static void DBMetaFree(DBMeta * dbmeta)
{
StringMapDestroy(dbmeta->offset_map);
StringMapDestroy(dbmeta->record_map);
close(dbmeta->fd);
if (dbmeta)
{
free(dbmeta);
}
}
/* Must not be called unless ACTIVE_THREADS is zero: */
static void ClearAuthAndACLs(void)
{
/* Must have no currently open connections to free the ACLs. */
assert(SV.connectionlist == NULL);
/* Bundle server access_rules legacy ACLs */
DeleteAuthList(&SV.admit, &SV.admittail);
DeleteAuthList(&SV.deny, &SV.denytail);
DeleteAuthList(&SV.varadmit, &SV.varadmittail);
DeleteAuthList(&SV.vardeny, &SV.vardenytail);
/* body server control ACLs */
DeleteItemList(SV.trustkeylist); SV.trustkeylist = NULL;
DeleteItemList(SV.attackerlist); SV.attackerlist = NULL;
DeleteItemList(SV.nonattackerlist); SV.nonattackerlist = NULL;
DeleteItemList(SV.allowuserlist); SV.allowuserlist = NULL;
DeleteItemList(SV.multiconnlist); SV.multiconnlist = NULL;
DeleteItemList(SV.allowuserlist); SV.allowuserlist = NULL;
DeleteItemList(SV.allowlegacyconnects); SV.allowlegacyconnects = NULL;
StringMapDestroy(SV.path_shortcuts); SV.path_shortcuts = NULL;
free(SV.allowciphers); SV.allowciphers = NULL;
free(SV.allowtlsversion); SV.allowtlsversion = NULL;
/* body server control new ACLs */
NEED_REVERSE_LOOKUP = false;
acl_Free(paths_acl); paths_acl = NULL;
acl_Free(classes_acl); classes_acl = NULL;
acl_Free(vars_acl); vars_acl = NULL;
acl_Free(literals_acl); literals_acl = NULL;
acl_Free(query_acl); query_acl = NULL;
acl_Free(bundles_acl); bundles_acl = NULL;
acl_Free(roles_acl); roles_acl = NULL;
}
static void ClearPlatformExtraTable(void)
{
if (UCB_PS_MAP)
{
StringMapDestroy(UCB_PS_MAP);
UCB_PS_MAP = NULL;
}
}
bool ScanLastSeenQuality(LastSeenQualityCallback callback, void *ctx)
{
StringMap *lastseen_db = LoadDatabaseToStringMap(dbid_lastseen);
if (!lastseen_db)
{
return false;
}
MapIterator it = MapIteratorInit(lastseen_db->impl);
MapKeyValue *item;
Seq *hostkeys = SeqNew(100, free);
while ((item = MapIteratorNext(&it)) != NULL)
{
char *key = item->key;
/* Only look for "keyhost" entries */
if (key[0] != 'k')
{
continue;
}
SeqAppend(hostkeys, xstrdup(key + 1));
}
for (int i = 0; i < SeqLength(hostkeys); ++i)
{
const char *hostkey = SeqAt(hostkeys, i);
char keyhost_key[CF_BUFSIZE];
snprintf(keyhost_key, CF_BUFSIZE, "k%s", hostkey);
char *address = NULL;
address = (char*)StringMapGet(lastseen_db, keyhost_key);
if (!address)
{
Log(LOG_LEVEL_ERR, "Failed to read address for key '%s'.", hostkey);
continue;
}
char incoming_key[CF_BUFSIZE];
snprintf(incoming_key, CF_BUFSIZE, "qi%s", hostkey);
KeyHostSeen *incoming = NULL;
incoming = (KeyHostSeen*)StringMapGet(lastseen_db, incoming_key);
if (incoming)
{
if (!(*callback)(hostkey, address, true, incoming, ctx))
{
break;
}
}
char outgoing_key[CF_BUFSIZE];
snprintf(outgoing_key, CF_BUFSIZE, "qo%s", hostkey);
KeyHostSeen *outgoing = NULL;
outgoing = (KeyHostSeen*)StringMapGet(lastseen_db, outgoing_key);
if (outgoing)
{
if (!(*callback)(hostkey, address, false, outgoing, ctx))
{
break;
}
}
}
StringMapDestroy(lastseen_db);
SeqDestroy(hostkeys);
return true;
}
void CheckFileChanges(EvalContext *ctx, Policy **policy, GenericAgentConfig *config, time_t *last_policy_reload)
{
time_t validated_at;
Log(LOG_LEVEL_DEBUG, "Checking file updates for input file '%s'", config->input_file);
validated_at = ReadTimestampFromPolicyValidatedMasterfiles(config);
if (*last_policy_reload < validated_at)
{
*last_policy_reload = validated_at;
Log(LOG_LEVEL_VERBOSE, "New promises detected...");
if (GenericAgentArePromisesValid(config))
{
Log(LOG_LEVEL_INFO, "Rereading policy file '%s'", config->input_file);
/* Free & reload -- lock this to avoid access errors during reload */
EvalContextClear(ctx);
free(SV.allowciphers);
SV.allowciphers = NULL;
DeleteItemList(SV.trustkeylist);
DeleteItemList(SV.attackerlist);
DeleteItemList(SV.nonattackerlist);
DeleteItemList(SV.multiconnlist);
DeleteAuthList(&SV.admit, &SV.admittail);
DeleteAuthList(&SV.deny, &SV.denytail);
DeleteAuthList(&SV.varadmit, &SV.varadmittail);
DeleteAuthList(&SV.vardeny, &SV.vardenytail);
DeleteAuthList(&SV.roles, &SV.rolestail);
strcpy(VDOMAIN, "undefined.domain");
SV.trustkeylist = NULL;
SV.attackerlist = NULL;
SV.nonattackerlist = NULL;
SV.multiconnlist = NULL;
acl_Free(paths_acl); paths_acl = NULL;
acl_Free(classes_acl); classes_acl = NULL;
acl_Free(vars_acl); vars_acl = NULL;
acl_Free(literals_acl); literals_acl = NULL;
acl_Free(query_acl); query_acl = NULL;
StringMapDestroy(SV.path_shortcuts);
SV.path_shortcuts = NULL;
PolicyDestroy(*policy);
*policy = NULL;
{
char *existing_policy_server = ReadPolicyServerFile(GetWorkDir());
SetPolicyServer(ctx, existing_policy_server);
free(existing_policy_server);
}
UpdateLastPolicyUpdateTime(ctx);
DetectEnvironment(ctx);
KeepHardClasses(ctx);
EvalContextClassPutHard(ctx, CF_AGENTTYPES[AGENT_TYPE_SERVER], "cfe_internal,source=agent");
time_t t = SetReferenceTime();
UpdateTimeClasses(ctx, t);
*policy = GenericAgentLoadPolicy(ctx, config);
KeepPromises(ctx, *policy, config);
Summarize();
}
else
{
Log(LOG_LEVEL_INFO, "File changes contain errors -- ignoring");
}
}
else
{
Log(LOG_LEVEL_DEBUG, "No new promises found");
}
}