static void Cf3ParseFiles()
{ struct Rlist *rp,*sl;
PARSING = true;
PROMISETIME = time(NULL);
Cf3ParseFile(VINPUTFILE);
// Expand any lists in this list now
HashVariables(NULL);
HashControls();
if (VINPUTLIST != NULL)
{
for (rp = VINPUTLIST; rp != NULL; rp=rp->next)
{
if (rp->type != CF_SCALAR)
{
CfOut(cf_error,"","Non-file object in inputs list\n");
}
else
{
struct Rval returnval;
if (strcmp(rp->item,CF_NULL_VALUE) == 0)
{
continue;
}
returnval = EvaluateFinalRval("sys",rp->item,rp->type,true,NULL);
switch (returnval.rtype)
{
case CF_SCALAR:
Cf3ParseFile((char *)returnval.item);
break;
case CF_LIST:
for (sl = (struct Rlist *)returnval.item; sl != NULL; sl=sl->next)
{
Cf3ParseFile((char *)sl->item);
}
break;
}
DeleteRvalItem(returnval.item,returnval.rtype);
}
HashVariables(NULL);
HashControls();
}
}
HashVariables(NULL);
PARSING = false;
}
static void KeepControlPromises(EvalContext *ctx, Policy *policy, GenericAgentConfig *config)
{
Rval retval;
CFD_MAXPROCESSES = 30;
MAXTRIES = 5;
DENYBADCLOCKS = true;
CFRUNCOMMAND[0] = '\0';
SetChecksumUpdates(true);
/* Keep promised agent behaviour - control bodies */
Banner("Server control promises..");
HashControls(ctx, policy, config);
/* Now expand */
Seq *constraints = ControlBodyConstraints(policy, AGENT_TYPE_SERVER);
if (constraints)
{
for (size_t i = 0; i < SeqLength(constraints); i++)
{
Constraint *cp = SeqAt(constraints, i);
if (!IsDefinedClass(ctx, cp->classes, NULL))
{
continue;
}
if (!EvalContextVariableGet(ctx, (VarRef) { NULL, "control_server", cp->lval }, &retval, NULL))
{
CfOut(OUTPUT_LEVEL_ERROR, "", "Unknown lval %s in server control body", cp->lval);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_SERVER_FACILITY].lval) == 0)
{
SetFacility(retval.item);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_DENY_BAD_CLOCKS].lval) == 0)
{
DENYBADCLOCKS = BooleanFromString(retval.item);
CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET denybadclocks = %d\n", DENYBADCLOCKS);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_LOG_ENCRYPTED_TRANSFERS].lval) == 0)
{
LOGENCRYPT = BooleanFromString(retval.item);
CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET LOGENCRYPT = %d\n", LOGENCRYPT);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_LOG_ALL_CONNECTIONS].lval) == 0)
{
SV.logconns = BooleanFromString(retval.item);
CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET logconns = %d\n", SV.logconns);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_MAX_CONNECTIONS].lval) == 0)
{
CFD_MAXPROCESSES = (int) IntFromString(retval.item);
MAXTRIES = CFD_MAXPROCESSES / 3;
CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET maxconnections = %d\n", CFD_MAXPROCESSES);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_CALL_COLLECT_INTERVAL].lval) == 0)
{
COLLECT_INTERVAL = (int) 60 * IntFromString(retval.item);
CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET call_collect_interval = %d (seconds)\n", COLLECT_INTERVAL);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_LISTEN].lval) == 0)
{
SERVER_LISTEN = BooleanFromString(retval.item);
CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET server listen = %s \n",
(SERVER_LISTEN)? "true":"false");
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_CALL_COLLECT_WINDOW].lval) == 0)
{
COLLECT_WINDOW = (int) IntFromString(retval.item);
CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET collect_window = %d (seconds)\n", COLLECT_INTERVAL);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_CF_RUN_COMMAND].lval) == 0)
{
strncpy(CFRUNCOMMAND, retval.item, CF_BUFSIZE - 1);
CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET cfruncommand = %s\n", CFRUNCOMMAND);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_ALLOW_CONNECTS].lval) == 0)
{
Rlist *rp;
CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET Allowing connections from ...\n");
for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next)
{
if (!IsItemIn(SV.nonattackerlist, rp->item))
{
AppendItem(&SV.nonattackerlist, rp->item, cp->classes);
}
}
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_DENY_CONNECTS].lval) == 0)
{
Rlist *rp;
CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET Denying connections from ...\n");
for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next)
{
if (!IsItemIn(SV.attackerlist, rp->item))
{
AppendItem(&SV.attackerlist, rp->item, cp->classes);
}
}
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_SKIP_VERIFY].lval) == 0)
{
Rlist *rp;
CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET Skip verify connections from ...\n");
for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next)
{
if (!IsItemIn(SV.skipverify, rp->item))
{
AppendItem(&SV.skipverify, rp->item, cp->classes);
}
}
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_ALLOW_ALL_CONNECTS].lval) == 0)
{
Rlist *rp;
CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET Allowing multiple connections from ...\n");
for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next)
{
if (!IsItemIn(SV.multiconnlist, rp->item))
{
AppendItem(&SV.multiconnlist, rp->item, cp->classes);
}
}
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_ALLOW_USERS].lval) == 0)
{
Rlist *rp;
CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET Allowing users ...\n");
for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next)
{
if (!IsItemIn(SV.allowuserlist, rp->item))
{
AppendItem(&SV.allowuserlist, rp->item, cp->classes);
}
}
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_TRUST_KEYS_FROM].lval) == 0)
{
Rlist *rp;
CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET Trust keys from ...\n");
for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next)
{
if (!IsItemIn(SV.trustkeylist, rp->item))
{
AppendItem(&SV.trustkeylist, rp->item, cp->classes);
}
}
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_PORT_NUMBER].lval) == 0)
{
SHORT_CFENGINEPORT = (short) IntFromString(retval.item);
strncpy(STR_CFENGINEPORT, retval.item, 15);
CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET default portnumber = %u = %s = %s\n", (int) SHORT_CFENGINEPORT, STR_CFENGINEPORT,
RvalScalarValue(retval));
SHORT_CFENGINEPORT = htons((short) IntFromString(retval.item));
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_KEY_TTL].lval) == 0)
{
CfOut(OUTPUT_LEVEL_VERBOSE, "", "Ignoring deprecated option keycacheTTL");
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_BIND_TO_INTERFACE].lval) == 0)
{
strncpy(BINDINTERFACE, retval.item, CF_BUFSIZE - 1);
CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET bindtointerface = %s\n", BINDINTERFACE);
continue;
}
}
}
if (ScopeControlCommonGet(ctx, COMMON_CONTROL_SYSLOG_HOST, &retval) != DATA_TYPE_NONE)
{
SetSyslogHost(Hostname2IPString(retval.item));
}
if (ScopeControlCommonGet(ctx, COMMON_CONTROL_SYSLOG_PORT, &retval) != DATA_TYPE_NONE)
{
SetSyslogPort(IntFromString(retval.item));
}
if (ScopeControlCommonGet(ctx, COMMON_CONTROL_FIPS_MODE, &retval) != DATA_TYPE_NONE)
{
FIPS_MODE = BooleanFromString(retval.item);
CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET FIPS_MODE = %d\n", FIPS_MODE);
}
if (ScopeControlCommonGet(ctx, COMMON_CONTROL_LASTSEEN_EXPIRE_AFTER, &retval) != DATA_TYPE_NONE)
{
LASTSEENEXPIREAFTER = IntFromString(retval.item) * 60;
}
}
static void KeepControlPromises(EvalContext *ctx, Policy *policy, GenericAgentConfig *config)
{
Rval retval;
CFD_MAXPROCESSES = 30;
MAXTRIES = 5;
DENYBADCLOCKS = true;
CFRUNCOMMAND[0] = '\0';
SetChecksumUpdates(true);
/* Keep promised agent behaviour - control bodies */
Banner("Server control promises..");
HashControls(ctx, policy, config);
/* Now expand */
Seq *constraints = ControlBodyConstraints(policy, AGENT_TYPE_SERVER);
if (constraints)
{
for (size_t i = 0; i < SeqLength(constraints); i++)
{
Constraint *cp = SeqAt(constraints, i);
if (!IsDefinedClass(ctx, cp->classes, NULL))
{
continue;
}
VarRef *ref = VarRefParseFromScope(cp->lval, "control_server");
if (!EvalContextVariableGet(ctx, ref, &retval, NULL))
{
Log(LOG_LEVEL_ERR, "Unknown lval '%s' in server control body", cp->lval);
VarRefDestroy(ref);
continue;
}
VarRefDestroy(ref);
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_SERVER_FACILITY].lval) == 0)
{
SetFacility(retval.item);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_DENY_BAD_CLOCKS].lval) == 0)
{
DENYBADCLOCKS = BooleanFromString(retval.item);
Log(LOG_LEVEL_VERBOSE, "Setting denybadclocks to '%s'", DENYBADCLOCKS ? "true" : "false");
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_LOG_ENCRYPTED_TRANSFERS].lval) == 0)
{
LOGENCRYPT = BooleanFromString(retval.item);
Log(LOG_LEVEL_VERBOSE, "Setting logencrypt to '%s'", LOGENCRYPT ? "true" : "false");
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_LOG_ALL_CONNECTIONS].lval) == 0)
{
SV.logconns = BooleanFromString(retval.item);
Log(LOG_LEVEL_VERBOSE, "Setting logconns to %d", SV.logconns);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_MAX_CONNECTIONS].lval) == 0)
{
CFD_MAXPROCESSES = (int) IntFromString(retval.item);
MAXTRIES = CFD_MAXPROCESSES / 3;
Log(LOG_LEVEL_VERBOSE, "Setting maxconnections to %d", CFD_MAXPROCESSES);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_CALL_COLLECT_INTERVAL].lval) == 0)
{
COLLECT_INTERVAL = (int) 60 * IntFromString(retval.item);
Log(LOG_LEVEL_VERBOSE, "Setting call_collect_interval to %d (seconds)", COLLECT_INTERVAL);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_LISTEN].lval) == 0)
{
SERVER_LISTEN = BooleanFromString(retval.item);
Log(LOG_LEVEL_VERBOSE, "Setting server listen to '%s' ",
(SERVER_LISTEN)? "true":"false");
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_CALL_COLLECT_WINDOW].lval) == 0)
{
COLLECT_WINDOW = (int) IntFromString(retval.item);
Log(LOG_LEVEL_VERBOSE, "Setting collect_window to %d (seconds)", COLLECT_INTERVAL);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_CF_RUN_COMMAND].lval) == 0)
{
strncpy(CFRUNCOMMAND, retval.item, CF_BUFSIZE - 1);
Log(LOG_LEVEL_VERBOSE, "Setting cfruncommand to '%s'", CFRUNCOMMAND);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_ALLOW_CONNECTS].lval) == 0)
{
Rlist *rp;
Log(LOG_LEVEL_VERBOSE, "Setting allowing connections from ...");
for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next)
{
if (!IsItemIn(SV.nonattackerlist, rp->item))
{
AppendItem(&SV.nonattackerlist, rp->item, cp->classes);
}
}
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_DENY_CONNECTS].lval) == 0)
{
Rlist *rp;
Log(LOG_LEVEL_VERBOSE, "Setting denying connections from ...");
for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next)
{
if (!IsItemIn(SV.attackerlist, rp->item))
{
AppendItem(&SV.attackerlist, rp->item, cp->classes);
}
}
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_SKIP_VERIFY].lval) == 0)
{
Rlist *rp;
Log(LOG_LEVEL_VERBOSE, "Setting skip verify connections from ...");
for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next)
{
if (!IsItemIn(SV.skipverify, rp->item))
{
AppendItem(&SV.skipverify, rp->item, cp->classes);
}
}
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_ALLOW_ALL_CONNECTS].lval) == 0)
{
Rlist *rp;
Log(LOG_LEVEL_VERBOSE, "Setting allowing multiple connections from ...");
for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next)
{
if (!IsItemIn(SV.multiconnlist, rp->item))
{
AppendItem(&SV.multiconnlist, rp->item, cp->classes);
}
}
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_ALLOW_USERS].lval) == 0)
{
Rlist *rp;
Log(LOG_LEVEL_VERBOSE, "SET Allowing users ...");
for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next)
{
if (!IsItemIn(SV.allowuserlist, rp->item))
{
AppendItem(&SV.allowuserlist, rp->item, cp->classes);
}
}
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_TRUST_KEYS_FROM].lval) == 0)
{
Rlist *rp;
Log(LOG_LEVEL_VERBOSE, "Setting trust keys from ...");
for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next)
{
if (!IsItemIn(SV.trustkeylist, rp->item))
{
AppendItem(&SV.trustkeylist, rp->item, cp->classes);
}
}
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_PORT_NUMBER].lval) == 0)
{
SHORT_CFENGINEPORT = (short) IntFromString(retval.item);
strncpy(STR_CFENGINEPORT, retval.item, 15);
Log(LOG_LEVEL_VERBOSE, "Setting default portnumber to %u = %s = %s", (int) SHORT_CFENGINEPORT, STR_CFENGINEPORT,
RvalScalarValue(retval));
SHORT_CFENGINEPORT = htons((short) IntFromString(retval.item));
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_BIND_TO_INTERFACE].lval) == 0)
{
strncpy(BINDINTERFACE, retval.item, CF_BUFSIZE - 1);
Log(LOG_LEVEL_VERBOSE, "Setting bindtointerface to '%s'", BINDINTERFACE);
continue;
}
}
}
if (EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_SYSLOG_HOST, &retval))
{
/* Don't resolve syslog_host now, better do it per log request. */
if (!SetSyslogHost(retval.item))
{
Log(LOG_LEVEL_ERR, "Failed to set syslog_host, '%s' too long",
(char *) retval.item);
}
else
{
Log(LOG_LEVEL_VERBOSE, "Setting syslog_host to '%s'",
(char *) retval.item);
}
}
if (EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_SYSLOG_PORT, &retval))
{
SetSyslogPort(IntFromString(retval.item));
}
if (EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_FIPS_MODE, &retval))
{
FIPS_MODE = BooleanFromString(retval.item);
Log(LOG_LEVEL_VERBOSE, "Setting FIPS mode to to '%s'", FIPS_MODE ? "true" : "false");
}
if (EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_LASTSEEN_EXPIRE_AFTER, &retval))
{
LASTSEENEXPIREAFTER = IntFromString(retval.item) * 60;
}
}
void KeepControlPromises()
{
Constraint *cp;
Rval retval;
CFD_MAXPROCESSES = 30;
MAXTRIES = 5;
CFD_INTERVAL = 0;
DENYBADCLOCKS = true;
CFRUNCOMMAND[0] = '\0';
SetChecksumUpdates(true);
/* Keep promised agent behaviour - control bodies */
Banner("Server control promises..");
HashControls();
/* Now expand */
for (cp = ControlBodyConstraints(cf_server); cp != NULL; cp = cp->next)
{
if (IsExcluded(cp->classes))
{
continue;
}
if (GetVariable("control_server", cp->lval, &retval) == cf_notype)
{
CfOut(cf_error, "", "Unknown lval %s in server control body", cp->lval);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_serverfacility].lval) == 0)
{
SetFacility(retval.item);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_denybadclocks].lval) == 0)
{
DENYBADCLOCKS = GetBoolean(retval.item);
CfOut(cf_verbose, "", "SET denybadclocks = %d\n", DENYBADCLOCKS);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_logencryptedtransfers].lval) == 0)
{
LOGENCRYPT = GetBoolean(retval.item);
CfOut(cf_verbose, "", "SET LOGENCRYPT = %d\n", LOGENCRYPT);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_logallconnections].lval) == 0)
{
LOGCONNS = GetBoolean(retval.item);
CfOut(cf_verbose, "", "SET LOGCONNS = %d\n", LOGCONNS);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_maxconnections].lval) == 0)
{
CFD_MAXPROCESSES = (int) Str2Int(retval.item);
MAXTRIES = CFD_MAXPROCESSES / 3;
CfOut(cf_verbose, "", "SET maxconnections = %d\n", CFD_MAXPROCESSES);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_cfruncommand].lval) == 0)
{
strncpy(CFRUNCOMMAND, retval.item, CF_BUFSIZE - 1);
CfOut(cf_verbose, "", "SET cfruncommand = %s\n", CFRUNCOMMAND);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_allowconnects].lval) == 0)
{
Rlist *rp;
CfOut(cf_verbose, "", "SET Allowing connections from ...\n");
for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next)
{
if (!IsItemIn(NONATTACKERLIST, rp->item))
{
AppendItem(&NONATTACKERLIST, rp->item, cp->classes);
}
}
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_denyconnects].lval) == 0)
{
Rlist *rp;
CfOut(cf_verbose, "", "SET Denying connections from ...\n");
for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next)
{
if (!IsItemIn(ATTACKERLIST, rp->item))
{
AppendItem(&ATTACKERLIST, rp->item, cp->classes);
}
}
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_skipverify].lval) == 0)
{
Rlist *rp;
CfOut(cf_verbose, "", "SET Skip verify connections from ...\n");
for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next)
{
if (!IsItemIn(SKIPVERIFY, rp->item))
{
AppendItem(&SKIPVERIFY, rp->item, cp->classes);
}
}
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_dynamicaddresses].lval) == 0)
{
Rlist *rp;
CfOut(cf_verbose, "", "SET Dynamic addresses from ...\n");
for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next)
{
if (!IsItemIn(DHCPLIST, rp->item))
{
AppendItem(&DHCPLIST, rp->item, cp->classes);
}
}
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_allowallconnects].lval) == 0)
{
Rlist *rp;
CfOut(cf_verbose, "", "SET Allowing multiple connections from ...\n");
for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next)
{
if (!IsItemIn(MULTICONNLIST, rp->item))
{
AppendItem(&MULTICONNLIST, rp->item, cp->classes);
}
}
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_allowusers].lval) == 0)
{
Rlist *rp;
CfOut(cf_verbose, "", "SET Allowing users ...\n");
for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next)
{
if (!IsItemIn(ALLOWUSERLIST, rp->item))
{
AppendItem(&ALLOWUSERLIST, rp->item, cp->classes);
}
}
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_trustkeysfrom].lval) == 0)
{
Rlist *rp;
CfOut(cf_verbose, "", "SET Trust keys from ...\n");
for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next)
{
if (!IsItemIn(TRUSTKEYLIST, rp->item))
{
AppendItem(&TRUSTKEYLIST, rp->item, cp->classes);
}
}
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_portnumber].lval) == 0)
{
SHORT_CFENGINEPORT = (short) Str2Int(retval.item);
strncpy(STR_CFENGINEPORT, retval.item, 15);
CfOut(cf_verbose, "", "SET default portnumber = %u = %s = %s\n", (int) SHORT_CFENGINEPORT, STR_CFENGINEPORT,
ScalarRvalValue(retval));
SHORT_CFENGINEPORT = htons((short) Str2Int(retval.item));
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_keyttl].lval) == 0)
{
CfOut(cf_verbose, "", "Ignoring deprecated option keycacheTTL");
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_bindtointerface].lval) == 0)
{
strncpy(BINDINTERFACE, retval.item, CF_BUFSIZE - 1);
CfOut(cf_verbose, "", "SET bindtointerface = %s\n", BINDINTERFACE);
continue;
}
}
if (GetVariable("control_common", CFG_CONTROLBODY[cfg_syslog_host].lval, &retval) != cf_notype)
{
SetSyslogHost(Hostname2IPString(retval.item));
}
if (GetVariable("control_common", CFG_CONTROLBODY[cfg_syslog_port].lval, &retval) != cf_notype)
{
SetSyslogPort(Str2Int(retval.item));
}
if (GetVariable("control_common", CFG_CONTROLBODY[cfg_fips_mode].lval, &retval) != cf_notype)
{
FIPS_MODE = GetBoolean(retval.item);
CfOut(cf_verbose, "", "SET FIPS_MODE = %d\n", FIPS_MODE);
}
if (GetVariable("control_common", CFG_CONTROLBODY[cfg_lastseenexpireafter].lval, &retval) != cf_notype)
{
LASTSEENEXPIREAFTER = Str2Int(retval.item) * 60;
}
}
static void VerifyPromises(enum cfagenttype agent)
{ struct Bundle *bp;
struct SubType *sp;
struct Promise *pp;
struct Body *bdp;
struct Rlist *rp;
struct FnCall *fp;
char *scope;
if (REQUIRE_COMMENTS == CF_UNDEFINED)
{
for (bdp = BODIES; bdp != NULL; bdp = bdp->next) /* get schedule */
{
if ((strcmp(bdp->name,"control") == 0) && (strcmp(bdp->type,"common") == 0))
{
REQUIRE_COMMENTS = GetRawBooleanConstraint("require_comments",bdp->conlist);
break;
}
}
}
for (rp = BODYPARTS; rp != NULL; rp=rp->next)
{
switch (rp->type)
{
case CF_SCALAR:
if (!IsBody(BODIES,(char *)rp->item))
{
CfOut(cf_error,"","Undeclared promise body \"%s()\" was referenced in a promise\n",(char *)rp->item);
ERRORCOUNT++;
}
break;
case CF_FNCALL:
fp = (struct FnCall *)rp->item;
if (!IsBody(BODIES,fp->name))
{
CfOut(cf_error,"","Undeclared promise body \"%s()\" was referenced in a promise\n",fp->name);
ERRORCOUNT++;
}
break;
}
}
/* Check for undefined subbundles */
for (rp = SUBBUNDLES; rp != NULL; rp=rp->next)
{
switch (rp->type)
{
case CF_SCALAR:
if (!IGNORE_MISSING_BUNDLES && !IsCf3VarString(rp->item) && !IsBundle(BUNDLES,(char *)rp->item))
{
CfOut(cf_error,"","Undeclared promise bundle \"%s()\" was referenced in a promise\n",(char *)rp->item);
ERRORCOUNT++;
}
break;
case CF_FNCALL:
fp = (struct FnCall *)rp->item;
if (!IGNORE_MISSING_BUNDLES && !IsCf3VarString(fp->name) && !IsBundle(BUNDLES,fp->name))
{
CfOut(cf_error,"","Undeclared promise bundle \"%s()\" was referenced in a promise\n",fp->name);
ERRORCOUNT++;
}
break;
}
}
/* Now look once through ALL the bundles themselves */
for (bp = BUNDLES; bp != NULL; bp = bp->next) /* get schedule */
{
scope = bp->name;
THIS_BUNDLE = bp->name;
for (sp = bp->subtypes; sp != NULL; sp = sp->next) /* get schedule */
{
if (strcmp(sp->name,"classes") == 0)
{
/* these should not be evaluated here */
if (agent != cf_common)
{
continue;
}
}
for (pp = sp->promiselist; pp != NULL; pp=pp->next)
{
ExpandPromise(agent,scope,pp,NULL);
}
}
}
HashVariables(NULL);
HashControls();
/* Now look once through the sequences bundles themselves */
if (VerifyBundleSequence(agent) == false)
{
FatalError("Errors in promise bundles");
}
}
