void DeleteExpArgs(Rlist *args) { RlistDestroy(args); }
bool ComparePackageVersionsInternal(const char *v1, const char *v2, PackageVersionComparator cmp) { Rlist *rp_pr, *rp_in; int result = true; int break_loop = false; int cmp_result; int version_matched = false; Rlist *numbers_pr = NULL, *separators_pr = NULL; Rlist *numbers_in = NULL, *separators_in = NULL; ParsePackageVersion(CanonifyChar(v1, ','), &numbers_pr, &separators_pr); ParsePackageVersion(CanonifyChar(v2, ','), &numbers_in, &separators_in); /* If the format of the version string doesn't match, we're already doomed */ Log(LOG_LEVEL_VERBOSE, "Check for compatible versioning model in (%s,%s)", v1, v2); for (rp_pr = separators_pr, rp_in = separators_in; (rp_pr != NULL) && (rp_in != NULL); rp_pr = rp_pr->next, rp_in = rp_in->next) { if (strcmp(rp_pr->item, rp_in->item) != 0) { result = false; break; } if ((rp_pr->next == NULL) && (rp_in->next == NULL)) { result = true; break; } } if (result) { Log(LOG_LEVEL_VERBOSE, "Verified that versioning models are compatible"); } else { Log(LOG_LEVEL_VERBOSE, "Versioning models for (%s,%s) were incompatible", v1, v2); } int version_equal = (strcmp(v2, v1) == 0); if (result) { for (rp_pr = numbers_pr, rp_in = numbers_in; (rp_pr != NULL) && (rp_in != NULL); rp_pr = rp_pr->next, rp_in = rp_in->next) { cmp_result = strcmp(rp_pr->item, rp_in->item); switch (cmp) { case PACKAGE_VERSION_COMPARATOR_EQ: case PACKAGE_VERSION_COMPARATOR_NONE: if (version_equal) { version_matched = true; } break; case PACKAGE_VERSION_COMPARATOR_NEQ: if (!version_equal) { version_matched = true; } break; case PACKAGE_VERSION_COMPARATOR_GT: if (cmp_result < 0) { version_matched = true; } else if (cmp_result > 0) { break_loop = true; } break; case PACKAGE_VERSION_COMPARATOR_LT: if (cmp_result > 0) { version_matched = true; } else if (cmp_result < 0) { break_loop = true; } break; case PACKAGE_VERSION_COMPARATOR_GE: if ((cmp_result < 0) || version_equal) { version_matched = true; } else if (cmp_result > 0) { break_loop = true; } break; case PACKAGE_VERSION_COMPARATOR_LE: if ((cmp_result > 0) || version_equal) { version_matched = true; } else if (cmp_result < 0) { break_loop = true; } break; default: break; } if ((version_matched == true) || break_loop) { rp_pr = NULL; rp_in = NULL; break; } } if (rp_pr != NULL) { if ((cmp == PACKAGE_VERSION_COMPARATOR_LT) || (cmp == PACKAGE_VERSION_COMPARATOR_LE)) { version_matched = true; } } if (rp_in != NULL) { if ((cmp == PACKAGE_VERSION_COMPARATOR_GT) || (cmp == PACKAGE_VERSION_COMPARATOR_GE)) { version_matched = true; } } } RlistDestroy(numbers_pr); RlistDestroy(numbers_in); RlistDestroy(separators_pr); RlistDestroy(separators_in); if (version_matched) { Log(LOG_LEVEL_VERBOSE, "Verified version constraint promise kept"); } else { Log(LOG_LEVEL_VERBOSE, "Versions did not match"); } return version_matched; }
GenericAgentConfig *CheckOpts(int argc, char **argv) { extern char *optarg; int optindex = 0; int c; GenericAgentConfig *config = GenericAgentConfigNewDefault(AGENT_TYPE_COMMON); while ((c = getopt_long(argc, argv, "dvnIf:D:N:VSrxMb:i:p:s:cg:hW:lC::", OPTIONS, &optindex)) != EOF) { switch ((char) c) { case 0: switch (optindex) { case PROMISES_OPTION_EVAL_FUNCTIONS: if (!optarg) { optarg = "yes"; } config->agent_specific.common.eval_functions = strcmp("yes", optarg) == 0; break; case PROMISES_OPTION_SHOW_CLASSES: if (!optarg) { optarg = "yes"; } config->agent_specific.common.show_classes = strcmp("yes", optarg) == 0; break; case PROMISES_OPTION_SHOW_VARIABLES: if (!optarg) { optarg = "yes"; } config->agent_specific.common.show_variables = strcmp("yes", optarg) == 0; break; default: break; } case 'l': LEGACY_OUTPUT = true; break; case 'c': config->check_runnable = true; break; case 'f': if (optarg && (strlen(optarg) < 5)) { Log(LOG_LEVEL_ERR, " -f used but argument '%s' incorrect", optarg); exit(EXIT_FAILURE); } GenericAgentConfigSetInputFile(config, GetInputDir(), optarg); MINUSF = true; break; case 'd': LogSetGlobalLevel(LOG_LEVEL_DEBUG); break; case 'b': if (optarg) { Rlist *bundlesequence = RlistFromSplitString(optarg, ','); GenericAgentConfigSetBundleSequence(config, bundlesequence); RlistDestroy(bundlesequence); } break; case 'p': if (strcmp("none", optarg) == 0) { config->agent_specific.common.policy_output_format = GENERIC_AGENT_CONFIG_COMMON_POLICY_OUTPUT_FORMAT_NONE; } else if (strcmp("cf", optarg) == 0) { config->agent_specific.common.policy_output_format = GENERIC_AGENT_CONFIG_COMMON_POLICY_OUTPUT_FORMAT_CF; } else if (strcmp("json", optarg) == 0) { config->agent_specific.common.policy_output_format = GENERIC_AGENT_CONFIG_COMMON_POLICY_OUTPUT_FORMAT_JSON; } else { Log(LOG_LEVEL_ERR, "Invalid policy output format: '%s'. Possible values are 'none', 'cf', 'json'", optarg); exit(EXIT_FAILURE); } break; case 's': if (strcmp("none", optarg) == 0) { break; } else if (strcmp("json", optarg) == 0) { JsonElement *json_syntax = SyntaxToJson(); Writer *out = FileWriter(stdout); JsonWrite(out, json_syntax, 0); FileWriterDetach(out); JsonDestroy(json_syntax); exit(EXIT_SUCCESS); } else { Log(LOG_LEVEL_ERR, "Invalid syntax description output format: '%s'. Possible values are 'none', 'json'", optarg); exit(EXIT_FAILURE); } break; case 'K': config->ignore_locks = true; break; case 'D': config->heap_soft = StringSetFromString(optarg, ','); break; case 'N': config->heap_negated = StringSetFromString(optarg, ','); break; case 'I': LogSetGlobalLevel(LOG_LEVEL_INFO); break; case 'v': LogSetGlobalLevel(LOG_LEVEL_VERBOSE); break; case 'n': DONTDO = true; config->ignore_locks = true; break; case 'V': { Writer *w = FileWriter(stdout); GenericAgentWriteVersion(w); FileWriterDetach(w); } exit(EXIT_SUCCESS); case 'h': { Writer *w = FileWriter(stdout); GenericAgentWriteHelp(w, "cf-promises", OPTIONS, HINTS, true); FileWriterDetach(w); } exit(EXIT_SUCCESS); case 'M': { Writer *out = FileWriter(stdout); ManPageWrite(out, "cf-promises", time(NULL), CF_PROMISES_SHORT_DESCRIPTION, CF_PROMISES_MANPAGE_LONG_DESCRIPTION, OPTIONS, HINTS, true); FileWriterDetach(out); exit(EXIT_SUCCESS); } case 'r': SHOWREPORTS = true; break; case 'W': if (!GenericAgentConfigParseWarningOptions(config, optarg)) { Log(LOG_LEVEL_ERR, "Error parsing warning option"); exit(EXIT_FAILURE); } break; case 'x': Log(LOG_LEVEL_ERR, "Self-diagnostic functionality is retired."); exit(EXIT_SUCCESS); case 'C': if (!GenericAgentConfigParseColor(config, optarg)) { exit(EXIT_FAILURE); } break; default: { Writer *w = FileWriter(stdout); GenericAgentWriteHelp(w, "cf-promises", OPTIONS, HINTS, true); FileWriterDetach(w); } exit(EXIT_FAILURE); } } if (!GenericAgentConfigParseArguments(config, argc - optind, argv + optind)) { Log(LOG_LEVEL_ERR, "Too many arguments"); exit(EXIT_FAILURE); } return config; }
GenericAgentConfig *CheckOpts(int argc, char **argv) { extern char *optarg; int c; GenericAgentConfig *config = GenericAgentConfigNewDefault(AGENT_TYPE_COMMON, GetTTYInteractive()); config->tag_release_dir = NULL; while ((c = getopt_long(argc, argv, "dvnIw:f:D:N:VSrxMb:i:p:s:cg:hW:C::T:l", OPTIONS, NULL)) != -1) { switch (c) { case OPT_EVAL_FUNCTIONS: if (!optarg) { optarg = "yes"; } config->agent_specific.common.eval_functions = strcmp("yes", optarg) == 0; break; case OPT_SHOW_CLASSES: config->agent_specific.common.show_classes = true; break; case OPT_SHOW_VARS: config->agent_specific.common.show_variables = true; break; case 'w': Log(LOG_LEVEL_INFO, "Setting workdir to '%s'", optarg); putenv(StringConcatenate(2, "CFENGINE_TEST_OVERRIDE_WORKDIR=", optarg)); break; case 'c': config->check_runnable = true; break; case 'f': GenericAgentConfigSetInputFile(config, GetInputDir(), optarg); MINUSF = true; break; case 'd': LogSetGlobalLevel(LOG_LEVEL_DEBUG); break; case 'b': if (optarg) { Rlist *bundlesequence = RlistFromSplitString(optarg, ','); GenericAgentConfigSetBundleSequence(config, bundlesequence); RlistDestroy(bundlesequence); } break; case 'p': if (strcmp("none", optarg) == 0) { config->agent_specific.common.policy_output_format = GENERIC_AGENT_CONFIG_COMMON_POLICY_OUTPUT_FORMAT_NONE; } else if (strcmp("cf", optarg) == 0) { config->agent_specific.common.policy_output_format = GENERIC_AGENT_CONFIG_COMMON_POLICY_OUTPUT_FORMAT_CF; } else if (strcmp("json", optarg) == 0) { config->agent_specific.common.policy_output_format = GENERIC_AGENT_CONFIG_COMMON_POLICY_OUTPUT_FORMAT_JSON; } else if (strcmp("cf-full", optarg) == 0) { config->agent_specific.common.policy_output_format = GENERIC_AGENT_CONFIG_COMMON_POLICY_OUTPUT_FORMAT_CF_FULL; } else if (strcmp("json-full", optarg) == 0) { config->agent_specific.common.policy_output_format = GENERIC_AGENT_CONFIG_COMMON_POLICY_OUTPUT_FORMAT_JSON_FULL; } else { Log(LOG_LEVEL_ERR, "Invalid policy output format: '%s'. Possible values are 'none', 'cf', 'json', 'cf-full', 'json-full'", optarg); exit(EXIT_FAILURE); } break; case 's': if (strcmp("none", optarg) == 0) { break; } else if (strcmp("json", optarg) == 0) { JsonElement *json_syntax = SyntaxToJson(); Writer *out = FileWriter(stdout); JsonWrite(out, json_syntax, 0); FileWriterDetach(out); JsonDestroy(json_syntax); exit(EXIT_SUCCESS); } else { Log(LOG_LEVEL_ERR, "Invalid syntax description output format: '%s'. Possible values are 'none', 'json'", optarg); exit(EXIT_FAILURE); } break; case 'K': config->ignore_locks = true; break; case 'D': { StringSet *defined_classes = StringSetFromString(optarg, ','); if (! config->heap_soft) { config->heap_soft = defined_classes; } else { StringSetJoin(config->heap_soft, defined_classes); free(defined_classes); } } break; case 'N': { StringSet *negated_classes = StringSetFromString(optarg, ','); if (! config->heap_negated) { config->heap_negated = negated_classes; } else { StringSetJoin(config->heap_negated, negated_classes); free(negated_classes); } } break; case 'I': LogSetGlobalLevel(LOG_LEVEL_INFO); break; case 'v': LogSetGlobalLevel(LOG_LEVEL_VERBOSE); break; case 'n': DONTDO = true; config->ignore_locks = true; break; case 'V': { Writer *w = FileWriter(stdout); GenericAgentWriteVersion(w); FileWriterDetach(w); } exit(EXIT_SUCCESS); case 'h': { Writer *w = FileWriter(stdout); GenericAgentWriteHelp(w, "cf-promises", OPTIONS, HINTS, true); FileWriterDetach(w); } exit(EXIT_SUCCESS); case 'M': { Writer *out = FileWriter(stdout); ManPageWrite(out, "cf-promises", time(NULL), CF_PROMISES_SHORT_DESCRIPTION, CF_PROMISES_MANPAGE_LONG_DESCRIPTION, OPTIONS, HINTS, true); FileWriterDetach(out); exit(EXIT_SUCCESS); } case 'r': Log(LOG_LEVEL_ERR, "Option '-r' has been deprecated"); exit(EXIT_FAILURE); break; case 'W': if (!GenericAgentConfigParseWarningOptions(config, optarg)) { Log(LOG_LEVEL_ERR, "Error parsing warning option"); exit(EXIT_FAILURE); } break; case 'x': Log(LOG_LEVEL_ERR, "Self-diagnostic functionality is retired."); exit(EXIT_SUCCESS); case 'C': if (!GenericAgentConfigParseColor(config, optarg)) { exit(EXIT_FAILURE); } break; case 'T': GenericAgentConfigSetInputFile(config, optarg, "promises.cf"); MINUSF = true; config->tag_release_dir = xstrdup(optarg); break; case 'l': LoggingEnableTimestamps(true); break; default: { Writer *w = FileWriter(stdout); GenericAgentWriteHelp(w, "cf-promises", OPTIONS, HINTS, true); FileWriterDetach(w); } exit(EXIT_FAILURE); } } if (!GenericAgentConfigParseArguments(config, argc - optind, argv + optind)) { Log(LOG_LEVEL_ERR, "Too many arguments"); exit(EXIT_FAILURE); } return config; }
FnCallResult FnCallEvaluate(EvalContext *ctx, const Policy *policy, FnCall *fp, const Promise *caller) { assert(ctx); assert(policy); assert(fp); fp->caller = caller; if (!EvalContextGetEvalOption(ctx, EVAL_OPTION_EVAL_FUNCTIONS)) { Log(LOG_LEVEL_VERBOSE, "Skipping function '%s', because evaluation was turned off in the evaluator", fp->name); return (FnCallResult) { FNCALL_FAILURE, { FnCallCopy(fp), RVAL_TYPE_FNCALL } }; } const FnCallType *fp_type = FnCallTypeGet(fp->name); if (!fp_type) { if (caller) { Log(LOG_LEVEL_ERR, "No such FnCall '%s' in promise '%s' near line %zd", fp->name, PromiseGetBundle(caller)->source_path, caller->offset.line); } else { Log(LOG_LEVEL_ERR, "No such FnCall '%s', context info unavailable", fp->name); } return (FnCallResult) { FNCALL_FAILURE, { FnCallCopy(fp), RVAL_TYPE_FNCALL } }; } Rlist *expargs = NewExpArgs(ctx, policy, fp); Writer *fncall_writer; const char *fncall_string; if (LogGetGlobalLevel() >= LOG_LEVEL_DEBUG) { fncall_writer = StringWriter(); FnCallWrite(fncall_writer, fp); fncall_string = StringWriterData(fncall_writer); } if (RlistIsUnresolved(expargs)) { if (LogGetGlobalLevel() >= LOG_LEVEL_DEBUG) { Log(LOG_LEVEL_DEBUG, "Skipping function evaluation for now," " arguments contain unresolved variables: %s", fncall_string); WriterClose(fncall_writer); } RlistDestroy(expargs); return (FnCallResult) { FNCALL_FAILURE, { FnCallCopy(fp), RVAL_TYPE_FNCALL } }; } Rval cached_rval; if ((fp_type->options & FNCALL_OPTION_CACHED) && EvalContextFunctionCacheGet(ctx, fp, expargs, &cached_rval)) { if (LogGetGlobalLevel() >= LOG_LEVEL_DEBUG) { Log(LOG_LEVEL_DEBUG, "Using previously cached result for function: %s", fncall_string); WriterClose(fncall_writer); } Writer *w = StringWriter(); FnCallWrite(w, fp); WriterClose(w); RlistDestroy(expargs); return (FnCallResult) { FNCALL_SUCCESS, RvalCopy(cached_rval) }; } if (LogGetGlobalLevel() >= LOG_LEVEL_DEBUG) { Log(LOG_LEVEL_DEBUG, "Evaluating function: %s", fncall_string); WriterClose(fncall_writer); } FnCallResult result = CallFunction(ctx, policy, fp, expargs); if (result.status == FNCALL_FAILURE) { RlistDestroy(expargs); return (FnCallResult) { FNCALL_FAILURE, { FnCallCopy(fp), RVAL_TYPE_FNCALL } }; } else if (result.rval.type == RVAL_TYPE_LIST && !result.rval.item) { Rlist *seq = NULL; // don't pass NULL items to evaluator RlistPrepend(&seq, CF_NULL_VALUE, RVAL_TYPE_SCALAR); result.rval.item = seq; } if (fp_type->options & FNCALL_OPTION_CACHED) { Writer *w = StringWriter(); FnCallWrite(w, fp); Log(LOG_LEVEL_VERBOSE, "Caching result for function '%s'", StringWriterData(w)); WriterClose(w); EvalContextFunctionCachePut(ctx, fp, expargs, &result.rval); } RlistDestroy(expargs); return result; }
static void Apoptosis(void) { char promiser_buf[CF_SMALLBUF]; snprintf(promiser_buf, sizeof(promiser_buf), "%s%cbin%ccf-execd", GetWorkDir(), FILE_SEPARATOR, FILE_SEPARATOR); if (LoadProcessTable()) { char myuid[PRINTSIZE(unsigned)]; xsnprintf(myuid, sizeof(myuid), "%u", (unsigned) getuid()); Rlist *owners = NULL; RlistPrepend(&owners, myuid, RVAL_TYPE_SCALAR); ProcessSelect process_select = { .owner = owners, .process_result = "process_owner", }; Item *killlist = SelectProcesses(promiser_buf, process_select, true); RlistDestroy(owners); for (Item *ip = killlist; ip != NULL; ip = ip->next) { pid_t pid = ip->counter; if (pid != getpid() && kill(pid, SIGTERM) < 0) { if (errno == ESRCH) { /* That's ok, process exited voluntarily */ } else { Log(LOG_LEVEL_ERR, "Unable to kill stale cf-execd process pid=%d. (kill: %s)", (int)pid, GetErrorStr()); } } } } ClearProcessTable(); Log(LOG_LEVEL_VERBOSE, "Pruning complete"); } #endif typedef enum { RELOAD_ENVIRONMENT, RELOAD_FULL } Reload; static Reload CheckNewPromises(GenericAgentConfig *config) { Log(LOG_LEVEL_DEBUG, "Checking file updates for input file '%s'", config->input_file); time_t validated_at = ReadTimestampFromPolicyValidatedFile(config, NULL); bool reload_config = false; if (config->agent_specific.daemon.last_validated_at < validated_at) { Log(LOG_LEVEL_VERBOSE, "New promises detected..."); reload_config = true; } if (ReloadConfigRequested()) { Log(LOG_LEVEL_VERBOSE, "Force reload of inputs files..."); reload_config = true; } if (reload_config) { ClearRequestReloadConfig(); /* Rereading policies now, so update timestamp. */ config->agent_specific.daemon.last_validated_at = validated_at; if (GenericAgentArePromisesValid(config)) { return RELOAD_FULL; } else { Log(LOG_LEVEL_INFO, "New promises file contains syntax errors -- ignoring"); } } else { Log(LOG_LEVEL_DEBUG, "No new promises found"); } return RELOAD_ENVIRONMENT; }
static int AuthorizeRoles(EvalContext *ctx, ServerConnectionState *conn, char *args) { char *sp; Auth *ap; char userid1[CF_MAXVARSIZE], userid2[CF_MAXVARSIZE]; Rlist *rp, *defines = NULL; int permitted = false; snprintf(userid1, CF_MAXVARSIZE, "%s@%s", conn->username, conn->hostname); snprintf(userid2, CF_MAXVARSIZE, "%s@%s", conn->username, conn->ipaddr); Log(LOG_LEVEL_VERBOSE, "Checking authorized roles in %s", args); if (strncmp(args, "--define", strlen("--define")) == 0) { sp = args + strlen("--define"); } else { sp = args + strlen("-D"); } while (*sp == ' ') { sp++; } defines = RlistFromSplitRegex(ctx, sp, "[,:;]", 99, false); /* For each user-defined class attempt, check RBAC */ for (rp = defines; rp != NULL; rp = rp->next) { Log(LOG_LEVEL_VERBOSE, "Verifying %s", RlistScalarValue(rp)); for (ap = SV.roles; ap != NULL; ap = ap->next) { if (FullTextMatch(ctx, ap->path, RlistScalarValue(rp))) { /* We have a pattern covering this class - so are we allowed to activate it? */ if ((IsMatchItemIn(ctx, ap->accesslist, MapAddress(conn->ipaddr))) || (IsRegexItemIn(ctx, ap->accesslist, conn->hostname)) || (IsRegexItemIn(ctx, ap->accesslist, userid1)) || (IsRegexItemIn(ctx, ap->accesslist, userid2)) || (IsRegexItemIn(ctx, ap->accesslist, conn->username))) { Log(LOG_LEVEL_VERBOSE, "Attempt to define role/class %s is permitted", RlistScalarValue(rp)); permitted = true; } else { Log(LOG_LEVEL_VERBOSE, "Attempt to define role/class %s is denied", RlistScalarValue(rp)); RlistDestroy(defines); return false; } } } } if (permitted) { Log(LOG_LEVEL_VERBOSE, "Role activation allowed"); } else { Log(LOG_LEVEL_VERBOSE, "Role activation disallowed - abort execution"); } RlistDestroy(defines); return permitted; }
FnCallResult FnCallEvaluate(EvalContext *ctx, const Policy *policy, FnCall *fp, const Promise *caller) { assert(ctx); assert(policy); assert(fp); fp->caller = caller; if (!EvalContextGetEvalOption(ctx, EVAL_OPTION_EVAL_FUNCTIONS)) { Log(LOG_LEVEL_VERBOSE, "Skipping function '%s', because evaluation was turned off in the evaluator", fp->name); return (FnCallResult) { FNCALL_FAILURE, { FnCallCopy(fp), RVAL_TYPE_FNCALL } }; } else if (caller && !EvalContextPromiseIsActive(ctx, caller)) { Log(LOG_LEVEL_VERBOSE, "Skipping function '%s', because it was excluded by classes", fp->name); return (FnCallResult) { FNCALL_FAILURE, { FnCallCopy(fp), RVAL_TYPE_FNCALL } }; } const FnCallType *fp_type = FnCallTypeGet(fp->name); if (!fp_type) { if (caller) { Log(LOG_LEVEL_ERR, "No such FnCall '%s' in promise '%s' near line %llu", fp->name, PromiseGetBundle(caller)->source_path, (unsigned long long)caller->offset.line); } else { Log(LOG_LEVEL_ERR, "No such FnCall '%s', context info unavailable", fp->name); } return (FnCallResult) { FNCALL_FAILURE, { FnCallCopy(fp), RVAL_TYPE_FNCALL } }; } Rlist *expargs = NewExpArgs(ctx, policy, fp); if (RlistIsUnresolved(expargs)) { RlistDestroy(expargs); return (FnCallResult) { FNCALL_FAILURE, { FnCallCopy(fp), RVAL_TYPE_FNCALL } }; } Rval cached_rval; if ((fp_type->options & FNCALL_OPTION_CACHED) && EvalContextFunctionCacheGet(ctx, fp, expargs, &cached_rval)) { Writer *w = StringWriter(); FnCallWrite(w, fp); Log(LOG_LEVEL_DEBUG, "Using previously cached result for function '%s'", StringWriterData(w)); WriterClose(w); RlistDestroy(expargs); return (FnCallResult) { FNCALL_SUCCESS, RvalCopy(cached_rval) }; } FnCallResult result = CallFunction(ctx, policy, fp, expargs); if (result.status == FNCALL_FAILURE) { RlistDestroy(expargs); return (FnCallResult) { FNCALL_FAILURE, { FnCallCopy(fp), RVAL_TYPE_FNCALL } }; } if (fp_type->options & FNCALL_OPTION_CACHED) { Writer *w = StringWriter(); FnCallWrite(w, fp); Log(LOG_LEVEL_VERBOSE, "Caching result for function '%s'", StringWriterData(w)); WriterClose(w); EvalContextFunctionCachePut(ctx, fp, expargs, &result.rval); } RlistDestroy(expargs); return result; }
static int HailServer(char *host, Attributes a, Promise *pp) { AgentConnection *conn; char sendbuffer[CF_BUFSIZE], recvbuffer[CF_BUFSIZE], peer[CF_MAXVARSIZE], ipv4[CF_MAXVARSIZE], digest[CF_MAXVARSIZE], user[CF_SMALLBUF]; bool gotkey; char reply[8]; a.copy.portnumber = (short) ParseHostname(host, peer); snprintf(ipv4, CF_MAXVARSIZE, "%s", Hostname2IPString(peer)); Address2Hostkey(ipv4, digest); GetCurrentUserName(user, CF_SMALLBUF); if (INTERACTIVE) { CfOut(OUTPUT_LEVEL_VERBOSE, "", " -> Using interactive key trust...\n"); gotkey = HavePublicKey(user, peer, digest) != NULL; if (!gotkey) { gotkey = HavePublicKey(user, ipv4, digest) != NULL; } if (!gotkey) { printf("WARNING - You do not have a public key from host %s = %s\n", host, ipv4); printf(" Do you want to accept one on trust? (yes/no)\n\n--> "); while (true) { if (fgets(reply, 8, stdin) == NULL) { FatalError("EOF trying to read answer from terminal"); } if (Chop(reply, CF_EXPANDSIZE) == -1) { CfOut(OUTPUT_LEVEL_ERROR, "", "Chop was called on a string that seemed to have no terminator"); } if (strcmp(reply, "yes") == 0) { printf(" -> Will trust the key...\n"); a.copy.trustkey = true; break; } else if (strcmp(reply, "no") == 0) { printf(" -> Will not trust the key...\n"); a.copy.trustkey = false; break; } else { printf(" !! Please reply yes or no...(%s)\n", reply); } } } } /* Continue */ #ifdef __MINGW32__ CfOut(OUTPUT_LEVEL_INFORM, "", "...........................................................................\n"); CfOut(OUTPUT_LEVEL_INFORM, "", " * Hailing %s : %u, with options \"%s\" (serial)\n", peer, a.copy.portnumber, REMOTE_AGENT_OPTIONS); CfOut(OUTPUT_LEVEL_INFORM, "", "...........................................................................\n"); #else /* !__MINGW32__ */ if (BACKGROUND) { CfOut(OUTPUT_LEVEL_INFORM, "", "Hailing %s : %u, with options \"%s\" (parallel)\n", peer, a.copy.portnumber, REMOTE_AGENT_OPTIONS); } else { CfOut(OUTPUT_LEVEL_INFORM, "", "...........................................................................\n"); CfOut(OUTPUT_LEVEL_INFORM, "", " * Hailing %s : %u, with options \"%s\" (serial)\n", peer, a.copy.portnumber, REMOTE_AGENT_OPTIONS); CfOut(OUTPUT_LEVEL_INFORM, "", "...........................................................................\n"); } #endif /* !__MINGW32__ */ a.copy.servers = RlistFromSplitString(peer, '*'); if (a.copy.servers == NULL || strcmp(a.copy.servers->item, "localhost") == 0) { cfPS(OUTPUT_LEVEL_INFORM, CF_NOP, "", pp, a, "No hosts are registered to connect to"); return false; } else { conn = NewServerConnection(a, pp); if (conn == NULL) { RlistDestroy(a.copy.servers); CfOut(OUTPUT_LEVEL_VERBOSE, "", " -> No suitable server responded to hail\n"); return false; } } /* Check trust interaction*/ pp->cache = NULL; if (strlen(MENU) > 0) { #if defined(HAVE_NOVA) if (!ExecuteRunagent(conn, MENU)) { DisconnectServer(conn); RlistDestroy(a.copy.servers); return false; } #endif } else { HailExec(conn, peer, recvbuffer, sendbuffer); } RlistDestroy(a.copy.servers); return true; }
static int HailServer(EvalContext *ctx, char *host) { AgentConnection *conn; char sendbuffer[CF_BUFSIZE], recvbuffer[CF_BUFSIZE], peer[CF_MAXVARSIZE], digest[CF_MAXVARSIZE], user[CF_SMALLBUF]; bool gotkey; char reply[8]; FileCopy fc = { .portnumber = (unsigned short) ParseHostname(host, peer), }; char ipaddr[CF_MAX_IP_LEN]; if (Hostname2IPString(ipaddr, peer, sizeof(ipaddr)) == -1) { Log(LOG_LEVEL_ERR, "HailServer: ERROR, could not resolve '%s'", peer); return false; } Address2Hostkey(ipaddr, digest); GetCurrentUserName(user, CF_SMALLBUF); if (INTERACTIVE) { Log(LOG_LEVEL_VERBOSE, "Using interactive key trust..."); gotkey = HavePublicKey(user, peer, digest) != NULL; if (!gotkey) { gotkey = HavePublicKey(user, ipaddr, digest) != NULL; } if (!gotkey) { printf("WARNING - You do not have a public key from host %s = %s\n", host, ipaddr); printf(" Do you want to accept one on trust? (yes/no)\n\n--> "); while (true) { if (fgets(reply, sizeof(reply), stdin) == NULL) { FatalError(ctx, "EOF trying to read answer from terminal"); } if (Chop(reply, CF_EXPANDSIZE) == -1) { Log(LOG_LEVEL_ERR, "Chop was called on a string that seemed to have no terminator"); } if (strcmp(reply, "yes") == 0) { printf("Will trust the key...\n"); fc.trustkey = true; break; } else if (strcmp(reply, "no") == 0) { printf("Will not trust the key...\n"); fc.trustkey = false; break; } else { printf("Please reply yes or no...(%s)\n", reply); } } } } /* Continue */ #ifdef __MINGW32__ if (LEGACY_OUTPUT) { Log(LOG_LEVEL_INFO, "..........................................................................."); Log(LOG_LEVEL_INFO, " * Hailing %s : %u, with options \"%s\" (serial)", peer, fc.portnumber, REMOTE_AGENT_OPTIONS); Log(LOG_LEVEL_INFO, "..........................................................................."); } else { Log(LOG_LEVEL_INFO, "Hailing '%s' : %u, with options '%s' (serial)", peer, fc.portnumber, REMOTE_AGENT_OPTIONS); } #else /* !__MINGW32__ */ if (BACKGROUND) { Log(LOG_LEVEL_INFO, "Hailing '%s' : %u, with options '%s' (parallel)", peer, fc.portnumber, REMOTE_AGENT_OPTIONS); } else { if (LEGACY_OUTPUT) { Log(LOG_LEVEL_INFO, "..........................................................................."); Log(LOG_LEVEL_INFO, " * Hailing %s : %u, with options \"%s\" (serial)", peer, fc.portnumber, REMOTE_AGENT_OPTIONS); Log(LOG_LEVEL_INFO, "..........................................................................."); } else { Log(LOG_LEVEL_INFO, "Hailing '%s' : %u, with options '%s' (serial)", peer, fc.portnumber, REMOTE_AGENT_OPTIONS); } } #endif /* !__MINGW32__ */ fc.servers = RlistFromSplitString(peer, '*'); if (fc.servers == NULL || strcmp(RlistScalarValue(fc.servers), "localhost") == 0) { Log(LOG_LEVEL_INFO, "No hosts are registered to connect to"); return false; } else { int err = 0; conn = NewServerConnection(fc, false, &err, -1); if (conn == NULL) { RlistDestroy(fc.servers); Log(LOG_LEVEL_VERBOSE, "No suitable server responded to hail"); return false; } } /* Check trust interaction*/ HailExec(conn, peer, recvbuffer, sendbuffer); RlistDestroy(fc.servers); return true; } /********************************************************************/ /* Level 2 */ /********************************************************************/ static void KeepControlPromises(EvalContext *ctx, const Policy *policy) { Seq *constraints = ControlBodyConstraints(policy, AGENT_TYPE_RUNAGENT); if (constraints) { for (size_t i = 0; i < SeqLength(constraints); i++) { Constraint *cp = SeqAt(constraints, i); if (!IsDefinedClass(ctx, cp->classes)) { continue; } VarRef *ref = VarRefParseFromScope(cp->lval, "control_runagent"); const void *value = EvalContextVariableGet(ctx, ref, NULL); VarRefDestroy(ref); if (!value) { Log(LOG_LEVEL_ERR, "Unknown lval '%s' in runagent control body", cp->lval); continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_FORCE_IPV4].lval) == 0) { continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_TRUSTKEY].lval) == 0) { continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_ENCRYPT].lval) == 0) { continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_PORT_NUMBER].lval) == 0) { continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_BACKGROUND].lval) == 0) { /* * Only process this option if are is no -b or -i options specified on * command line. */ if (BACKGROUND || INTERACTIVE) { Log(LOG_LEVEL_WARNING, "'background_children' setting from 'body runagent control' is overridden by command-line option."); } else { BACKGROUND = BooleanFromString(value); } continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_MAX_CHILD].lval) == 0) { MAXCHILD = (short) IntFromString(value); continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_OUTPUT_TO_FILE].lval) == 0) { OUTPUT_TO_FILE = BooleanFromString(value); continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_OUTPUT_DIRECTORY].lval) == 0) { if (IsAbsPath(value)) { strncpy(OUTPUT_DIRECTORY, value, CF_BUFSIZE - 1); Log(LOG_LEVEL_VERBOSE, "Setting output direcory to '%s'", OUTPUT_DIRECTORY); } continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_TIMEOUT].lval) == 0) { continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_HOSTS].lval) == 0) { if (HOSTLIST == NULL) // Don't override if command line setting { HOSTLIST = value; } continue; } } } const char *expire_after = EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_LASTSEEN_EXPIRE_AFTER); if (expire_after) { LASTSEENEXPIREAFTER = IntFromString(expire_after) * 60; } }
GenericAgentConfig *CheckOpts(EvalContext *ctx, int argc, char **argv) { extern char *optarg; int optindex = 0; int c; GenericAgentConfig *config = GenericAgentConfigNewDefault(AGENT_TYPE_COMMON); while ((c = getopt_long(argc, argv, "dvnIf:D:N:VSrxMb:i:p:cg:h", OPTIONS, &optindex)) != EOF) { switch ((char) c) { case 'c': config->check_runnable = true; break; case 'f': if (optarg && (strlen(optarg) < 5)) { CfOut(OUTPUT_LEVEL_ERROR, "", " -f used but argument \"%s\" incorrect", optarg); exit(EXIT_FAILURE); } GenericAgentConfigSetInputFile(config, optarg); MINUSF = true; break; case 'd': config->debug_mode = true; break; case 'b': if (optarg) { Rlist *bundlesequence = RlistFromSplitString(optarg, ','); GenericAgentConfigSetBundleSequence(config, bundlesequence); RlistDestroy(bundlesequence); CBUNDLESEQUENCE_STR = optarg; // TODO: wtf is this } break; case 'p': if (strcmp("none", optarg) == 0) { config->agent_specific.common.policy_output_format = GENERIC_AGENT_CONFIG_COMMON_POLICY_OUTPUT_FORMAT_NONE; } else if (strcmp("cf", optarg) == 0) { config->agent_specific.common.policy_output_format = GENERIC_AGENT_CONFIG_COMMON_POLICY_OUTPUT_FORMAT_CF; } else if (strcmp("json", optarg) == 0) { config->agent_specific.common.policy_output_format = GENERIC_AGENT_CONFIG_COMMON_POLICY_OUTPUT_FORMAT_JSON; } else { CfOut(OUTPUT_LEVEL_ERROR, "", "Invalid policy output format: '%s'. Possible values are 'none', 'cf', 'json'", optarg); exit(EXIT_FAILURE); } break; case 'K': IGNORELOCK = true; break; case 'D': config->heap_soft = StringSetFromString(optarg, ','); break; case 'N': config->heap_negated = StringSetFromString(optarg, ','); break; case 'I': INFORM = true; break; case 'v': VERBOSE = true; break; case 'n': DONTDO = true; IGNORELOCK = true; LOOKUP = true; EvalContextHeapAddHard(ctx, "opt_dry_run"); break; case 'V': PrintVersionBanner("cf-promises"); exit(0); case 'h': Syntax("cf-promises - cfengine's promise analyzer", OPTIONS, HINTS, ID); exit(0); case 'M': ManPage("cf-promises - cfengine's promise analyzer", OPTIONS, HINTS, ID); exit(0); case 'r': SHOWREPORTS = true; break; case 'x': CfOut(OUTPUT_LEVEL_ERROR, "", "Self-diagnostic functionality is retired."); exit(0); default: Syntax("cf-promises - cfengine's promise analyzer", OPTIONS, HINTS, ID); exit(1); } } if (argv[optind] != NULL) { CfOut(OUTPUT_LEVEL_ERROR, "", "Unexpected argument: %s\n", argv[optind]); } CfDebug("Set debugging\n"); return config; }
static Policy *LoadPolicyFile(EvalContext *ctx, GenericAgentConfig *config, const char *policy_file, StringSet *parsed_files_and_checksums, StringSet *failed_files) { unsigned char digest[EVP_MAX_MD_SIZE + 1] = { 0 }; char hashbuffer[CF_HOSTKEY_STRING_SIZE] = { 0 }; char hashprintbuffer[CF_BUFSIZE] = { 0 }; HashFile(policy_file, digest, CF_DEFAULT_DIGEST); snprintf(hashprintbuffer, CF_BUFSIZE - 1, "{checksum}%s", HashPrintSafe(hashbuffer, sizeof(hashbuffer), digest, CF_DEFAULT_DIGEST, true)); Log(LOG_LEVEL_DEBUG, "Hashed policy file %s to %s", policy_file, hashprintbuffer); if (StringSetContains(parsed_files_and_checksums, policy_file)) { Log(LOG_LEVEL_VERBOSE, "Skipping loading of duplicate policy file %s", policy_file); return NULL; } else if (StringSetContains(parsed_files_and_checksums, hashprintbuffer)) { Log(LOG_LEVEL_VERBOSE, "Skipping loading of duplicate (detected by hash) policy file %s", policy_file); return NULL; } else { Log(LOG_LEVEL_DEBUG, "Loading policy file %s", policy_file); } Policy *policy = Cf3ParseFile(config, policy_file); // we keep the checksum and the policy file name to help debugging StringSetAdd(parsed_files_and_checksums, xstrdup(policy_file)); StringSetAdd(parsed_files_and_checksums, xstrdup(hashprintbuffer)); if (policy) { Seq *errors = SeqNew(10, free); if (!PolicyCheckPartial(policy, errors)) { Writer *writer = FileWriter(stderr); for (size_t i = 0; i < errors->length; i++) { PolicyErrorWrite(writer, errors->data[i]); } WriterClose(writer); SeqDestroy(errors); StringSetAdd(failed_files, xstrdup(policy_file)); PolicyDestroy(policy); return NULL; } SeqDestroy(errors); } else { StringSetAdd(failed_files, xstrdup(policy_file)); return NULL; } PolicyResolve(ctx, policy, config); DataType def_inputs_type = CF_DATA_TYPE_NONE; VarRef *inputs_ref = VarRefParse("def.augment_inputs"); const void *def_inputs = EvalContextVariableGet(ctx, inputs_ref, &def_inputs_type); VarRefDestroy(inputs_ref); if (RVAL_TYPE_CONTAINER == DataTypeToRvalType(def_inputs_type) && NULL != def_inputs) { const JsonElement *el; JsonIterator iter = JsonIteratorInit((JsonElement*) def_inputs); while ((el = JsonIteratorNextValueByType(&iter, JSON_ELEMENT_TYPE_PRIMITIVE, true))) { char *input = JsonPrimitiveToString(el); Log(LOG_LEVEL_VERBOSE, "Loading augments from def.augment_inputs: %s", input); Rlist* inputs_rlist = NULL; RlistAppendScalar(&inputs_rlist, input); Policy *aux_policy = LoadPolicyInputFiles(ctx, config, inputs_rlist, parsed_files_and_checksums, failed_files); if (aux_policy) { policy = PolicyMerge(policy, aux_policy); } RlistDestroy(inputs_rlist); free(input); } } Body *body_common_control = PolicyGetBody(policy, NULL, "common", "control"); Body *body_file_control = PolicyGetBody(policy, NULL, "file", "control"); if (body_common_control) { Seq *potential_inputs = BodyGetConstraint(body_common_control, "inputs"); Constraint *cp = EffectiveConstraint(ctx, potential_inputs); SeqDestroy(potential_inputs); if (cp) { Policy *aux_policy = LoadPolicyInputFiles(ctx, config, RvalRlistValue(cp->rval), parsed_files_and_checksums, failed_files); if (aux_policy) { policy = PolicyMerge(policy, aux_policy); } } } if (body_file_control) { Seq *potential_inputs = BodyGetConstraint(body_file_control, "inputs"); Constraint *cp = EffectiveConstraint(ctx, potential_inputs); SeqDestroy(potential_inputs); if (cp) { Policy *aux_policy = LoadPolicyInputFiles(ctx, config, RvalRlistValue(cp->rval), parsed_files_and_checksums, failed_files); if (aux_policy) { policy = PolicyMerge(policy, aux_policy); } } } return policy; }
static int NewSQLColumns(char *table, Rlist *columns, char ***name_table, char ***type_table, int **size_table, int **done) { int i, no_of_cols = RlistLen(columns); Rlist *cols, *rp; *name_table = (char **) xmalloc(sizeof(char *) * (no_of_cols + 1)); *type_table = (char **) xmalloc(sizeof(char *) * (no_of_cols + 1)); *size_table = (int *) xmalloc(sizeof(int) * (no_of_cols + 1)); *done = (int *) xmalloc(sizeof(int) * (no_of_cols + 1)); for (i = 0, rp = columns; rp != NULL; rp = rp->next, i++) { (*done)[i] = 0; cols = RlistFromSplitString((char *) rp->item, ','); if (!cols) { CfOut(OUTPUT_LEVEL_ERROR, "", "No columns promised for table \"%s\" - makes no sense", table); return false; } if (cols->item == NULL) { CfOut(OUTPUT_LEVEL_ERROR, "", "Malformed column promise for table \"%s\" - found not even a name", table); free(*name_table); free(*type_table); free(*size_table); free(*done); return false; } (*name_table)[i] = xstrdup((char *) cols->item); if (cols->next == NULL) { CfOut(OUTPUT_LEVEL_ERROR, "", "Malformed column \"%s\" promised for table \"%s\" - missing a type", (*name_table)[i], table); free(*name_table); free(*type_table); free(*size_table); free(*done); return false; } (*type_table)[i] = xstrdup(cols->next->item); if (cols->next->next == NULL) { (*size_table)[i] = 0; } else { if (cols->next->next->item) { (*size_table)[i] = IntFromString(cols->next->next->item); } else { (*size_table)[i] = 0; } } RlistDestroy(cols); } return true; }
static void ParserStateReset(ParserState *p, bool discard) { p->agent_type = AGENT_TYPE_COMMON; p->warnings = PARSER_WARNING_ALL; p->policy = NULL; int i = CF_MAX_NESTING; while (i-- > 0) /* Clear stacks from top down */ { if (discard) { free(p->currentfnid[i]); RlistDestroy(p->giveargs[i]); FnCallDestroy(p->currentfncall[i]); } else { assert(!p->currentfnid[i]); assert(!p->giveargs[i]); assert(!p->currentfncall[i]); } p->currentfnid[i] = NULL; p->giveargs[i] = NULL; p->currentfncall[i] = NULL; } free(p->current_line); p->current_line = NULL; p->line_no = 1; p->line_pos = 1; p->error_count = 0; p->warning_count = 0; p->list_nesting = 0; p->arg_nesting = 0; free(p->current_namespace); p->current_namespace = xstrdup("default"); p->currentid[0] = '\0'; if (p->currentstring) { free(p->currentstring); } p->currentstring = NULL; p->currenttype[0] = '\0'; if (p->currentclasses) { free(p->currentclasses); } p->currentclasses = NULL; p->currentRlist = NULL; p->currentpromise = NULL; p->currentbody = NULL; if (p->promiser) { free(p->promiser); } p->promiser = NULL; p->blockid[0] = '\0'; p->blocktype[0] = '\0'; p->rval = RvalNew(NULL, RVAL_TYPE_NOPROMISEE); }
static void TexinfoVariables(const char *source_dir, FILE *fout, char *scope) { char filename[CF_BUFSIZE], varname[CF_BUFSIZE]; Rlist *rp, *list = NULL; int i; char *extra_mon[] = { "listening_udp4_ports", "listening_tcp4_ports", "listening_udp6_ports", "listening_tcp6_ports", NULL }; HashToList(GetScope(scope), &list); list = AlphaSortRListNames(list); fprintf(fout, "\n\n@node Variable context %s\n@section Variable context @code{%s}\n\n", scope, scope); snprintf(filename, CF_BUFSIZE - 1, "varcontexts/%s_intro.texinfo", scope); IncludeManualFile(source_dir, fout, filename); fprintf(fout, "@menu\n"); if (strcmp(scope, "mon") != 0) { for (rp = list; rp != NULL; rp = rp->next) { fprintf(fout, "* Variable %s.%s::\n", scope, (char *) rp->item); } } else { for (i = 0; extra_mon[i] != NULL; i++) { fprintf(fout, "* Variable %s.%s::\n", "mon", extra_mon[i]); } for (i = 0; i < CF_OBSERVABLES; ++i) { if (strcmp(OBS[i][0], "spare") == 0) { break; } fprintf(fout, "* Variable mon.value_%s::\n", OBS[i][0]); fprintf(fout, "* Variable mon.av_%s::\n", OBS[i][0]); fprintf(fout, "* Variable mon.dev_%s::\n", OBS[i][0]); } } fprintf(fout, "@end menu\n"); if (strcmp(scope, "mon") != 0) { for (rp = list; rp != NULL; rp = rp->next) { fprintf(fout, "@node Variable %s.%s\n@subsection Variable %s.%s \n\n", scope, (char *) rp->item, scope, (char *) rp->item); snprintf(filename, CF_BUFSIZE - 1, "vars/%s_%s.texinfo", scope, (char *) rp->item); IncludeManualFile(source_dir, fout, filename); } } else { for (i = 0; extra_mon[i] != NULL; i++) { fprintf(fout, "\n@node Variable %s.%s\n@subsection Variable %s.%s \n\n", "mon", extra_mon[i], "mon", extra_mon[i]); fprintf(fout, "List variable containing an observational measure collected every 2.5 minutes from cf-monitord, description: port numbers that were observed to be set up to receive connections on the host concerned"); } for (i = 0; i < CF_OBSERVABLES; i++) { if (strcmp(OBS[i][0], "spare") == 0) { break; } snprintf(varname, CF_MAXVARSIZE, "value_%s", OBS[i][0]); fprintf(fout, "\n@node Variable %s.%s\n@subsection Variable %s.%s \n\n", scope, varname, scope, varname); fprintf(fout, "Observational measure collected every 2.5 minutes from cf-monitord, description: @var{%s}.", OBS[i][1]); snprintf(varname, CF_MAXVARSIZE, "av_%s", OBS[i][0]); fprintf(fout, "\n@node Variable %s.%s\n@subsection Variable %s.%s \n\n", scope, varname, scope, varname); fprintf(fout, "Observational measure collected every 2.5 minutes from cf-monitord, description: @var{%s}.", OBS[i][1]); snprintf(varname, CF_MAXVARSIZE, "dev_%s", OBS[i][0]); fprintf(fout, "\n@node Variable %s.%s\n@subsection Variable %s.%s \n\n", scope, varname, scope, varname); fprintf(fout, "Observational measure collected every 2.5 minutes from cf-monitord, description: @var{%s}.", OBS[i][1]); } } RlistDestroy(list); }
static void test_map_iterators_from_rval_naked_list_var_namespace(void **state) { EvalContext *ctx = *state; Policy *p = PolicyNew(); Bundle *bp = PolicyAppendBundle(p, "ns", "scope", "agent", NULL, NULL); { Rlist *list = NULL; RlistAppend(&list, "jersey", RVAL_TYPE_SCALAR); VarRef *lval = VarRefParse("ns:scope.jwow"); EvalContextVariablePut(ctx, lval, list, CF_DATA_TYPE_STRING_LIST, NULL); VarRefDestroy(lval); RlistDestroy(list); } EvalContextStackPushBundleFrame(ctx, bp, NULL, false); { Rlist *lists = NULL; Rlist *scalars = NULL; Rlist *containers = NULL; MapIteratorsFromRval(ctx, bp, (Rval) { "${jwow}", RVAL_TYPE_SCALAR }, &scalars, &lists, &containers); assert_int_equal(1, RlistLen(lists)); assert_string_equal("jwow", RlistScalarValue(lists)); assert_int_equal(0, RlistLen(scalars)); assert_int_equal(0, RlistLen(containers)); RlistDestroy(lists); } { Rlist *lists = NULL; Rlist *scalars = NULL; Rlist *containers = NULL; char *str = xstrdup("${scope.jwow}"); MapIteratorsFromRval(ctx, bp, (Rval) { str, RVAL_TYPE_SCALAR }, &scalars, &lists, &containers); assert_string_equal("${scope#jwow}", str); free(str); assert_int_equal(1, RlistLen(lists)); assert_string_equal("scope#jwow", RlistScalarValue(lists)); assert_int_equal(0, RlistLen(scalars)); assert_int_equal(0, RlistLen(containers)); RlistDestroy(lists); } { Rlist *lists = NULL; Rlist *scalars = NULL; Rlist *containers = NULL; char *str = xstrdup("${ns:scope.jwow}"); MapIteratorsFromRval(ctx, bp, (Rval) { str, RVAL_TYPE_SCALAR }, &scalars, &lists, &containers); assert_string_equal("${ns*scope#jwow}", str); free(str); assert_int_equal(1, RlistLen(lists)); assert_string_equal("ns*scope#jwow", RlistScalarValue(lists)); assert_int_equal(0, RlistLen(scalars)); assert_int_equal(0, RlistLen(containers)); RlistDestroy(lists); } EvalContextStackPopFrame(ctx); PolicyDestroy(p); }
void RlistDestroy_untyped(void *rl) { RlistDestroy(rl); }
/** @brief parse elements in a list passed through use_module @param[in] str: is the string to parse @param[out] newlist: rlist of elements found @retval 0: successful >0: failed */ static int LaunchParsingMachine(const char *str, Rlist **newlist) { const char *s = str; state current_state = ST_OPENED; int ret; char snatched[CF_MAXVARSIZE]; snatched[0]='\0'; char *sn = NULL; while (current_state != ST_CLOSED && *s) { switch(current_state) { case ST_ERROR: Log(LOG_LEVEL_ERR, "Parsing error : Malformed string"); ret = 1; goto clean; case ST_OPENED: if (CLASS_BLANK(*s)) { current_state = ST_OPENED; } else if (CLASS_BRA1(*s)) { current_state = ST_IO; } else if (CLASS_ANY0(*s)) { current_state = ST_ERROR; } s++; break; case ST_IO: if (CLASS_BLANK(*s)) { current_state = ST_IO; } else if (CLASS_START1(*s)) { sn=snatched; current_state = ST_ELM1; } else if (CLASS_START2(*s)) { sn=snatched; current_state = ST_ELM2; } else if (CLASS_ANY1(*s)) { current_state = ST_ERROR; } s++; break; case ST_ELM1: if (CLASS_END1(*s)) { if (sn==NULL) { sn=snatched; } *sn='\0'; RlistAppendScalar(newlist, snatched); sn=NULL; current_state = ST_END1; } else if (CLASS_ANY2(*s)) { if (sn==NULL) { sn=snatched; } *sn=*s; sn++; current_state = ST_ELM1; } s++; break; case ST_ELM2: if (CLASS_END2(*s)) { if (sn==NULL) { sn=snatched; } *sn='\0'; RlistAppendScalar(newlist, snatched); sn=NULL; current_state = ST_END2; } else if (CLASS_ANY3(*s)) { if (sn==NULL) { sn=snatched; } *sn=*s; sn++; current_state = ST_ELM2; } s++; break; case ST_END1: if (CLASS_SEP(*s)) { current_state = ST_SEP; } else if (CLASS_BRA2(*s)) { current_state = ST_PRECLOSED; } else if (CLASS_BLANK(*s)) { current_state = ST_END1; } else if (CLASS_ANY4(*s)) { current_state = ST_ERROR; } s++; break; case ST_END2: if (CLASS_SEP(*s)) { current_state = ST_SEP; } else if (CLASS_BRA2(*s)) { current_state = ST_PRECLOSED; } else if (CLASS_BLANK(*s)) { current_state = ST_END2; } else if (CLASS_ANY5(*s)) { current_state = ST_ERROR; } s++; break; case ST_SEP: if (CLASS_BLANK(*s)) { current_state = ST_SEP; } else if (CLASS_START1(*s)) { current_state = ST_ELM1; } else if (CLASS_START2(*s)) { current_state = ST_ELM2; } else if (CLASS_ANY6(*s)) { current_state = ST_ERROR; } s++; break; case ST_PRECLOSED: if (CLASS_BLANK(*s)) { current_state = ST_PRECLOSED; } else if (CLASS_EOL(*s)) { current_state = ST_CLOSED; } else if (CLASS_ANY7(*s)) { current_state = ST_ERROR; } s++; break; default: Log(LOG_LEVEL_ERR, "Parsing logic error: unknown state"); ret = 2; goto clean; break; } } if (current_state != ST_CLOSED && current_state != ST_PRECLOSED ) { Log(LOG_LEVEL_ERR, "Parsing error : Malformed string (unexpected end of input)"); ret = 3; goto clean; } return 0; clean: if (newlist) { RlistDestroy(*newlist); } return ret; }
/** @brief parse elements in a list passed through use_module @param[in] str: is the string to parse @param[out] newlist: rlist of elements found @retval 0: successful > 0: failed */ static int LaunchParsingMachine(const char *str, Rlist **newlist) { const char *s = str; state current_state = ST_OPENED; int ret; Buffer *buf = BufferNewWithCapacity(CF_MAXVARSIZE); assert(newlist); while (current_state != ST_CLOSED && *s) { switch(current_state) { case ST_ERROR: Log(LOG_LEVEL_ERR, "Parsing error : Malformed string"); ret = 1; goto clean; case ST_OPENED: if (CLASS_BLANK(*s)) { current_state = ST_OPENED; } else if (CLASS_BRA1(*s)) { current_state = ST_IO; } else if (CLASS_ANY0(*s)) { current_state = ST_ERROR; } s++; break; case ST_IO: if (CLASS_BLANK(*s)) { current_state = ST_IO; } else if (CLASS_START1(*s)) { BufferClear(buf); current_state = ST_ELM1; } else if (CLASS_START2(*s)) { BufferClear(buf); current_state = ST_ELM2; } else if (CLASS_ANY1(*s)) { current_state = ST_ERROR; } s++; break; case ST_ELM1: if (CLASS_END1(*s)) { RlistAppendScalar(newlist, BufferData(buf)); BufferClear(buf); current_state = ST_END1; } else if (CLASS_ANY2(*s)) { BufferAppendChar(buf, *s); current_state = ST_ELM1; } s++; break; case ST_ELM2: if (CLASS_END2(*s)) { RlistAppendScalar(newlist, BufferData(buf)); BufferClear(buf); current_state = ST_END2; } else if (CLASS_ANY3(*s)) { BufferAppendChar(buf, *s); current_state = ST_ELM2; } s++; break; case ST_END1: if (CLASS_SEP(*s)) { current_state = ST_SEP; } else if (CLASS_BRA2(*s)) { current_state = ST_PRECLOSED; } else if (CLASS_BLANK(*s)) { current_state = ST_END1; } else if (CLASS_ANY4(*s)) { current_state = ST_ERROR; } s++; break; case ST_END2: if (CLASS_SEP(*s)) { current_state = ST_SEP; } else if (CLASS_BRA2(*s)) { current_state = ST_PRECLOSED; } else if (CLASS_BLANK(*s)) { current_state = ST_END2; } else if (CLASS_ANY5(*s)) { current_state = ST_ERROR; } s++; break; case ST_SEP: if (CLASS_BLANK(*s)) { current_state = ST_SEP; } else if (CLASS_START1(*s)) { current_state = ST_ELM1; } else if (CLASS_START2(*s)) { current_state = ST_ELM2; } else if (CLASS_ANY6(*s)) { current_state = ST_ERROR; } s++; break; case ST_PRECLOSED: if (CLASS_BLANK(*s)) { current_state = ST_PRECLOSED; } else if (CLASS_EOL(*s)) { current_state = ST_CLOSED; } else if (CLASS_ANY7(*s)) { current_state = ST_ERROR; } s++; break; default: Log(LOG_LEVEL_ERR, "Parsing logic error: unknown state"); ret = 2; goto clean; break; } } if (current_state != ST_CLOSED && current_state != ST_PRECLOSED ) { Log(LOG_LEVEL_ERR, "Parsing error : Malformed string (unexpected end of input)"); ret = 3; goto clean; } BufferDestroy(buf); return 0; clean: BufferDestroy(buf); RlistDestroy(*newlist); assert(ret != 0); return ret; }
void GetInterfacesInfo(AgentType ag) { int fd, len, i, j, first_address = false, ipdefault = false; struct ifreq ifbuf[CF_IFREQ], ifr, *ifp; struct ifconf list; struct sockaddr_in *sin; struct hostent *hp; char *sp, workbuf[CF_BUFSIZE]; char ip[CF_MAXVARSIZE]; char name[CF_MAXVARSIZE]; char last_name[CF_BUFSIZE]; Rlist *interfaces = NULL, *hardware = NULL, *ips = NULL; CfDebug("GetInterfacesInfo()\n"); // Long-running processes may call this many times DeleteItemList(IPADDRESSES); IPADDRESSES = NULL; memset(ifbuf, 0, sizeof(ifbuf)); InitIgnoreInterfaces(); last_name[0] = '\0'; if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) == -1) { CfOut(OUTPUT_LEVEL_ERROR, "socket", "Couldn't open socket"); exit(1); } list.ifc_len = sizeof(ifbuf); list.ifc_req = ifbuf; # ifdef SIOCGIFCONF if (ioctl(fd, SIOCGIFCONF, &list) == -1 || (list.ifc_len < (sizeof(struct ifreq)))) # else if ((ioctl(fd, OSIOCGIFCONF, &list) == -1) || (list.ifc_len < (sizeof(struct ifreq)))) # endif { CfOut(OUTPUT_LEVEL_ERROR, "ioctl", "Couldn't get interfaces - old kernel? Try setting CF_IFREQ to 1024"); exit(1); } last_name[0] = '\0'; for (j = 0, len = 0, ifp = list.ifc_req; len < list.ifc_len; len += SIZEOF_IFREQ(*ifp), j++, ifp = (struct ifreq *) ((char *) ifp + SIZEOF_IFREQ(*ifp))) { if (ifp->ifr_addr.sa_family == 0) { continue; } if ((ifp->ifr_name == NULL) || (strlen(ifp->ifr_name) == 0)) { continue; } /* Skip virtual network interfaces for Linux, which seems to be a problem */ if (IgnoreInterface(ifp->ifr_name)) { continue; } if (strstr(ifp->ifr_name, ":")) { #ifdef __linux__ CfOut(OUTPUT_LEVEL_VERBOSE, "", "Skipping apparent virtual interface %d: %s\n", j + 1, ifp->ifr_name); continue; #endif } else { CfOut(OUTPUT_LEVEL_VERBOSE, "", "Interface %d: %s\n", j + 1, ifp->ifr_name); } // Ignore the loopback if (strcmp(ifp->ifr_name, "lo") == 0) { continue; } if (strncmp(last_name, ifp->ifr_name, sizeof(ifp->ifr_name)) == 0) { first_address = false; } else { strncpy(last_name, ifp->ifr_name, sizeof(ifp->ifr_name)); if (!first_address) { NewScalar("sys", "interface", last_name, DATA_TYPE_STRING); first_address = true; } } snprintf(workbuf, CF_BUFSIZE, "net_iface_%s", CanonifyName(ifp->ifr_name)); HardClass(workbuf); if (ifp->ifr_addr.sa_family == AF_INET) { strncpy(ifr.ifr_name, ifp->ifr_name, sizeof(ifp->ifr_name)); if (ioctl(fd, SIOCGIFFLAGS, &ifr) == -1) { CfOut(OUTPUT_LEVEL_ERROR, "ioctl", "No such network device"); continue; } if ((ifr.ifr_flags & IFF_UP) && (!(ifr.ifr_flags & IFF_LOOPBACK))) { sin = (struct sockaddr_in *) &ifp->ifr_addr; if (IgnoreJailInterface(j + 1, sin)) { CfOut(OUTPUT_LEVEL_VERBOSE, "", "Ignoring interface %d", j + 1); continue; } CfDebug("Adding hostip %s..\n", inet_ntoa(sin->sin_addr)); HardClass(inet_ntoa(sin->sin_addr)); if ((hp = gethostbyaddr((char *) &(sin->sin_addr.s_addr), sizeof(sin->sin_addr.s_addr), AF_INET)) == NULL) { CfDebug("No hostinformation for %s found\n", inet_ntoa(sin->sin_addr)); } else { if (hp->h_name != NULL) { CfDebug("Adding hostname %s..\n", hp->h_name); HardClass(hp->h_name); if (hp->h_aliases != NULL) { for (i = 0; hp->h_aliases[i] != NULL; i++) { CfOut(OUTPUT_LEVEL_VERBOSE, "", "Adding alias %s..\n", hp->h_aliases[i]); HardClass(hp->h_aliases[i]); } } } } if (strcmp(inet_ntoa(sin->sin_addr), "0.0.0.0") == 0) { // Maybe we need to do something windows specific here? CfOut(OUTPUT_LEVEL_VERBOSE, "", " !! Cannot discover hardware IP, using DNS value"); strcpy(ip, "ipv4_"); strcat(ip, VIPADDRESS); AppendItem(&IPADDRESSES, VIPADDRESS, ""); RlistAppend(&ips, VIPADDRESS, RVAL_TYPE_SCALAR); for (sp = ip + strlen(ip) - 1; (sp > ip); sp--) { if (*sp == '.') { *sp = '\0'; HardClass(ip); } } strcpy(ip, VIPADDRESS); i = 3; for (sp = ip + strlen(ip) - 1; (sp > ip); sp--) { if (*sp == '.') { *sp = '\0'; snprintf(name, CF_MAXVARSIZE - 1, "ipv4_%d[%s]", i--, CanonifyName(VIPADDRESS)); NewScalar("sys", name, ip, DATA_TYPE_STRING); } } continue; } strncpy(ip, "ipv4_", CF_MAXVARSIZE); strncat(ip, inet_ntoa(sin->sin_addr), CF_MAXVARSIZE - 6); HardClass(ip); if (!ipdefault) { ipdefault = true; NewScalar("sys", "ipv4", inet_ntoa(sin->sin_addr), DATA_TYPE_STRING); strcpy(VIPADDRESS, inet_ntoa(sin->sin_addr)); } AppendItem(&IPADDRESSES, inet_ntoa(sin->sin_addr), ""); RlistAppend(&ips, inet_ntoa(sin->sin_addr), RVAL_TYPE_SCALAR); for (sp = ip + strlen(ip) - 1; (sp > ip); sp--) { if (*sp == '.') { *sp = '\0'; HardClass(ip); } } // Set the IPv4 on interface array strcpy(ip, inet_ntoa(sin->sin_addr)); if ((ag != AGENT_TYPE_KNOW) && (ag != AGENT_TYPE_GENDOC)) { snprintf(name, CF_MAXVARSIZE - 1, "ipv4[%s]", CanonifyName(ifp->ifr_name)); } else { snprintf(name, CF_MAXVARSIZE - 1, "ipv4[interface_name]"); } NewScalar("sys", name, ip, DATA_TYPE_STRING); i = 3; for (sp = ip + strlen(ip) - 1; (sp > ip); sp--) { if (*sp == '.') { *sp = '\0'; if ((ag != AGENT_TYPE_KNOW) && (ag != AGENT_TYPE_GENDOC)) { snprintf(name, CF_MAXVARSIZE - 1, "ipv4_%d[%s]", i--, CanonifyName(ifp->ifr_name)); } else { snprintf(name, CF_MAXVARSIZE - 1, "ipv4_%d[interface_name]", i--); } NewScalar("sys", name, ip, DATA_TYPE_STRING); } } } // Set the hardware/mac address array GetMacAddress(ag, fd, &ifr, ifp, &interfaces, &hardware); } } close(fd); NewList("sys", "interfaces", interfaces, DATA_TYPE_STRING_LIST); NewList("sys", "hardware_addresses", hardware, DATA_TYPE_STRING_LIST); NewList("sys", "ip_addresses", ips, DATA_TYPE_STRING_LIST); RlistDestroy(interfaces); RlistDestroy(hardware); RlistDestroy(ips); FindV6InterfacesInfo(); }
bool EvalContextVariablePut(EvalContext *ctx, VarRef lval, Rval rval, DataType type) { assert(type != DATA_TYPE_NONE); if (lval.lval == NULL || lval.scope == NULL) { ProgrammingError("Bad variable or scope in a variable assignment. scope.value = %s.%s", lval.scope, lval.lval); } if (rval.item == NULL) { return false; } if (strlen(lval.lval) > CF_MAXVARSIZE) { char *lval_str = VarRefToString(lval, true); Log(LOG_LEVEL_ERR, "Variable '%s'' cannot be added because its length exceeds the maximum length allowed '%d' characters", lval_str, CF_MAXVARSIZE); free(lval_str); return false; } // If we are not expanding a body template, check for recursive singularities if (strcmp(lval.scope, "body") != 0) { switch (rval.type) { case RVAL_TYPE_SCALAR: if (StringContainsVar((char *) rval.item, lval.lval)) { Log(LOG_LEVEL_ERR, "Scalar variable %s.%s contains itself (non-convergent): %s", lval.scope, lval.lval, (char *) rval.item); return false; } break; case RVAL_TYPE_LIST: for (const Rlist *rp = rval.item; rp != NULL; rp = rp->next) { if (StringContainsVar(rp->item, lval.lval)) { Log(LOG_LEVEL_ERR, "List variable %s contains itself (non-convergent)", lval.lval); return false; } } break; default: break; } } else { assert(STACK_FRAME_TYPE_BODY == LastStackFrame(ctx, 0)->type); } Scope *put_scope = ScopeGet(lval.scope); if (!put_scope) { put_scope = ScopeNew(lval.scope); if (!put_scope) { return false; } } // Look for outstanding lists in variable rvals if (THIS_AGENT_TYPE == AGENT_TYPE_COMMON) { Rlist *listvars = NULL; Rlist *scalars = NULL; // TODO what do we do with scalars? if (ScopeGetCurrent() && strcmp(ScopeGetCurrent()->scope, "this") != 0) { MapIteratorsFromRval(ctx, ScopeGetCurrent()->scope, &listvars, &scalars, rval); if (listvars != NULL) { Log(LOG_LEVEL_ERR, "Redefinition of variable \"%s\" (embedded list in RHS) in context \"%s\"", lval.lval, ScopeGetCurrent()->scope); } RlistDestroy(listvars); RlistDestroy(scalars); } } // FIX: lval is stored with array params as part of the lval for legacy reasons. char *final_lval = VarRefToString(lval, false); CfAssoc *assoc = HashLookupElement(put_scope->hashtable, final_lval); if (assoc) { if (CompareVariableValue(rval, assoc) != 0) { /* Different value, bark and replace */ if (!UnresolvedVariables(assoc, rval.type)) { Log(LOG_LEVEL_INFO, "Replaced value of variable '%s' in scope '%s'", lval.lval, put_scope->scope); } RvalDestroy(assoc->rval); assoc->rval = RvalCopy(rval); assoc->dtype = type; } } else { if (!HashInsertElement(put_scope->hashtable, final_lval, rval, type)) { ProgrammingError("Hash table is full"); } } free(final_lval); return true; }
static Rlist *RlistParseStringBounded(char *left, char *right, int *n) { Rlist *newlist = NULL; char str2[CF_MAXVARSIZE]; char *s = left; char *s2 = str2; bool precede = false; //set if we just encountred escaping character bool ignore = true; //set if we're outside quotation marks bool skipped = true; //set if a separating comma is behind us char *extract = NULL; if (n!=NULL) { *n = 0; } memset(str2, 0, CF_MAXVARSIZE); while (*s && s < right) { if (*s != '\\') { if (precede) { if (*s != '\\' && *s != '"') { Log(LOG_LEVEL_ERR, "Presence of illegal %c after escaping character", *s); goto clean; } else { *s2++ = *s; } precede = false; } else { if (*s == '"') { if (ignore) { if (skipped != true) { Log(LOG_LEVEL_ERR, "Quotation marks \" should follow commas"); goto clean; } ignore = false; extract = s2; } else { *s2='\0'; Log(LOG_LEVEL_VERBOSE, "Extracted string [%s] of length (%d)", extract, (size_t) (s2 - extract)); RlistAppendScalar(&newlist, extract); ignore = true; extract = NULL; if (n != NULL) { *n += 1; } } skipped = false; } else if (*s == ',') { if (ignore) { if (skipped == false) { skipped = true; } else { Log(LOG_LEVEL_ERR, "Only one comma should separate different list elements"); goto clean; } } else { *s2++ = *s; } } else { if (ignore == true && *s != ' ') { Log(LOG_LEVEL_ERR, "Only white characters are permitted outside of list elements. Character %c is illegal.", *s); goto clean; } *s2++ = *s; } } } else { if (precede) { *s2++ = '\\'; precede = false; } else { precede = true; } } s++; } if (ignore) { return newlist; } else { goto clean; } clean: if (newlist) { RlistDestroy(newlist); } return NULL; }
static int HailServer(EvalContext *ctx, char *host) { AgentConnection *conn; char sendbuffer[CF_BUFSIZE], recvbuffer[CF_BUFSIZE], peer[CF_MAXVARSIZE], ipv4[CF_MAXVARSIZE], digest[CF_MAXVARSIZE], user[CF_SMALLBUF]; bool gotkey; char reply[8]; FileCopy fc = { .portnumber = (short) ParseHostname(host, peer), }; snprintf(ipv4, CF_MAXVARSIZE, "%s", Hostname2IPString(peer)); Address2Hostkey(ipv4, digest); GetCurrentUserName(user, CF_SMALLBUF); if (INTERACTIVE) { CfOut(OUTPUT_LEVEL_VERBOSE, "", " -> Using interactive key trust...\n"); gotkey = HavePublicKey(user, peer, digest) != NULL; if (!gotkey) { gotkey = HavePublicKey(user, ipv4, digest) != NULL; } if (!gotkey) { printf("WARNING - You do not have a public key from host %s = %s\n", host, ipv4); printf(" Do you want to accept one on trust? (yes/no)\n\n--> "); while (true) { if (fgets(reply, 8, stdin) == NULL) { FatalError(ctx, "EOF trying to read answer from terminal"); } if (Chop(reply, CF_EXPANDSIZE) == -1) { CfOut(OUTPUT_LEVEL_ERROR, "", "Chop was called on a string that seemed to have no terminator"); } if (strcmp(reply, "yes") == 0) { printf(" -> Will trust the key...\n"); fc.trustkey = true; break; } else if (strcmp(reply, "no") == 0) { printf(" -> Will not trust the key...\n"); fc.trustkey = false; break; } else { printf(" !! Please reply yes or no...(%s)\n", reply); } } } } /* Continue */ #ifdef __MINGW32__ CfOut(OUTPUT_LEVEL_INFORM, "", "...........................................................................\n"); CfOut(OUTPUT_LEVEL_INFORM, "", " * Hailing %s : %u, with options \"%s\" (serial)\n", peer, fc.portnumber, REMOTE_AGENT_OPTIONS); CfOut(OUTPUT_LEVEL_INFORM, "", "...........................................................................\n"); #else /* !__MINGW32__ */ if (BACKGROUND) { CfOut(OUTPUT_LEVEL_INFORM, "", "Hailing %s : %u, with options \"%s\" (parallel)\n", peer, fc.portnumber, REMOTE_AGENT_OPTIONS); } else { CfOut(OUTPUT_LEVEL_INFORM, "", "...........................................................................\n"); CfOut(OUTPUT_LEVEL_INFORM, "", " * Hailing %s : %u, with options \"%s\" (serial)\n", peer, fc.portnumber, REMOTE_AGENT_OPTIONS); CfOut(OUTPUT_LEVEL_INFORM, "", "...........................................................................\n"); } #endif /* !__MINGW32__ */ fc.servers = RlistFromSplitString(peer, '*'); if (fc.servers == NULL || strcmp(fc.servers->item, "localhost") == 0) { CfOut(OUTPUT_LEVEL_INFORM, "", "No hosts are registered to connect to"); return false; } else { int err = 0; conn = NewServerConnection(fc, false, &err); if (conn == NULL) { RlistDestroy(fc.servers); CfOut(OUTPUT_LEVEL_VERBOSE, "", " -> No suitable server responded to hail\n"); return false; } } /* Check trust interaction*/ HailExec(conn, peer, recvbuffer, sendbuffer); RlistDestroy(fc.servers); return true; } /********************************************************************/ /* Level 2 */ /********************************************************************/ static void KeepControlPromises(EvalContext *ctx, Policy *policy) { Rval retval; RUNATTR.copy.trustkey = false; RUNATTR.copy.encrypt = true; RUNATTR.copy.force_ipv4 = false; RUNATTR.copy.portnumber = SHORT_CFENGINEPORT; /* Keep promised agent behaviour - control bodies */ Seq *constraints = ControlBodyConstraints(policy, AGENT_TYPE_RUNAGENT); if (constraints) { for (size_t i = 0; i < SeqLength(constraints); i++) { Constraint *cp = SeqAt(constraints, i); if (!IsDefinedClass(ctx, cp->classes, NULL)) { continue; } if (!EvalContextVariableGet(ctx, (VarRef) { NULL, "control_runagent", cp->lval }, &retval, NULL)) { CfOut(OUTPUT_LEVEL_ERROR, "", "Unknown lval %s in runagent control body", cp->lval); continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_FORCE_IPV4].lval) == 0) { RUNATTR.copy.force_ipv4 = BooleanFromString(retval.item); CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET force_ipv4 = %d\n", RUNATTR.copy.force_ipv4); continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_TRUSTKEY].lval) == 0) { RUNATTR.copy.trustkey = BooleanFromString(retval.item); CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET trustkey = %d\n", RUNATTR.copy.trustkey); continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_ENCRYPT].lval) == 0) { RUNATTR.copy.encrypt = BooleanFromString(retval.item); CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET encrypt = %d\n", RUNATTR.copy.encrypt); continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_PORT_NUMBER].lval) == 0) { RUNATTR.copy.portnumber = (short) IntFromString(retval.item); CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET default portnumber = %u\n", (int) RUNATTR.copy.portnumber); continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_BACKGROUND].lval) == 0) { /* * Only process this option if are is no -b or -i options specified on * command line. */ if (BACKGROUND || INTERACTIVE) { CfOut(OUTPUT_LEVEL_ERROR, "", "Warning: 'background_children' setting from 'body runagent control' is overriden by command-line option."); } else { BACKGROUND = BooleanFromString(retval.item); } continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_MAX_CHILD].lval) == 0) { MAXCHILD = (short) IntFromString(retval.item); continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_OUTPUT_TO_FILE].lval) == 0) { OUTPUT_TO_FILE = BooleanFromString(retval.item); continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_OUTPUT_DIRECTORY].lval) == 0) { if (IsAbsPath(retval.item)) { strncpy(OUTPUT_DIRECTORY, retval.item, CF_BUFSIZE - 1); CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET output direcory to = %s\n", OUTPUT_DIRECTORY); } continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_TIMEOUT].lval) == 0) { RUNATTR.copy.timeout = (short) IntFromString(retval.item); continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_HOSTS].lval) == 0) { if (HOSTLIST == NULL) // Don't override if command line setting { HOSTLIST = retval.item; } continue; } } } if (EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_LASTSEEN_EXPIRE_AFTER, &retval)) { LASTSEENEXPIREAFTER = IntFromString(retval.item) * 60; } }
static void ExpandAndMapIteratorsFromScalar(EvalContext *ctx, const Bundle *bundle, char *string, size_t length, int level, Rlist **scalars, Rlist **lists, Rlist **containers, Rlist **full_expansion) { assert(string); if (!string) { return; } Buffer *value = BufferNew(); for (size_t i = 0; i < length; i++) { const char *sp = string + i; Rlist *tmp_list = NULL; BufferZero(value); if (ExtractScalarPrefix(value, sp, length - i)) { if (full_expansion) { RlistConcatInto(&tmp_list, *full_expansion, BufferData(value)); RlistDestroy(*full_expansion); *full_expansion = tmp_list; tmp_list = NULL; } sp += BufferSize(value); i += BufferSize(value); BufferZero(value); if (i >= length) { break; } } if (*sp == '$') { BufferZero(value); ExtractScalarReference(value, sp, length - i, true); if (BufferSize(value) > 0) { Rlist *inner_expansion = NULL; Rlist *exp = NULL; int success = 0; VarRef *ref = VarRefParse(BufferData(value)); int increment = BufferSize(value) - 1 + 3; // Handle any embedded variables char *substring = string + i + 2; ExpandAndMapIteratorsFromScalar(ctx, bundle, substring, BufferSize(value), level+1, scalars, lists, containers, &inner_expansion); for (exp = inner_expansion; exp != NULL; exp = exp->next) { // If a list is non-local, i.e. $(bundle.var), map it to local $(bundle#var) // NB without modifying variables as we map them, it's not // possible to handle remote lists referenced by a variable // scope. For example: // scope => "test."; var => "somelist"; $($(scope)$(var)) fails // varname => "test.somelist"; $($(varname)) also fails // TODO Unless the consumer handles it? const char *inner_ref_str = RlistScalarValue(exp); VarRef *inner_ref = VarRefParseFromBundle(inner_ref_str, bundle); // var is the expanded name of the variable in its native context // finalname will be the mapped name in the local context "this." DataType value_type = DATA_TYPE_NONE; const void *value = EvalContextVariableGet(ctx, inner_ref, &value_type); if (value) { char *mangled_inner_ref = xstrdup(inner_ref_str); MangleVarRefString(mangled_inner_ref, strlen(mangled_inner_ref)); success++; switch (DataTypeToRvalType(value_type)) { case RVAL_TYPE_LIST: if (level > 0) { RlistPrependScalarIdemp(lists, mangled_inner_ref); } else { RlistAppendScalarIdemp(lists, mangled_inner_ref); } if (full_expansion) { for (const Rlist *rp = value; rp != NULL; rp = rp->next) { // append each slist item to each of full_expansion RlistConcatInto(&tmp_list, *full_expansion, RlistScalarValue(rp)); } } break; case RVAL_TYPE_SCALAR: RlistAppendScalarIdemp(scalars, mangled_inner_ref); if (full_expansion) { // append the scalar value to each of full_expansion RlistConcatInto(&tmp_list, *full_expansion, value); } break; case RVAL_TYPE_CONTAINER: if (level > 0) { RlistPrependScalarIdemp(containers, mangled_inner_ref); } else { RlistAppendScalarIdemp(containers, mangled_inner_ref); } break; case RVAL_TYPE_FNCALL: case RVAL_TYPE_NOPROMISEE: break; } free(mangled_inner_ref); } VarRefDestroy(inner_ref); } RlistDestroy(inner_expansion); if (full_expansion) { RlistDestroy(*full_expansion); *full_expansion = tmp_list; tmp_list = NULL; } // No need to map this.* even though it's technically qualified if (success && IsQualifiedVariable(BufferData(value)) && strcmp(ref->scope, "this") != 0) { char *dotpos = strchr(substring, '.'); if (dotpos) { *dotpos = CF_MAPPEDLIST; // replace '.' with '#' } if (strchr(BufferData(value), ':')) { char *colonpos = strchr(substring, ':'); if (colonpos) { *colonpos = '*'; } } } VarRefDestroy(ref); sp += increment; i += increment; } } } BufferDestroy(value); }
static int NewSQLColumns(char *table, Rlist *columns, char ***name_table, char ***type_table, int **size_table, int **done) { int i, no_of_cols = RlistLen(columns); Rlist *cols, *rp; *name_table = (char **) xmalloc(sizeof(char *) * (no_of_cols + 1)); *type_table = (char **) xmalloc(sizeof(char *) * (no_of_cols + 1)); *size_table = (int *) xmalloc(sizeof(int) * (no_of_cols + 1)); *done = (int *) xmalloc(sizeof(int) * (no_of_cols + 1)); for (i = 0, rp = columns; rp != NULL; rp = rp->next, i++) { (*done)[i] = 0; cols = RlistFromSplitString(RlistScalarValue(rp), ','); if (!cols) { Log(LOG_LEVEL_ERR, "No columns promised for table '%s' - makes no sense", table); return false; } if (cols->val.item == NULL) { Log(LOG_LEVEL_ERR, "Malformed column promise for table '%s' - found not even a name", table); free(*name_table); free(*type_table); free(*size_table); free(*done); return false; } (*name_table)[i] = xstrdup(RlistScalarValue(cols)); if (cols->next == NULL) { Log(LOG_LEVEL_ERR, "Malformed column '%s' promised for table '%s' - missing a type", (*name_table)[i], table); free(*name_table); free(*type_table); free(*size_table); free(*done); return false; } (*type_table)[i] = xstrdup(RlistScalarValue(cols->next)); if (cols->next->next == NULL) { (*size_table)[i] = 0; } else { if (cols->next->next->val.item) { (*size_table)[i] = IntFromString(RlistScalarValue(cols->next->next)); } else { (*size_table)[i] = 0; } } RlistDestroy(cols); } return true; }