comUNINSTALL (modified) (1 diff)
• dsys/funcBUILD (modified) (1 diff)
• dsys/funcDB (modified) (1 diff)
• dsys/funcDIALOG (modified) (1 diff)
• dsys/funcEXE (modified) (1 diff)
• dsys/funcINSTALL (modified) (1 diff)
• dsys/funcPRINT (modified) (1 diff)
• dsys/funcSETUP (modified) (1 diff)
• dsys/initscript (modified) (1 diff)
• dsys/postinstall (modified) (1 diff)
• dsys/preinstall (modified) (1 diff)
• include/samhain.h (modified) (1 diff)
• include/sh_error.h (modified) (2 diffs)
• include/sh_files.h (modified) (3 diffs)
• include/sh_forward.h (modified) (3 diffs)
• include/sh_tools.h (modified) (3 diffs)
• include/sh_unix.h (modified) (1 diff)
• man/samhain.8 (modified) (2 diffs)
• man/samhainrc.5 (modified) (4 diffs)
• src/sh_database.c (modified) (3 diffs)
• src/sh_error.c (modified) (8 diffs)
• src/sh_files.c (modified) (4 diffs)
• src/sh_forward.c (modified) (4 diffs)
• src/sh_getopt.c (modified) (4 diffs)
• src/sh_hash.c (modified) (1 diff)
• src/sh_readconf.c (modified) (7 diffs)
• src/sh_srp.c (modified) (2 diffs)
• src/sh_tools.c (modified) (9 diffs)
• src/sh_unix.c (modified) (2 diffs)
• src/sh_userfiles.c (modified) (2 diffs)
• test/test.sh (modified) (3 diffs)
• test/testcompile.sh (modified) (1 diff)
• test/testext.sh (modified) (1 diff)
• test/testhash.sh (modified) (1 diff)
• test/testrun_1.sh (modified) (1 diff)
• test/testrun_1a.sh (modified) (1 diff)
• test/testrun_1b.sh (modified) (1 diff)
• test/testrun_1c.sh (modified) (1 diff)
• test/testrun_2.sh (modified) (13 diffs)
• test/testrun_2a.sh (modified) (1 diff)
• test/testrun_2b.sh (modified) (1 diff)
• test/testrun_2c.sh (modified) (1 diff)
• test/testrun_2d.sh (modified) (1 diff)
• test/testtimesrv.sh (modified) (1 diff)

trunk/deploy.sh.in

@@ -1 +1 @@
 #! /bin/sh
+
+#
+# Copyright Rainer Wichmann (2005)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
 
 #VERSION2.0

trunk/docs/Changelog

@@ -1 +1 @@
 2.2.0:
+        * add copyright/license info to test scripts
+        * add copyright/license info to deployment system scripts
+        * support server-to-server relay
+        * new CL option --server-port
+        * minor improvements in manual
         * patch by Yoann Vandoorselaere for sh_prelude.c
         * allow --longopt arg as well as --longopt=arg

trunk/docs/README.UPGRADE

@@ +1 @@
+
+since 2.2.0: server-to-server relay is possible
+
+  -- this implies that problems will arise if your server is misconfigured
+     to connect to itself (SetExportSeverity is explicitely set
+     to a threshold different from 'none', and the logserver is set to 
+     localhost). The server may deadlock in this case.
+
+
+
 since 2.1.0: update and daemon mode can be combined
 

trunk/dsys/comBUILD

@@ -4 +4 @@
 #
 #########################################################################
+#
+# Copyright Rainer Wichmann (2005)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
 
 commandBUILD() {

trunk/dsys/comCHECKSRC

@@ -4 +4 @@
 #
 #########################################################################
+#
+# Copyright Rainer Wichmann (2005)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
 
 commandCHECKSRC() {

trunk/dsys/comCLEAN

@@ -4 +4 @@
 #
 #########################################################################
+#
+# Copyright Rainer Wichmann (2005)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
 
 commandCLEAN() {

trunk/dsys/comDOWNLOAD

@@ -4 +4 @@
 #
 #########################################################################
+#
+# Copyright Rainer Wichmann (2005)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
 
 commandDOWNLOAD() {

trunk/dsys/comINSTALL

@@ -4 +4 @@
 #
 #########################################################################
+#
+# Copyright Rainer Wichmann (2005)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
 
 commandINSTALL() {

trunk/dsys/comUNINSTALL

@@ -4 +4 @@
 #
 #########################################################################
+#
+# Copyright Rainer Wichmann (2005)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
 
 commandUNINSTALL() {

trunk/dsys/funcBUILD

@@ -4 +4 @@
 #
 #########################################################################
+#
+# Copyright Rainer Wichmann (2005)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
 
 #------------------------------------------------------------------------

trunk/dsys/funcDB

@@ -4 +4 @@
 #
 #########################################################################
+#
+# Copyright Rainer Wichmann (2005)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
 
 DBFTEST=0

trunk/dsys/funcDIALOG

@@ -4 +4 @@
 #
 #########################################################################
+#
+# Copyright Rainer Wichmann (2005)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
 
 # print without newline

trunk/dsys/funcEXE

@@ -4 +4 @@
 #
 #########################################################################
+#
+# Copyright Rainer Wichmann (2005)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
 
 findEXE() {

trunk/dsys/funcINSTALL

@@ -4 +4 @@
 #
 #########################################################################
+#
+# Copyright Rainer Wichmann (2005)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
 
 getconfopts () {

trunk/dsys/funcPRINT

@@ -4 +4 @@
 #
 #########################################################################
+#
+# Copyright Rainer Wichmann (2005)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
 
 # Fatal error

trunk/dsys/funcSETUP

@@ -4 +4 @@
 #
 #########################################################################
+#
+# Copyright Rainer Wichmann (2005)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
 
 # test setup

trunk/dsys/initscript

@@ -1 +1 @@
 #! /bin/sh
+
+#
+# Copyright Rainer Wichmann (2005)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
 
 startup=no

trunk/dsys/postinstall

@@ -1 +1 @@
 #! /bin/sh
+
+#
+# Copyright Rainer Wichmann (2005)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
 
 name=`./samhain-install.sh --print-config name`

trunk/dsys/preinstall

@@ -1 +1 @@
 #! /bin/sh
+#
+# Copyright Rainer Wichmann (2005)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
 
 name=`./samhain-install.sh --print-config name`

trunk/include/samhain.h

@@ -138 +138 @@
   SH_LEVEL_USER0       = 7,
   SH_LEVEL_USER1       = 8,
-  SH_LEVEL_PRELINK     = 9
+  SH_LEVEL_USER2       = 9,
+  SH_LEVEL_USER3       = 10,
+  SH_LEVEL_USER4       = 11,
+  SH_LEVEL_PRELINK     = 12
 };
 

trunk/include/sh_error.h

@@ -30 +30 @@
   SH_ERR_T_START  = 0,
 
-  /* 1-9 = SH_LEVEL_XXX */
+  /* 1-13 = SH_LEVEL_XXX */
 
   SH_ERR_T_RO      = SH_LEVEL_READONLY,
@@ -40 +40 @@
   SH_ERR_T_USER0   = SH_LEVEL_USER0,  
   SH_ERR_T_USER1   = SH_LEVEL_USER1,  
+  SH_ERR_T_USER2   = SH_LEVEL_USER2,  
+  SH_ERR_T_USER3   = SH_LEVEL_USER3,  
+  SH_ERR_T_USER4   = SH_LEVEL_USER4,  
   SH_ERR_T_PRELINK = SH_LEVEL_PRELINK,  
 
-  SH_ERR_T_DIR    = 10,
-  SH_ERR_T_FILE   = 11,
-  SH_ERR_T_NAME   = 12,
+  SH_ERR_T_DIR    = 13,
+  SH_ERR_T_FILE   = 14,
+  SH_ERR_T_NAME   = 15,
 
-  SH_ERR_T_END    = 13
+  SH_ERR_T_END    = 16
 };
 

trunk/include/sh_files.h

@@ -73 +73 @@
 int  sh_files_pushdir_user1 (const char * dirName);
 
+/* push a directory on the stack USER2
+ */
+int  sh_files_pushdir_user2 (const char * dirName);
+
+/* push a directory on the stack USER3
+ */
+int  sh_files_pushdir_user3 (const char * dirName);
+
+/* push a directory on the stack USER4
+ */
+int  sh_files_pushdir_user4 (const char * dirName);
+
 /* push a directory on the stack PRELINK
  */
@@ -109 +121 @@
  */
 int  sh_files_pushfile_user1 (const char * dirName);
+
+/* push a file on the stack USER2
+ */
+int  sh_files_pushfile_user2 (const char * dirName);
+
+/* push a file on the stack USER3
+ */
+int  sh_files_pushfile_user3 (const char * dirName);
+
+/* push a file on the stack USER4
+ */
+int  sh_files_pushfile_user4 (const char * dirName);
 
 /* push a file on the stack PRELINK
@@ -155 +179 @@
 int sh_files_redef_user0(const char * str);
 int sh_files_redef_user1(const char * str);
+int sh_files_redef_user2(const char * str);
+int sh_files_redef_user3(const char * str);
+int sh_files_redef_user4(const char * str);
 int sh_files_redef_prelink(const char * str);
 int sh_files_redef_readonly(const char * str);

trunk/include/sh_forward.h

@@ -41 +41 @@
  */
 int sh_forward_make_client (const char * str);
+
+/* set port to which we connect
+ */
+int sh_forward_server_port (const char * str);
 
 #ifdef SH_WITH_SERVER
@@ -91 +95 @@
 #endif
 
-#ifdef SH_WITH_CLIENT
+#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
 /* talk to server
  */
 long  sh_forward (char * errmsg);
 
+/* set log server
+ */
+int sh_forward_setlogserver (const char * address);
+void reset_count_dev_server(void);
+#endif
+
+#ifdef SH_WITH_CLIENT
 
 /* request file from server. file may be "CONF" or "DATA".
@@ -101 +112 @@
 long sh_forward_req_file (char * file);
 
-/* set log server
- */
-int sh_forward_setlogserver (const char * address);
-void reset_count_dev_server(void);
-
 #endif
 

trunk/include/sh_tools.h

@@ -53 +53 @@
 
 
-#if defined (SH_WITH_CLIENT)
+#if defined (SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
 
 unsigned long write_port (int sockfd, char *buf, unsigned long nbytes, 
@@ -65 +65 @@
                  unsigned long * length, char * u);
 
-
-SL_TICKET open_tmp (void);
-int close_tmp (SL_TICKET fd);
-int rewind_tmp (SL_TICKET fd);
+/*
+  SL_TICKET open_tmp (void);
+  int close_tmp (SL_TICKET fd);
+  int rewind_tmp (SL_TICKET fd);
+*/
 
 void sh_tools_server_cmd(const char * srvcmd);
@@ -78 +79 @@
 #endif
 
+#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) || defined(SH_STEALTH) || defined(WITH_GPG) || defined(WITH_PGP)
+SL_TICKET open_tmp (void);
+int close_tmp (SL_TICKET fd);
+int rewind_tmp (SL_TICKET fd);
+#endif
 
 #endif

trunk/include/sh_unix.h

@@ -99 +99 @@
 extern  unsigned long mask_USER0;
 extern  unsigned long mask_USER1;
+extern  unsigned long mask_USER2;
+extern  unsigned long mask_USER3;
+extern  unsigned long mask_USER4;
 /* like READONLY, but without MTM,CTM,SIZ,INO, abd with PREL)
  */

trunk/man/samhain.8

@@ -48 +48 @@
 .SS "MISCELLANEOUS"
 .PP
+
+.B samhain
+.RI \-\-server\-port= portnumber
 
 .B samhain
@@ -300 +303 @@
 .SS "MISCELLANEOUS OPTIONS"
 .PP
+
+.B samhain
+.RI \-\-server\-port= portnumber
+
+Choose the port on the server host to which the client will connect.
 
 .B samhain

trunk/man/samhainrc.5

@@ -96 +96 @@
 .TP
 .I "[User1]"
+.TP
+.I "[User2]"
+.TP
+.I "[User3]"
+.TP
+.I "[User4]"
 These are reserved for user-defined policies.
 .TP
@@ -172 +178 @@
 .br
 .BI  SeverityUser0= val,
+.br
+.BI  SeverityUser1= val,
+.br
+.BI  SeverityUser2= val,
+.br
+.BI  SeverityUser3= val,
 and
 .br
-.BI  SeverityUser1= val
+.BI  SeverityUser4= val
 define the error levels for failures to verify the integrity of
 files/directories of the respective types. I.e. if such a file shows
@@ -514 +526 @@
 sets the hostname for the log server. 
 .br
+.BI SetServerPort= portnumber
+sets the port on the server to connect to. 
+.br
 .BI SetDatabasePath= AUTO|/path 
 Path to database (AUTO to tack hostname on compiled-in path). 
@@ -547 +562 @@
 .BI RedefUser1= +/-XXX,+/-YYY,...
 Add or subtract tests XXX from the User1 policy.
+.br
+.BI RedefUser2= +/-XXX,+/-YYY,...
+Add or subtract tests XXX from the User2 policy.
+.br
+.BI RedefUser3= +/-XXX,+/-YYY,...
+Add or subtract tests XXX from the User3 policy.
+.br
+.BI RedefUser4= +/-XXX,+/-YYY,...
+Add or subtract tests XXX from the User4 policy.
 .TP
 .B Server Only

trunk/src/sh_database.c

@@ -1192 +1192 @@
         }
     }
-#if 0
-  /* apparently slower, see gyule.7 */
-  len = (long) strlen(val);
-
-  if ((val[0] != '\0') && (*size > 2))
-    {
-      if (flag == 1) 
-        {
-          *end = ',';  ++end;
-          *end = '\''; ++end; (*size) -= 2; 
-          *end = '\0';
-        
-          if ((long) *size > (len+2))
-            {
-              (void) sl_strlcat(end, val, (size_t) *size);
-              end   += len; (*size) -= len;
-              *end = '\''; ++end;  (*size) -= 1; 
-            }
-          *end = '\0'; 
-        }
-      else
-        {
-          *end = ',';  ++end; (*size) -= 1;
-          *end = '\0';
-        
-          if ((long) *size > (len+1))
-            {
-              (void) sl_strlcat(end, val, (size_t) *size);
-              end   += len; (*size) -= len;
-            }
-          *end = '\0';
-        }
-    }
-#endif
+
   return end;
 }
@@ -1695 +1662 @@
 }
 
+/* recursively enter linked list of messages into database, last first
+ */
+int sh_database_insert_rec (dbins * curr, unsigned int depth)
+{
+  long    id = 0;
+  dbins * prev;
+
+  SL_ENTER(_("sh_database_insert_rec"));
+
+  if (curr->next)
+    {
+      prev = curr->next;
+      sl_strlcpy(prev->host, curr->host, 64);
+      id = sh_database_insert_rec (curr->next, (depth + 1));
+    }
+
+  if (id != 0)                       /* this is a server wrapper          */
+    {
+      if (enter_wrapper != 0)
+        {
+          id = sh_database_entry (curr, id);
+        }
+    }
+  else
+    {
+      /*
+       * id = -1 is the client message; log_ref will be NULL 
+       */
+      if (depth > 0)                  /* this is a client message         */
+        id = sh_database_entry (curr, -1);
+      else                            /* this is a generic server message */
+        id = sh_database_entry (curr, 0);
+    }
+
+  SH_FREE(curr);
+
+  SL_RETURN(id, _("sh_database_insert"));
+}
+
 int sh_database_insert (char * message)
 {
   dbins * db_entry;
-  dbins * prev;
-  dbins * curr;
-  long    id = 0;
-#ifdef HOST_SWITCH
-  char  * temp[64];
-#endif
 
   SL_ENTER(_("sh_database_insert"));
@@ -1714 +1714 @@
   (void) sh_database_parse (message, db_entry);
 
-  /* Enter the list into the database. Actually, the list can only have
-   * two entries at most.
-   */
-  curr = db_entry;
-  if (curr->next)
-    {
-      prev = curr->next;
-#ifdef HOST_SWITCH
-      strncpy(temp, prev->host,       64);
+  /* recursively enter the linked list into the database
+   */
+  (void) sh_database_insert_rec (db_entry, 0);
+
+  SL_RETURN(0, _("sh_database_insert"));
+}
+
 #endif
-      strncpy(prev->host, curr->host, 64);
-#ifdef HOST_SWITCH
-      strncpy(curr->host, temp,       64);
-#endif
-      id = sh_database_entry (prev, -1);
-      SH_FREE(prev);
-    }
-
-  if (id != 0)                       /* this is a server wrapper          */
-    {
-      if (enter_wrapper != 0)
-        (void) sh_database_entry (curr, id);
-    }
-  else                                /* this is a generic server message */
-    {
-      (void) sh_database_entry (curr, 0);
-    }
-  SH_FREE(curr);
-
-  SL_RETURN(0, _("sh_database_insert"));
-}
-
-#endif

trunk/src/sh_error.c

@@ -639 +639 @@
 }
 
-#ifdef SH_WITH_CLIENT
+#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
 /* set severity for TCP export
  */
@@ -843 +843 @@
 #endif
 
-#ifdef SH_WITH_CLIENT
+#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
   char   * ex_msg;
 #endif
@@ -862 +862 @@
   static int syslog_block = 0;
   static int log_block    = 0;
-#if defined(SH_WITH_CLIENT)
+#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
   static int export_block = 0;
 #endif
@@ -926 +926 @@
     severity = sev;
 
+  /* these are messages from remote sources
+   */
   if ((severity  & SH_ERR_INET) != 0)
     {
@@ -939 +941 @@
        ( (errFlags.sysloglevel  & severity    ) == 0 || 
          (errFlags.syslog_class & (1 << class)) == 0 )     &&
-#ifdef SH_WITH_CLIENT
+#if defined(SH_WITH_CLIENT) || defined(SH_WITH_CLIENT)
        ( (errFlags.exportlevel  & severity    ) == 0 ||
          (errFlags.export_class & (1 << class)) == 0 )     &&
@@ -958 +960 @@
          (errFlags.mail_class    & (1 << class)) == 0 )
 #ifdef SH_WITH_SERVER
-      && (flag_inet == S_FALSE)
+       && (flag_inet == S_FALSE) /* still log messages from remote sources */
 #endif
        )
@@ -1119 +1121 @@
        * to log server
        ****************************************************/
-#ifdef SH_WITH_CLIENT
+#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
       /* Export by TCP.
        */
-      if ((errFlags.exportlevel  & severity  )   != 0 &&
-          (errFlags.export_class & (1 << class)) != 0 &&
-          (errFlags.exportlevel  & SH_ERR_NOT)   == 0 &&
-          class != AUD                                &&
-          sh.flag.isserver != GOOD                    &&
-          (flag_inet == S_FALSE) ) /* don't log inet to export */
+
+      if ( ((errFlags.exportlevel  & severity  )   != 0 &&
+            (errFlags.export_class & (1 << class)) != 0 &&
+            (errFlags.exportlevel  & SH_ERR_NOT)   == 0 &&
+            class != AUD                               )
+#ifdef SH_WITH_SERVER
+           || (flag_inet == S_TRUE) /* always log inet to export */
+#endif
+          /* sh.flag.isserver != GOOD                    && */
+          /* (flag_inet == S_FALSE) */ /* don't log inet to export */
+           )
         {
           if (export_block == 0)
@@ -1142 +1149 @@
               sl_snprintf(ex_msg, ex_len, _("%d?%u?%s"),
                       severity, class, lmsg->msg);
-
               retval = sh_forward (ex_msg);
               SH_FREE(ex_msg);

trunk/src/sh_files.c

@@ -454 +454 @@
 }
 
-
 int sh_files_pushfile_user1 (const char * str_s)
 {
   return (sh_files_pushfile (SH_LEVEL_USER1, str_s));
+}
+
+int sh_files_pushfile_user2 (const char * str_s)
+{
+  return (sh_files_pushfile (SH_LEVEL_USER2, str_s));
+}
+
+int sh_files_pushfile_user3 (const char * str_s)
+{
+  return (sh_files_pushfile (SH_LEVEL_USER3, str_s));
+}
+
+int sh_files_pushfile_user4 (const char * str_s)
+{
+  return (sh_files_pushfile (SH_LEVEL_USER4, str_s));
 }
 
@@ -612 +626 @@
   return (sh_files_parse_mask(&mask_USER1, str));
 } 
+int sh_files_redef_user2(const char * str)
+{
+  return (sh_files_parse_mask(&mask_USER2, str));
+} 
+int sh_files_redef_user3(const char * str)
+{
+  return (sh_files_parse_mask(&mask_USER3, str));
+} 
+int sh_files_redef_user4(const char * str)
+{
+  return (sh_files_parse_mask(&mask_USER4, str));
+} 
 int sh_files_redef_readonly(const char * str)
 {
@@ -657 +683 @@
     case SH_LEVEL_USER1:
       return (unsigned long) mask_USER1;
+    case SH_LEVEL_USER2:
+      return (unsigned long) mask_USER2;
+    case SH_LEVEL_USER3:
+      return (unsigned long) mask_USER3;
+    case SH_LEVEL_USER4:
+      return (unsigned long) mask_USER4;
     case SH_LEVEL_PRELINK:
       return (unsigned long) mask_PRELINK;
@@ -1042 +1074 @@
 {
   return (sh_files_pushdir (SH_LEVEL_USER1, str_s));
+}
+
+int sh_files_pushdir_user2 (const char * str_s)
+{
+  return (sh_files_pushdir (SH_LEVEL_USER2, str_s));
+}
+
+int sh_files_pushdir_user3 (const char * str_s)
+{
+  return (sh_files_pushdir (SH_LEVEL_USER3, str_s));
+}
+
+int sh_files_pushdir_user4 (const char * str_s)
+{
+  return (sh_files_pushdir (SH_LEVEL_USER4, str_s));
 }
 

trunk/src/sh_forward.c

@@ -335 +335 @@
 #endif
 
-#ifdef SH_WITH_CLIENT
+#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
 
 static int count_dev_server = 0;
@@ -708 +708 @@
 static long sh_forward_try (char * errmsg);
 
+static unsigned int ServerPort = SH_DEFAULT_PORT;
+
+int sh_forward_server_port (const char * str)
+{
+  unsigned long l;
+  char * endptr;
+
+  SL_ENTER(_("sh_forward_server_port"));
+
+  l = strtoul (str, &endptr, 0);
+  if (l > 65535 || endptr == str)
+    {
+      SL_RETURN (-1, _("sh_forward_server_port"));
+    }
+  ServerPort = (unsigned int) l;
+  SL_RETURN (0, _("sh_forward_server_port"));
+}
 
 long sh_forward (char * errmsg)
@@ -880 +897 @@
 
   sockfd = connect_port_2 (sh.srvexport.name, sh.srvexport.alt, 
-                           SH_DEFAULT_PORT, 
+                           ServerPort, 
                            error_call, &error_num, error_msg, 256);
 
@@ -1441 +1458 @@
                                                 flag_err,
                                                 MSG_TCP_NOCONF);
-                              } else {
+                              } 
+#ifdef SH_WITH_CLIENT
+                              else {
                                 sh_socket_server_cmd(buffer);
                               }
+#endif
                               flag_err = 0;
 

trunk/src/sh_getopt.c

@@ -80 +80 @@
     sh_util_set_interactive },
 #endif
+#if defined(SH_WITH_SERVER) || defined(SH_WITH_CLIENT)
+  { N_("server-port"),  
+    '-', 
+    N_("Set the server port to connect to"),  
+    HAS_ARG_YES, 
+    sh_forward_server_port },
+#endif
 #ifdef SH_WITH_SERVER
   { N_("server"),  
@@ -112 +119 @@
     HAS_ARG_YES, 
     sh_calls_set_bind_addr },
-#ifdef SH_WITH_CLIENT
+#if defined(SH_WITH_SERVER) || defined(SH_WITH_CLIENT)
   { N_("set-export-severity"),  
     'e', 
@@ -554 +561 @@
           for (i = 0; op_table[i].longopt != NULL; ++i) 
             {
-      
+
               if (sl_strncmp(_(op_table[i].longopt), 
                              &argv[1][2], 
@@ -562 +569 @@
                   if ( op_table[i].hasArg == HAS_ARG_YES ) 
                     {
-                      if ( (theequal = strchr(argv[1], '=')) == NULL) 
+                      theequal = strchr(argv[1], '=');
+                      if (theequal == NULL) 
                         { 
                           if (argc < 3) 

trunk/src/sh_hash.c

@@ -297 +297 @@
     N_("[User0]"),
     N_("[User1]"),
+    N_("[User2]"),
+    N_("[User3]"),
+    N_("[User4]"),
     N_("[Prelink]"),
     NULL

trunk/src/sh_readconf.c

@@ -69 +69 @@
   SH_SECTION_USER0,
   SH_SECTION_USER1,
+  SH_SECTION_USER2,
+  SH_SECTION_USER3,
+  SH_SECTION_USER4,
   SH_SECTION_PRELINK,
 #if defined (SH_WITH_MAIL) 
@@ -108 +111 @@
   { N_("[User0]"),            SH_SECTION_USER0},
   { N_("[User1]"),            SH_SECTION_USER1},
+  { N_("[User2]"),            SH_SECTION_USER2},
+  { N_("[User3]"),            SH_SECTION_USER3},
+  { N_("[User4]"),            SH_SECTION_USER4},
   { N_("[Prelink]"),          SH_SECTION_PRELINK},
 #ifdef WITH_EXTERNAL
@@ -820 +826 @@
   { N_("file"),           SH_SECTION_USER1,      SH_SECTION_NONE, 
     sh_files_pushfile_user1 },
+  { N_("dir"),            SH_SECTION_USER2,      SH_SECTION_NONE, 
+    sh_files_pushdir_user2 },
+  { N_("file"),           SH_SECTION_USER2,      SH_SECTION_NONE, 
+    sh_files_pushfile_user2 },
+  { N_("dir"),            SH_SECTION_USER3,      SH_SECTION_NONE, 
+    sh_files_pushdir_user3 },
+  { N_("file"),           SH_SECTION_USER3,      SH_SECTION_NONE, 
+    sh_files_pushfile_user3 },
+  { N_("dir"),            SH_SECTION_USER4,      SH_SECTION_NONE, 
+    sh_files_pushdir_user4 },
+  { N_("file"),           SH_SECTION_USER4,      SH_SECTION_NONE, 
+    sh_files_pushfile_user4 },
   { N_("dir"),            SH_SECTION_PRELINK,    SH_SECTION_NONE, 
     sh_files_pushdir_prelink },
@@ -892 +910 @@
   { N_("redefuser1"),           SH_SECTION_MISC,   SH_SECTION_NONE, 
     sh_files_redef_user1 },
+
+  { N_("redefuser2"),           SH_SECTION_MISC,   SH_SECTION_NONE, 
+    sh_files_redef_user2 },
+
+  { N_("redefuser3"),           SH_SECTION_MISC,   SH_SECTION_NONE, 
+    sh_files_redef_user3 },
+
+  { N_("redefuser4"),           SH_SECTION_MISC,   SH_SECTION_NONE, 
+    sh_files_redef_user4 },
 
   { N_("redefprelink"),         SH_SECTION_MISC,   SH_SECTION_NONE, 
@@ -941 +968 @@
 #endif
 
-#ifdef SH_WITH_CLIENT
+#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
   { N_("exportseverity"),      SH_SECTION_LOG,  SH_SECTION_NONE, 
     sh_error_setexport },
   { N_("exportclass"),         SH_SECTION_LOG,  SH_SECTION_NONE, 
     sh_error_export_mask },
+#if defined(SH_WITH_SERVER)
+  { N_("setlogserver"),        SH_SECTION_SRV,  SH_SECTION_MISC, 
+    sh_forward_setlogserver },
+#else
   { N_("setlogserver"),        SH_SECTION_CLT,  SH_SECTION_MISC, 
     sh_forward_setlogserver },
+#endif
 #endif
   { N_("setfilechecktime"),  SH_SECTION_MISC,   SH_SECTION_NONE, 
@@ -1088 +1120 @@
     N_("severityuser0"),
     N_("severityuser1"),
+    N_("severityuser2"),
+    N_("severityuser3"),
+    N_("severityuser4"),
     N_("severityprelink"),
     NULL
@@ -1104 +1139 @@
     SH_ERR_T_USER0,       
     SH_ERR_T_USER1,       
+    SH_ERR_T_USER2,       
+    SH_ERR_T_USER3,       
+    SH_ERR_T_USER4,       
     SH_ERR_T_PRELINK,       
   };

trunk/src/sh_srp.c

@@ -384 +384 @@
 }
 
-#ifdef SH_WITH_CLIENT
+#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
   
 
@@ -489 +489 @@
   
   
-#ifdef SH_WITH_CLIENT
+#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
   
 char * sh_srp_S_c (char * u_str, char * B_str)

trunk/src/sh_tools.c

@@ -695 +695 @@
 }
 
-#if defined(HAVE_NTIME) || defined(SH_WITH_CLIENT)
+#if defined(HAVE_NTIME) || defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
 static
 int sh_write_select(int type, int sockfd, 
@@ -842 +842 @@
 #endif
 
-#if defined (SH_WITH_CLIENT)
+#if defined (SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
 unsigned long write_port (int sockfd, char *buf, unsigned long nbytes, 
                           int * w_error, int timeout)
@@ -862 +862 @@
 #endif
 
-#if defined(HAVE_NTIME) || defined(SH_WITH_CLIENT)
+#if defined(HAVE_NTIME) || defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
 
 unsigned long read_port (int sockfd, char *buf, unsigned long nbytes, 
@@ -898 +898 @@
 #endif
 
-#if defined (SH_WITH_CLIENT)
+#if defined (SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
 
 int check_request (char * have, char * need)
@@ -952 +952 @@
 #endif
 
-#if defined (SH_WITH_CLIENT)
+#if defined (SH_WITH_CLIENT) || defined (SH_WITH_SERVER)
 
 void get_header (unsigned char * head, unsigned long * bytes, char * u)
@@ -1032 +1032 @@
  * (msg_size = payload_size - key_len = payload_size - 48)
  */ 
+
+/* 
+ * only SH_V2_FULLSIZE is used, and only once
+ */
+#if 0
 #ifdef SH_WITH_SERVER
 #define SH_V2_FULLSIZE  240
@@ -1041 +1046 @@
 #define SH_V2_MESSAGE   960
 #endif
+#endif
+#define SH_V2_FULLSIZE 1024
 
 #ifdef SH_ENCRYPT
@@ -1383 +1390 @@
 #endif
 
-#if defined (SH_WITH_CLIENT)
+#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
 
 /* verify the checksum of a buffer; checksum comes first
@@ -1535 +1542 @@
 #endif
 
-#if defined(SH_WITH_CLIENT) || defined(SH_STEALTH) || defined(WITH_GPG) || defined(WITH_PGP)
+#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) || defined(SH_STEALTH) || defined(WITH_GPG) || defined(WITH_PGP)
 
 /* --------- secure temporary file ------------ */

trunk/src/sh_unix.c

@@ -127 +127 @@
 unsigned long mask_USER0        = MASK_USER_;
 unsigned long mask_USER1        = MASK_USER_;
+unsigned long mask_USER2        = MASK_USER_;
+unsigned long mask_USER3        = MASK_USER_;
+unsigned long mask_USER4        = MASK_USER_;
 unsigned long mask_ALLIGNORE    = MASK_ALLIGNORE_;
 unsigned long mask_ATTRIBUTES   = MASK_ATTRIBUTES_;
@@ -142 +145 @@
   mask_USER0        = MASK_USER_;
   mask_USER1        = MASK_USER_;
+  mask_USER2        = MASK_USER_;
+  mask_USER3        = MASK_USER_;
+  mask_USER4        = MASK_USER_;
   mask_ALLIGNORE    = MASK_ALLIGNORE_;
   mask_ATTRIBUTES   = MASK_ATTRIBUTES_;

trunk/src/sh_userfiles.c

@@ -221 +221 @@
     else if ( strstr(s, "user0")     != NULL ) new->level = SH_LEVEL_USER0;
     else if ( strstr(s, "user1")     != NULL ) new->level = SH_LEVEL_USER1;
+    else if ( strstr(s, "user2")     != NULL ) new->level = SH_LEVEL_USER2;
+    else if ( strstr(s, "user3")     != NULL ) new->level = SH_LEVEL_USER3;
+    else if ( strstr(s, "user4")     != NULL ) new->level = SH_LEVEL_USER4;
     else if ( strstr(s, "prelink")   != NULL ) new->level = SH_LEVEL_PRELINK;
     else            /* The default */          new->level = default_level;
@@ -332 +335 @@
                     (void) sh_files_pushfile_user1(filepath);
                     break;
+                case SH_LEVEL_USER2:
+                    (void) sh_files_pushfile_user2(filepath);
+                    break;
+                case SH_LEVEL_USER3:
+                    (void) sh_files_pushfile_user3(filepath);
+                    break;
+                case SH_LEVEL_USER4:
+                    (void) sh_files_pushfile_user4(filepath);
+                    break;
                 case SH_LEVEL_PRELINK:
                     (void) sh_files_pushfile_prelink(filepath);

trunk/test/test.sh

@@ -1 +1 @@
 #! /bin/sh
+
+#
+# Copyright Rainer Wichmann (2006)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
 
 isok=`test -t 1 2>&1 | wc -c`
@@ -288 +307 @@
     rm -f testrc_1.dyn
     rm -f testrc_2
+    rm -f testrc_22
     rm -f ./.samhain_file
     rm -f ./.samhain_log*
-    rm -f ./.samhain_lock
+    rm -f ./.samhain_lock*
     test -d testrun_testdata && chmod -R 0700 testrun_testdata
     test -d .quarantine && rm -rf .quarantine
@@ -296 +316 @@
     rm -f test_log_db
     rm -f test_log_prelude
-    rm -f test_log_valgrind
+    rm -f test_log_valgrind*
     rm -f test_log_yulectl
     rm -f yule.html
+    rm -f yule.html2
 }
 

trunk/test/testcompile.sh

@@ -1 +1 @@
 #! /bin/sh
+
+#
+# Copyright Rainer Wichmann (2006)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
 
 MAXTEST=56; export MAXTEST

trunk/test/testext.sh

@@ -1 +1 @@
 #! /bin/sh
+
+#
+# Copyright Rainer Wichmann (2006)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
 
 MAXTEST=1; export MAXTEST

trunk/test/testhash.sh

@@ -1 +1 @@
 #! /bin/sh
+
+#
+# Copyright Rainer Wichmann (2006)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
 
 RCFILE="$PW_DIR/testrc_1.dyn";  export RCFILE

trunk/test/testrun_1.sh

@@ -1 +1 @@
 #! /bin/sh
+
+#
+# Copyright Rainer Wichmann (2006)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
 
 RCFILE="$PW_DIR/testrc_1.dyn";  export RCFILE

trunk/test/testrun_1a.sh

@@ -1 +1 @@
 #! /bin/sh
+
+#
+# Copyright Rainer Wichmann (2006)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
 
 BUILDOPTS="--quiet $TRUST --enable-debug --enable-xml-log --enable-micro-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file"

trunk/test/testrun_1b.sh

@@ -1 +1 @@
 #! /bin/sh
 
+#
+# Copyright Rainer Wichmann (2006)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
 
 MAXTEST=2; export MAXTEST

trunk/test/testrun_1c.sh

@@ -1 +1 @@
 #! /bin/sh
+
+#
+# Copyright Rainer Wichmann (2006)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
 
 BUILDOPTS="--quiet $TRUST --enable-xml-log --enable-suidcheck --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file"

trunk/test/testrun_2.sh

@@ -1 +1 @@
 #! /bin/sh
+
+#
+# Copyright Rainer Wichmann (2006)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
 
 LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE
@@ -16 +35 @@
         rm -f test_log_valgrind
 
-        ${VALGRIND} ./yule -l info -p none >/dev/null 2>>test_log_valgrind &
+        ${VALGRIND} ./yule.2 -l info -p none >/dev/null 2>>test_log_valgrind &
+        PROC_Y2=$!
+        sleep 5
+
+        [ -z "$verbose" ] || { 
+            echo; 
+            echo "${S}Start Server #2${E}: ./yule.2 -l info -p none &"; 
+            echo; 
+        }
+
+        ${VALGRIND} ./yule -l info -p none -e info --bind-address=127.0.0.1 \
+            --server-port=49778 >/dev/null 2>>test_log_valgrind &
         PROC_Y=$!
         sleep 5
@@ -32 +62 @@
             [ -z "$quiet" ]   && log_msg_fail  "samhain.new -t check";
             kill $PROC_Y
+            kill $PROC_Y2
             return 1
         fi
 
         kill $PROC_Y
-        sleep 5
+        kill $PROC_Y2
+        sleep 5
+
+        # cp ${LOGFILE}  triple_test
+        # cp ${LOGFILE}2 triple_test_2
+
+        egrep "START(>|\").*Yule(>|\")" ${LOGFILE}2 >/dev/null 2>&1
+        if [ $? -ne 0 ]; then
+            [ -z "$verbose" ] || log_msg_fail "Server #2 start";
+            return 1
+        fi
+        egrep "remote_host.*Checking.*/bin" ${LOGFILE}2 >/dev/null 2>&1
+        if [ $? -ne 0 ]; then
+            [ -z "$verbose" ] || log_msg_fail "Client file check (relayed)";
+            return 1
+        fi
+        egrep "remote_host.*EXIT.*Samhain" ${LOGFILE}2 >/dev/null 2>&1
+        if [ $? -ne 0 ]; then
+            [ -z "$verbose" ] || log_msg_fail "Client exit (relayed)";
+            return 1
+        fi
+        egrep "EXIT.*Yule.*SIGTERM" ${LOGFILE}2 >/dev/null 2>&1
+        if [ $? -ne 0 ]; then
+            [ -z "$verbose" ] || log_msg_fail "Server #2 exit";
+            return 1
+        fi
+
 
         egrep "START(>|\").*Yule(>|\")" $LOGFILE >/dev/null 2>&1
@@ -195 +252 @@
         rm -f test_log_valgrind
 
-        ${VALGRIND} ./yule -p none >/dev/null 2>>test_log_valgrind &
+        ${VALGRIND} ./yule -p none -e none >/dev/null 2>>test_log_valgrind &
         PROC_Y=$!
         sleep 5
@@ -292 +349 @@
         rm -f test_log_valgrind
 
-        ${VALGRIND} ./yule -l info -p none >/dev/null 2>>test_log_valgrind &
+        ${VALGRIND} ./yule -l info -p none -e none \
+            >/dev/null 2>>test_log_valgrind &
         PROC_Y=$!
         sleep 5
@@ -427 +485 @@
 ) >entry.html
 
-        ${VALGRIND} ./yule -l info -p none >/dev/null 2>>test_log_valgrind &
+        ${VALGRIND} ./yule -l info -p none -e none \
+            >/dev/null 2>>test_log_valgrind &
         PROC_Y=$!
         sleep 5
 
         egrep '<!-- head -->' $HTML >/dev/null 2>&1
+        if [ $? -ne 0 ]; then
+            # rm -f head.html; rm -f foot.html; rm -f entry.html;
+            kill $PROC_Y
+            [ -z "$verbose" ] || log_msg_fail "head.html (1)";
+            return 1
+        fi
+
+        egrep '<!-- foot -->' $HTML >/dev/null 2>&1
         if [ $? -ne 0 ]; then
             rm -f head.html; rm -f foot.html; rm -f entry.html;
             kill $PROC_Y
-            [ -z "$verbose" ] || log_msg_fail "head.html";
-            return 1
-        fi
-
-        egrep '<!-- foot -->' $HTML >/dev/null 2>&1
-        if [ $? -ne 0 ]; then
-            rm -f head.html; rm -f foot.html; rm -f entry.html;
-            kill $PROC_Y
-            [ -z "$verbose" ] || log_msg_fail "foot.html";
+            [ -z "$verbose" ] || log_msg_fail "foot.html (1)";
             return 1
         fi
@@ -500 +559 @@
         egrep '<!-- ehead -->' $HTML >/dev/null 2>&1
         if [ $? -ne 0 ]; then
-            [ -z "$verbose" ] || log_msg_fail "head.html";
+            [ -z "$verbose" ] || log_msg_fail "end head.html";
             return 1
         fi
@@ -511 +570 @@
         egrep '<!-- eentry -->' $HTML >/dev/null 2>&1
         if [ $? -ne 0 ]; then
-            [ -z "$verbose" ] || log_msg_fail "entry.html";
+            [ -z "$verbose" ] || log_msg_fail "end entry.html";
             return 1
         fi
@@ -522 +581 @@
         egrep '<!-- efoot -->' $HTML >/dev/null 2>&1
         if [ $? -ne 0 ]; then
-            [ -z "$verbose" ] || log_msg_fail "foot.html";
+            [ -z "$verbose" ] || log_msg_fail "end foot.html";
             return 1
         fi
@@ -571 +630 @@
         fi
 
-        # save binary and build server
+        # save binary and build server2
         #
         cp samhain samhain.build || return 1
         make clean >/dev/null || return 1
 
-        ${TOP_SRCDIR}/configure --quiet  $TRUST --enable-debug --enable-network=server  --enable-xml-log --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE  --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file --with-html-file=$HTML --enable-encrypt=2
+        ${TOP_SRCDIR}/configure --quiet  $TRUST --enable-debug --enable-network=server  --enable-xml-log --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=${RCFILE}2  --with-log-file=${LOGFILE}2 --with-pid-file=$PW_DIR/.samhain_lock2 --with-html-file=${HTML}2 --with-state-dir=$PW_DIR --enable-encrypt=2 --with-port=49778
         #
         if test x$? = x0; then
@@ -593 +652 @@
         fi
 
+        # save binary and build server
+        #
+        cp yule yule.2 || return 1
+        make clean >/dev/null || return 1
+
+        ${TOP_SRCDIR}/configure --quiet  $TRUST --enable-debug --enable-network=server  --enable-xml-log --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE  --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-html-file=$HTML --with-state-dir=$PW_DIR --enable-encrypt=2
+        #
+        if test x$? = x0; then
+                [ -z "$verbose" ] ||     log_msg_ok "configure..."; 
+                $MAKE  > /dev/null 2>>test_log
+                if test x$? = x0; then
+                    [ -z "$verbose" ] || log_msg_ok "make..."; 
+                else
+                    [ -z "$quiet" ] &&   log_msg_fail "make..."; 
+                    return 1
+                fi
+
+        else
+                [ -z "$quiet" ] &&       log_msg_fail "configure...";
+                return 1
+        fi
+
 
         #####################################################################
@@ -633 +714 @@
         mv samhain.build.new  samhain.new || return 1
 
-        rm -f ./.samhain_log.*
-        rm -f ./.samhain_lock
+        # Set in server
+
+        ./samhain_setpwd yule new $SHPW >/dev/null
+
+        if test x$? = x0; then
+            [ -z "$verbose" ] || log_msg_ok    "./samhain_setpwd yule new $SHPW";
+        else
+            [ -z "$quiet" ]   && log_msg_fail  "./samhain_setpwd yule new $SHPW";
+            return 1
+        fi
+
+        mv yule.new yule || return 1
+
+        #
+
+        rm -f ./.samhain_log*
+        rm -f ./.samhain_lock*
 
         SHCLT=`./yule -P $SHPW | sed s%HOSTNAME%${SH_LOCALHOST}%`
@@ -646 +742 @@
 
         echo $SHCLT >> testrc_2
+        cp testrc_2 testrc_22
 
         do_test_1

trunk/test/testrun_2a.sh

@@ -1 +1 @@
 #! /bin/sh
+
+#
+# Copyright Rainer Wichmann (2006)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
 
 LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE

trunk/test/testrun_2b.sh

@@ -1 +1 @@
 #! /bin/sh
+
+#
+# Copyright Rainer Wichmann (2006)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
 
 LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE

trunk/test/testrun_2c.sh

@@ -1 +1 @@
 #! /bin/sh
+
+#
+# Copyright Rainer Wichmann (2006)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
 
 SERVER_BUILDOPTS="--quiet  $TRUST --enable-xml-log --enable-debug --enable-network=server --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=${SH_LOCALHOST}  --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-database=mysql"; export SERVER_BUILDOPTS

trunk/test/testrun_2d.sh

@@ -1 +1 @@
 #! /bin/sh
+
+#
+# Copyright Rainer Wichmann (2006)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
 
 SERVER_BUILDOPTS="--quiet  $TRUST --enable-xml-log --enable-debug --enable-network=server --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=${SH_LOCALHOST}  --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-database=postgresql"; export SERVER_BUILDOPTS

trunk/test/testtimesrv.sh

@@ -1 +1 @@
 #! /bin/sh
+
+#
+# Copyright Rainer Wichmann (2006)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
 
 RCFILE="$PW_DIR/testrc_1.dyn";  export RCFILE