void DeleteAlphaList(AlphaList *al)
{
for (int i = 0; i < CF_ALPHABETSIZE; i++)
{
DeleteItemList(al->list[i]);
}
InitAlphaList(al);
}
static int SelectOwnerMatch(char *path, struct stat *lstatptr, Rlist *crit)
{
AlphaList leafattrib;
Rlist *rp;
char ownerName[CF_BUFSIZE];
int gotOwner;
InitAlphaList(&leafattrib);
#ifndef MINGW // no uids on Windows
char buffer[CF_SMALLBUF];
sprintf(buffer, "%jd", (uintmax_t) lstatptr->st_uid);
PrependAlphaList(&leafattrib, buffer);
#endif /* MINGW */
gotOwner = GetOwnerName(path, lstatptr, ownerName, sizeof(ownerName));
if (gotOwner)
{
PrependAlphaList(&leafattrib, ownerName);
}
else
{
PrependAlphaList(&leafattrib, "none");
}
for (rp = crit; rp != NULL; rp = rp->next)
{
if (EvalFileResult((char *) rp->item, &leafattrib))
{
CfDebug(" - ? Select owner match\n");
DeleteAlphaList(&leafattrib);
return true;
}
if (gotOwner && FullTextMatch((char *) rp->item, ownerName))
{
CfDebug(" - ? Select owner match\n");
DeleteAlphaList(&leafattrib);
return true;
}
#ifndef MINGW
if (FullTextMatch((char *) rp->item, buffer))
{
CfDebug(" - ? Select owner match\n");
DeleteAlphaList(&leafattrib);
return true;
}
#endif /* NOT MINGW */
}
DeleteAlphaList(&leafattrib);
return false;
}
static int SelectGroupMatch(struct stat *lstatptr, Rlist *crit)
{
AlphaList leafattrib;
char buffer[CF_SMALLBUF];
struct group *gr;
Rlist *rp;
InitAlphaList(&leafattrib);
sprintf(buffer, "%jd", (uintmax_t) lstatptr->st_gid);
PrependAlphaList(&leafattrib, buffer);
if ((gr = getgrgid(lstatptr->st_gid)) != NULL)
{
PrependAlphaList(&leafattrib, gr->gr_name);
}
else
{
PrependAlphaList(&leafattrib, "none");
}
for (rp = crit; rp != NULL; rp = rp->next)
{
if (EvalFileResult((char *) rp->item, &leafattrib))
{
CfDebug(" - ? Select group match\n");
DeleteAlphaList(&leafattrib);
return true;
}
if (gr && FullTextMatch((char *) rp->item, gr->gr_name))
{
CfDebug(" - ? Select owner match\n");
DeleteAlphaList(&leafattrib);
return true;
}
if (FullTextMatch((char *) rp->item, buffer))
{
CfDebug(" - ? Select owner match\n");
DeleteAlphaList(&leafattrib);
return true;
}
}
DeleteAlphaList(&leafattrib);
return false;
}
static bool ScheduleRun(Policy **policy, GenericAgentConfig *config, ExecConfig *exec_config, const ReportContext *report_context)
{
Item *ip;
CfOut(OUTPUT_LEVEL_VERBOSE, "", "Sleeping...\n");
sleep(CFPULSETIME); /* 1 Minute resolution is enough */
// recheck license (in case of license updates or expiry)
if (EnterpriseExpiry())
{
CfOut(OUTPUT_LEVEL_ERROR, "", "Cfengine - autonomous configuration engine. This enterprise license is invalid.\n");
exit(1);
}
/*
* FIXME: this logic duplicates the one from cf-serverd.c. Unify ASAP.
*/
if (CheckNewPromises(config->input_file, InputFiles(*policy), report_context) == RELOAD_FULL)
{
/* Full reload */
CfOut(OUTPUT_LEVEL_INFORM, "", "Re-reading promise file %s..\n", config->input_file);
DeleteAlphaList(&VHEAP);
InitAlphaList(&VHEAP);
DeleteAlphaList(&VHARDHEAP);
InitAlphaList(&VHARDHEAP);
DeleteAlphaList(&VADDCLASSES);
InitAlphaList(&VADDCLASSES);
DeleteItemList(IPADDRESSES);
IPADDRESSES = NULL;
DeleteItemList(VNEGHEAP);
DeleteAllScope();
strcpy(VDOMAIN, "undefinded.domain");
POLICY_SERVER[0] = '\0';
VNEGHEAP = NULL;
PolicyDestroy(*policy);
*policy = NULL;
ERRORCOUNT = 0;
NewScope("sys");
SetPolicyServer(POLICY_SERVER);
NewScalar("sys", "policy_hub", POLICY_SERVER, DATA_TYPE_STRING);
NewScope("const");
NewScope("this");
NewScope("mon");
NewScope("control_server");
NewScope("control_common");
NewScope("remote_access");
GetNameInfo3();
GetInterfacesInfo(AGENT_TYPE_EXECUTOR);
Get3Environment();
BuiltinClasses();
OSClasses();
HardClass(CF_AGENTTYPES[THIS_AGENT_TYPE]);
SetReferenceTime(true);
GenericAgentConfigSetBundleSequence(config, NULL);
*policy = GenericAgentLoadPolicy(AGENT_TYPE_EXECUTOR, config, report_context);
KeepPromises(*policy, exec_config);
}
else
{
/* Environment reload */
DeleteAlphaList(&VHEAP);
InitAlphaList(&VHEAP);
DeleteAlphaList(&VADDCLASSES);
InitAlphaList(&VADDCLASSES);
DeleteAlphaList(&VHARDHEAP);
InitAlphaList(&VHARDHEAP);
DeleteItemList(IPADDRESSES);
IPADDRESSES = NULL;
DeleteScope("this");
DeleteScope("mon");
DeleteScope("sys");
NewScope("this");
NewScope("mon");
NewScope("sys");
GetInterfacesInfo(AGENT_TYPE_EXECUTOR);
Get3Environment();
BuiltinClasses();
OSClasses();
SetReferenceTime(true);
}
for (ip = SCHEDULE; ip != NULL; ip = ip->next)
{
CfOut(OUTPUT_LEVEL_VERBOSE, "", "Checking schedule %s...\n", ip->name);
if (IsDefinedClass(ip->name, NULL))
{
CfOut(OUTPUT_LEVEL_VERBOSE, "", "Waking up the agent at %s ~ %s \n", cf_ctime(&CFSTARTTIME), ip->name);
return true;
}
}
CfOut(OUTPUT_LEVEL_VERBOSE, "", "Nothing to do at %s\n", cf_ctime(&CFSTARTTIME));
return false;
}
int SelectLeaf(char *path, struct stat *sb, Attributes attr, Promise *pp)
{
AlphaList leaf_attr;
int result = true;
Rlist *rp;
InitAlphaList(&leaf_attr);
#ifdef MINGW
if (attr.select.issymlinkto != NULL)
{
CfOut(cf_verbose, "",
"files_select.issymlinkto is ignored on Windows (symbolic links are not supported by Windows)");
}
if (attr.select.groups != NULL)
{
CfOut(cf_verbose, "",
"files_select.search_groups is ignored on Windows (file groups are not supported by Windows)");
}
if (attr.select.bsdflags != NULL)
{
CfOut(cf_verbose, "", "files_select.search_bsdflags is ignored on Windows");
}
#endif /* MINGW */
if (!attr.haveselect)
{
return true;
}
if (attr.select.name == NULL)
{
PrependAlphaList(&leaf_attr, "leaf_name");
}
for (rp = attr.select.name; rp != NULL; rp = rp->next)
{
if (SelectNameRegexMatch(path, rp->item))
{
PrependAlphaList(&leaf_attr, "leaf_name");
break;
}
}
if (attr.select.path == NULL)
{
PrependAlphaList(&leaf_attr, "leaf_path");
}
for (rp = attr.select.path; rp != NULL; rp = rp->next)
{
if (SelectPathRegexMatch(path, rp->item))
{
PrependAlphaList(&leaf_attr, "path_name");
break;
}
}
if (SelectTypeMatch(sb, attr.select.filetypes))
{
PrependAlphaList(&leaf_attr, "file_types");
}
if (attr.select.owners && SelectOwnerMatch(path, sb, attr.select.owners))
{
PrependAlphaList(&leaf_attr, "owner");
}
if (attr.select.owners == NULL)
{
PrependAlphaList(&leaf_attr, "owner");
}
#ifdef MINGW
PrependAlphaList(&leaf_attr, "group");
#else /* NOT MINGW */
if (attr.select.groups && SelectGroupMatch(sb, attr.select.groups))
{
PrependAlphaList(&leaf_attr, "group");
}
if (attr.select.groups == NULL)
{
PrependAlphaList(&leaf_attr, "group");
}
#endif /* NOT MINGW */
if (SelectModeMatch(sb, attr.select.perms))
{
PrependAlphaList(&leaf_attr, "mode");
}
#if defined HAVE_CHFLAGS
if (SelectBSDMatch(sb, attr.select.bsdflags, pp))
{
PrependAlphaList(&leaf_attr, "bsdflags");
}
#endif
if (SelectTimeMatch(sb->st_atime, attr.select.min_atime, attr.select.max_atime))
{
PrependAlphaList(&leaf_attr, "atime");
}
if (SelectTimeMatch(sb->st_ctime, attr.select.min_ctime, attr.select.max_ctime))
{
PrependAlphaList(&leaf_attr, "ctime");
}
if (SelectSizeMatch(sb->st_size, attr.select.min_size, attr.select.max_size))
{
PrependAlphaList(&leaf_attr, "size");
}
if (SelectTimeMatch(sb->st_mtime, attr.select.min_mtime, attr.select.max_mtime))
{
PrependAlphaList(&leaf_attr, "mtime");
}
if (attr.select.issymlinkto && SelectIsSymLinkTo(path, attr.select.issymlinkto))
{
PrependAlphaList(&leaf_attr, "issymlinkto");
}
if (attr.select.exec_regex && SelectExecRegexMatch(path, attr.select.exec_regex, attr.select.exec_program))
{
PrependAlphaList(&leaf_attr, "exec_regex");
}
if (attr.select.exec_program && SelectExecProgram(path, attr.select.exec_program))
{
PrependAlphaList(&leaf_attr, "exec_program");
}
if ((result = EvalFileResult(attr.select.result, &leaf_attr)))
{
//NewClassesFromString(fp->defines);
}
CfDebug("Select result \"%s\"on %s was %d\n", attr.select.result, path, result);
DeleteAlphaList(&leaf_attr);
return result;
}
static int SelectTypeMatch(struct stat *lstatptr, Rlist *crit)
{
AlphaList leafattrib;
Rlist *rp;
InitAlphaList(&leafattrib);
if (S_ISREG(lstatptr->st_mode))
{
PrependAlphaList(&leafattrib, "reg");
PrependAlphaList(&leafattrib, "plain");
}
if (S_ISDIR(lstatptr->st_mode))
{
PrependAlphaList(&leafattrib, "dir");
}
#ifndef MINGW
if (S_ISLNK(lstatptr->st_mode))
{
PrependAlphaList(&leafattrib, "symlink");
}
if (S_ISFIFO(lstatptr->st_mode))
{
PrependAlphaList(&leafattrib, "fifo");
}
if (S_ISSOCK(lstatptr->st_mode))
{
PrependAlphaList(&leafattrib, "socket");
}
if (S_ISCHR(lstatptr->st_mode))
{
PrependAlphaList(&leafattrib, "char");
}
if (S_ISBLK(lstatptr->st_mode))
{
PrependAlphaList(&leafattrib, "block");
}
#endif /* NOT MINGW */
#ifdef HAVE_DOOR_CREATE
if (S_ISDOOR(lstatptr->st_mode))
{
PrependAlphaList(&leafattrib, "door");
}
#endif
for (rp = crit; rp != NULL; rp = rp->next)
{
if (EvalFileResult((char *) rp->item, &leafattrib))
{
DeleteAlphaList(&leafattrib);
return true;
}
}
DeleteAlphaList(&leafattrib);
return false;
}
void CheckFileChanges(Policy **policy, GenericAgentConfig *config, const ReportContext *report_context)
{
if (EnterpriseExpiry())
{
CfOut(cf_error, "", "!! This enterprise license is invalid.");
}
CfDebug("Checking file updates on %s\n", config->input_file);
if (NewPromiseProposals(config->input_file, InputFiles(*policy)))
{
CfOut(cf_verbose, "", " -> New promises detected...\n");
if (CheckPromises(config->input_file, report_context))
{
CfOut(cf_inform, "", "Rereading config files %s..\n", config->input_file);
/* Free & reload -- lock this to avoid access errors during reload */
DeleteItemList(VNEGHEAP);
DeleteAlphaList(&VHEAP);
InitAlphaList(&VHEAP);
DeleteAlphaList(&VHARDHEAP);
InitAlphaList(&VHARDHEAP);
DeleteAlphaList(&VADDCLASSES);
InitAlphaList(&VADDCLASSES);
DeleteItemList(IPADDRESSES);
IPADDRESSES = NULL;
DeleteItemList(SV.trustkeylist);
DeleteItemList(SV.skipverify);
DeleteItemList(SV.attackerlist);
DeleteItemList(SV.nonattackerlist);
DeleteItemList(SV.multiconnlist);
DeleteAuthList(VADMIT);
DeleteAuthList(VDENY);
DeleteAuthList(VARADMIT);
DeleteAuthList(VARDENY);
DeleteAuthList(ROLES);
//DeleteRlist(VINPUTLIST); This is just a pointer, cannot free it
DeleteAllScope();
strcpy(VDOMAIN, "undefined.domain");
POLICY_SERVER[0] = '\0';
VADMIT = VADMITTOP = NULL;
VDENY = VDENYTOP = NULL;
VARADMIT = VARADMITTOP = NULL;
VARDENY = VARDENYTOP = NULL;
ROLES = ROLESTOP = NULL;
VNEGHEAP = NULL;
SV.trustkeylist = NULL;
SV.skipverify = NULL;
SV.attackerlist = NULL;
SV.nonattackerlist = NULL;
SV.multiconnlist = NULL;
PolicyDestroy(*policy);
*policy = NULL;
ERRORCOUNT = 0;
NewScope("sys");
SetPolicyServer(POLICY_SERVER);
NewScalar("sys", "policy_hub", POLICY_SERVER, DATA_TYPE_STRING);
if (EnterpriseExpiry())
{
CfOut(cf_error, "",
"Cfengine - autonomous configuration engine. This enterprise license is invalid.\n");
}
NewScope("const");
NewScope("this");
NewScope("control_server");
NewScope("control_common");
NewScope("mon");
NewScope("remote_access");
GetNameInfo3();
GetInterfacesInfo(AGENT_TYPE_SERVER);
Get3Environment();
BuiltinClasses();
OSClasses();
KeepHardClasses();
HardClass(CF_AGENTTYPES[THIS_AGENT_TYPE]);
SetReferenceTime(true);
*policy = ReadPromises(AGENT_TYPE_SERVER, config, report_context);
KeepPromises(*policy, config, report_context);
Summarize();
}
else
{
CfOut(cf_inform, "", " !! File changes contain errors -- ignoring");
PROMISETIME = time(NULL);
}
}
else
{
CfDebug(" -> No new promises found\n");
}
}
int SelectProcess(char *procentry, char **names, int *start, int *end, Attributes a, Promise *pp)
{
AlphaList proc_attr;
int result = true, i;
char *column[CF_PROCCOLS];
Rlist *rp;
CfDebug("SelectProcess(%s)\n", procentry);
InitAlphaList(&proc_attr);
if (!a.haveselect)
{
return true;
}
if (!SplitProcLine(procentry, names, start, end, column))
{
return false;
}
if (DEBUG)
{
for (i = 0; names[i] != NULL; i++)
{
printf("COL[%s] = \"%s\"\n", names[i], column[i]);
}
}
for (rp = a.process_select.owner; rp != NULL; rp = rp->next)
{
if (SelectProcRegexMatch("USER", "UID", (char *) rp->item, names, column))
{
PrependAlphaList(&proc_attr, "process_owner");
break;
}
}
if (SelectProcRangeMatch("PID", "PID", a.process_select.min_pid, a.process_select.max_pid, names, column))
{
PrependAlphaList(&proc_attr, "pid");
}
if (SelectProcRangeMatch("PPID", "PPID", a.process_select.min_ppid, a.process_select.max_ppid, names, column))
{
PrependAlphaList(&proc_attr, "ppid");
}
if (SelectProcRangeMatch("PGID", "PGID", a.process_select.min_pgid, a.process_select.max_pgid, names, column))
{
PrependAlphaList(&proc_attr, "pgid");
}
if (SelectProcRangeMatch("VSZ", "SZ", a.process_select.min_vsize, a.process_select.max_vsize, names, column))
{
PrependAlphaList(&proc_attr, "vsize");
}
if (SelectProcRangeMatch("RSS", "RSS", a.process_select.min_rsize, a.process_select.max_rsize, names, column))
{
PrependAlphaList(&proc_attr, "rsize");
}
if (SelectProcTimeCounterRangeMatch
("TIME", "TIME", a.process_select.min_ttime, a.process_select.max_ttime, names, column))
{
PrependAlphaList(&proc_attr, "ttime");
}
if (SelectProcTimeAbsRangeMatch
("STIME", "START", a.process_select.min_stime, a.process_select.max_stime, names, column))
{
PrependAlphaList(&proc_attr, "stime");
}
if (SelectProcRangeMatch("NI", "PRI", a.process_select.min_pri, a.process_select.max_pri, names, column))
{
PrependAlphaList(&proc_attr, "priority");
}
if (SelectProcRangeMatch("NLWP", "NLWP", a.process_select.min_thread, a.process_select.max_thread, names, column))
{
PrependAlphaList(&proc_attr, "threads");
}
if (SelectProcRegexMatch("S", "STAT", a.process_select.status, names, column))
{
PrependAlphaList(&proc_attr, "status");
}
if (SelectProcRegexMatch("CMD", "COMMAND", a.process_select.command, names, column))
{
PrependAlphaList(&proc_attr, "command");
}
if (SelectProcRegexMatch("TTY", "TTY", a.process_select.tty, names, column))
{
PrependAlphaList(&proc_attr, "tty");
}
if ((result = EvalProcessResult(a.process_select.process_result, &proc_attr)))
{
//ClassesFromString(fp->defines);
}
DeleteAlphaList(&proc_attr);
if (result)
{
if (a.transaction.action == cfa_warn)
{
CfOut(cf_error, "", " !! Matched: %s\n", procentry);
}
else
{
CfOut(cf_inform, "", " !! Matched: %s\n", procentry);
}
}
for (i = 0; column[i] != NULL; i++)
{
free(column[i]);
}
return result;
}
static bool ScheduleRun(Policy **policy, ExecConfig *exec_config, const ReportContext *report_context)
{
Item *ip;
CfOut(cf_verbose, "", "Sleeping...\n");
sleep(CFPULSETIME); /* 1 Minute resolution is enough */
// recheck license (in case of license updates or expiry)
if (EnterpriseExpiry())
{
CfOut(cf_error, "", "Cfengine - autonomous configuration engine. This enterprise license is invalid.\n");
exit(1);
}
/*
* FIXME: this logic duplicates the one from cf-serverd.c. Unify ASAP.
*/
if (CheckNewPromises(report_context) == RELOAD_FULL)
{
/* Full reload */
CfOut(cf_inform, "", "Re-reading promise file %s..\n", VINPUTFILE);
DeleteAlphaList(&VHEAP);
InitAlphaList(&VHEAP);
DeleteAlphaList(&VHARDHEAP);
InitAlphaList(&VHARDHEAP);
DeleteAlphaList(&VADDCLASSES);
InitAlphaList(&VADDCLASSES);
DeleteItemList(IPADDRESSES);
IPADDRESSES = NULL;
DeleteItemList(VNEGHEAP);
DeleteAllScope();
strcpy(VDOMAIN, "undefinded.domain");
POLICY_SERVER[0] = '\0';
VNEGHEAP = NULL;
VINPUTLIST = NULL;
PolicyDestroy(*policy);
*policy = NULL;
ERRORCOUNT = 0;
NewScope("sys");
SetPolicyServer(POLICY_SERVER);
NewScalar("sys", "policy_hub", POLICY_SERVER, cf_str);
NewScope("const");
NewScope("this");
NewScope("mon");
NewScope("control_server");
NewScope("control_common");
NewScope("remote_access");
GetNameInfo3();
GetInterfacesInfo(AGENT_TYPE_EXECUTOR);
Get3Environment();
BuiltinClasses();
OSClasses();
HardClass(CF_AGENTTYPES[THIS_AGENT_TYPE]);
SetReferenceTime(true);
GenericAgentConfig config = {
.bundlesequence = NULL
};
*policy = ReadPromises(AGENT_TYPE_EXECUTOR, CF_EXECC, config, report_context);
KeepPromises(*policy, exec_config);
}