Changeset 415 for trunk

Timestamp:

Nov 1, 2012, 7:45:54 AM (12 years ago)

Author:

katerina

Message:

Fixes for tickets #314, #315, #316, #317, #318, #319, #320, and #321.

Location:

trunk

Files:

• Makefile.in (modified) (1 diff)
• aclocal.m4 (modified) (1 diff)
• configure.ac (modified) (2 diffs)
• docs/Changelog (modified) (1 diff)
• include/samhain.h (modified) (1 diff)
• include/sh_extern.h (modified) (2 diffs)
• include/sh_files.h (modified) (1 diff)
• samhain.spec.in (modified) (5 diffs)
• scripts/samhainadmin.pl.in (modified) (1 diff)
• src/samhain.c (modified) (5 diffs)
• src/samhain_setpwd.c (modified) (1 diff)
• src/sh_audit.c (modified) (5 diffs)
• src/sh_extern.c (modified) (4 diffs)
• src/sh_getopt.c (modified) (1 diff)
• src/sh_html.c (modified) (1 diff)
• src/sh_log_check.c (modified) (1 diff)
• src/sh_unix.c (modified) (1 diff)
• test/testrun_2.sh (modified) (5 diffs)
• yulerc.template (modified) (2 diffs)

trunk/Makefile.in

@@ -960 +960 @@
 rpmspec-light: samhain.spec
         @echo "Stripping docs from samhain.spec"; \
-        cat samhain.spec | sed 's,make DESTDIR=$${RPM_BUILD_ROOT} install,make   DESTDIR=$${RPM_BUILD_ROOT} install-light,' | sed s,shkeep=yes,shkeep=no, | sed s,%doc.*,, | sed s,%attr.*,, > samhain.spec-light; \
+        cat samhain.spec | sed 's,make DESTDIR=$${RPM_BUILD_ROOT} install,make   DESTDIR=$${RPM_BUILD_ROOT} install-light,' | sed s,shkeep=yes,shkeep=no, | sed s,%doc.*,, | sed '/logrotate/! { s,%attr.*,, }' > samhain.spec-light; \
         mv samhain.spec-light samhain.spec
 

trunk/aclocal.m4

@@ -1379 +1379 @@
   #
   if test "x$GCC" = xyes; then
-    SAMHAIN_X86_64
+     case "$host_os" in
+        *linux*)
+        SAMHAIN_X86_64
+        ;;
+        *bsd*)
+        SAMHAIN_X86_64
+        ;;
+        *)
+        SAMHAIN_X86_64
+        ;;
+      esac      
   fi
 fi

trunk/configure.ac

@@ -12 +12 @@
 dnl start
 dnl
-AM_INIT_AUTOMAKE(samhain, 3.0.6)
+AM_INIT_AUTOMAKE(samhain, 3.0.8)
 AC_DEFINE([SAMHAIN], 1, [Application is samhain])
 AC_CANONICAL_HOST
@@ -1425 +1425 @@
 
         elif test "x${withval}" = "xoracle"; then
-          AC_MSG_CHECKING(for oracle in /usr /usr/local ORACLE_HOME)
+
+          AC_MSG_CHECKING(for oracle in ORACLE_HOME /usr/local /usr)
+
           oracle_directory="/usr /usr/local ${ORACLE_HOME}"
           for i in $oracle_directory; do 
-            if test -r $i/rdbms/demo/oci.h; then
-            ORACLE_DIR=$i
-          fi  
-          done
+
+              ff=`find $i -name oci.h 2>/dev/null | tail -1`
+              if test "x$ff" = "x"; then
+                 :
+              else
+                 ORACLE_INC=`dirname $ff`
+              fi
+
+              fg=`find $i -name libclntsh.so 2>/dev/null | tail -1`
+              if test "x$fg" = "x"; then
+                 :
+              else
+                 ORACLE_LIB=`dirname $fg`
+              fi
+
+           done
           
-          if test -z "$ORACLE_DIR"; then
+          if test -z "$ORACLE_INC"; then
+
               tmp=""
               for i in $oracle_directory; do
-                tmp="$tmp $i/rdbms/demo"
+                tmp="$tmp $i"
               done
-              FAIL_MESSAGE("OCI header file (oci.h)", $tmp)
-          else 
-            for i in rdbms/demo rdbms/public network/public; do
-              ORACLE_CPP_FLAGS="$ORACLE_CPP_FLAGS -I$ORACLE_DIR/$i"
-            done
-            ORACLE_LIB_DIR="$ORACLE_DIR/lib"
-            AC_MSG_RESULT(yes)
+              FAIL_MESSAGE("OCI header file (oci.h) please define ORACLE_INC directory where oci.h resides", $tmp)
+
+          elif test -z "$ORACLE_LIB"; then
+
+              tmp=""
+              for i in $oracle_directory; do
+                tmp="$tmp $i"
+              done
+              FAIL_MESSAGE("OCI library file (libclntsh.so) please define ORACLE_LIB directory where libclntsh.so resides", $tmp)
+
+          else
+
+            ORACLE_CPP_FLAGS="-I$ORACLE_INC"
+            ORACLE_LIB_DIR="$ORACLE_LIB"
+
+            AC_MSG_RESULT([$ORACLE_INC $ORACLE_LIB])
 
             CPPFLAGS="${CPPFLAGS} ${ORACLE_CPP_FLAGS}"
 
             ORACLE_LIBS="-lclntsh"
+
+            if test -r $ORACLE_LIB_DIR/libnnz11.so; then
+              ORACLE_LIBS="${ORACLE_LIBS} -lnnz11"
+            fi
             if test -r $ORACLE_LIB_DIR/libwtc9.so; then
               ORACLE_LIBS="${ORACLE_LIBS} -lwtc9"

trunk/docs/Changelog

@@ +1 @@
+3.0.8:
+        * rename to 3.0.8 for release
+        * useful exit status for samhainadmin.pl --examine
+
+3.0.7a:
+        * add ability to create RPM with preset password (use
+          env var PASSWORD)
+        * fix the rpm-light makefile target
+        * fix minor bug in samhain_setpwd.c (incorrect error message)
+
+3.0.7:
+        * update documentation for prelude
+        * fix configure to properly search for Oracle Instantclient SDK
+        * pass through TNS_ADMIN environment variable for Oracle
+        * optimize audit rules automatically
+        * zero out the html status file at server exit
+        * don't check for assembly optimization unless linux or *BSD
+
 3.0.6:
         * install logrotate script if /etc/logrotate.d is detected

trunk/include/samhain.h

@@ -125 +125 @@
 #define UINT32 unsigned short
 #define SINT32 short
+#else
+#error "No 32 bit integer type found"
 #endif
 

trunk/include/sh_extern.h

@@ -1 +1 @@
 #ifndef SH_EXTERN_H
 #define SH_EXTERN_H
+
+#include <stdarg.h>
 
 typedef struct 
@@ -40 +42 @@
  *    executes shell command
  */
-int sh_ext_popen_init (sh_tas_t * task, char * command);
+int sh_ext_popen_init (sh_tas_t * task, char * command, char * argv0, ...) SH_GNUC_SENTINEL;
 
 /*
  * -- Execute command, return first line of output
  */
-int sh_ext_system (char * command);
+int sh_ext_system (char * command, char * argv0, ...) SH_GNUC_SENTINEL;
 
 /*

trunk/include/sh_files.h

@@ -22 +22 @@
 
 void sh_audit_mark (const char * file);
+void sh_audit_commit ();
 void sh_audit_delete_all ();
 char * sh_audit_fetch (char * file, time_t time, char * result, size_t rsize);

trunk/samhain.spec.in

@@ -14 +14 @@
 Packager: Andre Oliveira da Costa <brblueser@uol.com.br>
 Provides: %{name}
+Requires(pre): shadow-utils
 
 # dummy (fix configure warning)
@@ -19 +20 @@
 
 # no quotes here - aparently will be expanded literally
+
+%define password %(echo $PASSWORD)
 
 %define withpwd_prg x@clmytclient@
@@ -65 +68 @@
 ./configure @mydefargs@ 
 make
+%if "%{withpwd_prg}" == "xDSH_WITH_CLIENT"
+%if 0%{?password:1}
+        ./samhain_setpwd samhain new %{password}
+        mv samhain samhain.old
+        mv samhain.new samhain
+%endif
+%endif
+
 
 %install
-
 rm -rf ${RPM_BUILD_ROOT}
 # sstrip shouldn't be used since binaries will be stripped later
@@ -88 +98 @@
 %clean
 rm -rf ${RPM_BUILD_ROOT}
+
+%pre
+if test "x@install_name@" = "xyule"
+then
+    getent group samhain >/dev/null || groupadd -r samhain
+    getent passwd yule >/dev/null || \
+        useradd -r -g samhain -d  @mydataroot@ -s /sbin/nologin \
+        -c "samhain server daemon" yule
+
+fi
+exit 0
 
 %post
@@ -197 +218 @@
 %attr(644,root,root) @mandir@/man8/@install_name@*
 %attr(644,root,root) /etc/logrotate.d/@install_name@
+%if "%{name}" == "yule"
+%attr(750,root,samhain) @mydataroot@ 
+%attr(750,yule,samhain) @mylogdir@ 
+%endif
 %config(noreplace) @myrpmconffile@
 
 %changelog
+* Tue Oct 23 2012 Rainer Wichmann
+- fixes for yule installation
+
 * Tue May 16 2006 Rainer Wichmann
 - fix manual version, noticed by Imre Gergely

trunk/scripts/samhainadmin.pl.in

@@ -687 +687 @@
     check_gpg_verify();
     my $i = 0;
+    my $ret = 0;
     while (defined($ARGV[$i])) {
         print "\n";
         $file1 = $ARGV[$i];
-        examine ();
+        $ret += examine ();
         ++$i;
         print "\n--------------------------------\n" if (defined($ARGV[$i]));
     }
+    exit($ret);
 }
 

trunk/src/samhain.c

@@ -712 +712 @@
 #if defined(SH_WITH_SERVER)
   extern int sh_socket_remove (void);
+  extern int sh_html_zero();
 #endif
 
@@ -743 +744 @@
    */
 #if defined(SH_WITH_SERVER)
-  sh_forward_html_write();
+  /* zero out the status file at exit, such that the status
+   * of client becomes unknown in the beltane interface
+   */
+  sh_html_zero();
+  /* sh_forward_html_write(); */
 #endif
 
@@ -1174 +1179 @@
       FileSchedIn = NULL;
       *status = 0;
-      return 0;
+      return NULL;
     }
 
@@ -1722 +1727 @@
   (void) sh_files_setrec();
   (void) sh_files_test_setup();
+  sh_audit_commit ();
 
   /* --------  NICE LEVEL   ---------
@@ -1858 +1864 @@
               (void) sh_files_setrec();
               (void) sh_files_test_setup();
+              sh_audit_commit ();
+
+              fprintf(stderr, "FIXME: %d\n", (int) sh.fileCheck.alarm_interval);
+              fprintf(stderr, "FIXME: FileSchedOne %s\n", 
+                      FileSchedOne == NULL ? "NULL" : "NOT NULL");
+              fprintf(stderr, "FIXME: FileSchedTwo %s\n", 
+                      FileSchedTwo == NULL ? "NULL" : "NOT NULL");
+
 
               if (0 != sh.flag.nice)

trunk/src/samhain_setpwd.c

@@ -279 +279 @@
   if (strlen(argv[3]) != 16)
     {
-      fprintf (stdout, _("ERROR <new_password> %s has not exactly 16 chars\n"),
-               argv[0]);
+      fprintf (stdout, 
+               _("ERROR <new_password> |%s| has not exactly 16 chars\n"),
+               argv[3]);
       fflush(stdout);
       return  EXIT_FAILURE;

trunk/src/sh_audit.c

@@ -211 +211 @@
   if (p >= 0)
     {
-      char command[64];
-
-      sl_snprintf(command, sizeof(command), _("%s -D -k samhain"),
+      char ctl[64];
+
+      sl_snprintf(ctl, sizeof(ctl), _("%s -D -k samhain"),
                   _(actl_paths[p]));
       sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, 
@@ -219 +219 @@
                        _("Deleting audit daemon rules with key samhain"),
                        _("sh_audit_delete_all") );
-      sh_ext_system(command);
-    }
-  return;
-}
-
-void sh_audit_mark (const char * file)
+
+      sl_strlcpy(ctl, _(actl_paths[p]), sizeof(ctl));
+      sh_ext_system(ctl, ctl, "-D", "-k", _("samhain"), NULL);
+    }
+  return;
+}
+
+static void sh_audit_mark_int (const char * file)
 {
   static int flushRules = 0;
@@ -243 +245 @@
       char * command = SH_ALLOC(len);
       char * safe;
+      char   ctl[64];
 
       sl_snprintf(command, len, _("%s -w %s -p wa -k samhain"),
@@ -255 +258 @@
       SH_FREE(safe);
 
-      sh_ext_system(command);
-    }
-  return;
-}
-
+      sl_strlcpy(ctl, _(actl_paths[p]), sizeof(ctl));
+      sl_strlcpy(command, file, len);
+
+      sh_ext_system(ctl, ctl, "-w", command, "-p", "wa", "-k", _("samhain"), NULL);
+
+      SH_FREE(command);
+    }
+  return;
+}
+
+struct aud_list {
+  char * file;
+  struct aud_list * next;
+};
+
+struct aud_list * mark_these = NULL;
+
+static void add_this (char * file)
+{
+  struct aud_list * this = SH_ALLOC(sizeof(struct aud_list));
+  this->file = sh_utils_strdup(file);
+  this->next = mark_these;
+  return;
+}
+
+static int test_exchange (struct aud_list * this, char * file)
+{
+  size_t len0 = sl_strlen(this->file);
+  size_t len1 = sl_strlen(file);
+  int    ret  = -1;
+
+  if (len0 == len1)
+    {
+      return strcmp(this->file, file);
+    }
+  else
+    {
+      char * s0 = SH_ALLOC(len0 + 2);
+      char * s1 = SH_ALLOC(len1 + 2);
+
+       sl_strlcpy(s0, this->file, len0 + 2); 
+       sl_strlcpy(s1, file,       len1 + 2); 
+
+       if (s0 < s1)
+         {
+           sl_strlcat(s0, "/", len0 + 2);
+           ret = strncmp(s0, s1, len0 + 1);
+         }
+       else
+         {
+           sl_strlcat(s1, "/", len1 + 2);
+           if (0 == strncmp(s0, s1, len1 + 1))
+             {
+               SH_FREE(this->file);
+               this->file = sh_utils_strdup(file);
+               ret = 0;
+             }
+         }
+       SH_FREE(s0);
+       SH_FREE(s1);
+    }
+  
+  return ret;
+}
+
+void sh_audit_mark (char * file)
+{
+  struct aud_list * all  = mark_these;
+  struct aud_list * this = mark_these;
+
+  if (!mark_these) {
+    add_this (file);
+    return;
+  }
+
+  while (this)
+    {
+      if (0 == test_exchange(this, file))
+        return;
+      this = this->next;
+    }
+
+  add_this (file);
+  return;
+}
+
+void sh_audit_commit ()
+{
+  struct aud_list * next;
+  struct aud_list * this = mark_these;
+
+  mark_these = NULL;
+
+  while (this)
+    {
+      sh_audit_mark_int (this->file);
+      next = this->next;
+      SH_FREE(this->file);
+      SH_FREE(this);
+      this = next;
+    }
+  
+}
 
 static int sh_audit_checkdaemon()
@@ -381 +482 @@
   return;
 }
+void sh_audit_commit ()
+{
+  return;
+}
 #endif
 

trunk/src/sh_extern.c

@@ -847 +847 @@
 }
 
-int sh_ext_popen_init (sh_tas_t * task, char * command)
-{
-  int status;
-
+static void task_init (sh_tas_t * task)
+{
   sh_ext_tas_init(task);
 
@@ -858 +856 @@
                               _("/sbin:/bin:/usr/sbin:/usr/bin:/usr/ucb")); 
   (void) sh_ext_tas_add_envv (task, _("IFS"), " \n\t"); 
+
   if (sh.timezone != NULL)
     {
       (void) sh_ext_tas_add_envv(task,  "TZ", sh.timezone);
     }
+  return;
+}
+
+int sh_ext_popen_init (sh_tas_t * task, char * command, char * argv0, ...)
+{
+  va_list vl;
+  int status;
+
+  task_init (task);
   
-  sh_ext_tas_command(task,  _("/bin/sh"));
-
-  (void) sh_ext_tas_add_argv(task,  _("/bin/sh"));
-  (void) sh_ext_tas_add_argv(task,  _("-c"));
-  (void) sh_ext_tas_add_argv(task,  command);
-  
+  if (!argv0)
+    {
+      sh_ext_tas_command(task,  _("/bin/sh"));
+
+      (void) sh_ext_tas_add_argv(task,  _("/bin/sh"));
+      (void) sh_ext_tas_add_argv(task,  _("-c"));
+      (void) sh_ext_tas_add_argv(task,  command);
+    }
+  else
+    {
+      char * s;
+
+      sh_ext_tas_command(task,  command);
+
+      (void) sh_ext_tas_add_argv(task, argv0);
+
+      va_start (vl, argv0);
+      s = va_arg (vl, char * );
+      while (s != NULL)
+        {
+          (void) sh_ext_tas_add_argv(task, s);
+          s = va_arg (vl, char * );
+        }
+      va_end (vl);
+
+    }
   task->rw = 'r';
   task->fork_twice = S_FALSE;
@@ -879 +907 @@
 /* Execute a system command */
 
-int sh_ext_system (char * command)
+int sh_ext_system (char * command, char * argv0, ...)
 {
   sh_tas_t task;
   int    status;
+  va_list vl;
+  char * s;
 
   SL_ENTER(_("sh_ext_system"));
 
-  status = sh_ext_popen_init (&task, command);
+  task_init (&task);
+  
+  sh_ext_tas_command(&task,  command);
+
+  (void) sh_ext_tas_add_argv(&task, argv0);
+  
+  va_start (vl, argv0);
+  s = va_arg (vl, char * );
+  while (s != NULL)
+    {
+      (void) sh_ext_tas_add_argv(&task, s);
+      s = va_arg (vl, char * );
+    }
+  va_end (vl);
+
+  task.rw = 'r';
+  task.fork_twice = S_FALSE;
+
+  status = sh_ext_popen(&task);
 
   if (status != 0)
@@ -915 +963 @@
   SL_ENTER(_("sh_ext_popen_str"));
 
-  status = sh_ext_popen_init (&task, command);
+  status = sh_ext_popen_init (&task, command, NULL, NULL);
 
   if (status != 0)

trunk/src/sh_getopt.c

@@ -401 +401 @@
   printf (_("Client executable (port %d)"), SH_DEFAULT_PORT); ++num;
 #endif
-#if defined(SH_WITH_CLIENT)
+#if defined(SH_WITH_SERVER)
   if (num > 0) fputc ('\n', stdout);
   printf (_("Server executable (port %d, user %s)"), 

trunk/src/sh_html.c

@@ -503 +503 @@
 }
 
+int sh_html_zero()
+{
+  long fd;
+
+  SL_ENTER(_("sh_html_zero"));
+
+  if (0 != (fd = tf_trust_check (DEFAULT_HTML_FILE, SL_YESPRIV)))
+    {
+      SL_RETURN((-1), _("sh_html_zero"));
+    }
+
+  fd = sl_open_write_trunc (FIL__, __LINE__, DEFAULT_HTML_FILE, SL_YESPRIV);
+
+  if (SL_ISERROR(fd))
+    {
+     SL_RETURN((-1), _("sh_html_zero"));
+    }
+
+  sh_html_head(fd);
+  sh_html_foot(fd);
+
+  sl_close(fd);
+
+  SL_RETURN((0), _("sh_html_zero"));
+}
+
 /* SH_WITH_SERVER */
 #endif

trunk/src/sh_log_check.c

@@ -915 +915 @@
   entry = SH_ALLOC(sizeof(struct task_entry));
 
-  status = sh_ext_popen_init (&(entry->task), logfile->filename);
+  status = sh_ext_popen_init (&(entry->task), logfile->filename, logfile->filename, NULL);
   if (0 == status)
     {

trunk/src/sh_unix.c

@@ -1519 +1519 @@
 #ifdef WITH_ORACLE
     /* 
-     * Skip the ORACLE_HOME environment variable; Oracle may need it.
+     * Skip the ORACLE_HOME and TNS_ADMIN environment variables; 
+     * Oracle may need them.
      */
     if (0 == sl_strncmp((*env), _("ORACLE_HOME="), 12))
+      {
+        ++(env);
+        continue;
+      }
+    if (0 == sl_strncmp((*env), _("TNS_ADMIN="), 10))
       {
         ++(env);

trunk/test/testrun_2.sh

@@ -537 +537 @@
         fi
 
+        cp $HTML  ${HTML}.tmp
+
         kill $PROC_Y
         five_sec_sleep
@@ -568 +570 @@
         fi
 
-        egrep '<!-- head -->' $HTML >/dev/null 2>&1
+        egrep '<!-- head -->' ${HTML}.tmp >/dev/null 2>&1
         if [ $? -ne 0 ]; then
             [ -z "$verbose" ] || log_msg_fail "head.html";
             return 1
         fi
-        egrep '<!-- ehead -->' $HTML >/dev/null 2>&1
+        egrep '<!-- ehead -->' ${HTML}.tmp >/dev/null 2>&1
         if [ $? -ne 0 ]; then
             [ -z "$verbose" ] || log_msg_fail "end head.html";
@@ -579 +581 @@
         fi
 
-        egrep '<!-- entry -->' $HTML >/dev/null 2>&1
+        egrep '<!-- entry -->' ${HTML}.tmp >/dev/null 2>&1
         if [ $? -ne 0 ]; then
             [ -z "$verbose" ] || log_msg_fail "entry.html";
             return 1
         fi
-        egrep '<!-- eentry -->' $HTML >/dev/null 2>&1
+        egrep '<!-- eentry -->' ${HTML}.tmp >/dev/null 2>&1
         if [ $? -ne 0 ]; then
             [ -z "$verbose" ] || log_msg_fail "end entry.html";
@@ -590 +592 @@
         fi
 
-        egrep '<!-- foot -->' $HTML >/dev/null 2>&1
+        egrep '<!-- foot -->' ${HTML}.tmp >/dev/null 2>&1
         if [ $? -ne 0 ]; then
             [ -z "$verbose" ] || log_msg_fail "foot.html";
             return 1
         fi
-        egrep '<!-- efoot -->' $HTML >/dev/null 2>&1
+        egrep '<!-- efoot -->' ${HTML}.tmp >/dev/null 2>&1
         if [ $? -ne 0 ]; then
             [ -z "$verbose" ] || log_msg_fail "end foot.html";
@@ -609 +611 @@
             fi;
         }
+
+        rm ${HTML}.tmp
 
         return 0

trunk/yulerc.template

@@ -47 +47 @@
 ##
 # MailSeverity=none
-MailSeverity=crit
 
 ## Console
 ##
-# PrintSeverity=info
+PrintSeverity=none
 
 ## Logfile
 ##
-# LogSeverity=none
+LogSeverity = warn
 
 ## Syslog
@@ -97 +96 @@
 ## Log the server timestamp for received messages
 #
-SetDBServerTstamp = True
+# SetDBServerTstamp = True
 
 ## Use a persistent connection
 #
-UsePersistent = True
+# UsePersistent = True