void LocateFilePromiserGroup(EvalContext *ctx, char *wildpath, Promise *pp, void (*fnptr) (EvalContext *ctx, char *path, Promise *ptr))
{
Item *path, *ip, *remainder = NULL;
char pbuffer[CF_BUFSIZE];
struct stat statbuf;
int count = 0, lastnode = false, expandregex = false;
uid_t agentuid = getuid();
int create = PromiseGetConstraintAsBoolean(ctx, "create", pp);
char *pathtype = ConstraintGetRvalValue(ctx, "pathtype", pp, RVAL_TYPE_SCALAR);
/* Do a search for promiser objects matching wildpath */
if ((!IsPathRegex(wildpath)) || (pathtype && (strcmp(pathtype, "literal") == 0)))
{
Log(LOG_LEVEL_VERBOSE, "Using literal pathtype for '%s'", wildpath);
(*fnptr) (ctx, wildpath, pp);
return;
}
else
{
Log(LOG_LEVEL_VERBOSE, "Using regex pathtype for '%s' (see pathtype)", wildpath);
}
pbuffer[0] = '\0';
path = SplitString(wildpath, '/'); // require forward slash in regex on all platforms
for (ip = path; ip != NULL; ip = ip->next)
{
if ((ip->name == NULL) || (strlen(ip->name) == 0))
{
continue;
}
if (ip->next == NULL)
{
lastnode = true;
}
/* No need to chdir as in recursive descent, since we know about the path here */
if (IsRegex(ip->name))
{
remainder = ip->next;
expandregex = true;
break;
}
else
{
expandregex = false;
}
if (!JoinPath(pbuffer, ip->name))
{
Log(LOG_LEVEL_ERR, "Buffer has limited size in LocateFilePromiserGroup");
return;
}
if (stat(pbuffer, &statbuf) != -1)
{
if ((S_ISDIR(statbuf.st_mode)) && ((statbuf.st_uid) != agentuid) && ((statbuf.st_uid) != 0))
{
Log(LOG_LEVEL_INFO,
"Directory '%s' in search path '%s' is controlled by another user (uid %ju) - trusting its content is potentially risky (possible race condition)",
pbuffer, wildpath, (uintmax_t)statbuf.st_uid);
PromiseRef(LOG_LEVEL_INFO, pp);
}
}
}
if (expandregex) /* Expand one regex link and hand down */
{
char nextbuffer[CF_BUFSIZE], nextbufferOrig[CF_BUFSIZE], regex[CF_BUFSIZE];
const struct dirent *dirp;
Dir *dirh;
memset(regex, 0, CF_BUFSIZE);
strncpy(regex, ip->name, CF_BUFSIZE - 1);
if ((dirh = DirOpen(pbuffer)) == NULL)
{
// Could be a dummy directory to be created so this is not an error.
Log(LOG_LEVEL_VERBOSE, "Using best-effort expanded (but non-existent) file base path '%s'", wildpath);
(*fnptr) (ctx, wildpath, pp);
DeleteItemList(path);
return;
}
else
{
count = 0;
for (dirp = DirRead(dirh); dirp != NULL; dirp = DirRead(dirh))
{
if (!ConsiderLocalFile(dirp->d_name, pbuffer))
{
continue;
}
if ((!lastnode) && (!S_ISDIR(statbuf.st_mode)))
{
Log(LOG_LEVEL_DEBUG, "Skipping non-directory '%s'", dirp->d_name);
continue;
}
if (FullTextMatch(regex, dirp->d_name))
{
Log(LOG_LEVEL_DEBUG, "Link '%s' matched regex '%s'", dirp->d_name, regex);
}
else
{
continue;
}
count++;
strncpy(nextbuffer, pbuffer, CF_BUFSIZE - 1);
AddSlash(nextbuffer);
strcat(nextbuffer, dirp->d_name);
for (ip = remainder; ip != NULL; ip = ip->next)
{
AddSlash(nextbuffer);
strcat(nextbuffer, ip->name);
}
/* The next level might still contain regexs, so go again as long as expansion is not nullpotent */
if ((!lastnode) && (strcmp(nextbuffer, wildpath) != 0))
{
LocateFilePromiserGroup(ctx, nextbuffer, pp, fnptr);
}
else
{
Promise *pcopy;
Log(LOG_LEVEL_VERBOSE, "Using expanded file base path '%s'", nextbuffer);
/* Now need to recompute any back references to get the complete path */
snprintf(nextbufferOrig, sizeof(nextbufferOrig), "%s", nextbuffer);
MapNameForward(nextbuffer);
if (!FullTextMatch(pp->promiser, nextbuffer))
{
Log(LOG_LEVEL_DEBUG, "Error recomputing references for '%s' in '%s'", pp->promiser, nextbuffer);
}
/* If there were back references there could still be match.x vars to expand */
pcopy = ExpandDeRefPromise(ctx, ScopeGetCurrent()->scope, pp);
(*fnptr) (ctx, nextbufferOrig, pcopy);
PromiseDestroy(pcopy);
}
}
DirClose(dirh);
}
}
else
{
Log(LOG_LEVEL_VERBOSE, "Using file base path '%s'", pbuffer);
(*fnptr) (ctx, pbuffer, pp);
}
if (count == 0)
{
Log(LOG_LEVEL_VERBOSE, "No promiser file objects matched as regular expression '%s'", wildpath);
if (create)
{
(*fnptr)(ctx, pp->promiser, pp);
}
}
DeleteItemList(path);
}
static PromiseResult VerifyFileSystem(EvalContext *ctx, char *name, Attributes a, Promise *pp)
{
struct stat statbuf, localstat;
Dir *dirh;
const struct dirent *dirp;
off_t sizeinbytes = 0;
long filecount = 0;
char buff[CF_BUFSIZE];
Log(LOG_LEVEL_VERBOSE, "Checking required filesystem %s", name);
if (stat(name, &statbuf) == -1)
{
return PROMISE_RESULT_NOOP;
}
if (S_ISLNK(statbuf.st_mode))
{
KillGhostLink(ctx, name, a, pp);
return PROMISE_RESULT_NOOP;
}
if (S_ISDIR(statbuf.st_mode))
{
if ((dirh = DirOpen(name)) == NULL)
{
Log(LOG_LEVEL_ERR, "Can't open directory '%s' which checking required/disk. (opendir: %s)", name, GetErrorStr());
return PROMISE_RESULT_NOOP;
}
for (dirp = DirRead(dirh); dirp != NULL; dirp = DirRead(dirh))
{
if (!ConsiderLocalFile(dirp->d_name, name))
{
continue;
}
filecount++;
strcpy(buff, name);
if (buff[strlen(buff)] != FILE_SEPARATOR)
{
strcat(buff, FILE_SEPARATOR_STR);
}
strcat(buff, dirp->d_name);
if (lstat(buff, &localstat) == -1)
{
if (S_ISLNK(localstat.st_mode))
{
KillGhostLink(ctx, buff, a, pp);
continue;
}
Log(LOG_LEVEL_ERR, "Can't stat volume '%s'. (lstat: %s)", buff, GetErrorStr());
continue;
}
sizeinbytes += localstat.st_size;
}
DirClose(dirh);
if (sizeinbytes < 0)
{
Log(LOG_LEVEL_VERBOSE, "Internal error: count of byte size was less than zero!");
return PROMISE_RESULT_NOOP;
}
if (sizeinbytes < a.volume.sensible_size)
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_INTERRUPTED, pp, a, "File system '%s' is suspiciously small! (%jd bytes)", name,
(intmax_t) sizeinbytes);
return PROMISE_RESULT_INTERRUPTED;
}
if (filecount < a.volume.sensible_count)
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_INTERRUPTED, pp, a, "Filesystem '%s' has only %ld files/directories.", name,
filecount);
return PROMISE_RESULT_INTERRUPTED;
}
}
cfPS(ctx, LOG_LEVEL_INFO, PROMISE_RESULT_NOOP, pp, a, "Filesystem '%s' content seems to be sensible as promised", name);
return PROMISE_RESULT_NOOP;
}
