int main()
{
PRINT_TEST_BANNER();
CryptoInitialize();
const UnitTest tests[] =
{
unit_test(test_cipher_init),
unit_test(test_symmetric_encrypt),
unit_test(test_symmetric_decrypt),
};
return run_tests(tests);
}
void GenericAgentInitialize(EvalContext *ctx, GenericAgentConfig *config)
{
int force = false;
struct stat statbuf, sb;
char vbuff[CF_BUFSIZE];
char ebuff[CF_EXPANDSIZE];
#ifdef __MINGW32__
InitializeWindows();
#endif
DetermineCfenginePort();
EvalContextClassPutHard(ctx, "any", "source=agent");
GenericAgentAddEditionClasses(ctx);
strcpy(VPREFIX, GetConsolePrefix());
/* Define trusted directories */
{
const char *workdir = GetWorkDir();
if (!workdir)
{
FatalError(ctx, "Error determining working directory");
}
strcpy(CFWORKDIR, workdir);
MapName(CFWORKDIR);
}
OpenLog(LOG_USER);
SetSyslogFacility(LOG_USER);
Log(LOG_LEVEL_VERBOSE, "Work directory is %s", CFWORKDIR);
snprintf(vbuff, CF_BUFSIZE, "%s%cupdate.conf", GetInputDir(), FILE_SEPARATOR);
MakeParentDirectory(vbuff, force);
snprintf(vbuff, CF_BUFSIZE, "%s%cbin%ccf-agent -D from_cfexecd", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(vbuff, force);
snprintf(vbuff, CF_BUFSIZE, "%s%coutputs%cspooled_reports", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(vbuff, force);
snprintf(vbuff, CF_BUFSIZE, "%s%clastseen%cintermittencies", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(vbuff, force);
snprintf(vbuff, CF_BUFSIZE, "%s%creports%cvarious", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(vbuff, force);
snprintf(vbuff, CF_BUFSIZE, "%s", GetInputDir());
if (stat(vbuff, &sb) == -1)
{
FatalError(ctx, " No access to WORKSPACE/inputs dir");
}
else
{
chmod(vbuff, sb.st_mode | 0700);
}
snprintf(vbuff, CF_BUFSIZE, "%s%coutputs", CFWORKDIR, FILE_SEPARATOR);
if (stat(vbuff, &sb) == -1)
{
FatalError(ctx, " No access to WORKSPACE/outputs dir");
}
else
{
chmod(vbuff, sb.st_mode | 0700);
}
snprintf(ebuff, sizeof(ebuff), "%s%cstate%ccf_procs",
CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(ebuff, force);
if (stat(ebuff, &statbuf) == -1)
{
CreateEmptyFile(ebuff);
}
snprintf(ebuff, sizeof(ebuff), "%s%cstate%ccf_rootprocs",
CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
if (stat(ebuff, &statbuf) == -1)
{
CreateEmptyFile(ebuff);
}
snprintf(ebuff, sizeof(ebuff), "%s%cstate%ccf_otherprocs",
CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
if (stat(ebuff, &statbuf) == -1)
{
CreateEmptyFile(ebuff);
}
snprintf(ebuff, sizeof(ebuff), "%s%cstate%cprevious_state%c",
CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(ebuff, force);
snprintf(ebuff, sizeof(ebuff), "%s%cstate%cdiff%c",
CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(ebuff, force);
snprintf(ebuff, sizeof(ebuff), "%s%cstate%cuntracked%c",
CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(ebuff, force);
OpenNetwork();
CryptoInitialize();
CheckWorkingDirectories(ctx);
/* Initialize keys and networking. cf-key, doesn't need keys. In fact it
must function properly even without them, so that it generates them! */
if (config->agent_type != AGENT_TYPE_KEYGEN)
{
LoadSecretKeys();
char *bootstrapped_policy_server = ReadPolicyServerFile(CFWORKDIR);
PolicyHubUpdateKeys(bootstrapped_policy_server);
free(bootstrapped_policy_server);
cfnet_init();
}
size_t cwd_size = PATH_MAX;
while (true)
{
char cwd[cwd_size];
if (!getcwd(cwd, cwd_size))
{
if (errno == ERANGE)
{
cwd_size *= 2;
continue;
}
Log(LOG_LEVEL_WARNING, "Could not determine current directory. (getcwd: '%s')", GetErrorStr());
break;
}
EvalContextSetLaunchDirectory(ctx, cwd);
break;
}
if (!MINUSF)
{
GenericAgentConfigSetInputFile(config, GetInputDir(), "promises.cf");
}
VIFELAPSED = 1;
VEXPIREAFTER = 1;
setlinebuf(stdout);
if (config->agent_specific.agent.bootstrap_policy_server)
{
snprintf(vbuff, CF_BUFSIZE, "%s%cfailsafe.cf", GetInputDir(), FILE_SEPARATOR);
if (stat(vbuff, &statbuf) == -1)
{
GenericAgentConfigSetInputFile(config, GetInputDir(), "failsafe.cf");
}
else
{
GenericAgentConfigSetInputFile(config, GetInputDir(), vbuff);
}
}
}
void GenericAgentInitialize(EvalContext *ctx, GenericAgentConfig *config)
{
int force = false;
struct stat statbuf, sb;
char vbuff[CF_BUFSIZE];
char ebuff[CF_EXPANDSIZE];
SHORT_CFENGINEPORT = htons((unsigned short) 5308);
snprintf(STR_CFENGINEPORT, 15, "5308");
EvalContextHeapAddHard(ctx, "any");
strcpy(VPREFIX, GetConsolePrefix());
/* Define trusted directories */
{
const char *workdir = GetWorkDir();
if (!workdir)
{
FatalError(ctx, "Error determining working directory");
}
strcpy(CFWORKDIR, workdir);
MapName(CFWORKDIR);
}
/* On windows, use 'binary mode' as default for files */
#ifdef __MINGW32__
_fmode = _O_BINARY;
#endif
OpenLog(LOG_USER);
SetSyslogFacility(LOG_USER);
if (!LOOKUP) /* cf-know should not do this in lookup mode */
{
Log(LOG_LEVEL_VERBOSE, "Work directory is %s", CFWORKDIR);
snprintf(vbuff, CF_BUFSIZE, "%s%cinputs%cupdate.conf", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(vbuff, force);
snprintf(vbuff, CF_BUFSIZE, "%s%cbin%ccf-agent -D from_cfexecd", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(vbuff, force);
snprintf(vbuff, CF_BUFSIZE, "%s%coutputs%cspooled_reports", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(vbuff, force);
snprintf(vbuff, CF_BUFSIZE, "%s%clastseen%cintermittencies", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(vbuff, force);
snprintf(vbuff, CF_BUFSIZE, "%s%creports%cvarious", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(vbuff, force);
snprintf(vbuff, CF_BUFSIZE, "%s%cinputs", CFWORKDIR, FILE_SEPARATOR);
if (stat(vbuff, &sb) == -1)
{
FatalError(ctx, " No access to WORKSPACE/inputs dir");
}
else
{
chmod(vbuff, sb.st_mode | 0700);
}
snprintf(vbuff, CF_BUFSIZE, "%s%coutputs", CFWORKDIR, FILE_SEPARATOR);
if (stat(vbuff, &sb) == -1)
{
FatalError(ctx, " No access to WORKSPACE/outputs dir");
}
else
{
chmod(vbuff, sb.st_mode | 0700);
}
sprintf(ebuff, "%s%cstate%ccf_procs", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(ebuff, force);
if (stat(ebuff, &statbuf) == -1)
{
CreateEmptyFile(ebuff);
}
sprintf(ebuff, "%s%cstate%ccf_rootprocs", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
if (stat(ebuff, &statbuf) == -1)
{
CreateEmptyFile(ebuff);
}
sprintf(ebuff, "%s%cstate%ccf_otherprocs", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
if (stat(ebuff, &statbuf) == -1)
{
CreateEmptyFile(ebuff);
}
}
OpenNetwork();
CryptoInitialize();
if (!LOOKUP)
{
CheckWorkingDirectories(ctx);
}
const char *bootstrapped_policy_server = ReadPolicyServerFile(CFWORKDIR);
/* Initialize keys and networking. cf-key, doesn't need keys. In fact it
must function properly even without them, so that it generates them! */
if (config->agent_type != AGENT_TYPE_KEYGEN)
{
LoadSecretKeys(bootstrapped_policy_server);
cfnet_init();
}
if (!MINUSF)
{
GenericAgentConfigSetInputFile(config, GetWorkDir(), "promises.cf");
}
DetermineCfenginePort();
VIFELAPSED = 1;
VEXPIREAFTER = 1;
setlinebuf(stdout);
if (config->agent_specific.agent.bootstrap_policy_server)
{
snprintf(vbuff, CF_BUFSIZE, "%s%cinputs%cfailsafe.cf", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
#ifndef HAVE_ENTERPRISE
if (stat(vbuff, &statbuf) == -1)
{
GenericAgentConfigSetInputFile(config, GetWorkDir(), "failsafe.cf");
}
else
#endif
{
GenericAgentConfigSetInputFile(config, GetWorkDir(), vbuff);
}
}
}
/**
* Initialize client's network library.
*/
bool cfnet_init(const char *tls_min_version, const char *ciphers)
{
CryptoInitialize();
return TLSClientInitialize(tls_min_version, ciphers);
}
