// Thread that processes the accepted TCP connection
void TCPAcceptedThread(THREAD *t, void *param)
{
TCP_ACCEPTED_PARAM *data;
LISTENER *r;
SOCK *s;
CONNECTION *c;
bool flag1;
char tmp[128];
// Validate arguments
if (t == NULL || param == NULL)
{
return;
}
// Initialize
data = (TCP_ACCEPTED_PARAM *)param;
r = data->r;
s = data->s;
AddRef(r->ref);
AddRef(s->ref);
// Create a connection
c = NewServerConnection(r->Cedar, s, t);
// Register to Cedar as a transient connection
AddConnection(c->Cedar, c);
NoticeThreadInit(t);
AcceptInit(s);
StrCpy(c->ClientHostname, sizeof(c->ClientHostname), s->RemoteHostname);
IPToStr(tmp, sizeof(tmp), &s->RemoteIP);
if (IS_SPECIAL_PORT(s->RemotePort) == false)
{
SLog(r->Cedar, "LS_LISTENER_ACCEPT", r->Port, tmp, s->RemoteHostname, s->RemotePort);
}
// Reception
ConnectionAccept(c);
flag1 = c->flag1;
// Release
SLog(r->Cedar, "LS_CONNECTION_END_1", c->Name);
ReleaseConnection(c);
// Release
if (flag1 == false)
{
Debug("%s %u flag1 == false\n", __FILE__, __LINE__);
IPToStr(tmp, sizeof(tmp), &s->RemoteIP);
if (IS_SPECIAL_PORT(s->RemotePort) == false)
{
SLog(r->Cedar, "LS_LISTENER_DISCONNECT", tmp, s->RemotePort);
}
Disconnect(s);
}
ReleaseSock(s);
ReleaseListener(r);
}
// Bridging thread
void BrBridgeThread(THREAD *thread, void *param)
{
BRIDGE *b;
CONNECTION *c;
SESSION *s;
HUB *h;
char name[MAX_SIZE];
// Validate arguments
if (thread == NULL || param == NULL)
{
return;
}
b = (BRIDGE *)param;
// Create a connection object
c = NewServerConnection(b->Cedar, NULL, thread);
c->Protocol = CONNECTION_HUB_BRIDGE;
// Create a session object
s = NewServerSession(b->Cedar, c, b->Hub, BRIDGE_USER_NAME, b->Policy);
HLog(b->Hub, "LH_START_BRIDGE", b->Name, s->Name);
StrCpy(name, sizeof(name), b->Name);
h = b->Hub;
AddRef(h->ref);
s->BridgeMode = true;
s->Bridge = b;
c->Session = s;
ReleaseConnection(c);
// Dummy user name for local-bridge
s->Username = CopyStr(BRIDGE_USER_NAME_PRINT);
b->Session = s;
AddRef(s->ref);
// Notify completion
NoticeThreadInit(thread);
// Main procedure of the session
Debug("Bridge %s Start.\n", b->Name);
SessionMain(s);
Debug("Bridge %s Stop.\n", b->Name);
HLog(h, "LH_STOP_BRIDGE", name);
ReleaseHub(h);
ReleaseSession(s);
}
// Link server thread
void LinkServerSessionThread(THREAD *t, void *param)
{
LINK *k = (LINK *)param;
CONNECTION *c;
SESSION *s;
POLICY *policy;
wchar_t name[MAX_SIZE];
// Validate arguments
if (t == NULL || param == NULL)
{
return;
}
// Create a server connection
c = NewServerConnection(k->Cedar, NULL, t);
c->Protocol = CONNECTION_HUB_LINK_SERVER;
// Create a policy
policy = ZeroMalloc(sizeof(POLICY));
Copy(policy, k->Policy, sizeof(POLICY));
// Create a server session
s = NewServerSession(k->Cedar, c, k->Hub, LINK_USER_NAME, policy);
s->LinkModeServer = true;
s->Link = k;
c->Session = s;
ReleaseConnection(c);
// User name
s->Username = CopyStr(LINK_USER_NAME_PRINT);
k->ServerSession = s;
AddRef(k->ServerSession->ref);
// Notify the initialization completion
NoticeThreadInit(t);
UniStrCpy(name, sizeof(name), k->Option->AccountName);
HLog(s->Hub, "LH_LINK_START", name, s->Name);
// Main function of session
SessionMain(s);
HLog(s->Hub, "LH_LINK_STOP", name);
ReleaseSession(s);
}
// リンクサーバースレッド
void LinkServerSessionThread(THREAD *t, void *param)
{
LINK *k = (LINK *)param;
CONNECTION *c;
SESSION *s;
POLICY *policy;
wchar_t name[MAX_SIZE];
// 引数チェック
if (t == NULL || param == NULL)
{
return;
}
// サーバーコネクションの作成
c = NewServerConnection(k->Cedar, NULL, t);
c->Protocol = CONNECTION_HUB_LINK_SERVER;
// ポリシーの作成
policy = ZeroMalloc(sizeof(POLICY));
Copy(policy, k->Policy, sizeof(POLICY));
// サーバーセッションの作成
s = NewServerSession(k->Cedar, c, k->Hub, LINK_USER_NAME, policy);
s->LinkModeServer = true;
s->Link = k;
c->Session = s;
ReleaseConnection(c);
// ユーザー名
s->Username = CopyStr(LINK_USER_NAME_PRINT);
k->ServerSession = s;
AddRef(k->ServerSession->ref);
// 初期化完了を通知
NoticeThreadInit(t);
UniStrCpy(name, sizeof(name), k->Option->AccountName);
HLog(s->Hub, "LH_LINK_START", name, s->Name);
// セッションのメイン関数
SessionMain(s);
HLog(s->Hub, "LH_LINK_STOP", name);
ReleaseSession(s);
}
static int HailServer(char *host, Attributes a, Promise *pp)
{
AgentConnection *conn;
char sendbuffer[CF_BUFSIZE], recvbuffer[CF_BUFSIZE], peer[CF_MAXVARSIZE], ipv4[CF_MAXVARSIZE],
digest[CF_MAXVARSIZE], user[CF_SMALLBUF];
bool gotkey;
char reply[8];
a.copy.portnumber = (short) ParseHostname(host, peer);
snprintf(ipv4, CF_MAXVARSIZE, "%s", Hostname2IPString(peer));
Address2Hostkey(ipv4, digest);
GetCurrentUserName(user, CF_SMALLBUF);
if (INTERACTIVE)
{
CfOut(cf_verbose, "", " -> Using interactive key trust...\n");
gotkey = HavePublicKey(user, peer, digest) != NULL;
if (!gotkey)
{
gotkey = HavePublicKey(user, ipv4, digest) != NULL;
}
if (!gotkey)
{
printf("WARNING - You do not have a public key from host %s = %s\n", host, ipv4);
printf(" Do you want to accept one on trust? (yes/no)\n\n--> ");
while (true)
{
if (fgets(reply, 8, stdin) == NULL)
{
FatalError("EOF trying to read answer from terminal");
}
if (Chop(reply, CF_EXPANDSIZE) == -1)
{
CfOut(cf_error, "", "Chop was called on a string that seemed to have no terminator");
}
if (strcmp(reply, "yes") == 0)
{
printf(" -> Will trust the key...\n");
a.copy.trustkey = true;
break;
}
else if (strcmp(reply, "no") == 0)
{
printf(" -> Will not trust the key...\n");
a.copy.trustkey = false;
break;
}
else
{
printf(" !! Please reply yes or no...(%s)\n", reply);
}
}
}
}
/* Continue */
#ifdef __MINGW32__
CfOut(cf_inform, "", "...........................................................................\n");
CfOut(cf_inform, "", " * Hailing %s : %u, with options \"%s\" (serial)\n", peer, a.copy.portnumber,
REMOTE_AGENT_OPTIONS);
CfOut(cf_inform, "", "...........................................................................\n");
#else /* !__MINGW32__ */
if (BACKGROUND)
{
CfOut(cf_inform, "", "Hailing %s : %u, with options \"%s\" (parallel)\n", peer, a.copy.portnumber,
REMOTE_AGENT_OPTIONS);
}
else
{
CfOut(cf_inform, "", "...........................................................................\n");
CfOut(cf_inform, "", " * Hailing %s : %u, with options \"%s\" (serial)\n", peer, a.copy.portnumber,
REMOTE_AGENT_OPTIONS);
CfOut(cf_inform, "", "...........................................................................\n");
}
#endif /* !__MINGW32__ */
a.copy.servers = SplitStringAsRList(peer, '*');
if (a.copy.servers == NULL || strcmp(a.copy.servers->item, "localhost") == 0)
{
cfPS(cf_inform, CF_NOP, "", pp, a, "No hosts are registered to connect to");
return false;
}
else
{
conn = NewServerConnection(a, pp);
if (conn == NULL)
{
DeleteRlist(a.copy.servers);
CfOut(cf_verbose, "", " -> No suitable server responded to hail\n");
return false;
}
}
/* Check trust interaction*/
pp->cache = NULL;
if (strlen(MENU) > 0)
{
#if defined(HAVE_NOVA)
if (!Nova_ExecuteRunagent(conn, MENU))
{
DisconnectServer(conn);
DeleteRlist(a.copy.servers);
return false;
}
#endif
}
else
{
HailExec(conn, peer, recvbuffer, sendbuffer);
}
DeleteRlist(a.copy.servers);
return true;
}
// Layer-3 interface thread
void L3IfThread(THREAD *t, void *param)
{
L3IF *f;
CONNECTION *c;
SESSION *s;
POLICY *policy;
char tmp[MAX_SIZE];
char name[MAX_SIZE];
char username[MAX_SIZE];
// Validate arguments
if (t == NULL || param == NULL)
{
return;
}
f = (L3IF *)param;
StrCpy(username, sizeof(username), L3_USERNAME);
if (f->Switch != NULL)
{
StrCat(username, sizeof(username), f->Switch->Name);
}
// Create a connection
c = NewServerConnection(f->Switch->Cedar, NULL, t);
c->Protocol = CONNECTION_HUB_LAYER3;
// Create a Session
policy = ClonePolicy(GetDefaultPolicy());
// Not to limit the number of broadcast by policy
policy->NoBroadcastLimiter = true;
s = NewServerSession(f->Switch->Cedar, c, f->Hub, username, policy);
c->Session = s;
ReleaseConnection(c);
// Determine the name of the session
GetMachineHostName(tmp, sizeof(tmp));
if (f->Switch->Cedar->Server->ServerType == SERVER_TYPE_STANDALONE)
{
Format(name, sizeof(name), "SID-L3-%s-%u", f->Switch->Name, Inc(f->Hub->SessionCounter));
}
else
{
Format(name, sizeof(name), "SID-L3-%s-%s-%u", tmp, f->Switch->Name, Inc(f->Hub->SessionCounter));
}
ConvertSafeFileName(name, sizeof(name), name);
StrUpper(name);
Free(s->Name);
s->Name = CopyStr(name);
s->L3SwitchMode = true;
s->L3If = f;
if (s->Username != NULL)
{
Free(s->Username);
}
s->Username = CopyStr(username);
StrCpy(s->UserNameReal, sizeof(s->UserNameReal), username);
f->Session = s;
AddRef(s->ref);
// Notify the initialization completion
NoticeThreadInit(t);
// Session main process
SessionMain(s);
// Release the session
ReleaseSession(s);
}
int HailServer(char *host,struct Attributes a,struct Promise *pp)
{ struct cfagent_connection *conn;
char sendbuffer[CF_BUFSIZE],recvbuffer[CF_BUFSIZE],peer[CF_MAXVARSIZE],ipv4[CF_MAXVARSIZE],digest[CF_MAXVARSIZE],user[CF_SMALLBUF];
long gotkey;
char reply[8];
struct Item *queries;
a.copy.portnumber = (short)ParseHostname(host,peer);
snprintf(ipv4,CF_MAXVARSIZE,"%s",Hostname2IPString(peer));
IPString2KeyDigest(ipv4,digest);
GetCurrentUserName(user,CF_SMALLBUF);
if (INTERACTIVE)
{
CfOut(cf_verbose,""," -> Using interactive key trust...\n");
gotkey = (long)HavePublicKey(user,peer,digest);
if (!gotkey)
{
gotkey = (long)HavePublicKey(user,ipv4,digest);
}
if (!gotkey)
{
printf("WARNING - You do not have a public key from host %s = %s\n",host,ipv4);
printf(" Do you want to accept one on trust? (yes/no)\n\n--> ");
while (true)
{
fgets(reply,8,stdin);
Chop(reply);
if (strcmp(reply,"yes")==0)
{
printf(" -> Will trust the key...\n");
a.copy.trustkey = true;
break;
}
else if (strcmp(reply,"no")==0)
{
printf(" -> Will not trust the key...\n");
a.copy.trustkey = false;
break;
}
else
{
printf(" !! Please reply yes or no...(%s)\n",reply);
}
}
}
}
/* Continue */
#ifdef MINGW
CfOut(cf_inform,"","...........................................................................\n");
CfOut(cf_inform,""," * Hailing %s : %u, with options \"%s\" (serial)\n",peer,a.copy.portnumber,REMOTE_AGENT_OPTIONS);
CfOut(cf_inform,"","...........................................................................\n");
#else /* NOT MINGW */
if (BACKGROUND)
{
CfOut(cf_inform,"","Hailing %s : %u, with options \"%s\" (parallel)\n",peer,a.copy.portnumber,REMOTE_AGENT_OPTIONS);
}
else
{
CfOut(cf_inform,"","...........................................................................\n");
CfOut(cf_inform,""," * Hailing %s : %u, with options \"%s\" (serial)\n",peer,a.copy.portnumber,REMOTE_AGENT_OPTIONS);
CfOut(cf_inform,"","...........................................................................\n");
}
#endif /* NOT MINGW */
a.copy.servers = SplitStringAsRList(peer,'*');
if (a.copy.servers == NULL || strcmp(a.copy.servers->item,"localhost") == 0)
{
cfPS(cf_inform,CF_NOP,"",pp,a,"No hosts are registered to connect to");
return false;
}
else
{
conn = NewServerConnection(a,pp);
if (conn == NULL)
{
CfOut(cf_verbose,""," -> No suitable server responded to hail\n");
return false;
}
}
/* Check trust interaction*/
pp->cache = NULL;
if (strlen(MENU) > 0)
{
#ifdef HAVE_NOVA
enum cfd_menu menu = String2Menu(MENU);
switch(menu)
{
case cfd_menu_delta:
Nova_QueryForKnowledgeMap(conn,MENU,time(0) - SECONDS_PER_MINUTE * 10);
break;
case cfd_menu_full:
Nova_QueryForKnowledgeMap(conn,MENU,time(0) - SECONDS_PER_WEEK);
break;
case cfd_menu_relay:
#ifdef HAVE_CONSTELLATION
queries = Constellation_CreateAllQueries();
Constellation_QueryRelay(conn,queries);
DeleteItemList(queries);
#endif
break;
default:
break;
}
#endif /* HAVE_NOVA */
}
else
{
HailExec(conn,peer,recvbuffer,sendbuffer);
}
ServerDisconnection(conn);
DeleteRlist(a.copy.servers);
return true;
}
static int HailServer(EvalContext *ctx, char *host)
{
AgentConnection *conn;
char sendbuffer[CF_BUFSIZE], recvbuffer[CF_BUFSIZE], peer[CF_MAXVARSIZE], ipv4[CF_MAXVARSIZE],
digest[CF_MAXVARSIZE], user[CF_SMALLBUF];
bool gotkey;
char reply[8];
FileCopy fc = {
.portnumber = (short) ParseHostname(host, peer),
};
snprintf(ipv4, CF_MAXVARSIZE, "%s", Hostname2IPString(peer));
Address2Hostkey(ipv4, digest);
GetCurrentUserName(user, CF_SMALLBUF);
if (INTERACTIVE)
{
CfOut(OUTPUT_LEVEL_VERBOSE, "", " -> Using interactive key trust...\n");
gotkey = HavePublicKey(user, peer, digest) != NULL;
if (!gotkey)
{
gotkey = HavePublicKey(user, ipv4, digest) != NULL;
}
if (!gotkey)
{
printf("WARNING - You do not have a public key from host %s = %s\n", host, ipv4);
printf(" Do you want to accept one on trust? (yes/no)\n\n--> ");
while (true)
{
if (fgets(reply, 8, stdin) == NULL)
{
FatalError(ctx, "EOF trying to read answer from terminal");
}
if (Chop(reply, CF_EXPANDSIZE) == -1)
{
CfOut(OUTPUT_LEVEL_ERROR, "", "Chop was called on a string that seemed to have no terminator");
}
if (strcmp(reply, "yes") == 0)
{
printf(" -> Will trust the key...\n");
fc.trustkey = true;
break;
}
else if (strcmp(reply, "no") == 0)
{
printf(" -> Will not trust the key...\n");
fc.trustkey = false;
break;
}
else
{
printf(" !! Please reply yes or no...(%s)\n", reply);
}
}
}
}
/* Continue */
#ifdef __MINGW32__
CfOut(OUTPUT_LEVEL_INFORM, "", "...........................................................................\n");
CfOut(OUTPUT_LEVEL_INFORM, "", " * Hailing %s : %u, with options \"%s\" (serial)\n", peer, fc.portnumber,
REMOTE_AGENT_OPTIONS);
CfOut(OUTPUT_LEVEL_INFORM, "", "...........................................................................\n");
#else /* !__MINGW32__ */
if (BACKGROUND)
{
CfOut(OUTPUT_LEVEL_INFORM, "", "Hailing %s : %u, with options \"%s\" (parallel)\n", peer, fc.portnumber,
REMOTE_AGENT_OPTIONS);
}
else
{
CfOut(OUTPUT_LEVEL_INFORM, "", "...........................................................................\n");
CfOut(OUTPUT_LEVEL_INFORM, "", " * Hailing %s : %u, with options \"%s\" (serial)\n", peer, fc.portnumber,
REMOTE_AGENT_OPTIONS);
CfOut(OUTPUT_LEVEL_INFORM, "", "...........................................................................\n");
}
#endif /* !__MINGW32__ */
fc.servers = RlistFromSplitString(peer, '*');
if (fc.servers == NULL || strcmp(fc.servers->item, "localhost") == 0)
{
CfOut(OUTPUT_LEVEL_INFORM, "", "No hosts are registered to connect to");
return false;
}
else
{
int err = 0;
conn = NewServerConnection(fc, false, &err);
if (conn == NULL)
{
RlistDestroy(fc.servers);
CfOut(OUTPUT_LEVEL_VERBOSE, "", " -> No suitable server responded to hail\n");
return false;
}
}
/* Check trust interaction*/
HailExec(conn, peer, recvbuffer, sendbuffer);
RlistDestroy(fc.servers);
return true;
}
/********************************************************************/
/* Level 2 */
/********************************************************************/
static void KeepControlPromises(EvalContext *ctx, Policy *policy)
{
Rval retval;
RUNATTR.copy.trustkey = false;
RUNATTR.copy.encrypt = true;
RUNATTR.copy.force_ipv4 = false;
RUNATTR.copy.portnumber = SHORT_CFENGINEPORT;
/* Keep promised agent behaviour - control bodies */
Seq *constraints = ControlBodyConstraints(policy, AGENT_TYPE_RUNAGENT);
if (constraints)
{
for (size_t i = 0; i < SeqLength(constraints); i++)
{
Constraint *cp = SeqAt(constraints, i);
if (!IsDefinedClass(ctx, cp->classes, NULL))
{
continue;
}
if (!EvalContextVariableGet(ctx, (VarRef) { NULL, "control_runagent", cp->lval }, &retval, NULL))
{
CfOut(OUTPUT_LEVEL_ERROR, "", "Unknown lval %s in runagent control body", cp->lval);
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_FORCE_IPV4].lval) == 0)
{
RUNATTR.copy.force_ipv4 = BooleanFromString(retval.item);
CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET force_ipv4 = %d\n", RUNATTR.copy.force_ipv4);
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_TRUSTKEY].lval) == 0)
{
RUNATTR.copy.trustkey = BooleanFromString(retval.item);
CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET trustkey = %d\n", RUNATTR.copy.trustkey);
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_ENCRYPT].lval) == 0)
{
RUNATTR.copy.encrypt = BooleanFromString(retval.item);
CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET encrypt = %d\n", RUNATTR.copy.encrypt);
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_PORT_NUMBER].lval) == 0)
{
RUNATTR.copy.portnumber = (short) IntFromString(retval.item);
CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET default portnumber = %u\n", (int) RUNATTR.copy.portnumber);
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_BACKGROUND].lval) == 0)
{
/*
* Only process this option if are is no -b or -i options specified on
* command line.
*/
if (BACKGROUND || INTERACTIVE)
{
CfOut(OUTPUT_LEVEL_ERROR, "",
"Warning: 'background_children' setting from 'body runagent control' is overriden by command-line option.");
}
else
{
BACKGROUND = BooleanFromString(retval.item);
}
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_MAX_CHILD].lval) == 0)
{
MAXCHILD = (short) IntFromString(retval.item);
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_OUTPUT_TO_FILE].lval) == 0)
{
OUTPUT_TO_FILE = BooleanFromString(retval.item);
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_OUTPUT_DIRECTORY].lval) == 0)
{
if (IsAbsPath(retval.item))
{
strncpy(OUTPUT_DIRECTORY, retval.item, CF_BUFSIZE - 1);
CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET output direcory to = %s\n", OUTPUT_DIRECTORY);
}
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_TIMEOUT].lval) == 0)
{
RUNATTR.copy.timeout = (short) IntFromString(retval.item);
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_HOSTS].lval) == 0)
{
if (HOSTLIST == NULL) // Don't override if command line setting
{
HOSTLIST = retval.item;
}
continue;
}
}
}
if (EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_LASTSEEN_EXPIRE_AFTER, &retval))
{
LASTSEENEXPIREAFTER = IntFromString(retval.item) * 60;
}
}
// SecureNAT server-side thread
void SnSecureNATThread(THREAD *t, void *param)
{
SNAT *s;
CONNECTION *c;
SESSION *se;
POLICY *policy;
HUB *h;
// Validate arguments
if (t == NULL || param == NULL)
{
return;
}
s = (SNAT *)param;
// Create a server connection
c = NewServerConnection(s->Cedar, NULL, t);
c->Protocol = CONNECTION_HUB_SECURE_NAT;
// Apply the default policy
policy = ClonePolicy(GetDefaultPolicy());
// Not to limit the number of broadcast
policy->NoBroadcastLimiter = true;
h = s->Hub;
AddRef(h->ref);
// create a server session
se = NewServerSession(s->Cedar, c, s->Hub, SNAT_USER_NAME, policy);
se->SecureNATMode = true;
se->SecureNAT = s;
c->Session = se;
ReleaseConnection(c);
HLog(se->Hub, "LH_NAT_START", se->Name);
// User name
se->Username = CopyStr(SNAT_USER_NAME_PRINT);
s->Session = se;
AddRef(se->ref);
// Notification initialization completion
NoticeThreadInit(t);
ReleaseCancel(s->Nat->Virtual->Cancel);
s->Nat->Virtual->Cancel = se->Cancel1;
AddRef(se->Cancel1->ref);
if (s->Nat->Virtual->NativeNat != NULL)
{
CANCEL *old_cancel = NULL;
Lock(s->Nat->Virtual->NativeNat->CancelLock);
{
if (s->Nat->Virtual->NativeNat->Cancel != NULL)
{
old_cancel = s->Nat->Virtual->NativeNat->Cancel;
s->Nat->Virtual->NativeNat->Cancel = se->Cancel1;
AddRef(se->Cancel1->ref);
}
}
Unlock(s->Nat->Virtual->NativeNat->CancelLock);
if (old_cancel != NULL)
{
ReleaseCancel(old_cancel);
}
}
// Main function of the session
Debug("SecureNAT Start.\n");
SessionMain(se);
Debug("SecureNAT Stop.\n");
HLog(se->Hub, "LH_NAT_STOP");
ReleaseHub(h);
ReleaseSession(se);
}
static int HailServer(EvalContext *ctx, char *host)
{
AgentConnection *conn;
char sendbuffer[CF_BUFSIZE], recvbuffer[CF_BUFSIZE], peer[CF_MAXVARSIZE],
digest[CF_MAXVARSIZE], user[CF_SMALLBUF];
bool gotkey;
char reply[8];
FileCopy fc = {
.portnumber = (unsigned short) ParseHostname(host, peer),
};
char ipaddr[CF_MAX_IP_LEN];
if (Hostname2IPString(ipaddr, peer, sizeof(ipaddr)) == -1)
{
Log(LOG_LEVEL_ERR,
"HailServer: ERROR, could not resolve '%s'", peer);
return false;
}
Address2Hostkey(ipaddr, digest);
GetCurrentUserName(user, CF_SMALLBUF);
if (INTERACTIVE)
{
Log(LOG_LEVEL_VERBOSE, "Using interactive key trust...");
gotkey = HavePublicKey(user, peer, digest) != NULL;
if (!gotkey)
{
gotkey = HavePublicKey(user, ipaddr, digest) != NULL;
}
if (!gotkey)
{
printf("WARNING - You do not have a public key from host %s = %s\n",
host, ipaddr);
printf(" Do you want to accept one on trust? (yes/no)\n\n--> ");
while (true)
{
if (fgets(reply, sizeof(reply), stdin) == NULL)
{
FatalError(ctx, "EOF trying to read answer from terminal");
}
if (Chop(reply, CF_EXPANDSIZE) == -1)
{
Log(LOG_LEVEL_ERR, "Chop was called on a string that seemed to have no terminator");
}
if (strcmp(reply, "yes") == 0)
{
printf("Will trust the key...\n");
fc.trustkey = true;
break;
}
else if (strcmp(reply, "no") == 0)
{
printf("Will not trust the key...\n");
fc.trustkey = false;
break;
}
else
{
printf("Please reply yes or no...(%s)\n", reply);
}
}
}
}
/* Continue */
#ifdef __MINGW32__
if (LEGACY_OUTPUT)
{
Log(LOG_LEVEL_INFO, "...........................................................................");
Log(LOG_LEVEL_INFO, " * Hailing %s : %u, with options \"%s\" (serial)", peer, fc.portnumber,
REMOTE_AGENT_OPTIONS);
Log(LOG_LEVEL_INFO, "...........................................................................");
}
else
{
Log(LOG_LEVEL_INFO, "Hailing '%s' : %u, with options '%s' (serial)", peer, fc.portnumber,
REMOTE_AGENT_OPTIONS);
}
#else /* !__MINGW32__ */
if (BACKGROUND)
{
Log(LOG_LEVEL_INFO, "Hailing '%s' : %u, with options '%s' (parallel)", peer, fc.portnumber,
REMOTE_AGENT_OPTIONS);
}
else
{
if (LEGACY_OUTPUT)
{
Log(LOG_LEVEL_INFO, "...........................................................................");
Log(LOG_LEVEL_INFO, " * Hailing %s : %u, with options \"%s\" (serial)", peer, fc.portnumber,
REMOTE_AGENT_OPTIONS);
Log(LOG_LEVEL_INFO, "...........................................................................");
}
else
{
Log(LOG_LEVEL_INFO, "Hailing '%s' : %u, with options '%s' (serial)", peer, fc.portnumber,
REMOTE_AGENT_OPTIONS);
}
}
#endif /* !__MINGW32__ */
fc.servers = RlistFromSplitString(peer, '*');
if (fc.servers == NULL || strcmp(RlistScalarValue(fc.servers), "localhost") == 0)
{
Log(LOG_LEVEL_INFO, "No hosts are registered to connect to");
return false;
}
else
{
int err = 0;
conn = NewServerConnection(fc, false, &err, -1);
if (conn == NULL)
{
RlistDestroy(fc.servers);
Log(LOG_LEVEL_VERBOSE, "No suitable server responded to hail");
return false;
}
}
/* Check trust interaction*/
HailExec(conn, peer, recvbuffer, sendbuffer);
RlistDestroy(fc.servers);
return true;
}
/********************************************************************/
/* Level 2 */
/********************************************************************/
static void KeepControlPromises(EvalContext *ctx, const Policy *policy)
{
Seq *constraints = ControlBodyConstraints(policy, AGENT_TYPE_RUNAGENT);
if (constraints)
{
for (size_t i = 0; i < SeqLength(constraints); i++)
{
Constraint *cp = SeqAt(constraints, i);
if (!IsDefinedClass(ctx, cp->classes))
{
continue;
}
VarRef *ref = VarRefParseFromScope(cp->lval, "control_runagent");
const void *value = EvalContextVariableGet(ctx, ref, NULL);
VarRefDestroy(ref);
if (!value)
{
Log(LOG_LEVEL_ERR, "Unknown lval '%s' in runagent control body", cp->lval);
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_FORCE_IPV4].lval) == 0)
{
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_TRUSTKEY].lval) == 0)
{
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_ENCRYPT].lval) == 0)
{
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_PORT_NUMBER].lval) == 0)
{
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_BACKGROUND].lval) == 0)
{
/*
* Only process this option if are is no -b or -i options specified on
* command line.
*/
if (BACKGROUND || INTERACTIVE)
{
Log(LOG_LEVEL_WARNING,
"'background_children' setting from 'body runagent control' is overridden by command-line option.");
}
else
{
BACKGROUND = BooleanFromString(value);
}
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_MAX_CHILD].lval) == 0)
{
MAXCHILD = (short) IntFromString(value);
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_OUTPUT_TO_FILE].lval) == 0)
{
OUTPUT_TO_FILE = BooleanFromString(value);
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_OUTPUT_DIRECTORY].lval) == 0)
{
if (IsAbsPath(value))
{
strncpy(OUTPUT_DIRECTORY, value, CF_BUFSIZE - 1);
Log(LOG_LEVEL_VERBOSE, "Setting output direcory to '%s'", OUTPUT_DIRECTORY);
}
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_TIMEOUT].lval) == 0)
{
continue;
}
if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_HOSTS].lval) == 0)
{
if (HOSTLIST == NULL) // Don't override if command line setting
{
HOSTLIST = value;
}
continue;
}
}
}
const char *expire_after = EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_LASTSEEN_EXPIRE_AFTER);
if (expire_after)
{
LASTSEENEXPIREAFTER = IntFromString(expire_after) * 60;
}
}
