static void CheckFileChanges(EvalContext *ctx, Policy **policy, GenericAgentConfig *config) { Log(LOG_LEVEL_DEBUG, "Checking file updates for input file '%s'", config->input_file); time_t validated_at = ReadTimestampFromPolicyValidatedFile(config, NULL); bool reload_config = false; if (config->agent_specific.daemon.last_validated_at < validated_at) { Log(LOG_LEVEL_VERBOSE, "New promises detected..."); reload_config = true; } if (ReloadConfigRequested()) { Log(LOG_LEVEL_VERBOSE, "Force reload of inputs files..."); reload_config = true; } if (reload_config) { ClearRequestReloadConfig(); /* Rereading policies now, so update timestamp. */ config->agent_specific.daemon.last_validated_at = validated_at; if (GenericAgentArePromisesValid(config)) { Log(LOG_LEVEL_NOTICE, "Rereading policy file '%s'", config->input_file); /* STEP 1: Free everything */ EvalContextClear(ctx); strcpy(VDOMAIN, "undefined.domain"); ClearAuthAndACLs(); PolicyDestroy(*policy); *policy = NULL; /* STEP 2: Set Environment, Parse and Evaluate policy */ /* * TODO why is this done separately here? What's the difference to * calling the same steps as in cf-serverd.c:main()? Those are: * GenericAgentConfigApply(); // not here! * GenericAgentDiscoverContext(); // not here! * EvalContextClassPutHard("server"); // only here! * if (GenericAgentCheckPolicy()) // not here! * policy = LoadPolicy(); * ThisAgentInit(); // not here, only calls umask() * ReloadHAConfig(); // only here! * KeepPromises(); * Summarize(); * Plus the following from within StartServer() which is only * called during startup: * InitSignals(); // not here * ServerTLSInitialize(); // not here * SetServerListenState(); // not here * InitServer() // not here * PolicyNew()+AcquireServerLock() // not here * PrepareServer(sd); // not here * CollectCallStart(); // both */ EvalContextSetPolicyServerFromFile(ctx, GetWorkDir()); UpdateLastPolicyUpdateTime(ctx); DetectEnvironment(ctx); KeepHardClasses(ctx); LoadAugments(ctx, config); /* During startup this is done in GenericAgentDiscoverContext(). */ EvalContextClassPutHard(ctx, CF_AGENTTYPES[AGENT_TYPE_SERVER], "cfe_internal,source=agent"); time_t t = SetReferenceTime(); UpdateTimeClasses(ctx, t); /* TODO BUG: this modifies config, but previous config has not * been reset/free'd. Ideally we would want LoadPolicy to not * modify config at all, but only modify ctx. */ *policy = LoadPolicy(ctx, config); /* Reload HA related configuration */ ReloadHAConfig(); KeepPromises(ctx, *policy, config); Summarize(); } else { Log(LOG_LEVEL_INFO, "File changes contain errors -- ignoring"); } } else { Log(LOG_LEVEL_DEBUG, "No new promises found"); } }
static void Apoptosis(void) { char promiser_buf[CF_SMALLBUF]; snprintf(promiser_buf, sizeof(promiser_buf), "%s%cbin%ccf-execd", GetWorkDir(), FILE_SEPARATOR, FILE_SEPARATOR); if (LoadProcessTable()) { char myuid[PRINTSIZE(unsigned)]; xsnprintf(myuid, sizeof(myuid), "%u", (unsigned) getuid()); Rlist *owners = NULL; RlistPrepend(&owners, myuid, RVAL_TYPE_SCALAR); ProcessSelect process_select = { .owner = owners, .process_result = "process_owner", }; Item *killlist = SelectProcesses(promiser_buf, process_select, true); RlistDestroy(owners); for (Item *ip = killlist; ip != NULL; ip = ip->next) { pid_t pid = ip->counter; if (pid != getpid() && kill(pid, SIGTERM) < 0) { if (errno == ESRCH) { /* That's ok, process exited voluntarily */ } else { Log(LOG_LEVEL_ERR, "Unable to kill stale cf-execd process pid=%d. (kill: %s)", (int)pid, GetErrorStr()); } } } } ClearProcessTable(); Log(LOG_LEVEL_VERBOSE, "Pruning complete"); } #endif typedef enum { RELOAD_ENVIRONMENT, RELOAD_FULL } Reload; static Reload CheckNewPromises(GenericAgentConfig *config) { Log(LOG_LEVEL_DEBUG, "Checking file updates for input file '%s'", config->input_file); time_t validated_at = ReadTimestampFromPolicyValidatedFile(config, NULL); bool reload_config = false; if (config->agent_specific.daemon.last_validated_at < validated_at) { Log(LOG_LEVEL_VERBOSE, "New promises detected..."); reload_config = true; } if (ReloadConfigRequested()) { Log(LOG_LEVEL_VERBOSE, "Force reload of inputs files..."); reload_config = true; } if (reload_config) { ClearRequestReloadConfig(); /* Rereading policies now, so update timestamp. */ config->agent_specific.daemon.last_validated_at = validated_at; if (GenericAgentArePromisesValid(config)) { return RELOAD_FULL; } else { Log(LOG_LEVEL_INFO, "New promises file contains syntax errors -- ignoring"); } } else { Log(LOG_LEVEL_DEBUG, "No new promises found"); } return RELOAD_ENVIRONMENT; }