Changeset 86

Timestamp:

Jan 20, 2007, 11:04:59 PM (18 years ago)

Author:

rainer

Message:

More thorough fix for ticket #47, and corresponding regression test.

Location:

trunk

Files:

• include/sh_error.h (modified) (1 diff)
• include/sh_gpg.h (modified) (1 diff)
• src/samhain.c (modified) (3 diffs)
• src/sh_error.c (modified) (5 diffs)
• src/sh_gpg.c (modified) (4 diffs)
• src/sh_prelude.c (modified) (1 diff)
• src/sh_unix.c (modified) (2 diffs)
• test/testrc_2.in (modified) (3 diffs)
• test/testrun_2c.sh (modified) (3 diffs)

trunk/include/sh_error.h

@@ -117 +117 @@
 void sh_error_only_stderr (int flag);
 
+/* facilities unsafe for closeall()
+ */
+void sh_error_enable_unsafe (int flag);
+
 /* set syslog facility 
  */

trunk/include/sh_gpg.h

@@ -27 +27 @@
 int sh_gpg_check_sign (long file_1, long file_2, int what);
 
+/* log successful startup
+ */
+void sh_gpg_log_startup ();
+
 #endif
 

trunk/src/samhain.c

@@ -1443 +1443 @@
 
 #if (defined(WITH_GPG) || defined(WITH_PGP))
-  /* do nothing -- we exit earlier if error */
+  /* log startup */
+  sh_gpg_log_startup ();
 #else
   sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_1H,
@@ -1465 +1466 @@
     {
 #if (defined(WITH_GPG) || defined(WITH_PGP))
-      /* do nothing -- we exit earlier if error */
+      /* log startup */
+      sh_gpg_log_startup ();
 #else
       sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_2H,
@@ -1476 +1478 @@
     {
 #if (defined(WITH_GPG) || defined(WITH_PGP))
-      /* do nothing -- we exit earlier if error */
+      /* log startup */
+      sh_gpg_log_startup ();
 #else
       sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_1H,

trunk/src/sh_error.c

@@ -110 +110 @@
 int  OnlyStderr    = S_TRUE; 
 
+/* --- Enable facilities not safe for closeall(). --- 
+ */
+int  enableUnsafe  = S_FALSE;
 
 /*********************************************
@@ -145 +148 @@
 {
   OnlyStderr    = flag;
+  return;
+}
+
+void sh_error_enable_unsafe (int flag)
+{
+  enableUnsafe    = flag;
   return;
 }
@@ -1026 +1035 @@
   /* Full logging enabled.
    */
-  if (OnlyStderr == BAD)  /* full error logging enabled */
+  if (OnlyStderr == S_FALSE)  /* full error logging enabled */
     {
 
@@ -1083 +1092 @@
           class != AUD)
         {
-          if (database_block == 0)
+          if (database_block == 0 && enableUnsafe == S_TRUE)
             {
               /* truncates; query_max is 16k
@@ -1209 +1218 @@
           )
         {
-          if (prelude_block == 0)
+          if (prelude_block == 0 && enableUnsafe == S_TRUE)
             {
               /* will truncate to 998 bytes 

trunk/src/sh_gpg.c

@@ -115 +115 @@
 
 #ifdef GPG_HASH
+
 static int sh_gpg_checksum (SL_TICKET checkfd, int flag)
 {
@@ -202 +203 @@
 }
 #endif
+
+struct startup_info {
+  long   line;
+  char * program;
+  long   uid;
+  char * path;
+  char * key_uid;
+  char * key_id;
+};
+
+static struct startup_info startInfo = { 0, NULL, 0, NULL, NULL, NULL };
+
+void sh_gpg_log_startup ()
+{
+  if (startInfo.program != NULL)
+    {
+      sh_error_handle ((-1), FIL__, startInfo.line, 0, MSG_START_GH,
+                       startInfo.program, startInfo.uid,
+                       startInfo.path,
+                       startInfo.key_uid, startInfo.key_id);
+    }
+  return;
+}
+
+static void sh_gpg_fill_startup (long line, char * program, long uid, char * path, 
+                                 char * key_uid, char * key_id)
+{
+  startInfo.line    = line;
+  startInfo.program = sh_util_strdup(program);
+  startInfo.uid     = uid;
+  startInfo.path    = sh_util_strdup(path);
+  startInfo.key_uid = sh_util_strdup(key_uid);
+  startInfo.key_id  = sh_util_strdup(key_id);
+  return;
+}
 
 static FILE * sh_gpg_popen (sh_gpg_popen_t  *source, int fd, 
@@ -968 +1004 @@
             {
               tmp  = sh_util_safe_name(gp.conf_id);
-              sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_GH,
+              sh_gpg_fill_startup (
+                                   /* sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_GH, */
                                sh.prg_name, sh.real.uid,
                                (sh.flag.hidefile == S_TRUE) ? 
@@ -995 +1032 @@
         {
           tmp = sh_util_safe_name(gp.conf_id);
-          sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_GH,
+          sh_gpg_fill_startup (__LINE__,
+          /* sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_GH, */
                            sh.prg_name, sh.real.uid,
                            (sh.flag.hidefile == S_TRUE) ? 

trunk/src/sh_prelude.c

@@ -967 +967 @@
 }
 
-
+/* Allow initialization of prelude; to be called
+ * after forking the daemon. Delays heartbeat
+ * start after config read until it is safe.
+ */
 void sh_prelude_reset(void)
 {

trunk/src/sh_unix.c

@@ -1880 +1880 @@
         }
 
+      sh_error_enable_unsafe (S_TRUE);
 #if defined(HAVE_LIBPRELUDE)
       sh_prelude_reset ();
@@ -1913 +1914 @@
     {
       sh_unix_closeall(3, -1);  /* if not daemon */
+      sh_error_enable_unsafe (S_TRUE);
 #if defined(HAVE_LIBPRELUDE)
       sh_prelude_reset ();

trunk/test/testrc_2.in

@@ +1 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
 #####################################################################
 #
@@ -103 +106 @@
 #AddToDBHash=log_msg
 # AddToDBHash=log_host
-
+UsePersistent = True
 
 [Utmp]
@@ -201 +204 @@
 
 [Clients]
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2.2 (GNU/Linux)
+
+iD8DBQFFsTXBGq0myA9XH2wRAju6AKDsNT3cVYHVs4z+ZHdFgPwOdvESewCfcIAY
+RsnSZyhwBGtlA+rf35/gcQw=
+=Rb0p
+-----END PGP SIGNATURE-----

trunk/test/testrun_2c.sh

@@ -24 +24 @@
 CLIENT_BUILDOPTS="--quiet  $TRUST --prefix=$PW_DIR --with-tmp-dir=$PW_DIR --localstatedir=$PW_DIR --enable-network=client --disable-mail --disable-external-scripts --enable-login-watch --enable-xml-log --enable-db-reload --with-logserver=localhost --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock"; export CLIENT_BUILDOPTS
 
+MAXTEST=3; export MAXTEST
+
+testrun_threesockets () {
+
+    GPG="$1"
+
+    [ -z "$verbose" ] || { 
+        echo; 
+        echo Working directory: $PW_DIR; echo MAKE is $MAKE; echo GPG is $GPG;
+        echo; 
+    }
+
+    [ -z "$verbose" ] || { echo; echo "${S}Building client and server${E}"; echo; }
+
+    if test -r "Makefile"; then
+        $MAKE distclean
+    fi
+
+    ${TOP_SRCDIR}/configure --with-gpg=${GPG} --with-checksum=no ${SERVER_BUILDOPTS} >/dev/null 2>&1
+
+    if test x$? = x0; then
+        [ -z "$verbose" ] ||     log_msg_ok "configure..."; 
+        $MAKE  > /dev/null 2>>test_log
+        if test x$? = x0; then
+            [ -z "$verbose" ] || log_msg_ok "make..."; 
+        else
+            [ -z "$quiet" ] &&   log_msg_fail "make..."; 
+            return 1
+        fi
+    else
+        [ -z "$quiet" ] &&       log_msg_fail "configure...";
+        return 1
+    fi
+
+    rm -f ./.samhain_file
+    rm -f ./.samhain_log
+    rm -f ./.samhain_lock
+    rm -f ./rc.${SH_LOCALHOST}
+    rm -f ./file.${SH_LOCALHOST}
+    
+    cp ${SCRIPTDIR}/testrc_2.in testrc_2
+    
+    ORIGINAL="DatabaseSeverity=none"
+    REPLACEMENT="DatabaseSeverity=warn"
+    ex -s $RCFILE <<EOF
+%s/$ORIGINAL/$REPLACEMENT/g
+wq
+EOF
+
+    ORIGINAL="MailSeverity=none"
+    REPLACEMENT="MailSeverity=crit"
+    ex -s $RCFILE <<EOF
+%s/$ORIGINAL/$REPLACEMENT/g
+wq
+EOF
+    return 0
+ }
+
 check_mysql_log () {
     DATE="$1"
@@ -58 +116 @@
     return 0
 }
-
-MAXTEST=2; export MAXTEST
 
 testrun2c ()
@@ -127 +183 @@
         PID=`cat .samhain_lock`
         kill $PID
+    else
+        log_fail 2 ${MAXTEST} "Three sockets open";
+    fi
+    #
+    GPG=`find_path gpg`
+    if [ -z "$GPG" ]; then
+        log_skip 1 $MAXTEST 'gpg not found in $PATH'
+    else
+        eval "$GPG" --list-keys 0F571F6C >/dev/null 2>/dev/null
+        if [ $? -ne 0 ]; then
+            log_skip 1 $MAXTEST 'public PGP key 0x0F571F6C not present'
+        else
+            testrun_threesockets "$GPG"
+
+            if [ -f ./yule ]; then
+                ./yule -D >/dev/null 2>>test_log 
+                five_sec_sleep
+                netstat -pant 2>/dev/null | grep 49777 | grep yule >/dev/null 2>&1
+                if [ $? -ne 0 ]; then
+                    [ -z "$quiet" ] && log_fail 3 ${MAXTEST} "Three sockets open (gpg)";
+                else
+                    NSOCK=`netstat -pand 2>/dev/null | grep STREAM | grep yule | wc -l`
+                    if [ $NSOCK -ne 2 ]; then
+                        [ -z "$quiet" ] && log_fail 3 ${MAXTEST} "Three sockets open (gpg)";
+                        netstat -pand 2>/dev/null | grep yule 
+                    else
+                        [ -z "$quiet" ] && log_ok   3 ${MAXTEST} "Three sockets open (gpg)";
+                    fi
+                fi
+                PID=`cat .samhain_lock`
+                kill $PID
+            else
+                log_fail 3 ${MAXTEST} "Three sockets open (gpg)";
+            fi
+        fi
     fi
     #