/** * Validate a given filesystem service s. Events are posted according to * its configuration. In case of a fatal event FALSE is returned. */ int check_filesystem(Service_T s) { char *p; char path_buf[PATH_MAX+1]; Filesystem_T td; struct stat stat_buf; ASSERT(s); p = s->path; /* We need to resolve symbolic link so if it points to device, we'll be able to find it in mnttab */ if (lstat(s->path, &stat_buf) != 0) { Event_post(s, Event_Nonexist, STATE_FAILED, s->action_NONEXIST, "filesystem doesn't exist"); return FALSE; } if (S_ISLNK(stat_buf.st_mode)) { if (! realpath(s->path, path_buf)) { Event_post(s, Event_Nonexist, STATE_FAILED, s->action_NONEXIST, "filesystem symbolic link error -- %s", STRERROR); return FALSE; } p = path_buf; Event_post(s, Event_Nonexist, STATE_SUCCEEDED, s->action_NONEXIST, "filesystem symbolic link %s -> %s", s->path, p); if (stat(p, &stat_buf) != 0) { Event_post(s, Event_Nonexist, STATE_FAILED, s->action_NONEXIST, "filesystem doesn't exist"); return FALSE; } } Event_post(s, Event_Nonexist, STATE_SUCCEEDED, s->action_NONEXIST, "filesystem exists"); s->inf->st_mode = stat_buf.st_mode; s->inf->st_uid = stat_buf.st_uid; s->inf->st_gid = stat_buf.st_gid; if (!filesystem_usage(s->inf, p)) { Event_post(s, Event_Data, STATE_FAILED, s->action_DATA, "unable to read filesystem %s state", p); return FALSE; } s->inf->priv.filesystem.inode_percent = s->inf->priv.filesystem.f_files > 0 ? (int)((1000.0 * (s->inf->priv.filesystem.f_files - s->inf->priv.filesystem.f_filesfree)) / (float)s->inf->priv.filesystem.f_files) : 0; s->inf->priv.filesystem.space_percent = s->inf->priv.filesystem.f_blocks > 0 ? (int)((1000.0 * (s->inf->priv.filesystem.f_blocks - s->inf->priv.filesystem.f_blocksfree)) / (float)s->inf->priv.filesystem.f_blocks) : 0; s->inf->priv.filesystem.inode_total = s->inf->priv.filesystem.f_files - s->inf->priv.filesystem.f_filesfree; s->inf->priv.filesystem.space_total = s->inf->priv.filesystem.f_blocks - s->inf->priv.filesystem.f_blocksfreetotal; Event_post(s, Event_Data, STATE_SUCCEEDED, s->action_DATA, "succeeded getting filesystem statistic for %s", p); if (s->perm) check_perm(s); if (s->uid) check_uid(s); if (s->gid) check_gid(s); check_filesystem_flags(s); if (s->filesystemlist) for (td = s->filesystemlist; td; td = td->next) check_filesystem_resources(s, td); return TRUE; }
/** * Validate a given file service s. Events are posted according to * its configuration. In case of a fatal event FALSE is returned. */ int check_file(Service_T s) { struct stat stat_buf; ASSERT(s); if (stat(s->path, &stat_buf) != 0) { Event_post(s, Event_Nonexist, STATE_FAILED, s->action_NONEXIST, "file doesn't exist"); return FALSE; } else { s->inf->st_mode = stat_buf.st_mode; if (s->inf->priv.file.st_ino == 0) { s->inf->priv.file.st_ino_prev = stat_buf.st_ino; s->inf->priv.file.readpos = stat_buf.st_size; } else s->inf->priv.file.st_ino_prev = s->inf->priv.file.st_ino; s->inf->priv.file.st_ino = stat_buf.st_ino; s->inf->st_uid = stat_buf.st_uid; s->inf->st_gid = stat_buf.st_gid; s->inf->priv.file.st_size = stat_buf.st_size; s->inf->timestamp = MAX(stat_buf.st_mtime, stat_buf.st_ctime); DEBUG("'%s' file exists check succeeded\n", s->name); Event_post(s, Event_Nonexist, STATE_SUCCEEDED, s->action_NONEXIST, "file exist"); } if (!S_ISREG(s->inf->st_mode)) { Event_post(s, Event_Invalid, STATE_FAILED, s->action_INVALID, "is not a regular file"); return FALSE; } else { DEBUG("'%s' is a regular file\n", s->name); Event_post(s, Event_Invalid, STATE_SUCCEEDED, s->action_INVALID, "is a regular file"); } if (s->checksum) check_checksum(s); if (s->perm) check_perm(s); if (s->uid) check_uid(s); if (s->gid) check_gid(s); if (s->sizelist) check_size(s); if (s->timestamplist) check_timestamp(s); if (s->matchlist) check_match(s); return TRUE; }
/** * Validate a given directory service s. Events are posted according to * its configuration. In case of a fatal event FALSE is returned. */ int check_directory(Service_T s) { struct stat stat_buf; char report[STRLEN]= {0}; if(stat(s->path, &stat_buf) != 0) { if(! s->event_handled) { Event_post(s, EVENT_START, "Event: directory '%s' doesn't exist\n", s->name); s->event_handled= TRUE; } return FALSE; } else { s->event_handled= FALSE; } if(!S_ISDIR(stat_buf.st_mode)) { if(!s->event_handled) { Event_post(s, EVENT_UNMONITOR, "Event: '%s' is not directory\n", s->name); s->event_handled= TRUE; } return FALSE; } else { s->event_handled= FALSE; } if(check_perm(s, stat_buf.st_mode, report)) { s->perm->event_flag= TRUE; if(! eval_actions(s->perm->action, s, report, "permission", EVENT_PERMISSION)) return FALSE; } if(check_uid(s, stat_buf.st_uid, report)) { s->uid->event_flag= TRUE; if(! eval_actions(s->uid->action, s, report, "uid", EVENT_UID)) return FALSE; } if(check_gid(s, stat_buf.st_gid, report)) { s->gid->event_flag= TRUE; if(! eval_actions(s->gid->action, s, report, "gid", EVENT_GID)) return FALSE; } if(!check_timestamps(s)) return FALSE; return TRUE; }
/** * Validate a given fifo service s. Events are posted according to * its configuration. In case of a fatal event FALSE is returned. */ int check_fifo(Service_T s) { struct stat stat_buf; ASSERT(s); if (stat(s->path, &stat_buf) != 0) { Event_post(s, Event_Nonexist, STATE_FAILED, s->action_NONEXIST, "fifo doesn't exist"); return FALSE; } else { s->inf->st_mode = stat_buf.st_mode; s->inf->st_uid = stat_buf.st_uid; s->inf->st_gid = stat_buf.st_gid; s->inf->timestamp = MAX(stat_buf.st_mtime, stat_buf.st_ctime); DEBUG("'%s' fifo exists check succeeded\n", s->name); Event_post(s, Event_Nonexist, STATE_SUCCEEDED, s->action_NONEXIST, "fifo exist"); } if (!S_ISFIFO(s->inf->st_mode)) { Event_post(s, Event_Invalid, STATE_FAILED, s->action_INVALID, "is not fifo"); return FALSE; } else { DEBUG("'%s' is fifo\n", s->name); Event_post(s, Event_Invalid, STATE_SUCCEEDED, s->action_INVALID, "is fifo"); } if (s->perm) check_perm(s); if (s->uid) check_uid(s); if (s->gid) check_gid(s); if (s->timestamplist) check_timestamp(s); return TRUE; }
static int userauth(const char *user, const char *password, int gid, int rootfd) { int ret; char *pw, *pw_enc; if (gid != -1 && (ret = check_gid(user, gid)) != 0) return ret; ret = get_user_hash(user, gid, &pw); if (ret != 0) return ret; ret = escape_chroot(rootfd); if (ret == 0) { struct crypt_data data = {}; ret = VZCTL_E_AUTH; pw_enc = crypt_r(password, pw, &data); if (pw_enc && !strcmp(pw_enc, pw)) ret = 0; } free(pw); return ret; }
/** * Validate a given file service s. Events are posted according to * its configuration. In case of a fatal event FALSE is returned. */ int check_file(Service_T s) { Size_T sl; struct stat stat_buf; char report[STRLEN]= {0}; if(stat(s->path, &stat_buf) != 0) { if(! s->event_handled) { Event_post(s, EVENT_START, "Event: file '%s' doesn't exist\n", s->name); s->event_handled= TRUE; } return FALSE; } else { s->event_handled= TRUE; } if(!S_ISREG(stat_buf.st_mode)) { if(! s->event_handled) { Event_post(s, EVENT_UNMONITOR, "Event: '%s' is not regular file\n", s->name); s->event_handled= TRUE; } return FALSE; } else { s->event_handled= FALSE; } if(check_checksum(s, report)) { s->checksum->event_flag= TRUE; if(! eval_actions(s->checksum->action, s, report, "checksum", EVENT_CHECKSUM)) return FALSE; } if(check_perm(s, stat_buf.st_mode, report)) { s->perm->event_flag= TRUE; if(! eval_actions(s->perm->action, s, report, "permission", EVENT_PERMISSION)) return FALSE; } if(check_uid(s, stat_buf.st_uid, report)) { s->uid->event_flag= TRUE; if(! eval_actions(s->uid->action, s, report, "uid", EVENT_UID)) return FALSE; } if(check_gid(s, stat_buf.st_gid, report)) { s->gid->event_flag= TRUE; if(! eval_actions(s->gid->action, s, report, "gid", EVENT_GID)) return FALSE; } for(sl= s->sizelist; sl; sl= sl->next) { if(!check_size_item(s, sl, (unsigned long)stat_buf.st_size, report)) { if(! sl->event_handled) { /* Turn on the object's event_flag to indicate that the size event * occured on this particular object */ sl->event_flag= TRUE; sl->event_handled= TRUE; /* Turn on the object's * event_handled flag so this * test is not handled in * subsequent poll cycles until * the error condition was reset. */ if(! eval_actions(sl->action, s, report, "size", EVENT_SIZE)) { return FALSE; } } } else { sl->event_handled= FALSE; } } if(!check_timestamps(s)) return FALSE; return TRUE; }
/** * Validate a given device service s. Events are posted according to * its configuration. In case of a fatal event FALSE is returned. */ int check_device(Service_T s) { Device_T td; struct stat stat_buf; char report[STRLEN]= {0}; if(stat(s->path, &stat_buf) != 0) { if(! s->event_handled) { Event_post(s, EVENT_START, "Event: device '%s' doesn't exist\n", s->name); s->event_handled= TRUE; } return FALSE; } else { s->event_handled= FALSE; } if(check_perm(s, stat_buf.st_mode, report)) { s->perm->event_flag= TRUE; if(! eval_actions(s->perm->action, s, report, "permission", EVENT_PERMISSION)) return FALSE; } if(check_uid(s, stat_buf.st_uid, report)) { s->uid->event_flag= TRUE; if(! eval_actions(s->uid->action, s, report, "uid", EVENT_UID)) return FALSE; } if(check_gid(s, stat_buf.st_gid, report)) { s->gid->event_flag= TRUE; if(! eval_actions(s->gid->action, s, report, "gid", EVENT_GID)) return FALSE; } if(!DeviceInfo_Usage(s->devinfo, s->path)) { if(! s->devinfo->event_handled) { Event_post(s, EVENT_START, "Event: unable to read device '%s' state\n", s->path); s->devinfo->event_handled= TRUE; } return FALSE; } else { s->devinfo->event_handled= FALSE; DEBUG("'%s' succeeded getting device statistic for %s\n", s->name, s->path); } /* Test devices */ if(s->devicelist) { for(td= s->devicelist; td; td= td->next) { if(!check_device_resources(s, td, report)) { if(! td->event_handled) { td->event_flag= TRUE; /* Turn on the object's event_flag * to indicate that the resource * event occured on this particular * object */ td->event_handled= TRUE; /* Turn on the object's * event_handled flag so this * test is not handled in * subsequent poll cycles until * the error condition was reset. */ if(! eval_actions(td->action, s, report, "device", EVENT_RESOURCE)) { return FALSE; } } } else { td->event_handled= FALSE; } } } return TRUE; }