static PromiseResult DoVerifyServices(EvalContext *ctx, Attributes a, const Promise *pp)
{
FnCall *service_bundle = PromiseGetConstraintAsRval(pp, "service_bundle", RVAL_TYPE_FNCALL);
PromiseResult result = PROMISE_RESULT_NOOP;
if (!service_bundle)
{
service_bundle = PromiseGetConstraintAsRval(pp, "service_bundle", RVAL_TYPE_SCALAR);
}
if (!service_bundle)
{
cfPS(ctx, LOG_LEVEL_INFO, PROMISE_RESULT_FAIL, pp, a, "Service '%s' cannot be resolved as a bundle", pp->promiser);
return PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
}
switch (a.service.service_policy)
{
case SERVICE_POLICY_START:
EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_THIS, "service_policy", "start", CF_DATA_TYPE_STRING, "source=promise");
break;
case SERVICE_POLICY_RESTART:
EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_THIS, "service_policy", "restart", CF_DATA_TYPE_STRING, "source=promise");
break;
case SERVICE_POLICY_RELOAD:
EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_THIS, "service_policy", "reload", CF_DATA_TYPE_STRING, "source=promise");
break;
case SERVICE_POLICY_STOP:
case SERVICE_POLICY_DISABLE:
default:
EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_THIS, "service_policy", "stop", CF_DATA_TYPE_STRING, "source=promise");
break;
}
const Bundle *bp = PolicyGetBundle(PolicyFromPromise(pp), NULL, "agent", service_bundle->name);
if (!bp)
{
bp = PolicyGetBundle(PolicyFromPromise(pp), NULL, "common", service_bundle->name);
}
if (!bp)
{
cfPS(ctx, LOG_LEVEL_INFO, PROMISE_RESULT_FAIL, pp, a, "Service '%s' could not be invoked successfully", pp->promiser);
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
}
if (!DONTDO)
{
result = PromiseResultUpdate(result, VerifyMethod(ctx, "service_bundle", a, pp)); // Send list of classes to set privately?
}
return result;
}
static void GetReturnValue(EvalContext *ctx, const Bundle *callee, const Promise *caller)
{
char *result = PromiseGetConstraintAsRval(caller, "useresult", RVAL_TYPE_SCALAR);
if (result)
{
VarRef *ref = VarRefParseFromBundle("last-result", callee);
VariableTableIterator *iter = EvalContextVariableTableIteratorNew(ctx, ref->ns, ref->scope, ref->lval);
Variable *result_var = NULL;
while ((result_var = VariableTableIteratorNext(iter)))
{
assert(result_var->ref->num_indices == 1);
if (result_var->ref->num_indices != 1)
{
continue;
}
VarRef *new_ref = VarRefParseFromBundle(result, PromiseGetBundle(caller));
VarRefAddIndex(new_ref, result_var->ref->indices[0]);
EvalContextVariablePut(ctx, new_ref, result_var->rval.item, result_var->type, "source=bundle");
VarRefDestroy(new_ref);
}
VarRefDestroy(ref);
VariableTableIteratorDestroy(iter);
}
}
static PromiseResult KeepServerPromise(EvalContext *ctx, const Promise *pp, ARG_UNUSED void *param)
{
assert(!param);
PromiseBanner(ctx, pp);
if (strcmp(pp->parent_promise_type->name, "vars") == 0)
{
return VerifyVarPromise(ctx, pp, NULL);
}
if (strcmp(pp->parent_promise_type->name, "classes") == 0)
{
return VerifyClassPromise(ctx, pp, NULL);
}
if (strcmp(pp->parent_promise_type->name, "access") == 0)
{
const char *resource_type =
PromiseGetConstraintAsRval(pp, "resource_type", RVAL_TYPE_SCALAR);
/* Default resource_type in access_rules is "path" */
if (resource_type == NULL ||
strcmp(resource_type, "path") == 0)
{
KeepFileAccessPromise(ctx, pp);
return PROMISE_RESULT_NOOP;
}
else if (strcmp(resource_type, "literal") == 0)
{
KeepLiteralAccessPromise(ctx, pp, "literal");
return PROMISE_RESULT_NOOP;
}
else if (strcmp(resource_type, "variable") == 0)
{
KeepLiteralAccessPromise(ctx, pp, "variable");
return PROMISE_RESULT_NOOP;
}
else if (strcmp(resource_type, "query") == 0)
{
KeepQueryAccessPromise(ctx, pp);
KeepReportDataSelectAccessPromise(pp);
return PROMISE_RESULT_NOOP;
}
else if (strcmp(resource_type, "context") == 0)
{
KeepLiteralAccessPromise(ctx, pp, "context");
return PROMISE_RESULT_NOOP;
}
}
else if (strcmp(pp->parent_promise_type->name, "roles") == 0)
{
KeepServerRolePromise(ctx, pp);
return PROMISE_RESULT_NOOP;
}
return PROMISE_RESULT_NOOP;
}
static PromiseResult FindFilePromiserObjects(EvalContext *ctx, const Promise *pp)
{
char *val = PromiseGetConstraintAsRval(pp, "pathtype", RVAL_TYPE_SCALAR);
int literal = (PromiseGetConstraintAsBoolean(ctx, "copy_from", pp)) || ((val != NULL) && (strcmp(val, "literal") == 0));
/* Check if we are searching over a regular expression */
PromiseResult result = PROMISE_RESULT_SKIPPED;
if (literal)
{
// Prime the promiser temporarily, may override later
result = PromiseResultUpdate(result, VerifyFilePromise(ctx, pp->promiser, pp));
}
else // Default is to expand regex paths
{
result = PromiseResultUpdate(result, LocateFilePromiserGroup(ctx, pp->promiser, pp, VerifyFilePromise));
}
return result;
}
static PromiseResult KeepServerPromise(EvalContext *ctx, const Promise *pp, ARG_UNUSED void *param)
{
assert(!param);
if (!IsDefinedClass(ctx, pp->classes, PromiseGetNamespace(pp)))
{
Log(LOG_LEVEL_VERBOSE, "Skipping whole promise, as context is %s", pp->classes);
return PROMISE_RESULT_NOOP;
}
{
char *cls = NULL;
if (VarClassExcluded(ctx, pp, &cls))
{
if (LEGACY_OUTPUT)
{
Log(LOG_LEVEL_VERBOSE, "\n");
Log(LOG_LEVEL_VERBOSE, ". . . . . . . . . . . . . . . . . . . . . . . . . . . . ");
Log(LOG_LEVEL_VERBOSE, "Skipping whole next promise (%s), as var-context %s is not relevant", pp->promiser, cls);
Log(LOG_LEVEL_VERBOSE, ". . . . . . . . . . . . . . . . . . . . . . . . . . . . ");
}
else
{
Log(LOG_LEVEL_VERBOSE, "Skipping next promise '%s', as var-context '%s' is not relevant", pp->promiser, cls);
}
return PROMISE_RESULT_NOOP;
}
}
if (strcmp(pp->parent_promise_type->name, "classes") == 0)
{
return VerifyClassPromise(ctx, pp, NULL);
}
const char *resource_type = PromiseGetConstraintAsRval(pp, "resource_type", RVAL_TYPE_SCALAR);
if (resource_type && strcmp(pp->parent_promise_type->name, "access") == 0)
{
if (strcmp(resource_type, "literal") == 0)
{
KeepLiteralAccessPromise(ctx, pp, "literal");
return PROMISE_RESULT_NOOP;
}
else if (strcmp(resource_type, "variable") == 0)
{
KeepLiteralAccessPromise(ctx, pp, "variable");
return PROMISE_RESULT_NOOP;
}
else if (strcmp(resource_type, "query") == 0)
{
KeepQueryAccessPromise(ctx, pp, "query");
KeepReportDataSelectAccessPromise(pp);
return PROMISE_RESULT_NOOP;
}
else if (strcmp(resource_type, "context") == 0)
{
KeepLiteralAccessPromise(ctx, pp, "context");
return PROMISE_RESULT_NOOP;
}
}
if (strcmp(pp->parent_promise_type->name, "access") == 0)
{
KeepFileAccessPromise(ctx, pp);
return PROMISE_RESULT_NOOP;
}
else if (strcmp(pp->parent_promise_type->name, "roles") == 0)
{
KeepServerRolePromise(ctx, pp);
return PROMISE_RESULT_NOOP;
}
return PROMISE_RESULT_NOOP;
}
PromiseResult ScheduleEditOperation(EvalContext *ctx, char *filename, Attributes a, const Promise *pp)
{
void *vp;
FnCall *fp;
Rlist *args = NULL;
char edit_bundle_name[CF_BUFSIZE], lockname[CF_BUFSIZE], qualified_edit[CF_BUFSIZE], *method_deref;
CfLock thislock;
snprintf(lockname, CF_BUFSIZE - 1, "fileedit-%s", filename);
thislock = AcquireLock(ctx, lockname, VUQNAME, CFSTARTTIME, a.transaction, pp, false);
if (thislock.lock == NULL)
{
return PROMISE_RESULT_SKIPPED;
}
EditContext *edcontext = NewEditContext(filename, a);
PromiseResult result = PROMISE_RESULT_NOOP;
if (edcontext == NULL)
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "File '%s' was marked for editing but could not be opened", filename);
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
goto exit;
}
const Policy *policy = PolicyFromPromise(pp);
if (a.haveeditline)
{
if ((vp = PromiseGetConstraintAsRval(pp, "edit_line", RVAL_TYPE_FNCALL)))
{
fp = (FnCall *) vp;
strcpy(edit_bundle_name, fp->name);
args = fp->args;
}
else if ((vp = PromiseGetConstraintAsRval(pp, "edit_line", RVAL_TYPE_SCALAR)))
{
strcpy(edit_bundle_name, (char *) vp);
args = NULL;
}
else
{
goto exit;
}
if (strncmp(edit_bundle_name,"default:",strlen("default:")) == 0) // CF_NS == ':'
{
method_deref = strchr(edit_bundle_name, CF_NS) + 1;
}
else if ((strchr(edit_bundle_name, CF_NS) == NULL) && (strcmp(PromiseGetNamespace(pp), "default") != 0))
{
snprintf(qualified_edit, CF_BUFSIZE, "%s%c%s", PromiseGetNamespace(pp), CF_NS, edit_bundle_name);
method_deref = qualified_edit;
}
else
{
method_deref = edit_bundle_name;
}
Log(LOG_LEVEL_VERBOSE, "Handling file edits in edit_line bundle '%s'", method_deref);
Bundle *bp = NULL;
if ((bp = PolicyGetBundle(policy, NULL, "edit_line", method_deref)))
{
BannerSubBundle(bp, args);
EvalContextStackPushBundleFrame(ctx, bp, args, a.edits.inherit);
BundleResolve(ctx, bp);
ScheduleEditLineOperations(ctx, bp, a, pp, edcontext);
EvalContextStackPopFrame(ctx);
}
else
{
Log(LOG_LEVEL_ERR, "Did not find method '%s' in bundle '%s' for edit operation", method_deref, edit_bundle_name);
}
}
if (a.haveeditxml)
{
if ((vp = PromiseGetConstraintAsRval(pp, "edit_xml", RVAL_TYPE_FNCALL)))
{
fp = (FnCall *) vp;
strcpy(edit_bundle_name, fp->name);
args = fp->args;
}
else if ((vp = PromiseGetConstraintAsRval(pp, "edit_xml", RVAL_TYPE_SCALAR)))
{
strcpy(edit_bundle_name, (char *) vp);
args = NULL;
}
else
{
goto exit;
}
if (strncmp(edit_bundle_name,"default:",strlen("default:")) == 0) // CF_NS == ':'
{
method_deref = strchr(edit_bundle_name, CF_NS) + 1;
}
else
{
method_deref = edit_bundle_name;
}
Log(LOG_LEVEL_VERBOSE, "Handling file edits in edit_xml bundle '%s'", method_deref);
Bundle *bp = NULL;
if ((bp = PolicyGetBundle(policy, NULL, "edit_xml", method_deref)))
{
BannerSubBundle(bp, args);
EvalContextStackPushBundleFrame(ctx, bp, args, a.edits.inherit);
BundleResolve(ctx, bp);
ScheduleEditXmlOperations(ctx, bp, a, pp, edcontext);
EvalContextStackPopFrame(ctx);
}
}
if (a.edit_template)
{
if (!a.template_method || strcmp("cfengine", a.template_method) == 0)
{
Policy *tmp_policy = PolicyNew();
Bundle *bp = NULL;
if ((bp = MakeTemporaryBundleFromTemplate(ctx, tmp_policy, a, pp, &result)))
{
BannerSubBundle(bp, args);
a.haveeditline = true;
EvalContextStackPushBundleFrame(ctx, bp, args, a.edits.inherit);
BundleResolve(ctx, bp);
ScheduleEditLineOperations(ctx, bp, a, pp, edcontext);
EvalContextStackPopFrame(ctx);
if (edcontext->num_edits == 0)
{
edcontext->num_edits++;
}
}
PolicyDestroy(tmp_policy);
}
else if (strcmp("mustache", a.template_method) == 0)
{
if (!FileCanOpen(a.edit_template, "r"))
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "Template file '%s' could not be opened for reading", a.edit_template);
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
goto exit;
}
Writer *ouput_writer = NULL;
{
FILE *output_file = safe_fopen(pp->promiser, "w");
if (!output_file)
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "Output file '%s' could not be opened for writing", pp->promiser);
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
goto exit;
}
ouput_writer = FileWriter(output_file);
}
Writer *template_writer = FileRead(a.edit_template, SIZE_MAX, NULL);
if (!template_writer)
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "Could not read template file '%s'", a.edit_template);
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
WriterClose(ouput_writer);
goto exit;
}
JsonElement *default_template_data = NULL;
if (!a.template_data)
{
a.template_data = default_template_data = DefaultTemplateData(ctx);
}
if (!MustacheRender(ouput_writer, StringWriterData(template_writer), a.template_data))
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "Error rendering mustache template '%s'", a.edit_template);
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
WriterClose(template_writer);
WriterClose(ouput_writer);
goto exit;
}
JsonDestroy(default_template_data);
WriterClose(template_writer);
WriterClose(ouput_writer);
}
}
exit:
result = PromiseResultUpdate(result, FinishEditContext(ctx, edcontext, a, pp));
YieldCurrentLock(thislock);
return result;
}
PromiseResult ScheduleEditOperation(EvalContext *ctx, char *filename, Attributes a, const Promise *pp)
{
void *vp;
FnCall *fp;
Rlist *args = NULL;
char edit_bundle_name[CF_BUFSIZE], lockname[CF_BUFSIZE];
CfLock thislock;
snprintf(lockname, CF_BUFSIZE - 1, "fileedit-%s", filename);
thislock = AcquireLock(ctx, lockname, VUQNAME, CFSTARTTIME, a.transaction, pp, false);
if (thislock.lock == NULL)
{
return PROMISE_RESULT_SKIPPED;
}
EditContext *edcontext = NewEditContext(filename, a);
PromiseResult result = PROMISE_RESULT_NOOP;
if (edcontext == NULL)
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "File '%s' was marked for editing but could not be opened", filename);
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
goto exit;
}
const Policy *policy = PolicyFromPromise(pp);
if (a.haveeditline)
{
if ((vp = PromiseGetConstraintAsRval(pp, "edit_line", RVAL_TYPE_FNCALL)))
{
fp = (FnCall *) vp;
strcpy(edit_bundle_name, fp->name);
args = fp->args;
}
else if ((vp = PromiseGetConstraintAsRval(pp, "edit_line", RVAL_TYPE_SCALAR)))
{
strcpy(edit_bundle_name, (char *) vp);
args = NULL;
}
else
{
goto exit;
}
Log(LOG_LEVEL_VERBOSE, "Handling file edits in edit_line bundle '%s'", edit_bundle_name);
const Bundle *bp = EvalContextResolveBundleExpression(ctx, policy, edit_bundle_name, "edit_line");
if (bp)
{
BannerSubBundle(bp, args);
EvalContextStackPushBundleFrame(ctx, bp, args, a.edits.inherit);
BundleResolve(ctx, bp);
ScheduleEditLineOperations(ctx, bp, a, pp, edcontext);
EvalContextStackPopFrame(ctx);
}
else
{
Log(LOG_LEVEL_ERR, "Did not find bundle '%s' for edit operation", edit_bundle_name);
}
}
if (a.haveeditxml)
{
if ((vp = PromiseGetConstraintAsRval(pp, "edit_xml", RVAL_TYPE_FNCALL)))
{
fp = (FnCall *) vp;
strcpy(edit_bundle_name, fp->name);
args = fp->args;
}
else if ((vp = PromiseGetConstraintAsRval(pp, "edit_xml", RVAL_TYPE_SCALAR)))
{
strcpy(edit_bundle_name, (char *) vp);
args = NULL;
}
else
{
goto exit;
}
Log(LOG_LEVEL_VERBOSE, "Handling file edits in edit_xml bundle '%s'", edit_bundle_name);
const Bundle *bp = EvalContextResolveBundleExpression(ctx, policy, edit_bundle_name, "edit_xml");
if (bp)
{
BannerSubBundle(bp, args);
EvalContextStackPushBundleFrame(ctx, bp, args, a.edits.inherit);
BundleResolve(ctx, bp);
ScheduleEditXmlOperations(ctx, bp, a, pp, edcontext);
EvalContextStackPopFrame(ctx);
}
}
if (a.edit_template)
{
if (!a.template_method || strcmp("cfengine", a.template_method) == 0)
{
PromiseResult render_result = RenderTemplateCFEngine(ctx, pp, args, a, edcontext);
result = PromiseResultUpdate(result, render_result);
}
else if (strcmp("mustache", a.template_method) == 0)
{
PromiseResult render_result = RenderTemplateMustache(ctx, pp, a, edcontext);
result = PromiseResultUpdate(result, render_result);
}
}
exit:
FinishEditContext(ctx, edcontext, a, pp, &result);
YieldCurrentLock(thislock);
return result;
}
PromiseResult VerifyMethod(EvalContext *ctx, char *attrname, Attributes a, const Promise *pp)
{
Bundle *bp;
void *vp;
FnCall *fp;
char method_name[CF_EXPANDSIZE];
Rlist *args = NULL;
CfLock thislock;
char lockname[CF_BUFSIZE];
if (a.havebundle)
{
if ((vp = PromiseGetConstraintAsRval(pp, attrname, RVAL_TYPE_FNCALL)))
{
fp = (FnCall *) vp;
ExpandScalar(ctx, PromiseGetBundle(pp)->ns, PromiseGetBundle(pp)->name, fp->name, method_name);
args = fp->args;
}
else if ((vp = PromiseGetConstraintAsRval(pp, attrname, RVAL_TYPE_SCALAR)))
{
ExpandScalar(ctx, PromiseGetBundle(pp)->ns, PromiseGetBundle(pp)->name, (char *) vp, method_name);
args = NULL;
}
else
{
return PROMISE_RESULT_NOOP;
}
}
GetLockName(lockname, "method", pp->promiser, args);
thislock = AcquireLock(ctx, lockname, VUQNAME, CFSTARTTIME, a.transaction, pp, false);
if (thislock.lock == NULL)
{
return PROMISE_RESULT_SKIPPED;
}
PromiseBanner(pp);
char ns[CF_MAXVARSIZE] = "";
char bundle_name[CF_MAXVARSIZE] = "";
SplitScopeName(method_name, ns, bundle_name);
bp = PolicyGetBundle(PolicyFromPromise(pp), EmptyString(ns) ? NULL : ns, "agent", bundle_name);
if (!bp)
{
bp = PolicyGetBundle(PolicyFromPromise(pp), EmptyString(ns) ? NULL : ns, "common", bundle_name);
}
PromiseResult result = PROMISE_RESULT_NOOP;
if (bp)
{
BannerSubBundle(bp, args);
EvalContextStackPushBundleFrame(ctx, bp, args, a.inherit);
BundleResolve(ctx, bp);
result = ScheduleAgentOperations(ctx, bp);
GetReturnValue(ctx, bp, pp);
EvalContextStackPopFrame(ctx);
switch (result)
{
case PROMISE_RESULT_FAIL:
cfPS(ctx, LOG_LEVEL_INFO, PROMISE_RESULT_FAIL, pp, a, "Method '%s' failed in some repairs or aborted", bp->name);
break;
case PROMISE_RESULT_CHANGE:
cfPS(ctx, LOG_LEVEL_VERBOSE, PROMISE_RESULT_CHANGE, pp, a, "Method '%s' invoked repairs", bp->name);
break;
default:
cfPS(ctx, LOG_LEVEL_VERBOSE, PROMISE_RESULT_NOOP, pp, a, "Method '%s' verified", bp->name);
break;
}
for (const Rlist *rp = bp->args; rp; rp = rp->next)
{
const char *lval = RlistScalarValue(rp);
VarRef *ref = VarRefParseFromBundle(lval, bp);
EvalContextVariableRemove(ctx, ref);
VarRefDestroy(ref);
}
}
else
{
if (IsCf3VarString(method_name))
{
Log(LOG_LEVEL_ERR,
"A variable seems to have been used for the name of the method. In this case, the promiser also needs to contain the unique name of the method");
}
if (bp && (bp->name))
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "Method '%s' was used but was not defined", bp->name);
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
}
else
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a,
"A method attempted to use a bundle '%s' that was apparently not defined", method_name);
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
}
}
YieldCurrentLock(thislock);
return result;
}
