Index: /trunk/include/sh_error.h =================================================================== --- /trunk/include/sh_error.h (revision 85) +++ /trunk/include/sh_error.h (revision 86) @@ -117,4 +117,8 @@ void sh_error_only_stderr (int flag); +/* facilities unsafe for closeall() + */ +void sh_error_enable_unsafe (int flag); + /* set syslog facility */ Index: /trunk/include/sh_gpg.h =================================================================== --- /trunk/include/sh_gpg.h (revision 85) +++ /trunk/include/sh_gpg.h (revision 86) @@ -27,4 +27,8 @@ int sh_gpg_check_sign (long file_1, long file_2, int what); +/* log successful startup + */ +void sh_gpg_log_startup (); + #endif Index: /trunk/src/samhain.c =================================================================== --- /trunk/src/samhain.c (revision 85) +++ /trunk/src/samhain.c (revision 86) @@ -1443,5 +1443,6 @@ #if (defined(WITH_GPG) || defined(WITH_PGP)) - /* do nothing -- we exit earlier if error */ + /* log startup */ + sh_gpg_log_startup (); #else sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_1H, @@ -1465,5 +1466,6 @@ { #if (defined(WITH_GPG) || defined(WITH_PGP)) - /* do nothing -- we exit earlier if error */ + /* log startup */ + sh_gpg_log_startup (); #else sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_2H, @@ -1476,5 +1478,6 @@ { #if (defined(WITH_GPG) || defined(WITH_PGP)) - /* do nothing -- we exit earlier if error */ + /* log startup */ + sh_gpg_log_startup (); #else sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_1H, Index: /trunk/src/sh_error.c =================================================================== --- /trunk/src/sh_error.c (revision 85) +++ /trunk/src/sh_error.c (revision 86) @@ -110,4 +110,7 @@ int OnlyStderr = S_TRUE; +/* --- Enable facilities not safe for closeall(). --- + */ +int enableUnsafe = S_FALSE; /********************************************* @@ -145,4 +148,10 @@ { OnlyStderr = flag; + return; +} + +void sh_error_enable_unsafe (int flag) +{ + enableUnsafe = flag; return; } @@ -1026,5 +1035,5 @@ /* Full logging enabled. */ - if (OnlyStderr == BAD) /* full error logging enabled */ + if (OnlyStderr == S_FALSE) /* full error logging enabled */ { @@ -1083,5 +1092,5 @@ class != AUD) { - if (database_block == 0) + if (database_block == 0 && enableUnsafe == S_TRUE) { /* truncates; query_max is 16k @@ -1209,5 +1218,5 @@ ) { - if (prelude_block == 0) + if (prelude_block == 0 && enableUnsafe == S_TRUE) { /* will truncate to 998 bytes Index: /trunk/src/sh_gpg.c =================================================================== --- /trunk/src/sh_gpg.c (revision 85) +++ /trunk/src/sh_gpg.c (revision 86) @@ -115,4 +115,5 @@ #ifdef GPG_HASH + static int sh_gpg_checksum (SL_TICKET checkfd, int flag) { @@ -202,4 +203,39 @@ } #endif + +struct startup_info { + long line; + char * program; + long uid; + char * path; + char * key_uid; + char * key_id; +}; + +static struct startup_info startInfo = { 0, NULL, 0, NULL, NULL, NULL }; + +void sh_gpg_log_startup () +{ + if (startInfo.program != NULL) + { + sh_error_handle ((-1), FIL__, startInfo.line, 0, MSG_START_GH, + startInfo.program, startInfo.uid, + startInfo.path, + startInfo.key_uid, startInfo.key_id); + } + return; +} + +static void sh_gpg_fill_startup (long line, char * program, long uid, char * path, + char * key_uid, char * key_id) +{ + startInfo.line = line; + startInfo.program = sh_util_strdup(program); + startInfo.uid = uid; + startInfo.path = sh_util_strdup(path); + startInfo.key_uid = sh_util_strdup(key_uid); + startInfo.key_id = sh_util_strdup(key_id); + return; +} static FILE * sh_gpg_popen (sh_gpg_popen_t *source, int fd, @@ -968,5 +1004,6 @@ { tmp = sh_util_safe_name(gp.conf_id); - sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_GH, + sh_gpg_fill_startup ( + /* sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_GH, */ sh.prg_name, sh.real.uid, (sh.flag.hidefile == S_TRUE) ? @@ -995,5 +1032,6 @@ { tmp = sh_util_safe_name(gp.conf_id); - sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_GH, + sh_gpg_fill_startup (__LINE__, + /* sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_GH, */ sh.prg_name, sh.real.uid, (sh.flag.hidefile == S_TRUE) ? Index: /trunk/src/sh_prelude.c =================================================================== --- /trunk/src/sh_prelude.c (revision 85) +++ /trunk/src/sh_prelude.c (revision 86) @@ -967,5 +967,8 @@ } - +/* Allow initialization of prelude; to be called + * after forking the daemon. Delays heartbeat + * start after config read until it is safe. + */ void sh_prelude_reset(void) { Index: /trunk/src/sh_unix.c =================================================================== --- /trunk/src/sh_unix.c (revision 85) +++ /trunk/src/sh_unix.c (revision 86) @@ -1880,4 +1880,5 @@ } + sh_error_enable_unsafe (S_TRUE); #if defined(HAVE_LIBPRELUDE) sh_prelude_reset (); @@ -1913,4 +1914,5 @@ { sh_unix_closeall(3, -1); /* if not daemon */ + sh_error_enable_unsafe (S_TRUE); #if defined(HAVE_LIBPRELUDE) sh_prelude_reset (); Index: /trunk/test/testrc_2.in =================================================================== --- /trunk/test/testrc_2.in (revision 85) +++ /trunk/test/testrc_2.in (revision 86) @@ -1,2 +1,5 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + ##################################################################### # @@ -103,5 +106,5 @@ #AddToDBHash=log_msg # AddToDBHash=log_host - +UsePersistent = True [Utmp] @@ -201,2 +204,9 @@ [Clients] +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.2.2 (GNU/Linux) + +iD8DBQFFsTXBGq0myA9XH2wRAju6AKDsNT3cVYHVs4z+ZHdFgPwOdvESewCfcIAY +RsnSZyhwBGtlA+rf35/gcQw= +=Rb0p +-----END PGP SIGNATURE----- Index: /trunk/test/testrun_2c.sh =================================================================== --- /trunk/test/testrun_2c.sh (revision 85) +++ /trunk/test/testrun_2c.sh (revision 86) @@ -24,4 +24,62 @@ CLIENT_BUILDOPTS="--quiet $TRUST --prefix=$PW_DIR --with-tmp-dir=$PW_DIR --localstatedir=$PW_DIR --enable-network=client --disable-mail --disable-external-scripts --enable-login-watch --enable-xml-log --enable-db-reload --with-logserver=localhost --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock"; export CLIENT_BUILDOPTS +MAXTEST=3; export MAXTEST + +testrun_threesockets () { + + GPG="$1" + + [ -z "$verbose" ] || { + echo; + echo Working directory: $PW_DIR; echo MAKE is $MAKE; echo GPG is $GPG; + echo; + } + + [ -z "$verbose" ] || { echo; echo "${S}Building client and server${E}"; echo; } + + if test -r "Makefile"; then + $MAKE distclean + fi + + ${TOP_SRCDIR}/configure --with-gpg=${GPG} --with-checksum=no ${SERVER_BUILDOPTS} >/dev/null 2>&1 + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE > /dev/null 2>>test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + rm -f ./.samhain_file + rm -f ./.samhain_log + rm -f ./.samhain_lock + rm -f ./rc.${SH_LOCALHOST} + rm -f ./file.${SH_LOCALHOST} + + cp ${SCRIPTDIR}/testrc_2.in testrc_2 + + ORIGINAL="DatabaseSeverity=none" + REPLACEMENT="DatabaseSeverity=warn" + ex -s $RCFILE </dev/null 2>/dev/null + if [ $? -ne 0 ]; then + log_skip 1 $MAXTEST 'public PGP key 0x0F571F6C not present' + else + testrun_threesockets "$GPG" + + if [ -f ./yule ]; then + ./yule -D >/dev/null 2>>test_log + five_sec_sleep + netstat -pant 2>/dev/null | grep 49777 | grep yule >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$quiet" ] && log_fail 3 ${MAXTEST} "Three sockets open (gpg)"; + else + NSOCK=`netstat -pand 2>/dev/null | grep STREAM | grep yule | wc -l` + if [ $NSOCK -ne 2 ]; then + [ -z "$quiet" ] && log_fail 3 ${MAXTEST} "Three sockets open (gpg)"; + netstat -pand 2>/dev/null | grep yule + else + [ -z "$quiet" ] && log_ok 3 ${MAXTEST} "Three sockets open (gpg)"; + fi + fi + PID=`cat .samhain_lock` + kill $PID + else + log_fail 3 ${MAXTEST} "Three sockets open (gpg)"; + fi + fi fi #