static int SelectOwnerMatch(char *path, struct stat *lstatptr, Rlist *crit) { AlphaList leafattrib; Rlist *rp; char ownerName[CF_BUFSIZE]; int gotOwner; InitAlphaList(&leafattrib); #ifndef MINGW // no uids on Windows char buffer[CF_SMALLBUF]; sprintf(buffer, "%jd", (uintmax_t) lstatptr->st_uid); PrependAlphaList(&leafattrib, buffer); #endif /* MINGW */ gotOwner = GetOwnerName(path, lstatptr, ownerName, sizeof(ownerName)); if (gotOwner) { PrependAlphaList(&leafattrib, ownerName); } else { PrependAlphaList(&leafattrib, "none"); } for (rp = crit; rp != NULL; rp = rp->next) { if (EvalFileResult((char *) rp->item, &leafattrib)) { CfDebug(" - ? Select owner match\n"); DeleteAlphaList(&leafattrib); return true; } if (gotOwner && FullTextMatch((char *) rp->item, ownerName)) { CfDebug(" - ? Select owner match\n"); DeleteAlphaList(&leafattrib); return true; } #ifndef MINGW if (FullTextMatch((char *) rp->item, buffer)) { CfDebug(" - ? Select owner match\n"); DeleteAlphaList(&leafattrib); return true; } #endif /* NOT MINGW */ } DeleteAlphaList(&leafattrib); return false; }
static int SelectGroupMatch(struct stat *lstatptr, Rlist *crit) { AlphaList leafattrib; char buffer[CF_SMALLBUF]; struct group *gr; Rlist *rp; InitAlphaList(&leafattrib); sprintf(buffer, "%jd", (uintmax_t) lstatptr->st_gid); PrependAlphaList(&leafattrib, buffer); if ((gr = getgrgid(lstatptr->st_gid)) != NULL) { PrependAlphaList(&leafattrib, gr->gr_name); } else { PrependAlphaList(&leafattrib, "none"); } for (rp = crit; rp != NULL; rp = rp->next) { if (EvalFileResult((char *) rp->item, &leafattrib)) { CfDebug(" - ? Select group match\n"); DeleteAlphaList(&leafattrib); return true; } if (gr && FullTextMatch((char *) rp->item, gr->gr_name)) { CfDebug(" - ? Select owner match\n"); DeleteAlphaList(&leafattrib); return true; } if (FullTextMatch((char *) rp->item, buffer)) { CfDebug(" - ? Select owner match\n"); DeleteAlphaList(&leafattrib); return true; } } DeleteAlphaList(&leafattrib); return false; }
static bool ScheduleRun(Policy **policy, GenericAgentConfig *config, ExecConfig *exec_config, const ReportContext *report_context) { Item *ip; CfOut(OUTPUT_LEVEL_VERBOSE, "", "Sleeping...\n"); sleep(CFPULSETIME); /* 1 Minute resolution is enough */ // recheck license (in case of license updates or expiry) if (EnterpriseExpiry()) { CfOut(OUTPUT_LEVEL_ERROR, "", "Cfengine - autonomous configuration engine. This enterprise license is invalid.\n"); exit(1); } /* * FIXME: this logic duplicates the one from cf-serverd.c. Unify ASAP. */ if (CheckNewPromises(config->input_file, InputFiles(*policy), report_context) == RELOAD_FULL) { /* Full reload */ CfOut(OUTPUT_LEVEL_INFORM, "", "Re-reading promise file %s..\n", config->input_file); DeleteAlphaList(&VHEAP); InitAlphaList(&VHEAP); DeleteAlphaList(&VHARDHEAP); InitAlphaList(&VHARDHEAP); DeleteAlphaList(&VADDCLASSES); InitAlphaList(&VADDCLASSES); DeleteItemList(IPADDRESSES); IPADDRESSES = NULL; DeleteItemList(VNEGHEAP); DeleteAllScope(); strcpy(VDOMAIN, "undefinded.domain"); POLICY_SERVER[0] = '\0'; VNEGHEAP = NULL; PolicyDestroy(*policy); *policy = NULL; ERRORCOUNT = 0; NewScope("sys"); SetPolicyServer(POLICY_SERVER); NewScalar("sys", "policy_hub", POLICY_SERVER, DATA_TYPE_STRING); NewScope("const"); NewScope("this"); NewScope("mon"); NewScope("control_server"); NewScope("control_common"); NewScope("remote_access"); GetNameInfo3(); GetInterfacesInfo(AGENT_TYPE_EXECUTOR); Get3Environment(); BuiltinClasses(); OSClasses(); HardClass(CF_AGENTTYPES[THIS_AGENT_TYPE]); SetReferenceTime(true); GenericAgentConfigSetBundleSequence(config, NULL); *policy = GenericAgentLoadPolicy(AGENT_TYPE_EXECUTOR, config, report_context); KeepPromises(*policy, exec_config); } else { /* Environment reload */ DeleteAlphaList(&VHEAP); InitAlphaList(&VHEAP); DeleteAlphaList(&VADDCLASSES); InitAlphaList(&VADDCLASSES); DeleteAlphaList(&VHARDHEAP); InitAlphaList(&VHARDHEAP); DeleteItemList(IPADDRESSES); IPADDRESSES = NULL; DeleteScope("this"); DeleteScope("mon"); DeleteScope("sys"); NewScope("this"); NewScope("mon"); NewScope("sys"); GetInterfacesInfo(AGENT_TYPE_EXECUTOR); Get3Environment(); BuiltinClasses(); OSClasses(); SetReferenceTime(true); } for (ip = SCHEDULE; ip != NULL; ip = ip->next) { CfOut(OUTPUT_LEVEL_VERBOSE, "", "Checking schedule %s...\n", ip->name); if (IsDefinedClass(ip->name, NULL)) { CfOut(OUTPUT_LEVEL_VERBOSE, "", "Waking up the agent at %s ~ %s \n", cf_ctime(&CFSTARTTIME), ip->name); return true; } } CfOut(OUTPUT_LEVEL_VERBOSE, "", "Nothing to do at %s\n", cf_ctime(&CFSTARTTIME)); return false; }
int SelectLeaf(char *path, struct stat *sb, Attributes attr, Promise *pp) { AlphaList leaf_attr; int result = true; Rlist *rp; InitAlphaList(&leaf_attr); #ifdef MINGW if (attr.select.issymlinkto != NULL) { CfOut(cf_verbose, "", "files_select.issymlinkto is ignored on Windows (symbolic links are not supported by Windows)"); } if (attr.select.groups != NULL) { CfOut(cf_verbose, "", "files_select.search_groups is ignored on Windows (file groups are not supported by Windows)"); } if (attr.select.bsdflags != NULL) { CfOut(cf_verbose, "", "files_select.search_bsdflags is ignored on Windows"); } #endif /* MINGW */ if (!attr.haveselect) { return true; } if (attr.select.name == NULL) { PrependAlphaList(&leaf_attr, "leaf_name"); } for (rp = attr.select.name; rp != NULL; rp = rp->next) { if (SelectNameRegexMatch(path, rp->item)) { PrependAlphaList(&leaf_attr, "leaf_name"); break; } } if (attr.select.path == NULL) { PrependAlphaList(&leaf_attr, "leaf_path"); } for (rp = attr.select.path; rp != NULL; rp = rp->next) { if (SelectPathRegexMatch(path, rp->item)) { PrependAlphaList(&leaf_attr, "path_name"); break; } } if (SelectTypeMatch(sb, attr.select.filetypes)) { PrependAlphaList(&leaf_attr, "file_types"); } if (attr.select.owners && SelectOwnerMatch(path, sb, attr.select.owners)) { PrependAlphaList(&leaf_attr, "owner"); } if (attr.select.owners == NULL) { PrependAlphaList(&leaf_attr, "owner"); } #ifdef MINGW PrependAlphaList(&leaf_attr, "group"); #else /* NOT MINGW */ if (attr.select.groups && SelectGroupMatch(sb, attr.select.groups)) { PrependAlphaList(&leaf_attr, "group"); } if (attr.select.groups == NULL) { PrependAlphaList(&leaf_attr, "group"); } #endif /* NOT MINGW */ if (SelectModeMatch(sb, attr.select.perms)) { PrependAlphaList(&leaf_attr, "mode"); } #if defined HAVE_CHFLAGS if (SelectBSDMatch(sb, attr.select.bsdflags, pp)) { PrependAlphaList(&leaf_attr, "bsdflags"); } #endif if (SelectTimeMatch(sb->st_atime, attr.select.min_atime, attr.select.max_atime)) { PrependAlphaList(&leaf_attr, "atime"); } if (SelectTimeMatch(sb->st_ctime, attr.select.min_ctime, attr.select.max_ctime)) { PrependAlphaList(&leaf_attr, "ctime"); } if (SelectSizeMatch(sb->st_size, attr.select.min_size, attr.select.max_size)) { PrependAlphaList(&leaf_attr, "size"); } if (SelectTimeMatch(sb->st_mtime, attr.select.min_mtime, attr.select.max_mtime)) { PrependAlphaList(&leaf_attr, "mtime"); } if (attr.select.issymlinkto && SelectIsSymLinkTo(path, attr.select.issymlinkto)) { PrependAlphaList(&leaf_attr, "issymlinkto"); } if (attr.select.exec_regex && SelectExecRegexMatch(path, attr.select.exec_regex, attr.select.exec_program)) { PrependAlphaList(&leaf_attr, "exec_regex"); } if (attr.select.exec_program && SelectExecProgram(path, attr.select.exec_program)) { PrependAlphaList(&leaf_attr, "exec_program"); } if ((result = EvalFileResult(attr.select.result, &leaf_attr))) { //NewClassesFromString(fp->defines); } CfDebug("Select result \"%s\"on %s was %d\n", attr.select.result, path, result); DeleteAlphaList(&leaf_attr); return result; }
static int SelectTypeMatch(struct stat *lstatptr, Rlist *crit) { AlphaList leafattrib; Rlist *rp; InitAlphaList(&leafattrib); if (S_ISREG(lstatptr->st_mode)) { PrependAlphaList(&leafattrib, "reg"); PrependAlphaList(&leafattrib, "plain"); } if (S_ISDIR(lstatptr->st_mode)) { PrependAlphaList(&leafattrib, "dir"); } #ifndef MINGW if (S_ISLNK(lstatptr->st_mode)) { PrependAlphaList(&leafattrib, "symlink"); } if (S_ISFIFO(lstatptr->st_mode)) { PrependAlphaList(&leafattrib, "fifo"); } if (S_ISSOCK(lstatptr->st_mode)) { PrependAlphaList(&leafattrib, "socket"); } if (S_ISCHR(lstatptr->st_mode)) { PrependAlphaList(&leafattrib, "char"); } if (S_ISBLK(lstatptr->st_mode)) { PrependAlphaList(&leafattrib, "block"); } #endif /* NOT MINGW */ #ifdef HAVE_DOOR_CREATE if (S_ISDOOR(lstatptr->st_mode)) { PrependAlphaList(&leafattrib, "door"); } #endif for (rp = crit; rp != NULL; rp = rp->next) { if (EvalFileResult((char *) rp->item, &leafattrib)) { DeleteAlphaList(&leafattrib); return true; } } DeleteAlphaList(&leafattrib); return false; }
void CheckFileChanges(Policy **policy, GenericAgentConfig *config, const ReportContext *report_context) { if (EnterpriseExpiry()) { CfOut(cf_error, "", "!! This enterprise license is invalid."); } CfDebug("Checking file updates on %s\n", config->input_file); if (NewPromiseProposals(config->input_file, InputFiles(*policy))) { CfOut(cf_verbose, "", " -> New promises detected...\n"); if (CheckPromises(config->input_file, report_context)) { CfOut(cf_inform, "", "Rereading config files %s..\n", config->input_file); /* Free & reload -- lock this to avoid access errors during reload */ DeleteItemList(VNEGHEAP); DeleteAlphaList(&VHEAP); InitAlphaList(&VHEAP); DeleteAlphaList(&VHARDHEAP); InitAlphaList(&VHARDHEAP); DeleteAlphaList(&VADDCLASSES); InitAlphaList(&VADDCLASSES); DeleteItemList(IPADDRESSES); IPADDRESSES = NULL; DeleteItemList(SV.trustkeylist); DeleteItemList(SV.skipverify); DeleteItemList(SV.attackerlist); DeleteItemList(SV.nonattackerlist); DeleteItemList(SV.multiconnlist); DeleteAuthList(VADMIT); DeleteAuthList(VDENY); DeleteAuthList(VARADMIT); DeleteAuthList(VARDENY); DeleteAuthList(ROLES); //DeleteRlist(VINPUTLIST); This is just a pointer, cannot free it DeleteAllScope(); strcpy(VDOMAIN, "undefined.domain"); POLICY_SERVER[0] = '\0'; VADMIT = VADMITTOP = NULL; VDENY = VDENYTOP = NULL; VARADMIT = VARADMITTOP = NULL; VARDENY = VARDENYTOP = NULL; ROLES = ROLESTOP = NULL; VNEGHEAP = NULL; SV.trustkeylist = NULL; SV.skipverify = NULL; SV.attackerlist = NULL; SV.nonattackerlist = NULL; SV.multiconnlist = NULL; PolicyDestroy(*policy); *policy = NULL; ERRORCOUNT = 0; NewScope("sys"); SetPolicyServer(POLICY_SERVER); NewScalar("sys", "policy_hub", POLICY_SERVER, DATA_TYPE_STRING); if (EnterpriseExpiry()) { CfOut(cf_error, "", "Cfengine - autonomous configuration engine. This enterprise license is invalid.\n"); } NewScope("const"); NewScope("this"); NewScope("control_server"); NewScope("control_common"); NewScope("mon"); NewScope("remote_access"); GetNameInfo3(); GetInterfacesInfo(AGENT_TYPE_SERVER); Get3Environment(); BuiltinClasses(); OSClasses(); KeepHardClasses(); HardClass(CF_AGENTTYPES[THIS_AGENT_TYPE]); SetReferenceTime(true); *policy = ReadPromises(AGENT_TYPE_SERVER, config, report_context); KeepPromises(*policy, config, report_context); Summarize(); } else { CfOut(cf_inform, "", " !! File changes contain errors -- ignoring"); PROMISETIME = time(NULL); } } else { CfDebug(" -> No new promises found\n"); } }
int SelectProcess(char *procentry, char **names, int *start, int *end, Attributes a, Promise *pp) { AlphaList proc_attr; int result = true, i; char *column[CF_PROCCOLS]; Rlist *rp; CfDebug("SelectProcess(%s)\n", procentry); InitAlphaList(&proc_attr); if (!a.haveselect) { return true; } if (!SplitProcLine(procentry, names, start, end, column)) { return false; } if (DEBUG) { for (i = 0; names[i] != NULL; i++) { printf("COL[%s] = \"%s\"\n", names[i], column[i]); } } for (rp = a.process_select.owner; rp != NULL; rp = rp->next) { if (SelectProcRegexMatch("USER", "UID", (char *) rp->item, names, column)) { PrependAlphaList(&proc_attr, "process_owner"); break; } } if (SelectProcRangeMatch("PID", "PID", a.process_select.min_pid, a.process_select.max_pid, names, column)) { PrependAlphaList(&proc_attr, "pid"); } if (SelectProcRangeMatch("PPID", "PPID", a.process_select.min_ppid, a.process_select.max_ppid, names, column)) { PrependAlphaList(&proc_attr, "ppid"); } if (SelectProcRangeMatch("PGID", "PGID", a.process_select.min_pgid, a.process_select.max_pgid, names, column)) { PrependAlphaList(&proc_attr, "pgid"); } if (SelectProcRangeMatch("VSZ", "SZ", a.process_select.min_vsize, a.process_select.max_vsize, names, column)) { PrependAlphaList(&proc_attr, "vsize"); } if (SelectProcRangeMatch("RSS", "RSS", a.process_select.min_rsize, a.process_select.max_rsize, names, column)) { PrependAlphaList(&proc_attr, "rsize"); } if (SelectProcTimeCounterRangeMatch ("TIME", "TIME", a.process_select.min_ttime, a.process_select.max_ttime, names, column)) { PrependAlphaList(&proc_attr, "ttime"); } if (SelectProcTimeAbsRangeMatch ("STIME", "START", a.process_select.min_stime, a.process_select.max_stime, names, column)) { PrependAlphaList(&proc_attr, "stime"); } if (SelectProcRangeMatch("NI", "PRI", a.process_select.min_pri, a.process_select.max_pri, names, column)) { PrependAlphaList(&proc_attr, "priority"); } if (SelectProcRangeMatch("NLWP", "NLWP", a.process_select.min_thread, a.process_select.max_thread, names, column)) { PrependAlphaList(&proc_attr, "threads"); } if (SelectProcRegexMatch("S", "STAT", a.process_select.status, names, column)) { PrependAlphaList(&proc_attr, "status"); } if (SelectProcRegexMatch("CMD", "COMMAND", a.process_select.command, names, column)) { PrependAlphaList(&proc_attr, "command"); } if (SelectProcRegexMatch("TTY", "TTY", a.process_select.tty, names, column)) { PrependAlphaList(&proc_attr, "tty"); } if ((result = EvalProcessResult(a.process_select.process_result, &proc_attr))) { //ClassesFromString(fp->defines); } DeleteAlphaList(&proc_attr); if (result) { if (a.transaction.action == cfa_warn) { CfOut(cf_error, "", " !! Matched: %s\n", procentry); } else { CfOut(cf_inform, "", " !! Matched: %s\n", procentry); } } for (i = 0; column[i] != NULL; i++) { free(column[i]); } return result; }
static bool ScheduleRun(Policy **policy, ExecConfig *exec_config, const ReportContext *report_context) { Item *ip; CfOut(cf_verbose, "", "Sleeping...\n"); sleep(CFPULSETIME); /* 1 Minute resolution is enough */ // recheck license (in case of license updates or expiry) if (EnterpriseExpiry()) { CfOut(cf_error, "", "Cfengine - autonomous configuration engine. This enterprise license is invalid.\n"); exit(1); } /* * FIXME: this logic duplicates the one from cf-serverd.c. Unify ASAP. */ if (CheckNewPromises(report_context) == RELOAD_FULL) { /* Full reload */ CfOut(cf_inform, "", "Re-reading promise file %s..\n", VINPUTFILE); DeleteAlphaList(&VHEAP); InitAlphaList(&VHEAP); DeleteAlphaList(&VHARDHEAP); InitAlphaList(&VHARDHEAP); DeleteAlphaList(&VADDCLASSES); InitAlphaList(&VADDCLASSES); DeleteItemList(IPADDRESSES); IPADDRESSES = NULL; DeleteItemList(VNEGHEAP); DeleteAllScope(); strcpy(VDOMAIN, "undefinded.domain"); POLICY_SERVER[0] = '\0'; VNEGHEAP = NULL; VINPUTLIST = NULL; PolicyDestroy(*policy); *policy = NULL; ERRORCOUNT = 0; NewScope("sys"); SetPolicyServer(POLICY_SERVER); NewScalar("sys", "policy_hub", POLICY_SERVER, cf_str); NewScope("const"); NewScope("this"); NewScope("mon"); NewScope("control_server"); NewScope("control_common"); NewScope("remote_access"); GetNameInfo3(); GetInterfacesInfo(AGENT_TYPE_EXECUTOR); Get3Environment(); BuiltinClasses(); OSClasses(); HardClass(CF_AGENTTYPES[THIS_AGENT_TYPE]); SetReferenceTime(true); GenericAgentConfig config = { .bundlesequence = NULL }; *policy = ReadPromises(AGENT_TYPE_EXECUTOR, CF_EXECC, config, report_context); KeepPromises(*policy, exec_config); }