From 659822bb086448cf467079d7837acb25a0b10850 Mon Sep 17 00:00:00 2001
From: Carsten Zeumer <carsten.zeumer@autonubil.de>
Date: Thu, 12 May 2022 15:59:12 +0200
Subject: [PATCH] fixed key init

---
 ossec/agent_keys.go | 15 +++++++++++++
 ossec/authd.go      | 53 +++++++++++++++++++++------------------------
 2 files changed, 40 insertions(+), 28 deletions(-)

diff --git a/ossec/agent_keys.go b/ossec/agent_keys.go
index 30cb89c..53d03bc 100644
--- a/ossec/agent_keys.go
+++ b/ossec/agent_keys.go
@@ -103,6 +103,21 @@ func LoadAgentKeyMap(filename string) (AgentKeyMap, error) {
 }
 
 func (a *AgentKey) WriteAgentKey(filename string) error {
+	if a == nil {
+		return errors.New("key is null")
+	}
+	if a.AgentID == "" {
+		return errors.New("agent id is empty")
+	}
+	if a.AgentName == "" {
+		return errors.New("agent name is empty")
+	}
+	if a.AgentKey == "" {
+		return errors.New("agent key is empty")
+	}
+	if a.AgentAllowedIPs == "" {
+		return errors.New("agent allowed ips is empty")
+	}
 	if filename == "" {
 		filename = "/etc/client.keys"
 	}
diff --git a/ossec/authd.go b/ossec/authd.go
index 04bc441..38dca6d 100644
--- a/ossec/authd.go
+++ b/ossec/authd.go
@@ -63,33 +63,32 @@ func InitAgent(cfg *EnrollmentConfig) (*AgentKey, error) {
 	} else {
 		keyFile = "/var/ossec/etc/client.keys"
 	}
+	//ensure path...
+	path := filepath.Dir(keyFile)
+	if _, err := os.Stat(path); os.IsNotExist(err) {
+		err = os.MkdirAll(path, os.ModePerm)
+		if err != nil {
+			if cfg.logger != nil {
+				cfg.logger.Error("register agent - create path", zap.String("authdServer", cfg.ManagerName), zap.String("agentID", cfg.AgentName), zap.String("agentIP", cfg.AgentIP), zap.String("keyfile", keyFile), zap.Error(err))
+			}
+			return nil, err
+		}
+	}
 
 	hostname, err := DefaultAgentName()
 	if err != nil {
 		return nil, err
 	}
 
-	if cfg.AuthPass != "" {
-
-		agentKey, err := GetAgentKeyFromFile(hostname, keyFile)
-		keyMapValid := err == nil && agentKey != nil
-
-		if !keyMapValid {
-			var err2 error
-			// Try to register agent
-
-			//ensure path...
-			path := filepath.Dir(keyFile)
-			if _, err2 = os.Stat(path); os.IsNotExist(err2) {
-				err2 = os.MkdirAll(path, os.ModePerm)
-				if err2 != nil {
-					if cfg.logger != nil {
-						cfg.logger.Error("register agent - create path", zap.String("authdServer", cfg.ManagerName), zap.String("agentID", cfg.AgentName), zap.String("agentIP", cfg.AgentIP), zap.String("keyfile", keyFile), zap.Error(err2))
-					}
-					return nil, err
-				}
-			}
+	agentKey, err := GetAgentKeyFromFile(hostname, keyFile)
+	keyMapValid := err == nil && agentKey != nil
 
+	if !keyMapValid && cfg.AuthPass != "" {
+		var err2 error
+		// Try to register agent
+		agentKey, err2 = RegisterAgent(cfg)
+		if err2 == nil && agentKey != nil {
+			// persist new key
 			err2 = agentKey.WriteAgentKey(keyFile)
 			if err2 != nil {
 				if cfg.logger != nil {
@@ -97,19 +96,17 @@ func InitAgent(cfg *EnrollmentConfig) (*AgentKey, error) {
 				}
 				return nil, err
 			}
+			agentKey, err = GetAgentKeyFromFile(hostname, keyFile)
+			if err != nil {
+				return nil, err
+			}
 		}
 	}
 
-	agentInfo, err := GetAgentKeyFromFile(hostname, keyFile)
-	if err != nil {
-		return nil, err
-	}
-
-	if agentInfo == nil {
+	if agentKey == nil {
 		return nil, errors.New("no agent key configured")
 	}
-	return agentInfo, nil
-
+	return agentKey, nil
 }
 
 // NewEnrollmentConfig initialize new enrolment config