static VersionCmpResult RunCmpCommand(EvalContext *ctx, const char *command, const char *v1, const char *v2, Attributes a,
const Promise *pp, PromiseResult *result)
{
Buffer *expanded_command = BufferNew();
{
VarRef *ref_v1 = VarRefParseFromScope("v1", PACKAGES_CONTEXT);
EvalContextVariablePut(ctx, ref_v1, v1, CF_DATA_TYPE_STRING, "source=promise");
VarRef *ref_v2 = VarRefParseFromScope("v2", PACKAGES_CONTEXT);
EvalContextVariablePut(ctx, ref_v2, v2, CF_DATA_TYPE_STRING, "source=promise");
ExpandScalar(ctx, NULL, PACKAGES_CONTEXT, command, expanded_command);
EvalContextVariableRemove(ctx, ref_v1);
VarRefDestroy(ref_v1);
EvalContextVariableRemove(ctx, ref_v2);
VarRefDestroy(ref_v2);
}
FILE *pfp = a.packages.package_commands_useshell ? cf_popen_sh(BufferData(expanded_command), "w") : cf_popen(BufferData(expanded_command), "w", true);
if (pfp == NULL)
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "Can not start package version comparison command '%s'. (cf_popen: %s)",
BufferData(expanded_command), GetErrorStr());
*result = PromiseResultUpdate(*result, PROMISE_RESULT_FAIL);
BufferDestroy(expanded_command);
return VERCMP_ERROR;
}
Log(LOG_LEVEL_VERBOSE, "Executing '%s'", BufferData(expanded_command));
int retcode = cf_pclose(pfp);
if (retcode == -1)
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "Error during package version comparison command execution '%s'. (cf_pclose: %s)",
BufferData(expanded_command), GetErrorStr());
*result = PromiseResultUpdate(*result, PROMISE_RESULT_FAIL);
BufferDestroy(expanded_command);
return VERCMP_ERROR;
}
BufferDestroy(expanded_command);
return retcode == 0;
}
static Rval ExpandListEntry(EvalContext *ctx,
const char *ns, const char *scope,
int expandnaked, Rval entry)
{
if (entry.type == RVAL_TYPE_SCALAR &&
IsNakedVar(entry.item, '@'))
{
if (expandnaked)
{
char naked[CF_MAXVARSIZE];
GetNaked(naked, entry.item);
if (!IsExpandable(naked))
{
VarRef *ref = VarRefParseFromScope(naked, scope);
DataType value_type = CF_DATA_TYPE_NONE;
const void *value = EvalContextVariableGet(ctx, ref, &value_type);
VarRefDestroy(ref);
if (value)
{
return ExpandPrivateRval(ctx, ns, scope, value,
DataTypeToRvalType(value_type));
}
}
}
else
{
return RvalNew(entry.item, RVAL_TYPE_SCALAR);
}
}
return ExpandPrivateRval(ctx, ns, scope, entry.item, entry.type);
}
static VersionCmpResult RunCmpCommand(EvalContext *ctx, const char *command, const char *v1, const char *v2, Attributes a, Promise *pp)
{
char expanded_command[CF_EXPANDSIZE];
{
VarRef *ref_v1 = VarRefParseFromScope("v1", "cf_pack_context");
EvalContextVariablePut(ctx, ref_v1, (Rval) { v1, RVAL_TYPE_SCALAR }, DATA_TYPE_STRING);
VarRef *ref_v2 = VarRefParseFromScope("v2", "cf_pack_context");
EvalContextVariablePut(ctx, ref_v2, (Rval) { v2, RVAL_TYPE_SCALAR }, DATA_TYPE_STRING);
ExpandScalar(ctx, NULL, "cf_pack_context", command, expanded_command);
EvalContextVariableRemove(ctx, ref_v1);
VarRefDestroy(ref_v1);
EvalContextVariableRemove(ctx, ref_v2);
VarRefDestroy(ref_v2);
}
FILE *pfp = a.packages.package_commands_useshell ? cf_popen_sh(expanded_command, "w") : cf_popen(expanded_command, "w", true);
if (pfp == NULL)
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "Can not start package version comparison command '%s'. (cf_popen: %s)",
expanded_command, GetErrorStr());
return VERCMP_ERROR;
}
Log(LOG_LEVEL_VERBOSE, "Executing '%s'", expanded_command);
int retcode = cf_pclose(pfp);
if (retcode == -1)
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "Error during package version comparison command execution '%s'. (cf_pclose: %s)",
expanded_command, GetErrorStr());
return VERCMP_ERROR;
}
return retcode == 0;
}
/**
* @WARNING Don't call ScopeDelete*() before this, it's unnecessary.
*/
void ScopeNewSpecial(EvalContext *ctx, SpecialScope scope, const char *lval, const void *rval, DataType dt)
{
Rval rvald;
VarRef *ref = VarRefParseFromScope(lval, SpecialScopeToString(scope));
if (EvalContextVariableGet(ctx, ref, &rvald, NULL))
{
ScopeDeleteSpecial(scope, lval);
}
EvalContextVariablePut(ctx, ref, (Rval) { rval, DataTypeToRvalType(dt) }, dt);
VarRefDestroy(ref);
}
Rlist *ExpandList(EvalContext *ctx, const char *ns, const char *scope, const Rlist *list, int expandnaked)
{
Rlist *start = NULL;
Rval returnval;
for (const Rlist *rp = list; rp != NULL; rp = rp->next)
{
if (!expandnaked && (rp->val.type == RVAL_TYPE_SCALAR) && IsNakedVar(RlistScalarValue(rp), '@'))
{
returnval = RvalNew(RlistScalarValue(rp), RVAL_TYPE_SCALAR);
}
else if ((rp->val.type == RVAL_TYPE_SCALAR) && IsNakedVar(RlistScalarValue(rp), '@'))
{
char naked[CF_MAXVARSIZE];
GetNaked(naked, RlistScalarValue(rp));
if (!IsExpandable(naked))
{
VarRef *ref = VarRefParseFromScope(naked, scope);
DataType value_type = DATA_TYPE_NONE;
const void *value = EvalContextVariableGet(ctx, ref, &value_type);
if (value)
{
returnval = ExpandPrivateRval(ctx, ns, scope, value, DataTypeToRvalType(value_type));
}
else
{
returnval = ExpandPrivateRval(ctx, ns, scope, rp->val.item, rp->val.type);
}
VarRefDestroy(ref);
}
else
{
returnval = ExpandPrivateRval(ctx, ns, scope, rp->val.item, rp->val.type);
}
}
else
{
returnval = ExpandPrivateRval(ctx, ns, scope, rp->val.item, rp->val.type);
}
RlistAppend(&start, returnval.item, returnval.type);
RvalDestroy(returnval);
}
return start;
}
static void KeepPromises(EvalContext *ctx, const Policy *policy)
{
Rval retval;
Seq *constraints = ControlBodyConstraints(policy, AGENT_TYPE_MONITOR);
if (constraints)
{
for (size_t i = 0; i < SeqLength(constraints); i++)
{
Constraint *cp = SeqAt(constraints, i);
if (!IsDefinedClass(ctx, cp->classes, NULL))
{
continue;
}
VarRef *ref = VarRefParseFromScope(cp->lval, "control_monitor");
if (!EvalContextVariableGet(ctx, ref, &retval, NULL))
{
Log(LOG_LEVEL_ERR, "Unknown lval '%s' in monitor control body", cp->lval);
VarRefDestroy(ref);
continue;
}
VarRefDestroy(ref);
if (strcmp(cp->lval, CFM_CONTROLBODY[MONITOR_CONTROL_HISTOGRAMS].lval) == 0)
{
/* Keep accepting this option for backward compatibility. */
}
if (strcmp(cp->lval, CFM_CONTROLBODY[MONITOR_CONTROL_TCP_DUMP].lval) == 0)
{
MonNetworkSnifferEnable(BooleanFromString(retval.item));
}
if (strcmp(cp->lval, CFM_CONTROLBODY[MONITOR_CONTROL_FORGET_RATE].lval) == 0)
{
sscanf(retval.item, "%lf", &FORGETRATE);
Log(LOG_LEVEL_DEBUG, "forget rate %f", FORGETRATE);
}
}
}
}
static Rval ExpandListEntry(EvalContext *ctx,
const char *ns, const char *scope,
int expandnaked, Rval entry)
{
if (entry.type == RVAL_TYPE_SCALAR &&
IsNakedVar(entry.item, '@'))
{
if (expandnaked)
{
char naked[CF_MAXVARSIZE];
GetNaked(naked, entry.item);
if (IsExpandable(naked))
{
char *exp = ExpandScalar(ctx, ns, scope, naked, NULL);
strlcpy(naked, exp, sizeof(naked)); /* TODO err */
free(exp);
}
/* Check again, it might have changed. */
if (!IsExpandable(naked))
{
VarRef *ref = VarRefParseFromScope(naked, scope);
DataType value_type;
const void *value = EvalContextVariableGet(ctx, ref, &value_type);
VarRefDestroy(ref);
if (value_type != CF_DATA_TYPE_NONE) /* variable found? */
{
return ExpandPrivateRval(ctx, ns, scope, value,
DataTypeToRvalType(value_type));
}
}
}
else
{
return RvalNew(entry.item, RVAL_TYPE_SCALAR);
}
}
return ExpandPrivateRval(ctx, ns, scope, entry.item, entry.type);
}
Rval EvaluateFinalRval(EvalContext *ctx, const Policy *policy,
const char *ns, const char *scope,
Rval rval, bool forcelist, const Promise *pp)
{
assert(ctx);
assert(policy);
Rval returnval;
/* Treat lists specially. */
if (rval.type == RVAL_TYPE_SCALAR && IsNakedVar(rval.item, '@'))
{
char naked[CF_MAXVARSIZE];
GetNaked(naked, rval.item);
if (IsExpandable(naked)) /* example: @(blah_$(blue)) */
{
returnval = ExpandPrivateRval(ctx, NULL, "this", rval.item, rval.type);
}
else
{
VarRef *ref = VarRefParseFromScope(naked, scope);
DataType value_type;
const void *value = EvalContextVariableGet(ctx, ref, &value_type);
VarRefDestroy(ref);
if (DataTypeToRvalType(value_type) == RVAL_TYPE_LIST)
{
returnval.item = ExpandList(ctx, ns, scope, value, true);
returnval.type = RVAL_TYPE_LIST;
}
else
{
returnval = ExpandPrivateRval(ctx, NULL, "this", rval.item, rval.type);
}
}
}
else if (forcelist) /* We are replacing scalar @(name) with list */
{
returnval = ExpandPrivateRval(ctx, ns, scope, rval.item, rval.type);
}
else if (FnCallIsBuiltIn(rval))
{
returnval = RvalCopy(rval);
}
else
{
returnval = ExpandPrivateRval(ctx, NULL, "this", rval.item, rval.type);
}
switch (returnval.type)
{
case RVAL_TYPE_SCALAR:
case RVAL_TYPE_CONTAINER:
break;
case RVAL_TYPE_LIST:
for (Rlist *rp = RvalRlistValue(returnval); rp; rp = rp->next)
{
switch (rp->val.type)
{
case RVAL_TYPE_FNCALL:
{
FnCall *fp = RlistFnCallValue(rp);
rp->val = FnCallEvaluate(ctx, policy, fp, pp).rval;
FnCallDestroy(fp);
break;
}
case RVAL_TYPE_SCALAR:
if (EvalContextStackCurrentPromise(ctx) &&
IsCf3VarString(RlistScalarValue(rp)))
{
void *prior = rp->val.item;
rp->val = ExpandPrivateRval(ctx, NULL, "this",
prior, RVAL_TYPE_SCALAR);
free(prior);
}
/* else: returnval unchanged. */
break;
default:
assert(!"Bad type for entry in Rlist");
}
}
break;
case RVAL_TYPE_FNCALL:
if (FnCallIsBuiltIn(returnval))
{
FnCall *fp = RvalFnCallValue(returnval);
returnval = FnCallEvaluate(ctx, policy, fp, pp).rval;
FnCallDestroy(fp);
}
break;
default:
assert(returnval.item == NULL); /* else we're leaking it */
returnval.item = NULL;
returnval.type = RVAL_TYPE_NOPROMISEE;
break;
}
return returnval;
}
static int HailServer(EvalContext *ctx, char *host)
{
AgentConnection *conn;
char sendbuffer[CF_BUFSIZE], recvbuffer[CF_BUFSIZE], peer[CF_MAXVARSIZE],
digest[CF_MAXVARSIZE], user[CF_SMALLBUF];
bool gotkey;
char reply[8];
FileCopy fc = {
.portnumber = (unsigned short) ParseHostname(host, peer),
};
char ipaddr[CF_MAX_IP_LEN];
if (Hostname2IPString(ipaddr, peer, sizeof(ipaddr)) == -1)
{
Log(LOG_LEVEL_ERR,
"HailServer: ERROR, could not resolve '%s'", peer);
return false;
}
Address2Hostkey(ipaddr, digest);
GetCurrentUserName(user, CF_SMALLBUF);
if (INTERACTIVE)
{
Log(LOG_LEVEL_VERBOSE, "Using interactive key trust...");
gotkey = HavePublicKey(user, peer, digest) != NULL;
if (!gotkey)
{
gotkey = HavePublicKey(user, ipaddr, digest) != NULL;
}
if (!gotkey)
{
printf("WARNING - You do not have a public key from host %s = %s\n",
host, ipaddr);
printf(" Do you want to accept one on trust? (yes/no)\n\n--> ");
while (true)
{
if (fgets(reply, sizeof(reply), stdin) == NULL)
{
FatalError(ctx, "EOF trying to read answer from terminal");
}
if (Chop(reply, CF_EXPANDSIZE) == -1)
{
Log(LOG_LEVEL_ERR, "Chop was called on a string that seemed to have no terminator");
}
if (strcmp(reply, "yes") == 0)
{
printf("Will trust the key...\n");
fc.trustkey = true;
break;
}
else if (strcmp(reply, "no") == 0)
{
printf("Will not trust the key...\n");
fc.trustkey = false;
break;
}
else
{
printf("Please reply yes or no...(%s)\n", reply);
}
}
}
}
/* Continue */
#ifdef __MINGW32__
if (LEGACY_OUTPUT)
{
Log(LOG_LEVEL_INFO, "...........................................................................");
Log(LOG_LEVEL_INFO, " * Hailing %s : %u, with options \"%s\" (serial)", peer, fc.portnumber,
REMOTE_AGENT_OPTIONS);
Log(LOG_LEVEL_INFO, "...........................................................................");
}
else
{
Log(LOG_LEVEL_INFO, "Hailing '%s' : %u, with options '%s' (serial)", peer, fc.portnumber,
REMOTE_AGENT_OPTIONS);
}
#else /* !__MINGW32__ */
if (BACKGROUND)
{
Log(LOG_LEVEL_INFO, "Hailing '%s' : %u, with options '%s' (parallel)", peer, fc.portnumber,
REMOTE_AGENT_OPTIONS);
}
else
{
if (LEGACY_OUTPUT)
{
Log(LOG_LEVEL_INFO, "...........................................................................");
Log(LOG_LEVEL_INFO, " * Hailing %s : %u, with options \"%s\" (serial)", peer, fc.portnumber,
REMOTE_AGENT_OPTIONS);
Log(LOG_LEVEL_INFO, "...........................................................................");
}
else
{
Log(LOG_LEVEL_INFO, "Hailing '%s' : %u, with options '%s' (serial)", peer, fc.portnumber,
REMOTE_AGENT_OPTIONS);
}
}
#endif /* !__MINGW32__ */
fc.servers = RlistFromSplitString(peer, '*');
if (fc.servers == NULL || strcmp(RlistScalarValue(fc.servers), "localhost") == 0)
{
Log(LOG_LEVEL_INFO, "No hosts are registered to connect to");
return false;
}
else
{
int err = 0;
conn = NewServerConnection(fc, false, &err, -1);
if (conn == NULL)
{
RlistDestroy(fc.servers);
Log(LOG_LEVEL_VERBOSE, "No suitable server responded to hail");
return false;
}
}
/* Check trust interaction*/
HailExec(conn, peer, recvbuffer, sendbuffer);
RlistDestroy(fc.servers);
return true;
}
/********************************************************************/
/* Level 2 */
/********************************************************************/
static void KeepControlPromises(EvalContext *ctx, const Policy *policy)
{
Seq *constraints = ControlBodyConstraints(policy, AGENT_TYPE_RUNAGENT);
if (constraints)
{
for (size_t i = 0; i < SeqLength(constraints); i++)
{
Constraint *cp = SeqAt(constraints, i);
if (!IsDefinedClass(ctx, cp->classes))
{
continue;
}
VarRef *ref = VarRefParseFromScope(cp->lval, "control_runagent");
const void *value = EvalContextVariableGet(ctx, ref, NULL);
VarRefDestroy(ref);
if (!value)
{
Log(LOG_LEVEL_ERR, "Unknown lval '%s' in runagent control body", cp->lval);
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_FORCE_IPV4].lval) == 0)
{
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_TRUSTKEY].lval) == 0)
{
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_ENCRYPT].lval) == 0)
{
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_PORT_NUMBER].lval) == 0)
{
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_BACKGROUND].lval) == 0)
{
/*
* Only process this option if are is no -b or -i options specified on
* command line.
*/
if (BACKGROUND || INTERACTIVE)
{
Log(LOG_LEVEL_WARNING,
"'background_children' setting from 'body runagent control' is overridden by command-line option.");
}
else
{
BACKGROUND = BooleanFromString(value);
}
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_MAX_CHILD].lval) == 0)
{
MAXCHILD = (short) IntFromString(value);
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_OUTPUT_TO_FILE].lval) == 0)
{
OUTPUT_TO_FILE = BooleanFromString(value);
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_OUTPUT_DIRECTORY].lval) == 0)
{
if (IsAbsPath(value))
{
strncpy(OUTPUT_DIRECTORY, value, CF_BUFSIZE - 1);
Log(LOG_LEVEL_VERBOSE, "Setting output direcory to '%s'", OUTPUT_DIRECTORY);
}
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_TIMEOUT].lval) == 0)
{
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_HOSTS].lval) == 0)
{
if (HOSTLIST == NULL) // Don't override if command line setting
{
HOSTLIST = value;
}
continue;
}
}
}
const char *expire_after = EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_LASTSEEN_EXPIRE_AFTER);
if (expire_after)
{
LASTSEENEXPIREAFTER = IntFromString(expire_after) * 60;
}
}
static void KeepControlPromises(EvalContext *ctx, const Policy *policy, GenericAgentConfig *config)
{
CFD_MAXPROCESSES = 30;
MAXTRIES = 5;
DENYBADCLOCKS = true;
CFRUNCOMMAND[0] = '\0';
SetChecksumUpdatesDefault(ctx, true);
/* Keep promised agent behaviour - control bodies */
Banner("Server control promises..");
PolicyResolve(ctx, policy, config);
/* Now expand */
Seq *constraints = ControlBodyConstraints(policy, AGENT_TYPE_SERVER);
if (constraints)
{
for (size_t i = 0; i < SeqLength(constraints); i++)
{
Constraint *cp = SeqAt(constraints, i);
#define IsControlBody(e) (strcmp(cp->lval, CFS_CONTROLBODY[e].lval) == 0)
if (!IsDefinedClass(ctx, cp->classes))
{
continue;
}
VarRef *ref = VarRefParseFromScope(cp->lval, "control_server");
const void *value = EvalContextVariableGet(ctx, ref, NULL);
VarRefDestroy(ref);
if (!value)
{
Log(LOG_LEVEL_ERR,
"Unknown lval '%s' in server control body",
cp->lval);
}
else if (IsControlBody(SERVER_CONTROL_SERVER_FACILITY))
{
SetFacility(value);
}
else if (IsControlBody(SERVER_CONTROL_DENY_BAD_CLOCKS))
{
DENYBADCLOCKS = BooleanFromString(value);
Log(LOG_LEVEL_VERBOSE,
"Setting denybadclocks to '%s'",
DENYBADCLOCKS ? "true" : "false");
}
else if (IsControlBody(SERVER_CONTROL_LOG_ENCRYPTED_TRANSFERS))
{
LOGENCRYPT = BooleanFromString(value);
Log(LOG_LEVEL_VERBOSE,
"Setting logencrypt to '%s'",
LOGENCRYPT ? "true" : "false");
}
else if (IsControlBody(SERVER_CONTROL_LOG_ALL_CONNECTIONS))
{
SV.logconns = BooleanFromString(value);
Log(LOG_LEVEL_VERBOSE, "Setting logconns to %d", SV.logconns);
}
else if (IsControlBody(SERVER_CONTROL_MAX_CONNECTIONS))
{
CFD_MAXPROCESSES = (int) IntFromString(value);
MAXTRIES = CFD_MAXPROCESSES / 3;
Log(LOG_LEVEL_VERBOSE,
"Setting maxconnections to %d",
CFD_MAXPROCESSES);
/* The handling of max_readers in LMDB is not ideal, but
* here is how it is right now: We know that both cf-serverd and
* cf-hub will access the lastseen database. Worst case every
* single thread and process will do it at the same time, and
* this has in fact been observed. So we add the maximum of
* those two values together to provide a safe ceiling. In
* addition, cf-agent can access the database occasionally as
* well, so add a few extra for that too. */
DBSetMaximumConcurrentTransactions(CFD_MAXPROCESSES
+ EnterpriseGetMaxCfHubProcesses() + 10);
continue;
}
else if (IsControlBody(SERVER_CONTROL_CALL_COLLECT_INTERVAL))
{
COLLECT_INTERVAL = (int) 60 * IntFromString(value);
Log(LOG_LEVEL_VERBOSE,
"Setting call_collect_interval to %d (seconds)",
COLLECT_INTERVAL);
}
else if (IsControlBody(SERVER_CONTROL_LISTEN))
{
SERVER_LISTEN = BooleanFromString(value);
Log(LOG_LEVEL_VERBOSE,
"Setting server listen to '%s' ",
SERVER_LISTEN ? "true" : "false");
}
else if (IsControlBody(SERVER_CONTROL_CALL_COLLECT_WINDOW))
{
COLLECT_WINDOW = (int) IntFromString(value);
Log(LOG_LEVEL_VERBOSE,
"Setting collect_window to %d (seconds)",
COLLECT_INTERVAL);
}
else if (IsControlBody(SERVER_CONTROL_CF_RUN_COMMAND))
{
strlcpy(CFRUNCOMMAND, value, sizeof(CFRUNCOMMAND));
Log(LOG_LEVEL_VERBOSE,
"Setting cfruncommand to '%s'",
CFRUNCOMMAND);
}
else if (IsControlBody(SERVER_CONTROL_ALLOW_CONNECTS))
{
Log(LOG_LEVEL_VERBOSE, "Setting allowing connections from ...");
for (const Rlist *rp = value; rp != NULL; rp = rp->next)
{
if (!IsItemIn(SV.nonattackerlist, RlistScalarValue(rp)))
{
PrependItem(&SV.nonattackerlist, RlistScalarValue(rp), cp->classes);
}
}
}
else if (IsControlBody(SERVER_CONTROL_DENY_CONNECTS))
{
Log(LOG_LEVEL_VERBOSE, "Setting denying connections from ...");
for (const Rlist *rp = value; rp != NULL; rp = rp->next)
{
if (!IsItemIn(SV.attackerlist, RlistScalarValue(rp)))
{
PrependItem(&SV.attackerlist, RlistScalarValue(rp), cp->classes);
}
}
}
else if (IsControlBody(SERVER_CONTROL_SKIP_VERIFY))
{
/* Skip. */
}
else if (IsControlBody(SERVER_CONTROL_ALLOW_ALL_CONNECTS))
{
Log(LOG_LEVEL_VERBOSE, "Setting allowing multiple connections from ...");
for (const Rlist *rp = value; rp != NULL; rp = rp->next)
{
if (!IsItemIn(SV.multiconnlist, RlistScalarValue(rp)))
{
PrependItem(&SV.multiconnlist, RlistScalarValue(rp), cp->classes);
}
}
}
else if (IsControlBody(SERVER_CONTROL_ALLOW_USERS))
{
Log(LOG_LEVEL_VERBOSE, "SET Allowing users ...");
for (const Rlist *rp = value; rp != NULL; rp = rp->next)
{
if (!IsItemIn(SV.allowuserlist, RlistScalarValue(rp)))
{
PrependItem(&SV.allowuserlist, RlistScalarValue(rp), cp->classes);
}
}
}
else if (IsControlBody(SERVER_CONTROL_TRUST_KEYS_FROM))
{
Log(LOG_LEVEL_VERBOSE, "Setting trust keys from ...");
for (const Rlist *rp = value; rp != NULL; rp = rp->next)
{
if (!IsItemIn(SV.trustkeylist, RlistScalarValue(rp)))
{
PrependItem(&SV.trustkeylist, RlistScalarValue(rp), cp->classes);
}
}
}
else if (IsControlBody(SERVER_CONTROL_ALLOWLEGACYCONNECTS))
{
Log(LOG_LEVEL_VERBOSE, "Setting allowing legacy connections from ...");
for (const Rlist *rp = value; rp != NULL; rp = rp->next)
{
if (!IsItemIn(SV.allowlegacyconnects, RlistScalarValue(rp)))
{
PrependItem(&SV.allowlegacyconnects, RlistScalarValue(rp), cp->classes);
}
}
}
else if (IsControlBody(SERVER_CONTROL_PORT_NUMBER))
{
CFENGINE_PORT = IntFromString(value);
strlcpy(CFENGINE_PORT_STR, value, sizeof(CFENGINE_PORT_STR));
Log(LOG_LEVEL_VERBOSE, "Setting default port number to %d",
CFENGINE_PORT);
}
else if (IsControlBody(SERVER_CONTROL_BIND_TO_INTERFACE))
{
strlcpy(BINDINTERFACE, value, sizeof(BINDINTERFACE));
Log(LOG_LEVEL_VERBOSE, "Setting bindtointerface to '%s'", BINDINTERFACE);
}
else if (IsControlBody(SERVER_CONTROL_ALLOWCIPHERS))
{
SV.allowciphers = xstrdup(value);
Log(LOG_LEVEL_VERBOSE, "Setting allowciphers to '%s'", SV.allowciphers);
}
#undef IsControlBody
}
}
const void *value = EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_SYSLOG_HOST);
if (value)
{
/* Don't resolve syslog_host now, better do it per log request. */
if (!SetSyslogHost(value))
{
Log(LOG_LEVEL_ERR, "Failed to set syslog_host, '%s' too long", (const char *)value);
}
else
{
Log(LOG_LEVEL_VERBOSE, "Setting syslog_host to '%s'", (const char *)value);
}
}
value = EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_SYSLOG_PORT);
if (value)
{
SetSyslogPort(IntFromString(value));
}
value = EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_FIPS_MODE);
if (value)
{
FIPS_MODE = BooleanFromString(value);
Log(LOG_LEVEL_VERBOSE, "Setting FIPS mode to to '%s'", FIPS_MODE ? "true" : "false");
}
value = EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_LASTSEEN_EXPIRE_AFTER);
if (value)
{
LASTSEENEXPIREAFTER = IntFromString(value) * 60;
}
value = EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_BWLIMIT);
if (value)
{
double bval;
if (DoubleFromString(value, &bval))
{
bwlimit_kbytes = (uint32_t) ( bval / 1000.0);
Log(LOG_LEVEL_VERBOSE, "Setting rate limit to %d kBytes/sec", bwlimit_kbytes);
}
}
}
ExecConfig *ExecConfigNew(bool scheduled_run, const EvalContext *ctx, const Policy *policy)
{
ExecConfig *exec_config = xcalloc(1, sizeof(ExecConfig));
exec_config->scheduled_run = scheduled_run;
exec_config->exec_command = xstrdup("");
exec_config->agent_expireafter = 2 * 60; /* two hours */
exec_config->mail_server = xstrdup("");
exec_config->mail_from_address = xstrdup("");
exec_config->mail_to_address = xstrdup("");
exec_config->mail_subject = xstrdup("");
exec_config->mail_max_lines = 30;
exec_config->mailfilter_include = SeqNew(0, &free);
exec_config->mailfilter_include_regex = SeqNew(0, &RegexFree);
exec_config->mailfilter_exclude = SeqNew(0, &free);
exec_config->mailfilter_exclude_regex = SeqNew(0, &RegexFree);
exec_config->fq_name = xstrdup(VFQNAME);
exec_config->ip_address = xstrdup(VIPADDRESS);
exec_config->ip_addresses = GetIpAddresses(ctx);
Seq *constraints = ControlBodyConstraints(policy, AGENT_TYPE_EXECUTOR);
if (constraints)
{
for (size_t i = 0; i < SeqLength(constraints); i++)
{
Constraint *cp = SeqAt(constraints, i);
if (!IsDefinedClass(ctx, cp->classes))
{
continue;
}
VarRef *ref = VarRefParseFromScope(cp->lval, "control_executor");
DataType t;
const void *value = EvalContextVariableGet(ctx, ref, &t);
VarRefDestroy(ref);
if (t == CF_DATA_TYPE_NONE)
{
ProgrammingError("Unknown attribute '%s' in control body,"
" should have already been stopped by the parser",
cp->lval);
}
if (strcmp(cp->lval, CFEX_CONTROLBODY[EXEC_CONTROL_MAILFROM].lval) == 0)
{
free(exec_config->mail_from_address);
exec_config->mail_from_address = xstrdup(value);
Log(LOG_LEVEL_DEBUG, "mailfrom '%s'", exec_config->mail_from_address);
}
else if (strcmp(cp->lval, CFEX_CONTROLBODY[EXEC_CONTROL_MAILTO].lval) == 0)
{
free(exec_config->mail_to_address);
exec_config->mail_to_address = xstrdup(value);
Log(LOG_LEVEL_DEBUG, "mailto '%s'", exec_config->mail_to_address);
}
else if (strcmp(cp->lval, CFEX_CONTROLBODY[EXEC_CONTROL_MAILSUBJECT].lval) == 0)
{
free(exec_config->mail_subject);
exec_config->mail_subject = xstrdup(value);
Log(LOG_LEVEL_DEBUG, "mailsubject '%s'", exec_config->mail_subject);
}
else if (strcmp(cp->lval, CFEX_CONTROLBODY[EXEC_CONTROL_SMTPSERVER].lval) == 0)
{
free(exec_config->mail_server);
exec_config->mail_server = xstrdup(value);
Log(LOG_LEVEL_DEBUG, "smtpserver '%s'", exec_config->mail_server);
}
else if (strcmp(cp->lval, CFEX_CONTROLBODY[EXEC_CONTROL_EXECCOMMAND].lval) == 0)
{
free(exec_config->exec_command);
exec_config->exec_command = xstrdup(value);
Log(LOG_LEVEL_DEBUG, "exec_command '%s'", exec_config->exec_command);
}
else if (strcmp(cp->lval, CFEX_CONTROLBODY[EXEC_CONTROL_AGENT_EXPIREAFTER].lval) == 0)
{
exec_config->agent_expireafter = IntFromString(value);
Log(LOG_LEVEL_DEBUG, "agent_expireafter %d", exec_config->agent_expireafter);
}
else if (strcmp(cp->lval, CFEX_CONTROLBODY[EXEC_CONTROL_MAILMAXLINES].lval) == 0)
{
exec_config->mail_max_lines = IntFromString(value);
Log(LOG_LEVEL_DEBUG, "maxlines %d", exec_config->mail_max_lines);
}
else if (strcmp(cp->lval, CFEX_CONTROLBODY[EXEC_CONTROL_MAILFILTER_INCLUDE].lval) == 0)
{
SeqDestroy(exec_config->mailfilter_include);
SeqDestroy(exec_config->mailfilter_include_regex);
RlistMailFilterFill(value, &exec_config->mailfilter_include,
&exec_config->mailfilter_include_regex, "include");
}
else if (strcmp(cp->lval, CFEX_CONTROLBODY[EXEC_CONTROL_MAILFILTER_EXCLUDE].lval) == 0)
{
SeqDestroy(exec_config->mailfilter_exclude);
SeqDestroy(exec_config->mailfilter_exclude_regex);
RlistMailFilterFill(value, &exec_config->mailfilter_exclude,
&exec_config->mailfilter_exclude_regex, "exclude");
}
}
}
return exec_config;
}
static void KeepControlPromises(EvalContext *ctx, const Policy *policy, GenericAgentConfig *config)
{
CFD_MAXPROCESSES = 30;
MAXTRIES = 5;
DENYBADCLOCKS = true;
CFRUNCOMMAND[0] = '\0';
SetChecksumUpdatesDefault(ctx, true);
/* Keep promised agent behaviour - control bodies */
Banner("Server control promises..");
PolicyResolve(ctx, policy, config);
/* Now expand */
Seq *constraints = ControlBodyConstraints(policy, AGENT_TYPE_SERVER);
if (constraints)
{
for (size_t i = 0; i < SeqLength(constraints); i++)
{
Constraint *cp = SeqAt(constraints, i);
if (!IsDefinedClass(ctx, cp->classes))
{
continue;
}
VarRef *ref = VarRefParseFromScope(cp->lval, "control_server");
const void *value = EvalContextVariableGet(ctx, ref, NULL);
VarRefDestroy(ref);
if (!value)
{
Log(LOG_LEVEL_ERR, "Unknown lval '%s' in server control body", cp->lval);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_SERVER_FACILITY].lval) == 0)
{
SetFacility(value);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_DENY_BAD_CLOCKS].lval) == 0)
{
DENYBADCLOCKS = BooleanFromString(value);
Log(LOG_LEVEL_VERBOSE, "Setting denybadclocks to '%s'", DENYBADCLOCKS ? "true" : "false");
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_LOG_ENCRYPTED_TRANSFERS].lval) == 0)
{
LOGENCRYPT = BooleanFromString(value);
Log(LOG_LEVEL_VERBOSE, "Setting logencrypt to '%s'", LOGENCRYPT ? "true" : "false");
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_LOG_ALL_CONNECTIONS].lval) == 0)
{
SV.logconns = BooleanFromString(value);
Log(LOG_LEVEL_VERBOSE, "Setting logconns to %d", SV.logconns);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_MAX_CONNECTIONS].lval) == 0)
{
CFD_MAXPROCESSES = (int) IntFromString(value);
MAXTRIES = CFD_MAXPROCESSES / 3;
Log(LOG_LEVEL_VERBOSE, "Setting maxconnections to %d", CFD_MAXPROCESSES);
#ifdef LMDB
static int LSD_MAXREADERS = 0;
if (LSD_MAXREADERS < CFD_MAXPROCESSES)
{
int rc = UpdateLastSeenMaxReaders(CFD_MAXPROCESSES);
if (rc == 0)
{
LSD_MAXREADERS = CFD_MAXPROCESSES;
}
}
#endif
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_CALL_COLLECT_INTERVAL].lval) == 0)
{
COLLECT_INTERVAL = (int) 60 * IntFromString(value);
Log(LOG_LEVEL_VERBOSE, "Setting call_collect_interval to %d (seconds)", COLLECT_INTERVAL);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_LISTEN].lval) == 0)
{
SERVER_LISTEN = BooleanFromString(value);
Log(LOG_LEVEL_VERBOSE, "Setting server listen to '%s' ",
(SERVER_LISTEN)? "true":"false");
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_CALL_COLLECT_WINDOW].lval) == 0)
{
COLLECT_WINDOW = (int) IntFromString(value);
Log(LOG_LEVEL_VERBOSE, "Setting collect_window to %d (seconds)", COLLECT_INTERVAL);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_CF_RUN_COMMAND].lval) == 0)
{
strlcpy(CFRUNCOMMAND, value, sizeof(CFRUNCOMMAND));
Log(LOG_LEVEL_VERBOSE, "Setting cfruncommand to '%s'", CFRUNCOMMAND);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_ALLOW_CONNECTS].lval) == 0)
{
Log(LOG_LEVEL_VERBOSE, "Setting allowing connections from ...");
for (const Rlist *rp = value; rp != NULL; rp = rp->next)
{
if (!IsItemIn(SV.nonattackerlist, RlistScalarValue(rp)))
{
AppendItem(&SV.nonattackerlist, RlistScalarValue(rp), cp->classes);
}
}
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_DENY_CONNECTS].lval) == 0)
{
Log(LOG_LEVEL_VERBOSE, "Setting denying connections from ...");
for (const Rlist *rp = value; rp != NULL; rp = rp->next)
{
if (!IsItemIn(SV.attackerlist, RlistScalarValue(rp)))
{
AppendItem(&SV.attackerlist, RlistScalarValue(rp), cp->classes);
}
}
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_SKIP_VERIFY].lval) == 0)
{
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_ALLOW_ALL_CONNECTS].lval) == 0)
{
Log(LOG_LEVEL_VERBOSE, "Setting allowing multiple connections from ...");
for (const Rlist *rp = value; rp != NULL; rp = rp->next)
{
if (!IsItemIn(SV.multiconnlist, RlistScalarValue(rp)))
{
AppendItem(&SV.multiconnlist, RlistScalarValue(rp), cp->classes);
}
}
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_ALLOW_USERS].lval) == 0)
{
Log(LOG_LEVEL_VERBOSE, "SET Allowing users ...");
for (const Rlist *rp = value; rp != NULL; rp = rp->next)
{
if (!IsItemIn(SV.allowuserlist, RlistScalarValue(rp)))
{
AppendItem(&SV.allowuserlist, RlistScalarValue(rp), cp->classes);
}
}
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_TRUST_KEYS_FROM].lval) == 0)
{
Log(LOG_LEVEL_VERBOSE, "Setting trust keys from ...");
for (const Rlist *rp = value; rp != NULL; rp = rp->next)
{
if (!IsItemIn(SV.trustkeylist, RlistScalarValue(rp)))
{
AppendItem(&SV.trustkeylist, RlistScalarValue(rp), cp->classes);
}
}
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_ALLOWLEGACYCONNECTS].lval) == 0)
{
Log(LOG_LEVEL_VERBOSE, "Setting allowing legacy connections from ...");
for (const Rlist *rp = value; rp != NULL; rp = rp->next)
{
if (!IsItemIn(SV.allowlegacyconnects, RlistScalarValue(rp)))
{
AppendItem(&SV.allowlegacyconnects, RlistScalarValue(rp), cp->classes);
}
}
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_PORT_NUMBER].lval) == 0)
{
CFENGINE_PORT = IntFromString(value);
strlcpy(CFENGINE_PORT_STR, value, sizeof(CFENGINE_PORT_STR));
Log(LOG_LEVEL_VERBOSE, "Setting default port number to %d",
CFENGINE_PORT);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_BIND_TO_INTERFACE].lval) == 0)
{
strlcpy(BINDINTERFACE, value, sizeof(BINDINTERFACE));
Log(LOG_LEVEL_VERBOSE, "Setting bindtointerface to '%s'", BINDINTERFACE);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_ALLOWCIPHERS].lval) == 0)
{
SV.allowciphers = xstrdup(value);
Log(LOG_LEVEL_VERBOSE, "Setting allowciphers to '%s'", SV.allowciphers);
continue;
}
}
}
const void *value = EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_SYSLOG_HOST);
if (value)
{
/* Don't resolve syslog_host now, better do it per log request. */
if (!SetSyslogHost(value))
{
Log(LOG_LEVEL_ERR, "Failed to set syslog_host, '%s' too long", (const char *)value);
}
else
{
Log(LOG_LEVEL_VERBOSE, "Setting syslog_host to '%s'", (const char *)value);
}
}
value = EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_SYSLOG_PORT);
if (value)
{
SetSyslogPort(IntFromString(value));
}
value = EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_FIPS_MODE);
if (value)
{
FIPS_MODE = BooleanFromString(value);
Log(LOG_LEVEL_VERBOSE, "Setting FIPS mode to to '%s'", FIPS_MODE ? "true" : "false");
}
value = EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_LASTSEEN_EXPIRE_AFTER);
if (value)
{
LASTSEENEXPIREAFTER = IntFromString(value) * 60;
}
}
Rval EvaluateFinalRval(EvalContext *ctx, const Policy *policy, const char *ns, const char *scope,
Rval rval, bool forcelist, const Promise *pp)
{
assert(ctx);
assert(policy);
Rval returnval, newret;
if ((rval.type == RVAL_TYPE_SCALAR) && IsNakedVar(rval.item, '@')) /* Treat lists specially here */
{
char naked[CF_MAXVARSIZE];
GetNaked(naked, rval.item);
if (!IsExpandable(naked))
{
VarRef *ref = VarRefParseFromScope(naked, scope);
DataType value_type = DATA_TYPE_NONE;
const void *value = EvalContextVariableGet(ctx, ref, &value_type);
if (!value || DataTypeToRvalType(value_type) != RVAL_TYPE_LIST)
{
returnval = ExpandPrivateRval(ctx, NULL, "this", rval.item, rval.type);
}
else
{
returnval.item = ExpandList(ctx, ns, scope, value, true);
returnval.type = RVAL_TYPE_LIST;
}
VarRefDestroy(ref);
}
else
{
returnval = ExpandPrivateRval(ctx, NULL, "this", rval.item, rval.type);
}
}
else
{
if (forcelist) /* We are replacing scalar @(name) with list */
{
returnval = ExpandPrivateRval(ctx, ns, scope, rval.item, rval.type);
}
else
{
if (FnCallIsBuiltIn(rval))
{
returnval = RvalCopy(rval);
}
else
{
returnval = ExpandPrivateRval(ctx, NULL, "this", rval.item, rval.type);
}
}
}
switch (returnval.type)
{
case RVAL_TYPE_SCALAR:
case RVAL_TYPE_CONTAINER:
break;
case RVAL_TYPE_LIST:
for (Rlist *rp = RvalRlistValue(returnval); rp; rp = rp->next)
{
if (rp->val.type == RVAL_TYPE_FNCALL)
{
FnCall *fp = RlistFnCallValue(rp);
FnCallResult res = FnCallEvaluate(ctx, policy, fp, pp);
FnCallDestroy(fp);
rp->val = res.rval;
}
else
{
if (EvalContextStackCurrentPromise(ctx))
{
if (IsCf3VarString(RlistScalarValue(rp)))
{
newret = ExpandPrivateRval(ctx, NULL, "this", rp->val.item, rp->val.type);
free(rp->val.item);
rp->val.item = newret.item;
}
}
}
/* returnval unchanged */
}
break;
case RVAL_TYPE_FNCALL:
if (FnCallIsBuiltIn(returnval))
{
FnCall *fp = RvalFnCallValue(returnval);
returnval = FnCallEvaluate(ctx, policy, fp, pp).rval;
FnCallDestroy(fp);
}
break;
default:
returnval.item = NULL;
returnval.type = RVAL_TYPE_NOPROMISEE;
break;
}
return returnval;
}
static void ResolveControlBody(EvalContext *ctx, GenericAgentConfig *config, const Body *control_body)
{
const ConstraintSyntax *body_syntax = NULL;
Rval returnval;
assert(strcmp(control_body->name, "control") == 0);
for (int i = 0; CONTROL_BODIES[i].constraints != NULL; i++)
{
body_syntax = CONTROL_BODIES[i].constraints;
if (strcmp(control_body->type, CONTROL_BODIES[i].body_type) == 0)
{
break;
}
}
if (body_syntax == NULL)
{
FatalError(ctx, "Unknown agent");
}
char scope[CF_BUFSIZE];
snprintf(scope, CF_BUFSIZE, "%s_%s", control_body->name, control_body->type);
Log(LOG_LEVEL_DEBUG, "Initiate control variable convergence for scope '%s'", scope);
EvalContextStackPushBodyFrame(ctx, NULL, control_body, NULL);
for (size_t i = 0; i < SeqLength(control_body->conlist); i++)
{
Constraint *cp = SeqAt(control_body->conlist, i);
if (!IsDefinedClass(ctx, cp->classes))
{
continue;
}
if (strcmp(cp->lval, CFG_CONTROLBODY[COMMON_CONTROL_BUNDLESEQUENCE].lval) == 0)
{
returnval = ExpandPrivateRval(ctx, NULL, scope, cp->rval.item, cp->rval.type);
}
else
{
returnval = EvaluateFinalRval(ctx, control_body->parent_policy, NULL, scope, cp->rval, true, NULL);
}
VarRef *ref = VarRefParseFromScope(cp->lval, scope);
EvalContextVariableRemove(ctx, ref);
if (!EvalContextVariablePut(ctx, ref, returnval.item, ConstraintSyntaxGetDataType(body_syntax, cp->lval), "source=promise"))
{
Log(LOG_LEVEL_ERR, "Rule from %s at/before line %zu", control_body->source_path, cp->offset.line);
}
VarRefDestroy(ref);
if (strcmp(cp->lval, CFG_CONTROLBODY[COMMON_CONTROL_OUTPUT_PREFIX].lval) == 0)
{
strncpy(VPREFIX, returnval.item, CF_MAXVARSIZE);
}
if (strcmp(cp->lval, CFG_CONTROLBODY[COMMON_CONTROL_DOMAIN].lval) == 0)
{
strcpy(VDOMAIN, cp->rval.item);
Log(LOG_LEVEL_VERBOSE, "SET domain = %s", VDOMAIN);
EvalContextVariableRemoveSpecial(ctx, SPECIAL_SCOPE_SYS, "domain");
EvalContextVariableRemoveSpecial(ctx, SPECIAL_SCOPE_SYS, "fqhost");
snprintf(VFQNAME, CF_MAXVARSIZE, "%s.%s", VUQNAME, VDOMAIN);
EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_SYS, "fqhost", VFQNAME, DATA_TYPE_STRING, "inventory,source=agent,group=Host name");
EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_SYS, "domain", VDOMAIN, DATA_TYPE_STRING, "source=agent");
EvalContextClassPutHard(ctx, VDOMAIN, "source=agent");
}
if (strcmp(cp->lval, CFG_CONTROLBODY[COMMON_CONTROL_IGNORE_MISSING_INPUTS].lval) == 0)
{
Log(LOG_LEVEL_VERBOSE, "SET ignore_missing_inputs %s", RvalScalarValue(cp->rval));
config->ignore_missing_inputs = BooleanFromString(cp->rval.item);
}
if (strcmp(cp->lval, CFG_CONTROLBODY[COMMON_CONTROL_IGNORE_MISSING_BUNDLES].lval) == 0)
{
Log(LOG_LEVEL_VERBOSE, "SET ignore_missing_bundles %s", RvalScalarValue(cp->rval));
config->ignore_missing_bundles = BooleanFromString(cp->rval.item);
}
if (strcmp(cp->lval, CFG_CONTROLBODY[COMMON_CONTROL_CACHE_SYSTEM_FUNCTIONS].lval) == 0)
{
Log(LOG_LEVEL_VERBOSE, "SET cache_system_functions %s", RvalScalarValue(cp->rval));
bool cache_system_functions = BooleanFromString(RvalScalarValue(cp->rval));
EvalContextSetEvalOption(ctx, EVAL_OPTION_CACHE_SYSTEM_FUNCTIONS,
cache_system_functions);
}
if (strcmp(cp->lval, CFG_CONTROLBODY[COMMON_CONTROL_GOALPATTERNS].lval) == 0)
{
/* Ignored */
continue;
}
RvalDestroy(returnval);
}
EvalContextStackPopFrame(ctx);
}
/**
* Evaluate the relevant control body, and set the
* relevant fields in #ctx and #config.
*/
static void ResolveControlBody(EvalContext *ctx, GenericAgentConfig *config,
const Body *control_body)
{
const char *filename = control_body->source_path;
assert(CFG_CONTROLBODY[COMMON_CONTROL_MAX].lval == NULL);
const ConstraintSyntax *body_syntax = NULL;
for (int i = 0; CONTROL_BODIES[i].constraints != NULL; i++)
{
body_syntax = CONTROL_BODIES[i].constraints;
if (strcmp(control_body->type, CONTROL_BODIES[i].body_type) == 0)
{
break;
}
}
if (body_syntax == NULL)
{
FatalError(ctx, "Unknown control body: %s", control_body->type);
}
char *scope;
assert(strcmp(control_body->name, "control") == 0);
xasprintf(&scope, "control_%s", control_body->type);
Log(LOG_LEVEL_DEBUG, "Initiate control variable convergence for scope '%s'", scope);
EvalContextStackPushBodyFrame(ctx, NULL, control_body, NULL);
for (size_t i = 0; i < SeqLength(control_body->conlist); i++)
{
const char *lval;
Rval evaluated_rval;
size_t lineno;
/* Use nested scope to constrain cp. */
{
Constraint *cp = SeqAt(control_body->conlist, i);
lval = cp->lval;
lineno = cp->offset.line;
if (!IsDefinedClass(ctx, cp->classes))
{
continue;
}
if (strcmp(lval, CFG_CONTROLBODY[COMMON_CONTROL_BUNDLESEQUENCE].lval) == 0)
{
evaluated_rval = ExpandPrivateRval(ctx, NULL, scope,
cp->rval.item, cp->rval.type);
}
else
{
evaluated_rval = EvaluateFinalRval(ctx, control_body->parent_policy,
NULL, scope, cp->rval,
true, NULL);
}
} /* Close scope: assert we only use evaluated_rval, not cp->rval. */
VarRef *ref = VarRefParseFromScope(lval, scope);
EvalContextVariableRemove(ctx, ref);
DataType rval_proper_datatype =
ConstraintSyntaxGetDataType(body_syntax, lval);
if (evaluated_rval.type != DataTypeToRvalType(rval_proper_datatype))
{
Log(LOG_LEVEL_ERR,
"Attribute '%s' in %s:%zu is of wrong type, skipping",
lval, filename, lineno);
VarRefDestroy(ref);
RvalDestroy(evaluated_rval);
continue;
}
bool success = EvalContextVariablePut(
ctx, ref, evaluated_rval.item, rval_proper_datatype,
"source=promise");
if (!success)
{
Log(LOG_LEVEL_ERR,
"Attribute '%s' in %s:%zu can't be added, skipping",
lval, filename, lineno);
VarRefDestroy(ref);
RvalDestroy(evaluated_rval);
continue;
}
VarRefDestroy(ref);
if (strcmp(lval, CFG_CONTROLBODY[COMMON_CONTROL_OUTPUT_PREFIX].lval) == 0)
{
strlcpy(VPREFIX, RvalScalarValue(evaluated_rval),
sizeof(VPREFIX));
}
if (strcmp(lval, CFG_CONTROLBODY[COMMON_CONTROL_DOMAIN].lval) == 0)
{
strlcpy(VDOMAIN, RvalScalarValue(evaluated_rval),
sizeof(VDOMAIN));
Log(LOG_LEVEL_VERBOSE, "SET domain = %s", VDOMAIN);
EvalContextVariableRemoveSpecial(ctx, SPECIAL_SCOPE_SYS, "domain");
EvalContextVariableRemoveSpecial(ctx, SPECIAL_SCOPE_SYS, "fqhost");
snprintf(VFQNAME, CF_MAXVARSIZE, "%s.%s", VUQNAME, VDOMAIN);
EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_SYS, "fqhost",
VFQNAME, CF_DATA_TYPE_STRING,
"inventory,source=agent,attribute_name=Host name");
EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_SYS, "domain",
VDOMAIN, CF_DATA_TYPE_STRING,
"source=agent");
EvalContextClassPutHard(ctx, VDOMAIN, "source=agent");
}
if (strcmp(lval, CFG_CONTROLBODY[COMMON_CONTROL_IGNORE_MISSING_INPUTS].lval) == 0)
{
Log(LOG_LEVEL_VERBOSE, "SET ignore_missing_inputs %s",
RvalScalarValue(evaluated_rval));
config->ignore_missing_inputs = BooleanFromString(
RvalScalarValue(evaluated_rval));
}
if (strcmp(lval, CFG_CONTROLBODY[COMMON_CONTROL_IGNORE_MISSING_BUNDLES].lval) == 0)
{
Log(LOG_LEVEL_VERBOSE, "SET ignore_missing_bundles %s",
RvalScalarValue(evaluated_rval));
config->ignore_missing_bundles = BooleanFromString(
RvalScalarValue(evaluated_rval));
}
if (strcmp(lval, CFG_CONTROLBODY[COMMON_CONTROL_CACHE_SYSTEM_FUNCTIONS].lval) == 0)
{
Log(LOG_LEVEL_VERBOSE, "SET cache_system_functions %s",
RvalScalarValue(evaluated_rval));
bool cache_system_functions = BooleanFromString(
RvalScalarValue(evaluated_rval));
EvalContextSetEvalOption(ctx, EVAL_OPTION_CACHE_SYSTEM_FUNCTIONS,
cache_system_functions);
}
if (strcmp(lval, CFG_CONTROLBODY[COMMON_CONTROL_PROTOCOL_VERSION].lval) == 0)
{
config->protocol_version = ProtocolVersionParse(
RvalScalarValue(evaluated_rval));
Log(LOG_LEVEL_VERBOSE, "SET common protocol_version: %s",
PROTOCOL_VERSION_STRING[config->protocol_version]);
}
/* Those are package_inventory and package_module common control body options */
if (strcmp(lval, CFG_CONTROLBODY[COMMON_CONTROL_PACKAGE_INVENTORY].lval) == 0)
{
AddDefaultInventoryToContext(ctx, RvalRlistValue(evaluated_rval));
Log(LOG_LEVEL_VERBOSE, "SET common package_inventory list");
}
if (strcmp(lval, CFG_CONTROLBODY[COMMON_CONTROL_PACKAGE_MODULE].lval) == 0)
{
AddDefaultPackageModuleToContext(ctx, RvalScalarValue(evaluated_rval));
Log(LOG_LEVEL_VERBOSE, "SET common package_module: %s",
RvalScalarValue(evaluated_rval));
}
if (strcmp(lval, CFG_CONTROLBODY[COMMON_CONTROL_GOALPATTERNS].lval) == 0)
{
/* Ignored */
}
RvalDestroy(evaluated_rval);
}
EvalContextStackPopFrame(ctx);
free(scope);
}
ExecConfig *ExecConfigNew(bool scheduled_run, const EvalContext *ctx, const Policy *policy)
{
ExecConfig *exec_config = xcalloc(1, sizeof(ExecConfig));
exec_config->scheduled_run = scheduled_run;
exec_config->exec_command = xstrdup("");
exec_config->agent_expireafter = 2 * 60; /* two hours */
exec_config->mail_server = xstrdup("");
exec_config->mail_from_address = xstrdup("");
exec_config->mail_to_address = xstrdup("");
exec_config->mail_subject = xstrdup("");
exec_config->mail_max_lines = 30;
exec_config->fq_name = xstrdup(VFQNAME);
exec_config->ip_address = xstrdup(VIPADDRESS);
exec_config->ip_addresses = GetIpAddresses(ctx);
Seq *constraints = ControlBodyConstraints(policy, AGENT_TYPE_EXECUTOR);
if (constraints)
{
for (size_t i = 0; i < SeqLength(constraints); i++)
{
Constraint *cp = SeqAt(constraints, i);
if (!IsDefinedClass(ctx, cp->classes))
{
continue;
}
VarRef *ref = VarRefParseFromScope(cp->lval, "control_executor");
const void *value = EvalContextVariableGet(ctx, ref, NULL);
if (!value)
{
/* Has already been checked by the parser. */
ProgrammingError(
"Unknown attribute in body executor control: %s",
cp->lval);
VarRefDestroy(ref);
continue;
}
VarRefDestroy(ref);
if (strcmp(cp->lval, CFEX_CONTROLBODY[EXEC_CONTROL_MAILFROM].lval) == 0)
{
free(exec_config->mail_from_address);
exec_config->mail_from_address = xstrdup(value);
Log(LOG_LEVEL_DEBUG, "mailfrom '%s'", exec_config->mail_from_address);
}
else if (strcmp(cp->lval, CFEX_CONTROLBODY[EXEC_CONTROL_MAILTO].lval) == 0)
{
free(exec_config->mail_to_address);
exec_config->mail_to_address = xstrdup(value);
Log(LOG_LEVEL_DEBUG, "mailto '%s'", exec_config->mail_to_address);
}
else if (strcmp(cp->lval, CFEX_CONTROLBODY[EXEC_CONTROL_MAILSUBJECT].lval) == 0)
{
free(exec_config->mail_subject);
exec_config->mail_subject = xstrdup(value);
Log(LOG_LEVEL_DEBUG, "mailsubject '%s'", exec_config->mail_subject);
}
else if (strcmp(cp->lval, CFEX_CONTROLBODY[EXEC_CONTROL_SMTPSERVER].lval) == 0)
{
free(exec_config->mail_server);
exec_config->mail_server = xstrdup(value);
Log(LOG_LEVEL_DEBUG, "smtpserver '%s'", exec_config->mail_server);
}
else if (strcmp(cp->lval, CFEX_CONTROLBODY[EXEC_CONTROL_EXECCOMMAND].lval) == 0)
{
free(exec_config->exec_command);
exec_config->exec_command = xstrdup(value);
Log(LOG_LEVEL_DEBUG, "exec_command '%s'", exec_config->exec_command);
}
else if (strcmp(cp->lval, CFEX_CONTROLBODY[EXEC_CONTROL_AGENT_EXPIREAFTER].lval) == 0)
{
exec_config->agent_expireafter = IntFromString(value);
Log(LOG_LEVEL_DEBUG, "agent_expireafter %d", exec_config->agent_expireafter);
}
else if (strcmp(cp->lval, CFEX_CONTROLBODY[EXEC_CONTROL_MAILMAXLINES].lval) == 0)
{
exec_config->mail_max_lines = IntFromString(value);
Log(LOG_LEVEL_DEBUG, "maxlines %d", exec_config->mail_max_lines);
}
}
}
return exec_config;
}
static void KeepControlPromises(EvalContext *ctx, Policy *policy, GenericAgentConfig *config)
{
Rval retval;
CFD_MAXPROCESSES = 30;
MAXTRIES = 5;
DENYBADCLOCKS = true;
CFRUNCOMMAND[0] = '\0';
SetChecksumUpdates(true);
/* Keep promised agent behaviour - control bodies */
Banner("Server control promises..");
PolicyResolve(ctx, policy, config);
/* Now expand */
Seq *constraints = ControlBodyConstraints(policy, AGENT_TYPE_SERVER);
if (constraints)
{
for (size_t i = 0; i < SeqLength(constraints); i++)
{
Constraint *cp = SeqAt(constraints, i);
if (!IsDefinedClass(ctx, cp->classes, NULL))
{
continue;
}
VarRef *ref = VarRefParseFromScope(cp->lval, "control_server");
if (!EvalContextVariableGet(ctx, ref, &retval, NULL))
{
Log(LOG_LEVEL_ERR, "Unknown lval '%s' in server control body", cp->lval);
VarRefDestroy(ref);
continue;
}
VarRefDestroy(ref);
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_SERVER_FACILITY].lval) == 0)
{
SetFacility(retval.item);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_DENY_BAD_CLOCKS].lval) == 0)
{
DENYBADCLOCKS = BooleanFromString(retval.item);
Log(LOG_LEVEL_VERBOSE, "Setting denybadclocks to '%s'", DENYBADCLOCKS ? "true" : "false");
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_LOG_ENCRYPTED_TRANSFERS].lval) == 0)
{
LOGENCRYPT = BooleanFromString(retval.item);
Log(LOG_LEVEL_VERBOSE, "Setting logencrypt to '%s'", LOGENCRYPT ? "true" : "false");
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_LOG_ALL_CONNECTIONS].lval) == 0)
{
SV.logconns = BooleanFromString(retval.item);
Log(LOG_LEVEL_VERBOSE, "Setting logconns to %d", SV.logconns);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_MAX_CONNECTIONS].lval) == 0)
{
CFD_MAXPROCESSES = (int) IntFromString(retval.item);
MAXTRIES = CFD_MAXPROCESSES / 3;
Log(LOG_LEVEL_VERBOSE, "Setting maxconnections to %d", CFD_MAXPROCESSES);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_CALL_COLLECT_INTERVAL].lval) == 0)
{
COLLECT_INTERVAL = (int) 60 * IntFromString(retval.item);
Log(LOG_LEVEL_VERBOSE, "Setting call_collect_interval to %d (seconds)", COLLECT_INTERVAL);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_LISTEN].lval) == 0)
{
SERVER_LISTEN = BooleanFromString(retval.item);
Log(LOG_LEVEL_VERBOSE, "Setting server listen to '%s' ",
(SERVER_LISTEN)? "true":"false");
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_CALL_COLLECT_WINDOW].lval) == 0)
{
COLLECT_WINDOW = (int) IntFromString(retval.item);
Log(LOG_LEVEL_VERBOSE, "Setting collect_window to %d (seconds)", COLLECT_INTERVAL);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_CF_RUN_COMMAND].lval) == 0)
{
strncpy(CFRUNCOMMAND, retval.item, CF_BUFSIZE - 1);
Log(LOG_LEVEL_VERBOSE, "Setting cfruncommand to '%s'", CFRUNCOMMAND);
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_ALLOW_CONNECTS].lval) == 0)
{
Rlist *rp;
Log(LOG_LEVEL_VERBOSE, "Setting allowing connections from ...");
for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next)
{
if (!IsItemIn(SV.nonattackerlist, rp->item))
{
AppendItem(&SV.nonattackerlist, rp->item, cp->classes);
}
}
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_DENY_CONNECTS].lval) == 0)
{
Rlist *rp;
Log(LOG_LEVEL_VERBOSE, "Setting denying connections from ...");
for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next)
{
if (!IsItemIn(SV.attackerlist, rp->item))
{
AppendItem(&SV.attackerlist, rp->item, cp->classes);
}
}
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_SKIP_VERIFY].lval) == 0)
{
Rlist *rp;
Log(LOG_LEVEL_VERBOSE, "Setting skip verify connections from ...");
for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next)
{
if (!IsItemIn(SV.skipverify, rp->item))
{
AppendItem(&SV.skipverify, rp->item, cp->classes);
}
}
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_ALLOW_ALL_CONNECTS].lval) == 0)
{
Rlist *rp;
Log(LOG_LEVEL_VERBOSE, "Setting allowing multiple connections from ...");
for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next)
{
if (!IsItemIn(SV.multiconnlist, rp->item))
{
AppendItem(&SV.multiconnlist, rp->item, cp->classes);
}
}
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_ALLOW_USERS].lval) == 0)
{
Rlist *rp;
Log(LOG_LEVEL_VERBOSE, "SET Allowing users ...");
for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next)
{
if (!IsItemIn(SV.allowuserlist, rp->item))
{
AppendItem(&SV.allowuserlist, rp->item, cp->classes);
}
}
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_TRUST_KEYS_FROM].lval) == 0)
{
Rlist *rp;
Log(LOG_LEVEL_VERBOSE, "Setting trust keys from ...");
for (rp = (Rlist *) retval.item; rp != NULL; rp = rp->next)
{
if (!IsItemIn(SV.trustkeylist, rp->item))
{
AppendItem(&SV.trustkeylist, rp->item, cp->classes);
}
}
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_PORT_NUMBER].lval) == 0)
{
SHORT_CFENGINEPORT = (short) IntFromString(retval.item);
strncpy(STR_CFENGINEPORT, retval.item, 15);
Log(LOG_LEVEL_VERBOSE, "Setting default portnumber to %u = %s = %s", (int) SHORT_CFENGINEPORT, STR_CFENGINEPORT,
RvalScalarValue(retval));
SHORT_CFENGINEPORT = htons((short) IntFromString(retval.item));
continue;
}
if (strcmp(cp->lval, CFS_CONTROLBODY[SERVER_CONTROL_BIND_TO_INTERFACE].lval) == 0)
{
strncpy(BINDINTERFACE, retval.item, CF_BUFSIZE - 1);
Log(LOG_LEVEL_VERBOSE, "Setting bindtointerface to '%s'", BINDINTERFACE);
continue;
}
}
}
if (EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_SYSLOG_HOST, &retval))
{
/* Don't resolve syslog_host now, better do it per log request. */
if (!SetSyslogHost(retval.item))
{
Log(LOG_LEVEL_ERR, "Failed to set syslog_host, '%s' too long",
(char *) retval.item);
}
else
{
Log(LOG_LEVEL_VERBOSE, "Setting syslog_host to '%s'",
(char *) retval.item);
}
}
if (EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_SYSLOG_PORT, &retval))
{
SetSyslogPort(IntFromString(retval.item));
}
if (EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_FIPS_MODE, &retval))
{
FIPS_MODE = BooleanFromString(retval.item);
Log(LOG_LEVEL_VERBOSE, "Setting FIPS mode to to '%s'", FIPS_MODE ? "true" : "false");
}
if (EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_LASTSEEN_EXPIRE_AFTER, &retval))
{
LASTSEENEXPIREAFTER = IntFromString(retval.item) * 60;
}
}
void ExecConfigUpdate(const EvalContext *ctx, const Policy *policy, ExecConfig *exec_config)
{
ExecConfigResetDefault(exec_config);
Seq *constraints = ControlBodyConstraints(policy, AGENT_TYPE_EXECUTOR);
if (constraints)
{
for (size_t i = 0; i < SeqLength(constraints); i++)
{
Constraint *cp = SeqAt(constraints, i);
if (!IsDefinedClass(ctx, cp->classes, NULL))
{
continue;
}
VarRef *ref = VarRefParseFromScope(cp->lval, "control_executor");
Rval retval;
if (!EvalContextVariableGet(ctx, ref, &retval, NULL))
{
// TODO: should've been checked before this point. change to programming error
Log(LOG_LEVEL_ERR, "Unknown lval '%s' in exec control body", cp->lval);
VarRefDestroy(ref);
continue;
}
VarRefDestroy(ref);
if (strcmp(cp->lval, CFEX_CONTROLBODY[EXEC_CONTROL_MAILFROM].lval) == 0)
{
free(exec_config->mail_from_address);
exec_config->mail_from_address = xstrdup(retval.item);
Log(LOG_LEVEL_DEBUG, "mailfrom '%s'", exec_config->mail_from_address);
}
else if (strcmp(cp->lval, CFEX_CONTROLBODY[EXEC_CONTROL_MAILTO].lval) == 0)
{
free(exec_config->mail_to_address);
exec_config->mail_to_address = xstrdup(retval.item);
Log(LOG_LEVEL_DEBUG, "mailto '%s'", exec_config->mail_to_address);
}
else if (strcmp(cp->lval, CFEX_CONTROLBODY[EXEC_CONTROL_MAILSUBJECT].lval) == 0)
{
free(exec_config->mail_subject);
exec_config->mail_subject = xstrdup(retval.item);
Log(LOG_LEVEL_DEBUG, "mailsubject '%s'", exec_config->mail_subject);
}
else if (strcmp(cp->lval, CFEX_CONTROLBODY[EXEC_CONTROL_SMTPSERVER].lval) == 0)
{
free(exec_config->mail_server);
exec_config->mail_server = xstrdup(retval.item);
Log(LOG_LEVEL_DEBUG, "smtpserver '%s'", exec_config->mail_server);
}
else if (strcmp(cp->lval, CFEX_CONTROLBODY[EXEC_CONTROL_EXECCOMMAND].lval) == 0)
{
free(exec_config->exec_command);
exec_config->exec_command = xstrdup(retval.item);
Log(LOG_LEVEL_DEBUG, "exec_command '%s'", exec_config->exec_command);
}
else if (strcmp(cp->lval, CFEX_CONTROLBODY[EXEC_CONTROL_AGENT_EXPIREAFTER].lval) == 0)
{
exec_config->agent_expireafter = IntFromString(retval.item);
Log(LOG_LEVEL_DEBUG, "agent_expireafter %d", exec_config->agent_expireafter);
}
else if (strcmp(cp->lval, CFEX_CONTROLBODY[EXEC_CONTROL_EXECUTORFACILITY].lval) == 0)
{
exec_config->log_facility = xstrdup(retval.item);
Log(LOG_LEVEL_DEBUG, "executorfacility '%s'", exec_config->log_facility);
}
else if (strcmp(cp->lval, CFEX_CONTROLBODY[EXEC_CONTROL_MAILMAXLINES].lval) == 0)
{
exec_config->mail_max_lines = IntFromString(retval.item);
Log(LOG_LEVEL_DEBUG, "maxlines %d", exec_config->mail_max_lines);
}
else if (strcmp(cp->lval, CFEX_CONTROLBODY[EXEC_CONTROL_SPLAYTIME].lval) == 0)
{
int time = IntFromString(RvalScalarValue(retval));
exec_config->splay_time = (int) (time * SECONDS_PER_MINUTE * GetSplay());
}
else if (strcmp(cp->lval, CFEX_CONTROLBODY[EXEC_CONTROL_SCHEDULE].lval) == 0)
{
Log(LOG_LEVEL_DEBUG, "Loading user-defined schedule...");
StringSetClear(exec_config->schedule);
for (const Rlist *rp = retval.item; rp; rp = rp->next)
{
StringSetAdd(exec_config->schedule, xstrdup(RlistScalarValue(rp)));
Log(LOG_LEVEL_DEBUG, "Adding '%s'", RlistScalarValue(rp));
}
}
}
}
char ipbuf[CF_MAXVARSIZE] = "";
for (Item *iptr = EvalContextGetIpAddresses(ctx); iptr != NULL; iptr = iptr->next)
{
if ((SafeStringLength(ipbuf) + SafeStringLength(iptr->name)) < sizeof(ipbuf))
{
strcat(ipbuf, iptr->name);
strcat(ipbuf, " ");
}
else
{
break;
}
}
Chop(ipbuf, sizeof(ipbuf));
free(exec_config->ip_addresses);
exec_config->ip_addresses = xstrdup(ipbuf);
}
static void TestSysVar(EvalContext *ctx, const char *lval, const char *expected)
{
VarRef *ref = VarRefParseFromScope(lval, "sys");
assert_string_equal(expected, EvalContextVariableGet(ctx, ref, NULL));
VarRefDestroy(ref);
}
static int HailServer(const EvalContext *ctx, const GenericAgentConfig *config,
char *host)
{
assert(host != NULL);
AgentConnection *conn;
char sendbuffer[CF_BUFSIZE], recvbuffer[CF_BUFSIZE],
hostkey[CF_HOSTKEY_STRING_SIZE], user[CF_SMALLBUF];
bool gotkey;
char reply[8];
bool trustkey = false;
char *hostname, *port;
ParseHostPort(host, &hostname, &port);
if (hostname == NULL || strcmp(hostname, "localhost") == 0)
{
Log(LOG_LEVEL_INFO, "No remote hosts were specified to connect to");
return false;
}
if (port == NULL)
{
port = "5308";
}
char ipaddr[CF_MAX_IP_LEN];
if (Hostname2IPString(ipaddr, hostname, sizeof(ipaddr)) == -1)
{
Log(LOG_LEVEL_ERR,
"HailServer: ERROR, could not resolve '%s'", hostname);
return false;
}
Address2Hostkey(hostkey, sizeof(hostkey), ipaddr);
GetCurrentUserName(user, CF_SMALLBUF);
if (INTERACTIVE)
{
Log(LOG_LEVEL_VERBOSE, "Using interactive key trust...");
gotkey = HavePublicKey(user, ipaddr, hostkey) != NULL;
if (!gotkey)
{
/* TODO print the hash of the connecting host. But to do that we
* should open the connection first, and somehow pass that hash
* here! redmine#7212 */
printf("WARNING - You do not have a public key from host %s = %s\n",
hostname, ipaddr);
printf(" Do you want to accept one on trust? (yes/no)\n\n--> ");
while (true)
{
if (fgets(reply, sizeof(reply), stdin) == NULL)
{
FatalError(ctx, "EOF trying to read answer from terminal");
}
if (Chop(reply, CF_EXPANDSIZE) == -1)
{
Log(LOG_LEVEL_ERR, "Chop was called on a string that seemed to have no terminator");
}
if (strcmp(reply, "yes") == 0)
{
printf("Will trust the key...\n");
trustkey = true;
break;
}
else if (strcmp(reply, "no") == 0)
{
printf("Will not trust the key...\n");
trustkey = false;
break;
}
else
{
printf("Please reply yes or no...(%s)\n", reply);
}
}
}
}
#ifndef __MINGW32__
if (BACKGROUND)
{
Log(LOG_LEVEL_INFO, "Hailing %s : %s (in the background)",
hostname, port);
}
else
#endif
{
Log(LOG_LEVEL_INFO,
"........................................................................");
Log(LOG_LEVEL_INFO, "Hailing %s : %s",
hostname, port);
Log(LOG_LEVEL_INFO,
"........................................................................");
}
ConnectionFlags connflags = {
.protocol_version = config->protocol_version,
.trust_server = trustkey
};
int err = 0;
conn = ServerConnection(hostname, port, CONNTIMEOUT, connflags, &err);
if (conn == NULL)
{
Log(LOG_LEVEL_ERR, "Failed to connect to host: %s", hostname);
return false;
}
/* Send EXEC command. */
HailExec(conn, hostname, recvbuffer, sendbuffer);
return true;
}
/********************************************************************/
/* Level 2 */
/********************************************************************/
static void KeepControlPromises(EvalContext *ctx, const Policy *policy)
{
Seq *constraints = ControlBodyConstraints(policy, AGENT_TYPE_RUNAGENT);
if (constraints)
{
for (size_t i = 0; i < SeqLength(constraints); i++)
{
Constraint *cp = SeqAt(constraints, i);
if (!IsDefinedClass(ctx, cp->classes))
{
continue;
}
VarRef *ref = VarRefParseFromScope(cp->lval, "control_runagent");
const void *value = EvalContextVariableGet(ctx, ref, NULL);
VarRefDestroy(ref);
if (!value)
{
Log(LOG_LEVEL_ERR, "Unknown lval '%s' in runagent control body", cp->lval);
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_FORCE_IPV4].lval) == 0)
{
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_TRUSTKEY].lval) == 0)
{
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_ENCRYPT].lval) == 0)
{
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_PORT_NUMBER].lval) == 0)
{
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_BACKGROUND].lval) == 0)
{
/*
* Only process this option if are is no -b or -i options specified on
* command line.
*/
if (BACKGROUND || INTERACTIVE)
{
Log(LOG_LEVEL_WARNING,
"'background_children' setting from 'body runagent control' is overridden by command-line option.");
}
else
{
BACKGROUND = BooleanFromString(value);
}
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_MAX_CHILD].lval) == 0)
{
MAXCHILD = (short) IntFromString(value);
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_OUTPUT_TO_FILE].lval) == 0)
{
OUTPUT_TO_FILE = BooleanFromString(value);
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_OUTPUT_DIRECTORY].lval) == 0)
{
if (IsAbsPath(value))
{
strlcpy(OUTPUT_DIRECTORY, value, CF_BUFSIZE);
Log(LOG_LEVEL_VERBOSE, "Setting output direcory to '%s'", OUTPUT_DIRECTORY);
}
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_TIMEOUT].lval) == 0)
{
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_HOSTS].lval) == 0)
{
if (HOSTLIST == NULL) // Don't override if command line setting
{
HOSTLIST = value;
}
continue;
}
}
}
const char *expire_after = EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_LASTSEEN_EXPIRE_AFTER);
if (expire_after)
{
LASTSEENEXPIREAFTER = IntFromString(expire_after) * 60;
}
}