static void SendClassData(AgentConnection *conn)
{
Rlist *classes, *rp;
classes = RlistFromSplitRegex(SENDCLASSES, "[,: ]", 99, false);
for (rp = classes; rp != NULL; rp = rp->next)
{
if (SendTransaction(conn->conn_info, RlistScalarValue(rp), 0, CF_DONE) == -1)
{
Log(LOG_LEVEL_ERR, "Transaction failed. (send: %s)", GetErrorStr());
return;
}
}
if (SendTransaction(conn->conn_info, CFD_TERMINATOR, 0, CF_DONE) == -1)
{
Log(LOG_LEVEL_ERR, "Transaction failed. (send: %s)", GetErrorStr());
return;
}
}
static void SendClassData(AgentConnection *conn)
{
Rlist *classes, *rp;
char sendbuffer[CF_BUFSIZE];
classes = RlistFromSplitRegex(SENDCLASSES, "[,: ]", 99, false);
for (rp = classes; rp != NULL; rp = rp->next)
{
if (SendTransaction(conn->sd, rp->item, 0, CF_DONE) == -1)
{
CfOut(OUTPUT_LEVEL_ERROR, "send", "Transaction failed");
return;
}
}
snprintf(sendbuffer, CF_MAXVARSIZE, "%s", CFD_TERMINATOR);
if (SendTransaction(conn->sd, sendbuffer, 0, CF_DONE) == -1)
{
CfOut(OUTPUT_LEVEL_ERROR, "send", "Transaction failed");
return;
}
}
static void SendClassData(AgentConnection *conn)
{
Rlist *classes, *rp;
char sendbuffer[CF_BUFSIZE];
classes = RlistFromSplitRegex(SENDCLASSES, "[,: ]", 99, false);
for (rp = classes; rp != NULL; rp = rp->next)
{
if (SendTransaction(&conn->conn_info, RlistScalarValue(rp), 0, CF_DONE) == -1)
{
Log(LOG_LEVEL_ERR, "Transaction failed. (send: %s)", GetErrorStr());
return;
}
}
snprintf(sendbuffer, CF_MAXVARSIZE, "%s", CFD_TERMINATOR);
if (SendTransaction(&conn->conn_info, sendbuffer, 0, CF_DONE) == -1)
{
Log(LOG_LEVEL_ERR, "Transaction failed. (send: %s)", GetErrorStr());
return;
}
}
static int AuthorizeRoles(EvalContext *ctx, ServerConnectionState *conn, char *args)
{
char *sp;
Auth *ap;
char userid1[CF_MAXVARSIZE], userid2[CF_MAXVARSIZE];
Rlist *rp, *defines = NULL;
int permitted = false;
snprintf(userid1, CF_MAXVARSIZE, "%s@%s", conn->username, conn->hostname);
snprintf(userid2, CF_MAXVARSIZE, "%s@%s", conn->username, conn->ipaddr);
Log(LOG_LEVEL_VERBOSE, "Checking authorized roles in %s", args);
if (strncmp(args, "--define", strlen("--define")) == 0)
{
sp = args + strlen("--define");
}
else
{
sp = args + strlen("-D");
}
while (*sp == ' ')
{
sp++;
}
defines = RlistFromSplitRegex(ctx, sp, "[,:;]", 99, false);
/* For each user-defined class attempt, check RBAC */
for (rp = defines; rp != NULL; rp = rp->next)
{
Log(LOG_LEVEL_VERBOSE, "Verifying %s", RlistScalarValue(rp));
for (ap = SV.roles; ap != NULL; ap = ap->next)
{
if (FullTextMatch(ctx, ap->path, RlistScalarValue(rp)))
{
/* We have a pattern covering this class - so are we allowed to activate it? */
if ((IsMatchItemIn(ctx, ap->accesslist, MapAddress(conn->ipaddr))) ||
(IsRegexItemIn(ctx, ap->accesslist, conn->hostname)) ||
(IsRegexItemIn(ctx, ap->accesslist, userid1)) ||
(IsRegexItemIn(ctx, ap->accesslist, userid2)) ||
(IsRegexItemIn(ctx, ap->accesslist, conn->username)))
{
Log(LOG_LEVEL_VERBOSE, "Attempt to define role/class %s is permitted", RlistScalarValue(rp));
permitted = true;
}
else
{
Log(LOG_LEVEL_VERBOSE, "Attempt to define role/class %s is denied", RlistScalarValue(rp));
RlistDestroy(defines);
return false;
}
}
}
}
if (permitted)
{
Log(LOG_LEVEL_VERBOSE, "Role activation allowed");
}
else
{
Log(LOG_LEVEL_VERBOSE, "Role activation disallowed - abort execution");
}
RlistDestroy(defines);
return permitted;
}