From 3b476f0385c8c6bf89df89e7f333ca491768a30c Mon Sep 17 00:00:00 2001 From: James Le Cuirot Date: Mon, 7 Sep 2015 17:28:59 +0100 Subject: [PATCH] Don't consider empty client.keys to be a failure condition on servers client.keys is already reloaded each time a given key is not found in memory so there's no harm in this file being empty. In fact, it's downright annoying if you're using authd because you have to wait for the first agent to register and then manually restart the server before they can start communicating. Removing this check would make the Chef cookbook less clunky. Disclaimer: I haven't tested this at all because I've already sunk too much time into the cookbook. The change seems simple enough though. --- src/os_crypto/shared/keys.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/os_crypto/shared/keys.c b/src/os_crypto/shared/keys.c index f7995fc4f..5478b6657 100644 --- a/src/os_crypto/shared/keys.c +++ b/src/os_crypto/shared/keys.c @@ -250,8 +250,8 @@ void OS_ReadKeys(keystore *keys) /* Clear one last time before leaving */ __memclear(id, name, ip, key, KEYSIZE + 1); - /* Check if there are any agents available */ - if (keys->keysize == 0) { + /* Check if there are any keys available, except on remoted */ + if (keys->keysize == 0 && strcmp(__local_name, "ossec-remoted") != 0) { ErrorExit(NO_REM_CONN, __local_name); }