bool MakeHardLink(EvalContext *ctx, const char *from, const char *to, Attributes attr, const Promise *pp,
PromiseResult *result)
{
if (DONTDO)
{
Log(LOG_LEVEL_ERR, "Need to hard link files '%s' -> '%s'", from, to);
return false;
}
else
{
if (link(to, from) == -1)
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, attr, "Couldn't hard link '%s' to '%s'. (link: %s)",
to, from, GetErrorStr());
*result = PromiseResultUpdate(*result, PROMISE_RESULT_FAIL);
return false;
}
else
{
cfPS(ctx, LOG_LEVEL_INFO, PROMISE_RESULT_CHANGE, pp, attr, "Hard linked files '%s' -> '%s'", from, to);
*result = PromiseResultUpdate(*result, PROMISE_RESULT_CHANGE);
return true;
}
}
}
static PromiseResult VerifyServices(EvalContext *ctx, Attributes a, const Promise *pp)
{
CfLock thislock;
thislock = AcquireLock(ctx, pp->promiser, VUQNAME, CFSTARTTIME, a.transaction, pp, false);
if (thislock.lock == NULL)
{
return PROMISE_RESULT_SKIPPED;
}
PromiseBanner(ctx, pp);
PromiseResult result = PROMISE_RESULT_SKIPPED;
if (strcmp(a.service.service_type, "windows") == 0)
{
#ifdef __MINGW32__
result = PromiseResultUpdate(result, VerifyWindowsService(ctx, a, pp));
#else
Log(LOG_LEVEL_INFO, "Service type windows not supported on this platform.");
#endif
}
else
{
result = PromiseResultUpdate(result, DoVerifyServices(ctx, a, pp));
}
YieldCurrentLock(thislock);
return result;
}
static bool MakeLink(EvalContext *ctx, const char *from, const char *to, Attributes attr, const Promise *pp,
PromiseResult *result)
{
if (DONTDO || (attr.transaction.action == cfa_warn))
{
Log(LOG_LEVEL_WARNING, "Need to link files '%s' -> '%s'", from, to);
return false;
}
else
{
if (symlink(to, from) == -1)
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, attr, "Couldn't link '%s' to '%s'. (symlink: %s)",
to, from, GetErrorStr());
*result = PromiseResultUpdate(*result, PROMISE_RESULT_FAIL);
return false;
}
else
{
cfPS(ctx, LOG_LEVEL_INFO, PROMISE_RESULT_CHANGE, pp, attr, "Linked files '%s' -> '%s'", from, to);
*result = PromiseResultUpdate(*result, PROMISE_RESULT_CHANGE);
return true;
}
}
}
static PromiseResult DeleteVirtNetwork(EvalContext *ctx, virConnectPtr vc, Attributes a, const Promise *pp)
{
virNetworkPtr network;
if ((network = virNetworkLookupByName(vc, pp->promiser)) == NULL)
{
cfPS(ctx, LOG_LEVEL_VERBOSE, PROMISE_RESULT_NOOP, pp, a, "Couldn't find a network called '%s' - promise assumed kept",
pp->promiser);
return PROMISE_RESULT_NOOP;
}
PromiseResult result = PROMISE_RESULT_NOOP;
if (virNetworkDestroy(network) == 0)
{
cfPS(ctx, LOG_LEVEL_INFO, PROMISE_RESULT_CHANGE, pp, a, "Deleted network '%s' - promise repaired", pp->promiser);
result = PromiseResultUpdate(result, PROMISE_RESULT_CHANGE);
}
else
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "Network deletion of '%s' failed", pp->promiser);
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
}
virNetworkFree(network);
return result;
}
static PromiseResult DeleteVirt(EvalContext *ctx, virConnectPtr vc, Attributes a, const Promise *pp)
{
virDomainPtr dom;
dom = virDomainLookupByName(vc, pp->promiser);
PromiseResult result = PROMISE_RESULT_NOOP;
if (dom)
{
if (virDomainDestroy(dom) == -1)
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "Failed to delete virtual domain '%s'", pp->promiser);
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
}
else
{
cfPS(ctx, LOG_LEVEL_VERBOSE, PROMISE_RESULT_CHANGE, pp, a, "Deleted virtual domain '%s'", pp->promiser);
result = PromiseResultUpdate(result, PROMISE_RESULT_CHANGE);
}
virDomainFree(dom);
}
else
{
cfPS(ctx, LOG_LEVEL_VERBOSE, PROMISE_RESULT_NOOP, pp, a, "No such virtual domain called '%s' - promise kept", pp->promiser);
}
return result;
}
static PromiseResult VerifyServices(EvalContext *ctx, Attributes a, Promise *pp)
{
CfLock thislock;
thislock = AcquireLock(ctx, pp->promiser, VUQNAME, CFSTARTTIME, a.transaction, pp, false);
if (thislock.lock == NULL)
{
return PROMISE_RESULT_SKIPPED;
}
EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_THIS, "promiser", pp->promiser, DATA_TYPE_STRING, "goal=state,source=promise");
PromiseBanner(pp);
PromiseResult result = PROMISE_RESULT_NOOP;
if (strcmp(a.service.service_type, "windows") == 0)
{
result = PromiseResultUpdate(result, VerifyWindowsService(ctx, a, pp));
}
else
{
result = PromiseResultUpdate(result, DoVerifyServices(ctx, a, pp));
}
EvalContextVariableRemoveSpecial(ctx, SPECIAL_SCOPE_THIS, "promiser");
YieldCurrentLock(thislock);
return result;
}
static PromiseResult VerifyServices(EvalContext *ctx, Attributes a, const Promise *pp)
{
CfLock thislock;
thislock = AcquireLock(ctx, pp->promiser, VUQNAME, CFSTARTTIME, a.transaction, pp, false);
if (thislock.lock == NULL)
{
return PROMISE_RESULT_SKIPPED;
}
EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_THIS, "promiser", pp->promiser, CF_DATA_TYPE_STRING, "source=promise");
PromiseBanner(pp);
PromiseResult result = PROMISE_RESULT_NOOP;
if (strcmp(a.service.service_type, "windows") == 0)
{
#ifdef __MINGW32__
result = PromiseResultUpdate(result, VerifyWindowsService(ctx, a, pp));
#else
Log(LOG_LEVEL_INFO, "Service type windows not supported on this platform.");
#endif
}
else
{
result = PromiseResultUpdate(result, DoVerifyServices(ctx, a, pp));
}
EvalContextVariableRemoveSpecial(ctx, SPECIAL_SCOPE_THIS, "promiser");
YieldCurrentLock(thislock);
return result;
}
int DoAllSignals(EvalContext *ctx, Item *siglist, Attributes a, const Promise *pp, PromiseResult *result)
{
Item *ip;
Rlist *rp;
pid_t pid;
int killed = false;
if (siglist == NULL)
{
return 0;
}
if (a.signals == NULL)
{
Log(LOG_LEVEL_VERBOSE, "No signals to send for '%s'", pp->promiser);
return 0;
}
for (ip = siglist; ip != NULL; ip = ip->next)
{
pid = ip->counter;
for (rp = a.signals; rp != NULL; rp = rp->next)
{
int signal = SignalFromString(RlistScalarValue(rp));
if (!DONTDO)
{
if ((signal == SIGKILL) || (signal == SIGTERM))
{
killed = true;
}
if (kill((pid_t) pid, signal) < 0)
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a,
"Couldn't send promised signal '%s' (%d) to pid %jd (might be dead). (kill: %s)", RlistScalarValue(rp),
signal, (intmax_t)pid, GetErrorStr());
*result = PromiseResultUpdate(*result, PROMISE_RESULT_FAIL);
}
else
{
cfPS(ctx, LOG_LEVEL_INFO, PROMISE_RESULT_CHANGE, pp, a, "Signalled '%s' (%d) to process %jd (%s)",
RlistScalarValue(rp), signal, (intmax_t)pid, ip->name);
*result = PromiseResultUpdate(*result, PROMISE_RESULT_CHANGE);
}
}
else
{
Log(LOG_LEVEL_ERR, "Need to keep signal promise '%s' in process entry '%s'",
RlistScalarValue(rp), ip->name);
}
}
}
return killed;
}
static PromiseResult ExpandPromiseAndDo(EvalContext *ctx, PromiseIterator *iterctx,
PromiseActuator *act_on_promise, void *param)
{
PromiseResult result = PROMISE_RESULT_SKIPPED;
/* TODO this loop could be completely skipped for for non vars/classes if
* act_on_promise is CommonEvalPromise(). */
while (PromiseIteratorNext(iterctx, ctx))
{
/*
* ACTUAL WORK PART 1: Get a (another) copy of the promise.
*
* Basically this evaluates all constraints. As a result it evaluates
* all functions, even if they are not to be used immediately (for
* example promises that the actuator skips because of ifvarclass).
*/
const Promise *pexp = /* expanded promise */
EvalContextStackPushPromiseIterationFrame(ctx, iterctx);
if (pexp == NULL) /* is the promise excluded? */
{
result = PromiseResultUpdate(result, PROMISE_RESULT_SKIPPED);
continue;
}
/* ACTUAL WORK PART 2: run the actuator */
PromiseResult iteration_result = act_on_promise(ctx, pexp, param);
/* iteration_result is always NOOP for PRE-EVAL. */
result = PromiseResultUpdate(result, iteration_result);
/* Redmine#6484: Do not store promise handles during PRE-EVAL, to
* avoid package promise always running. */
if (act_on_promise != &CommonEvalPromise)
{
NotifyDependantPromises(ctx, pexp, iteration_result);
}
/* EVALUATE VARS PROMISES again, allowing redefinition of
* variables. The theory behind this is that the "sampling rate" of
* vars promise needs to be double than the rest. */
if (strcmp(pexp->parent_promise_type->name, "vars") == 0 ||
strcmp(pexp->parent_promise_type->name, "meta") == 0)
{
if (act_on_promise != &VerifyVarPromise)
{
VerifyVarPromise(ctx, pexp, NULL);
}
}
/* Why do we push/pop an iteration frame, if all iterated variables
* are Put() on the previous scope? */
EvalContextStackPopFrame(ctx);
}
return result;
}
static PromiseResult DoVerifyServices(EvalContext *ctx, Attributes a, const Promise *pp)
{
FnCall *service_bundle = PromiseGetConstraintAsRval(pp, "service_bundle", RVAL_TYPE_FNCALL);
PromiseResult result = PROMISE_RESULT_NOOP;
if (!service_bundle)
{
service_bundle = PromiseGetConstraintAsRval(pp, "service_bundle", RVAL_TYPE_SCALAR);
}
if (!service_bundle)
{
cfPS(ctx, LOG_LEVEL_INFO, PROMISE_RESULT_FAIL, pp, a, "Service '%s' cannot be resolved as a bundle", pp->promiser);
return PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
}
switch (a.service.service_policy)
{
case SERVICE_POLICY_START:
EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_THIS, "service_policy", "start", CF_DATA_TYPE_STRING, "source=promise");
break;
case SERVICE_POLICY_RESTART:
EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_THIS, "service_policy", "restart", CF_DATA_TYPE_STRING, "source=promise");
break;
case SERVICE_POLICY_RELOAD:
EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_THIS, "service_policy", "reload", CF_DATA_TYPE_STRING, "source=promise");
break;
case SERVICE_POLICY_STOP:
case SERVICE_POLICY_DISABLE:
default:
EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_THIS, "service_policy", "stop", CF_DATA_TYPE_STRING, "source=promise");
break;
}
const Bundle *bp = PolicyGetBundle(PolicyFromPromise(pp), NULL, "agent", service_bundle->name);
if (!bp)
{
bp = PolicyGetBundle(PolicyFromPromise(pp), NULL, "common", service_bundle->name);
}
if (!bp)
{
cfPS(ctx, LOG_LEVEL_INFO, PROMISE_RESULT_FAIL, pp, a, "Service '%s' could not be invoked successfully", pp->promiser);
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
}
if (!DONTDO)
{
result = PromiseResultUpdate(result, VerifyMethod(ctx, "service_bundle", a, pp)); // Send list of classes to set privately?
}
return result;
}
static PromiseResult VerifyVirtDomain(EvalContext *ctx, char *uri, enum cfhypervisors envtype, Attributes a, const Promise *pp)
{
int num, i;
/* set up the library error handler */
virSetErrorFunc(NULL, (void *) EnvironmentErrorHandler);
if (CFVC[envtype] == NULL)
{
if ((CFVC[envtype] = virConnectOpenAuth(uri, virConnectAuthPtrDefault, 0)) == NULL)
{
Log(LOG_LEVEL_ERR, "Failed to connect to virtualization monitor '%s'", uri);
return PROMISE_RESULT_NOOP;
}
}
for (i = 0; i < CF_MAX_CONCURRENT_ENVIRONMENTS; i++)
{
CF_RUNNING[i] = -1;
CF_SUSPENDED[i] = NULL;
}
num = virConnectListDomains(CFVC[envtype], CF_RUNNING, CF_MAX_CONCURRENT_ENVIRONMENTS);
Log(LOG_LEVEL_VERBOSE, "Found %d running guest environments on this host (including enclosure)", num);
ShowRunList(CFVC[envtype]);
num = virConnectListDefinedDomains(CFVC[envtype], CF_SUSPENDED, CF_MAX_CONCURRENT_ENVIRONMENTS);
Log(LOG_LEVEL_VERBOSE, "Found %d dormant guest environments on this host", num);
ShowDormant();
PromiseResult result = PROMISE_RESULT_NOOP;
switch (a.env.state)
{
case ENVIRONMENT_STATE_CREATE:
result = PromiseResultUpdate(result, CreateVirtDom(ctx, CFVC[envtype], a, pp));
break;
case ENVIRONMENT_STATE_DELETE:
result = PromiseResultUpdate(result, DeleteVirt(ctx, CFVC[envtype], a, pp));
break;
case ENVIRONMENT_STATE_RUNNING:
result = PromiseResultUpdate(result, RunningVirt(ctx, CFVC[envtype], a, pp));
break;
case ENVIRONMENT_STATE_SUSPENDED:
result = PromiseResultUpdate(result, SuspendedVirt(ctx, CFVC[envtype], a, pp));
break;
case ENVIRONMENT_STATE_DOWN:
result = PromiseResultUpdate(result, DownVirt(ctx, CFVC[envtype], a, pp));
break;
default:
Log(LOG_LEVEL_INFO, "No state specified for this environment");
break;
}
return result;
}
static PromiseResult ExpandPromiseAndDo(EvalContext *ctx, const Promise *pp,
Rlist *lists, Rlist *containers,
PromiseActuator *ActOnPromise, void *param)
{
const char *handle = PromiseGetHandle(pp);
EvalContextStackPushPromiseFrame(ctx, pp, true);
PromiseIterator *iter_ctx = NULL;
size_t i = 0;
PromiseResult result = PROMISE_RESULT_NOOP;
Buffer *expbuf = BufferNew();
for (iter_ctx = PromiseIteratorNew(ctx, pp, lists, containers); PromiseIteratorHasMore(iter_ctx); i++, PromiseIteratorNext(iter_ctx))
{
if (handle)
{
// This ordering is necessary to get automated canonification
BufferClear(expbuf);
ExpandScalar(ctx, NULL, "this", handle, expbuf);
CanonifyNameInPlace(BufferGet(expbuf));
EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_THIS, "handle", BufferData(expbuf), CF_DATA_TYPE_STRING, "source=promise");
}
else
{
EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_THIS, "handle", PromiseID(pp), CF_DATA_TYPE_STRING, "source=promise");
}
const Promise *pexp = EvalContextStackPushPromiseIterationFrame(ctx, i, iter_ctx);
if (!pexp)
{
// excluded
result = PromiseResultUpdate(result, PROMISE_RESULT_SKIPPED);
continue;
}
PromiseResult iteration_result = ActOnPromise(ctx, pexp, param);
NotifyDependantPromises(ctx, pexp, iteration_result);
result = PromiseResultUpdate(result, iteration_result);
if (strcmp(pp->parent_promise_type->name, "vars") == 0 || strcmp(pp->parent_promise_type->name, "meta") == 0)
{
VerifyVarPromise(ctx, pexp, true);
}
EvalContextStackPopFrame(ctx);
}
BufferDestroy(expbuf);
PromiseIteratorDestroy(iter_ctx);
EvalContextStackPopFrame(ctx);
return result;
}
PromiseResult VerifyExecPromise(EvalContext *ctx, const Promise *pp)
{
Attributes a = GetExecAttributes(ctx, pp);
EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_THIS, "promiser", pp->promiser, DATA_TYPE_STRING, "source=promise");
if (!SyntaxCheckExec(a, pp))
{
EvalContextVariableRemoveSpecial(ctx, SPECIAL_SCOPE_THIS, "promiser");
return PROMISE_RESULT_FAIL;
}
if (PromiseKeptExec(a, pp))
{
EvalContextVariableRemoveSpecial(ctx, SPECIAL_SCOPE_THIS, "promiser");
return PROMISE_RESULT_NOOP;
}
char *lock_name = GetLockNameExec(a, pp);
CfLock thislock = AcquireLock(ctx, lock_name, VUQNAME, CFSTARTTIME, a.transaction, pp, false);
free(lock_name);
if (thislock.lock == NULL)
{
EvalContextVariableRemoveSpecial(ctx, SPECIAL_SCOPE_THIS, "promiser");
return PROMISE_RESULT_SKIPPED;
}
PromiseBanner(pp);
PromiseResult result = PROMISE_RESULT_NOOP;
switch (RepairExec(ctx, a, pp, &result))
{
case ACTION_RESULT_OK:
result = PromiseResultUpdate(result, PROMISE_RESULT_CHANGE);
break;
case ACTION_RESULT_TIMEOUT:
result = PromiseResultUpdate(result, PROMISE_RESULT_TIMEOUT);
break;
case ACTION_RESULT_FAILED:
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
break;
default:
ProgrammingError("Unexpected ActionResult value");
}
YieldCurrentLock(thislock);
EvalContextVariableRemoveSpecial(ctx, SPECIAL_SCOPE_THIS, "promiser");
return result;
}
PromiseResult VerifyUnmount(EvalContext *ctx, char *name, const Attributes *a, const Promise *pp)
{
char comm[CF_BUFSIZE];
FILE *pfp;
char *mountpt;
mountpt = name;
PromiseResult result = PROMISE_RESULT_NOOP;
if (!DONTDO)
{
snprintf(comm, CF_BUFSIZE, "%s %s", VUNMOUNTCOMM[VSYSTEMHARDCLASS], mountpt);
if ((pfp = cf_popen(comm, "r", true)) == NULL)
{
Log(LOG_LEVEL_ERR, "Failed to open pipe from %s", VUNMOUNTCOMM[VSYSTEMHARDCLASS]);
return result;
}
size_t line_size = CF_BUFSIZE;
char *line = xmalloc(line_size);
ssize_t res = CfReadLine(&line, &line_size, pfp);
if (res == -1)
{
cf_pclose(pfp);
free(line);
if (!feof(pfp))
{
Log(LOG_LEVEL_ERR, "Unable to read output of unmount command. (fread: %s)", GetErrorStr());
return result;
}
}
else if (res > 0 && ((strstr(line, "busy")) || (strstr(line, "Busy"))))
{
cfPS(ctx, LOG_LEVEL_INFO, PROMISE_RESULT_INTERRUPTED, pp, a, "The device under '%s' cannot be unmounted", mountpt);
result = PromiseResultUpdate(result, PROMISE_RESULT_INTERRUPTED);
cf_pclose(pfp);
free(line);
return result;
}
}
cfPS(ctx, LOG_LEVEL_INFO, PROMISE_RESULT_CHANGE, pp, a, "Unmounting '%s' to keep promise", mountpt);
result = PromiseResultUpdate(result, PROMISE_RESULT_CHANGE);
return result;
}
static VersionCmpResult RunCmpCommand(EvalContext *ctx, const char *command, const char *v1, const char *v2, Attributes a,
const Promise *pp, PromiseResult *result)
{
Buffer *expanded_command = BufferNew();
{
VarRef *ref_v1 = VarRefParseFromScope("v1", PACKAGES_CONTEXT);
EvalContextVariablePut(ctx, ref_v1, v1, CF_DATA_TYPE_STRING, "source=promise");
VarRef *ref_v2 = VarRefParseFromScope("v2", PACKAGES_CONTEXT);
EvalContextVariablePut(ctx, ref_v2, v2, CF_DATA_TYPE_STRING, "source=promise");
ExpandScalar(ctx, NULL, PACKAGES_CONTEXT, command, expanded_command);
EvalContextVariableRemove(ctx, ref_v1);
VarRefDestroy(ref_v1);
EvalContextVariableRemove(ctx, ref_v2);
VarRefDestroy(ref_v2);
}
FILE *pfp = a.packages.package_commands_useshell ? cf_popen_sh(BufferData(expanded_command), "w") : cf_popen(BufferData(expanded_command), "w", true);
if (pfp == NULL)
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "Can not start package version comparison command '%s'. (cf_popen: %s)",
BufferData(expanded_command), GetErrorStr());
*result = PromiseResultUpdate(*result, PROMISE_RESULT_FAIL);
BufferDestroy(expanded_command);
return VERCMP_ERROR;
}
Log(LOG_LEVEL_VERBOSE, "Executing '%s'", BufferData(expanded_command));
int retcode = cf_pclose(pfp);
if (retcode == -1)
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "Error during package version comparison command execution '%s'. (cf_pclose: %s)",
BufferData(expanded_command), GetErrorStr());
*result = PromiseResultUpdate(*result, PROMISE_RESULT_FAIL);
BufferDestroy(expanded_command);
return VERCMP_ERROR;
}
BufferDestroy(expanded_command);
return retcode == 0;
}
static PromiseResult DoVerifyServices(EvalContext *ctx, Attributes a, const Promise *pp)
{
Rval call;
{
const Constraint *cp = PromiseGetConstraint(pp, "service_bundle");
if (cp)
{
call = RvalCopy(cp->rval);
}
else
{
call = (Rval) { DefaultServiceBundleCall(pp, a.service.service_policy), RVAL_TYPE_FNCALL };
}
}
a.havebundle = true;
EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_THIS, "service_policy", a.service.service_policy, CF_DATA_TYPE_STRING, "source=promise");
PromiseResult result = PROMISE_RESULT_NOOP;
result = PromiseResultUpdate(result, VerifyMethod(ctx, call, a, pp)); // Send list of classes to set privately?
RvalDestroy(call);
return result;
}
bool KillGhostLink(EvalContext *ctx, const char *name, Attributes attr, const Promise *pp, PromiseResult *result)
{
Log(LOG_LEVEL_VERBOSE, "Windows does not support symbolic links (at KillGhostLink())");
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, attr, "Windows does not support killing link '%s'", name);
PromiseResultUpdate(*result, PROMISE_RESULT_FAIL);
return false;
}
static PromiseResult CreateVirtNetwork(EvalContext *ctx, virConnectPtr vc, char **networks, Attributes a, const Promise *pp)
{
virNetworkPtr network;
char *xml_file;
char defaultxml[CF_MAXVARSIZE];
int i, found = false;
snprintf(defaultxml, CF_MAXVARSIZE - 1,
"<network>"
"<name>%s</name>"
"<bridge name=\"virbr0\" />"
"<forward mode=\"nat\"/>"
"<ip address=\"192.168.122.1\" netmask=\"255.255.255.0\">"
"<dhcp>"
"<range start=\"192.168.122.2\" end=\"192.168.122.254\" />" "</dhcp>" "</ip>" "</network>", pp->promiser);
for (i = 0; networks[i] != NULL; i++)
{
Log(LOG_LEVEL_VERBOSE, "Discovered a running network '%s'", networks[i]);
if (strcmp(networks[i], pp->promiser) == 0)
{
found = true;
}
}
if (found)
{
cfPS(ctx, LOG_LEVEL_VERBOSE, PROMISE_RESULT_NOOP, pp, a, "Network '%s' exists - promise kept", pp->promiser);
return PROMISE_RESULT_NOOP;
}
if (a.env.spec)
{
xml_file = xstrdup(a.env.spec);
}
else
{
xml_file = xstrdup(defaultxml);
}
PromiseResult result = PROMISE_RESULT_NOOP;
if ((network = virNetworkCreateXML(vc, xml_file)) == NULL)
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "Unable to create network '%s'", pp->promiser);
free(xml_file);
return PROMISE_RESULT_FAIL;
}
else
{
cfPS(ctx, LOG_LEVEL_INFO, PROMISE_RESULT_CHANGE, pp, a, "Created network '%s' - promise repaired", pp->promiser);
result = PromiseResultUpdate(result, PROMISE_RESULT_CHANGE);
}
free(xml_file);
virNetworkFree(network);
return result;
}
bool MakeHardLink(EvalContext *ctx, const char *from, const char *to, Attributes attr, const Promise *pp,
PromiseResult *result)
{ // TODO: Implement ?
Log(LOG_LEVEL_VERBOSE, "Hard links are not yet supported on Windows");
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, attr, "Couldn't hard link '%s' to '%s'", to, from);
*result = PromiseResultUpdate(*result, PROMISE_RESULT_FAIL);
return false;
}
static PromiseResult FindFilePromiserObjects(EvalContext *ctx, const Promise *pp)
{
char *val = PromiseGetConstraintAsRval(pp, "pathtype", RVAL_TYPE_SCALAR);
int literal = (PromiseGetConstraintAsBoolean(ctx, "copy_from", pp)) || ((val != NULL) && (strcmp(val, "literal") == 0));
/* Check if we are searching over a regular expression */
PromiseResult result = PROMISE_RESULT_SKIPPED;
if (literal)
{
// Prime the promiser temporarily, may override later
result = PromiseResultUpdate(result, VerifyFilePromise(ctx, pp->promiser, pp));
}
else // Default is to expand regex paths
{
result = PromiseResultUpdate(result, LocateFilePromiserGroup(ctx, pp->promiser, pp, VerifyFilePromise));
}
return result;
}
static PromiseResult VerifyVirtNetwork(EvalContext *ctx, char *uri, enum cfhypervisors envtype, Attributes a, const Promise *pp)
{
int num, i;
char *networks[CF_MAX_CONCURRENT_ENVIRONMENTS];
if (CFVC[envtype] == NULL)
{
if ((CFVC[envtype] = virConnectOpenAuth(uri, virConnectAuthPtrDefault, 0)) == NULL)
{
Log(LOG_LEVEL_ERR, "Failed to connect to virtualization monitor '%s'", uri);
return PROMISE_RESULT_NOOP;
}
}
for (i = 0; i < CF_MAX_CONCURRENT_ENVIRONMENTS; i++)
{
networks[i] = NULL;
}
num = virConnectListNetworks(CFVC[envtype], networks, CF_MAX_CONCURRENT_ENVIRONMENTS);
Log(LOG_LEVEL_VERBOSE, "Detected %d active networks", num);
PromiseResult result = PROMISE_RESULT_NOOP;
switch (a.env.state)
{
case ENVIRONMENT_STATE_CREATE:
result = PromiseResultUpdate(result, CreateVirtNetwork(ctx, CFVC[envtype], networks, a, pp));
break;
case ENVIRONMENT_STATE_DELETE:
result = PromiseResultUpdate(result, DeleteVirtNetwork(ctx, CFVC[envtype], a, pp));
break;
default:
Log(LOG_LEVEL_INFO, "No recognized state specified for this network environment");
break;
}
return result;
}
static PromiseResult FindFilePromiserObjects(EvalContext *ctx, Promise *pp)
{
char *val = ConstraintGetRvalValue(ctx, "pathtype", pp, RVAL_TYPE_SCALAR);
int literal = (PromiseGetConstraintAsBoolean(ctx, "copy_from", pp)) || ((val != NULL) && (strcmp(val, "literal") == 0));
/* Check if we are searching over a regular expression */
PromiseResult result = PROMISE_RESULT_NOOP;
if (literal)
{
// Prime the promiser temporarily, may override later
EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_THIS, "promiser", pp->promiser, DATA_TYPE_STRING);
result = PromiseResultUpdate(result, VerifyFilePromise(ctx, pp->promiser, pp));
}
else // Default is to expand regex paths
{
result = PromiseResultUpdate(result, LocateFilePromiserGroup(ctx, pp->promiser, pp, VerifyFilePromise));
}
return result;
}
bool KillGhostLink(EvalContext *ctx, const char *name, Attributes attr, const Promise *pp,
PromiseResult *result)
{
char linkbuf[CF_BUFSIZE], tmp[CF_BUFSIZE];
char linkpath[CF_BUFSIZE], *sp;
struct stat statbuf;
memset(linkbuf, 0, CF_BUFSIZE);
memset(linkpath, 0, CF_BUFSIZE);
if (readlink(name, linkbuf, CF_BUFSIZE - 1) == -1)
{
Log(LOG_LEVEL_VERBOSE, "Can't read link '%s' while checking for deadlinks", name);
return true; /* ignore */
}
if (!IsAbsoluteFileName(linkbuf))
{
strcpy(linkpath, name); /* Get path to link */
for (sp = linkpath + strlen(linkpath); (*sp != FILE_SEPARATOR) && (sp >= linkpath); sp--)
{
*sp = '\0';
}
}
strcat(linkpath, linkbuf);
CompressPath(tmp, sizeof(tmp), linkpath);
if (stat(tmp, &statbuf) == -1) /* link points nowhere */
{
if ((attr.link.when_no_file == cfa_delete) || (attr.recursion.rmdeadlinks))
{
Log(LOG_LEVEL_VERBOSE, "'%s' is a link which points to '%s', but that file doesn't seem to exist", name,
linkbuf);
if (!DONTDO)
{
unlink(name); /* May not work on a client-mounted system ! */
cfPS(ctx, LOG_LEVEL_INFO, PROMISE_RESULT_CHANGE, pp, attr,
"Removing ghost '%s', reference to something that is not there", name);
*result = PromiseResultUpdate(*result, PROMISE_RESULT_CHANGE);
return true;
}
}
}
return false;
}
static PromiseResult DoVerifyServices(EvalContext *ctx, Attributes a, const Promise *pp)
{
Rval call;
{
const Constraint *cp = PromiseGetConstraint(pp, "service_bundle");
if (cp)
{
call = RvalCopy(cp->rval);
}
else
{
call = (Rval) { DefaultServiceBundleCall(pp, a.service.service_policy), RVAL_TYPE_FNCALL };
}
}
a.havebundle = true;
switch (a.service.service_policy)
{
case SERVICE_POLICY_START:
EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_THIS, "service_policy", "start", CF_DATA_TYPE_STRING, "source=promise");
break;
case SERVICE_POLICY_RESTART:
EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_THIS, "service_policy", "restart", CF_DATA_TYPE_STRING, "source=promise");
break;
case SERVICE_POLICY_RELOAD:
EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_THIS, "service_policy", "reload", CF_DATA_TYPE_STRING, "source=promise");
break;
case SERVICE_POLICY_STOP:
case SERVICE_POLICY_DISABLE:
default:
EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_THIS, "service_policy", "stop", CF_DATA_TYPE_STRING, "source=promise");
break;
}
PromiseResult result = PROMISE_RESULT_NOOP;
if (!DONTDO)
{
result = PromiseResultUpdate(result, VerifyMethod(ctx, call, a, pp)); // Send list of classes to set privately?
}
RvalDestroy(call);
return result;
}
PromiseResult VerifyReportPromise(EvalContext *ctx, const Promise *pp)
{
CfLock thislock;
char unique_name[CF_EXPANDSIZE];
Attributes a = GetReportsAttributes(ctx, pp);
// We let AcquireLock worry about making a unique name
snprintf(unique_name, CF_EXPANDSIZE - 1, "%s", pp->promiser);
thislock = AcquireLock(ctx, unique_name, VUQNAME, CFSTARTTIME, a.transaction, pp, false);
// Handle return values before locks, as we always do this
if (a.report.result)
{
// User-unwritable value last-result contains the useresult
if (strlen(a.report.result) > 0)
{
snprintf(unique_name, CF_BUFSIZE, "last-result[%s]", a.report.result);
}
else
{
snprintf(unique_name, CF_BUFSIZE, "last-result");
}
VarRef *ref = VarRefParseFromBundle(unique_name, PromiseGetBundle(pp));
EvalContextVariablePut(ctx, ref, pp->promiser, CF_DATA_TYPE_STRING, "source=bundle");
VarRefDestroy(ref);
if (thislock.lock)
{
YieldCurrentLock(thislock);
}
return PROMISE_RESULT_NOOP;
}
if (thislock.lock == NULL)
{
return PROMISE_RESULT_SKIPPED;
}
PromiseBanner(ctx, pp);
if (a.transaction.action == cfa_warn)
{
cfPS(ctx, LOG_LEVEL_WARNING, PROMISE_RESULT_WARN, pp, a, "Need to repair reports promise: %s", pp->promiser);
YieldCurrentLock(thislock);
return PROMISE_RESULT_WARN;
}
if (a.report.to_file)
{
ReportToFile(a.report.to_file, pp->promiser);
}
else
{
ReportToLog(pp->promiser);
}
PromiseResult result = PROMISE_RESULT_NOOP;
if (a.report.haveprintfile)
{
if (!PrintFile(a.report.filename, a.report.numlines))
{
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
}
}
YieldCurrentLock(thislock);
ClassAuditLog(ctx, pp, a, result);
return result;
}
static PromiseResult DownVirt(EvalContext *ctx, virConnectPtr vc, Attributes a, const Promise *pp)
{
virDomainPtr dom;
virDomainInfo info;
dom = virDomainLookupByName(vc, pp->promiser);
PromiseResult result = PROMISE_RESULT_NOOP;
if (dom)
{
if (virDomainGetInfo(dom, &info) == -1)
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "Unable to probe virtual domain '%s'", pp->promiser);
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
virDomainFree(dom);
return result;
}
switch (info.state)
{
case VIR_DOMAIN_BLOCKED:
case VIR_DOMAIN_RUNNING:
if (virDomainShutdown(dom) == -1)
{
cfPS(ctx, LOG_LEVEL_VERBOSE, PROMISE_RESULT_INTERRUPTED, pp, a, "Virtual domain '%s' failed to shutdown",
pp->promiser);
result = PromiseResultUpdate(result, PROMISE_RESULT_INTERRUPTED);
virDomainFree(dom);
return result;
}
cfPS(ctx, LOG_LEVEL_VERBOSE, PROMISE_RESULT_CHANGE, pp, a, "Virtual domain '%s' running, terminating", pp->promiser);
result = PromiseResultUpdate(result, PROMISE_RESULT_CHANGE);
break;
case VIR_DOMAIN_SHUTOFF:
case VIR_DOMAIN_SHUTDOWN:
cfPS(ctx, LOG_LEVEL_VERBOSE, PROMISE_RESULT_NOOP, pp, a, "Virtual domain '%s' is down - promise kept", pp->promiser);
break;
case VIR_DOMAIN_PAUSED:
cfPS(ctx, LOG_LEVEL_VERBOSE, PROMISE_RESULT_INTERRUPTED, pp, a, "Virtual domain '%s' is suspended - ignoring promise",
pp->promiser);
result = PromiseResultUpdate(result, PROMISE_RESULT_INTERRUPTED);
break;
case VIR_DOMAIN_CRASHED:
if (virDomainSuspend(dom) == -1)
{
cfPS(ctx, LOG_LEVEL_VERBOSE, PROMISE_RESULT_INTERRUPTED, pp, a, "Virtual domain '%s' is crashed and failed to shutdown",
pp->promiser);
result = PromiseResultUpdate(result, PROMISE_RESULT_INTERRUPTED);
virDomainFree(dom);
return false;
}
cfPS(ctx, LOG_LEVEL_VERBOSE, PROMISE_RESULT_CHANGE, pp, a, "Virtual domain '%s' is in a crashed state, terminating",
pp->promiser);
result = PromiseResultUpdate(result, PROMISE_RESULT_CHANGE);
break;
default:
Log(LOG_LEVEL_VERBOSE, "Virtual domain '%s' is reported as having no state, whatever that means",
pp->promiser);
break;
}
virDomainFree(dom);
}
else
{
cfPS(ctx, LOG_LEVEL_VERBOSE, PROMISE_RESULT_NOOP, pp, a, "Virtual domain '%s' cannot be found - take promise as kept",
pp->promiser);
}
return result;
}
PromiseResult VerifyVarPromise(EvalContext *ctx, const Promise *pp, bool allow_duplicates)
{
ConvergeVariableOptions opts = CollectConvergeVariableOptions(ctx, pp, allow_duplicates);
if (!opts.should_converge)
{
return PROMISE_RESULT_NOOP;
}
Attributes a = { {0} };
// More consideration needs to be given to using these
//a.transaction = GetTransactionConstraints(pp);
a.classes = GetClassDefinitionConstraints(ctx, pp);
VarRef *ref = VarRefParseFromBundle(pp->promiser, PromiseGetBundle(pp));
if (strcmp("meta", pp->parent_promise_type->name) == 0)
{
VarRefSetMeta(ref, true);
}
DataType existing_value_type = CF_DATA_TYPE_NONE;
const void *const existing_value =
IsExpandable(pp->promiser) ? NULL : EvalContextVariableGet(ctx, ref, &existing_value_type);
PromiseResult result = PROMISE_RESULT_NOOP;
Rval rval = opts.cp_save->rval;
if (rval.item != NULL)
{
DataType data_type = DataTypeFromString(opts.cp_save->lval);
if (opts.cp_save->rval.type == RVAL_TYPE_FNCALL)
{
FnCall *fp = RvalFnCallValue(rval);
const FnCallType *fn = FnCallTypeGet(fp->name);
if (!fn)
{
assert(false && "Canary: should have been caught before this point");
FatalError(ctx, "While setting variable '%s' in bundle '%s', unknown function '%s'",
pp->promiser, PromiseGetBundle(pp)->name, fp->name);
}
if (fn->dtype != DataTypeFromString(opts.cp_save->lval))
{
FatalError(ctx, "While setting variable '%s' in bundle '%s', variable declared type '%s' but function '%s' returns type '%s'",
pp->promiser, PromiseGetBundle(pp)->name, opts.cp_save->lval,
fp->name, DataTypeToString(fn->dtype));
}
if (existing_value_type != CF_DATA_TYPE_NONE)
{
// Already did this
VarRefDestroy(ref);
return PROMISE_RESULT_NOOP;
}
FnCallResult res = FnCallEvaluate(ctx, PromiseGetPolicy(pp), fp, pp);
if (res.status == FNCALL_FAILURE)
{
/* We do not assign variables to failed fn calls */
RvalDestroy(res.rval);
VarRefDestroy(ref);
return PROMISE_RESULT_NOOP;
}
else
{
rval = res.rval;
}
}
else
{
Buffer *conv = BufferNew();
bool malformed = false, misprint = false;
if (strcmp(opts.cp_save->lval, "int") == 0)
{
long int asint = IntFromString(opts.cp_save->rval.item);
if (asint == CF_NOINT)
{
malformed = true;
}
else if (0 > BufferPrintf(conv, "%ld", asint))
{
misprint = true;
}
else
{
rval = RvalNew(BufferData(conv), opts.cp_save->rval.type);
}
}
else if (strcmp(opts.cp_save->lval, "real") == 0)
{
double real_value;
if (!DoubleFromString(opts.cp_save->rval.item, &real_value))
{
malformed = true;
}
else if (0 > BufferPrintf(conv, "%lf", real_value))
{
misprint = true;
}
else
{
rval = RvalNew(BufferData(conv), opts.cp_save->rval.type);
}
}
else
{
rval = RvalCopy(opts.cp_save->rval);
}
BufferDestroy(conv);
if (malformed)
{
/* Arises when opts->cp_save->rval.item isn't yet expanded. */
/* Has already been logged by *FromString */
VarRefDestroy(ref);
return PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
}
else if (misprint)
{
/* Even though no problems with memory allocation can
* get here, there might be other problems. */
UnexpectedError("Problems writing to buffer");
VarRefDestroy(ref);
return PROMISE_RESULT_NOOP;
}
else if (rval.type == RVAL_TYPE_LIST)
{
Rlist *rval_list = RvalRlistValue(rval);
RlistFlatten(ctx, &rval_list);
rval.item = rval_list;
}
}
if (Epimenides(ctx, PromiseGetBundle(pp)->ns, PromiseGetBundle(pp)->name, pp->promiser, rval, 0))
{
Log(LOG_LEVEL_ERR, "Variable '%s' contains itself indirectly - an unkeepable promise", pp->promiser);
exit(EXIT_FAILURE);
}
else
{
/* See if the variable needs recursively expanding again */
Rval returnval = EvaluateFinalRval(ctx, PromiseGetPolicy(pp), ref->ns, ref->scope, rval, true, pp);
RvalDestroy(rval);
// freed before function exit
rval = returnval;
}
if (existing_value_type != CF_DATA_TYPE_NONE)
{
if (!opts.ok_redefine) /* only on second iteration, else we ignore broken promises */
{
if (THIS_AGENT_TYPE == AGENT_TYPE_COMMON &&
!CompareRval(existing_value, DataTypeToRvalType(existing_value_type),
rval.item, rval.type))
{
switch (rval.type)
{
case RVAL_TYPE_SCALAR:
Log(LOG_LEVEL_VERBOSE, "Redefinition of a constant scalar '%s', was '%s' now '%s'",
pp->promiser, (const char *)existing_value, RvalScalarValue(rval));
PromiseRef(LOG_LEVEL_VERBOSE, pp);
break;
case RVAL_TYPE_LIST:
{
Log(LOG_LEVEL_VERBOSE, "Redefinition of a constant list '%s'", pp->promiser);
Writer *w = StringWriter();
RlistWrite(w, existing_value);
char *oldstr = StringWriterClose(w);
Log(LOG_LEVEL_VERBOSE, "Old value '%s'", oldstr);
free(oldstr);
w = StringWriter();
RlistWrite(w, rval.item);
char *newstr = StringWriterClose(w);
Log(LOG_LEVEL_VERBOSE, " New value '%s'", newstr);
free(newstr);
PromiseRef(LOG_LEVEL_VERBOSE, pp);
}
break;
case RVAL_TYPE_CONTAINER:
case RVAL_TYPE_FNCALL:
case RVAL_TYPE_NOPROMISEE:
break;
}
}
RvalDestroy(rval);
VarRefDestroy(ref);
return result;
}
}
if (IsCf3VarString(pp->promiser))
{
// Unexpanded variables, we don't do anything with
RvalDestroy(rval);
VarRefDestroy(ref);
return result;
}
if (!IsValidVariableName(pp->promiser))
{
Log(LOG_LEVEL_ERR, "Variable identifier contains illegal characters");
PromiseRef(LOG_LEVEL_ERR, pp);
RvalDestroy(rval);
VarRefDestroy(ref);
return result;
}
if (rval.type == RVAL_TYPE_LIST)
{
if (opts.drop_undefined)
{
for (Rlist *rp = RvalRlistValue(rval); rp; rp = rp->next)
{
if (IsNakedVar(RlistScalarValue(rp), '@'))
{
free(rp->val.item);
rp->val.item = xstrdup(CF_NULL_VALUE);
}
}
}
for (const Rlist *rp = RvalRlistValue(rval); rp; rp = rp->next)
{
switch (rp->val.type)
{
case RVAL_TYPE_SCALAR:
break;
default:
// Cannot assign variable because value is a list containing a non-scalar item
VarRefDestroy(ref);
RvalDestroy(rval);
return result;
}
}
}
if (ref->num_indices > 0)
{
if (data_type == CF_DATA_TYPE_CONTAINER)
{
char *lval_str = VarRefToString(ref, true);
Log(LOG_LEVEL_ERR, "Cannot assign a container to an indexed variable name '%s'. Should be assigned to '%s' instead",
lval_str, ref->lval);
free(lval_str);
VarRefDestroy(ref);
RvalDestroy(rval);
return result;
}
else
{
DataType existing_type = CF_DATA_TYPE_NONE;
VarRef *base_ref = VarRefCopyIndexless(ref);
if (EvalContextVariableGet(ctx, ref, &existing_type) && existing_type == CF_DATA_TYPE_CONTAINER)
{
char *lval_str = VarRefToString(ref, true);
char *base_ref_str = VarRefToString(base_ref, true);
Log(LOG_LEVEL_ERR, "Cannot assign value to indexed variable name '%s', because a container is already assigned to the base name '%s'",
lval_str, base_ref_str);
free(lval_str);
free(base_ref_str);
VarRefDestroy(base_ref);
VarRefDestroy(ref);
RvalDestroy(rval);
return result;
}
VarRefDestroy(base_ref);
}
}
DataType required_datatype = DataTypeFromString(opts.cp_save->lval);
if (rval.type != DataTypeToRvalType(required_datatype))
{
char *ref_str = VarRefToString(ref, true);
char *value_str = RvalToString(rval);
Log(LOG_LEVEL_ERR, "Variable '%s' expected a variable of type '%s', but was given incompatible value '%s'",
ref_str, DataTypeToString(required_datatype), value_str);
PromiseRef(LOG_LEVEL_ERR, pp);
free(ref_str);
free(value_str);
VarRefDestroy(ref);
RvalDestroy(rval);
return PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
}
if (!EvalContextVariablePut(ctx, ref, rval.item, required_datatype, "source=promise"))
{
Log(LOG_LEVEL_VERBOSE,
"Unable to converge %s.%s value (possibly empty or infinite regression)",
ref->scope, pp->promiser);
PromiseRef(LOG_LEVEL_VERBOSE, pp);
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
}
else
{
Rlist *promise_meta = PromiseGetConstraintAsList(ctx, "meta", pp);
if (promise_meta)
{
StringSet *class_meta = EvalContextVariableTags(ctx, ref);
Buffer *print;
for (const Rlist *rp = promise_meta; rp; rp = rp->next)
{
StringSetAdd(class_meta, xstrdup(RlistScalarValue(rp)));
print = StringSetToBuffer(class_meta, ',');
Log(LOG_LEVEL_DEBUG,
"Added tag %s to class %s, tags now [%s]",
RlistScalarValue(rp), pp->promiser, BufferData(print));
BufferDestroy(print);
}
}
}
}
else
{
Log(LOG_LEVEL_ERR, "Variable %s has no promised value", pp->promiser);
Log(LOG_LEVEL_ERR, "Rule from %s at/before line %llu",
PromiseGetBundle(pp)->source_path,
(unsigned long long)opts.cp_save->offset.line);
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
}
/*
* FIXME: Variable promise are exempt from normal evaluation logic still, so
* they are not pushed to evaluation stack before being evaluated. Due to
* this reason, we cannot call cfPS here to set classes, as it will error
* out with ProgrammingError.
*
* In order to support 'classes' body for variables as well, we call
* ClassAuditLog explicitly.
*/
ClassAuditLog(ctx, pp, a, result);
VarRefDestroy(ref);
RvalDestroy(rval);
return result;
}
static PromiseResult VerifyProcessOp(EvalContext *ctx, Item *procdata, Attributes a, const Promise *pp)
{
bool do_signals = true;
int out_of_range;
int killed = 0;
bool need_to_restart = true;
Item *killlist = NULL;
int matches = FindPidMatches(procdata, &killlist, a, pp->promiser);
/* promise based on number of matches */
PromiseResult result = PROMISE_RESULT_NOOP;
if (a.process_count.min_range != CF_NOINT) /* if a range is specified */
{
if ((matches < a.process_count.min_range) || (matches > a.process_count.max_range))
{
cfPS(ctx, LOG_LEVEL_VERBOSE, PROMISE_RESULT_CHANGE, pp, a, "Process count for '%s' was out of promised range (%d found)", pp->promiser, matches);
result = PromiseResultUpdate(result, PROMISE_RESULT_CHANGE);
for (const Rlist *rp = a.process_count.out_of_range_define; rp != NULL; rp = rp->next)
{
ClassRef ref = ClassRefParse(RlistScalarValue(rp));
EvalContextClassPutSoft(ctx, RlistScalarValue(rp), CONTEXT_SCOPE_NAMESPACE, "source=promise");
ClassRefDestroy(ref);
}
out_of_range = true;
}
else
{
for (const Rlist *rp = a.process_count.in_range_define; rp != NULL; rp = rp->next)
{
ClassRef ref = ClassRefParse(RlistScalarValue(rp));
EvalContextClassPutSoft(ctx, RlistScalarValue(rp), CONTEXT_SCOPE_NAMESPACE, "source=promise");
ClassRefDestroy(ref);
}
cfPS(ctx, LOG_LEVEL_VERBOSE, PROMISE_RESULT_NOOP, pp, a, "Process promise for '%s' is kept", pp->promiser);
out_of_range = false;
}
}
else
{
out_of_range = true;
}
if (!out_of_range)
{
DeleteItemList(killlist);
return result;
}
if (a.transaction.action == cfa_warn)
{
do_signals = false;
result = PromiseResultUpdate(result, PROMISE_RESULT_WARN);
}
else
{
do_signals = true;
}
/* signal/kill promises for existing matches */
if (do_signals && (matches > 0))
{
if (a.process_stop != NULL)
{
if (DONTDO)
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_WARN, pp, a,
"Need to keep process-stop promise for '%s', but only a warning is promised", pp->promiser);
result = PromiseResultUpdate(result, PROMISE_RESULT_WARN);
}
else
{
if (IsExecutable(CommandArg0(a.process_stop)))
{
ShellCommandReturnsZero(a.process_stop, SHELL_TYPE_NONE);
}
else
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a,
"Process promise to stop '%s' could not be kept because '%s' the stop operator failed",
pp->promiser, a.process_stop);
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
DeleteItemList(killlist);
return result;
}
}
}
killed = DoAllSignals(ctx, killlist, a, pp, &result);
}
/* delegated promise to restart killed or non-existent entries */
need_to_restart = (a.restart_class != NULL) && (killed || (matches == 0));
DeleteItemList(killlist);
if (!need_to_restart)
{
cfPS(ctx, LOG_LEVEL_VERBOSE, PROMISE_RESULT_NOOP, pp, a, "No restart promised for %s", pp->promiser);
return result;
}
else
{
if (a.transaction.action == cfa_warn)
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_WARN, pp, a,
"Need to keep restart promise for '%s', but only a warning is promised", pp->promiser);
result = PromiseResultUpdate(result, PROMISE_RESULT_WARN);
}
else
{
cfPS(ctx, LOG_LEVEL_INFO, PROMISE_RESULT_CHANGE, pp, a, "Making a one-time restart promise for '%s'", pp->promiser);
result = PromiseResultUpdate(result, PROMISE_RESULT_CHANGE);
EvalContextClassPutSoft(ctx, a.restart_class, CONTEXT_SCOPE_NAMESPACE, "source=promise");
}
}
return result;
}
PromiseResult ScheduleEditOperation(EvalContext *ctx, char *filename, Attributes a, Promise *pp)
{
void *vp;
FnCall *fp;
Rlist *args = NULL;
char edit_bundle_name[CF_BUFSIZE], lockname[CF_BUFSIZE], qualified_edit[CF_BUFSIZE], *method_deref;
CfLock thislock;
snprintf(lockname, CF_BUFSIZE - 1, "fileedit-%s", filename);
thislock = AcquireLock(ctx, lockname, VUQNAME, CFSTARTTIME, a.transaction, pp, false);
if (thislock.lock == NULL)
{
return PROMISE_RESULT_NOOP;
}
EditContext *edcontext = NewEditContext(filename, a);
PromiseResult result = PROMISE_RESULT_NOOP;
if (edcontext == NULL)
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "File '%s' was marked for editing but could not be opened", filename);
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
goto exit;
}
Policy *policy = PolicyFromPromise(pp);
if (a.haveeditline)
{
if ((vp = ConstraintGetRvalValue(ctx, "edit_line", pp, RVAL_TYPE_FNCALL)))
{
fp = (FnCall *) vp;
strcpy(edit_bundle_name, fp->name);
args = fp->args;
}
else if ((vp = ConstraintGetRvalValue(ctx, "edit_line", pp, RVAL_TYPE_SCALAR)))
{
strcpy(edit_bundle_name, (char *) vp);
args = NULL;
}
else
{
goto exit;
}
if (strncmp(edit_bundle_name,"default:",strlen("default:")) == 0) // CF_NS == ':'
{
method_deref = strchr(edit_bundle_name, CF_NS) + 1;
}
else if ((strchr(edit_bundle_name, CF_NS) == NULL) && (strcmp(PromiseGetNamespace(pp), "default") != 0))
{
snprintf(qualified_edit, CF_BUFSIZE, "%s%c%s", PromiseGetNamespace(pp), CF_NS, edit_bundle_name);
method_deref = qualified_edit;
}
else
{
method_deref = edit_bundle_name;
}
Log(LOG_LEVEL_VERBOSE, "Handling file edits in edit_line bundle '%s'", method_deref);
Bundle *bp = NULL;
if ((bp = PolicyGetBundle(policy, NULL, "edit_line", method_deref)))
{
BannerSubBundle(bp, args);
EvalContextStackPushBundleFrame(ctx, bp, args, a.edits.inherit);
BundleResolve(ctx, bp);
ScheduleEditLineOperations(ctx, bp, a, pp, edcontext);
EvalContextStackPopFrame(ctx);
}
else
{
Log(LOG_LEVEL_ERR, "Did not find method '%s' in bundle '%s' for edit operation", method_deref, edit_bundle_name);
}
}
if (a.haveeditxml)
{
if ((vp = ConstraintGetRvalValue(ctx, "edit_xml", pp, RVAL_TYPE_FNCALL)))
{
fp = (FnCall *) vp;
strcpy(edit_bundle_name, fp->name);
args = fp->args;
}
else if ((vp = ConstraintGetRvalValue(ctx, "edit_xml", pp, RVAL_TYPE_SCALAR)))
{
strcpy(edit_bundle_name, (char *) vp);
args = NULL;
}
else
{
goto exit;
}
if (strncmp(edit_bundle_name,"default:",strlen("default:")) == 0) // CF_NS == ':'
{
method_deref = strchr(edit_bundle_name, CF_NS) + 1;
}
else
{
method_deref = edit_bundle_name;
}
Log(LOG_LEVEL_VERBOSE, "Handling file edits in edit_xml bundle '%s'", method_deref);
Bundle *bp = NULL;
if ((bp = PolicyGetBundle(policy, NULL, "edit_xml", method_deref)))
{
BannerSubBundle(bp, args);
EvalContextStackPushBundleFrame(ctx, bp, args, a.edits.inherit);
BundleResolve(ctx, bp);
ScheduleEditXmlOperations(ctx, bp, a, pp, edcontext);
EvalContextStackPopFrame(ctx);
}
}
if (a.edit_template)
{
if (!a.template_method || strcmp("cfengine", a.template_method) == 0)
{
Policy *tmp_policy = PolicyNew();
Bundle *bp = NULL;
if ((bp = MakeTemporaryBundleFromTemplate(ctx, tmp_policy, a, pp, &result)))
{
BannerSubBundle(bp, args);
a.haveeditline = true;
EvalContextStackPushBundleFrame(ctx, bp, args, a.edits.inherit);
BundleResolve(ctx, bp);
ScheduleEditLineOperations(ctx, bp, a, pp, edcontext);
EvalContextStackPopFrame(ctx);
}
PolicyDestroy(tmp_policy);
}
else if (strcmp("mustache", a.template_method) == 0)
{
if (!FileCanOpen(a.edit_template, "r"))
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "Template file '%s' could not be opened for reading", a.edit_template);
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
goto exit;
}
Writer *ouput_writer = NULL;
{
FILE *output_file = fopen(pp->promiser, "w");
if (!output_file)
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "Output file '%s' could not be opened for writing", pp->promiser);
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
goto exit;
}
ouput_writer = FileWriter(output_file);
}
Writer *template_writer = FileRead(a.edit_template, SIZE_MAX, NULL);
if (!template_writer)
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "Could not read template file '%s'", a.edit_template);
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
WriterClose(ouput_writer);
goto exit;
}
JsonElement *default_template_data = NULL;
if (!a.template_data)
{
a.template_data = default_template_data = DefaultTemplateData(ctx);
}
if (!MustacheRender(ouput_writer, StringWriterData(template_writer), a.template_data))
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "Error rendering mustache template '%s'", a.edit_template);
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
WriterClose(template_writer);
WriterClose(ouput_writer);
goto exit;
}
JsonDestroy(default_template_data);
WriterClose(template_writer);
WriterClose(ouput_writer);
}
}
exit:
result = PromiseResultUpdate(result, FinishEditContext(ctx, edcontext, a, pp));
YieldCurrentLock(thislock);
return result;
}
static PromiseResult VerifyFilePromise(EvalContext *ctx, char *path, Promise *pp)
{
struct stat osb, oslb, dsb;
Attributes a = { {0} };
CfLock thislock;
int exists;
a = GetFilesAttributes(ctx, pp);
if (!FileSanityChecks(ctx, path, a, pp))
{
return PROMISE_RESULT_NOOP;
}
EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_THIS, "promiser", path, DATA_TYPE_STRING);
thislock = AcquireLock(ctx, path, VUQNAME, CFSTARTTIME, a.transaction, pp, false);
if (thislock.lock == NULL)
{
return PROMISE_RESULT_NOOP;
}
LoadSetuid(a);
PromiseResult result = PROMISE_RESULT_NOOP;
if (lstat(path, &oslb) == -1) /* Careful if the object is a link */
{
if ((a.create) || (a.touch))
{
if (!CfCreateFile(ctx, path, pp, a, &result))
{
goto exit;
}
else
{
exists = (lstat(path, &oslb) != -1);
}
}
exists = false;
}
else
{
if ((a.create) || (a.touch))
{
cfPS(ctx, LOG_LEVEL_VERBOSE, PROMISE_RESULT_NOOP, pp, a, "File '%s' exists as promised", path);
}
exists = true;
}
if ((a.havedelete) && (!exists))
{
cfPS(ctx, LOG_LEVEL_VERBOSE, PROMISE_RESULT_NOOP, pp, a, "File '%s' does not exist as promised", path);
goto exit;
}
if (!a.havedepthsearch) /* if the search is trivial, make sure that we are in the parent dir of the leaf */
{
char basedir[CF_BUFSIZE];
Log(LOG_LEVEL_DEBUG, "Direct file reference '%s', no search implied", path);
snprintf(basedir, sizeof(basedir), "%s", path);
if (strcmp(ReadLastNode(basedir), ".") == 0)
{
// Handle /. notation for deletion of directories
ChopLastNode(basedir);
ChopLastNode(path);
}
ChopLastNode(basedir);
if (chdir(basedir))
{
Log(LOG_LEVEL_ERR, "Failed to chdir into '%s'", basedir);
}
}
if (exists && (!VerifyFileLeaf(ctx, path, &oslb, a, pp, &result)))
{
if (!S_ISDIR(oslb.st_mode))
{
goto exit;
}
}
if (stat(path, &osb) == -1)
{
if ((a.create) || (a.touch))
{
if (!CfCreateFile(ctx, path, pp, a, &result))
{
goto exit;
}
else
{
exists = true;
}
}
else
{
exists = false;
}
}
else
{
if (!S_ISDIR(osb.st_mode))
{
if (a.havedepthsearch)
{
Log(LOG_LEVEL_WARNING,
"depth_search (recursion) is promised for a base object '%s' that is not a directory",
path);
goto exit;
}
}
exists = true;
}
if (a.link.link_children)
{
if (stat(a.link.source, &dsb) != -1)
{
if (!S_ISDIR(dsb.st_mode))
{
Log(LOG_LEVEL_ERR, "Cannot promise to link the children of '%s' as it is not a directory!",
a.link.source);
goto exit;
}
}
}
/* Phase 1 - */
if (exists && ((a.havedelete) || (a.haverename) || (a.haveperms) || (a.havechange) || (a.transformer)))
{
lstat(path, &oslb); /* if doesn't exist have to stat again anyway */
DepthSearch(ctx, path, &oslb, 0, a, pp, oslb.st_dev, &result);
/* normally searches do not include the base directory */
if (a.recursion.include_basedir)
{
int save_search = a.havedepthsearch;
/* Handle this node specially */
a.havedepthsearch = false;
DepthSearch(ctx, path, &oslb, 0, a, pp, oslb.st_dev, &result);
a.havedepthsearch = save_search;
}
else
{
/* unless child nodes were repaired, set a promise kept class */
if (!IsDefinedClass(ctx, "repaired" , PromiseGetNamespace(pp)))
{
cfPS(ctx, LOG_LEVEL_VERBOSE, PROMISE_RESULT_NOOP, pp, a, "Basedir '%s' not promising anything", path);
}
}
if (((a.change.report_changes) == FILE_CHANGE_REPORT_CONTENT_CHANGE) || ((a.change.report_changes) == FILE_CHANGE_REPORT_ALL))
{
if (a.havedepthsearch)
{
PurgeHashes(ctx, NULL, a, pp);
}
else
{
PurgeHashes(ctx, path, a, pp);
}
}
}
/* Phase 2a - copying is potentially threadable if no followup actions */
if (a.havecopy)
{
result = PromiseResultUpdate(result, ScheduleCopyOperation(ctx, path, a, pp));
}
/* Phase 2b link after copy in case need file first */
if ((a.havelink) && (a.link.link_children))
{
result = PromiseResultUpdate(result, ScheduleLinkChildrenOperation(ctx, path, a.link.source, 1, a, pp));
}
else if (a.havelink)
{
result = PromiseResultUpdate(result, ScheduleLinkOperation(ctx, path, a.link.source, a, pp));
}
/* Phase 3 - content editing */
if (a.haveedit)
{
result = PromiseResultUpdate(result, ScheduleEditOperation(ctx, path, a, pp));
}
// Once more in case a file has been created as a result of editing or copying
exists = (stat(path, &osb) != -1);
if (exists && (S_ISREG(osb.st_mode)))
{
VerifyFileLeaf(ctx, path, &osb, a, pp, &result);
}
if (!exists && a.havechange)
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "Promised to monitor '%s' for changes, but file does not exist", path);
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
}
exit:
result = PromiseResultUpdate(result, SaveSetuid(ctx, a, pp));
YieldCurrentLock(thislock);
return result;
}
