void GenericAgentDiscoverContext(EvalContext *ctx, GenericAgentConfig *config)
{
GenericAgentSetDefaultDigest(&CF_DEFAULT_DIGEST, &CF_DEFAULT_DIGEST_LEN);
GenericAgentInitialize(ctx, config);
time_t t = SetReferenceTime();
UpdateTimeClasses(ctx, t);
SanitizeEnvironment();
THIS_AGENT_TYPE = config->agent_type;
EvalContextClassPutHard(ctx, CF_AGENTTYPES[config->agent_type], "cfe_internal,source=agent");
DetectEnvironment(ctx);
EvalContextHeapPersistentLoadAll(ctx);
LoadSystemConstants(ctx);
if (config->agent_type == AGENT_TYPE_AGENT && config->agent_specific.agent.bootstrap_policy_server)
{
if (!RemoveAllExistingPolicyInInputs(GetInputDir()))
{
Log(LOG_LEVEL_ERR, "Error removing existing input files prior to bootstrap");
exit(EXIT_FAILURE);
}
if (!WriteBuiltinFailsafePolicy(GetInputDir()))
{
Log(LOG_LEVEL_ERR, "Error writing builtin failsafe to inputs prior to bootstrap");
exit(EXIT_FAILURE);
}
bool am_policy_server = false;
{
const char *canonified_bootstrap_policy_server = CanonifyName(config->agent_specific.agent.bootstrap_policy_server);
am_policy_server = NULL != EvalContextClassGet(ctx, NULL, canonified_bootstrap_policy_server);
{
char policy_server_ipv4_class[CF_BUFSIZE];
snprintf(policy_server_ipv4_class, CF_MAXVARSIZE, "ipv4_%s", canonified_bootstrap_policy_server);
am_policy_server |= NULL != EvalContextClassGet(ctx, NULL, policy_server_ipv4_class);
}
if (am_policy_server)
{
Log(LOG_LEVEL_INFO, "Assuming role as policy server, with policy distribution point at %s", GetMasterDir());
EvalContextClassPutHard(ctx, "am_policy_hub", "source=bootstrap");
if (!MasterfileExists(GetMasterDir()))
{
Log(LOG_LEVEL_ERR, "In order to bootstrap as a policy server, the file '%s/promises.cf' must exist.", GetMasterDir());
exit(EXIT_FAILURE);
}
}
else
{
Log(LOG_LEVEL_INFO, "Not assuming role as policy server");
}
WriteAmPolicyHubFile(CFWORKDIR, am_policy_server);
}
WritePolicyServerFile(GetWorkDir(), config->agent_specific.agent.bootstrap_policy_server);
SetPolicyServer(ctx, config->agent_specific.agent.bootstrap_policy_server);
/* FIXME: Why it is called here? Can't we move both invocations to before if? */
UpdateLastPolicyUpdateTime(ctx);
Log(LOG_LEVEL_INFO, "Bootstrapping to '%s'", POLICY_SERVER);
}
else
{
char *existing_policy_server = ReadPolicyServerFile(GetWorkDir());
if (existing_policy_server)
{
Log(LOG_LEVEL_VERBOSE, "This agent is bootstrapped to '%s'", existing_policy_server);
SetPolicyServer(ctx, existing_policy_server);
free(existing_policy_server);
UpdateLastPolicyUpdateTime(ctx);
}
else
{
Log(LOG_LEVEL_VERBOSE, "This agent is not bootstrapped");
return;
}
if (GetAmPolicyHub(GetWorkDir()))
{
EvalContextClassPutHard(ctx, "am_policy_hub", "source=bootstrap,deprecated,alias=policy_server");
Log(LOG_LEVEL_VERBOSE, "Additional class defined: am_policy_hub");
EvalContextClassPutHard(ctx, "policy_server", "inventory,attribute_name=CFEngine roles,source=bootstrap");
Log(LOG_LEVEL_VERBOSE, "Additional class defined: policy_server");
}
}
}
void GenericAgentDiscoverContext(EvalContext *ctx, GenericAgentConfig *config)
{
GenericAgentInitialize(ctx, config);
SetReferenceTime(ctx, true);
SetStartTime();
SanitizeEnvironment();
THIS_AGENT_TYPE = config->agent_type;
EvalContextHeapAddHard(ctx, CF_AGENTTYPES[config->agent_type]);
GenericAgentSetDefaultDigest(&CF_DEFAULT_DIGEST, &CF_DEFAULT_DIGEST_LEN);
GetNameInfo3(ctx, config->agent_type);
GetInterfacesInfo(ctx);
Get3Environment(ctx, config->agent_type);
BuiltinClasses(ctx);
OSClasses(ctx);
EvalContextHeapPersistentLoadAll(ctx);
LoadSystemConstants(ctx);
if (config->agent_type == AGENT_TYPE_AGENT && config->agent_specific.agent.bootstrap_policy_server)
{
if (!RemoveAllExistingPolicyInInputs(GetWorkDir()))
{
Log(LOG_LEVEL_ERR, "Error removing existing input files prior to bootstrap");
exit(EXIT_FAILURE);
}
if (!WriteBuiltinFailsafePolicy(GetWorkDir()))
{
Log(LOG_LEVEL_ERR, "Error writing builtin failsafe to inputs prior to bootstrap");
exit(EXIT_FAILURE);
}
bool am_policy_server = false;
{
const char *canonified_bootstrap_policy_server = CanonifyName(config->agent_specific.agent.bootstrap_policy_server);
am_policy_server = IsDefinedClass(ctx, canonified_bootstrap_policy_server, NULL);
{
char policy_server_ipv4_class[CF_BUFSIZE];
snprintf(policy_server_ipv4_class, CF_MAXVARSIZE, "ipv4_%s", canonified_bootstrap_policy_server);
am_policy_server |= IsDefinedClass(ctx, policy_server_ipv4_class, NULL);
}
if (am_policy_server)
{
Log(LOG_LEVEL_INFO, "Assuming role as policy server, with policy distribution point at %s/masterfiles", GetWorkDir());
EvalContextHeapAddHard(ctx, "am_policy_hub");
if (!MasterfileExists(GetWorkDir()))
{
Log(LOG_LEVEL_ERR, "In order to bootstrap as a policy server, the file '%s/masterfiles/promises.cf' must exist.", GetWorkDir());
exit(EXIT_FAILURE);
}
}
else
{
Log(LOG_LEVEL_INFO, "Not assuming role as policy server");
}
WriteAmPolicyHubFile(CFWORKDIR, am_policy_server);
}
WritePolicyServerFile(GetWorkDir(), config->agent_specific.agent.bootstrap_policy_server);
SetPolicyServer(ctx, config->agent_specific.agent.bootstrap_policy_server);
Log(LOG_LEVEL_INFO, "Bootstrapping to '%s'", POLICY_SERVER);
}
else
{
char *existing_policy_server = ReadPolicyServerFile(GetWorkDir());
if (existing_policy_server)
{
Log(LOG_LEVEL_VERBOSE, "This agent is bootstrapped to '%s'", existing_policy_server);
}
else
{
Log(LOG_LEVEL_VERBOSE, "This agent is not bootstrapped");
}
SetPolicyServer(ctx, existing_policy_server);
if (GetAmPolicyHub(GetWorkDir()))
{
EvalContextHeapAddHard(ctx, "am_policy_hub"); // DEPRECATED: use policy_server instead
Log(LOG_LEVEL_VERBOSE, "Additional class defined: am_policy_hub");
EvalContextHeapAddHard(ctx, "policy_server");
Log(LOG_LEVEL_VERBOSE, "Additional class defined: policy_server");
}
}
}
static void test_class_persistence(void)
{
EvalContext *ctx = EvalContextNew();
// simulate old version
{
CF_DB *dbp;
PersistentClassInfo i;
assert_true(OpenDB(&dbp, dbid_state));
i.expires = UINT_MAX;
i.policy = CONTEXT_STATE_POLICY_RESET;
WriteDB(dbp, "old", &i, sizeof(PersistentClassInfo));
CloseDB(dbp);
}
// e.g. by monitoring
EvalContextHeapPersistentSave(ctx, "class1", 3, CONTEXT_STATE_POLICY_PRESERVE, "a,b");
// e.g. by a class promise in a bundle with a namespace
{
Policy *p = PolicyNew();
Bundle *bp = PolicyAppendBundle(p, "ns1", "bundle1", "agent", NULL, NULL);
EvalContextStackPushBundleFrame(ctx, bp, NULL, false);
EvalContextHeapPersistentSave(ctx, "class2", 5, CONTEXT_STATE_POLICY_PRESERVE, "x");
EvalContextStackPopFrame(ctx);
PolicyDestroy(p);
}
EvalContextHeapPersistentLoadAll(ctx);
{
const Class *cls = EvalContextClassGet(ctx, "default", "old");
assert_true(cls != NULL);
assert_string_equal("old", cls->name);
assert_true(cls->tags != NULL);
assert_int_equal(1, StringSetSize(cls->tags));
assert_true(StringSetContains(cls->tags, "source=persistent"));
}
{
const Class *cls = EvalContextClassGet(ctx, "default", "class1");
assert_true(cls != NULL);
assert_string_equal("class1", cls->name);
assert_true(cls->tags != NULL);
assert_int_equal(3, StringSetSize(cls->tags));
assert_true(StringSetContains(cls->tags, "source=persistent"));
assert_true(StringSetContains(cls->tags, "a"));
assert_true(StringSetContains(cls->tags, "b"));
}
{
const Class *cls = EvalContextClassGet(ctx, "ns1", "class2");
assert_true(cls != NULL);
assert_string_equal("ns1", cls->ns);
assert_string_equal("class2", cls->name);
assert_true(cls->tags != NULL);
assert_int_equal(2, StringSetSize(cls->tags));
assert_true(StringSetContains(cls->tags, "source=persistent"));
assert_true(StringSetContains(cls->tags, "x"));
}
EvalContextDestroy(ctx);
}
void GenericAgentDiscoverContext(EvalContext *ctx, GenericAgentConfig *config)
{
strcpy(VPREFIX, "");
Log(LOG_LEVEL_VERBOSE, " %s", NameVersion());
Banner("Initialization preamble");
GenericAgentSetDefaultDigest(&CF_DEFAULT_DIGEST, &CF_DEFAULT_DIGEST_LEN);
GenericAgentInitialize(ctx, config);
time_t t = SetReferenceTime();
UpdateTimeClasses(ctx, t);
SanitizeEnvironment();
THIS_AGENT_TYPE = config->agent_type;
LoggingSetAgentType(CF_AGENTTYPES[config->agent_type]);
EvalContextClassPutHard(ctx, CF_AGENTTYPES[config->agent_type],
"cfe_internal,source=agent");
DetectEnvironment(ctx);
EvalContextHeapPersistentLoadAll(ctx);
LoadSystemConstants(ctx);
const char *bootstrap_arg =
config->agent_specific.agent.bootstrap_policy_server;
/* Are we bootstrapping the agent? */
if (config->agent_type == AGENT_TYPE_AGENT && bootstrap_arg != NULL)
{
EvalContextClassPutHard(ctx, "bootstrap_mode", "source=environment");
if (!RemoveAllExistingPolicyInInputs(GetInputDir()))
{
Log(LOG_LEVEL_ERR,
"Error removing existing input files prior to bootstrap");
exit(EXIT_FAILURE);
}
if (!WriteBuiltinFailsafePolicy(GetInputDir()))
{
Log(LOG_LEVEL_ERR,
"Error writing builtin failsafe to inputs prior to bootstrap");
exit(EXIT_FAILURE);
}
char canonified_ipaddr[strlen(bootstrap_arg) + 1];
StringCanonify(canonified_ipaddr, bootstrap_arg);
bool am_policy_server =
EvalContextClassGet(ctx, NULL, canonified_ipaddr) != NULL;
if (am_policy_server)
{
Log(LOG_LEVEL_INFO, "Assuming role as policy server,"
" with policy distribution point at: %s", GetMasterDir());
MarkAsPolicyServer(ctx);
if (!MasterfileExists(GetMasterDir()))
{
Log(LOG_LEVEL_ERR, "In order to bootstrap as a policy server,"
" the file '%s/promises.cf' must exist.", GetMasterDir());
exit(EXIT_FAILURE);
}
CheckAndSetHAState(GetWorkDir(), ctx);
}
else
{
Log(LOG_LEVEL_INFO, "Assuming role as regular client,"
" bootstrapping to policy server: %s", bootstrap_arg);
if (config->agent_specific.agent.bootstrap_trust_server)
{
EvalContextClassPutHard(ctx, "trust_server", "source=agent");
Log(LOG_LEVEL_NOTICE,
"Bootstrap mode: implicitly trusting server, "
"use --trust-server=no if server trust is already established");
}
}
WriteAmPolicyHubFile(am_policy_server);
WritePolicyServerFile(GetWorkDir(), bootstrap_arg);
SetPolicyServer(ctx, bootstrap_arg);
/* FIXME: Why it is called here? Can't we move both invocations to before if? */
UpdateLastPolicyUpdateTime(ctx);
}
else
{
char *existing_policy_server = ReadPolicyServerFile(GetWorkDir());
if (existing_policy_server)
{
Log(LOG_LEVEL_VERBOSE, "This agent is bootstrapped to: %s",
existing_policy_server);
SetPolicyServer(ctx, existing_policy_server);
free(existing_policy_server);
UpdateLastPolicyUpdateTime(ctx);
}
else
{
Log(LOG_LEVEL_VERBOSE, "This agent is not bootstrapped -"
" can't find policy_server.dat in: %s", GetWorkDir());
return;
}
if (GetAmPolicyHub())
{
MarkAsPolicyServer(ctx);
/* Should this go in MarkAsPolicyServer() ? */
CheckAndSetHAState(GetWorkDir(), ctx);
}
}
}
static Item *MonReSample(EvalContext *ctx, int slot, Attributes a, const Promise *pp, PromiseResult *result)
{
CfLock thislock;
char eventname[CF_BUFSIZE];
char comm[20];
struct timespec start;
FILE *fin = NULL;
mode_t maskval = 0;
if (a.measure.stream_type && strcmp(a.measure.stream_type, "pipe") == 0)
{
if (!IsExecutable(CommandArg0(pp->promiser)))
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "%s promises to be executable but isn't\n", pp->promiser);
*result = PromiseResultUpdate(*result, PROMISE_RESULT_FAIL);
return NULL;
}
else
{
Log(LOG_LEVEL_VERBOSE, "Promiser string contains a valid executable (%s) - ok", CommandArg0(pp->promiser));
}
}
TransactionContext tc =
{
.expireafter = a.transaction.expireafter,
.ifelapsed = MONITOR_RESTARTED ? 0 : a.transaction.ifelapsed, // Force a measurement if restarted
};
CFSTARTTIME = time(NULL);
thislock = AcquireLock(ctx, pp->promiser, VUQNAME, CFSTARTTIME, tc, pp, false);
if (thislock.lock == NULL)
{
if (a.measure.history_type && (strcmp(a.measure.history_type, "log") == 0))
{
DeleteItemList(ENTERPRISE_DATA[slot].output);
ENTERPRISE_DATA[slot].output = NULL;
}
else
{
/* If static or time-series, and too soon or busy then use a cached value
to avoid artificial gaps in the history */
}
MONITOR_RESTARTED = false;
return ENTERPRISE_DATA[slot].output;
}
else
{
DeleteItemList(ENTERPRISE_DATA[slot].output);
ENTERPRISE_DATA[slot].output = NULL;
Log(LOG_LEVEL_INFO, "Sampling \'%s\' ...(timeout=%d,owner=%ju,group=%ju)", pp->promiser, a.contain.timeout,
(uintmax_t)a.contain.owner, (uintmax_t)a.contain.group);
start = BeginMeasure();
CommandPrefix(pp->promiser, comm);
if (a.contain.timeout != 0)
{
SetTimeOut(a.contain.timeout);
}
/* Stream types */
if (a.measure.stream_type && strcmp(a.measure.stream_type, "file") == 0)
{
long filepos = 0;
struct stat sb;
Log(LOG_LEVEL_VERBOSE, "Stream \"%s\" is a plain file", pp->promiser);
if (stat(pp->promiser, &sb) == -1)
{
Log(LOG_LEVEL_INFO, "Unable to find stream '%s'. (stat: %s)", pp->promiser, GetErrorStr());
YieldCurrentLock(thislock);
MONITOR_RESTARTED = false;
return NULL;
}
fin = safe_fopen(pp->promiser, "r");
if (a.measure.growing)
{
filepos = Mon_RestoreFilePosition(pp->promiser);
if (sb.st_size >= filepos)
{
fseek(fin, filepos, SEEK_SET);
}
}
}
else if (a.measure.stream_type && strcmp(a.measure.stream_type, "pipe") == 0)
{
Log(LOG_LEVEL_VERBOSE, "(Setting pipe umask to %jo)", (uintmax_t)a.contain.umask);
maskval = umask(a.contain.umask);
if (a.contain.umask == 0)
{
Log(LOG_LEVEL_VERBOSE, "Programming %s running with umask 0! Use umask= to set", pp->promiser);
}
// Mark: This is strange that we used these wrappers. Currently no way of setting these
a.contain.owner = -1;
a.contain.group = -1;
a.contain.chdir = NULL;
a.contain.chroot = NULL;
// Mark: they were unset, and would fail for non-root(!)
if (a.contain.shelltype == SHELL_TYPE_POWERSHELL)
{
#ifdef __MINGW32__
fin =
cf_popen_powershell_setuid(pp->promiser, "r", a.contain.owner, a.contain.group, a.contain.chdir,
a.contain.chroot, false);
#else // !__MINGW32__
Log(LOG_LEVEL_ERR, "Powershell is only supported on Windows");
YieldCurrentLock(thislock);
MONITOR_RESTARTED = false;
return NULL;
#endif // !__MINGW32__
}
else if (a.contain.shelltype == SHELL_TYPE_USE)
{
fin = cf_popen_shsetuid(pp->promiser, "r", a.contain.owner, a.contain.group, a.contain.chdir, a.contain.chroot, false);
}
else
{
fin =
cf_popensetuid(pp->promiser, "r", a.contain.owner, a.contain.group, a.contain.chdir,
a.contain.chroot, false);
}
}
/* generic file stream */
if (fin == NULL)
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a,
"Couldn't open pipe to command '%s'. (cf_popen: %s)", pp->promiser, GetErrorStr());
*result = PromiseResultUpdate(*result, PROMISE_RESULT_FAIL);
YieldCurrentLock(thislock);
MONITOR_RESTARTED = false;
return ENTERPRISE_DATA[slot].output;
}
size_t line_size = CF_BUFSIZE;
char *line = xmalloc(line_size);
for (;;)
{
ssize_t res = CfReadLine(&line, &line_size, fin);
if (res == -1)
{
if (!feof(fin))
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_TIMEOUT, pp, a, "Sample stream '%s'. (fread: %s)",
pp->promiser, GetErrorStr());
*result = PromiseResultUpdate(*result, PROMISE_RESULT_TIMEOUT);
YieldCurrentLock(thislock);
free(line);
return ENTERPRISE_DATA[slot].output;
}
else
{
break;
}
}
AppendItem(&(ENTERPRISE_DATA[slot].output), line, NULL);
}
free(line);
if (a.measure.stream_type && strcmp(a.measure.stream_type, "file") == 0)
{
long fileptr = ftell(fin);
fclose(fin);
Mon_SaveFilePosition(pp->promiser, fileptr);
}
else if (a.measure.stream_type && strcmp(a.measure.stream_type, "pipe") == 0)
{
cf_pclose(fin);
}
}
if (a.contain.timeout != 0)
{
alarm(0);
signal(SIGALRM, SIG_DFL);
}
Log(LOG_LEVEL_INFO, "Collected sample of %s", pp->promiser);
umask(maskval);
YieldCurrentLock(thislock);
MONITOR_RESTARTED = false;
snprintf(eventname, CF_BUFSIZE - 1, "Sample(%s)", pp->promiser);
EndMeasure(eventname, start);
return ENTERPRISE_DATA[slot].output;
}
/************************************************************************************/
void HistoryUpdate(EvalContext *ctx, Averages newvals)
{
CfLock thislock;
time_t now = time(NULL);
/* We do this only once per hour - this should not be changed */
Log(LOG_LEVEL_VERBOSE, "(Updating long-term history database)");
Policy *history_db_policy = PolicyNew();
Promise *pp = NULL;
Bundle *bp = PolicyAppendBundle(history_db_policy, NamespaceDefault(), "history_db_bundle", "agent", NULL, NULL);
PromiseType *tp = BundleAppendPromiseType(bp, "history_db");
pp = PromiseTypeAppendPromise(tp, "the long term memory", (Rval) { NULL, RVAL_TYPE_NOPROMISEE }, NULL);
assert(pp);
TransactionContext tc =
{
.expireafter = 0,
.ifelapsed = 59
};
thislock = AcquireLock(ctx, pp->promiser, VUQNAME, now, tc, pp, false);
if (thislock.lock == NULL)
{
PolicyDestroy(history_db_policy);
return;
}
/* Refresh the class context of the agent */
EvalContextClear(ctx);
DetectEnvironment(ctx);
time_t t = SetReferenceTime();
UpdateTimeClasses(ctx, t);
EvalContextHeapPersistentLoadAll(ctx);
LoadSystemConstants(ctx);
YieldCurrentLock(thislock);
PolicyDestroy(history_db_policy);
Mon_HistoryUpdate(CFSTARTTIME, &newvals);
Mon_DumpSlowlyVaryingObservations();
}
/************************************************************************************/
static Item *MonGetMeasurementStream(EvalContext *ctx, Attributes a, const Promise *pp, PromiseResult *result)
{
int i;
for (i = 0; i < CF_DUNBAR_WORK; i++)
{
if (ENTERPRISE_DATA[i].path == NULL)
{
break;
}
if (strcmp(ENTERPRISE_DATA[i].path, pp->promiser) == 0)
{
ENTERPRISE_DATA[i].output = MonReSample(ctx, i, a, pp, result);
return ENTERPRISE_DATA[i].output;
}
}
ENTERPRISE_DATA[i].path = xstrdup(pp->promiser);
ENTERPRISE_DATA[i].output = MonReSample(ctx, i, a, pp, result);
return ENTERPRISE_DATA[i].output;
}
