static int GenerateAvahiConfig(const char *path)
{
FILE *fout;
Writer *writer = NULL;
fout = safe_fopen(path, "w+");
if (fout == NULL)
{
Log(LOG_LEVEL_ERR, "Unable to open '%s'", path);
return -1;
}
writer = FileWriter(fout);
fprintf(fout, "<?xml version=\"1.0\" standalone='no'?>\n");
fprintf(fout, "<!DOCTYPE service-group SYSTEM \"avahi-service.dtd\">\n");
XmlComment(writer, "This file has been automatically generated by cf-serverd.");
XmlStartTag(writer, "service-group", 0);
FprintAvahiCfengineTag(fout);
XmlStartTag(writer, "service", 0);
XmlTag(writer, "type", "_cfenginehub._tcp",0);
DetermineCfenginePort();
XmlStartTag(writer, "port", 0);
WriterWriteF(writer, "%d", CFENGINE_PORT);
XmlEndTag(writer, "port");
XmlEndTag(writer, "service");
XmlEndTag(writer, "service-group");
fclose(fout);
return 0;
}
static int GenerateAvahiConfig(const char *path)
{
FILE *fout;
Writer *writer = NULL;
fout = fopen(path, "w+");
if (fout == NULL)
{
CfOut(cf_error, "", "Unable to open %s", path);
return -1;
}
writer = FileWriter(fout);
fprintf(fout, "<?xml version=\"1.0\" standalone='no'?>\n");
fprintf(fout, "<!DOCTYPE service-group SYSTEM \"avahi-service.dtd\">\n");
XmlComment(writer, "This file has been automatically generated by cf-serverd.");
XmlStartTag(writer, "service-group", 0);
#ifdef HAVE_NOVA
fprintf(fout,"<name replace-wildcards=\"yes\" >CFEngine Enterprise %s Policy Hub on %s </name>\n", Version(), "%h");
#else
fprintf(fout,"<name replace-wildcards=\"yes\" >CFEngine Community %s Policy Server on %s </name>\n", Version(), "%h");
#endif
XmlStartTag(writer, "service", 0);
XmlTag(writer, "type", "_cfenginehub._tcp",0);
DetermineCfenginePort();
XmlTag(writer, "port", STR_CFENGINEPORT, 0);
XmlEndTag(writer, "service");
XmlEndTag(writer, "service-group");
fclose(fout);
return 0;
}
static void generateTestFile()
{
FILE *fp = fopen("/tmp/test_file", "w+");
assert_int_not_equal(fp, NULL);
fprintf(fp, "<?xml version=\"1.0\" standalone='no'?>\n");
fprintf(fp, "<!DOCTYPE service-group SYSTEM \"avahi-service.dtd\">\n");
fprintf(fp, "<!-- This file has been automatically generated by cf-serverd. -->\n");
fprintf(fp, "<service-group>\n");
#ifdef HAVE_NOVA
fprintf(fp, "<name replace-wildcards=\"yes\" >CFEngine Enterprise %s Policy Hub on %s </name>\n", Version(), "%h");
#else
fprintf(fp, "<name replace-wildcards=\"yes\" >CFEngine Community %s Policy Server on %s </name>\n", Version(), "%h");
#endif
fprintf(fp, "<service>\n");
fprintf(fp, "<type>_cfenginehub._tcp</type>\n");
DetermineCfenginePort();
fprintf(fp, "<port>%s</port>\n", STR_CFENGINEPORT);
fprintf(fp, "</service>\n");
fprintf(fp, "</service-group>\n");
fclose(fp);
}
void GenericAgentInitialize(EvalContext *ctx, GenericAgentConfig *config)
{
int force = false;
struct stat statbuf, sb;
char vbuff[CF_BUFSIZE];
char ebuff[CF_EXPANDSIZE];
#ifdef __MINGW32__
InitializeWindows();
#endif
DetermineCfenginePort();
EvalContextClassPutHard(ctx, "any", "source=agent");
GenericAgentAddEditionClasses(ctx);
strcpy(VPREFIX, GetConsolePrefix());
/* Define trusted directories */
{
const char *workdir = GetWorkDir();
if (!workdir)
{
FatalError(ctx, "Error determining working directory");
}
strcpy(CFWORKDIR, workdir);
MapName(CFWORKDIR);
}
OpenLog(LOG_USER);
SetSyslogFacility(LOG_USER);
Log(LOG_LEVEL_VERBOSE, "Work directory is %s", CFWORKDIR);
snprintf(vbuff, CF_BUFSIZE, "%s%cupdate.conf", GetInputDir(), FILE_SEPARATOR);
MakeParentDirectory(vbuff, force);
snprintf(vbuff, CF_BUFSIZE, "%s%cbin%ccf-agent -D from_cfexecd", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(vbuff, force);
snprintf(vbuff, CF_BUFSIZE, "%s%coutputs%cspooled_reports", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(vbuff, force);
snprintf(vbuff, CF_BUFSIZE, "%s%clastseen%cintermittencies", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(vbuff, force);
snprintf(vbuff, CF_BUFSIZE, "%s%creports%cvarious", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(vbuff, force);
snprintf(vbuff, CF_BUFSIZE, "%s", GetInputDir());
if (stat(vbuff, &sb) == -1)
{
FatalError(ctx, " No access to WORKSPACE/inputs dir");
}
else
{
chmod(vbuff, sb.st_mode | 0700);
}
snprintf(vbuff, CF_BUFSIZE, "%s%coutputs", CFWORKDIR, FILE_SEPARATOR);
if (stat(vbuff, &sb) == -1)
{
FatalError(ctx, " No access to WORKSPACE/outputs dir");
}
else
{
chmod(vbuff, sb.st_mode | 0700);
}
snprintf(ebuff, sizeof(ebuff), "%s%cstate%ccf_procs",
CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(ebuff, force);
if (stat(ebuff, &statbuf) == -1)
{
CreateEmptyFile(ebuff);
}
snprintf(ebuff, sizeof(ebuff), "%s%cstate%ccf_rootprocs",
CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
if (stat(ebuff, &statbuf) == -1)
{
CreateEmptyFile(ebuff);
}
snprintf(ebuff, sizeof(ebuff), "%s%cstate%ccf_otherprocs",
CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
if (stat(ebuff, &statbuf) == -1)
{
CreateEmptyFile(ebuff);
}
snprintf(ebuff, sizeof(ebuff), "%s%cstate%cprevious_state%c",
CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(ebuff, force);
snprintf(ebuff, sizeof(ebuff), "%s%cstate%cdiff%c",
CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(ebuff, force);
snprintf(ebuff, sizeof(ebuff), "%s%cstate%cuntracked%c",
CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(ebuff, force);
OpenNetwork();
CryptoInitialize();
CheckWorkingDirectories(ctx);
/* Initialize keys and networking. cf-key, doesn't need keys. In fact it
must function properly even without them, so that it generates them! */
if (config->agent_type != AGENT_TYPE_KEYGEN)
{
LoadSecretKeys();
char *bootstrapped_policy_server = ReadPolicyServerFile(CFWORKDIR);
PolicyHubUpdateKeys(bootstrapped_policy_server);
free(bootstrapped_policy_server);
cfnet_init();
}
size_t cwd_size = PATH_MAX;
while (true)
{
char cwd[cwd_size];
if (!getcwd(cwd, cwd_size))
{
if (errno == ERANGE)
{
cwd_size *= 2;
continue;
}
Log(LOG_LEVEL_WARNING, "Could not determine current directory. (getcwd: '%s')", GetErrorStr());
break;
}
EvalContextSetLaunchDirectory(ctx, cwd);
break;
}
if (!MINUSF)
{
GenericAgentConfigSetInputFile(config, GetInputDir(), "promises.cf");
}
VIFELAPSED = 1;
VEXPIREAFTER = 1;
setlinebuf(stdout);
if (config->agent_specific.agent.bootstrap_policy_server)
{
snprintf(vbuff, CF_BUFSIZE, "%s%cfailsafe.cf", GetInputDir(), FILE_SEPARATOR);
if (stat(vbuff, &statbuf) == -1)
{
GenericAgentConfigSetInputFile(config, GetInputDir(), "failsafe.cf");
}
else
{
GenericAgentConfigSetInputFile(config, GetInputDir(), vbuff);
}
}
}
void GenericAgentInitialize(EvalContext *ctx, GenericAgentConfig *config)
{
int force = false;
struct stat statbuf, sb;
char vbuff[CF_BUFSIZE];
char ebuff[CF_EXPANDSIZE];
SHORT_CFENGINEPORT = htons((unsigned short) 5308);
snprintf(STR_CFENGINEPORT, 15, "5308");
EvalContextHeapAddHard(ctx, "any");
strcpy(VPREFIX, GetConsolePrefix());
/* Define trusted directories */
{
const char *workdir = GetWorkDir();
if (!workdir)
{
FatalError(ctx, "Error determining working directory");
}
strcpy(CFWORKDIR, workdir);
MapName(CFWORKDIR);
}
/* On windows, use 'binary mode' as default for files */
#ifdef __MINGW32__
_fmode = _O_BINARY;
#endif
OpenLog(LOG_USER);
SetSyslogFacility(LOG_USER);
if (!LOOKUP) /* cf-know should not do this in lookup mode */
{
Log(LOG_LEVEL_VERBOSE, "Work directory is %s", CFWORKDIR);
snprintf(vbuff, CF_BUFSIZE, "%s%cinputs%cupdate.conf", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(vbuff, force);
snprintf(vbuff, CF_BUFSIZE, "%s%cbin%ccf-agent -D from_cfexecd", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(vbuff, force);
snprintf(vbuff, CF_BUFSIZE, "%s%coutputs%cspooled_reports", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(vbuff, force);
snprintf(vbuff, CF_BUFSIZE, "%s%clastseen%cintermittencies", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(vbuff, force);
snprintf(vbuff, CF_BUFSIZE, "%s%creports%cvarious", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(vbuff, force);
snprintf(vbuff, CF_BUFSIZE, "%s%cinputs", CFWORKDIR, FILE_SEPARATOR);
if (stat(vbuff, &sb) == -1)
{
FatalError(ctx, " No access to WORKSPACE/inputs dir");
}
else
{
chmod(vbuff, sb.st_mode | 0700);
}
snprintf(vbuff, CF_BUFSIZE, "%s%coutputs", CFWORKDIR, FILE_SEPARATOR);
if (stat(vbuff, &sb) == -1)
{
FatalError(ctx, " No access to WORKSPACE/outputs dir");
}
else
{
chmod(vbuff, sb.st_mode | 0700);
}
sprintf(ebuff, "%s%cstate%ccf_procs", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(ebuff, force);
if (stat(ebuff, &statbuf) == -1)
{
CreateEmptyFile(ebuff);
}
sprintf(ebuff, "%s%cstate%ccf_rootprocs", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
if (stat(ebuff, &statbuf) == -1)
{
CreateEmptyFile(ebuff);
}
sprintf(ebuff, "%s%cstate%ccf_otherprocs", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
if (stat(ebuff, &statbuf) == -1)
{
CreateEmptyFile(ebuff);
}
}
OpenNetwork();
CryptoInitialize();
if (!LOOKUP)
{
CheckWorkingDirectories(ctx);
}
const char *bootstrapped_policy_server = ReadPolicyServerFile(CFWORKDIR);
/* Initialize keys and networking. cf-key, doesn't need keys. In fact it
must function properly even without them, so that it generates them! */
if (config->agent_type != AGENT_TYPE_KEYGEN)
{
LoadSecretKeys(bootstrapped_policy_server);
cfnet_init();
}
if (!MINUSF)
{
GenericAgentConfigSetInputFile(config, GetWorkDir(), "promises.cf");
}
DetermineCfenginePort();
VIFELAPSED = 1;
VEXPIREAFTER = 1;
setlinebuf(stdout);
if (config->agent_specific.agent.bootstrap_policy_server)
{
snprintf(vbuff, CF_BUFSIZE, "%s%cinputs%cfailsafe.cf", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR);
#ifndef HAVE_ENTERPRISE
if (stat(vbuff, &statbuf) == -1)
{
GenericAgentConfigSetInputFile(config, GetWorkDir(), "failsafe.cf");
}
else
#endif
{
GenericAgentConfigSetInputFile(config, GetWorkDir(), vbuff);
}
}
}
void InitializeGA(int argc,char *argv[])
{
int seed,force = false;
struct stat statbuf,sb;
unsigned char s[16];
char vbuff[CF_BUFSIZE];
char ebuff[CF_EXPANDSIZE];
SHORT_CFENGINEPORT = htons((unsigned short)5308);
snprintf(STR_CFENGINEPORT,15,"5308");
NewClass("any");
#if defined HAVE_CONSTELLATION
NewClass("constellation_edition");
#elif defined HAVE_NOVA
NewClass("nova_edition");
#else
NewClass("community_edition");
#endif
strcpy(VPREFIX,GetConsolePrefix());
if (VERBOSE)
{
NewClass("verbose_mode");
}
if (INFORM)
{
NewClass("inform_mode");
}
if (DEBUG)
{
NewClass("debug_mode");
}
CfOut(cf_verbose,"","Cfengine - autonomous configuration engine - commence self-diagnostic prelude\n");
CfOut(cf_verbose,"","------------------------------------------------------------------------\n");
/* Define trusted directories */
#ifdef MINGW
if(NovaWin_GetProgDir(CFWORKDIR, CF_BUFSIZE - sizeof("Cfengine")))
{
strcat(CFWORKDIR, "\\Cfengine");
}
else
{
CfOut(cf_error, "", "!! Could not get CFWORKDIR from Windows environment variable, falling back to compile time dir (%s)", WORKDIR);
strcpy(CFWORKDIR,WORKDIR);
}
Debug("Setting CFWORKDIR=%s\n", CFWORKDIR);
#elif defined(CFCYG)
strcpy(CFWORKDIR,WORKDIR);
MapName(CFWORKDIR);
#else
if (getuid() > 0)
{
strncpy(CFWORKDIR,GetHome(getuid()),CF_BUFSIZE-10);
strcat(CFWORKDIR,"/.cfagent");
if (strlen(CFWORKDIR) > CF_BUFSIZE/2)
{
FatalError("Suspicious looking home directory. The path is too long and will lead to problems.");
}
}
else
{
strcpy(CFWORKDIR,WORKDIR);
}
#endif
/* On windows, use 'binary mode' as default for files */
#ifdef MINGW
_fmode = _O_BINARY;
#endif
strcpy(SYSLOGHOST,"localhost");
SYSLOGPORT = htons(514);
Cf3OpenLog(LOG_USER);
if (!LOOKUP) /* cf-know should not do this in lookup mode */
{
CfOut(cf_verbose,"","Work directory is %s\n",CFWORKDIR);
snprintf(HASHDB,CF_BUFSIZE-1,"%s%c%s",CFWORKDIR,FILE_SEPARATOR,CF_CHKDB);
snprintf(vbuff,CF_BUFSIZE,"%s%cinputs%cupdate.conf",CFWORKDIR,FILE_SEPARATOR,FILE_SEPARATOR);
MakeParentDirectory(vbuff,force);
snprintf(vbuff,CF_BUFSIZE,"%s%cbin%ccf-agent -D from_cfexecd",CFWORKDIR,FILE_SEPARATOR,FILE_SEPARATOR);
MakeParentDirectory(vbuff,force);
snprintf(vbuff,CF_BUFSIZE,"%s%coutputs%cspooled_reports",CFWORKDIR,FILE_SEPARATOR,FILE_SEPARATOR);
MakeParentDirectory(vbuff,force);
snprintf(vbuff,CF_BUFSIZE,"%s%clastseen%cintermittencies",CFWORKDIR,FILE_SEPARATOR,FILE_SEPARATOR);
MakeParentDirectory(vbuff,force);
snprintf(vbuff,CF_BUFSIZE,"%s%creports%cvarious",CFWORKDIR,FILE_SEPARATOR,FILE_SEPARATOR);
MakeParentDirectory(vbuff,force);
snprintf(vbuff,CF_BUFSIZE,"%s%cinputs",CFWORKDIR,FILE_SEPARATOR);
if (cfstat(vbuff,&sb) == -1)
{
FatalError(" !!! No access to WORKSPACE/inputs dir");
}
else
{
cf_chmod(vbuff,sb.st_mode | 0700);
}
snprintf(vbuff,CF_BUFSIZE,"%s%coutputs",CFWORKDIR,FILE_SEPARATOR);
if (cfstat(vbuff,&sb) == -1)
{
FatalError(" !!! No access to WORKSPACE/outputs dir");
}
else
{
cf_chmod(vbuff,sb.st_mode | 0700);
}
sprintf(ebuff,"%s%cstate%ccf_procs",CFWORKDIR,FILE_SEPARATOR,FILE_SEPARATOR);
MakeParentDirectory(ebuff,force);
if (cfstat(ebuff,&statbuf) == -1)
{
CreateEmptyFile(ebuff);
}
sprintf(ebuff,"%s%cstate%ccf_rootprocs",CFWORKDIR,FILE_SEPARATOR,FILE_SEPARATOR);
if (cfstat(ebuff,&statbuf) == -1)
{
CreateEmptyFile(ebuff);
}
sprintf(ebuff,"%s%cstate%ccf_otherprocs",CFWORKDIR,FILE_SEPARATOR,FILE_SEPARATOR);
if (cfstat(ebuff,&statbuf) == -1)
{
CreateEmptyFile(ebuff);
}
}
OpenNetwork();
/* Init crypto stuff */
OpenSSL_add_all_algorithms();
OpenSSL_add_all_digests();
ERR_load_crypto_strings();
if(!LOOKUP)
{
CheckWorkingDirectories();
}
RandomSeed();
RAND_bytes(s,16);
s[15] = '\0';
seed = ElfHash(s);
srand48((long)seed);
LoadSecretKeys();
/* CheckOpts(argc,argv); - MacOS can't handle this back reference */
if (!MINUSF)
{
snprintf(VINPUTFILE,CF_BUFSIZE-1,"promises.cf");
}
AUDITDBP = NULL;
DetermineCfenginePort();
VIFELAPSED = 1;
VEXPIREAFTER = 1;
setlinebuf(stdout);
if (BOOTSTRAP)
{
snprintf(vbuff,CF_BUFSIZE,"%s%cinputs%cfailsafe.cf",CFWORKDIR,FILE_SEPARATOR,FILE_SEPARATOR);
if (!IsEnterprise() && cfstat(vbuff,&statbuf) == -1)
{
snprintf(VINPUTFILE,CF_BUFSIZE-1,".%cfailsafe.cf",FILE_SEPARATOR);
}
else
{
strncpy(VINPUTFILE,vbuff,CF_BUFSIZE-1);
}
}
}
