Don't consider empty client.keys to be a failure condition on servers

client.keys is already reloaded each time a given key is not found in
memory so there's no harm in this file being empty. In fact, it's
downright annoying if you're using authd because you have to wait for
the first agent to register and then manually restart the server
before they can start communicating. Removing this check would make
the Chef cookbook less clunky.

Author: chewi

src/os_auth/main-client.c

@@ -343,8 +343,7 @@ int main(int argc, char **argv)
                         FILE *fp;
                         fp = fopen(KEYSFILE_PATH, "w");
                         if (!fp) {
-                            printf("ERROR: Unable to open key file: %s", KEYSFILE_PATH);
-                            exit(1);
+                            ErrorExit(FOPEN_ERROR, ARGV0, KEYSFILE_PATH, errno, strerror(errno));
                         }
                         fprintf(fp, "%s\n", key);
                         fclose(fp);

src/os_auth/main-server.c

@@ -306,8 +306,7 @@ int main(int argc, char **argv)
 
     fp = fopen(KEYSFILE_PATH, "a");
     if (!fp) {
-        merror("%s: ERROR: Unable to open %s (key file)", ARGV0, KEYSFILE_PATH);
-        exit(1);
+        ErrorExit(FOPEN_ERROR, ARGV0, KEYSFILE_PATH, errno, strerror(errno));
     }
     fclose(fp);
 

src/os_crypto/shared/keys.c

@@ -13,10 +13,21 @@
 #include "os_crypto/blowfish/bf_op.h"
 
 /* Prototypes */
+static void __realloc_keys(keystore *keys) __attribute((nonnull));
 static void __memclear(char *id, char *name, char *ip, char *key, size_t size) __attribute((nonnull));
 static void __chash(keystore *keys, const char *id, const char *name, char *ip, const char *key) __attribute((nonnull));
 
 
+static void __realloc_keys(keystore *keys)
+{
+    /* Allocate for the whole structure */
+    keys->keyentries = (keyentry **)realloc(keys->keyentries,
+                                            (keys->keysize + 2) * sizeof(keyentry *));
+    if (!keys->keyentries) {
+        ErrorExit(MEM_ERROR, __local_name, errno, strerror(errno));
+    }
+}
+
 /* Clear keys entries */
 static void __memclear(char *id, char *name, char *ip, char *key, size_t size)
 {
@@ -35,12 +46,7 @@ static void __chash(keystore *keys, const char *id, const char *name, char *ip,
     char *tmp_str;
     char _finalstr[KEYSIZE];
 
-    /* Allocate for the whole structure */
-    keys->keyentries = (keyentry **)realloc(keys->keyentries,
-                                            (keys->keysize + 2) * sizeof(keyentry *));
-    if (!keys->keyentries) {
-        ErrorExit(MEM_ERROR, __local_name, errno, strerror(errno));
-    }
+    __realloc_keys(keys);
     os_calloc(1, sizeof(keyentry), keys->keyentries[keys->keysize]);
 
     /* Set configured values for id */
@@ -250,9 +256,14 @@ void OS_ReadKeys(keystore *keys)
     /* Clear one last time before leaving */
     __memclear(id, name, ip, key, KEYSIZE + 1);
 
-    /* Check if there are any agents available */
+    /* Check if there are any keys available, except on remoted
+     * because more keys could be added later */
     if (keys->keysize == 0) {
-        ErrorExit(NO_REM_CONN, __local_name);
+        if (strcmp(__local_name, "ossec-remoted") != 0) {
+            ErrorExit(NO_REM_CONN, __local_name);
+        } else {
+            __realloc_keys(keys);
+        }
     }
 
     /* Add additional entry for sender == keysize */

src/remoted/main.c

@@ -36,6 +36,7 @@ static void help_remoted()
 
 int main(int argc, char **argv)
 {
+    FILE *fp;
     int i = 0, c = 0;
     uid_t uid;
     gid_t gid;
@@ -127,6 +128,13 @@ int main(int argc, char **argv)
         exit(0);
     }
 
+    /* Touch client.keys */
+    fp = fopen(KEYSFILE_PATH, "a");
+    if (!fp) {
+        ErrorExit(FOPEN_ERROR, ARGV0, KEYSFILE_PATH, errno, strerror(errno));
+    }
+    fclose(fp);
+
     /* Check if the user and group given are valid */
     uid = Privsep_GetUser(user);
     gid = Privsep_GetGroup(group);