int RemoveKeys(const char *host) { char digest[CF_BUFSIZE]; char ipaddr[CF_MAX_IP_LEN]; if (Hostname2IPString(ipaddr, host, sizeof(ipaddr)) == -1) { Log(LOG_LEVEL_ERR, "ERROR, could not resolve %s, not removing", host); return 255; } Address2Hostkey(ipaddr, digest); RemoveHostFromLastSeen(digest); int removed_by_ip = RemovePublicKey(ipaddr); int removed_by_digest = RemovePublicKey(digest); if ((removed_by_ip == -1) || (removed_by_digest == -1)) { Log(LOG_LEVEL_ERR, "Unable to remove keys for the host %s", host); return 255; } else if (removed_by_ip + removed_by_digest == 0) { Log(LOG_LEVEL_ERR, "No keys for host %s were found", host); return 1; } else { Log(LOG_LEVEL_INFO, "Removed %d key(s) for host %s", removed_by_ip + removed_by_digest, host); return 0; } }
static int RemoveKeys(const char *host) { char ip[CF_BUFSIZE]; char digest[CF_BUFSIZE]; strcpy(ip, Hostname2IPString(host)); Address2Hostkey(ip, digest); RemoveHostFromLastSeen(digest); int removed_by_ip = RemovePublicKey(ip); int removed_by_digest = RemovePublicKey(digest); if ((removed_by_ip == -1) || (removed_by_digest == -1)) { CfOut(cf_error, "", "Unable to remove keys for the host %s", remove_keys_host); return 255; } else if (removed_by_ip + removed_by_digest == 0) { CfOut(cf_error, "", "No keys for host %s were found", remove_keys_host); return 1; } else { CfOut(cf_inform, "", "Removed %d key(s) for host %s", removed_by_ip + removed_by_digest, remove_keys_host); return 0; } }
RSA *HavePublicKeyByIP(const char *username, const char *ipaddress) { char hash[CF_MAXVARSIZE]; Address2Hostkey(ipaddress, hash); return HavePublicKey(username, ipaddress, hash); }
static void test_reverse_missing(void **context) { setup(); /* Check that resolution return false */ char result[CF_BUFSIZE]; assert_int_equal(Address2Hostkey("127.0.0.64", result), false); }
/** * @brief Search for a key given an IP address, by getting the * key hash value from lastseen db. * @return NULL if the key was not found in any form. */ RSA *HavePublicKeyByIP(const char *username, const char *ipaddress) { char hash[CF_HOSTKEY_STRING_SIZE]; /* Get the key hash for that address from lastseen db. */ bool found = Address2Hostkey(hash, sizeof(hash), ipaddress); /* If not found, by passing "" as digest, we effectively look only for * the old-style key file, e.g. root-1.2.3.4.pub. */ return HavePublicKey(username, ipaddress, found ? hash : ""); }
/** * @brief Search for a key just like HavePublicKey(), but get the * hash value from lastseen db. * @return NULL if the key was not found in any form. */ RSA *HavePublicKeyByIP(const char *username, const char *ipaddress) { char hash[CF_HOSTKEY_STRING_SIZE]; bool found = Address2Hostkey(hash, sizeof(hash), ipaddress); if (found) { return HavePublicKey(username, ipaddress, hash); } else { Log(LOG_LEVEL_VERBOSE, "Key for host '%s' not found in lastseen db", ipaddress); return HavePublicKey(username, ipaddress, ""); } }
static void test_reverse_conflict(void **context) { setup(); UpdateLastSawHost("SHA-12345", "127.0.0.64", true, 555); DBHandle *db; OpenDB(&db, dbid_lastseen); assert_int_equal(WriteDB(db, "a127.0.0.64", "SHA-98765", strlen("SHA-98765") + 1), true); /* Check that resolution return false */ char result[CF_BUFSIZE]; assert_int_equal(Address2Hostkey("127.0.0.64", result), false); /* Check that entry is removed */ assert_int_equal(HasKeyDB(db, "a127.0.0.64", strlen("a127.0.0.64") + 1), false); CloseDB(db); }
static int HailServer(char *host, Attributes a, Promise *pp) { AgentConnection *conn; char sendbuffer[CF_BUFSIZE], recvbuffer[CF_BUFSIZE], peer[CF_MAXVARSIZE], ipv4[CF_MAXVARSIZE], digest[CF_MAXVARSIZE], user[CF_SMALLBUF]; bool gotkey; char reply[8]; a.copy.portnumber = (short) ParseHostname(host, peer); snprintf(ipv4, CF_MAXVARSIZE, "%s", Hostname2IPString(peer)); Address2Hostkey(ipv4, digest); GetCurrentUserName(user, CF_SMALLBUF); if (INTERACTIVE) { CfOut(cf_verbose, "", " -> Using interactive key trust...\n"); gotkey = HavePublicKey(user, peer, digest) != NULL; if (!gotkey) { gotkey = HavePublicKey(user, ipv4, digest) != NULL; } if (!gotkey) { printf("WARNING - You do not have a public key from host %s = %s\n", host, ipv4); printf(" Do you want to accept one on trust? (yes/no)\n\n--> "); while (true) { if (fgets(reply, 8, stdin) == NULL) { FatalError("EOF trying to read answer from terminal"); } if (Chop(reply, CF_EXPANDSIZE) == -1) { CfOut(cf_error, "", "Chop was called on a string that seemed to have no terminator"); } if (strcmp(reply, "yes") == 0) { printf(" -> Will trust the key...\n"); a.copy.trustkey = true; break; } else if (strcmp(reply, "no") == 0) { printf(" -> Will not trust the key...\n"); a.copy.trustkey = false; break; } else { printf(" !! Please reply yes or no...(%s)\n", reply); } } } } /* Continue */ #ifdef __MINGW32__ CfOut(cf_inform, "", "...........................................................................\n"); CfOut(cf_inform, "", " * Hailing %s : %u, with options \"%s\" (serial)\n", peer, a.copy.portnumber, REMOTE_AGENT_OPTIONS); CfOut(cf_inform, "", "...........................................................................\n"); #else /* !__MINGW32__ */ if (BACKGROUND) { CfOut(cf_inform, "", "Hailing %s : %u, with options \"%s\" (parallel)\n", peer, a.copy.portnumber, REMOTE_AGENT_OPTIONS); } else { CfOut(cf_inform, "", "...........................................................................\n"); CfOut(cf_inform, "", " * Hailing %s : %u, with options \"%s\" (serial)\n", peer, a.copy.portnumber, REMOTE_AGENT_OPTIONS); CfOut(cf_inform, "", "...........................................................................\n"); } #endif /* !__MINGW32__ */ a.copy.servers = SplitStringAsRList(peer, '*'); if (a.copy.servers == NULL || strcmp(a.copy.servers->item, "localhost") == 0) { cfPS(cf_inform, CF_NOP, "", pp, a, "No hosts are registered to connect to"); return false; } else { conn = NewServerConnection(a, pp); if (conn == NULL) { DeleteRlist(a.copy.servers); CfOut(cf_verbose, "", " -> No suitable server responded to hail\n"); return false; } } /* Check trust interaction*/ pp->cache = NULL; if (strlen(MENU) > 0) { #if defined(HAVE_NOVA) if (!Nova_ExecuteRunagent(conn, MENU)) { DisconnectServer(conn); DeleteRlist(a.copy.servers); return false; } #endif } else { HailExec(conn, peer, recvbuffer, sendbuffer); } DeleteRlist(a.copy.servers); return true; }
static int HailServer(EvalContext *ctx, char *host) { AgentConnection *conn; char sendbuffer[CF_BUFSIZE], recvbuffer[CF_BUFSIZE], peer[CF_MAXVARSIZE], ipv4[CF_MAXVARSIZE], digest[CF_MAXVARSIZE], user[CF_SMALLBUF]; bool gotkey; char reply[8]; FileCopy fc = { .portnumber = (short) ParseHostname(host, peer), }; snprintf(ipv4, CF_MAXVARSIZE, "%s", Hostname2IPString(peer)); Address2Hostkey(ipv4, digest); GetCurrentUserName(user, CF_SMALLBUF); if (INTERACTIVE) { CfOut(OUTPUT_LEVEL_VERBOSE, "", " -> Using interactive key trust...\n"); gotkey = HavePublicKey(user, peer, digest) != NULL; if (!gotkey) { gotkey = HavePublicKey(user, ipv4, digest) != NULL; } if (!gotkey) { printf("WARNING - You do not have a public key from host %s = %s\n", host, ipv4); printf(" Do you want to accept one on trust? (yes/no)\n\n--> "); while (true) { if (fgets(reply, 8, stdin) == NULL) { FatalError(ctx, "EOF trying to read answer from terminal"); } if (Chop(reply, CF_EXPANDSIZE) == -1) { CfOut(OUTPUT_LEVEL_ERROR, "", "Chop was called on a string that seemed to have no terminator"); } if (strcmp(reply, "yes") == 0) { printf(" -> Will trust the key...\n"); fc.trustkey = true; break; } else if (strcmp(reply, "no") == 0) { printf(" -> Will not trust the key...\n"); fc.trustkey = false; break; } else { printf(" !! Please reply yes or no...(%s)\n", reply); } } } } /* Continue */ #ifdef __MINGW32__ CfOut(OUTPUT_LEVEL_INFORM, "", "...........................................................................\n"); CfOut(OUTPUT_LEVEL_INFORM, "", " * Hailing %s : %u, with options \"%s\" (serial)\n", peer, fc.portnumber, REMOTE_AGENT_OPTIONS); CfOut(OUTPUT_LEVEL_INFORM, "", "...........................................................................\n"); #else /* !__MINGW32__ */ if (BACKGROUND) { CfOut(OUTPUT_LEVEL_INFORM, "", "Hailing %s : %u, with options \"%s\" (parallel)\n", peer, fc.portnumber, REMOTE_AGENT_OPTIONS); } else { CfOut(OUTPUT_LEVEL_INFORM, "", "...........................................................................\n"); CfOut(OUTPUT_LEVEL_INFORM, "", " * Hailing %s : %u, with options \"%s\" (serial)\n", peer, fc.portnumber, REMOTE_AGENT_OPTIONS); CfOut(OUTPUT_LEVEL_INFORM, "", "...........................................................................\n"); } #endif /* !__MINGW32__ */ fc.servers = RlistFromSplitString(peer, '*'); if (fc.servers == NULL || strcmp(fc.servers->item, "localhost") == 0) { CfOut(OUTPUT_LEVEL_INFORM, "", "No hosts are registered to connect to"); return false; } else { int err = 0; conn = NewServerConnection(fc, false, &err); if (conn == NULL) { RlistDestroy(fc.servers); CfOut(OUTPUT_LEVEL_VERBOSE, "", " -> No suitable server responded to hail\n"); return false; } } /* Check trust interaction*/ HailExec(conn, peer, recvbuffer, sendbuffer); RlistDestroy(fc.servers); return true; } /********************************************************************/ /* Level 2 */ /********************************************************************/ static void KeepControlPromises(EvalContext *ctx, Policy *policy) { Rval retval; RUNATTR.copy.trustkey = false; RUNATTR.copy.encrypt = true; RUNATTR.copy.force_ipv4 = false; RUNATTR.copy.portnumber = SHORT_CFENGINEPORT; /* Keep promised agent behaviour - control bodies */ Seq *constraints = ControlBodyConstraints(policy, AGENT_TYPE_RUNAGENT); if (constraints) { for (size_t i = 0; i < SeqLength(constraints); i++) { Constraint *cp = SeqAt(constraints, i); if (!IsDefinedClass(ctx, cp->classes, NULL)) { continue; } if (!EvalContextVariableGet(ctx, (VarRef) { NULL, "control_runagent", cp->lval }, &retval, NULL)) { CfOut(OUTPUT_LEVEL_ERROR, "", "Unknown lval %s in runagent control body", cp->lval); continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_FORCE_IPV4].lval) == 0) { RUNATTR.copy.force_ipv4 = BooleanFromString(retval.item); CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET force_ipv4 = %d\n", RUNATTR.copy.force_ipv4); continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_TRUSTKEY].lval) == 0) { RUNATTR.copy.trustkey = BooleanFromString(retval.item); CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET trustkey = %d\n", RUNATTR.copy.trustkey); continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_ENCRYPT].lval) == 0) { RUNATTR.copy.encrypt = BooleanFromString(retval.item); CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET encrypt = %d\n", RUNATTR.copy.encrypt); continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_PORT_NUMBER].lval) == 0) { RUNATTR.copy.portnumber = (short) IntFromString(retval.item); CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET default portnumber = %u\n", (int) RUNATTR.copy.portnumber); continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_BACKGROUND].lval) == 0) { /* * Only process this option if are is no -b or -i options specified on * command line. */ if (BACKGROUND || INTERACTIVE) { CfOut(OUTPUT_LEVEL_ERROR, "", "Warning: 'background_children' setting from 'body runagent control' is overriden by command-line option."); } else { BACKGROUND = BooleanFromString(retval.item); } continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_MAX_CHILD].lval) == 0) { MAXCHILD = (short) IntFromString(retval.item); continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_OUTPUT_TO_FILE].lval) == 0) { OUTPUT_TO_FILE = BooleanFromString(retval.item); continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_OUTPUT_DIRECTORY].lval) == 0) { if (IsAbsPath(retval.item)) { strncpy(OUTPUT_DIRECTORY, retval.item, CF_BUFSIZE - 1); CfOut(OUTPUT_LEVEL_VERBOSE, "", "SET output direcory to = %s\n", OUTPUT_DIRECTORY); } continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_TIMEOUT].lval) == 0) { RUNATTR.copy.timeout = (short) IntFromString(retval.item); continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_HOSTS].lval) == 0) { if (HOSTLIST == NULL) // Don't override if command line setting { HOSTLIST = retval.item; } continue; } } } if (EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_LASTSEEN_EXPIRE_AFTER, &retval)) { LASTSEENEXPIREAFTER = IntFromString(retval.item) * 60; } }
static int HailServer(const EvalContext *ctx, const GenericAgentConfig *config, char *host) { assert(host != NULL); AgentConnection *conn; char sendbuffer[CF_BUFSIZE], recvbuffer[CF_BUFSIZE], hostkey[CF_HOSTKEY_STRING_SIZE], user[CF_SMALLBUF]; bool gotkey; char reply[8]; bool trustkey = false; char *hostname, *port; ParseHostPort(host, &hostname, &port); if (hostname == NULL || strcmp(hostname, "localhost") == 0) { Log(LOG_LEVEL_INFO, "No remote hosts were specified to connect to"); return false; } if (port == NULL) { port = "5308"; } char ipaddr[CF_MAX_IP_LEN]; if (Hostname2IPString(ipaddr, hostname, sizeof(ipaddr)) == -1) { Log(LOG_LEVEL_ERR, "HailServer: ERROR, could not resolve '%s'", hostname); return false; } Address2Hostkey(hostkey, sizeof(hostkey), ipaddr); GetCurrentUserName(user, CF_SMALLBUF); if (INTERACTIVE) { Log(LOG_LEVEL_VERBOSE, "Using interactive key trust..."); gotkey = HavePublicKey(user, ipaddr, hostkey) != NULL; if (!gotkey) { /* TODO print the hash of the connecting host. But to do that we * should open the connection first, and somehow pass that hash * here! redmine#7212 */ printf("WARNING - You do not have a public key from host %s = %s\n", hostname, ipaddr); printf(" Do you want to accept one on trust? (yes/no)\n\n--> "); while (true) { if (fgets(reply, sizeof(reply), stdin) == NULL) { FatalError(ctx, "EOF trying to read answer from terminal"); } if (Chop(reply, CF_EXPANDSIZE) == -1) { Log(LOG_LEVEL_ERR, "Chop was called on a string that seemed to have no terminator"); } if (strcmp(reply, "yes") == 0) { printf("Will trust the key...\n"); trustkey = true; break; } else if (strcmp(reply, "no") == 0) { printf("Will not trust the key...\n"); trustkey = false; break; } else { printf("Please reply yes or no...(%s)\n", reply); } } } } #ifndef __MINGW32__ if (BACKGROUND) { Log(LOG_LEVEL_INFO, "Hailing %s : %s (in the background)", hostname, port); } else #endif { Log(LOG_LEVEL_INFO, "........................................................................"); Log(LOG_LEVEL_INFO, "Hailing %s : %s", hostname, port); Log(LOG_LEVEL_INFO, "........................................................................"); } ConnectionFlags connflags = { .protocol_version = config->protocol_version, .trust_server = trustkey }; int err = 0; conn = ServerConnection(hostname, port, CONNTIMEOUT, connflags, &err); if (conn == NULL) { Log(LOG_LEVEL_ERR, "Failed to connect to host: %s", hostname); return false; } /* Send EXEC command. */ HailExec(conn, hostname, recvbuffer, sendbuffer); return true; } /********************************************************************/ /* Level 2 */ /********************************************************************/ static void KeepControlPromises(EvalContext *ctx, const Policy *policy) { Seq *constraints = ControlBodyConstraints(policy, AGENT_TYPE_RUNAGENT); if (constraints) { for (size_t i = 0; i < SeqLength(constraints); i++) { Constraint *cp = SeqAt(constraints, i); if (!IsDefinedClass(ctx, cp->classes)) { continue; } VarRef *ref = VarRefParseFromScope(cp->lval, "control_runagent"); const void *value = EvalContextVariableGet(ctx, ref, NULL); VarRefDestroy(ref); if (!value) { Log(LOG_LEVEL_ERR, "Unknown lval '%s' in runagent control body", cp->lval); continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_FORCE_IPV4].lval) == 0) { continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_TRUSTKEY].lval) == 0) { continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_ENCRYPT].lval) == 0) { continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_PORT_NUMBER].lval) == 0) { continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_BACKGROUND].lval) == 0) { /* * Only process this option if are is no -b or -i options specified on * command line. */ if (BACKGROUND || INTERACTIVE) { Log(LOG_LEVEL_WARNING, "'background_children' setting from 'body runagent control' is overridden by command-line option."); } else { BACKGROUND = BooleanFromString(value); } continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_MAX_CHILD].lval) == 0) { MAXCHILD = (short) IntFromString(value); continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_OUTPUT_TO_FILE].lval) == 0) { OUTPUT_TO_FILE = BooleanFromString(value); continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_OUTPUT_DIRECTORY].lval) == 0) { if (IsAbsPath(value)) { strlcpy(OUTPUT_DIRECTORY, value, CF_BUFSIZE); Log(LOG_LEVEL_VERBOSE, "Setting output direcory to '%s'", OUTPUT_DIRECTORY); } continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_TIMEOUT].lval) == 0) { continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_HOSTS].lval) == 0) { if (HOSTLIST == NULL) // Don't override if command line setting { HOSTLIST = value; } continue; } } } const char *expire_after = EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_LASTSEEN_EXPIRE_AFTER); if (expire_after) { LASTSEENEXPIREAFTER = IntFromString(expire_after) * 60; } }
static int HailServer(EvalContext *ctx, char *host) { AgentConnection *conn; char sendbuffer[CF_BUFSIZE], recvbuffer[CF_BUFSIZE], peer[CF_MAXVARSIZE], digest[CF_MAXVARSIZE], user[CF_SMALLBUF]; bool gotkey; char reply[8]; FileCopy fc = { .portnumber = (unsigned short) ParseHostname(host, peer), }; char ipaddr[CF_MAX_IP_LEN]; if (Hostname2IPString(ipaddr, peer, sizeof(ipaddr)) == -1) { Log(LOG_LEVEL_ERR, "HailServer: ERROR, could not resolve '%s'", peer); return false; } Address2Hostkey(ipaddr, digest); GetCurrentUserName(user, CF_SMALLBUF); if (INTERACTIVE) { Log(LOG_LEVEL_VERBOSE, "Using interactive key trust..."); gotkey = HavePublicKey(user, peer, digest) != NULL; if (!gotkey) { gotkey = HavePublicKey(user, ipaddr, digest) != NULL; } if (!gotkey) { printf("WARNING - You do not have a public key from host %s = %s\n", host, ipaddr); printf(" Do you want to accept one on trust? (yes/no)\n\n--> "); while (true) { if (fgets(reply, sizeof(reply), stdin) == NULL) { FatalError(ctx, "EOF trying to read answer from terminal"); } if (Chop(reply, CF_EXPANDSIZE) == -1) { Log(LOG_LEVEL_ERR, "Chop was called on a string that seemed to have no terminator"); } if (strcmp(reply, "yes") == 0) { printf("Will trust the key...\n"); fc.trustkey = true; break; } else if (strcmp(reply, "no") == 0) { printf("Will not trust the key...\n"); fc.trustkey = false; break; } else { printf("Please reply yes or no...(%s)\n", reply); } } } } /* Continue */ #ifdef __MINGW32__ if (LEGACY_OUTPUT) { Log(LOG_LEVEL_INFO, "..........................................................................."); Log(LOG_LEVEL_INFO, " * Hailing %s : %u, with options \"%s\" (serial)", peer, fc.portnumber, REMOTE_AGENT_OPTIONS); Log(LOG_LEVEL_INFO, "..........................................................................."); } else { Log(LOG_LEVEL_INFO, "Hailing '%s' : %u, with options '%s' (serial)", peer, fc.portnumber, REMOTE_AGENT_OPTIONS); } #else /* !__MINGW32__ */ if (BACKGROUND) { Log(LOG_LEVEL_INFO, "Hailing '%s' : %u, with options '%s' (parallel)", peer, fc.portnumber, REMOTE_AGENT_OPTIONS); } else { if (LEGACY_OUTPUT) { Log(LOG_LEVEL_INFO, "..........................................................................."); Log(LOG_LEVEL_INFO, " * Hailing %s : %u, with options \"%s\" (serial)", peer, fc.portnumber, REMOTE_AGENT_OPTIONS); Log(LOG_LEVEL_INFO, "..........................................................................."); } else { Log(LOG_LEVEL_INFO, "Hailing '%s' : %u, with options '%s' (serial)", peer, fc.portnumber, REMOTE_AGENT_OPTIONS); } } #endif /* !__MINGW32__ */ fc.servers = RlistFromSplitString(peer, '*'); if (fc.servers == NULL || strcmp(RlistScalarValue(fc.servers), "localhost") == 0) { Log(LOG_LEVEL_INFO, "No hosts are registered to connect to"); return false; } else { int err = 0; conn = NewServerConnection(fc, false, &err, -1); if (conn == NULL) { RlistDestroy(fc.servers); Log(LOG_LEVEL_VERBOSE, "No suitable server responded to hail"); return false; } } /* Check trust interaction*/ HailExec(conn, peer, recvbuffer, sendbuffer); RlistDestroy(fc.servers); return true; } /********************************************************************/ /* Level 2 */ /********************************************************************/ static void KeepControlPromises(EvalContext *ctx, const Policy *policy) { Seq *constraints = ControlBodyConstraints(policy, AGENT_TYPE_RUNAGENT); if (constraints) { for (size_t i = 0; i < SeqLength(constraints); i++) { Constraint *cp = SeqAt(constraints, i); if (!IsDefinedClass(ctx, cp->classes)) { continue; } VarRef *ref = VarRefParseFromScope(cp->lval, "control_runagent"); const void *value = EvalContextVariableGet(ctx, ref, NULL); VarRefDestroy(ref); if (!value) { Log(LOG_LEVEL_ERR, "Unknown lval '%s' in runagent control body", cp->lval); continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_FORCE_IPV4].lval) == 0) { continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_TRUSTKEY].lval) == 0) { continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_ENCRYPT].lval) == 0) { continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_PORT_NUMBER].lval) == 0) { continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_BACKGROUND].lval) == 0) { /* * Only process this option if are is no -b or -i options specified on * command line. */ if (BACKGROUND || INTERACTIVE) { Log(LOG_LEVEL_WARNING, "'background_children' setting from 'body runagent control' is overridden by command-line option."); } else { BACKGROUND = BooleanFromString(value); } continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_MAX_CHILD].lval) == 0) { MAXCHILD = (short) IntFromString(value); continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_OUTPUT_TO_FILE].lval) == 0) { OUTPUT_TO_FILE = BooleanFromString(value); continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_OUTPUT_DIRECTORY].lval) == 0) { if (IsAbsPath(value)) { strncpy(OUTPUT_DIRECTORY, value, CF_BUFSIZE - 1); Log(LOG_LEVEL_VERBOSE, "Setting output direcory to '%s'", OUTPUT_DIRECTORY); } continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_TIMEOUT].lval) == 0) { continue; } if (strcmp(cp->lval, CFR_CONTROLBODY[RUNAGENT_CONTROL_HOSTS].lval) == 0) { if (HOSTLIST == NULL) // Don't override if command line setting { HOSTLIST = value; } continue; } } } const char *expire_after = EvalContextVariableControlCommonGet(ctx, COMMON_CONTROL_LASTSEEN_EXPIRE_AFTER); if (expire_after) { LASTSEENEXPIREAFTER = IntFromString(expire_after) * 60; } }