static char *InputLocation(char *filename) { static char wfilename[CF_BUFSIZE], path[CF_BUFSIZE]; if (MINUSF && (filename != VINPUTFILE) && IsFileOutsideDefaultRepository(VINPUTFILE) && !IsAbsoluteFileName(filename)) { /* If -f assume included relative files are in same directory */ strncpy(path,VINPUTFILE,CF_BUFSIZE-1); ChopLastNode(path); snprintf(wfilename,CF_BUFSIZE-1,"%s%c%s",path,FILE_SEPARATOR,filename); } else if (IsFileOutsideDefaultRepository(filename)) { strncpy(wfilename,filename,CF_BUFSIZE-1); } else { snprintf(wfilename,CF_BUFSIZE-1,"%s%cinputs%c%s",CFWORKDIR,FILE_SEPARATOR,FILE_SEPARATOR,filename); } return MapName(wfilename); }
FilePathType FilePathGetType(const char *file_path) { if (IsAbsoluteFileName(file_path)) { return FILE_PATH_TYPE_ABSOLUTE; } else if (IsFileOutsideDefaultRepository(file_path)) { return FILE_PATH_TYPE_RELATIVE; } else { return FILE_PATH_TYPE_NON_ANCHORED; } }
static bool IsPolicyPrecheckNeeded(GenericAgentConfig *config, bool force_validation) { bool check_policy = false; if (IsFileOutsideDefaultRepository(config->input_file)) { check_policy = true; Log(LOG_LEVEL_VERBOSE, "Input file is outside default repository, validating it"); } if (GenericAgentIsPolicyReloadNeeded(config)) { check_policy = true; Log(LOG_LEVEL_VERBOSE, "Input file is changed since last validation, validating it"); } if (force_validation) { check_policy = true; Log(LOG_LEVEL_VERBOSE, "always_validate is set, forcing policy validation"); } return check_policy; }
bool GenericAgentCheckPromises(const GenericAgentConfig *config) { char cmd[CF_BUFSIZE]; Log(LOG_LEVEL_VERBOSE, "Verifying the syntax of the inputs..."); { char cfpromises[CF_MAXVARSIZE]; snprintf(cfpromises, sizeof(cfpromises), "%s%cbin%ccf-promises%s", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR, EXEC_SUFFIX); struct stat sb; if (stat(cfpromises, &sb) == -1) { Log(LOG_LEVEL_ERR, "cf-promises%s needs to be installed in %s%cbin for pre-validation of full configuration", EXEC_SUFFIX, CFWORKDIR, FILE_SEPARATOR); return false; } if (config->bundlesequence) { snprintf(cmd, sizeof(cmd), "\"%s\" \"", cfpromises); } else { snprintf(cmd, sizeof(cmd), "\"%s\" -c \"", cfpromises); } } strlcat(cmd, config->input_file, CF_BUFSIZE); strlcat(cmd, "\"", CF_BUFSIZE); if (config->bundlesequence) { strlcat(cmd, " -b \"", CF_BUFSIZE); for (const Rlist *rp = config->bundlesequence; rp; rp = rp->next) { const char *bundle_ref = rp->item; strlcat(cmd, bundle_ref, CF_BUFSIZE); if (rp->next) { strlcat(cmd, ",", CF_BUFSIZE); } } strlcat(cmd, "\"", CF_BUFSIZE); } if (config->agent_specific.agent.bootstrap_policy_server) { // avoids license complains from commercial cf-promises during bootstrap - see Nova_CheckLicensePromise strlcat(cmd, " -D bootstrap_mode", CF_BUFSIZE); } Log(LOG_LEVEL_VERBOSE, "Checking policy with command '%s'", cmd); if (!ShellCommandReturnsZero(cmd, true)) { Log(LOG_LEVEL_ERR, "Policy failed validation with command '%s'", cmd); return false; } if (!IsFileOutsideDefaultRepository(config->original_input_file)) { WritePolicyValidatedFile(config); } return true; }
void GenericInitialize(int argc,char **argv,char *agents) { enum cfagenttype ag = Agent2Type(agents); char vbuff[CF_BUFSIZE]; int ok = false; #ifdef HAVE_NOVA CF_DEFAULT_DIGEST = cf_sha256; CF_DEFAULT_DIGEST_LEN = CF_SHA256_LEN; #else CF_DEFAULT_DIGEST = cf_md5; CF_DEFAULT_DIGEST_LEN = CF_MD5_LEN; #endif InitializeGA(argc,argv); SetReferenceTime(true); SetStartTime(false); SetSignals(); SanitizeEnvironment(); strcpy(THIS_AGENT,CF_AGENTTYPES[ag]); NewClass(THIS_AGENT); THIS_AGENT_TYPE = ag; // need scope sys to set vars in expiry function SetNewScope("sys"); if (EnterpriseExpiry()) { CfOut(cf_error,"","Cfengine - autonomous configuration engine. This enterprise license is invalid.\n"); exit(1); } if (AM_NOVA) { CfOut(cf_verbose,""," -> This is CFE Nova\n"); } if (AM_CONSTELLATION) { CfOut(cf_verbose,""," -> This is CFE Constellation\n"); } NewScope("const"); NewScope("match"); NewScope("mon"); GetNameInfo3(); CfGetInterfaceInfo(ag); if (ag != cf_know) { Get3Environment(); BuiltinClasses(); OSClasses(); } LoadPersistentContext(); LoadSystemConstants(); snprintf(vbuff,CF_BUFSIZE,"control_%s",THIS_AGENT); SetNewScope(vbuff); NewScope("this"); NewScope("match"); if (BOOTSTRAP) { CheckAutoBootstrap(); } else { if (strlen(POLICY_SERVER) > 0) { CfOut(cf_verbose,""," -> Found a policy server (hub) on %s",POLICY_SERVER); } else { CfOut(cf_verbose,""," -> No policy server (hub) watch yet registered"); } } SetPolicyServer(POLICY_SERVER); if (ag != cf_keygen) { if (!MissingInputFile()) { bool check_promises = false; if (SHOWREPORTS) { check_promises = true; CfOut(cf_verbose, "", " -> Reports mode is enabled, force-validating policy"); } if (IsFileOutsideDefaultRepository(VINPUTFILE)) { check_promises = true; CfOut(cf_verbose, "", " -> Input file is outside default repository, validating it"); } if (NewPromiseProposals()) { check_promises = true; CfOut(cf_verbose, "", " -> Input file is changed since last validation, validating it"); } if (check_promises) { ok = CheckPromises(ag); if (BOOTSTRAP && !ok) { CfOut(cf_verbose, "", " -> Policy is not valid, but proceeding with bootstrap"); ok = true; } } else { CfOut(cf_verbose, "", " -> Policy is already validated"); ok = true; } } if (ok) { ReadPromises(ag,agents); } else { CfOut(cf_error,"","cf-agent was not able to get confirmation of promises from cf-promises, so going to failsafe\n"); snprintf(VINPUTFILE,CF_BUFSIZE-1,"failsafe.cf"); ReadPromises(ag,agents); } if (SHOWREPORTS) { CompilationReport(VINPUTFILE); } CheckLicenses(); } XML = 0; }
int CheckPromises(enum cfagenttype ag) { char cmd[CF_BUFSIZE], cfpromises[CF_MAXVARSIZE]; char filename[CF_MAXVARSIZE]; struct stat sb; int fd; if ((ag != cf_agent) && (ag != cf_executor) && (ag != cf_server)) { return true; } CfOut(cf_verbose,""," -> Verifying the syntax of the inputs...\n"); snprintf(cfpromises,sizeof(cfpromises),"%s%cbin%ccf-promises%s",CFWORKDIR,FILE_SEPARATOR,FILE_SEPARATOR,EXEC_SUFFIX); if (cfstat(cfpromises,&sb) == -1) { CfOut(cf_error,"","cf-promises%s needs to be installed in %s%cbin for pre-validation of full configuration",EXEC_SUFFIX,CFWORKDIR,FILE_SEPARATOR); return false; } /* If we are cf-agent, check syntax before attempting to run */ snprintf(cmd, sizeof(cmd), "\"%s\" -f \"", cfpromises); if (IsFileOutsideDefaultRepository(VINPUTFILE)) { strlcat(cmd, VINPUTFILE, CF_BUFSIZE); } else { strlcat(cmd, CFWORKDIR, CF_BUFSIZE); strlcat(cmd, FILE_SEPARATOR_STR "inputs" FILE_SEPARATOR_STR, CF_BUFSIZE); strlcat(cmd, VINPUTFILE, CF_BUFSIZE); } strlcat(cmd, "\"", CF_BUFSIZE); if (CBUNDLESEQUENCE) { strlcat(cmd, " -b \"", CF_BUFSIZE); strlcat(cmd, CBUNDLESEQUENCE_STR, CF_BUFSIZE); strlcat(cmd, "\"", CF_BUFSIZE); } if(BOOTSTRAP) { // avoids license complains from commercial cf-promises during bootstrap - see Nova_CheckLicensePromise strlcat(cmd, " -D bootstrap_mode", CF_BUFSIZE); } /* Check if reloading policy will succeed */ CfOut(cf_verbose, "", "Checking policy with command \"%s\"", cmd); if (ShellCommandReturnsZero(cmd,true)) { if (MINUSF) { snprintf(filename,CF_MAXVARSIZE,"%s/state/validated_%s",CFWORKDIR,CanonifyName(VINPUTFILE)); MapName(filename); } else { snprintf(filename,CF_MAXVARSIZE,"%s/masterfiles/cf_promises_validated",CFWORKDIR); MapName(filename); } MakeParentDirectory(filename,true); if ((fd = creat(filename,0600)) != -1) { close(fd); CfOut(cf_verbose,""," -> Caching the state of validation\n"); } else { CfOut(cf_verbose,"creat"," -> Failed to cache the state of validation\n"); } return true; } else { return false; } }