int main(int argc, char *argv[]) { EvalContext *ctx = EvalContextNew(); GenericAgentConfig *config = CheckOpts(ctx, argc, argv); GenericAgentConfigApply(ctx, config); GenericAgentDiscoverContext(ctx, config); Policy *policy = NULL; if (GenericAgentCheckPolicy(ctx, config, false)) { policy = GenericAgentLoadPolicy(ctx, config); } else if (config->tty_interactive) { exit(EXIT_FAILURE); } else { CfOut(OUTPUT_LEVEL_ERROR, "", "CFEngine was not able to get confirmation of promises from cf-promises, so going to failsafe\n"); EvalContextHeapAddHard(ctx, "failsafe_fallback"); GenericAgentConfigSetInputFile(config, "failsafe.cf"); policy = GenericAgentLoadPolicy(ctx, config); } WarnAboutDeprecatedFeatures(ctx); CheckForPolicyHub(ctx); ThisAgentInit(); ExecConfig *exec_config = ExecConfigNewDefault(!ONCE, VFQNAME, VIPADDRESS); ExecConfigUpdate(ctx, policy, exec_config); SetFacility(exec_config->log_facility); #ifdef __MINGW32__ if (WINSERVICE) { NovaWin_StartExecService(); } else #endif /* __MINGW32__ */ { StartServer(ctx, policy, config, exec_config); } ExecConfigDestroy(exec_config); GenericAgentConfigDestroy(config); return 0; }
int main(int argc, char *argv[]) { EvalContext *ctx = EvalContextNew(); GenericAgentConfig *config = CheckOpts(ctx, argc, argv); GenericAgentConfigApply(ctx, config); GenericAgentDiscoverContext(ctx, config); Policy *policy = NULL; if (GenericAgentCheckPolicy(config, false)) { policy = GenericAgentLoadPolicy(ctx, config); } else if (config->tty_interactive) { exit(EXIT_FAILURE); } else { Log(LOG_LEVEL_ERR, "CFEngine was not able to get confirmation of promises from cf-promises, so going to failsafe"); EvalContextClassPut(ctx, NULL, "failsafe_fallback", false, CONTEXT_SCOPE_NAMESPACE, "goal=update,source=agent"); GenericAgentConfigSetInputFile(config, GetWorkDir(), "failsafe.cf"); policy = GenericAgentLoadPolicy(ctx, config); } ThisAgentInit(); ExecConfig *exec_config = ExecConfigNewDefault(!ONCE, VFQNAME, VIPADDRESS); ExecConfigUpdate(ctx, policy, exec_config); SetFacility(exec_config->log_facility); #ifdef __MINGW32__ if (WINSERVICE) { NovaWin_StartExecService(); } else #endif /* __MINGW32__ */ { StartServer(ctx, policy, config, exec_config); } ExecConfigDestroy(exec_config); GenericAgentConfigDestroy(config); return 0; }
int main(int argc, char *argv[]) { GenericAgentConfig *config = CheckOpts(argc, argv); EvalContext *ctx = EvalContextNew(); GenericAgentConfigApply(ctx, config); GenericAgentDiscoverContext(ctx, config); Policy *policy = NULL; if (GenericAgentCheckPolicy(config, false, false)) { policy = LoadPolicy(ctx, config); } else if (config->tty_interactive) { exit(EXIT_FAILURE); } else { Log(LOG_LEVEL_ERR, "CFEngine was not able to get confirmation of promises from cf-promises, so going to failsafe"); EvalContextClassPutHard(ctx, "failsafe_fallback", "attribute_name=Errors,source=agent"); GenericAgentConfigSetInputFile(config, GetInputDir(), "failsafe.cf"); policy = LoadPolicy(ctx, config); } ThisAgentInit(); ExecConfig *exec_config = ExecConfigNew(!ONCE, ctx, policy); ExecdConfig *execd_config = ExecdConfigNew(ctx, policy); SetFacility(execd_config->log_facility); #ifdef __MINGW32__ if (WINSERVICE) { NovaWin_StartExecService(); } else #endif /* __MINGW32__ */ { StartServer(ctx, policy, config, &execd_config, &exec_config); } ExecConfigDestroy(exec_config); ExecdConfigDestroy(execd_config); GenericAgentConfigDestroy(config); return 0; }
int main(int argc, char *argv[]) { GenericAgentConfig *config = CheckOpts(argc, argv); EvalContext *ctx = EvalContextNew(); GenericAgentConfigApply(ctx, config); GenericAgentDiscoverContext(ctx, config); Policy *policy = SelectAndLoadPolicy(config, ctx, false, false); if (!policy) { Log(LOG_LEVEL_ERR, "Error reading CFEngine policy. Exiting..."); exit(EXIT_FAILURE); } GenericAgentPostLoadInit(ctx); ThisAgentInit(); ExecConfig *exec_config = ExecConfigNew(!ONCE, ctx, policy); ExecdConfig *execd_config = ExecdConfigNew(ctx, policy); SetFacility(execd_config->log_facility); #ifdef __MINGW32__ if (WINSERVICE) { NovaWin_StartExecService(); } else #endif /* __MINGW32__ */ { StartServer(ctx, policy, config, &execd_config, &exec_config); } GenericAgentFinalize(ctx, config); ExecConfigDestroy(exec_config); ExecdConfigDestroy(execd_config); return 0; }
static bool ScheduleRun(EvalContext *ctx, Policy **policy, GenericAgentConfig *config, ExecConfig *exec_config) { CfOut(OUTPUT_LEVEL_VERBOSE, "", "Sleeping for pulse time %d seconds...\n", CFPULSETIME); sleep(CFPULSETIME); /* 1 Minute resolution is enough */ /* * FIXME: this logic duplicates the one from cf-serverd.c. Unify ASAP. */ if (CheckNewPromises(ctx, config, InputFiles(ctx, *policy)) == RELOAD_FULL) { /* Full reload */ CfOut(OUTPUT_LEVEL_INFORM, "", "Re-reading promise file %s..\n", config->input_file); EvalContextHeapClear(ctx); DeleteItemList(IPADDRESSES); IPADDRESSES = NULL; ScopeDeleteAll(); strcpy(VDOMAIN, "undefined.domain"); POLICY_SERVER[0] = '\0'; PolicyDestroy(*policy); *policy = NULL; SetPolicyServer(ctx, POLICY_SERVER); ScopeNewSpecialScalar(ctx, "sys", "policy_hub", POLICY_SERVER, DATA_TYPE_STRING); GetNameInfo3(ctx, AGENT_TYPE_EXECUTOR); GetInterfacesInfo(ctx, AGENT_TYPE_EXECUTOR); Get3Environment(ctx, AGENT_TYPE_EXECUTOR); BuiltinClasses(ctx); OSClasses(ctx); EvalContextHeapAddHard(ctx, CF_AGENTTYPES[AGENT_TYPE_EXECUTOR]); SetReferenceTime(ctx, true); GenericAgentConfigSetBundleSequence(config, NULL); *policy = GenericAgentLoadPolicy(ctx, config); ExecConfigUpdate(ctx, *policy, exec_config); SetFacility(exec_config->log_facility); } else { /* Environment reload */ EvalContextHeapClear(ctx); DeleteItemList(IPADDRESSES); IPADDRESSES = NULL; ScopeClear("this"); ScopeClear("mon"); ScopeClear("sys"); GetInterfacesInfo(ctx, AGENT_TYPE_EXECUTOR); Get3Environment(ctx, AGENT_TYPE_EXECUTOR); BuiltinClasses(ctx); OSClasses(ctx); SetReferenceTime(ctx, true); } { StringSetIterator it = StringSetIteratorInit(exec_config->schedule); const char *time_context = NULL; while ((time_context = StringSetIteratorNext(&it))) { if (IsDefinedClass(ctx, time_context, NULL)) { CfOut(OUTPUT_LEVEL_VERBOSE, "", "Waking up the agent at %s ~ %s \n", cf_ctime(&CFSTARTTIME), time_context); return true; } } } CfOut(OUTPUT_LEVEL_VERBOSE, "", "Nothing to do at %s\n", cf_ctime(&CFSTARTTIME)); return false; }
void KeepPromises(Policy *policy, ExecConfig *config) { bool schedule_is_specified = false; Seq *constraints = ControlBodyConstraints(policy, AGENT_TYPE_EXECUTOR); if (constraints) { for (size_t i = 0; i < SeqLength(constraints); i++) { Constraint *cp = SeqAt(constraints, i); if (IsExcluded(cp->classes, NULL)) { continue; } Rval retval; if (GetVariable("control_executor", cp->lval, &retval) == DATA_TYPE_NONE) { CfOut(OUTPUT_LEVEL_ERROR, "", "Unknown lval %s in exec control body", cp->lval); continue; } if (strcmp(cp->lval, CFEX_CONTROLBODY[cfex_mailfrom].lval) == 0) { free(config->mail_from_address); config->mail_from_address = SafeStringDuplicate(retval.item); CfDebug("mailfrom = %s\n", config->mail_from_address); } if (strcmp(cp->lval, CFEX_CONTROLBODY[cfex_mailto].lval) == 0) { free(config->mail_to_address); config->mail_to_address = SafeStringDuplicate(retval.item); CfDebug("mailto = %s\n", config->mail_to_address); } if (strcmp(cp->lval, CFEX_CONTROLBODY[cfex_smtpserver].lval) == 0) { free(config->mail_server); config->mail_server = SafeStringDuplicate(retval.item); CfDebug("smtpserver = %s\n", config->mail_server); } if (strcmp(cp->lval, CFEX_CONTROLBODY[cfex_execcommand].lval) == 0) { free(config->exec_command); config->exec_command = SafeStringDuplicate(retval.item); CfDebug("exec_command = %s\n", config->exec_command); } if (strcmp(cp->lval, CFEX_CONTROLBODY[cfex_agent_expireafter].lval) == 0) { config->agent_expireafter = IntFromString(retval.item); CfDebug("agent_expireafter = %d\n", config->agent_expireafter); } if (strcmp(cp->lval, CFEX_CONTROLBODY[cfex_executorfacility].lval) == 0) { SetFacility(retval.item); continue; } if (strcmp(cp->lval, CFEX_CONTROLBODY[cfex_mailmaxlines].lval) == 0) { config->mail_max_lines = IntFromString(retval.item); CfDebug("maxlines = %d\n", config->mail_max_lines); } if (strcmp(cp->lval, CFEX_CONTROLBODY[cfex_splaytime].lval) == 0) { int time = IntFromString(RvalScalarValue(retval)); SPLAYTIME = (int) (time * SECONDS_PER_MINUTE * GetSplay()); } if (strcmp(cp->lval, CFEX_CONTROLBODY[cfex_schedule].lval) == 0) { CfDebug("Loading user-defined schedule...\n"); DeleteItemList(SCHEDULE); SCHEDULE = NULL; schedule_is_specified = true; for (const Rlist *rp = retval.item; rp; rp = rp->next) { if (!IsItemIn(SCHEDULE, rp->item)) { AppendItem(&SCHEDULE, rp->item, NULL); } } } } } if (!schedule_is_specified) { LoadDefaultSchedule(); } }
static void KeepControlPromises(EvalContext *ctx, const Policy *policy, GenericAgentConfig *config) { CFD_MAXPROCESSES = 30; MAXTRIES = 5; DENYBADCLOCKS = true; CFRUNCOMMAND[0] = '\0'; SetChecksumUpdatesDefault(ctx, true); /* Keep promised agent behaviour - control bodies */ Banner("Server control promises.."); PolicyResolve(ctx, policy, config); /* Now expand */ Seq *constraints = ControlBodyConstraints(policy, AGENT_TYPE_SERVER); if (constraints) { for (size_t i = 0; i < SeqLength(constraints); i++) { Constraint *cp = SeqAt(constraints, i); #define IsControlBody(e) (strcmp(cp->lval, CFS_CONTROLBODY[e].lval) == 0) if (!IsDefinedClass(ctx, cp->classes)) { continue; } VarRef *ref = VarRefParseFromScope(cp->lval, "control_server"); const void *value = EvalContextVariableGet(ctx, ref, NULL); VarRefDestroy(ref); if (!value) { Log(LOG_LEVEL_ERR, "Unknown lval '%s' in server control body", cp->lval); } else if (IsControlBody(SERVER_CONTROL_SERVER_FACILITY)) { SetFacility(value); } else if (IsControlBody(SERVER_CONTROL_DENY_BAD_CLOCKS)) { DENYBADCLOCKS = BooleanFromString(value); Log(LOG_LEVEL_VERBOSE, "Setting denybadclocks to '%s'", DENYBADCLOCKS ? "true" : "false"); } else if (IsControlBody(SERVER_CONTROL_LOG_ENCRYPTED_TRANSFERS)) { LOGENCRYPT = BooleanFromString(value); Log(LOG_LEVEL_VERBOSE, "Setting logencrypt to '%s'", LOGENCRYPT ? "true" : "false"); } else if (IsControlBody(SERVER_CONTROL_LOG_ALL_CONNECTIONS)) { SV.logconns = BooleanFromString(value); Log(LOG_LEVEL_VERBOSE, "Setting logconns to %d", SV.logconns); } else if (IsControlBody(SERVER_CONTROL_MAX_CONNECTIONS)) { CFD_MAXPROCESSES = (int) IntFromString(value); MAXTRIES = CFD_MAXPROCESSES / 3; Log(LOG_LEVEL_VERBOSE, "Setting maxconnections to %d", CFD_MAXPROCESSES); /* The handling of max_readers in LMDB is not ideal, but * here is how it is right now: We know that both cf-serverd and * cf-hub will access the lastseen database. Worst case every * single thread and process will do it at the same time, and * this has in fact been observed. So we add the maximum of * those two values together to provide a safe ceiling. In * addition, cf-agent can access the database occasionally as * well, so add a few extra for that too. */ DBSetMaximumConcurrentTransactions(CFD_MAXPROCESSES + EnterpriseGetMaxCfHubProcesses() + 10); continue; } else if (IsControlBody(SERVER_CONTROL_CALL_COLLECT_INTERVAL)) { COLLECT_INTERVAL = (int) 60 * IntFromString(value); Log(LOG_LEVEL_VERBOSE, "Setting call_collect_interval to %d (seconds)", COLLECT_INTERVAL); } else if (IsControlBody(SERVER_CONTROL_LISTEN)) { SERVER_LISTEN = BooleanFromString(value); Log(LOG_LEVEL_VERBOSE, "Setting server listen to '%s' ", SERVER_LISTEN ? "true" : "false"); } else if (IsControlBody(SERVER_CONTROL_CALL_COLLECT_WINDOW)) { COLLECT_WINDOW = (int) IntFromString(value); Log(LOG_LEVEL_VERBOSE, "Setting collect_window to %d (seconds)", COLLECT_INTERVAL); } else if (IsControlBody(SERVER_CONTROL_CF_RUN_COMMAND)) { strlcpy(CFRUNCOMMAND, value, sizeof(CFRUNCOMMAND)); Log(LOG_LEVEL_VERBOSE, "Setting cfruncommand to '%s'", CFRUNCOMMAND); } else if (IsControlBody(SERVER_CONTROL_ALLOW_CONNECTS)) { Log(LOG_LEVEL_VERBOSE, "Setting allowing connections from ..."); for (const Rlist *rp = value; rp != NULL; rp = rp->next) { if (!IsItemIn(SV.nonattackerlist, RlistScalarValue(rp))) { PrependItem(&SV.nonattackerlist, RlistScalarValue(rp), cp->classes); } } } else if (IsControlBody(SERVER_CONTROL_DENY_CONNECTS)) { Log(LOG_LEVEL_VERBOSE, "Setting denying connections from ..."); for (const Rlist *rp = value; rp != NULL; rp = rp->next) { if (!IsItemIn(SV.attackerlist, RlistScalarValue(rp))) { PrependItem(&SV.attackerlist, RlistScalarValue(rp), cp->classes); } } } else if (IsControlBody(SERVER_CONTROL_SKIP_VERIFY)) { /* Skip. */ } else if (IsControlBody(SERVER_CONTROL_ALLOW_ALL_CONNECTS)) { Log(LOG_LEVEL_VERBOSE, "Setting allowing multiple connections from ..."); for (const Rlist *rp = value; rp != NULL; rp = rp->next) { if (!IsItemIn(SV.multiconnlist, RlistScalarValue(rp))) { PrependItem(&SV.multiconnlist, RlistScalarValue(rp), cp->classes); } } } else if (IsControlBody(SERVER_CONTROL_ALLOW_USERS)) { Log(LOG_LEVEL_VERBOSE, "SET Allowing users ..."); for (const Rlist *rp = value; rp != NULL; rp = rp->next) { if (!IsItemIn(SV.allowuserlist, RlistScalarValue(rp))) { PrependItem(&SV.allowuserlist, RlistScalarValue(rp), cp->classes); } } } else if (IsControlBody(SERVER_CONTROL_TRUST_KEYS_FROM)) { Log(LOG_LEVEL_VERBOSE, "Setting trust keys from ..."); for (const Rlist *rp = value; rp != NULL; rp = rp->next) { if (!IsItemIn(SV.trustkeylist, RlistScalarValue(rp))) { PrependItem(&SV.trustkeylist, RlistScalarValue(rp), cp->classes); } } } else if (IsControlBody(SERVER_CONTROL_ALLOWLEGACYCONNECTS)) { Log(LOG_LEVEL_VERBOSE, "Setting allowing legacy connections from ..."); for (const Rlist *rp = value; rp != NULL; rp = rp->next) { if (!IsItemIn(SV.allowlegacyconnects, RlistScalarValue(rp))) { PrependItem(&SV.allowlegacyconnects, RlistScalarValue(rp), cp->classes); } } } else if (IsControlBody(SERVER_CONTROL_PORT_NUMBER)) { CFENGINE_PORT = IntFromString(value); strlcpy(CFENGINE_PORT_STR, value, sizeof(CFENGINE_PORT_STR)); Log(LOG_LEVEL_VERBOSE, "Setting default port number to %d", CFENGINE_PORT); } else if (IsControlBody(SERVER_CONTROL_BIND_TO_INTERFACE)) { strlcpy(BINDINTERFACE, value, sizeof(BINDINTERFACE)); Log(LOG_LEVEL_VERBOSE, "Setting bindtointerface to '%s'", BINDINTERFACE); } else if (IsControlBody(SERVER_CONTROL_ALLOWCIPHERS)) { SV.allowciphers = xstrdup(value); Log(LOG_LEVEL_VERBOSE, "Setting allowciphers to '%s'", SV.allowciphers); } #undef IsControlBody } } const void *value = EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_SYSLOG_HOST); if (value) { /* Don't resolve syslog_host now, better do it per log request. */ if (!SetSyslogHost(value)) { Log(LOG_LEVEL_ERR, "Failed to set syslog_host, '%s' too long", (const char *)value); } else { Log(LOG_LEVEL_VERBOSE, "Setting syslog_host to '%s'", (const char *)value); } } value = EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_SYSLOG_PORT); if (value) { SetSyslogPort(IntFromString(value)); } value = EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_FIPS_MODE); if (value) { FIPS_MODE = BooleanFromString(value); Log(LOG_LEVEL_VERBOSE, "Setting FIPS mode to to '%s'", FIPS_MODE ? "true" : "false"); } value = EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_LASTSEEN_EXPIRE_AFTER); if (value) { LASTSEENEXPIREAFTER = IntFromString(value) * 60; } value = EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_BWLIMIT); if (value) { double bval; if (DoubleFromString(value, &bval)) { bwlimit_kbytes = (uint32_t) ( bval / 1000.0); Log(LOG_LEVEL_VERBOSE, "Setting rate limit to %d kBytes/sec", bwlimit_kbytes); } } }
static void KeepControlPromises(EvalContext *ctx, const Policy *policy, GenericAgentConfig *config) { CFD_MAXPROCESSES = 30; MAXTRIES = 5; DENYBADCLOCKS = true; CFRUNCOMMAND[0] = '\0'; SetChecksumUpdatesDefault(ctx, true); /* Keep promised agent behaviour - control bodies */ Banner("Server control promises.."); PolicyResolve(ctx, policy, config); /* Now expand */ Seq *constraints = ControlBodyConstraints(policy, AGENT_TYPE_SERVER); if (constraints) { for (size_t i = 0; i < SeqLength(constraints); i++) { Constraint *cp = SeqAt(constraints, i); if (!IsDefinedClass(ctx, cp->classes)) { continue; } VarRef *ref = VarRefParseFromScope(cp->lval, "control_server"); const void *value = EvalContextVariableGet(ctx, ref, NULL); VarRefDestroy(ref); if (!value) { Log(LOG_LEVEL_ERR, "Unknown lval '%s' in server control body", cp->lval); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_SERVER_FACILITY].lval) == 0) { SetFacility(value); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_DENY_BAD_CLOCKS].lval) == 0) { DENYBADCLOCKS = BooleanFromString(value); Log(LOG_LEVEL_VERBOSE, "Setting denybadclocks to '%s'", DENYBADCLOCKS ? "true" : "false"); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_LOG_ENCRYPTED_TRANSFERS].lval) == 0) { LOGENCRYPT = BooleanFromString(value); Log(LOG_LEVEL_VERBOSE, "Setting logencrypt to '%s'", LOGENCRYPT ? "true" : "false"); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_LOG_ALL_CONNECTIONS].lval) == 0) { SV.logconns = BooleanFromString(value); Log(LOG_LEVEL_VERBOSE, "Setting logconns to %d", SV.logconns); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_MAX_CONNECTIONS].lval) == 0) { CFD_MAXPROCESSES = (int) IntFromString(value); MAXTRIES = CFD_MAXPROCESSES / 3; Log(LOG_LEVEL_VERBOSE, "Setting maxconnections to %d", CFD_MAXPROCESSES); #ifdef LMDB static int LSD_MAXREADERS = 0; if (LSD_MAXREADERS < CFD_MAXPROCESSES) { int rc = UpdateLastSeenMaxReaders(CFD_MAXPROCESSES); if (rc == 0) { LSD_MAXREADERS = CFD_MAXPROCESSES; } } #endif continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_CALL_COLLECT_INTERVAL].lval) == 0) { COLLECT_INTERVAL = (int) 60 * IntFromString(value); Log(LOG_LEVEL_VERBOSE, "Setting call_collect_interval to %d (seconds)", COLLECT_INTERVAL); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_LISTEN].lval) == 0) { SERVER_LISTEN = BooleanFromString(value); Log(LOG_LEVEL_VERBOSE, "Setting server listen to '%s' ", (SERVER_LISTEN)? "true":"false"); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_CALL_COLLECT_WINDOW].lval) == 0) { COLLECT_WINDOW = (int) IntFromString(value); Log(LOG_LEVEL_VERBOSE, "Setting collect_window to %d (seconds)", COLLECT_INTERVAL); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_CF_RUN_COMMAND].lval) == 0) { strlcpy(CFRUNCOMMAND, value, sizeof(CFRUNCOMMAND)); Log(LOG_LEVEL_VERBOSE, "Setting cfruncommand to '%s'", CFRUNCOMMAND); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_ALLOW_CONNECTS].lval) == 0) { Log(LOG_LEVEL_VERBOSE, "Setting allowing connections from ..."); for (const Rlist *rp = value; rp != NULL; rp = rp->next) { if (!IsItemIn(SV.nonattackerlist, RlistScalarValue(rp))) { AppendItem(&SV.nonattackerlist, RlistScalarValue(rp), cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_DENY_CONNECTS].lval) == 0) { Log(LOG_LEVEL_VERBOSE, "Setting denying connections from ..."); for (const Rlist *rp = value; rp != NULL; rp = rp->next) { if (!IsItemIn(SV.attackerlist, RlistScalarValue(rp))) { AppendItem(&SV.attackerlist, RlistScalarValue(rp), cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_SKIP_VERIFY].lval) == 0) { continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_ALLOW_ALL_CONNECTS].lval) == 0) { Log(LOG_LEVEL_VERBOSE, "Setting allowing multiple connections from ..."); for (const Rlist *rp = value; rp != NULL; rp = rp->next) { if (!IsItemIn(SV.multiconnlist, RlistScalarValue(rp))) { AppendItem(&SV.multiconnlist, RlistScalarValue(rp), cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_ALLOW_USERS].lval) == 0) { Log(LOG_LEVEL_VERBOSE, "SET Allowing users ..."); for (const Rlist *rp = value; rp != NULL; rp = rp->next) { if (!IsItemIn(SV.allowuserlist, RlistScalarValue(rp))) { AppendItem(&SV.allowuserlist, RlistScalarValue(rp), cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_TRUST_KEYS_FROM].lval) == 0) { Log(LOG_LEVEL_VERBOSE, "Setting trust keys from ..."); for (const Rlist *rp = value; rp != NULL; rp = rp->next) { if (!IsItemIn(SV.trustkeylist, RlistScalarValue(rp))) { AppendItem(&SV.trustkeylist, RlistScalarValue(rp), cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_ALLOWLEGACYCONNECTS].lval) == 0) { Log(LOG_LEVEL_VERBOSE, "Setting allowing legacy connections from ..."); for (const Rlist *rp = value; rp != NULL; rp = rp->next) { if (!IsItemIn(SV.allowlegacyconnects, RlistScalarValue(rp))) { AppendItem(&SV.allowlegacyconnects, RlistScalarValue(rp), cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_PORT_NUMBER].lval) == 0) { CFENGINE_PORT = IntFromString(value); strlcpy(CFENGINE_PORT_STR, value, sizeof(CFENGINE_PORT_STR)); Log(LOG_LEVEL_VERBOSE, "Setting default port number to %d", CFENGINE_PORT); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_BIND_TO_INTERFACE].lval) == 0) { strlcpy(BINDINTERFACE, value, sizeof(BINDINTERFACE)); Log(LOG_LEVEL_VERBOSE, "Setting bindtointerface to '%s'", BINDINTERFACE); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_ALLOWCIPHERS].lval) == 0) { SV.allowciphers = xstrdup(value); Log(LOG_LEVEL_VERBOSE, "Setting allowciphers to '%s'", SV.allowciphers); continue; } } } const void *value = EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_SYSLOG_HOST); if (value) { /* Don't resolve syslog_host now, better do it per log request. */ if (!SetSyslogHost(value)) { Log(LOG_LEVEL_ERR, "Failed to set syslog_host, '%s' too long", (const char *)value); } else { Log(LOG_LEVEL_VERBOSE, "Setting syslog_host to '%s'", (const char *)value); } } value = EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_SYSLOG_PORT); if (value) { SetSyslogPort(IntFromString(value)); } value = EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_FIPS_MODE); if (value) { FIPS_MODE = BooleanFromString(value); Log(LOG_LEVEL_VERBOSE, "Setting FIPS mode to to '%s'", FIPS_MODE ? "true" : "false"); } value = EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_LASTSEEN_EXPIRE_AFTER); if (value) { LASTSEENEXPIREAFTER = IntFromString(value) * 60; } }
static bool ScheduleRun(EvalContext *ctx, Policy **policy, GenericAgentConfig *config, ExecdConfig **execd_config, ExecConfig **exec_config) { Log(LOG_LEVEL_VERBOSE, "Sleeping for pulse time %d seconds...", CFPULSETIME); sleep(CFPULSETIME); /* 1 Minute resolution is enough */ /* * FIXME: this logic duplicates the one from cf-serverd.c. Unify ASAP. */ if (CheckNewPromises(config) == RELOAD_FULL) { /* Full reload */ Log(LOG_LEVEL_INFO, "Re-reading promise file '%s'", config->input_file); EvalContextClear(ctx); strcpy(VDOMAIN, "undefined.domain"); PolicyDestroy(*policy); *policy = NULL; { char *existing_policy_server = ReadPolicyServerFile(GetWorkDir()); SetPolicyServer(ctx, existing_policy_server); free(existing_policy_server); } UpdateLastPolicyUpdateTime(ctx); DetectEnvironment(ctx); EvalContextClassPutHard(ctx, CF_AGENTTYPES[AGENT_TYPE_EXECUTOR], "cfe_internal,source=agent"); time_t t = SetReferenceTime(); UpdateTimeClasses(ctx, t); GenericAgentConfigSetBundleSequence(config, NULL); *policy = LoadPolicy(ctx, config); ExecConfigDestroy(*exec_config); ExecdConfigDestroy(*execd_config); *exec_config = ExecConfigNew(!ONCE, ctx, *policy); *execd_config = ExecdConfigNew(ctx, *policy); SetFacility((*execd_config)->log_facility); } else { /* Environment reload */ EvalContextClear(ctx); DetectEnvironment(ctx); time_t t = SetReferenceTime(); UpdateTimeClasses(ctx, t); } { StringSetIterator it = StringSetIteratorInit((*execd_config)->schedule); const char *time_context = NULL; while ((time_context = StringSetIteratorNext(&it))) { if (IsDefinedClass(ctx, time_context)) { Log(LOG_LEVEL_VERBOSE, "Waking up the agent at %s ~ %s", ctime(&CFSTARTTIME), time_context); return true; } } } Log(LOG_LEVEL_VERBOSE, "Nothing to do at %s", ctime(&CFSTARTTIME)); return false; }
static void KeepControlPromises(EvalContext *ctx, Policy *policy, GenericAgentConfig *config) { Rval retval; CFD_MAXPROCESSES = 30; MAXTRIES = 5; DENYBADCLOCKS = true; CFRUNCOMMAND[0] = '\0'; SetChecksumUpdates(true); /* Keep promised agent behaviour - control bodies */ Banner("Server control promises.."); PolicyResolve(ctx, policy, config); /* Now expand */ Seq *constraints = ControlBodyConstraints(policy, AGENT_TYPE_SERVER); if (constraints) { for (size_t i = 0; i < SeqLength(constraints); i++) { Constraint *cp = SeqAt(constraints, i); if (!IsDefinedClass(ctx, cp->classes, NULL)) { continue; } VarRef *ref = VarRefParseFromScope(cp->lval, "control_server"); if (!EvalContextVariableGet(ctx, ref, &retval, NULL)) { Log(LOG_LEVEL_ERR, "Unknown lval '%s' in server control body", cp->lval); VarRefDestroy(ref); continue; } VarRefDestroy(ref); if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_SERVER_FACILITY].lval) == 0) { SetFacility(retval.item); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_DENY_BAD_CLOCKS].lval) == 0) { DENYBADCLOCKS = BooleanFromString(retval.item); Log(LOG_LEVEL_VERBOSE, "Setting denybadclocks to '%s'", DENYBADCLOCKS ? "true" : "false"); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_LOG_ENCRYPTED_TRANSFERS].lval) == 0) { LOGENCRYPT = BooleanFromString(retval.item); Log(LOG_LEVEL_VERBOSE, "Setting logencrypt to '%s'", LOGENCRYPT ? "true" : "false"); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_LOG_ALL_CONNECTIONS].lval) == 0) { SV.logconns = BooleanFromString(retval.item); Log(LOG_LEVEL_VERBOSE, "Setting logconns to %d", SV.logconns); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_MAX_CONNECTIONS].lval) == 0) { CFD_MAXPROCESSES = (int) IntFromString(retval.item); MAXTRIES = CFD_MAXPROCESSES / 3; Log(LOG_LEVEL_VERBOSE, "Setting maxconnections to %d", CFD_MAXPROCESSES); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_CALL_COLLECT_INTERVAL].lval) == 0) { COLLECT_INTERVAL = (int) 60 * IntFromString(retval.item); Log(LOG_LEVEL_VERBOSE, "Setting call_collect_interval to %d (seconds)", COLLECT_INTERVAL); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_LISTEN].lval) == 0) { SERVER_LISTEN = BooleanFromString(retval.item); Log(LOG_LEVEL_VERBOSE, "Setting server listen to '%s' ", (SERVER_LISTEN)? "true":"false"); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_CALL_COLLECT_WINDOW].lval) == 0) { COLLECT_WINDOW = (int) IntFromString(retval.item); Log(LOG_LEVEL_VERBOSE, "Setting collect_window to %d (seconds)", COLLECT_INTERVAL); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_CF_RUN_COMMAND].lval) == 0) { strncpy(CFRUNCOMMAND, retval.item, CF_BUFSIZE - 1); Log(LOG_LEVEL_VERBOSE, "Setting cfruncommand to '%s'", CFRUNCOMMAND); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_ALLOW_CONNECTS].lval) == 0) { Rlist *rp; Log(LOG_LEVEL_VERBOSE, "Setting allowing connections from ..."); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { if (!IsItemIn(SV.nonattackerlist, rp->item)) { AppendItem(&SV.nonattackerlist, rp->item, cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_DENY_CONNECTS].lval) == 0) { Rlist *rp; Log(LOG_LEVEL_VERBOSE, "Setting denying connections from ..."); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { if (!IsItemIn(SV.attackerlist, rp->item)) { AppendItem(&SV.attackerlist, rp->item, cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_SKIP_VERIFY].lval) == 0) { Rlist *rp; Log(LOG_LEVEL_VERBOSE, "Setting skip verify connections from ..."); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { if (!IsItemIn(SV.skipverify, rp->item)) { AppendItem(&SV.skipverify, rp->item, cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_ALLOW_ALL_CONNECTS].lval) == 0) { Rlist *rp; Log(LOG_LEVEL_VERBOSE, "Setting allowing multiple connections from ..."); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { if (!IsItemIn(SV.multiconnlist, rp->item)) { AppendItem(&SV.multiconnlist, rp->item, cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_ALLOW_USERS].lval) == 0) { Rlist *rp; Log(LOG_LEVEL_VERBOSE, "SET Allowing users ..."); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { if (!IsItemIn(SV.allowuserlist, rp->item)) { AppendItem(&SV.allowuserlist, rp->item, cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_TRUST_KEYS_FROM].lval) == 0) { Rlist *rp; Log(LOG_LEVEL_VERBOSE, "Setting trust keys from ..."); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { if (!IsItemIn(SV.trustkeylist, rp->item)) { AppendItem(&SV.trustkeylist, rp->item, cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_PORT_NUMBER].lval) == 0) { SHORT_CFENGINEPORT = (short) IntFromString(retval.item); strncpy(STR_CFENGINEPORT, retval.item, 15); Log(LOG_LEVEL_VERBOSE, "Setting default portnumber to %u = %s = %s", (int) SHORT_CFENGINEPORT, STR_CFENGINEPORT, RvalScalarValue(retval)); SHORT_CFENGINEPORT = htons((short) IntFromString(retval.item)); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_BIND_TO_INTERFACE].lval) == 0) { strncpy(BINDINTERFACE, retval.item, CF_BUFSIZE - 1); Log(LOG_LEVEL_VERBOSE, "Setting bindtointerface to '%s'", BINDINTERFACE); continue; } } } if (EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_SYSLOG_HOST, &retval)) { /* Don't resolve syslog_host now, better do it per log request. */ if (!SetSyslogHost(retval.item)) { Log(LOG_LEVEL_ERR, "Failed to set syslog_host, '%s' too long", (char *) retval.item); } else { Log(LOG_LEVEL_VERBOSE, "Setting syslog_host to '%s'", (char *) retval.item); } } if (EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_SYSLOG_PORT, &retval)) { SetSyslogPort(IntFromString(retval.item)); } if (EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_FIPS_MODE, &retval)) { FIPS_MODE = BooleanFromString(retval.item); Log(LOG_LEVEL_VERBOSE, "Setting FIPS mode to to '%s'", FIPS_MODE ? "true" : "false"); } if (EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_LASTSEEN_EXPIRE_AFTER, &retval)) { LASTSEENEXPIREAFTER = IntFromString(retval.item) * 60; } }
static void KeepControlPromises(EvalContext *ctx, Policy *policy, GenericAgentConfig *config) { Rval retval; CFD_MAXPROCESSES = 30; MAXTRIES = 5; DENYBADCLOCKS = true; CFRUNCOMMAND[0] = '\0'; SetChecksumUpdates(true); /* Keep promised agent behaviour - control bodies */ Banner("Server control promises.."); HashControls(ctx, policy, config); /* Now expand */ Seq *constraints = ControlBodyConstraints(policy, AGENT_TYPE_SERVER); if (constraints) { for (size_t i = 0; i < SeqLength(constraints); i++) { Constraint *cp = SeqAt(constraints, i); if (!IsDefinedClass(ctx, cp->classes, NULL)) { continue; } if (!EvalContextVariableGet(ctx, (VarRef) { NULL, "control_server", cp->lval }, &retval, NULL)) { CfOut(OUTPUT_LEVEL_ERROR, "", "Unknown lval %s in server control body", cp->lval); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_SERVER_FACILITY].lval) == 0) { SetFacility(retval.item); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_DENY_BAD_CLOCKS].lval) == 0) { DENYBADCLOCKS = BooleanFromString(retval.item); CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET denybadclocks = %d\n", DENYBADCLOCKS); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_LOG_ENCRYPTED_TRANSFERS].lval) == 0) { LOGENCRYPT = BooleanFromString(retval.item); CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET LOGENCRYPT = %d\n", LOGENCRYPT); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_LOG_ALL_CONNECTIONS].lval) == 0) { SV.logconns = BooleanFromString(retval.item); CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET logconns = %d\n", SV.logconns); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_MAX_CONNECTIONS].lval) == 0) { CFD_MAXPROCESSES = (int) IntFromString(retval.item); MAXTRIES = CFD_MAXPROCESSES / 3; CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET maxconnections = %d\n", CFD_MAXPROCESSES); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_CALL_COLLECT_INTERVAL].lval) == 0) { COLLECT_INTERVAL = (int) 60 * IntFromString(retval.item); CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET call_collect_interval = %d (seconds)\n", COLLECT_INTERVAL); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_LISTEN].lval) == 0) { SERVER_LISTEN = BooleanFromString(retval.item); CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET server listen = %s \n", (SERVER_LISTEN)? "true":"false"); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_CALL_COLLECT_WINDOW].lval) == 0) { COLLECT_WINDOW = (int) IntFromString(retval.item); CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET collect_window = %d (seconds)\n", COLLECT_INTERVAL); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_CF_RUN_COMMAND].lval) == 0) { strncpy(CFRUNCOMMAND, retval.item, CF_BUFSIZE - 1); CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET cfruncommand = %s\n", CFRUNCOMMAND); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_ALLOW_CONNECTS].lval) == 0) { Rlist *rp; CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET Allowing connections from ...\n"); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { if (!IsItemIn(SV.nonattackerlist, rp->item)) { AppendItem(&SV.nonattackerlist, rp->item, cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_DENY_CONNECTS].lval) == 0) { Rlist *rp; CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET Denying connections from ...\n"); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { if (!IsItemIn(SV.attackerlist, rp->item)) { AppendItem(&SV.attackerlist, rp->item, cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_SKIP_VERIFY].lval) == 0) { Rlist *rp; CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET Skip verify connections from ...\n"); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { if (!IsItemIn(SV.skipverify, rp->item)) { AppendItem(&SV.skipverify, rp->item, cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_ALLOW_ALL_CONNECTS].lval) == 0) { Rlist *rp; CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET Allowing multiple connections from ...\n"); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { if (!IsItemIn(SV.multiconnlist, rp->item)) { AppendItem(&SV.multiconnlist, rp->item, cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_ALLOW_USERS].lval) == 0) { Rlist *rp; CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET Allowing users ...\n"); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { if (!IsItemIn(SV.allowuserlist, rp->item)) { AppendItem(&SV.allowuserlist, rp->item, cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_TRUST_KEYS_FROM].lval) == 0) { Rlist *rp; CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET Trust keys from ...\n"); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { if (!IsItemIn(SV.trustkeylist, rp->item)) { AppendItem(&SV.trustkeylist, rp->item, cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_PORT_NUMBER].lval) == 0) { SHORT_CFENGINEPORT = (short) IntFromString(retval.item); strncpy(STR_CFENGINEPORT, retval.item, 15); CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET default portnumber = %u = %s = %s\n", (int) SHORT_CFENGINEPORT, STR_CFENGINEPORT, RvalScalarValue(retval)); SHORT_CFENGINEPORT = htons((short) IntFromString(retval.item)); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_KEY_TTL].lval) == 0) { CfOut(OUTPUT_LEVEL_VERBOSE, "", "Ignoring deprecated option keycacheTTL"); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_BIND_TO_INTERFACE].lval) == 0) { strncpy(BINDINTERFACE, retval.item, CF_BUFSIZE - 1); CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET bindtointerface = %s\n", BINDINTERFACE); continue; } } } if (ScopeControlCommonGet(ctx, COMMON_CONTROL_SYSLOG_HOST, &retval) != DATA_TYPE_NONE) { SetSyslogHost(Hostname2IPString(retval.item)); } if (ScopeControlCommonGet(ctx, COMMON_CONTROL_SYSLOG_PORT, &retval) != DATA_TYPE_NONE) { SetSyslogPort(IntFromString(retval.item)); } if (ScopeControlCommonGet(ctx, COMMON_CONTROL_FIPS_MODE, &retval) != DATA_TYPE_NONE) { FIPS_MODE = BooleanFromString(retval.item); CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET FIPS_MODE = %d\n", FIPS_MODE); } if (ScopeControlCommonGet(ctx, COMMON_CONTROL_LASTSEEN_EXPIRE_AFTER, &retval) != DATA_TYPE_NONE) { LASTSEENEXPIREAFTER = IntFromString(retval.item) * 60; } }
void KeepControlPromises(Policy *policy) { Rval retval; Rlist *rp; Seq *constraints = ControlBodyConstraints(policy, AGENT_TYPE_AGENT); if (constraints) { for (size_t i = 0; i < SeqLength(constraints); i++) { Constraint *cp = SeqAt(constraints, i); if (IsExcluded(cp->classes, NULL)) { continue; } if (GetVariable("control_common", cp->lval, &retval) != DATA_TYPE_NONE) { /* Already handled in generic_agent */ continue; } if (GetVariable("control_agent", cp->lval, &retval) == DATA_TYPE_NONE) { CfOut(cf_error, "", "Unknown lval %s in agent control body", cp->lval); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_maxconnections].lval) == 0) { CFA_MAXTHREADS = (int) Str2Int(retval.item); CfOut(cf_verbose, "", "SET maxconnections = %d\n", CFA_MAXTHREADS); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_checksum_alert_time].lval) == 0) { CF_PERSISTENCE = (int) Str2Int(retval.item); CfOut(cf_verbose, "", "SET checksum_alert_time = %d\n", CF_PERSISTENCE); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_agentfacility].lval) == 0) { SetFacility(retval.item); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_agentaccess].lval) == 0) { ACCESSLIST = (Rlist *) retval.item; CheckAgentAccess(ACCESSLIST, InputFiles(policy)); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_refresh_processes].lval) == 0) { Rlist *rp; if (VERBOSE) { printf("%s> SET refresh_processes when starting: ", VPREFIX); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { printf(" %s", (char *) rp->item); PrependItem(&PROCESSREFRESH, rp->item, NULL); } printf("\n"); } continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_abortclasses].lval) == 0) { Rlist *rp; CfOut(cf_verbose, "", "SET Abort classes from ...\n"); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { char name[CF_MAXVARSIZE] = ""; strncpy(name, rp->item, CF_MAXVARSIZE - 1); AddAbortClass(name, cp->classes); } continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_abortbundleclasses].lval) == 0) { Rlist *rp; CfOut(cf_verbose, "", "SET Abort bundle classes from ...\n"); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { char name[CF_MAXVARSIZE] = ""; strncpy(name, rp->item, CF_MAXVARSIZE - 1); if (!IsItemIn(ABORTBUNDLEHEAP, name)) { AppendItem(&ABORTBUNDLEHEAP, name, cp->classes); } } continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_addclasses].lval) == 0) { Rlist *rp; CfOut(cf_verbose, "", "-> Add classes ...\n"); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { CfOut(cf_verbose, "", " -> ... %s\n", ScalarValue(rp)); NewClass(rp->item, NULL); } continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_auditing].lval) == 0) { CfOut(cf_verbose, "", "This option does nothing and is retained for compatibility reasons"); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_alwaysvalidate].lval) == 0) { ALWAYS_VALIDATE = GetBoolean(retval.item); CfOut(cf_verbose, "", "SET alwaysvalidate = %d\n", ALWAYS_VALIDATE); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_allclassesreport].lval) == 0) { ALLCLASSESREPORT = GetBoolean(retval.item); CfOut(cf_verbose, "", "SET allclassesreport = %d\n", ALLCLASSESREPORT); } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_secureinput].lval) == 0) { CFPARANOID = GetBoolean(retval.item); CfOut(cf_verbose, "", "SET secure input = %d\n", CFPARANOID); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_binarypaddingchar].lval) == 0) { CfOut(cf_verbose, "", "binarypaddingchar is obsolete and does nothing\n"); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_bindtointerface].lval) == 0) { strncpy(BINDINTERFACE, retval.item, CF_BUFSIZE - 1); CfOut(cf_verbose, "", "SET bindtointerface = %s\n", BINDINTERFACE); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_hashupdates].lval) == 0) { bool enabled = GetBoolean(retval.item); SetChecksumUpdates(enabled); CfOut(cf_verbose, "", "SET ChecksumUpdates %d\n", enabled); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_exclamation].lval) == 0) { CfOut(cf_verbose, "", "exclamation control is deprecated and does not do anything\n"); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_childlibpath].lval) == 0) { char output[CF_BUFSIZE]; snprintf(output, CF_BUFSIZE, "LD_LIBRARY_PATH=%s", (char *) retval.item); if (putenv(xstrdup(output)) == 0) { CfOut(cf_verbose, "", "Setting %s\n", output); } continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_defaultcopytype].lval) == 0) { DEFAULT_COPYTYPE = (char *) retval.item; CfOut(cf_verbose, "", "SET defaultcopytype = %s\n", DEFAULT_COPYTYPE); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_fsinglecopy].lval) == 0) { SINGLE_COPY_LIST = (Rlist *) retval.item; CfOut(cf_verbose, "", "SET file single copy list\n"); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_fautodefine].lval) == 0) { SetFileAutoDefineList(ListRvalValue(retval)); CfOut(cf_verbose, "", "SET file auto define list\n"); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_dryrun].lval) == 0) { DONTDO = GetBoolean(retval.item); CfOut(cf_verbose, "", "SET dryrun = %c\n", DONTDO); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_inform].lval) == 0) { INFORM = GetBoolean(retval.item); CfOut(cf_verbose, "", "SET inform = %c\n", INFORM); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_verbose].lval) == 0) { VERBOSE = GetBoolean(retval.item); CfOut(cf_verbose, "", "SET inform = %c\n", VERBOSE); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_repository].lval) == 0) { SetRepositoryLocation(retval.item); CfOut(cf_verbose, "", "SET repository = %s\n", ScalarRvalValue(retval)); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_skipidentify].lval) == 0) { bool enabled = GetBoolean(retval.item); SetSkipIdentify(enabled); CfOut(cf_verbose, "", "SET skipidentify = %d\n", (int) enabled); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_suspiciousnames].lval) == 0) { for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { AddFilenameToListOfSuspicious(ScalarValue(rp)); CfOut(cf_verbose, "", "-> Considering %s as suspicious file", ScalarValue(rp)); } continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_repchar].lval) == 0) { char c = *(char *) retval.item; SetRepositoryChar(c); CfOut(cf_verbose, "", "SET repchar = %c\n", c); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_mountfilesystems].lval) == 0) { CF_MOUNTALL = GetBoolean(retval.item); CfOut(cf_verbose, "", "SET mountfilesystems = %d\n", CF_MOUNTALL); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_editfilesize].lval) == 0) { EDITFILESIZE = Str2Int(retval.item); CfOut(cf_verbose, "", "SET EDITFILESIZE = %d\n", EDITFILESIZE); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_ifelapsed].lval) == 0) { VIFELAPSED = Str2Int(retval.item); CfOut(cf_verbose, "", "SET ifelapsed = %d\n", VIFELAPSED); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_expireafter].lval) == 0) { VEXPIREAFTER = Str2Int(retval.item); CfOut(cf_verbose, "", "SET ifelapsed = %d\n", VEXPIREAFTER); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_timeout].lval) == 0) { CONNTIMEOUT = Str2Int(retval.item); CfOut(cf_verbose, "", "SET timeout = %jd\n", (intmax_t) CONNTIMEOUT); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_max_children].lval) == 0) { CFA_BACKGROUND_LIMIT = Str2Int(retval.item); CfOut(cf_verbose, "", "SET MAX_CHILDREN = %d\n", CFA_BACKGROUND_LIMIT); if (CFA_BACKGROUND_LIMIT > 10) { CfOut(cf_error, "", "Silly value for max_children in agent control promise (%d > 10)", CFA_BACKGROUND_LIMIT); CFA_BACKGROUND_LIMIT = 1; } continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_syslog].lval) == 0) { CfOut(cf_verbose, "", "SET syslog = %d\n", GetBoolean(retval.item)); continue; } if (strcmp(cp->lval, CFA_CONTROLBODY[cfa_environment].lval) == 0) { Rlist *rp; CfOut(cf_verbose, "", "SET environment variables from ...\n"); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { if (putenv(rp->item) != 0) { CfOut(cf_error, "putenv", "Failed to set environment variable %s", ScalarValue(rp)); } } continue; } } } if (GetVariable("control_common", CFG_CONTROLBODY[cfg_lastseenexpireafter].lval, &retval) != DATA_TYPE_NONE) { LASTSEENEXPIREAFTER = Str2Int(retval.item) * 60; } if (GetVariable("control_common", CFG_CONTROLBODY[cfg_fips_mode].lval, &retval) != DATA_TYPE_NONE) { FIPS_MODE = GetBoolean(retval.item); CfOut(cf_verbose, "", "SET FIPS_MODE = %d\n", FIPS_MODE); } if (GetVariable("control_common", CFG_CONTROLBODY[cfg_syslog_port].lval, &retval) != DATA_TYPE_NONE) { SetSyslogPort(Str2Int(retval.item)); CfOut(cf_verbose, "", "SET syslog_port to %s", ScalarRvalValue(retval)); } if (GetVariable("control_common", CFG_CONTROLBODY[cfg_syslog_host].lval, &retval) != DATA_TYPE_NONE) { SetSyslogHost(Hostname2IPString(retval.item)); CfOut(cf_verbose, "", "SET syslog_host to %s", Hostname2IPString(retval.item)); } #ifdef HAVE_NOVA Nova_Initialize(); #endif }
void KeepControlPromises() { struct Constraint *cp; char rettype; void *retval; struct Rlist *rp; for (cp = ControlBodyConstraints(cf_agent); cp != NULL; cp=cp->next) { if (IsExcluded(cp->classes)) { continue; } if (GetVariable("control_common",cp->lval,&retval,&rettype) != cf_notype) { /* Already handled in generic_agent */ continue; } if (GetVariable("control_agent",cp->lval,&retval,&rettype) == cf_notype) { CfOut(cf_error,"","Unknown lval %s in agent control body",cp->lval); continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_maxconnections].lval) == 0) { CFA_MAXTHREADS = (int)Str2Int(retval); CfOut(cf_verbose,"","SET maxconnections = %d\n",CFA_MAXTHREADS); continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_checksum_alert_time].lval) == 0) { CF_PERSISTENCE = (int)Str2Int(retval); CfOut(cf_verbose,"","SET checksum_alert_time = %d\n",CF_PERSISTENCE); continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_agentfacility].lval) == 0) { SetFacility(retval); continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_agentaccess].lval) == 0) { ACCESSLIST = (struct Rlist *) retval; CheckAgentAccess(ACCESSLIST); continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_refresh_processes].lval) == 0) { struct Rlist *rp; if (VERBOSE) { printf("%s> SET refresh_processes when starting: ",VPREFIX); for (rp = (struct Rlist *) retval; rp != NULL; rp = rp->next) { printf(" %s",(char *)rp->item); PrependItem(&PROCESSREFRESH,rp->item,NULL); } printf("\n"); } continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_abortclasses].lval) == 0) { struct Rlist *rp; CfOut(cf_verbose,"","SET Abort classes from ...\n"); for (rp = (struct Rlist *) retval; rp != NULL; rp = rp->next) { char name[CF_MAXVARSIZE] = ""; strncpy(name, rp->item, CF_MAXVARSIZE - 1); CanonifyNameInPlace(name); if (!IsItemIn(ABORTHEAP,name)) { AppendItem(&ABORTHEAP,name,cp->classes); } } continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_abortbundleclasses].lval) == 0) { struct Rlist *rp; CfOut(cf_verbose,"","SET Abort bundle classes from ...\n"); for (rp = (struct Rlist *) retval; rp != NULL; rp = rp->next) { char name[CF_MAXVARSIZE] = ""; strncpy(name, rp->item, CF_MAXVARSIZE - 1); CanonifyNameInPlace(name); if (!IsItemIn(ABORTBUNDLEHEAP,name)) { AppendItem(&ABORTBUNDLEHEAP,name,cp->classes); } } continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_addclasses].lval) == 0) { struct Rlist *rp; CfOut(cf_verbose,"","-> Add classes ...\n"); for (rp = (struct Rlist *) retval; rp != NULL; rp = rp->next) { CfOut(cf_verbose,""," -> ... %s\n",rp->item); NewClass(rp->item); } continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_auditing].lval) == 0) { AUDIT = GetBoolean(retval); CfOut(cf_verbose,"","SET auditing = %d\n",AUDIT); continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_alwaysvalidate].lval) == 0) { ALWAYS_VALIDATE = GetBoolean(retval); CfOut(cf_verbose,"","SET alwaysvalidate = %d\n",ALWAYS_VALIDATE); continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_secureinput].lval) == 0) { CFPARANOID = GetBoolean(retval); CfOut(cf_verbose,"","SET secure input = %d\n",CFPARANOID); continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_binarypaddingchar].lval) == 0) { PADCHAR = *(char *)retval; CfOut(cf_verbose,"","SET binarypaddingchar = %c\n",PADCHAR); continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_bindtointerface].lval) == 0) { strncpy(BINDINTERFACE,retval,CF_BUFSIZE-1); CfOut(cf_verbose,"","SET bindtointerface = %s\n",BINDINTERFACE); continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_hashupdates].lval) == 0) { CHECKSUMUPDATES = GetBoolean(retval); CfOut(cf_verbose,"","SET ChecksumUpdates %d\n",CHECKSUMUPDATES); continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_exclamation].lval) == 0) { EXCLAIM = GetBoolean(retval); CfOut(cf_verbose,"","SET exclamation %d\n",EXCLAIM); continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_childlibpath].lval) == 0) { char output[CF_BUFSIZE]; snprintf(output,CF_BUFSIZE,"LD_LIBRARY_PATH=%s",(char *)retval); if (putenv(strdup(output)) == 0) { CfOut(cf_verbose,"","Setting %s\n",output); } continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_defaultcopytype].lval) == 0) { DEFAULT_COPYTYPE = (char *)retval; CfOut(cf_verbose,"","SET defaultcopytype = %c\n",DEFAULT_COPYTYPE); continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_fsinglecopy].lval) == 0) { SINGLE_COPY_LIST = (struct Rlist *)retval; CfOut(cf_verbose,"","SET file single copy list\n"); continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_fautodefine].lval) == 0) { AUTO_DEFINE_LIST = (struct Rlist *)retval; CfOut(cf_verbose,"","SET file auto define list\n"); continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_dryrun].lval) == 0) { DONTDO = GetBoolean(retval); CfOut(cf_verbose,"","SET dryrun = %c\n",DONTDO); continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_inform].lval) == 0) { INFORM = GetBoolean(retval); CfOut(cf_verbose,"","SET inform = %c\n",INFORM); continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_verbose].lval) == 0) { VERBOSE = GetBoolean(retval); CfOut(cf_verbose,"","SET inform = %c\n",VERBOSE); continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_repository].lval) == 0) { VREPOSITORY = strdup(retval); CfOut(cf_verbose,"","SET repository = %s\n",VREPOSITORY); continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_skipidentify].lval) == 0) { SKIPIDENTIFY = GetBoolean(retval); CfOut(cf_verbose,"","SET skipidentify = %d\n",SKIPIDENTIFY); continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_suspiciousnames].lval) == 0) { for (rp = (struct Rlist *) retval; rp != NULL; rp = rp->next) { PrependItem(&SUSPICIOUSLIST,rp->item,NULL); CfOut(cf_verbose,"", "-> Concidering %s as suspicious file", rp->item); } continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_repchar].lval) == 0) { REPOSCHAR = *(char *)retval; CfOut(cf_verbose,"","SET repchar = %c\n",REPOSCHAR); continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_mountfilesystems].lval) == 0) { CF_MOUNTALL = GetBoolean(retval); CfOut(cf_verbose,"","SET mountfilesystems = %d\n",CF_MOUNTALL); continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_editfilesize].lval) == 0) { EDITFILESIZE = Str2Int(retval); CfOut(cf_verbose,"","SET EDITFILESIZE = %d\n",EDITFILESIZE); continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_ifelapsed].lval) == 0) { VIFELAPSED = Str2Int(retval); CfOut(cf_verbose,"","SET ifelapsed = %d\n",VIFELAPSED); continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_expireafter].lval) == 0) { VEXPIREAFTER = Str2Int(retval); CfOut(cf_verbose,"","SET ifelapsed = %d\n",VEXPIREAFTER); continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_timeout].lval) == 0) { CONNTIMEOUT = Str2Int(retval); CfOut(cf_verbose,"","SET timeout = %d\n",CONNTIMEOUT); continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_max_children].lval) == 0) { CFA_BACKGROUND_LIMIT = Str2Int(retval); CfOut(cf_verbose,"","SET MAX_CHILDREN = %d\n",CFA_BACKGROUND_LIMIT); if (CFA_BACKGROUND_LIMIT > 10) { CfOut(cf_error,"","Silly value for max_children in agent control promise (%d > 10)",CFA_BACKGROUND_LIMIT); CFA_BACKGROUND_LIMIT = 1; } continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_syslog].lval) == 0) { LOGGING = GetBoolean(retval); CfOut(cf_verbose,"","SET syslog = %d\n",LOGGING); continue; } if (strcmp(cp->lval,CFA_CONTROLBODY[cfa_environment].lval) == 0) { struct Rlist *rp; CfOut(cf_verbose,"","SET environment variables from ...\n"); for (rp = (struct Rlist *) retval; rp != NULL; rp = rp->next) { if (putenv(rp->item) != 0) { CfOut(cf_error, "putenv", "Failed to set environment variable %s", rp->item); } } continue; } } if (GetVariable("control_common",CFG_CONTROLBODY[cfg_lastseenexpireafter].lval,&retval,&rettype) != cf_notype) { LASTSEENEXPIREAFTER = Str2Int(retval); } if (GetVariable("control_common",CFG_CONTROLBODY[cfg_fips_mode].lval,&retval,&rettype) != cf_notype) { FIPS_MODE = GetBoolean(retval); CfOut(cf_verbose,"","SET FIPS_MODE = %d\n",FIPS_MODE); } if (GetVariable("control_common",CFG_CONTROLBODY[cfg_syslog_port].lval,&retval,&rettype) != cf_notype) { SYSLOGPORT = (unsigned short)Str2Int(retval); CfOut(cf_verbose,"","SET syslog_port to %d",SYSLOGPORT); } if (GetVariable("control_common",CFG_CONTROLBODY[cfg_syslog_host].lval,&retval,&rettype) != cf_notype) { strncpy(SYSLOGHOST,Hostname2IPString(retval),CF_MAXVARSIZE-1); CfOut(cf_verbose,"","SET syslog_host to %s",SYSLOGHOST); } #ifdef HAVE_NOVA Nova_Initialize(); #endif }
void KeepControlPromises() { Constraint *cp; Rval retval; CFD_MAXPROCESSES = 30; MAXTRIES = 5; CFD_INTERVAL = 0; DENYBADCLOCKS = true; CFRUNCOMMAND[0] = '\0'; SetChecksumUpdates(true); /* Keep promised agent behaviour - control bodies */ Banner("Server control promises.."); HashControls(); /* Now expand */ for (cp = ControlBodyConstraints(cf_server); cp != NULL; cp = cp->next) { if (IsExcluded(cp->classes)) { continue; } if (GetVariable("control_server", cp->lval, &retval) == cf_notype) { CfOut(cf_error, "", "Unknown lval %s in server control body", cp->lval); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_serverfacility].lval) == 0) { SetFacility(retval.item); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_denybadclocks].lval) == 0) { DENYBADCLOCKS = GetBoolean(retval.item); CfOut(cf_verbose, "", "SET denybadclocks = %d\n", DENYBADCLOCKS); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_logencryptedtransfers].lval) == 0) { LOGENCRYPT = GetBoolean(retval.item); CfOut(cf_verbose, "", "SET LOGENCRYPT = %d\n", LOGENCRYPT); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_logallconnections].lval) == 0) { LOGCONNS = GetBoolean(retval.item); CfOut(cf_verbose, "", "SET LOGCONNS = %d\n", LOGCONNS); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_maxconnections].lval) == 0) { CFD_MAXPROCESSES = (int) Str2Int(retval.item); MAXTRIES = CFD_MAXPROCESSES / 3; CfOut(cf_verbose, "", "SET maxconnections = %d\n", CFD_MAXPROCESSES); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_cfruncommand].lval) == 0) { strncpy(CFRUNCOMMAND, retval.item, CF_BUFSIZE - 1); CfOut(cf_verbose, "", "SET cfruncommand = %s\n", CFRUNCOMMAND); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_allowconnects].lval) == 0) { Rlist *rp; CfOut(cf_verbose, "", "SET Allowing connections from ...\n"); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { if (!IsItemIn(NONATTACKERLIST, rp->item)) { AppendItem(&NONATTACKERLIST, rp->item, cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_denyconnects].lval) == 0) { Rlist *rp; CfOut(cf_verbose, "", "SET Denying connections from ...\n"); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { if (!IsItemIn(ATTACKERLIST, rp->item)) { AppendItem(&ATTACKERLIST, rp->item, cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_skipverify].lval) == 0) { Rlist *rp; CfOut(cf_verbose, "", "SET Skip verify connections from ...\n"); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { if (!IsItemIn(SKIPVERIFY, rp->item)) { AppendItem(&SKIPVERIFY, rp->item, cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_dynamicaddresses].lval) == 0) { Rlist *rp; CfOut(cf_verbose, "", "SET Dynamic addresses from ...\n"); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { if (!IsItemIn(DHCPLIST, rp->item)) { AppendItem(&DHCPLIST, rp->item, cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_allowallconnects].lval) == 0) { Rlist *rp; CfOut(cf_verbose, "", "SET Allowing multiple connections from ...\n"); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { if (!IsItemIn(MULTICONNLIST, rp->item)) { AppendItem(&MULTICONNLIST, rp->item, cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_allowusers].lval) == 0) { Rlist *rp; CfOut(cf_verbose, "", "SET Allowing users ...\n"); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { if (!IsItemIn(ALLOWUSERLIST, rp->item)) { AppendItem(&ALLOWUSERLIST, rp->item, cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_trustkeysfrom].lval) == 0) { Rlist *rp; CfOut(cf_verbose, "", "SET Trust keys from ...\n"); for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { if (!IsItemIn(TRUSTKEYLIST, rp->item)) { AppendItem(&TRUSTKEYLIST, rp->item, cp->classes); } } continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_portnumber].lval) == 0) { SHORT_CFENGINEPORT = (short) Str2Int(retval.item); strncpy(STR_CFENGINEPORT, retval.item, 15); CfOut(cf_verbose, "", "SET default portnumber = %u = %s = %s\n", (int) SHORT_CFENGINEPORT, STR_CFENGINEPORT, ScalarRvalValue(retval)); SHORT_CFENGINEPORT = htons((short) Str2Int(retval.item)); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_keyttl].lval) == 0) { CfOut(cf_verbose, "", "Ignoring deprecated option keycacheTTL"); continue; } if (strcmp(cp->lval, CFS_CONTROLBODY[cfs_bindtointerface].lval) == 0) { strncpy(BINDINTERFACE, retval.item, CF_BUFSIZE - 1); CfOut(cf_verbose, "", "SET bindtointerface = %s\n", BINDINTERFACE); continue; } } if (GetVariable("control_common", CFG_CONTROLBODY[cfg_syslog_host].lval, &retval) != cf_notype) { SetSyslogHost(Hostname2IPString(retval.item)); } if (GetVariable("control_common", CFG_CONTROLBODY[cfg_syslog_port].lval, &retval) != cf_notype) { SetSyslogPort(Str2Int(retval.item)); } if (GetVariable("control_common", CFG_CONTROLBODY[cfg_fips_mode].lval, &retval) != cf_notype) { FIPS_MODE = GetBoolean(retval.item); CfOut(cf_verbose, "", "SET FIPS_MODE = %d\n", FIPS_MODE); } if (GetVariable("control_common", CFG_CONTROLBODY[cfg_lastseenexpireafter].lval, &retval) != cf_notype) { LASTSEENEXPIREAFTER = Str2Int(retval.item) * 60; } }
void KeepPromises(Policy *policy, ExecConfig *config) { for (Constraint *cp = ControlBodyConstraints(policy, cf_executor); cp != NULL; cp = cp->next) { if (IsExcluded(cp->classes, NULL)) { continue; } Rval retval; if (GetVariable("control_executor", cp->lval, &retval) == cf_notype) { CfOut(cf_error, "", "Unknown lval %s in exec control body", cp->lval); continue; } if (strcmp(cp->lval, CFEX_CONTROLBODY[cfex_mailfrom].lval) == 0) { free(config->mail_from_address); config->mail_from_address = SafeStringDuplicate(retval.item); CfDebug("mailfrom = %s\n", config->mail_from_address); } if (strcmp(cp->lval, CFEX_CONTROLBODY[cfex_mailto].lval) == 0) { free(config->mail_to_address); config->mail_to_address = SafeStringDuplicate(retval.item); CfDebug("mailto = %s\n", config->mail_to_address); } if (strcmp(cp->lval, CFEX_CONTROLBODY[cfex_smtpserver].lval) == 0) { free(config->mail_server); config->mail_server = SafeStringDuplicate(retval.item); CfDebug("smtpserver = %s\n", config->mail_server); } if (strcmp(cp->lval, CFEX_CONTROLBODY[cfex_execcommand].lval) == 0) { free(config->exec_command); config->exec_command = SafeStringDuplicate(retval.item); CfDebug("exec_command = %s\n", config->exec_command); } if (strcmp(cp->lval, CFEX_CONTROLBODY[cfex_agent_expireafter].lval) == 0) { config->agent_expireafter = Str2Int(retval.item); CfDebug("agent_expireafter = %d\n", config->agent_expireafter); } if (strcmp(cp->lval, CFEX_CONTROLBODY[cfex_executorfacility].lval) == 0) { SetFacility(retval.item); continue; } if (strcmp(cp->lval, CFEX_CONTROLBODY[cfex_mailmaxlines].lval) == 0) { config->mail_max_lines = Str2Int(retval.item); CfDebug("maxlines = %d\n", config->mail_max_lines); } if (strcmp(cp->lval, CFEX_CONTROLBODY[cfex_splaytime].lval) == 0) { int time = Str2Int(ScalarRvalValue(retval)); SPLAYTIME = (int) (time * SECONDS_PER_MINUTE * GetSplay()); } if (strcmp(cp->lval, CFEX_CONTROLBODY[cfex_schedule].lval) == 0) { Rlist *rp; CfDebug("schedule ...\n"); DeleteItemList(SCHEDULE); SCHEDULE = NULL; for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next) { if (!IsItemIn(SCHEDULE, rp->item)) { AppendItem(&SCHEDULE, rp->item, NULL); } } } } }