void KeepControlPromises(Policy *policy) { Rval retval; Rlist *rp; Seq *constraints = ControlBodyConstraints(policy, AGENT_TYPE_AGENT); if (constraints) { for (size_t i = 0; i < SeqLength(constraints); i++) { Constraint *cp = SeqAt(constraints, i); if (IsExcluded(cp->classes, NULL)) { continue; } if (GetVariable("control_common", cp->lval, &retval) != DATA_TYPE_NONE) { /* Already handled in generic_agent */ continue; } if (GetVariable("control_agent", cp->lval, &retval) == DATA_TYPE_NONE) { CfOut(cf_error, "", "Unknown lval %s in agent control body", cp->lval); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_maxconnections].lval) == 0) { CFA_MAXTHREADS = (int) Str2Int(retval.item); CfOut(cf_verbose, "", "SET maxconnections = %d\n", CFA_MAXTHREADS); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_checksum_alert_time].lval) == 0) { CF_PERSISTENCE = (int) Str2Int(retval.item); CfOut(cf_verbose, "", "SET checksum_alert_time = %d\n", CF_PERSISTENCE); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_agentfacility].lval) == 0) { SetFacility(retval.item); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_agentaccess].lval) == 0) { ACCESSLIST = (Rlist *) retval.item; CheckAgentAccess(ACCESSLIST, InputFiles(policy)); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_refresh_processes].lval) == 0) { Rlist *rp; if (VERBOSE) { printf("%s> SET refresh_processes when starting: ", VPREFIX); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { printf(" %s", (char *) rp->item); PrependItem(&PROCESSREFRESH, rp->item, NULL); } printf("\n"); } continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_abortclasses].lval) == 0) { Rlist *rp; CfOut(cf_verbose, "", "SET Abort classes from ...\n"); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { char name[CF_MAXVARSIZE] = ""; strncpy(name, rp->item, CF_MAXVARSIZE - 1); AddAbortClass(name, cp->classes); } continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_abortbundleclasses].lval) == 0) { Rlist *rp; CfOut(cf_verbose, "", "SET Abort bundle classes from ...\n"); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { char name[CF_MAXVARSIZE] = ""; strncpy(name, rp->item, CF_MAXVARSIZE - 1); if (!IsItemIn(ABORTBUNDLEHEAP, name)) { AppendItem(&ABORTBUNDLEHEAP, name, cp->classes); } } continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_addclasses].lval) == 0) { Rlist *rp; CfOut(cf_verbose, "", "-> Add classes ...\n"); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { CfOut(cf_verbose, "", " -> ... %s\n", ScalarValue(rp)); NewClass(rp->item, NULL); } continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_auditing].lval) == 0) { CfOut(cf_verbose, "", "This option does nothing and is retained for compatibility reasons"); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_alwaysvalidate].lval) == 0) { ALWAYS_VALIDATE = GetBoolean(retval.item); CfOut(cf_verbose, "", "SET alwaysvalidate = %d\n", ALWAYS_VALIDATE); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_allclassesreport].lval) == 0) { ALLCLASSESREPORT = GetBoolean(retval.item); CfOut(cf_verbose, "", "SET allclassesreport = %d\n", ALLCLASSESREPORT); } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_secureinput].lval) == 0) { CFPARANOID = GetBoolean(retval.item); CfOut(cf_verbose, "", "SET secure input = %d\n", CFPARANOID); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_binarypaddingchar].lval) == 0) { CfOut(cf_verbose, "", "binarypaddingchar is obsolete and does nothing\n"); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_bindtointerface].lval) == 0) { strncpy(BINDINTERFACE, retval.item, CF_BUFSIZE - 1); CfOut(cf_verbose, "", "SET bindtointerface = %s\n", BINDINTERFACE); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_hashupdates].lval) == 0) { bool enabled = GetBoolean(retval.item); SetChecksumUpdates(enabled); CfOut(cf_verbose, "", "SET ChecksumUpdates %d\n", enabled); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_exclamation].lval) == 0) { CfOut(cf_verbose, "", "exclamation control is deprecated and does not do anything\n"); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_childlibpath].lval) == 0) { char output[CF_BUFSIZE]; snprintf(output, CF_BUFSIZE, "LD_LIBRARY_PATH=%s", (char *) retval.item); if (putenv(xstrdup(output)) == 0) { CfOut(cf_verbose, "", "Setting %s\n", output); } continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_defaultcopytype].lval) == 0) { DEFAULT_COPYTYPE = (char *) retval.item; CfOut(cf_verbose, "", "SET defaultcopytype = %s\n", DEFAULT_COPYTYPE); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_fsinglecopy].lval) == 0) { SINGLE_COPY_LIST = (Rlist *) retval.item; CfOut(cf_verbose, "", "SET file single copy list\n"); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_fautodefine].lval) == 0) { SetFileAutoDefineList(ListRvalValue(retval)); CfOut(cf_verbose, "", "SET file auto define list\n"); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_dryrun].lval) == 0) { DONTDO = GetBoolean(retval.item); CfOut(cf_verbose, "", "SET dryrun = %c\n", DONTDO); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_inform].lval) == 0) { INFORM = GetBoolean(retval.item); CfOut(cf_verbose, "", "SET inform = %c\n", INFORM); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_verbose].lval) == 0) { VERBOSE = GetBoolean(retval.item); CfOut(cf_verbose, "", "SET inform = %c\n", VERBOSE); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_repository].lval) == 0) { SetRepositoryLocation(retval.item); CfOut(cf_verbose, "", "SET repository = %s\n", ScalarRvalValue(retval)); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_skipidentify].lval) == 0) { bool enabled = GetBoolean(retval.item); SetSkipIdentify(enabled); CfOut(cf_verbose, "", "SET skipidentify = %d\n", (int) enabled); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_suspiciousnames].lval) == 0) { for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { AddFilenameToListOfSuspicious(ScalarValue(rp)); CfOut(cf_verbose, "", "-> Considering %s as suspicious file", ScalarValue(rp)); } continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_repchar].lval) == 0) { char c = *(char *) retval.item; SetRepositoryChar(c); CfOut(cf_verbose, "", "SET repchar = %c\n", c); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_mountfilesystems].lval) == 0) { CF_MOUNTALL = GetBoolean(retval.item); CfOut(cf_verbose, "", "SET mountfilesystems = %d\n", CF_MOUNTALL); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_editfilesize].lval) == 0) { EDITFILESIZE = Str2Int(retval.item); CfOut(cf_verbose, "", "SET EDITFILESIZE = %d\n", EDITFILESIZE); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_ifelapsed].lval) == 0) { VIFELAPSED = Str2Int(retval.item); CfOut(cf_verbose, "", "SET ifelapsed = %d\n", VIFELAPSED); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_expireafter].lval) == 0) { VEXPIREAFTER = Str2Int(retval.item); CfOut(cf_verbose, "", "SET ifelapsed = %d\n", VEXPIREAFTER); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_timeout].lval) == 0) { CONNTIMEOUT = Str2Int(retval.item); CfOut(cf_verbose, "", "SET timeout = %jd\n", (intmax_t) CONNTIMEOUT); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_max_children].lval) == 0) { CFA_BACKGROUND_LIMIT = Str2Int(retval.item); CfOut(cf_verbose, "", "SET MAX_CHILDREN = %d\n", CFA_BACKGROUND_LIMIT); if (CFA_BACKGROUND_LIMIT > 10) { CfOut(cf_error, "", "Silly value for max_children in agent control promise (%d > 10)", CFA_BACKGROUND_LIMIT); CFA_BACKGROUND_LIMIT = 1; } continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_syslog].lval) == 0) { CfOut(cf_verbose, "", "SET syslog = %d\n", GetBoolean(retval.item)); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_environment].lval) == 0) { Rlist *rp; CfOut(cf_verbose, "", "SET environment variables from ...\n"); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { if (putenv(rp->item) != 0) { CfOut(cf_error, "putenv", "Failed to set environment variable %s", ScalarValue(rp)); } } continue; } } } if (GetVariable("control_common", CFG_CONTROLBODY[cfg_lastseenexpireafter].lval, &retval) != DATA_TYPE_NONE) { LASTSEENEXPIREAFTER = Str2Int(retval.item) * 60; } if (GetVariable("control_common", CFG_CONTROLBODY[cfg_fips_mode].lval, &retval) != DATA_TYPE_NONE) { FIPS_MODE = GetBoolean(retval.item); CfOut(cf_verbose, "", "SET FIPS_MODE = %d\n", FIPS_MODE); } if (GetVariable("control_common", CFG_CONTROLBODY[cfg_syslog_port].lval, &retval) != DATA_TYPE_NONE) { SetSyslogPort(Str2Int(retval.item)); CfOut(cf_verbose, "", "SET syslog_port to %s", ScalarRvalValue(retval)); } if (GetVariable("control_common", CFG_CONTROLBODY[cfg_syslog_host].lval, &retval) != DATA_TYPE_NONE) { SetSyslogHost(Hostname2IPString(retval.item)); CfOut(cf_verbose, "", "SET syslog_host to %s", Hostname2IPString(retval.item)); } #ifdef HAVE_NOVA Nova_Initialize(); #endif }
static void test_rval_to_scalar2(void **state) { Rval rval = { NULL, CF_FNCALL }; expect_assert_failure(ScalarRvalValue(rval)); }
void KeepControlPromises() { Constraint *cp; Rval retval; CFD_MAXPROCESSES = 30; MAXTRIES = 5; CFD_INTERVAL = 0; DENYBADCLOCKS = true; CFRUNCOMMAND[0] = '\0'; SetChecksumUpdates(true); /* Keep promised agent behaviour - control bodies */ Banner("Server control promises.."); HashControls(); /* Now expand */ for (cp = ControlBodyConstraints(cf_server); cp != NULL; cp = cp->next) { if (IsExcluded(cp->classes)) { continue; } if (GetVariable("control_server", cp->lval, &retval) == cf_notype) { CfOut(cf_error, "", "Unknown lval %s in server control body", cp->lval); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_serverfacility].lval) == 0) { SetFacility(retval.item); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_denybadclocks].lval) == 0) { DENYBADCLOCKS = GetBoolean(retval.item); CfOut(cf_verbose, "", "SET denybadclocks = %d\n", DENYBADCLOCKS); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_logencryptedtransfers].lval) == 0) { LOGENCRYPT = GetBoolean(retval.item); CfOut(cf_verbose, "", "SET LOGENCRYPT = %d\n", LOGENCRYPT); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_logallconnections].lval) == 0) { LOGCONNS = GetBoolean(retval.item); CfOut(cf_verbose, "", "SET LOGCONNS = %d\n", LOGCONNS); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_maxconnections].lval) == 0) { CFD_MAXPROCESSES = (int) Str2Int(retval.item); MAXTRIES = CFD_MAXPROCESSES / 3; CfOut(cf_verbose, "", "SET maxconnections = %d\n", CFD_MAXPROCESSES); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_cfruncommand].lval) == 0) { strncpy(CFRUNCOMMAND, retval.item, CF_BUFSIZE - 1); CfOut(cf_verbose, "", "SET cfruncommand = %s\n", CFRUNCOMMAND); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_allowconnects].lval) == 0) { Rlist *rp; CfOut(cf_verbose, "", "SET Allowing connections from ...\n"); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { if (!IsItemIn(NONATTACKERLIST, rp->item)) { AppendItem(&NONATTACKERLIST, rp->item, cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_denyconnects].lval) == 0) { Rlist *rp; CfOut(cf_verbose, "", "SET Denying connections from ...\n"); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { if (!IsItemIn(ATTACKERLIST, rp->item)) { AppendItem(&ATTACKERLIST, rp->item, cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_skipverify].lval) == 0) { Rlist *rp; CfOut(cf_verbose, "", "SET Skip verify connections from ...\n"); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { if (!IsItemIn(SKIPVERIFY, rp->item)) { AppendItem(&SKIPVERIFY, rp->item, cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_dynamicaddresses].lval) == 0) { Rlist *rp; CfOut(cf_verbose, "", "SET Dynamic addresses from ...\n"); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { if (!IsItemIn(DHCPLIST, rp->item)) { AppendItem(&DHCPLIST, rp->item, cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_allowallconnects].lval) == 0) { Rlist *rp; CfOut(cf_verbose, "", "SET Allowing multiple connections from ...\n"); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { if (!IsItemIn(MULTICONNLIST, rp->item)) { AppendItem(&MULTICONNLIST, rp->item, cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_allowusers].lval) == 0) { Rlist *rp; CfOut(cf_verbose, "", "SET Allowing users ...\n"); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { if (!IsItemIn(ALLOWUSERLIST, rp->item)) { AppendItem(&ALLOWUSERLIST, rp->item, cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_trustkeysfrom].lval) == 0) { Rlist *rp; CfOut(cf_verbose, "", "SET Trust keys from ...\n"); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { if (!IsItemIn(TRUSTKEYLIST, rp->item)) { AppendItem(&TRUSTKEYLIST, rp->item, cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_portnumber].lval) == 0) { SHORT_CFENGINEPORT = (short) Str2Int(retval.item); strncpy(STR_CFENGINEPORT, retval.item, 15); CfOut(cf_verbose, "", "SET default portnumber = %u = %s = %s\n", (int) SHORT_CFENGINEPORT, STR_CFENGINEPORT, ScalarRvalValue(retval)); SHORT_CFENGINEPORT = htons((short) Str2Int(retval.item)); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_keyttl].lval) == 0) { CfOut(cf_verbose, "", "Ignoring deprecated option keycacheTTL"); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_bindtointerface].lval) == 0) { strncpy(BINDINTERFACE, retval.item, CF_BUFSIZE - 1); CfOut(cf_verbose, "", "SET bindtointerface = %s\n", BINDINTERFACE); continue; } } if (GetVariable("control_common", CFG_CONTROLBODY[cfg_syslog_host].lval, &retval) != cf_notype) { SetSyslogHost(Hostname2IPString(retval.item)); } if (GetVariable("control_common", CFG_CONTROLBODY[cfg_syslog_port].lval, &retval) != cf_notype) { SetSyslogPort(Str2Int(retval.item)); } if (GetVariable("control_common", CFG_CONTROLBODY[cfg_fips_mode].lval, &retval) != cf_notype) { FIPS_MODE = GetBoolean(retval.item); CfOut(cf_verbose, "", "SET FIPS_MODE = %d\n", FIPS_MODE); } if (GetVariable("control_common", CFG_CONTROLBODY[cfg_lastseenexpireafter].lval, &retval) != cf_notype) { LASTSEENEXPIREAFTER = Str2Int(retval.item) * 60; } }
static void test_rval_to_scalar(void **state) { Rval rval = { "abc", CF_SCALAR }; assert_string_equal("abc", ScalarRvalValue(rval)); }
void KeepPromises(Policy *policy, ExecConfig *config) { bool schedule_is_specified = false; for (Constraint *cp = ControlBodyConstraints(policy, AGENT_TYPE_EXECUTOR); cp != NULL; cp = cp->next) { if (IsExcluded(cp->classes, NULL)) { continue; } Rval retval; if (GetVariable("control_executor", cp->lval, &retval) == cf_notype) { CfOut(cf_error, "", "Unknown lval %s in exec control body", cp->lval); continue; } if (strcmp(cp->lval, CFEX_CONTROLBODY[cfex_mailfrom].lval) == 0) { free(config->mail_from_address); config->mail_from_address = SafeStringDuplicate(retval.item); CfDebug("mailfrom = %s\n", config->mail_from_address); } if (strcmp(cp->lval, CFEX_CONTROLBODY[cfex_mailto].lval) == 0) { free(config->mail_to_address); config->mail_to_address = SafeStringDuplicate(retval.item); CfDebug("mailto = %s\n", config->mail_to_address); } if (strcmp(cp->lval, CFEX_CONTROLBODY[cfex_smtpserver].lval) == 0) { free(config->mail_server); config->mail_server = SafeStringDuplicate(retval.item); CfDebug("smtpserver = %s\n", config->mail_server); } if (strcmp(cp->lval, CFEX_CONTROLBODY[cfex_execcommand].lval) == 0) { free(config->exec_command); config->exec_command = SafeStringDuplicate(retval.item); CfDebug("exec_command = %s\n", config->exec_command); } if (strcmp(cp->lval, CFEX_CONTROLBODY[cfex_agent_expireafter].lval) == 0) { config->agent_expireafter = Str2Int(retval.item); CfDebug("agent_expireafter = %d\n", config->agent_expireafter); } if (strcmp(cp->lval, CFEX_CONTROLBODY[cfex_executorfacility].lval) == 0) { SetFacility(retval.item); continue; } if (strcmp(cp->lval, CFEX_CONTROLBODY[cfex_mailmaxlines].lval) == 0) { config->mail_max_lines = Str2Int(retval.item); CfDebug("maxlines = %d\n", config->mail_max_lines); } if (strcmp(cp->lval, CFEX_CONTROLBODY[cfex_splaytime].lval) == 0) { int time = Str2Int(ScalarRvalValue(retval)); SPLAYTIME = (int) (time * SECONDS_PER_MINUTE * GetSplay()); } if (strcmp(cp->lval, CFEX_CONTROLBODY[cfex_schedule].lval) == 0) { CfDebug("Loading user-defined schedule...\n"); DeleteItemList(SCHEDULE); SCHEDULE = NULL; schedule_is_specified = true; for (const Rlist *rp = retval.item; rp; rp = rp->next) { if (!IsItemIn(SCHEDULE, rp->item)) { AppendItem(&SCHEDULE, rp->item, NULL); } } } } if (!schedule_is_specified) { LoadDefaultSchedule(); } }