PromiseResult ScheduleEditOperation(EvalContext *ctx, char *filename, Attributes a, Promise *pp)
{
void *vp;
FnCall *fp;
Rlist *args = NULL;
char edit_bundle_name[CF_BUFSIZE], lockname[CF_BUFSIZE], qualified_edit[CF_BUFSIZE], *method_deref;
CfLock thislock;
snprintf(lockname, CF_BUFSIZE - 1, "fileedit-%s", filename);
thislock = AcquireLock(ctx, lockname, VUQNAME, CFSTARTTIME, a.transaction, pp, false);
if (thislock.lock == NULL)
{
return PROMISE_RESULT_NOOP;
}
EditContext *edcontext = NewEditContext(filename, a);
PromiseResult result = PROMISE_RESULT_NOOP;
if (edcontext == NULL)
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "File '%s' was marked for editing but could not be opened", filename);
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
goto exit;
}
Policy *policy = PolicyFromPromise(pp);
if (a.haveeditline)
{
if ((vp = ConstraintGetRvalValue(ctx, "edit_line", pp, RVAL_TYPE_FNCALL)))
{
fp = (FnCall *) vp;
strcpy(edit_bundle_name, fp->name);
args = fp->args;
}
else if ((vp = ConstraintGetRvalValue(ctx, "edit_line", pp, RVAL_TYPE_SCALAR)))
{
strcpy(edit_bundle_name, (char *) vp);
args = NULL;
}
else
{
goto exit;
}
if (strncmp(edit_bundle_name,"default:",strlen("default:")) == 0) // CF_NS == ':'
{
method_deref = strchr(edit_bundle_name, CF_NS) + 1;
}
else if ((strchr(edit_bundle_name, CF_NS) == NULL) && (strcmp(PromiseGetNamespace(pp), "default") != 0))
{
snprintf(qualified_edit, CF_BUFSIZE, "%s%c%s", PromiseGetNamespace(pp), CF_NS, edit_bundle_name);
method_deref = qualified_edit;
}
else
{
method_deref = edit_bundle_name;
}
Log(LOG_LEVEL_VERBOSE, "Handling file edits in edit_line bundle '%s'", method_deref);
Bundle *bp = NULL;
if ((bp = PolicyGetBundle(policy, NULL, "edit_line", method_deref)))
{
BannerSubBundle(bp, args);
EvalContextStackPushBundleFrame(ctx, bp, args, a.edits.inherit);
BundleResolve(ctx, bp);
ScheduleEditLineOperations(ctx, bp, a, pp, edcontext);
EvalContextStackPopFrame(ctx);
}
else
{
Log(LOG_LEVEL_ERR, "Did not find method '%s' in bundle '%s' for edit operation", method_deref, edit_bundle_name);
}
}
if (a.haveeditxml)
{
if ((vp = ConstraintGetRvalValue(ctx, "edit_xml", pp, RVAL_TYPE_FNCALL)))
{
fp = (FnCall *) vp;
strcpy(edit_bundle_name, fp->name);
args = fp->args;
}
else if ((vp = ConstraintGetRvalValue(ctx, "edit_xml", pp, RVAL_TYPE_SCALAR)))
{
strcpy(edit_bundle_name, (char *) vp);
args = NULL;
}
else
{
goto exit;
}
if (strncmp(edit_bundle_name,"default:",strlen("default:")) == 0) // CF_NS == ':'
{
method_deref = strchr(edit_bundle_name, CF_NS) + 1;
}
else
{
method_deref = edit_bundle_name;
}
Log(LOG_LEVEL_VERBOSE, "Handling file edits in edit_xml bundle '%s'", method_deref);
Bundle *bp = NULL;
if ((bp = PolicyGetBundle(policy, NULL, "edit_xml", method_deref)))
{
BannerSubBundle(bp, args);
EvalContextStackPushBundleFrame(ctx, bp, args, a.edits.inherit);
BundleResolve(ctx, bp);
ScheduleEditXmlOperations(ctx, bp, a, pp, edcontext);
EvalContextStackPopFrame(ctx);
}
}
if (a.edit_template)
{
if (!a.template_method || strcmp("cfengine", a.template_method) == 0)
{
Policy *tmp_policy = PolicyNew();
Bundle *bp = NULL;
if ((bp = MakeTemporaryBundleFromTemplate(ctx, tmp_policy, a, pp, &result)))
{
BannerSubBundle(bp, args);
a.haveeditline = true;
EvalContextStackPushBundleFrame(ctx, bp, args, a.edits.inherit);
BundleResolve(ctx, bp);
ScheduleEditLineOperations(ctx, bp, a, pp, edcontext);
EvalContextStackPopFrame(ctx);
}
PolicyDestroy(tmp_policy);
}
else if (strcmp("mustache", a.template_method) == 0)
{
if (!FileCanOpen(a.edit_template, "r"))
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "Template file '%s' could not be opened for reading", a.edit_template);
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
goto exit;
}
Writer *ouput_writer = NULL;
{
FILE *output_file = fopen(pp->promiser, "w");
if (!output_file)
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "Output file '%s' could not be opened for writing", pp->promiser);
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
goto exit;
}
ouput_writer = FileWriter(output_file);
}
Writer *template_writer = FileRead(a.edit_template, SIZE_MAX, NULL);
if (!template_writer)
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "Could not read template file '%s'", a.edit_template);
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
WriterClose(ouput_writer);
goto exit;
}
JsonElement *default_template_data = NULL;
if (!a.template_data)
{
a.template_data = default_template_data = DefaultTemplateData(ctx);
}
if (!MustacheRender(ouput_writer, StringWriterData(template_writer), a.template_data))
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "Error rendering mustache template '%s'", a.edit_template);
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
WriterClose(template_writer);
WriterClose(ouput_writer);
goto exit;
}
JsonDestroy(default_template_data);
WriterClose(template_writer);
WriterClose(ouput_writer);
}
}
exit:
result = PromiseResultUpdate(result, FinishEditContext(ctx, edcontext, a, pp));
YieldCurrentLock(thislock);
return result;
}
static void *CFTestD_ServeReport(void *config_arg)
{
CFTestD_Config *config = (CFTestD_Config *) config_arg;
/* Set prefix for all Log()ging: */
LoggingPrivContext *prior = LoggingPrivGetContext();
LoggingPrivContext log_ctx = {
.log_hook = LogAddPrefix,
.param = config->address
};
LoggingPrivSetContext(&log_ctx);
char *priv_key_path = NULL;
char *pub_key_path = NULL;
if (config->key_file != NULL)
{
priv_key_path = config->key_file;
pub_key_path = xstrdup(priv_key_path);
StringReplace(pub_key_path, strlen(pub_key_path) + 1,
"priv", "pub");
}
LoadSecretKeys(priv_key_path, pub_key_path, &(config->priv_key), &(config->pub_key));
free(pub_key_path);
char *report_file = config->report_file;
if (report_file != NULL)
{
Log(LOG_LEVEL_NOTICE, "Got file argument: '%s'", report_file);
if (!FileCanOpen(report_file, "r"))
{
Log(LOG_LEVEL_ERR,
"Can't open file '%s' for reading",
report_file);
exit(EXIT_FAILURE);
}
Writer *contents = FileRead(report_file, SIZE_MAX, NULL);
if (!contents)
{
Log(LOG_LEVEL_ERR, "Error reading report file '%s'", report_file);
exit(EXIT_FAILURE);
}
size_t report_data_len = StringWriterLength(contents);
config->report_data = StringWriterClose(contents);
Seq *report = SeqNew(64, NULL);
size_t report_len = 0;
StringRef ts_ref = StringGetToken(config->report_data, report_data_len, 0, "\n");
char *ts = (char *) ts_ref.data;
*(ts + ts_ref.len) = '\0';
SeqAppend(report, ts);
/* start right after the newline after the timestamp header */
char *position = ts + ts_ref.len + 1;
char *report_line;
size_t report_line_len;
while (CFTestD_GetReportLine(position, &report_line, &report_line_len))
{
*(report_line + report_line_len) = '\0';
SeqAppend(report, report_line);
report_len += report_line_len;
position = report_line + report_line_len + 1; /* there's an extra newline after each report_line */
}
config->report = report;
config->report_len = report_len;
Log(LOG_LEVEL_NOTICE,
"Read %d bytes for report contents",
config->report_len);
if (config->report_len <= 0)
{
Log(LOG_LEVEL_ERR, "Report file contained no bytes");
exit(EXIT_FAILURE);
}
}
Log(LOG_LEVEL_INFO, "Starting server at %s...", config->address);
fflush(stdout); // for debugging startup
config->ret = CFTestD_StartServer(config);
free(config->report_data);
/* we don't really need to do this here because the process is about the
* terminate, but it's a good way the cleanup actually works and doesn't
* cause a segfault or something */
ServerTLSDeInitialize(&(config->priv_key), &(config->pub_key), &(config->ssl_ctx));
LoggingPrivSetContext(prior);
return NULL;
}
static void HandleSignal(int signum)
{
switch (signum)
{
case SIGTERM:
case SIGINT:
// flush all logging before process ends.
fflush(stdout);
fprintf(stderr, "Terminating...\n");
TERMINATE = true;
break;
default:
break;
}
}
/**
* @param ip_str string representation of an IPv4 address (the usual one, with
* 4 octets separated by dots)
* @return a new string representing the incremented IP address (HAS TO BE FREED)
*/
static char *IncrementIPaddress(const char *ip_str)
{
uint32_t ip = (uint32_t) inet_addr(ip_str);
if (ip == INADDR_NONE)
{
Log(LOG_LEVEL_ERR, "Failed to parse address: '%s'", ip_str);
return NULL;
}
int step = 1;
char *last_dot = strrchr(ip_str, '.');
assert(last_dot != NULL); /* the doc comment says there must be dots! */
if (StringSafeEqual(last_dot + 1, "255"))
{
/* avoid the network address (ending with 0) */
step = 2;
}
else if (StringSafeEqual(last_dot + 1, "254"))
{
/* avoid the broadcast address and the network address */
step = 3;
}
uint32_t ip_num = ntohl(ip);
ip_num += step;
ip = htonl(ip_num);
struct in_addr ip_struct;
ip_struct.s_addr = ip;
return xstrdup(inet_ntoa(ip_struct));
}
static PromiseResult RenderTemplateMustache(EvalContext *ctx, const Promise *pp, Attributes a,
EditContext *edcontext)
{
PromiseResult result = PROMISE_RESULT_NOOP;
if (!FileCanOpen(a.edit_template, "r"))
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "Template file '%s' could not be opened for reading", a.edit_template);
return PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
}
unsigned char existing_output_digest[EVP_MAX_MD_SIZE + 1] = { 0 };
if (access(pp->promiser, R_OK) == 0)
{
HashFile(pp->promiser, existing_output_digest, CF_DEFAULT_DIGEST);
}
int template_fd = safe_open(a.edit_template, O_RDONLY | O_TEXT);
Writer *template_writer = NULL;
if (template_fd >= 0)
{
template_writer = FileReadFromFd(template_fd, SIZE_MAX, NULL);
close(template_fd);
}
if (!template_writer)
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "Could not read template file '%s'", a.edit_template);
return PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
}
JsonElement *default_template_data = NULL;
if (!a.template_data)
{
a.template_data = default_template_data = DefaultTemplateData(ctx);
}
Buffer *output_buffer = BufferNew();
if (MustacheRender(output_buffer, StringWriterData(template_writer), a.template_data))
{
unsigned char rendered_output_digest[EVP_MAX_MD_SIZE + 1] = { 0 };
HashString(BufferData(output_buffer), BufferSize(output_buffer), rendered_output_digest, CF_DEFAULT_DIGEST);
if (!HashesMatch(existing_output_digest, rendered_output_digest, CF_DEFAULT_DIGEST))
{
if (SaveAsFile(SaveBufferCallback, output_buffer, edcontext->filename, a, edcontext->new_line_mode))
{
cfPS(ctx, LOG_LEVEL_INFO, PROMISE_RESULT_CHANGE, pp, a, "Updated rendering of '%s' from template mustache template '%s'",
pp->promiser, a.edit_template);
result = PromiseResultUpdate(result, PROMISE_RESULT_CHANGE);
}
else
{
cfPS(ctx, LOG_LEVEL_INFO, PROMISE_RESULT_FAIL, pp, a, "Updated rendering of '%s' from template mustache template '%s'",
pp->promiser, a.edit_template);
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
}
}
JsonDestroy(default_template_data);
WriterClose(template_writer);
BufferDestroy(output_buffer);
return result;
}
else
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, a, "Error rendering mustache template '%s'", a.edit_template);
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
JsonDestroy(default_template_data);
WriterClose(template_writer);
BufferDestroy(output_buffer);
return PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
}
}
/*
* The difference between filename and input_input file is that the latter is the file specified by -f or
* equivalently the file containing body common control. This will hopefully be squashed in later refactoring.
*/
static Policy *Cf3ParseFile(const GenericAgentConfig *config, const char *input_path)
{
struct stat statbuf;
if (stat(input_path, &statbuf) == -1)
{
if (config->ignore_missing_inputs)
{
return PolicyNew();
}
Log(LOG_LEVEL_ERR, "Can't stat file '%s' for parsing. (stat: %s)", input_path, GetErrorStr());
exit(1);
}
#ifndef _WIN32
if (config->check_not_writable_by_others && (statbuf.st_mode & (S_IWGRP | S_IWOTH)))
{
Log(LOG_LEVEL_ERR, "File %s (owner %ju) is writable by others (security exception)", input_path, (uintmax_t)statbuf.st_uid);
exit(1);
}
#endif
Log(LOG_LEVEL_VERBOSE, "Parsing file '%s'", input_path);
if (!FileCanOpen(input_path, "r"))
{
Log(LOG_LEVEL_ERR, "Can't open file '%s' for parsing", input_path);
exit(1);
}
Policy *policy = NULL;
if (StringEndsWith(input_path, ".json"))
{
char *contents = NULL;
if (FileReadMax(&contents, input_path, SIZE_MAX) == -1)
{
Log(LOG_LEVEL_ERR, "Error reading JSON input file '%s'", input_path);
return NULL;
}
JsonElement *json_policy = NULL;
const char *data = contents; // TODO: need to fix JSON parser signature, just silly
if (JsonParse(&data, &json_policy) != JSON_PARSE_OK)
{
Log(LOG_LEVEL_ERR, "Error parsing JSON input file '%s'", input_path);
free(contents);
return NULL;
}
policy = PolicyFromJson(json_policy);
JsonDestroy(json_policy);
free(contents);
}
else
{
if (config->agent_type == AGENT_TYPE_COMMON)
{
policy = ParserParseFile(input_path, config->agent_specific.common.parser_warnings, config->agent_specific.common.parser_warnings_error);
}
else
{
policy = ParserParseFile(input_path, 0, 0);
}
}
return policy;
}
/*
* The difference between filename and input_input file is that the latter is the file specified by -f or
* equivalently the file containing body common control. This will hopefully be squashed in later refactoring.
*/
Policy *Cf3ParseFile(const GenericAgentConfig *config, const char *input_path)
{
struct stat statbuf;
if (stat(input_path, &statbuf) == -1)
{
if (config->ignore_missing_inputs)
{
return PolicyNew();
}
Log(LOG_LEVEL_ERR, "Can't stat file '%s' for parsing. (stat: %s)", input_path, GetErrorStr());
exit(EXIT_FAILURE);
}
else if (S_ISDIR(statbuf.st_mode))
{
if (config->ignore_missing_inputs)
{
return PolicyNew();
}
Log(LOG_LEVEL_ERR, "Can't parse directory '%s'.", input_path);
exit(EXIT_FAILURE);
}
#ifndef _WIN32
if (config->check_not_writable_by_others && (statbuf.st_mode & (S_IWGRP | S_IWOTH)))
{
Log(LOG_LEVEL_ERR, "File %s (owner %ju) is writable by others (security exception)", input_path, (uintmax_t)statbuf.st_uid);
exit(EXIT_FAILURE);
}
#endif
Log(LOG_LEVEL_VERBOSE, "BEGIN parsing file: %s", input_path);
if (!FileCanOpen(input_path, "r"))
{
Log(LOG_LEVEL_ERR, "Can't open file '%s' for parsing", input_path);
exit(EXIT_FAILURE);
}
Policy *policy = NULL;
if (StringEndsWith(input_path, ".json"))
{
Writer *contents = FileRead(input_path, SIZE_MAX, NULL);
if (!contents)
{
Log(LOG_LEVEL_ERR, "Error reading JSON input file '%s'", input_path);
return NULL;
}
JsonElement *json_policy = NULL;
const char *data = StringWriterData(contents);
if (JsonParse(&data, &json_policy) != JSON_PARSE_OK)
{
Log(LOG_LEVEL_ERR, "Error parsing JSON input file '%s'", input_path);
WriterClose(contents);
return NULL;
}
policy = PolicyFromJson(json_policy);
JsonDestroy(json_policy);
WriterClose(contents);
}
else
{
if (config->agent_type == AGENT_TYPE_COMMON)
{
policy = ParserParseFile(config->agent_type, input_path, config->agent_specific.common.parser_warnings, config->agent_specific.common.parser_warnings_error);
}
else
{
policy = ParserParseFile(config->agent_type, input_path, 0, 0);
}
}
Log(LOG_LEVEL_VERBOSE, "END parsing file: %s", input_path);
return policy;
}
