Beispiel #1
0
static char *InputLocation(char *filename)

{ static char wfilename[CF_BUFSIZE], path[CF_BUFSIZE];

if (MINUSF && (filename != VINPUTFILE) && IsFileOutsideDefaultRepository(VINPUTFILE) && !IsAbsoluteFileName(filename))
   {
   /* If -f assume included relative files are in same directory */
   strncpy(path,VINPUTFILE,CF_BUFSIZE-1);
   ChopLastNode(path);
   snprintf(wfilename,CF_BUFSIZE-1,"%s%c%s",path,FILE_SEPARATOR,filename);
   }
else if (IsFileOutsideDefaultRepository(filename))
   {
   strncpy(wfilename,filename,CF_BUFSIZE-1);
   }
else
   {
   snprintf(wfilename,CF_BUFSIZE-1,"%s%cinputs%c%s",CFWORKDIR,FILE_SEPARATOR,FILE_SEPARATOR,filename);
   }

return MapName(wfilename);
}
Beispiel #2
0
FilePathType FilePathGetType(const char *file_path)
{
    if (IsAbsoluteFileName(file_path))
    {
        return FILE_PATH_TYPE_ABSOLUTE;
    }
    else if (IsFileOutsideDefaultRepository(file_path))
    {
        return FILE_PATH_TYPE_RELATIVE;
    }
    else
    {
        return FILE_PATH_TYPE_NON_ANCHORED;
    }
}
Beispiel #3
0
static bool IsPolicyPrecheckNeeded(GenericAgentConfig *config, bool force_validation)
{
    bool check_policy = false;

    if (IsFileOutsideDefaultRepository(config->input_file))
    {
        check_policy = true;
        Log(LOG_LEVEL_VERBOSE, "Input file is outside default repository, validating it");
    }
    if (GenericAgentIsPolicyReloadNeeded(config))
    {
        check_policy = true;
        Log(LOG_LEVEL_VERBOSE, "Input file is changed since last validation, validating it");
    }
    if (force_validation)
    {
        check_policy = true;
        Log(LOG_LEVEL_VERBOSE, "always_validate is set, forcing policy validation");
    }

    return check_policy;
}
Beispiel #4
0
bool GenericAgentCheckPromises(const GenericAgentConfig *config)
{
    char cmd[CF_BUFSIZE];

    Log(LOG_LEVEL_VERBOSE, "Verifying the syntax of the inputs...");
    {
        char cfpromises[CF_MAXVARSIZE];
        snprintf(cfpromises, sizeof(cfpromises), "%s%cbin%ccf-promises%s", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR,
                 EXEC_SUFFIX);

        struct stat sb;
        if (stat(cfpromises, &sb) == -1)
        {
            Log(LOG_LEVEL_ERR, "cf-promises%s needs to be installed in %s%cbin for pre-validation of full configuration",
                  EXEC_SUFFIX, CFWORKDIR, FILE_SEPARATOR);
            return false;
        }

        if (config->bundlesequence)
        {
            snprintf(cmd, sizeof(cmd), "\"%s\" \"", cfpromises);
        }
        else
        {
            snprintf(cmd, sizeof(cmd), "\"%s\" -c \"", cfpromises);
        }
    }

    strlcat(cmd, config->input_file, CF_BUFSIZE);

    strlcat(cmd, "\"", CF_BUFSIZE);

    if (config->bundlesequence)
    {
        strlcat(cmd, " -b \"", CF_BUFSIZE);
        for (const Rlist *rp = config->bundlesequence; rp; rp = rp->next)
        {
            const char *bundle_ref = rp->item;
            strlcat(cmd, bundle_ref, CF_BUFSIZE);

            if (rp->next)
            {
                strlcat(cmd, ",", CF_BUFSIZE);
            }
        }
        strlcat(cmd, "\"", CF_BUFSIZE);
    }

    if (config->agent_specific.agent.bootstrap_policy_server)
    {
        // avoids license complains from commercial cf-promises during bootstrap - see Nova_CheckLicensePromise
        strlcat(cmd, " -D bootstrap_mode", CF_BUFSIZE);
    }

    Log(LOG_LEVEL_VERBOSE, "Checking policy with command '%s'", cmd);

    if (!ShellCommandReturnsZero(cmd, true))
    {
        Log(LOG_LEVEL_ERR, "Policy failed validation with command '%s'", cmd);
        return false;
    }

    if (!IsFileOutsideDefaultRepository(config->original_input_file))
    {
        WritePolicyValidatedFile(config);
    }

    return true;
}
Beispiel #5
0
void GenericInitialize(int argc,char **argv,char *agents)

{ enum cfagenttype ag = Agent2Type(agents);
  char vbuff[CF_BUFSIZE];
  int ok = false;

#ifdef HAVE_NOVA
CF_DEFAULT_DIGEST = cf_sha256;
CF_DEFAULT_DIGEST_LEN = CF_SHA256_LEN;
#else
CF_DEFAULT_DIGEST = cf_md5;
CF_DEFAULT_DIGEST_LEN = CF_MD5_LEN;
#endif
 
InitializeGA(argc,argv);

SetReferenceTime(true);
SetStartTime(false);
SetSignals();
SanitizeEnvironment();

strcpy(THIS_AGENT,CF_AGENTTYPES[ag]);
NewClass(THIS_AGENT);
THIS_AGENT_TYPE = ag;

// need scope sys to set vars in expiry function
SetNewScope("sys");

if (EnterpriseExpiry())
   {
   CfOut(cf_error,"","Cfengine - autonomous configuration engine. This enterprise license is invalid.\n");
   exit(1);
   }

if (AM_NOVA)
   {
   CfOut(cf_verbose,""," -> This is CFE Nova\n");
   }

if (AM_CONSTELLATION)
   {
   CfOut(cf_verbose,""," -> This is CFE Constellation\n");
   }

NewScope("const");
NewScope("match");
NewScope("mon");
GetNameInfo3();
CfGetInterfaceInfo(ag);

if (ag != cf_know)
   {
   Get3Environment();
   BuiltinClasses();
   OSClasses();
   }

LoadPersistentContext();
LoadSystemConstants();

snprintf(vbuff,CF_BUFSIZE,"control_%s",THIS_AGENT);
SetNewScope(vbuff);
NewScope("this");
NewScope("match");

if (BOOTSTRAP)
   {
   CheckAutoBootstrap();
   }
else
   {
   if (strlen(POLICY_SERVER) > 0)
      {
      CfOut(cf_verbose,""," -> Found a policy server (hub) on %s",POLICY_SERVER);
      }
   else
      {
      CfOut(cf_verbose,""," -> No policy server (hub) watch yet registered");
      }
   }

SetPolicyServer(POLICY_SERVER);

if (ag != cf_keygen)
   {
   if (!MissingInputFile())
      {
      bool check_promises = false;

      if (SHOWREPORTS)
         {
         check_promises = true;
         CfOut(cf_verbose, "", " -> Reports mode is enabled, force-validating policy");
         }
      if (IsFileOutsideDefaultRepository(VINPUTFILE))
         {
         check_promises = true;
         CfOut(cf_verbose, "", " -> Input file is outside default repository, validating it");
         }
      if (NewPromiseProposals())
         {
         check_promises = true;
         CfOut(cf_verbose, "", " -> Input file is changed since last validation, validating it");
         }

      if (check_promises)
         {
         ok = CheckPromises(ag);
         if (BOOTSTRAP && !ok)
            {
            CfOut(cf_verbose, "", " -> Policy is not valid, but proceeding with bootstrap");
            ok = true;
            }
         }
      else
         {
         CfOut(cf_verbose, "", " -> Policy is already validated");
         ok = true;
         }
      }

   if (ok)
      {
      ReadPromises(ag,agents);
      }
   else
      {
      CfOut(cf_error,"","cf-agent was not able to get confirmation of promises from cf-promises, so going to failsafe\n");
      snprintf(VINPUTFILE,CF_BUFSIZE-1,"failsafe.cf");
      ReadPromises(ag,agents);
      }
   
   if (SHOWREPORTS)
      {
      CompilationReport(VINPUTFILE);
      }

   CheckLicenses();
   }

XML = 0;
}
Beispiel #6
0
int CheckPromises(enum cfagenttype ag)

{ char cmd[CF_BUFSIZE], cfpromises[CF_MAXVARSIZE];
  char filename[CF_MAXVARSIZE];
  struct stat sb;
  int fd;

if ((ag != cf_agent) && (ag != cf_executor) && (ag != cf_server))
   {
   return true;
   }

CfOut(cf_verbose,""," -> Verifying the syntax of the inputs...\n");

snprintf(cfpromises,sizeof(cfpromises),"%s%cbin%ccf-promises%s",CFWORKDIR,FILE_SEPARATOR,FILE_SEPARATOR,EXEC_SUFFIX);

if (cfstat(cfpromises,&sb) == -1)
   {
   CfOut(cf_error,"","cf-promises%s needs to be installed in %s%cbin for pre-validation of full configuration",EXEC_SUFFIX,CFWORKDIR,FILE_SEPARATOR);
   return false;
   }

/* If we are cf-agent, check syntax before attempting to run */

snprintf(cmd, sizeof(cmd), "\"%s\" -f \"", cfpromises);


if (IsFileOutsideDefaultRepository(VINPUTFILE))
   {
   strlcat(cmd, VINPUTFILE, CF_BUFSIZE);
   }
else
   {
   strlcat(cmd, CFWORKDIR, CF_BUFSIZE);
   strlcat(cmd, FILE_SEPARATOR_STR "inputs" FILE_SEPARATOR_STR, CF_BUFSIZE);
   strlcat(cmd, VINPUTFILE, CF_BUFSIZE);
   }

strlcat(cmd, "\"", CF_BUFSIZE);

if (CBUNDLESEQUENCE)
   {
   strlcat(cmd, " -b \"", CF_BUFSIZE);
   strlcat(cmd, CBUNDLESEQUENCE_STR, CF_BUFSIZE);
   strlcat(cmd, "\"", CF_BUFSIZE);
   }

if(BOOTSTRAP)
   {
   // avoids license complains from commercial cf-promises during bootstrap - see Nova_CheckLicensePromise
   strlcat(cmd, " -D bootstrap_mode", CF_BUFSIZE);
   }

/* Check if reloading policy will succeed */

CfOut(cf_verbose, "", "Checking policy with command \"%s\"", cmd);

if (ShellCommandReturnsZero(cmd,true))
   {
   if (MINUSF)
      {
      snprintf(filename,CF_MAXVARSIZE,"%s/state/validated_%s",CFWORKDIR,CanonifyName(VINPUTFILE));
      MapName(filename);   
      }
   else
      {
      snprintf(filename,CF_MAXVARSIZE,"%s/masterfiles/cf_promises_validated",CFWORKDIR);
      MapName(filename);
      }
   
   MakeParentDirectory(filename,true);
   
   if ((fd = creat(filename,0600)) != -1)
      {
      close(fd);
      CfOut(cf_verbose,""," -> Caching the state of validation\n");
      }
   else
      {
      CfOut(cf_verbose,"creat"," -> Failed to cache the state of validation\n");
      }
   
   return true;
   }
else
   {
   return false;
   }
}