From a8879231c30c144293eed8bcfa80030734873f02 Mon Sep 17 00:00:00 2001
From: Michael Rash <mbr@cipherdyne.org>
Date: Thu, 6 Nov 2014 20:24:33 -0500
Subject: [PATCH] [server] add run_extcmd_write() call in code coverage mode

---
 server/extcmd.c           |  9 +++++++--
 server/fw_util_iptables.c | 11 +++++++++++
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/server/extcmd.c b/server/extcmd.c
index 7e82a150..67a27979 100644
--- a/server/extcmd.c
+++ b/server/extcmd.c
@@ -554,7 +554,7 @@ _run_extcmd(uid_t uid, gid_t gid, const char *cmd, char *so_buf,
 int _run_extcmd_write(const char *cmd, const char *cmd_write, int *pid_status,
         const fko_srv_options_t * const opts)
 {
-    int         retval = EXTCMD_SUCCESS_ALL_OUTPUT;
+    int     retval = EXTCMD_SUCCESS_ALL_OUTPUT;
     char   *argv_new[MAX_CMDLINE_ARGS]; /* for validation and/or execvpe() */
     int     argc_new=0;
 
@@ -588,7 +588,8 @@ int _run_extcmd_write(const char *cmd, const char *cmd_write, int *pid_status,
 
 #if HAVE_EXECVPE
     if(opts->verbose > 1)
-        log_msg(LOG_INFO, "run_extcmd_write() (with execvpe()): running CMD: %s", cmd);
+        log_msg(LOG_INFO, "run_extcmd_write() (with execvpe()): running CMD: %s | %s",
+                cmd_write, cmd);
 
     if(pipe(pipe_fd) < 0)
     {
@@ -627,6 +628,10 @@ int _run_extcmd_write(const char *cmd, const char *cmd_write, int *pid_status,
     waitpid(pid, pid_status, 0);
 
 #else
+    if(opts->verbose > 1)
+        log_msg(LOG_INFO, "run_extcmd_write() (without execvpe()): running CMD: %s | %s",
+                cmd_write, cmd);
+
     if ((fd = popen(cmd, "w")) == NULL)
     {
         log_msg(LOG_ERR, "Got popen error %i: %s", errno, strerror(errno));
diff --git a/server/fw_util_iptables.c b/server/fw_util_iptables.c
index 28900951..8492fa83 100644
--- a/server/fw_util_iptables.c
+++ b/server/fw_util_iptables.c
@@ -81,6 +81,17 @@ rule_exists_no_chk_support(const fko_srv_options_t * const opts,
     char    port_search[CMD_BUFSIZE]   = {0};
     char    exp_ts_search[CMD_BUFSIZE] = {0};
 
+#if CODE_COVERAGE
+    int pid_status = 0;
+    /* If we're maximizing code coverage, then exercise the run_extcmd_write()
+     * function which is normally only used for the PF firewall. This is to
+     * maximize code coverage in conjunction with the test suite, and is never
+     * compiled in for a production release of fwknop.
+    */
+    if(run_extcmd_write("/bin/grep -v test", "/bin/echo test", &pid_status, opts) != 0)
+        log_msg(LOG_WARNING, "Code coverage: Could not execute command");
+#endif
+
     snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_LIST_RULES_ARGS,
         opts->fw_config->fw_command,
         fwc->table,