static Reload CheckNewPromises(const char *input_file, const Rlist *input_files, const ReportContext *report_context)
{
if (NewPromiseProposals(input_file, input_files))
{
CfOut(OUTPUT_LEVEL_VERBOSE, "", " -> New promises detected...\n");
if (CheckPromises(input_file, report_context))
{
return RELOAD_FULL;
}
else
{
CfOut(OUTPUT_LEVEL_INFORM, "", " !! New promises file contains syntax errors -- ignoring");
PROMISETIME = time(NULL);
}
}
else
{
CfDebug(" -> No new promises found\n");
}
return RELOAD_ENVIRONMENT;
}
static Reload CheckNewPromises(EvalContext *ctx, const GenericAgentConfig *config, const Rlist *input_files)
{
if (NewPromiseProposals(ctx, config->input_file, input_files))
{
CfOut(OUTPUT_LEVEL_VERBOSE, "", " -> New promises detected...\n");
if (CheckPromises(config))
{
return RELOAD_FULL;
}
else
{
CfOut(OUTPUT_LEVEL_INFORM, "", " !! New promises file contains syntax errors -- ignoring");
PROMISETIME = time(NULL);
}
}
else
{
CfDebug(" -> No new promises found\n");
}
return RELOAD_ENVIRONMENT;
}
static Reload CheckNewPromises(EvalContext *ctx, const GenericAgentConfig *config, const Rlist *input_files)
{
if (NewPromiseProposals(ctx, config, input_files))
{
Log(LOG_LEVEL_VERBOSE, "New promises detected...");
if (CheckPromises(config))
{
return RELOAD_FULL;
}
else
{
Log(LOG_LEVEL_INFO, "New promises file contains syntax errors -- ignoring");
PROMISETIME = time(NULL);
}
}
else
{
Log(LOG_LEVEL_DEBUG, "No new promises found");
}
return RELOAD_ENVIRONMENT;
}
static Reload CheckNewPromises(const ReportContext *report_context)
{
if (NewPromiseProposals())
{
CfOut(cf_verbose, "", " -> New promises detected...\n");
if (CheckPromises(AGENT_TYPE_EXECUTOR, report_context))
{
return RELOAD_FULL;
}
else
{
CfOut(cf_inform, "", " !! New promises file contains syntax errors -- ignoring");
PROMISETIME = time(NULL);
}
}
else
{
CfDebug(" -> No new promises found\n");
}
return RELOAD_ENVIRONMENT;
}
void CheckFileChanges(Policy **policy, GenericAgentConfig *config, const ReportContext *report_context)
{
if (EnterpriseExpiry())
{
CfOut(cf_error, "", "!! This enterprise license is invalid.");
}
CfDebug("Checking file updates on %s\n", config->input_file);
if (NewPromiseProposals(config->input_file, InputFiles(*policy)))
{
CfOut(cf_verbose, "", " -> New promises detected...\n");
if (CheckPromises(config->input_file, report_context))
{
CfOut(cf_inform, "", "Rereading config files %s..\n", config->input_file);
/* Free & reload -- lock this to avoid access errors during reload */
DeleteItemList(VNEGHEAP);
DeleteAlphaList(&VHEAP);
InitAlphaList(&VHEAP);
DeleteAlphaList(&VHARDHEAP);
InitAlphaList(&VHARDHEAP);
DeleteAlphaList(&VADDCLASSES);
InitAlphaList(&VADDCLASSES);
DeleteItemList(IPADDRESSES);
IPADDRESSES = NULL;
DeleteItemList(SV.trustkeylist);
DeleteItemList(SV.skipverify);
DeleteItemList(SV.attackerlist);
DeleteItemList(SV.nonattackerlist);
DeleteItemList(SV.multiconnlist);
DeleteAuthList(VADMIT);
DeleteAuthList(VDENY);
DeleteAuthList(VARADMIT);
DeleteAuthList(VARDENY);
DeleteAuthList(ROLES);
//DeleteRlist(VINPUTLIST); This is just a pointer, cannot free it
DeleteAllScope();
strcpy(VDOMAIN, "undefined.domain");
POLICY_SERVER[0] = '\0';
VADMIT = VADMITTOP = NULL;
VDENY = VDENYTOP = NULL;
VARADMIT = VARADMITTOP = NULL;
VARDENY = VARDENYTOP = NULL;
ROLES = ROLESTOP = NULL;
VNEGHEAP = NULL;
SV.trustkeylist = NULL;
SV.skipverify = NULL;
SV.attackerlist = NULL;
SV.nonattackerlist = NULL;
SV.multiconnlist = NULL;
PolicyDestroy(*policy);
*policy = NULL;
ERRORCOUNT = 0;
NewScope("sys");
SetPolicyServer(POLICY_SERVER);
NewScalar("sys", "policy_hub", POLICY_SERVER, DATA_TYPE_STRING);
if (EnterpriseExpiry())
{
CfOut(cf_error, "",
"Cfengine - autonomous configuration engine. This enterprise license is invalid.\n");
}
NewScope("const");
NewScope("this");
NewScope("control_server");
NewScope("control_common");
NewScope("mon");
NewScope("remote_access");
GetNameInfo3();
GetInterfacesInfo(AGENT_TYPE_SERVER);
Get3Environment();
BuiltinClasses();
OSClasses();
KeepHardClasses();
HardClass(CF_AGENTTYPES[THIS_AGENT_TYPE]);
SetReferenceTime(true);
*policy = ReadPromises(AGENT_TYPE_SERVER, config, report_context);
KeepPromises(*policy, config, report_context);
Summarize();
}
else
{
CfOut(cf_inform, "", " !! File changes contain errors -- ignoring");
PROMISETIME = time(NULL);
}
}
else
{
CfDebug(" -> No new promises found\n");
}
}
int OpenReceiverChannel(void)
{
struct addrinfo *response, *ap;
struct addrinfo query = {
.ai_flags = AI_PASSIVE,
.ai_family = AF_UNSPEC,
.ai_socktype = SOCK_STREAM
};
/* Listen to INADDR(6)_ANY if BINDINTERFACE unset. */
char *ptr = NULL;
if (BINDINTERFACE[0] != '\0')
{
ptr = BINDINTERFACE;
}
/* Resolve listening interface. */
if (getaddrinfo(ptr, STR_CFENGINEPORT, &query, &response) != 0)
{
Log(LOG_LEVEL_ERR, "DNS/service lookup failure. (getaddrinfo: %s)", GetErrorStr());
return -1;
}
int sd = -1;
for (ap = response; ap != NULL; ap = ap->ai_next)
{
if ((sd = socket(ap->ai_family, ap->ai_socktype, ap->ai_protocol)) == -1)
{
continue;
}
int yes = 1;
if (setsockopt(sd, SOL_SOCKET, SO_REUSEADDR,
&yes, sizeof(yes)) == -1)
{
Log(LOG_LEVEL_ERR, "Socket option SO_REUSEADDR was not accepted. (setsockopt: %s)", GetErrorStr());
exit(1);
}
struct linger cflinger = {
.l_onoff = 1,
.l_linger = 60
};
if (setsockopt(sd, SOL_SOCKET, SO_LINGER,
&cflinger, sizeof(cflinger)) == -1)
{
Log(LOG_LEVEL_ERR, "Socket option SO_LINGER was not accepted. (setsockopt: %s)", GetErrorStr());
exit(1);
}
if (bind(sd, ap->ai_addr, ap->ai_addrlen) != -1)
{
if (LogGetGlobalLevel() >= LOG_LEVEL_DEBUG)
{
/* Convert IP address to string, no DNS lookup performed. */
char txtaddr[CF_MAX_IP_LEN] = "";
getnameinfo(ap->ai_addr, ap->ai_addrlen,
txtaddr, sizeof(txtaddr),
NULL, 0, NI_NUMERICHOST);
Log(LOG_LEVEL_DEBUG, "Bound to address '%s' on '%s' = %d", txtaddr,
CLASSTEXT[VSYSTEMHARDCLASS], VSYSTEMHARDCLASS);
}
break;
}
else
{
Log(LOG_LEVEL_ERR, "Could not bind server address. (bind: %s)", GetErrorStr());
cf_closesocket(sd);
}
}
if (sd < 0)
{
Log(LOG_LEVEL_ERR, "Couldn't open/bind a socket");
exit(1);
}
freeaddrinfo(response);
return sd;
}
/*********************************************************************/
/* Level 3 */
/*********************************************************************/
void CheckFileChanges(EvalContext *ctx, Policy **policy, GenericAgentConfig *config)
{
Log(LOG_LEVEL_DEBUG, "Checking file updates for input file '%s'", config->input_file);
if (NewPromiseProposals(ctx, config, InputFiles(ctx, *policy)))
{
Log(LOG_LEVEL_VERBOSE, "New promises detected...");
if (CheckPromises(config))
{
Log(LOG_LEVEL_INFO, "Rereading policy file '%s'", config->input_file);
/* Free & reload -- lock this to avoid access errors during reload */
EvalContextHeapClear(ctx);
DeleteItemList(IPADDRESSES);
IPADDRESSES = NULL;
DeleteItemList(SV.trustkeylist);
DeleteItemList(SV.skipverify);
DeleteItemList(SV.attackerlist);
DeleteItemList(SV.nonattackerlist);
DeleteItemList(SV.multiconnlist);
DeleteAuthList(SV.admit);
DeleteAuthList(SV.deny);
DeleteAuthList(SV.varadmit);
DeleteAuthList(SV.vardeny);
DeleteAuthList(SV.roles);
//DeleteRlist(VINPUTLIST); This is just a pointer, cannot free it
ScopeDeleteAll();
strcpy(VDOMAIN, "undefined.domain");
POLICY_SERVER[0] = '\0';
SV.admit = NULL;
SV.admittop = NULL;
SV.varadmit = NULL;
SV.varadmittop = NULL;
SV.deny = NULL;
SV.denytop = NULL;
SV.vardeny = NULL;
SV.vardenytop = NULL;
SV.roles = NULL;
SV.rolestop = NULL;
SV.trustkeylist = NULL;
SV.skipverify = NULL;
SV.attackerlist = NULL;
SV.nonattackerlist = NULL;
SV.multiconnlist = NULL;
PolicyDestroy(*policy);
*policy = NULL;
{
char *existing_policy_server = ReadPolicyServerFile(GetWorkDir());
SetPolicyServer(ctx, existing_policy_server);
free(existing_policy_server);
}
GetNameInfo3(ctx, AGENT_TYPE_SERVER);
GetInterfacesInfo(ctx, AGENT_TYPE_SERVER);
Get3Environment(ctx, AGENT_TYPE_SERVER);
BuiltinClasses(ctx);
OSClasses(ctx);
KeepHardClasses(ctx);
EvalContextHeapAddHard(ctx, CF_AGENTTYPES[config->agent_type]);
SetReferenceTime(ctx, true);
*policy = GenericAgentLoadPolicy(ctx, config);
KeepPromises(ctx, *policy, config);
Summarize();
}
else
{
Log(LOG_LEVEL_INFO, "File changes contain errors -- ignoring");
PROMISETIME = time(NULL);
}
}
else
{
Log(LOG_LEVEL_DEBUG, "No new promises found");
}
}
void GenericInitialize(int argc,char **argv,char *agents)
{ enum cfagenttype ag = Agent2Type(agents);
char vbuff[CF_BUFSIZE];
int ok = false;
#ifdef HAVE_NOVA
CF_DEFAULT_DIGEST = cf_sha256;
CF_DEFAULT_DIGEST_LEN = CF_SHA256_LEN;
#else
CF_DEFAULT_DIGEST = cf_md5;
CF_DEFAULT_DIGEST_LEN = CF_MD5_LEN;
#endif
InitializeGA(argc,argv);
SetReferenceTime(true);
SetStartTime(false);
SetSignals();
SanitizeEnvironment();
strcpy(THIS_AGENT,CF_AGENTTYPES[ag]);
NewClass(THIS_AGENT);
THIS_AGENT_TYPE = ag;
// need scope sys to set vars in expiry function
SetNewScope("sys");
if (EnterpriseExpiry())
{
CfOut(cf_error,"","Cfengine - autonomous configuration engine. This enterprise license is invalid.\n");
exit(1);
}
if (AM_NOVA)
{
CfOut(cf_verbose,""," -> This is CFE Nova\n");
}
if (AM_CONSTELLATION)
{
CfOut(cf_verbose,""," -> This is CFE Constellation\n");
}
NewScope("const");
NewScope("match");
NewScope("mon");
GetNameInfo3();
CfGetInterfaceInfo(ag);
if (ag != cf_know)
{
Get3Environment();
BuiltinClasses();
OSClasses();
}
LoadPersistentContext();
LoadSystemConstants();
snprintf(vbuff,CF_BUFSIZE,"control_%s",THIS_AGENT);
SetNewScope(vbuff);
NewScope("this");
NewScope("match");
if (BOOTSTRAP)
{
CheckAutoBootstrap();
}
else
{
if (strlen(POLICY_SERVER) > 0)
{
CfOut(cf_verbose,""," -> Found a policy server (hub) on %s",POLICY_SERVER);
}
else
{
CfOut(cf_verbose,""," -> No policy server (hub) watch yet registered");
}
}
SetPolicyServer(POLICY_SERVER);
if (ag != cf_keygen)
{
if (!MissingInputFile())
{
bool check_promises = false;
if (SHOWREPORTS)
{
check_promises = true;
CfOut(cf_verbose, "", " -> Reports mode is enabled, force-validating policy");
}
if (IsFileOutsideDefaultRepository(VINPUTFILE))
{
check_promises = true;
CfOut(cf_verbose, "", " -> Input file is outside default repository, validating it");
}
if (NewPromiseProposals())
{
check_promises = true;
CfOut(cf_verbose, "", " -> Input file is changed since last validation, validating it");
}
if (check_promises)
{
ok = CheckPromises(ag);
if (BOOTSTRAP && !ok)
{
CfOut(cf_verbose, "", " -> Policy is not valid, but proceeding with bootstrap");
ok = true;
}
}
else
{
CfOut(cf_verbose, "", " -> Policy is already validated");
ok = true;
}
}
if (ok)
{
ReadPromises(ag,agents);
}
else
{
CfOut(cf_error,"","cf-agent was not able to get confirmation of promises from cf-promises, so going to failsafe\n");
snprintf(VINPUTFILE,CF_BUFSIZE-1,"failsafe.cf");
ReadPromises(ag,agents);
}
if (SHOWREPORTS)
{
CompilationReport(VINPUTFILE);
}
CheckLicenses();
}
XML = 0;
}
