int LoadProcessTable(EvalContext *ctx, Item **procdata)
{
FILE *prp;
char pscomm[CF_MAXLINKSIZE], vbuff[CF_BUFSIZE], *sp;
Item *rootprocs = NULL;
Item *otherprocs = NULL;
if (PROCESSTABLE)
{
Log(LOG_LEVEL_VERBOSE, "Reusing cached process table");
return true;
}
const char *psopts = GetProcessOptions();
snprintf(pscomm, CF_MAXLINKSIZE, "%s %s", VPSCOMM[VSYSTEMHARDCLASS], psopts);
Log(LOG_LEVEL_VERBOSE, "Observe process table with %s", pscomm);
if ((prp = cf_popen(pscomm, "r", false)) == NULL)
{
Log(LOG_LEVEL_ERR, "Couldn't open the process list with command '%s'. (popen: %s)", pscomm, GetErrorStr());
return false;
}
for (;;)
{
ssize_t res = CfReadLine(vbuff, CF_BUFSIZE, prp);
if (res == 0)
{
break;
}
if (res == -1)
{
Log(LOG_LEVEL_ERR, "Unable to read process list with command '%s'. (fread: %s)", pscomm, GetErrorStr());
cf_pclose(prp);
return false;
}
for (sp = vbuff + strlen(vbuff) - 1; (sp > vbuff) && (isspace((int)*sp)); sp--)
{
*sp = '\0';
}
if (ForeignZone(vbuff))
{
continue;
}
AppendItem(procdata, vbuff, "");
}
cf_pclose(prp);
/* Now save the data */
snprintf(vbuff, CF_MAXVARSIZE, "%s/state/cf_procs", CFWORKDIR);
RawSaveItemList(*procdata, vbuff);
CopyList(&rootprocs, *procdata);
CopyList(&otherprocs, *procdata);
while (DeleteItemNotContaining(ctx, &rootprocs, "root"))
{
}
while (DeleteItemContaining(ctx, &otherprocs, "root"))
{
}
if (otherprocs)
{
PrependItem(&rootprocs, otherprocs->name, NULL);
}
snprintf(vbuff, CF_MAXVARSIZE, "%s/state/cf_rootprocs", CFWORKDIR);
RawSaveItemList(rootprocs, vbuff);
DeleteItemList(rootprocs);
snprintf(vbuff, CF_MAXVARSIZE, "%s/state/cf_otherprocs", CFWORKDIR);
RawSaveItemList(otherprocs, vbuff);
DeleteItemList(otherprocs);
return true;
}
int LoadMountInfo(Rlist **list)
/* This is, in fact, the most portable way to read the mount info! */
/* Depressing, isn't it? */
{
FILE *pp;
char buf1[CF_BUFSIZE], buf2[CF_BUFSIZE], buf3[CF_BUFSIZE];
char host[CF_MAXVARSIZE], source[CF_BUFSIZE], mounton[CF_BUFSIZE], vbuff[CF_BUFSIZE];
int i, nfs = false;
for (i = 0; VMOUNTCOMM[VSYSTEMHARDCLASS][i] != ' '; i++)
{
buf1[i] = VMOUNTCOMM[VSYSTEMHARDCLASS][i];
}
buf1[i] = '\0';
SetTimeOut(RPCTIMEOUT);
if ((pp = cf_popen(buf1, "r")) == NULL)
{
CfOut(cf_error, "cf_popen", "Can't open %s\n", buf1);
return false;
}
do
{
vbuff[0] = buf1[0] = buf2[0] = buf3[0] = source[0] = '\0';
if (ferror(pp)) /* abortable */
{
CfOut(cf_error, "ferror", "Error getting mount info\n");
break;
}
if (CfReadLine(vbuff, CF_BUFSIZE, pp) == -1)
{
FatalError("Error in CfReadLine");
}
if (ferror(pp)) /* abortable */
{
CfOut(cf_error, "ferror", "Error getting mount info\n");
break;
}
if (strstr(vbuff, "nfs"))
{
nfs = true;
}
sscanf(vbuff, "%s%s%s", buf1, buf2, buf3);
if ((vbuff[0] == '\0') || (vbuff[0] == '\n'))
{
break;
}
if (strstr(vbuff, "not responding"))
{
CfOut(cf_error, "", "%s\n", vbuff);
}
if (strstr(vbuff, "be root"))
{
CfOut(cf_error, "", "Mount access is denied. You must be root.\n");
CfOut(cf_error, "", "Use the -n option to run safely.");
}
if ((strstr(vbuff, "retrying")) || (strstr(vbuff, "denied")) || (strstr(vbuff, "backgrounding")))
{
continue;
}
if ((strstr(vbuff, "exceeded")) || (strstr(vbuff, "busy")))
{
continue;
}
if (strstr(vbuff, "RPC"))
{
CfOut(cf_inform, "", "There was an RPC timeout. Aborting mount operations.\n");
CfOut(cf_inform, "", "Session failed while trying to talk to remote host\n");
CfOut(cf_inform, "", "%s\n", vbuff);
cf_pclose(pp);
return false;
}
#if defined(__sun) || defined(__hpux)
if (IsAbsoluteFileName(buf3))
{
strcpy(host, "localhost");
strcpy(mounton, buf1);
}
else
{
sscanf(buf1, "%[^:]:%s", host, source);
strcpy(mounton, buf1);
}
#elif defined(_AIX)
/* skip header */
if (IsAbsoluteFileName(buf1))
{
strcpy(host, "localhost");
strcpy(mounton, buf2);
}
else
{
strcpy(host, buf1);
strcpy(source, buf1);
strcpy(mounton, buf3);
}
#elif defined(__CYGWIN__)
strcpy(mounton, buf2);
strcpy(host, buf1);
#elif defined(sco) || defined(__SCO_DS)
CfOut(cf_error, "", "Don't understand SCO mount format, no data");
#else
if (IsAbsoluteFileName(buf1))
{
strcpy(host, "localhost");
strcpy(mounton, buf3);
}
else
{
sscanf(buf1, "%[^:]:%s", host, source);
strcpy(mounton, buf3);
}
#endif
CfDebug("GOT: host=%s, source=%s, mounton=%s\n", host, source, mounton);
if (nfs)
{
AugmentMountInfo(list, host, source, mounton, "nfs");
}
else
{
AugmentMountInfo(list, host, source, mounton, NULL);
}
}
while (!feof(pp));
alarm(0);
signal(SIGALRM, SIG_DFL);
cf_pclose(pp);
return true;
}
void MonNetworkGatherData(double *cf_this)
{
FILE *pp;
char local[CF_BUFSIZE], remote[CF_BUFSIZE], comm[CF_BUFSIZE];
Item *in[ATTR], *out[ATTR];
char *sp;
int i;
char vbuff[CF_BUFSIZE];
enum cf_netstat_type { cfn_new, cfn_old } type = cfn_new;
enum cf_packet_type { cfn_udp4, cfn_udp6, cfn_tcp4, cfn_tcp6} packet = cfn_tcp4;
CfDebug("GatherSocketData()\n");
for (i = 0; i < ATTR; i++)
{
in[i] = out[i] = NULL;
}
DeleteItemList(ALL_INCOMING);
ALL_INCOMING = NULL;
sscanf(VNETSTAT[VSYSTEMHARDCLASS], "%s", comm);
strcat(comm, " -an");
if ((pp = cf_popen(comm, "r")) == NULL)
{
return;
}
while (!feof(pp))
{
memset(local, 0, CF_BUFSIZE);
memset(remote, 0, CF_BUFSIZE);
if (CfReadLine(vbuff, CF_BUFSIZE, pp) == -1)
{
FatalError("Error in CfReadLine");
}
if (strstr(vbuff, "UNIX"))
{
break;
}
if (!((strstr(vbuff, ":")) || (strstr(vbuff, "."))))
{
continue;
}
/* Different formats here ... ugh.. pick a model */
// If this is old style, we look for chapter headings, e.g. "TCP: IPv4"
if ((strncmp(vbuff,"UDP:",4) == 0) && (strstr(vbuff+4,"6")))
{
packet = cfn_udp6;
type = cfn_old;
continue;
}
else if ((strncmp(vbuff,"TCP:",4) == 0) && (strstr(vbuff+4,"6")))
{
packet = cfn_tcp6;
type = cfn_old;
continue;
}
else if ((strncmp(vbuff,"UDP:",4) == 0) && (strstr(vbuff+4,"4")))
{
packet = cfn_udp4;
type = cfn_old;
continue;
}
else if ((strncmp(vbuff,"TCP:",4) == 0) && (strstr(vbuff+4,"4")))
{
packet = cfn_tcp4;
type = cfn_old;
continue;
}
// Line by line state in modern/linux output
if (strncmp(vbuff,"udp6",4) == 0)
{
packet = cfn_udp6;
type = cfn_new;
}
else if (strncmp(vbuff,"tcp6",4) == 0)
{
packet = cfn_tcp6;
type = cfn_new;
}
else if (strncmp(vbuff,"udp",3) == 0)
{
packet = cfn_udp4;
type = cfn_new;
}
else if (strncmp(vbuff,"tcp",3) == 0)
{
packet = cfn_tcp4;
type = cfn_new;
}
// End extract type
switch (type)
{
case cfn_new: sscanf(vbuff, "%*s %*s %*s %s %s", local, remote); /* linux-like */
break;
case cfn_old:
sscanf(vbuff, "%s %s", local, remote);
break;
}
if (strlen(local) == 0)
{
continue;
}
// Extract the port number from the end of the string
for (sp = local + strlen(local); (*sp != '.') && (*sp != ':') && (sp > local); sp--)
{
}
*sp = '\0'; // Separate address from port number
sp++;
char *localport = sp;
if (strstr(vbuff, "LISTEN"))
{
// General bucket
IdempPrependItem(&ALL_INCOMING, sp, NULL);
// Categories the incoming ports by packet types
switch (packet)
{
case cfn_udp4:
IdempPrependItem(&MON_UDP4, sp, local);
break;
case cfn_udp6:
IdempPrependItem(&MON_UDP6, sp, local);
break;
case cfn_tcp4:
IdempPrependItem(&MON_TCP4, localport, local);
break;
case cfn_tcp6:
IdempPrependItem(&MON_TCP6, localport, local);
break;
default:
break;
}
}
// Now look at outgoing
for (sp = remote + strlen(remote) - 1; (sp >= remote) && (isdigit((int) *sp)); sp--)
{
}
sp++;
char *remoteport = sp;
// Now look for the specific vital signs to count frequencies
for (i = 0; i < ATTR; i++)
{
if (strcmp(localport, ECGSOCKS[i].portnr) == 0)
{
cf_this[ECGSOCKS[i].in]++;
AppendItem(&in[i], vbuff, "");
}
if (strcmp(remoteport, ECGSOCKS[i].portnr) == 0)
{
cf_this[ECGSOCKS[i].out]++;
AppendItem(&out[i], vbuff, "");
}
}
}
cf_pclose(pp);
/* Now save the state for ShowState()
the state is not smaller than the last or at least 40 minutes
older. This mirrors the persistence of the maxima classes */
for (i = 0; i < ATTR; i++)
{
struct stat statbuf;
time_t now = time(NULL);
CfDebug("save incoming %s\n", ECGSOCKS[i].name);
snprintf(vbuff, CF_MAXVARSIZE, "%s/state/cf_incoming.%s", CFWORKDIR, ECGSOCKS[i].name);
if (cfstat(vbuff, &statbuf) != -1)
{
if ((ByteSizeList(in[i]) < statbuf.st_size) && (now < statbuf.st_mtime + 40 * 60))
{
CfOut(OUTPUT_LEVEL_VERBOSE, "", "New state %s is smaller, retaining old for 40 mins longer\n", ECGSOCKS[i].name);
DeleteItemList(in[i]);
continue;
}
}
SetNetworkEntropyClasses(CanonifyName(ECGSOCKS[i].name), "in", in[i]);
RawSaveItemList(in[i], vbuff);
DeleteItemList(in[i]);
CfDebug("Saved in netstat data in %s\n", vbuff);
}
for (i = 0; i < ATTR; i++)
{
struct stat statbuf;
time_t now = time(NULL);
CfDebug("save outgoing %s\n", ECGSOCKS[i].name);
snprintf(vbuff, CF_MAXVARSIZE, "%s/state/cf_outgoing.%s", CFWORKDIR, ECGSOCKS[i].name);
if (cfstat(vbuff, &statbuf) != -1)
{
if ((ByteSizeList(out[i]) < statbuf.st_size) && (now < statbuf.st_mtime + 40 * 60))
{
CfOut(OUTPUT_LEVEL_VERBOSE, "", "New state %s is smaller, retaining old for 40 mins longer\n", ECGSOCKS[i].name);
DeleteItemList(out[i]);
continue;
}
}
SetNetworkEntropyClasses(CanonifyName(ECGSOCKS[i].name), "out", out[i]);
RawSaveItemList(out[i], vbuff);
CfDebug("Saved out netstat data in %s\n", vbuff);
DeleteItemList(out[i]);
}
}
GenericAgentConfig *CheckOpts(int argc, char **argv)
{
extern char *optarg;
char ld_library_path[CF_BUFSIZE];
int optindex = 0;
int c;
GenericAgentConfig *config = GenericAgentConfigNewDefault(AGENT_TYPE_SERVER);
while ((c = getopt_long(argc, argv, "dvIKf:D:N:VSxLFMhAlC::", OPTIONS, &optindex)) != EOF)
{
switch ((char) c)
{
case 'l':
LEGACY_OUTPUT = true;
break;
case 'f':
if (optarg && (strlen(optarg) < 5))
{
Log(LOG_LEVEL_ERR, " -f used but argument '%s' incorrect", optarg);
exit(EXIT_FAILURE);
}
GenericAgentConfigSetInputFile(config, GetWorkDir(), optarg);
MINUSF = true;
break;
case 'd':
LogSetGlobalLevel(LOG_LEVEL_DEBUG);
NO_FORK = true;
case 'K':
IGNORELOCK = true;
break;
case 'D':
config->heap_soft = StringSetFromString(optarg, ',');
break;
case 'N':
config->heap_negated = StringSetFromString(optarg, ',');
break;
case 'I':
LogSetGlobalLevel(LOG_LEVEL_INFO);
break;
case 'v':
LogSetGlobalLevel(LOG_LEVEL_VERBOSE);
NO_FORK = true;
break;
case 'F':
NO_FORK = true;
break;
case 'L':
Log(LOG_LEVEL_VERBOSE, "Setting LD_LIBRARY_PATH to '%s'", optarg);
snprintf(ld_library_path, CF_BUFSIZE - 1, "LD_LIBRARY_PATH=%s", optarg);
putenv(ld_library_path);
break;
case 'V':
{
Writer *w = FileWriter(stdout);
GenericAgentWriteVersion(w);
FileWriterDetach(w);
}
exit(0);
case 'h':
{
Writer *w = FileWriter(stdout);
GenericAgentWriteHelp(w, "cf-serverd", OPTIONS, HINTS, true);
FileWriterDetach(w);
}
exit(0);
case 'M':
{
Writer *out = FileWriter(stdout);
ManPageWrite(out, "cf-serverd", time(NULL),
CF_SERVERD_SHORT_DESCRIPTION,
CF_SERVERD_MANPAGE_LONG_DESCRIPTION,
OPTIONS, HINTS,
true);
FileWriterDetach(out);
exit(EXIT_SUCCESS);
}
case 'x':
Log(LOG_LEVEL_ERR, "Self-diagnostic functionality is retired.");
exit(0);
case 'A':
#ifdef HAVE_AVAHI_CLIENT_CLIENT_H
#ifdef HAVE_AVAHI_COMMON_ADDRESS_H
Log(LOG_LEVEL_NOTICE, "Generating Avahi configuration file.");
if (GenerateAvahiConfig("/etc/avahi/services/cfengine-hub.service") != 0)
{
exit(1);
}
cf_popen("/etc/init.d/avahi-daemon restart", "r", true);
Log(LOG_LEVEL_NOTICE, "Avahi configuration file generated successfuly.");
exit(0);
#endif
#endif
Log(LOG_LEVEL_ERR, "Generating avahi configuration can only be done when avahi-daemon and libavahi are installed on the machine.");
exit(0);
case 'C':
if (!GenericAgentConfigParseColor(config, optarg))
{
exit(EXIT_FAILURE);
}
break;
default:
{
Writer *w = FileWriter(stdout);
GenericAgentWriteHelp(w, "cf-serverd", OPTIONS, HINTS, true);
FileWriterDetach(w);
}
exit(1);
}
}
if (!GenericAgentConfigParseArguments(config, argc - optind, argv + optind))
{
Log(LOG_LEVEL_ERR, "Too many arguments");
exit(EXIT_FAILURE);
}
return config;
}
/* Load processes using zone-aware ps
* to obtain solaris list of global
* process ids for root and non-root
* users to lookup later */
int ZLoadProcesstable(Seq *pidlist, Seq *rootpidlist)
{
char *names[CF_PROCCOLS];
int start[CF_PROCCOLS];
int end[CF_PROCCOLS];
int index = 0;
const char *pscmd = "/usr/bin/ps -Aleo zone,user,pid";
FILE *psf = cf_popen(pscmd, "r", false);
if (psf == NULL)
{
Log(LOG_LEVEL_ERR, "ZLoadProcesstable: Couldn't open the process list with command %s.", pscmd);
return false;
}
size_t pbuff_size = CF_BUFSIZE;
char *pbuff = xmalloc(pbuff_size);
while (true)
{
ssize_t res = CfReadLine(&pbuff, &pbuff_size, psf);
if (res == -1)
{
if (!feof(psf))
{
Log(LOG_LEVEL_ERR, "IsGlobalProcess(char **, int): Unable to read process list with command '%s'. (fread: %s)", pscmd, GetErrorStr());
cf_pclose(psf);
free(pbuff);
return false;
}
else
{
break;
}
}
Chop(pbuff, pbuff_size);
if (strstr(pbuff, "PID")) /*this is the banner*/
{
GetProcessColumnNames(pbuff, &names[0], start, end);
}
else
{
int pid = ExtractPid(pbuff, &names[0], end);
size_t zone_offset = strspn(pbuff, " ");
size_t zone_end_offset = strcspn(pbuff + zone_offset, " ") + zone_offset;
size_t user_offset = strspn(pbuff + zone_end_offset, " ") + zone_end_offset;
size_t user_end_offset = strcspn(pbuff + user_offset, " ") + user_offset;
bool is_global = (zone_end_offset - zone_offset == 6
&& strncmp(pbuff + zone_offset, "global", 6) == 0);
bool is_root = (user_end_offset - user_offset == 4
&& strncmp(pbuff + user_offset, "root", 4) == 0);
if (is_global && is_root)
{
SeqAppend(rootpidlist, (void*)(intptr_t)pid);
}
else if (is_global && !is_root)
{
SeqAppend(pidlist, (void*)(intptr_t)pid);
}
}
}
cf_pclose(psf);
free(pbuff);
return true;
}
int Unix_LoadProcessTable(Item **procdata)
{
FILE *prp;
char pscomm[CF_MAXLINKSIZE], vbuff[CF_BUFSIZE], *sp;
Item *rootprocs = NULL;
Item *otherprocs = NULL;
const char *psopts = GetProcessOptions();
snprintf(pscomm, CF_MAXLINKSIZE, "%s %s", VPSCOMM[VSYSTEMHARDCLASS], psopts);
CfOut(cf_verbose, "", "Observe process table with %s\n", pscomm);
if ((prp = cf_popen(pscomm, "r")) == NULL)
{
CfOut(cf_error, "popen", "Couldn't open the process list with command %s\n", pscomm);
return false;
}
while (!feof(prp))
{
memset(vbuff, 0, CF_BUFSIZE);
CfReadLine(vbuff, CF_BUFSIZE, prp);
for (sp = vbuff + strlen(vbuff) - 1; sp > vbuff && isspace(*sp); sp--)
{
*sp = '\0';
}
if (ForeignZone(vbuff))
{
continue;
}
AppendItem(procdata, vbuff, "");
}
cf_pclose(prp);
/* Now save the data */
snprintf(vbuff, CF_MAXVARSIZE, "%s/state/cf_procs", CFWORKDIR);
RawSaveItemList(*procdata, vbuff);
CopyList(&rootprocs, *procdata);
CopyList(&otherprocs, *procdata);
while (DeleteItemNotContaining(&rootprocs, "root"))
{
}
while (DeleteItemContaining(&otherprocs, "root"))
{
}
if (otherprocs)
{
PrependItem(&rootprocs, otherprocs->name, NULL);
}
snprintf(vbuff, CF_MAXVARSIZE, "%s/state/cf_rootprocs", CFWORKDIR);
RawSaveItemList(rootprocs, vbuff);
DeleteItemList(rootprocs);
snprintf(vbuff, CF_MAXVARSIZE, "%s/state/cf_otherprocs", CFWORKDIR);
RawSaveItemList(otherprocs, vbuff);
DeleteItemList(otherprocs);
return true;
}
int GetExecOutput(char *command, char *buffer, int useshell)
/* Buffer initially contains whole exec string */
{
int offset = 0;
char line[CF_EXPANDSIZE], *sp;
FILE *pp;
int flatten_newlines = false;
CfDebug("GetExecOutput(%s,%s) - use shell = %d\n", command, buffer, useshell);
if (useshell)
{
pp = cf_popen_sh(command, "r");
}
else
{
pp = cf_popen(command, "r");
}
if (pp == NULL)
{
CfOut(cf_error, "cf_popen", "Couldn't open pipe to command %s\n", command);
return false;
}
memset(buffer, 0, CF_EXPANDSIZE);
while (!feof(pp))
{
if (ferror(pp)) /* abortable */
{
fflush(pp);
break;
}
CfReadLine(line, CF_EXPANDSIZE, pp);
if (ferror(pp)) /* abortable */
{
fflush(pp);
break;
}
if (flatten_newlines)
{
for (sp = line; *sp != '\0'; sp++)
{
if (*sp == '\n')
{
*sp = ' ';
}
}
}
if (strlen(line) + offset > CF_EXPANDSIZE - 10)
{
CfOut(cf_error, "", "Buffer exceeded %d bytes in exec %s\n", CF_EXPANDSIZE, command);
break;
}
if (flatten_newlines)
{
snprintf(buffer + offset, CF_EXPANDSIZE, "%s ", line);
}
else
{
snprintf(buffer + offset, CF_EXPANDSIZE, "%s\n", line);
}
offset += strlen(line) + 1;
}
if (offset > 0)
{
Chop(buffer);
}
CfDebug("GetExecOutput got: [%s]\n", buffer);
cf_pclose(pp);
return true;
}
static VersionCmpResult RunCmpCommand(const char *command, const char *v1, const char *v2, Attributes a, Promise *pp)
{
char expanded_command[CF_EXPANDSIZE];
SetNewScope("cf_pack_context");
NewScalar("cf_pack_context", "v1", v1, cf_str);
NewScalar("cf_pack_context", "v2", v2, cf_str);
ExpandScalar(command, expanded_command);
DeleteScope("cf_pack_context");
FILE *pfp = a.packages.package_commands_useshell ? cf_popen_sh(expanded_command, "w") : cf_popen(expanded_command, "w");
if (pfp == NULL)
{
cfPS(cf_error, CF_FAIL, "cf_popen", pp, a, "Can not start package version comparison command: %s", expanded_command);
return VERCMP_ERROR;
}
CfOut(cf_verbose, "", "Executing %s", expanded_command);
int retcode = cf_pclose(pfp);
if (retcode == -1)
{
cfPS(cf_error, CF_FAIL, "cf_pclose", pp, a, "Error during package version comparison command execution: %s",
expanded_command);
return VERCMP_ERROR;
}
return retcode == 0;
}
PromiseResult VerifyMount(EvalContext *ctx, char *name, Attributes a, const Promise *pp)
{
char comm[CF_BUFSIZE];
FILE *pfp;
char *host, *rmountpt, *mountpt, *opts=NULL;
host = a.mount.mount_server;
rmountpt = a.mount.mount_source;
mountpt = name;
/* Check for options required for this mount - i.e., -o ro,rsize, etc. */
if (a.mount.mount_options)
{
opts = Rlist2String(a.mount.mount_options, ",");
}
else
{
opts = xstrdup(VMOUNTOPTS[VSYSTEMHARDCLASS]);
}
PromiseResult result = PROMISE_RESULT_NOOP;
if (!DONTDO)
{
snprintf(comm, CF_BUFSIZE, "%s -o %s %s:%s %s", CommandArg0(VMOUNTCOMM[VSYSTEMHARDCLASS]), opts, host, rmountpt, mountpt);
if ((pfp = cf_popen(comm, "r", true)) == NULL)
{
Log(LOG_LEVEL_ERR, "Failed to open pipe from '%s'", CommandArg0(VMOUNTCOMM[VSYSTEMHARDCLASS]));
return PROMISE_RESULT_FAIL;
}
size_t line_size = CF_BUFSIZE;
char *line = xmalloc(line_size);
ssize_t res = CfReadLine(&line, &line_size, pfp);
if (res == -1)
{
if (!feof(pfp))
{
Log(LOG_LEVEL_ERR, "Unable to read output of mount command. (fread: %s)", GetErrorStr());
cf_pclose(pfp);
free(line);
return PROMISE_RESULT_FAIL;
}
}
else if ((strstr(line, "busy")) || (strstr(line, "Busy")))
{
cfPS(ctx, LOG_LEVEL_INFO, PROMISE_RESULT_INTERRUPTED, pp, a, "The device under '%s' cannot be mounted", mountpt);
result = PromiseResultUpdate(result, PROMISE_RESULT_INTERRUPTED);
cf_pclose(pfp);
free(line);
return 1;
}
free(line);
cf_pclose(pfp);
}
/* Since opts is either Rlist2String or xstrdup'd, we need to always free it */
free(opts);
cfPS(ctx, LOG_LEVEL_INFO, PROMISE_RESULT_CHANGE, pp, a, "Mounting '%s' to keep promise", mountpt);
result = PromiseResultUpdate(result, PROMISE_RESULT_CHANGE);
return result;
}
void MountAll()
{
FILE *pp;
if (DONTDO)
{
Log(LOG_LEVEL_VERBOSE, "Promised to mount filesystem, but not on this trial run");
return;
}
else
{
Log(LOG_LEVEL_VERBOSE, "Attempting to mount all filesystems.");
}
#if defined(__CYGWIN__)
/* This is a shell script. Make sure it hasn't been compromised. */
struct stat sb;
if (stat("/etc/fstab", &sb) == -1)
{
int fd;
if ((fd = creat("/etc/fstab", 0755)) > 0)
{
if (write(fd, "#!/bin/sh\n\n", 10) != 10)
{
UnexpectedError("Failed to write to file '/etc/fstab'");
}
close(fd);
}
else
{
if (sb.st_mode & (S_IWOTH | S_IWGRP))
{
Log(LOG_LEVEL_ERR, "File /etc/fstab was insecure. Cannot mount filesystems.");
return;
}
}
}
#endif
SetTimeOut(RPCTIMEOUT);
if ((pp = cf_popen(VMOUNTCOMM[VSYSTEMHARDCLASS], "r", true)) == NULL)
{
Log(LOG_LEVEL_ERR, "Failed to open pipe from '%s'. (cf_popen: %s)",
VMOUNTCOMM[VSYSTEMHARDCLASS], GetErrorStr());
return;
}
size_t line_size = CF_BUFSIZE;
char *line = xmalloc(line_size);
for (;;)
{
ssize_t res = CfReadLine(&line, &line_size, pp);
if (res == -1)
{
if (!feof(pp))
{
Log(LOG_LEVEL_ERR, "Error reading list of mounted filesystems. (ferror: %s)", GetErrorStr());
}
break;
}
if ((strstr(line, "already mounted")) || (strstr(line, "exceeded")) || (strstr(line, "determined")))
{
continue;
}
if (strstr(line, "not supported"))
{
continue;
}
if ((strstr(line, "denied")) || (strstr(line, "RPC")))
{
Log(LOG_LEVEL_ERR, "There was a mount error, trying to mount one of the filesystems on this host.");
break;
}
if ((strstr(line, "trying")) && (!strstr(line, "NFS version 2")) && (!strstr(line, "vers 3")))
{
Log(LOG_LEVEL_ERR, "Attempting abort because mount went into a retry loop.");
break;
}
}
free(line);
alarm(0);
signal(SIGALRM, SIG_DFL);
cf_pclose(pp);
}
int VerifyNotInFstab(EvalContext *ctx, char *name, Attributes a, const Promise *pp, PromiseResult *result)
/* Ensure filesystem is NOT in fstab, and return no of changes */
{
char regex[CF_BUFSIZE];
char *host, *mountpt, *opts;
Item *ip;
if (!FSTABLIST)
{
if (!LoadFileAsItemList(&FSTABLIST, VFSTAB[VSYSTEMHARDCLASS], a.edits))
{
Log(LOG_LEVEL_ERR, "Couldn't open '%s'", VFSTAB[VSYSTEMHARDCLASS]);
return false;
}
else
{
FSTAB_EDITS = 0;
}
}
if (a.mount.mount_options)
{
opts = Rlist2String(a.mount.mount_options, ",");
}
else
{
opts = xstrdup(VMOUNTOPTS[VSYSTEMHARDCLASS]);
}
host = a.mount.mount_server;
mountpt = name;
if (MatchFSInFstab(mountpt))
{
if (a.mount.editfstab)
{
#if defined(_AIX)
FILE *pfp;
char aixcomm[CF_BUFSIZE];
snprintf(aixcomm, CF_BUFSIZE, "/usr/sbin/rmnfsmnt -f %s", mountpt);
if ((pfp = cf_popen(aixcomm, "r", true)) == NULL)
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "Failed to invoke /usr/sbin/rmnfsmnt to edit fstab");
*result = PromiseResultUpdate(*result, PROMISE_RESULT_FAIL);
return 0;
}
size_t line_size = CF_BUFSIZE;
char *line = xmalloc(line_size);
for (;;)
{
ssize_t res = getline(&line, &line_size, pfp);
if (res == -1)
{
if (!feof(pfp))
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "Unable to read output of /bin/rmnfsmnt");
*result = PromiseResultUpdate(*result, PROMISE_RESULT_FAIL);
cf_pclose(pfp);
free(line);
return 0;
}
else
{
break;
}
}
if (line[0] == '#')
{
continue;
}
if (strstr(line, "busy"))
{
cfPS(ctx, LOG_LEVEL_INFO, PROMISE_RESULT_INTERRUPTED, pp, a, "The device under '%s' cannot be removed from '%s'",
mountpt, VFSTAB[VSYSTEMHARDCLASS]);
*result = PromiseResultUpdate(*result, PROMISE_RESULT_INTERRUPTED);
free(line);
return 0;
}
}
free(line);
cf_pclose(pfp);
return 0; /* ignore internal editing for aix , always returns 0 changes */
#else
Item* next;
snprintf(regex, CF_BUFSIZE, ".*[\\s]+%s[\\s]+.*", mountpt);
for (ip = FSTABLIST; ip != NULL; ip = next)
{
next = ip->next;
if (FullTextMatch(ctx, regex, ip->name))
{
cfPS(ctx, LOG_LEVEL_INFO, PROMISE_RESULT_CHANGE, pp, a, "Deleting file system mounted on '%s'", host);
*result = PromiseResultUpdate(*result, PROMISE_RESULT_CHANGE);
// Check host name matches too?
DeleteThisItem(&FSTABLIST, ip);
FSTAB_EDITS++;
}
}
#endif
}
}
if (a.mount.mount_options)
{
free(opts);
}
return 0;
}
bool LoadMountInfo(Seq *list)
/* This is, in fact, the most portable way to read the mount info! */
/* Depressing, isn't it? */
{
FILE *pp;
char buf1[CF_BUFSIZE], buf2[CF_BUFSIZE], buf3[CF_BUFSIZE];
char host[CF_MAXVARSIZE], source[CF_BUFSIZE], mounton[CF_BUFSIZE];
int i, nfs = false;
for (i = 0; VMOUNTCOMM[VSYSTEMHARDCLASS][i] != ' '; i++)
{
buf1[i] = VMOUNTCOMM[VSYSTEMHARDCLASS][i];
}
buf1[i] = '\0';
SetTimeOut(RPCTIMEOUT);
if ((pp = cf_popen(buf1, "r", true)) == NULL)
{
Log(LOG_LEVEL_ERR, "Can't open '%s'. (cf_popen: %s)", buf1, GetErrorStr());
return false;
}
size_t vbuff_size = CF_BUFSIZE;
char *vbuff = xmalloc(vbuff_size);
for (;;)
{
buf1[0] = buf2[0] = buf3[0] = source[0] = '\0';
nfs = false;
ssize_t res = CfReadLine(&vbuff, &vbuff_size, pp);
if (res == -1)
{
if (!feof(pp))
{
Log(LOG_LEVEL_ERR, "Unable to read list of mounted filesystems. (fread: %s)", GetErrorStr());
cf_pclose(pp);
free(vbuff);
return false;
}
else
{
break;
}
}
if (strstr(vbuff, "nfs"))
{
nfs = true;
}
sscanf(vbuff, "%s%s%s", buf1, buf2, buf3);
if ((vbuff[0] == '\0') || (vbuff[0] == '\n'))
{
break;
}
if (strstr(vbuff, "not responding"))
{
Log(LOG_LEVEL_ERR, "%s", vbuff);
}
if (strstr(vbuff, "be root"))
{
Log(LOG_LEVEL_ERR, "Mount access is denied. You must be root. Use the -n option to run safely");
}
if ((strstr(vbuff, "retrying")) || (strstr(vbuff, "denied")) || (strstr(vbuff, "backgrounding")))
{
continue;
}
if ((strstr(vbuff, "exceeded")) || (strstr(vbuff, "busy")))
{
continue;
}
if (strstr(vbuff, "RPC"))
{
Log(LOG_LEVEL_INFO, "There was an RPC timeout. Aborting mount operations.");
Log(LOG_LEVEL_INFO, "Session failed while trying to talk to remote host");
Log(LOG_LEVEL_INFO, "%s", vbuff);
cf_pclose(pp);
free(vbuff);
return false;
}
#if defined(__sun) || defined(__hpux)
if (IsAbsoluteFileName(buf3))
{
strcpy(host, "localhost");
strcpy(mounton, buf1);
}
else
{
sscanf(buf1, "%[^:]:%s", host, source);
strcpy(mounton, buf1);
}
#elif defined(_AIX)
/* skip header */
if (IsAbsoluteFileName(buf1))
{
strcpy(host, "localhost");
strcpy(mounton, buf2);
}
else
{
strcpy(host, buf1);
strcpy(source, buf1);
strcpy(mounton, buf3);
}
#elif defined(__CYGWIN__)
strcpy(mounton, buf2);
strcpy(host, buf1);
#elif defined(sco) || defined(__SCO_DS)
Log(LOG_LEVEL_ERR, "Don't understand SCO mount format, no data");
#else
if (IsAbsoluteFileName(buf1))
{
strcpy(host, "localhost");
strcpy(mounton, buf3);
}
else
{
sscanf(buf1, "%[^:]:%s", host, source);
strcpy(mounton, buf3);
}
#endif
Log(LOG_LEVEL_DEBUG, "LoadMountInfo: host '%s', source '%s', mounton '%s'", host, source, mounton);
if (nfs)
{
AugmentMountInfo(list, host, source, mounton, "nfs");
}
else
{
AugmentMountInfo(list, host, source, mounton, NULL);
}
}
free(vbuff);
alarm(0);
signal(SIGALRM, SIG_DFL);
cf_pclose(pp);
return true;
}
void Unix_FindV6InterfaceInfo(void)
{
FILE *pp = NULL;
char buffer[CF_BUFSIZE];
/* Whatever the manuals might say, you cannot get IPV6
interface configuration from the ioctls. This seems
to be implemented in a non standard way across OSes
BSDi has done getifaddrs(), solaris 8 has a new ioctl, Stevens
book shows the suggestion which has not been implemented...
*/
CfOut(cf_verbose, "", "Trying to locate my IPv6 address\n");
switch (VSYSTEMHARDCLASS)
{
case cfnt:
/* NT cannot do this */
return;
case irix:
case irix4:
case irix64:
if ((pp = cf_popen("/usr/etc/ifconfig -a", "r")) == NULL)
{
CfOut(cf_verbose, "", "Could not find interface info\n");
return;
}
break;
case hp:
if ((pp = cf_popen("/usr/sbin/ifconfig -a", "r")) == NULL)
{
CfOut(cf_verbose, "", "Could not find interface info\n");
return;
}
break;
case aix:
if ((pp = cf_popen("/etc/ifconfig -a", "r")) == NULL)
{
CfOut(cf_verbose, "", "Could not find interface info\n");
return;
}
break;
default:
if ((pp = cf_popen("/sbin/ifconfig -a", "r")) == NULL)
{
CfOut(cf_verbose, "", "Could not find interface info\n");
return;
}
}
/* Don't know the output format of ifconfig on all these .. hope for the best*/
while (!feof(pp))
{
fgets(buffer, CF_BUFSIZE - 1, pp);
if (ferror(pp)) /* abortable */
{
break;
}
if (strcasestr(buffer, "inet6"))
{
Item *ip, *list = NULL;
char *sp;
list = SplitStringAsItemList(buffer, ' ');
for (ip = list; ip != NULL; ip = ip->next)
{
for (sp = ip->name; *sp != '\0'; sp++)
{
if (*sp == '/') /* Remove CIDR mask */
{
*sp = '\0';
}
}
if (IsIPV6Address(ip->name) && (strcmp(ip->name, "::1") != 0))
{
CfOut(cf_verbose, "", "Found IPv6 address %s\n", ip->name);
AppendItem(&IPADDRESSES, ip->name, "");
NewClass(ip->name);
}
}
DeleteItemList(list);
}
}
cf_pclose(pp);
}
int VerifyNotInFstab(char *name, Attributes a, Promise *pp)
/* Ensure filesystem is NOT in fstab, and return no of changes */
{
char regex[CF_BUFSIZE];
char *host, *mountpt, *opts;
Item *ip;
if (!FSTABLIST)
{
if (!LoadFileAsItemList(&FSTABLIST, VFSTAB[VSYSTEMHARDCLASS], a, pp))
{
CfOut(cf_error, "", "Couldn't open %s!\n", VFSTAB[VSYSTEMHARDCLASS]);
return false;
}
else
{
FSTAB_EDITS = 0;
}
}
if (a.mount.mount_options)
{
opts = Rlist2String(a.mount.mount_options, ",");
}
else
{
opts = xstrdup(VMOUNTOPTS[VSYSTEMHARDCLASS]);
}
host = a.mount.mount_server;
mountpt = name;
if (MatchFSInFstab(mountpt))
{
if (a.mount.editfstab)
{
#if defined(_AIX)
FILE *pfp;
char line[CF_BUFSIZE], aixcomm[CF_BUFSIZE];
snprintf(aixcomm, CF_BUFSIZE, "/usr/sbin/rmnfsmnt -f %s", mountpt);
if ((pfp = cf_popen(aixcomm, "r")) == NULL)
{
cfPS(cf_error, CF_FAIL, "", pp, a, "Failed to invoke /usr/sbin/rmnfsmnt to edit fstab");
return 0;
}
while (!feof(pfp))
{
if (CfReadLine(line, CF_BUFSIZE, pfp) == -1)
{
FatalError("Error in CfReadLine");
}
if (line[0] == '#')
{
continue;
}
if (strstr(line, "busy"))
{
cfPS(cf_inform, CF_INTERPT, "", pp, a, "The device under %s cannot be removed from %s\n",
mountpt, VFSTAB[VSYSTEMHARDCLASS]);
return 0;
}
}
cf_pclose(pfp);
return 0; /* ignore internal editing for aix , always returns 0 changes */
#else
snprintf(regex, CF_BUFSIZE, ".*[\\s]+%s[\\s]+.*", mountpt);
for (ip = FSTABLIST; ip != NULL; ip = ip->next)
{
if (FullTextMatch(regex, ip->name))
{
cfPS(cf_inform, CF_CHG, "", pp, a, "Deleting file system mounted on %s.\n", host);
// Check host name matches too?
DeleteThisItem(&FSTABLIST, ip);
FSTAB_EDITS++;
}
}
#endif
}
}
if (a.mount.mount_options)
{
free(opts);
}
return 0;
}
static bool GatherProcessUsers(Item **userList, int *userListSz, int *numRootProcs, int *numOtherProcs)
{
char pscomm[CF_BUFSIZE];
xsnprintf(pscomm, sizeof(pscomm), "%s %s",
VPSCOMM[VPSHARDCLASS], VPSOPTS[VPSHARDCLASS]);
FILE *pp;
if ((pp = cf_popen(pscomm, "r", true)) == NULL)
{
/* FIXME: no logging */
return false;
}
size_t vbuff_size = CF_BUFSIZE;
char *vbuff = xmalloc(vbuff_size);
/* Ignore first line -- header */
ssize_t res = CfReadLine(&vbuff, &vbuff_size, pp);
if (res <= 0)
{
/* FIXME: no logging */
cf_pclose(pp);
free(vbuff);
return false;
}
for (;;)
{
res = CfReadLine(&vbuff, &vbuff_size, pp);
if (res == -1)
{
if (!feof(pp))
{
/* FIXME: no logging */
cf_pclose(pp);
free(vbuff);
return false;
}
else
{
break;
}
}
char user[64];
int ret = sscanf(vbuff, " %63s ", user);
/* CFE-1560: Skip the username if it starts with a digit, this means
* that we are reading the PID! Happens on some platforms (e.g. AIX)
* where zombie processes have an empty username field in ps. */
if (ret != 1 || user[0] == '\0' || isdigit(user[0]))
{
continue;
}
if (!IsItemIn(*userList, user))
{
PrependItem(userList, user, NULL);
(*userListSz)++;
}
if (strcmp(user, "root") == 0)
{
(*numRootProcs)++;
}
else
{
(*numOtherProcs)++;
}
}
if (LogGetGlobalLevel() >= LOG_LEVEL_DEBUG)
{
char *s = ItemList2CSV(*userList);
Log(LOG_LEVEL_DEBUG, "Users in the process table: (%s)", s);
free(s);
}
cf_pclose(pp);
free(vbuff);
return true;
}
void MountAll()
{
char line[CF_BUFSIZE];
FILE *pp;
if (DONTDO)
{
CfOut(cf_verbose, "", "Promised to mount filesystem, but not on this trial run\n");
return;
}
else
{
CfOut(cf_verbose, "", " -> Attempting to mount all filesystems.\n");
}
#if defined(__CYGWIN__)
/* This is a shell script. Make sure it hasn't been compromised. */
struct stat sb;
if (cfstat("/etc/fstab", &sb) == -1)
{
int fd;
if ((fd = creat("/etc/fstab", 0755)) > 0)
{
if (write(fd, "#!/bin/sh\n\n", 10) != 10)
{
UnexpectedError("Failed to write to file '/etc/fstab'");
}
close(fd);
}
else
{
if (sb.st_mode & (S_IWOTH | S_IWGRP))
{
CfOut(cf_error, "", "File /etc/fstab was insecure. Cannot mount filesystems.\n");
return;
}
}
}
#endif
SetTimeOut(RPCTIMEOUT);
if ((pp = cf_popen(VMOUNTCOMM[VSYSTEMHARDCLASS], "r")) == NULL)
{
CfOut(cf_error, "cf_popen", "Failed to open pipe from %s\n", VMOUNTCOMM[VSYSTEMHARDCLASS]);
return;
}
while (!feof(pp))
{
if (ferror(pp)) /* abortable */
{
CfOut(cf_inform, "ferror", "Error mounting filesystems\n");
break;
}
if (CfReadLine(line, CF_BUFSIZE, pp) == -1)
{
FatalError("Error in CfReadLine");
}
if (ferror(pp)) /* abortable */
{
CfOut(cf_inform, "ferror", "Error mounting filesystems\n");
break;
}
if ((strstr(line, "already mounted")) || (strstr(line, "exceeded")) || (strstr(line, "determined")))
{
continue;
}
if (strstr(line, "not supported"))
{
continue;
}
if ((strstr(line, "denied")) || (strstr(line, "RPC")))
{
CfOut(cf_error, "", "There was a mount error, trying to mount one of the filesystems on this host.\n");
break;
}
if ((strstr(line, "trying")) && (!strstr(line, "NFS version 2")) && (!strstr(line, "vers 3")))
{
CfOut(cf_error, "", "Attempting abort because mount went into a retry loop.\n");
break;
}
}
alarm(0);
signal(SIGALRM, SIG_DFL);
cf_pclose(pp);
}
bool GetExecOutput(const char *command, char *buffer, bool useshell)
/* Buffer initially contains whole exec string */
{
int offset = 0;
char line[CF_EXPANDSIZE];
FILE *pp;
if (useshell)
{
pp = cf_popen_sh(command, "r");
}
else
{
pp = cf_popen(command, "r", true);
}
if (pp == NULL)
{
Log(LOG_LEVEL_ERR, "Couldn't open pipe to command '%s'. (cf_popen: %s)", command, GetErrorStr());
return false;
}
memset(buffer, 0, CF_EXPANDSIZE);
for (;;)
{
ssize_t res = CfReadLine(line, CF_EXPANDSIZE, pp);
if (res == 0)
{
break;
}
if (res == -1)
{
Log(LOG_LEVEL_ERR, "Unable to read output of command '%s'. (fread: %s)", command, GetErrorStr());
cf_pclose(pp);
return false;
}
if (strlen(line) + offset > CF_EXPANDSIZE - 10)
{
Log(LOG_LEVEL_ERR, "Buffer exceeded %d bytes in exec '%s'", CF_EXPANDSIZE, command);
break;
}
snprintf(buffer + offset, CF_EXPANDSIZE, "%s\n", line);
offset += strlen(line) + 1;
}
if (offset > 0)
{
if (Chop(buffer, CF_EXPANDSIZE) == -1)
{
Log(LOG_LEVEL_ERR, "Chop was called on a string that seemed to have no terminator");
}
}
Log(LOG_LEVEL_DEBUG, "GetExecOutput got '%s'", buffer);
cf_pclose(pp);
return true;
}
/* return true if the process with
* pid is in the global zone */
int IsGlobalProcess(int pid, Seq *pidlist, Seq *rootpidlist)
{
if (PidInSeq(pidlist, pid) || PidInSeq(rootpidlist, pid))
{
return true;
}
else
{
return false;
}
}
void ZCopyProcessList(Item **dest, const Item *source, Seq *pidlist, char **names, int *end)
{
int gpid = ExtractPid(source->name, names, end);
if (PidInSeq(pidlist, gpid))
{
PrependItem(dest, source->name, "");
}
}
# endif /* HAVE_GETZONEID */
int LoadProcessTable(Item **procdata)
{
FILE *prp;
char pscomm[CF_MAXLINKSIZE];
Item *rootprocs = NULL;
Item *otherprocs = NULL;
if (PROCESSTABLE)
{
Log(LOG_LEVEL_VERBOSE, "Reusing cached process table");
return true;
}
const char *psopts = GetProcessOptions();
snprintf(pscomm, CF_MAXLINKSIZE, "%s %s", VPSCOMM[VSYSTEMHARDCLASS], psopts);
Log(LOG_LEVEL_VERBOSE, "Observe process table with %s", pscomm);
if ((prp = cf_popen(pscomm, "r", false)) == NULL)
{
Log(LOG_LEVEL_ERR, "Couldn't open the process list with command '%s'. (popen: %s)", pscomm, GetErrorStr());
return false;
}
size_t vbuff_size = CF_BUFSIZE;
char *vbuff = xmalloc(vbuff_size);
# ifdef HAVE_GETZONEID
char *names[CF_PROCCOLS];
int start[CF_PROCCOLS];
int end[CF_PROCCOLS];
Seq *pidlist = SeqNew(1, NULL);
Seq *rootpidlist = SeqNew(1, NULL);
bool global_zone = IsGlobalZone();
if (global_zone)
{
int res = ZLoadProcesstable(pidlist, rootpidlist);
if (res == false)
{
Log(LOG_LEVEL_ERR, "Unable to load solaris zone process table.");
return false;
}
}
# endif
for (;;)
{
ssize_t res = CfReadLine(&vbuff, &vbuff_size, prp);
if (res == -1)
{
if (!feof(prp))
{
Log(LOG_LEVEL_ERR, "Unable to read process list with command '%s'. (fread: %s)", pscomm, GetErrorStr());
cf_pclose(prp);
free(vbuff);
return false;
}
else
{
break;
}
}
Chop(vbuff, vbuff_size);
# ifdef HAVE_GETZONEID
if (global_zone)
{
if (strstr(vbuff, "PID") != NULL)
{ /* this is the banner so get the column header names for later use*/
GetProcessColumnNames(vbuff, &names[0], start, end);
}
else
{
int gpid = ExtractPid(vbuff, names, end);
if (!IsGlobalProcess(gpid, pidlist, rootpidlist))
{
continue;
}
}
}
# endif
AppendItem(procdata, vbuff, "");
}
cf_pclose(prp);
/* Now save the data */
snprintf(vbuff, CF_MAXVARSIZE, "%s/state/cf_procs", CFWORKDIR);
RawSaveItemList(*procdata, vbuff, NewLineMode_Unix);
# ifdef HAVE_GETZONEID
if (global_zone) /* pidlist and rootpidlist are empty if we're not in the global zone */
{
Item *ip = *procdata;
while (ip != NULL)
{
ZCopyProcessList(&rootprocs, ip, rootpidlist, names, end);
ip = ip->next;
}
ReverseItemList(rootprocs);
ip = *procdata;
while (ip != NULL)
{
ZCopyProcessList(&otherprocs, ip, pidlist, names, end);
ip = ip->next;
}
ReverseItemList(otherprocs);
}
else
# endif
{
CopyList(&rootprocs, *procdata);
CopyList(&otherprocs, *procdata);
while (DeleteItemNotContaining(&rootprocs, "root"))
{
}
while (DeleteItemContaining(&otherprocs, "root"))
{
}
}
if (otherprocs)
{
PrependItem(&rootprocs, otherprocs->name, NULL);
}
snprintf(vbuff, CF_MAXVARSIZE, "%s/state/cf_rootprocs", CFWORKDIR);
RawSaveItemList(rootprocs, vbuff, NewLineMode_Unix);
DeleteItemList(rootprocs);
snprintf(vbuff, CF_MAXVARSIZE, "%s/state/cf_otherprocs", CFWORKDIR);
RawSaveItemList(otherprocs, vbuff, NewLineMode_Unix);
DeleteItemList(otherprocs);
free(vbuff);
return true;
}
GenericAgentConfig *CheckOpts(int argc, char **argv)
{
extern char *optarg;
char ld_library_path[CF_BUFSIZE];
int optindex = 0;
int c;
GenericAgentConfig *config = GenericAgentConfigNewDefault(AGENT_TYPE_SERVER);
while ((c = getopt_long(argc, argv, "dvIKf:D:N:VSxLFMhA", OPTIONS, &optindex)) != EOF)
{
switch ((char) c)
{
case 'f':
if (optarg && (strlen(optarg) < 5))
{
CfOut(OUTPUT_LEVEL_ERROR, "", " -f used but argument \"%s\" incorrect", optarg);
exit(EXIT_FAILURE);
}
GenericAgentConfigSetInputFile(config, GetWorkDir(), optarg);
MINUSF = true;
break;
case 'd':
config->debug_mode = true;
NO_FORK = true;
case 'K':
IGNORELOCK = true;
break;
case 'D':
config->heap_soft = StringSetFromString(optarg, ',');
break;
case 'N':
config->heap_negated = StringSetFromString(optarg, ',');
break;
case 'I':
INFORM = true;
break;
case 'v':
VERBOSE = true;
NO_FORK = true;
break;
case 'F':
NO_FORK = true;
break;
case 'L':
CfOut(OUTPUT_LEVEL_VERBOSE, "", "Setting LD_LIBRARY_PATH=%s\n", optarg);
snprintf(ld_library_path, CF_BUFSIZE - 1, "LD_LIBRARY_PATH=%s", optarg);
putenv(ld_library_path);
break;
case 'V':
PrintVersion();
exit(0);
case 'h':
Syntax("cf-serverd", OPTIONS, HINTS, ID, true);
exit(0);
case 'M':
ManPage("cf-serverd - CFEngine's server agent", OPTIONS, HINTS, ID);
exit(0);
case 'x':
CfOut(OUTPUT_LEVEL_ERROR, "", "Self-diagnostic functionality is retired.");
exit(0);
case 'A':
#ifdef HAVE_AVAHI_CLIENT_CLIENT_H
#ifdef HAVE_AVAHI_COMMON_ADDRESS_H
printf("Generating Avahi configuration file.\n");
if (GenerateAvahiConfig("/etc/avahi/services/cfengine-hub.service") != 0)
{
exit(1);
}
cf_popen("/etc/init.d/avahi-daemon restart", "r", true);
printf("Avahi configuration file generated successfuly.\n");
exit(0);
#else
printf("This option can only be used when avahi-daemon and libavahi are installed on the machine.\n");
#endif
#endif
default:
Syntax("cf-serverd", OPTIONS, HINTS, ID, true);
exit(1);
}
}
if (!GenericAgentConfigParseArguments(config, argc - optind, argv + optind))
{
Log(LOG_LEVEL_ERR, "Too many arguments");
exit(EXIT_FAILURE);
}
return config;
}
GenericAgentConfig *CheckOpts(int argc, char **argv)
{
extern char *optarg;
int c;
GenericAgentConfig *config = GenericAgentConfigNewDefault(AGENT_TYPE_SERVER, GetTTYInteractive());
while ((c = getopt_long(argc, argv, "dvIKf:D:N:VSxLFMhAC::l",
OPTIONS, NULL))
!= -1)
{
switch (c)
{
case 'f':
GenericAgentConfigSetInputFile(config, GetInputDir(), optarg);
MINUSF = true;
break;
case 'd':
LogSetGlobalLevel(LOG_LEVEL_DEBUG);
NO_FORK = true;
break;
case 'K':
config->ignore_locks = true;
break;
case 'D':
{
StringSet *defined_classes = StringSetFromString(optarg, ',');
if (! config->heap_soft)
{
config->heap_soft = defined_classes;
}
else
{
StringSetJoin(config->heap_soft, defined_classes);
free(defined_classes);
}
}
break;
case 'N':
{
StringSet *negated_classes = StringSetFromString(optarg, ',');
if (! config->heap_negated)
{
config->heap_negated = negated_classes;
}
else
{
StringSetJoin(config->heap_negated, negated_classes);
free(negated_classes);
}
}
break;
case 'I':
LogSetGlobalLevel(LOG_LEVEL_INFO);
break;
case 'v':
LogSetGlobalLevel(LOG_LEVEL_VERBOSE);
NO_FORK = true;
break;
case 'F':
NO_FORK = true;
break;
case 'L':
{
static char ld_library_path[CF_BUFSIZE]; /* GLOBAL_A */
Log(LOG_LEVEL_VERBOSE, "Setting LD_LIBRARY_PATH to '%s'", optarg);
snprintf(ld_library_path, CF_BUFSIZE - 1, "LD_LIBRARY_PATH=%s", optarg);
putenv(ld_library_path);
break;
}
case 'V':
{
Writer *w = FileWriter(stdout);
GenericAgentWriteVersion(w);
FileWriterDetach(w);
}
exit(EXIT_SUCCESS);
case 'h':
{
Writer *w = FileWriter(stdout);
GenericAgentWriteHelp(w, "cf-serverd", OPTIONS, HINTS, true);
FileWriterDetach(w);
}
exit(EXIT_SUCCESS);
case 'M':
{
Writer *out = FileWriter(stdout);
ManPageWrite(out, "cf-serverd", time(NULL),
CF_SERVERD_SHORT_DESCRIPTION,
CF_SERVERD_MANPAGE_LONG_DESCRIPTION,
OPTIONS, HINTS,
true);
FileWriterDetach(out);
exit(EXIT_SUCCESS);
}
case 'x':
Log(LOG_LEVEL_ERR, "Self-diagnostic functionality is retired.");
exit(EXIT_SUCCESS);
case 'A':
#ifdef SUPPORT_AVAHI_CONFIG
Log(LOG_LEVEL_NOTICE, "Generating Avahi configuration file.");
if (GenerateAvahiConfig("/etc/avahi/services/cfengine-hub.service") != 0)
{
exit(EXIT_FAILURE);
}
cf_popen("/etc/init.d/avahi-daemon restart", "r", true);
Log(LOG_LEVEL_NOTICE, "Avahi configuration file generated successfully.");
#else
Log(LOG_LEVEL_ERR, "Generating avahi configuration can only be done when avahi-daemon and libavahi are installed on the machine.");
#endif
exit(EXIT_SUCCESS);
case 'C':
if (!GenericAgentConfigParseColor(config, optarg))
{
exit(EXIT_FAILURE);
}
break;
case 'l':
LoggingEnableTimestamps(true);
break;
default:
{
Writer *w = FileWriter(stdout);
GenericAgentWriteHelp(w, "cf-serverd", OPTIONS, HINTS, true);
FileWriterDetach(w);
}
exit(EXIT_FAILURE);
}
}
if (!GenericAgentConfigParseArguments(config, argc - optind, argv + optind))
{
Log(LOG_LEVEL_ERR, "Too many arguments");
exit(EXIT_FAILURE);
}
return config;
}
void MonNetworkGatherData(double *cf_this)
{
FILE *pp;
char local[CF_BUFSIZE],remote[CF_BUFSIZE],comm[CF_BUFSIZE];
struct Item *in[ATTR],*out[ATTR];
char *sp;
int i;
char vbuff[CF_BUFSIZE];
Debug("GatherSocketData()\n");
for (i = 0; i < ATTR; i++)
{
in[i] = out[i] = NULL;
}
if (ALL_INCOMING != NULL)
{
DeleteItemList(ALL_INCOMING);
ALL_INCOMING = NULL;
}
if (ALL_OUTGOING != NULL)
{
DeleteItemList(ALL_OUTGOING);
ALL_OUTGOING = NULL;
}
sscanf(VNETSTAT[VSYSTEMHARDCLASS],"%s",comm);
strcat(comm," -n");
if ((pp = cf_popen(comm,"r")) == NULL)
{
return;
}
while (!feof(pp))
{
memset(local,0,CF_BUFSIZE);
memset(remote,0,CF_BUFSIZE);
CfReadLine(vbuff,CF_BUFSIZE,pp);
if (strstr(vbuff,"UNIX"))
{
break;
}
if (!strstr(vbuff,"."))
{
continue;
}
/* Different formats here ... ugh.. */
if (strncmp(vbuff,"tcp",3) == 0)
{
sscanf(vbuff,"%*s %*s %*s %s %s",local,remote); /* linux-like */
}
else
{
sscanf(vbuff,"%s %s",local,remote); /* solaris-like */
}
if (strlen(local) == 0)
{
continue;
}
for (sp = local+strlen(local); (*sp != '.') && (sp > local); sp--)
{
}
sp++;
if ((strlen(sp) < 5) &&!IsItemIn(ALL_INCOMING,sp))
{
PrependItem(&ALL_INCOMING,sp,NULL);
}
for (sp = remote+strlen(remote); (sp >= remote) && !isdigit((int)*sp); sp--)
{
}
sp++;
if ((strlen(sp) < 5) && !IsItemIn(ALL_OUTGOING,sp))
{
PrependItem(&ALL_OUTGOING,sp,NULL);
}
for (i = 0; i < ATTR; i++)
{
char *spend;
for (spend = local+strlen(local)-1; isdigit((int)*spend); spend--)
{
}
spend++;
if (strcmp(spend,ECGSOCKS[i].portnr) == 0)
{
cf_this[ECGSOCKS[i].in]++;
AppendItem(&in[i],vbuff,"");
}
for (spend = remote+strlen(remote)-1; (sp >= remote) && isdigit((int)*spend); spend--)
{
}
spend++;
if (strcmp(spend,ECGSOCKS[i].portnr) == 0)
{
cf_this[ECGSOCKS[i].out]++;
AppendItem(&out[i],vbuff,"");
}
}
}
cf_pclose(pp);
/* Now save the state for ShowState() cf2 version alert function IFF
the state is not smaller than the last or at least 40 minutes
older. This mirrors the persistence of the maxima classes */
for (i = 0; i < ATTR; i++)
{
struct stat statbuf;
time_t now = time(NULL);
Debug("save incoming %s\n",ECGSOCKS[i].name);
snprintf(vbuff,CF_MAXVARSIZE,"%s/state/cf_incoming.%s",CFWORKDIR,ECGSOCKS[i].name);
if (cfstat(vbuff,&statbuf) != -1)
{
if ((ByteSizeList(in[i]) < statbuf.st_size) && (now < statbuf.st_mtime+40*60))
{
CfOut(cf_verbose,"","New state %s is smaller, retaining old for 40 mins longer\n",ECGSOCKS[i].name);
DeleteItemList(in[i]);
continue;
}
}
SetNetworkEntropyClasses(ECGSOCKS[i].name,"in",in[i]);
RawSaveItemList(in[i],vbuff);
DeleteItemList(in[i]);
Debug("Saved in netstat data in %s\n",vbuff);
}
for (i = 0; i < ATTR; i++)
{
struct stat statbuf;
time_t now = time(NULL);
Debug("save outgoing %s\n",ECGSOCKS[i].name);
snprintf(vbuff,CF_MAXVARSIZE,"%s/state/cf_outgoing.%s",CFWORKDIR,ECGSOCKS[i].name);
if (cfstat(vbuff,&statbuf) != -1)
{
if ((ByteSizeList(out[i]) < statbuf.st_size) && (now < statbuf.st_mtime+40*60))
{
CfOut(cf_verbose,"","New state %s is smaller, retaining old for 40 mins longer\n",ECGSOCKS[i].name);
DeleteItemList(out[i]);
continue;
}
}
SetNetworkEntropyClasses(ECGSOCKS[i].name,"out",out[i]);
RawSaveItemList(out[i],vbuff);
Debug("Saved out netstat data in %s\n",vbuff);
DeleteItemList(out[i]);
}
}
