/** * @brief Writes the policy validation file and release ID to a directory * @return True if successful. */ bool GenericAgentTagReleaseDirectory(const GenericAgentConfig *config, const char *dirname, bool write_validated, bool write_release) { char local_dirname[PATH_MAX + 1]; if (NULL == dirname) { GetAutotagDir(local_dirname, PATH_MAX, NULL); dirname = local_dirname; } char filename[CF_MAXVARSIZE]; char git_checksum[GENERIC_AGENT_CHECKSUM_SIZE]; bool have_git_checksum = GeneratePolicyReleaseIDFromGit(git_checksum, sizeof(git_checksum), dirname); Log(LOG_LEVEL_DEBUG, "Tagging directory %s for release (write_validated: %s, write_release: %s)", dirname, write_validated ? "yes" : "no", write_release ? "yes" : "no"); if (write_release) { // first, tag the release ID GetReleaseIdFile(dirname, filename, sizeof(filename)); char *id = ReadReleaseIdFromReleaseIdFileMasterfiles(dirname); if (NULL == id || (have_git_checksum && 0 != strcmp(id, git_checksum))) { if (NULL == id) { Log(LOG_LEVEL_DEBUG, "The release_id of %s was missing", dirname); } else { Log(LOG_LEVEL_DEBUG, "The release_id of %s needs to be updated", dirname); } bool wrote_release = WriteReleaseIdFile(filename, dirname); if (!wrote_release) { Log(LOG_LEVEL_VERBOSE, "The release_id file %s was NOT updated", filename); free(id); return false; } else { Log(LOG_LEVEL_DEBUG, "The release_id file %s was updated", filename); } } free(id); } // now, tag the promises_validated if (write_validated) { Log(LOG_LEVEL_DEBUG, "Tagging directory %s for validation", dirname); GetPromisesValidatedFile(filename, sizeof(filename), config, dirname); bool wrote_validated = WritePolicyValidatedFile(config, filename); if (!wrote_validated) { Log(LOG_LEVEL_VERBOSE, "The promises_validated file %s was NOT updated", filename); return false; } Log(LOG_LEVEL_DEBUG, "The promises_validated file %s was updated", filename); return true; } return true; }
bool GenericAgentCheckPromises(const GenericAgentConfig *config) { char cmd[CF_BUFSIZE]; Log(LOG_LEVEL_VERBOSE, "Verifying the syntax of the inputs..."); { char cfpromises[CF_MAXVARSIZE]; snprintf(cfpromises, sizeof(cfpromises), "%s%cbin%ccf-promises%s", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR, EXEC_SUFFIX); struct stat sb; if (stat(cfpromises, &sb) == -1) { Log(LOG_LEVEL_ERR, "cf-promises%s needs to be installed in %s%cbin for pre-validation of full configuration", EXEC_SUFFIX, CFWORKDIR, FILE_SEPARATOR); return false; } if (config->bundlesequence) { snprintf(cmd, sizeof(cmd), "\"%s\" \"", cfpromises); } else { snprintf(cmd, sizeof(cmd), "\"%s\" -c \"", cfpromises); } } strlcat(cmd, config->input_file, CF_BUFSIZE); strlcat(cmd, "\"", CF_BUFSIZE); if (config->bundlesequence) { strlcat(cmd, " -b \"", CF_BUFSIZE); for (const Rlist *rp = config->bundlesequence; rp; rp = rp->next) { const char *bundle_ref = rp->item; strlcat(cmd, bundle_ref, CF_BUFSIZE); if (rp->next) { strlcat(cmd, ",", CF_BUFSIZE); } } strlcat(cmd, "\"", CF_BUFSIZE); } if (config->agent_specific.agent.bootstrap_policy_server) { // avoids license complains from commercial cf-promises during bootstrap - see Nova_CheckLicensePromise strlcat(cmd, " -D bootstrap_mode", CF_BUFSIZE); } Log(LOG_LEVEL_VERBOSE, "Checking policy with command '%s'", cmd); if (!ShellCommandReturnsZero(cmd, true)) { Log(LOG_LEVEL_ERR, "Policy failed validation with command '%s'", cmd); return false; } if (!IsFileOutsideDefaultRepository(config->original_input_file)) { WritePolicyValidatedFile(config); } return true; }