void MonitorStartServer(const Policy *policy, const ReportContext *report_context)
{
char timekey[CF_SMALLBUF];
Averages averages;
Promise *pp = NewPromise("monitor_cfengine", "the monitor daemon");
Attributes dummyattr;
CfLock thislock;
#ifdef __MINGW32__
if (!NO_FORK)
{
CfOut(cf_verbose, "", "Windows does not support starting processes in the background - starting in foreground");
}
#else /* !__MINGW32__ */
if ((!NO_FORK) && (fork() != 0))
{
CfOut(cf_inform, "", "cf-monitord: starting\n");
_exit(0);
}
if (!NO_FORK)
{
ActAsDaemon(0);
}
#endif /* !__MINGW32__ */
memset(&dummyattr, 0, sizeof(dummyattr));
dummyattr.transaction.ifelapsed = 0;
dummyattr.transaction.expireafter = 0;
thislock = AcquireLock(pp->promiser, VUQNAME, CFSTARTTIME, dummyattr, pp, false);
if (thislock.lock == NULL)
{
return;
}
WritePID("cf-monitord.pid");
MonNetworkSnifferOpen();
while (!IsPendingTermination())
{
GetQ(policy, report_context);
snprintf(timekey, sizeof(timekey), "%s", GenTimeKey(time(NULL)));
averages = EvalAvQ(timekey);
LeapDetection();
ArmClasses(averages, timekey);
ZeroArrivals();
MonNetworkSnifferSniff(ITER, CF_THIS);
ITER++;
}
}
// msg should include exactly one reference to unsigned int.
static unsigned int MaybeSleepLog(LogLevel level, const char *msg, unsigned int seconds)
{
if (IsPendingTermination())
{
return seconds;
}
Log(level, msg, seconds);
return sleep(seconds);
}
static void Sniff(Item *ip_addresses, long iteration, double *cf_this)
{
char tcpbuffer[CF_BUFSIZE];
Log(LOG_LEVEL_VERBOSE, "Reading from tcpdump...");
memset(tcpbuffer, 0, CF_BUFSIZE);
signal(SIGALRM, CfenvTimeOut);
alarm(SLEEPTIME);
TCPPAUSE = false;
while (!feof(TCPPIPE) && !IsPendingTermination())
{
if (TCPPAUSE)
{
break;
}
if (fgets(tcpbuffer, sizeof(tcpbuffer), TCPPIPE) == NULL)
{
UnexpectedError("Unable to read data from tcpdump; closing pipe");
cf_pclose(TCPPIPE);
TCPPIPE = NULL;
TCPDUMP = false;
break;
}
if (TCPPAUSE)
{
break;
}
if (strstr(tcpbuffer, "tcpdump:")) /* Error message protect sleeptime */
{
Log(LOG_LEVEL_DEBUG, "Error - '%s'", tcpbuffer);
alarm(0);
TCPDUMP = false;
break;
}
AnalyzeArrival(ip_addresses, iteration, tcpbuffer, cf_this);
}
signal(SIGALRM, SIG_DFL);
TCPPAUSE = false;
fflush(TCPPIPE);
}
static void Sniff(long iteration, double *cf_this)
{
char tcpbuffer[CF_BUFSIZE];
CfOut(cf_verbose, "", "Reading from tcpdump...\n");
memset(tcpbuffer, 0, CF_BUFSIZE);
signal(SIGALRM, CfenvTimeOut);
alarm(SLEEPTIME);
TCPPAUSE = false;
while (!feof(TCPPIPE) && !IsPendingTermination())
{
if (TCPPAUSE)
{
break;
}
fgets(tcpbuffer, CF_BUFSIZE - 1, TCPPIPE);
if (TCPPAUSE)
{
break;
}
if (strstr(tcpbuffer, "tcpdump:")) /* Error message protect sleeptime */
{
CfDebug("Error - (%s)\n", tcpbuffer);
alarm(0);
TCPDUMP = false;
break;
}
AnalyzeArrival(iteration, tcpbuffer, cf_this);
}
signal(SIGALRM, SIG_DFL);
TCPPAUSE = false;
fflush(TCPPIPE);
}
void MonitorStartServer(EvalContext *ctx, const Policy *policy)
{
char timekey[CF_SMALLBUF];
Averages averages;
Policy *monitor_cfengine_policy = PolicyNew();
Promise *pp = NULL;
{
Bundle *bp = PolicyAppendBundle(monitor_cfengine_policy, NamespaceDefault(), "monitor_cfengine_bundle", "agent", NULL, NULL);
PromiseType *tp = BundleAppendPromiseType(bp, "monitor_cfengine");
pp = PromiseTypeAppendPromise(tp, "the monitor daemon", (Rval) { NULL, RVAL_TYPE_NOPROMISEE }, NULL);
}
assert(pp);
CfLock thislock;
#ifdef __MINGW32__
if (!NO_FORK)
{
Log(LOG_LEVEL_VERBOSE, "Windows does not support starting processes in the background - starting in foreground");
}
#else /* !__MINGW32__ */
if ((!NO_FORK) && (fork() != 0))
{
Log(LOG_LEVEL_INFO, "cf-monitord: starting");
_exit(0);
}
if (!NO_FORK)
{
ActAsDaemon(0);
}
#endif /* !__MINGW32__ */
TransactionContext tc = {
.ifelapsed = 0,
.expireafter = 0,
};
thislock = AcquireLock(ctx, pp->promiser, VUQNAME, CFSTARTTIME, tc, pp, false);
if (thislock.lock == NULL)
{
PolicyDestroy(monitor_cfengine_policy);
return;
}
WritePID("cf-monitord.pid");
MonNetworkSnifferOpen();
while (!IsPendingTermination())
{
GetQ(ctx, policy);
snprintf(timekey, sizeof(timekey), "%s", GenTimeKey(time(NULL)));
averages = EvalAvQ(ctx, timekey);
LeapDetection();
ArmClasses(averages, timekey);
ZeroArrivals();
MonNetworkSnifferSniff(ITER, CF_THIS);
ITER++;
}
PolicyDestroy(monitor_cfengine_policy);
}
/*********************************************************************/
static void GetQ(EvalContext *ctx, const Policy *policy)
{
MonEntropyClassesReset();
ZeroArrivals();
MonProcessesGatherData(CF_THIS);
#ifndef __MINGW32__
MonCPUGatherData(CF_THIS);
MonLoadGatherData(CF_THIS);
MonDiskGatherData(CF_THIS);
MonNetworkGatherData(CF_THIS);
MonNetworkSnifferGatherData();
MonTempGatherData(CF_THIS);
#endif /* !__MINGW32__ */
MonOtherGatherData(CF_THIS);
GatherPromisedMeasures(ctx, policy);
}
/**
* @retval >0 Number of threads still working
* @retval 0 All threads are done
* @retval -1 Server didn't run
*/
int StartServer(EvalContext *ctx, Policy **policy, GenericAgentConfig *config)
{
InitSignals();
ServerTLSInitialize();
int sd = SetServerListenState(ctx, QUEUESIZE, SERVER_LISTEN, &InitServer);
/* Necessary for our use of select() to work in WaitForIncoming(): */
assert(sd < sizeof(fd_set) * CHAR_BIT &&
GetSignalPipe() < sizeof(fd_set) * CHAR_BIT);
Policy *server_cfengine_policy = PolicyNew();
CfLock thislock = AcquireServerLock(ctx, config, server_cfengine_policy);
if (thislock.lock == NULL)
{
PolicyDestroy(server_cfengine_policy);
if (sd >= 0)
{
cf_closesocket(sd);
}
return -1;
}
PrepareServer(sd);
CollectCallStart(COLLECT_INTERVAL);
while (!IsPendingTermination())
{
CollectCallIfDue(ctx);
int selected = WaitForIncoming(sd);
Log(LOG_LEVEL_DEBUG, "select(): %d", selected);
if (selected == -1)
{
Log(LOG_LEVEL_ERR,
"Error while waiting for connections. (select: %s)",
GetErrorStr());
break;
}
else if (selected >= 0) /* timeout or success */
{
PolicyUpdateIfSafe(ctx, policy, config);
/* Is there a new connection pending at our listening socket? */
if (selected > 0)
{
AcceptAndHandle(ctx, sd);
}
} /* else: interrupted, maybe pending termination. */
}
Log(LOG_LEVEL_NOTICE, "Cleaning up and exiting...");
CollectCallStop();
if (sd != -1)
{
Log(LOG_LEVEL_VERBOSE, "Closing listening socket");
cf_closesocket(sd); /* Close listening socket */
}
/* This is a graceful exit, give 2 seconds chance to threads. */
int threads_left = WaitOnThreads();
YieldCurrentLock(thislock);
PolicyDestroy(server_cfengine_policy);
return threads_left;
}
/* Might be called back from NovaWin_StartExecService */
void StartServer(EvalContext *ctx, Policy *policy, GenericAgentConfig *config, ExecdConfig **execd_config, ExecConfig **exec_config)
{
pthread_attr_init(&threads_attrs);
pthread_attr_setdetachstate(&threads_attrs, PTHREAD_CREATE_DETACHED);
pthread_attr_setstacksize(&threads_attrs, (size_t)2048*1024);
Banner("Starting executor");
#ifndef __MINGW32__
if (!ONCE)
{
/* Kill previous instances of cf-execd if those are still running */
Apoptosis();
}
time_t now = time(NULL);
if ((!NO_FORK) && (fork() != 0))
{
Log(LOG_LEVEL_INFO, "cf-execd starting %.24s", ctime(&now));
_exit(EXIT_SUCCESS);
}
if (!NO_FORK)
{
ActAsDaemon();
}
#else /* __MINGW32__ */
if (!NO_FORK)
{
Log(LOG_LEVEL_VERBOSE, "Windows does not support starting processes in the background - starting in foreground");
}
#endif
WritePID("cf-execd.pid");
signal(SIGINT, HandleSignalsForDaemon);
signal(SIGTERM, HandleSignalsForDaemon);
signal(SIGHUP, HandleSignalsForDaemon);
signal(SIGPIPE, SIG_IGN);
signal(SIGUSR1, HandleSignalsForDaemon);
signal(SIGUSR2, HandleSignalsForDaemon);
umask(077);
if (ONCE)
{
LocalExec(*exec_config);
CloseLog();
}
else
{
while (!IsPendingTermination())
{
if (ScheduleRun(ctx, &policy, config, execd_config, exec_config))
{
MaybeSleepLog(LOG_LEVEL_VERBOSE, "Sleeping for splaytime %u seconds", (*execd_config)->splay_time);
// We are sleeping both above and inside ScheduleRun(), so make
// sure a terminating signal did not arrive during that time.
if (IsPendingTermination())
{
break;
}
if (!LocalExecInThread(*exec_config))
{
Log(LOG_LEVEL_INFO, "Unable to run agent in thread, falling back to blocking execution");
LocalExec(*exec_config);
}
}
}
}
PolicyDestroy(policy);
}
bool BusyWithNewProtocol(EvalContext *ctx, ServerConnectionState *conn)
{
time_t tloc, trem = 0;
char recvbuffer[CF_BUFSIZE + CF_BUFEXT], sendbuffer[CF_BUFSIZE];
char filename[CF_BUFSIZE], args[CF_BUFSIZE], out[CF_BUFSIZE];
long time_no_see = 0;
unsigned int len = 0;
int drift, received;
ServerFileGetState get_args;
Item *classes;
/* We never double encrypt within the TLS layer */
const int encrypted = 0;
memset(recvbuffer, 0, CF_BUFSIZE + CF_BUFEXT);
memset(&get_args, 0, sizeof(get_args));
received = ReceiveTransaction(&conn->conn_info, recvbuffer, NULL);
if (received == -1 || received == 0)
{
return false;
}
if (strlen(recvbuffer) == 0)
{
Log(LOG_LEVEL_WARNING, "Got NULL transmission, skipping!");
return true;
}
/* Don't process request if we're signalled to exit. */
if (IsPendingTermination())
{
return false;
}
switch (GetCommandNew(recvbuffer))
{
case PROTOCOL_COMMAND_EXEC:
memset(args, 0, CF_BUFSIZE);
sscanf(recvbuffer, "EXEC %255[^\n]", args);
if (!conn->id_verified)
{
Log(LOG_LEVEL_INFO, "Server refusal due to incorrect identity");
RefuseAccess(conn, 0, recvbuffer);
return false;
}
if (!AllowedUser(conn->username))
{
Log(LOG_LEVEL_INFO, "Server refusal due to non-allowed user");
RefuseAccess(conn, 0, recvbuffer);
return false;
}
if (!conn->rsa_auth)
{
Log(LOG_LEVEL_INFO, "Server refusal due to no RSA authentication");
RefuseAccess(conn, 0, recvbuffer);
return false;
}
if (!AccessControl(ctx, CommandArg0(CFRUNCOMMAND), conn, false))
{
Log(LOG_LEVEL_INFO, "Server refusal due to denied access to requested object");
RefuseAccess(conn, 0, recvbuffer);
return false;
}
if (!MatchClasses(ctx, conn))
{
Log(LOG_LEVEL_INFO, "Server refusal due to failed class/context match");
Terminate(&conn->conn_info);
return false;
}
DoExec(ctx, conn, args);
Terminate(&conn->conn_info);
return false;
case PROTOCOL_COMMAND_VERSION:
if (!conn->id_verified)
{
Log(LOG_LEVEL_INFO, "ID not verified");
RefuseAccess(conn, 0, recvbuffer);
}
snprintf(conn->output, CF_BUFSIZE, "OK: %s", Version());
SendTransaction(&conn->conn_info, conn->output, 0, CF_DONE);
return conn->id_verified;
case PROTOCOL_COMMAND_GET:
memset(filename, 0, CF_BUFSIZE);
sscanf(recvbuffer, "GET %d %[^\n]", &(get_args.buf_size), filename);
if ((get_args.buf_size < 0) || (get_args.buf_size > CF_BUFSIZE))
{
Log(LOG_LEVEL_INFO, "GET buffer out of bounds");
RefuseAccess(conn, 0, recvbuffer);
return false;
}
if (!conn->id_verified)
{
Log(LOG_LEVEL_INFO, "ID not verified");
RefuseAccess(conn, 0, recvbuffer);
return false;
}
if (!AccessControl(ctx, filename, conn, false))
{
Log(LOG_LEVEL_INFO, "Access denied to get object");
RefuseAccess(conn, 0, recvbuffer);
return true;
}
memset(sendbuffer, 0, CF_BUFSIZE);
if (get_args.buf_size >= CF_BUFSIZE)
{
get_args.buf_size = 2048;
}
get_args.connect = conn;
get_args.encrypt = false;
get_args.replybuff = sendbuffer;
get_args.replyfile = filename;
CfGetFile(&get_args);
return true;
case PROTOCOL_COMMAND_OPENDIR:
memset(filename, 0, CF_BUFSIZE);
sscanf(recvbuffer, "OPENDIR %[^\n]", filename);
if (!conn->id_verified)
{
Log(LOG_LEVEL_INFO, "ID not verified");
RefuseAccess(conn, 0, recvbuffer);
return false;
}
if (!AccessControl(ctx, filename, conn, true)) /* opendir don't care about privacy */
{
Log(LOG_LEVEL_INFO, "DIR access error");
RefuseAccess(conn, 0, recvbuffer);
return false;
}
CfOpenDirectory(conn, sendbuffer, filename);
return true;
case PROTOCOL_COMMAND_SYNC:
if (!conn->id_verified)
{
Log(LOG_LEVEL_INFO, "ID not verified");
RefuseAccess(conn, 0, recvbuffer);
return false;
}
memset(filename, 0, CF_BUFSIZE);
sscanf(recvbuffer, "SYNCH %ld STAT %[^\n]", &time_no_see, filename);
trem = (time_t) time_no_see;
if ((time_no_see == 0) || (filename[0] == '\0'))
{
break;
}
if ((tloc = time((time_t *) NULL)) == -1)
{
sprintf(conn->output, "Couldn't read system clock\n");
Log(LOG_LEVEL_INFO, "Couldn't read system clock. (time: %s)", GetErrorStr());
SendTransaction(&conn->conn_info, "BAD: clocks out of synch", 0, CF_DONE);
return true;
}
drift = (int) (tloc - trem);
if (!AccessControl(ctx, filename, conn, true))
{
Log(LOG_LEVEL_VERBOSE, "AccessControl: access denied");
RefuseAccess(conn, 0, recvbuffer);
return true;
}
if (DENYBADCLOCKS && (drift * drift > CLOCK_DRIFT * CLOCK_DRIFT))
{
snprintf(conn->output, CF_BUFSIZE - 1, "BAD: Clocks are too far unsynchronized %ld/%ld\n", (long) tloc,
(long) trem);
SendTransaction(&conn->conn_info, conn->output, 0, CF_DONE);
return true;
}
else
{
Log(LOG_LEVEL_DEBUG, "Clocks were off by %ld", (long) tloc - (long) trem);
StatFile(conn, sendbuffer, filename);
}
return true;
case PROTOCOL_COMMAND_MD5:
if (!conn->id_verified)
{
Log(LOG_LEVEL_INFO, "ID not verified");
RefuseAccess(conn, 0, recvbuffer);
return true;
}
CompareLocalHash(conn, sendbuffer, recvbuffer);
return true;
case PROTOCOL_COMMAND_VAR:
if (!conn->id_verified)
{
Log(LOG_LEVEL_INFO, "ID not verified");
RefuseAccess(conn, 0, recvbuffer);
return true;
}
if (!LiteralAccessControl(ctx, recvbuffer, conn, encrypted))
{
Log(LOG_LEVEL_INFO, "Literal access failure");
RefuseAccess(conn, 0, recvbuffer);
return false;
}
GetServerLiteral(ctx, conn, sendbuffer, recvbuffer, encrypted);
return true;
case PROTOCOL_COMMAND_CONTEXT:
if (!conn->id_verified)
{
Log(LOG_LEVEL_INFO, "ID not verified");
RefuseAccess(conn, 0, "Context probe");
return true;
}
if ((classes = ContextAccessControl(ctx, recvbuffer, conn, encrypted)) == NULL)
{
Log(LOG_LEVEL_INFO, "Context access failure on %s", recvbuffer);
RefuseAccess(conn, 0, recvbuffer);
return false;
}
ReplyServerContext(conn, encrypted, classes);
return true;
case PROTOCOL_COMMAND_QUERY:
if (!conn->id_verified)
{
Log(LOG_LEVEL_INFO, "ID not verified");
RefuseAccess(conn, 0, recvbuffer);
return true;
}
if (!LiteralAccessControl(ctx, recvbuffer, conn, encrypted))
{
Log(LOG_LEVEL_INFO, "Query access failure");
RefuseAccess(conn, 0, recvbuffer);
return false;
}
if (GetServerQuery(conn, recvbuffer, encrypted))
{
return true;
}
break;
case PROTOCOL_COMMAND_CALL_ME_BACK:
sscanf(recvbuffer, "SCALLBACK %u", &len);
if ((len >= sizeof(out)) || (received != (len + CF_PROTO_OFFSET)))
{
Log(LOG_LEVEL_INFO, "Decrypt error CALL_ME_BACK");
RefuseAccess(conn, 0, "decrypt error CALL_ME_BACK");
return true;
}
memcpy(out, recvbuffer + CF_PROTO_OFFSET, len);
DecryptString(conn->encryption_type, out, recvbuffer, conn->session_key, len);
if (strncmp(recvbuffer, "CALL_ME_BACK collect_calls", strlen("CALL_ME_BACK collect_calls")) != 0)
{
Log(LOG_LEVEL_INFO, "CALL_ME_BACK protocol defect");
RefuseAccess(conn, 0, "decryption failure");
return false;
}
if (!conn->id_verified)
{
Log(LOG_LEVEL_INFO, "ID not verified");
RefuseAccess(conn, 0, recvbuffer);
return true;
}
if (!LiteralAccessControl(ctx, recvbuffer, conn, true))
{
Log(LOG_LEVEL_INFO, "Query access failure");
RefuseAccess(conn, 0, recvbuffer);
return false;
}
return ReceiveCollectCall(conn);
case PROTOCOL_COMMAND_BAD:
Log(LOG_LEVEL_WARNING, "Unexpected protocol command: %s", recvbuffer);
}
sprintf(sendbuffer, "BAD: Request denied\n");
SendTransaction(&conn->conn_info, sendbuffer, 0, CF_DONE);
Log(LOG_LEVEL_INFO, "Closing connection, due to request: '%s'", recvbuffer);
return false;
}
int BusyWithClassicConnection(EvalContext *ctx, ServerConnectionState *conn)
{
time_t tloc, trem = 0;
char recvbuffer[CF_BUFSIZE + CF_BUFEXT], check[CF_BUFSIZE];
char sendbuffer[CF_BUFSIZE] = { 0 };
char filename[CF_BUFSIZE], buffer[CF_BUFSIZE], args[CF_BUFSIZE], out[CF_BUFSIZE];
long time_no_see = 0;
unsigned int len = 0;
int drift, plainlen, received, encrypted = 0;
ServerFileGetState get_args;
Item *classes;
memset(recvbuffer, 0, CF_BUFSIZE + CF_BUFEXT);
memset(&get_args, 0, sizeof(get_args));
received = ReceiveTransaction(conn->conn_info, recvbuffer, NULL);
if (received == -1 || received == 0)
{
return false;
}
if (strlen(recvbuffer) == 0)
{
Log(LOG_LEVEL_WARNING, "Got NULL transmission, skipping!");
return true;
}
/* Don't process request if we're signalled to exit. */
if (IsPendingTermination())
{
return false;
}
ProtocolCommandClassic command = GetCommandClassic(recvbuffer);
switch (command)
{
/* Plain text authentication; this MUST be the first command client
using classic protocol is sending. */
case PROTOCOL_COMMAND_AUTH_PLAIN:
SetConnectionData(conn, (char *) (recvbuffer + strlen("CAUTH ")));
if (conn->username == NULL || IsUserNameValid(conn->username) == false)
{
Log(LOG_LEVEL_INFO, "Client is sending wrong username: '******'", conn->username);
RefuseAccess(conn, recvbuffer);
return false;
}
/* This is used only for forcing correct state of state machine while
connecting and authenticating user using classic protocol. */
conn->user_data_set = true;
return true;
/* This MUST be exactly second command client using classic protocol is sending.
This is where key agreement takes place. */
case PROTOCOL_COMMAND_AUTH_SECURE:
/* First command was ommited by client; this is protocol violation. */
if (!conn->user_data_set)
{
Log(LOG_LEVEL_INFO, "Client is not verified; rejecting connection");
RefuseAccess(conn, recvbuffer);
return false;
}
conn->rsa_auth = AuthenticationDialogue(conn, recvbuffer, received);
if (!conn->rsa_auth)
{
Log(LOG_LEVEL_INFO, "Auth dialogue error");
RefuseAccess(conn, recvbuffer);
return false;
}
return true;
default:
break;
}
/* At this point we should have both user_data_set and rsa_auth set to perform any operation.
We can check only for second one as without first it won't be set up. */
if (!conn->rsa_auth)
{
Log(LOG_LEVEL_INFO, "Server refusal due to no RSA authentication [command: %d]", command);
RefuseAccess(conn, recvbuffer);
return false;
}
/* We have to have key at this point. */
assert(conn->session_key);
/* At this point we can safely do next switch and make sure user is authenticated. */
switch (command)
{
case PROTOCOL_COMMAND_EXEC:
memset(args, 0, CF_BUFSIZE);
sscanf(recvbuffer, "EXEC %255[^\n]", args);
if (!AllowedUser(conn->username))
{
Log(LOG_LEVEL_INFO, "Server refusal due to non-allowed user");
RefuseAccess(conn, recvbuffer);
return false;
}
if (!AccessControl(ctx, CommandArg0(CFRUNCOMMAND), conn, false))
{
Log(LOG_LEVEL_INFO, "Server refusal due to denied access to requested object");
RefuseAccess(conn, recvbuffer);
return false;
}
if (!MatchClasses(ctx, conn))
{
Log(LOG_LEVEL_INFO, "Server refusal due to failed class/context match");
Terminate(conn->conn_info);
return false;
}
DoExec(ctx, conn, args);
Terminate(conn->conn_info);
return false;
case PROTOCOL_COMMAND_VERSION:
snprintf(sendbuffer, sizeof(sendbuffer), "OK: %s", Version());
SendTransaction(conn->conn_info, sendbuffer, 0, CF_DONE);
return conn->user_data_set;
case PROTOCOL_COMMAND_GET:
memset(filename, 0, CF_BUFSIZE);
sscanf(recvbuffer, "GET %d %[^\n]", &(get_args.buf_size), filename);
if ((get_args.buf_size < 0) || (get_args.buf_size > CF_BUFSIZE))
{
Log(LOG_LEVEL_INFO, "GET buffer out of bounds");
RefuseAccess(conn, recvbuffer);
return false;
}
if (!AccessControl(ctx, filename, conn, false))
{
Log(LOG_LEVEL_INFO, "Access denied to get object");
RefuseAccess(conn, recvbuffer);
return true;
}
memset(sendbuffer, 0, sizeof(sendbuffer));
if (get_args.buf_size >= CF_BUFSIZE)
{
get_args.buf_size = 2048;
}
get_args.connect = conn;
get_args.encrypt = false;
get_args.replybuff = sendbuffer;
get_args.replyfile = filename;
CfGetFile(&get_args);
return true;
case PROTOCOL_COMMAND_GET_SECURE:
memset(buffer, 0, CF_BUFSIZE);
sscanf(recvbuffer, "SGET %u %d", &len, &(get_args.buf_size));
if (received != len + CF_PROTO_OFFSET)
{
Log(LOG_LEVEL_VERBOSE, "Protocol error SGET");
RefuseAccess(conn, recvbuffer);
return false;
}
plainlen = DecryptString(conn->encryption_type, recvbuffer + CF_PROTO_OFFSET, buffer, conn->session_key, len);
cfscanf(buffer, strlen("GET"), strlen("dummykey"), check, sendbuffer, filename);
if (strcmp(check, "GET") != 0)
{
Log(LOG_LEVEL_INFO, "SGET/GET problem");
RefuseAccess(conn, recvbuffer);
return true;
}
if ((get_args.buf_size < 0) || (get_args.buf_size > 8192))
{
Log(LOG_LEVEL_INFO, "SGET bounding error");
RefuseAccess(conn, recvbuffer);
return false;
}
if (get_args.buf_size >= CF_BUFSIZE)
{
get_args.buf_size = 2048;
}
Log(LOG_LEVEL_DEBUG, "Confirm decryption, and thus validity of caller");
Log(LOG_LEVEL_DEBUG, "SGET '%s' with blocksize %d", filename, get_args.buf_size);
if (!AccessControl(ctx, filename, conn, true))
{
Log(LOG_LEVEL_INFO, "Access control error");
RefuseAccess(conn, recvbuffer);
return false;
}
memset(sendbuffer, 0, sizeof(sendbuffer));
get_args.connect = conn;
get_args.encrypt = true;
get_args.replybuff = sendbuffer;
get_args.replyfile = filename;
CfEncryptGetFile(&get_args);
return true;
case PROTOCOL_COMMAND_OPENDIR_SECURE:
memset(buffer, 0, CF_BUFSIZE);
sscanf(recvbuffer, "SOPENDIR %u", &len);
if ((len >= sizeof(out)) || (received != (len + CF_PROTO_OFFSET)))
{
Log(LOG_LEVEL_VERBOSE, "Protocol error OPENDIR: %d", len);
RefuseAccess(conn, recvbuffer);
return false;
}
memcpy(out, recvbuffer + CF_PROTO_OFFSET, len);
plainlen = DecryptString(conn->encryption_type, out, recvbuffer, conn->session_key, len);
if (strncmp(recvbuffer, "OPENDIR", 7) != 0)
{
Log(LOG_LEVEL_INFO, "Opendir failed to decrypt");
RefuseAccess(conn, recvbuffer);
return true;
}
memset(filename, 0, CF_BUFSIZE);
sscanf(recvbuffer, "OPENDIR %[^\n]", filename);
if (!AccessControl(ctx, filename, conn, true)) /* opendir don't care about privacy */
{
Log(LOG_LEVEL_INFO, "Access error");
RefuseAccess(conn, recvbuffer);
return false;
}
CfSecOpenDirectory(conn, sendbuffer, filename);
return true;
case PROTOCOL_COMMAND_OPENDIR:
memset(filename, 0, CF_BUFSIZE);
sscanf(recvbuffer, "OPENDIR %[^\n]", filename);
if (!AccessControl(ctx, filename, conn, true)) /* opendir don't care about privacy */
{
Log(LOG_LEVEL_INFO, "DIR access error");
RefuseAccess(conn, recvbuffer);
return false;
}
CfOpenDirectory(conn, sendbuffer, filename);
return true;
case PROTOCOL_COMMAND_SYNC_SECURE:
memset(buffer, 0, CF_BUFSIZE);
sscanf(recvbuffer, "SSYNCH %u", &len);
if ((len >= sizeof(out)) || (received != (len + CF_PROTO_OFFSET)))
{
Log(LOG_LEVEL_VERBOSE, "Protocol error SSYNCH: %d", len);
RefuseAccess(conn, recvbuffer);
return false;
}
memcpy(out, recvbuffer + CF_PROTO_OFFSET, len);
plainlen = DecryptString(conn->encryption_type, out, recvbuffer, conn->session_key, len);
if (plainlen < 0)
{
DebugBinOut((char *) conn->session_key, 32, "Session key");
Log(LOG_LEVEL_ERR, "Bad decrypt (%d)", len);
}
if (strncmp(recvbuffer, "SYNCH", 5) != 0)
{
Log(LOG_LEVEL_INFO, "No synch");
RefuseAccess(conn, recvbuffer);
return true;
}
/* roll through, no break */
case PROTOCOL_COMMAND_SYNC:
memset(filename, 0, CF_BUFSIZE);
sscanf(recvbuffer, "SYNCH %ld STAT %[^\n]", &time_no_see, filename);
trem = (time_t) time_no_see;
if ((time_no_see == 0) || (filename[0] == '\0'))
{
break;
}
if ((tloc = time((time_t *) NULL)) == -1)
{
Log(LOG_LEVEL_INFO, "Couldn't read system clock. (time: %s)", GetErrorStr());
SendTransaction(conn->conn_info, "BAD: clocks out of synch", 0, CF_DONE);
return true;
}
drift = (int) (tloc - trem);
if (!AccessControl(ctx, filename, conn, true))
{
Log(LOG_LEVEL_INFO, "Access control in sync");
RefuseAccess(conn, recvbuffer);
return true;
}
if (DENYBADCLOCKS && (drift * drift > CLOCK_DRIFT * CLOCK_DRIFT))
{
snprintf(sendbuffer, sizeof(sendbuffer),
"BAD: Clocks are too far unsynchronized %ld/%ld",
(long) tloc, (long) trem);
SendTransaction(conn->conn_info, sendbuffer, 0, CF_DONE);
return true;
}
else
{
Log(LOG_LEVEL_DEBUG, "Clocks were off by %ld", (long) tloc - (long) trem);
StatFile(conn, sendbuffer, filename);
}
return true;
case PROTOCOL_COMMAND_MD5_SECURE:
sscanf(recvbuffer, "SMD5 %u", &len);
if ((len >= sizeof(out)) || (received != (len + CF_PROTO_OFFSET)))
{
Log(LOG_LEVEL_INFO, "Decryption error");
RefuseAccess(conn, recvbuffer);
return true;
}
memcpy(out, recvbuffer + CF_PROTO_OFFSET, len);
plainlen = DecryptString(conn->encryption_type, out, recvbuffer, conn->session_key, len);
if (strncmp(recvbuffer, "MD5", 3) != 0)
{
Log(LOG_LEVEL_INFO, "MD5 protocol error");
RefuseAccess(conn, recvbuffer);
return false;
}
/* roll through, no break */
case PROTOCOL_COMMAND_MD5:
CompareLocalHash(conn, sendbuffer, recvbuffer);
return true;
case PROTOCOL_COMMAND_VAR_SECURE:
sscanf(recvbuffer, "SVAR %u", &len);
if ((len >= sizeof(out)) || (received != (len + CF_PROTO_OFFSET)))
{
Log(LOG_LEVEL_INFO, "Decrypt error SVAR");
RefuseAccess(conn, "decrypt error SVAR");
return true;
}
memcpy(out, recvbuffer + CF_PROTO_OFFSET, len);
plainlen = DecryptString(conn->encryption_type, out, recvbuffer, conn->session_key, len);
encrypted = true;
if (strncmp(recvbuffer, "VAR", 3) != 0)
{
Log(LOG_LEVEL_INFO, "VAR protocol defect");
RefuseAccess(conn, "decryption failure");
return false;
}
/* roll through, no break */
case PROTOCOL_COMMAND_VAR:
if (!LiteralAccessControl(ctx, recvbuffer, conn, encrypted))
{
Log(LOG_LEVEL_INFO, "Literal access failure");
RefuseAccess(conn, recvbuffer);
return false;
}
GetServerLiteral(ctx, conn, sendbuffer, recvbuffer, encrypted);
return true;
case PROTOCOL_COMMAND_CONTEXT_SECURE:
sscanf(recvbuffer, "SCONTEXT %u", &len);
if ((len >= sizeof(out)) || (received != (len + CF_PROTO_OFFSET)))
{
Log(LOG_LEVEL_INFO, "Decrypt error SCONTEXT, len,received = %d,%d", len, received);
RefuseAccess(conn, "decrypt error SCONTEXT");
return true;
}
memcpy(out, recvbuffer + CF_PROTO_OFFSET, len);
plainlen = DecryptString(conn->encryption_type, out, recvbuffer, conn->session_key, len);
encrypted = true;
if (strncmp(recvbuffer, "CONTEXT", 7) != 0)
{
Log(LOG_LEVEL_INFO, "CONTEXT protocol defect...");
RefuseAccess(conn, "Decryption failed?");
return false;
}
/* roll through, no break */
case PROTOCOL_COMMAND_CONTEXT:
if ((classes = ContextAccessControl(ctx, recvbuffer, conn, encrypted)) == NULL)
{
Log(LOG_LEVEL_INFO, "Context access failure on %s", recvbuffer);
RefuseAccess(conn, recvbuffer);
return false;
}
ReplyServerContext(conn, encrypted, classes);
return true;
case PROTOCOL_COMMAND_QUERY_SECURE:
sscanf(recvbuffer, "SQUERY %u", &len);
if ((len >= sizeof(out)) || (received != (len + CF_PROTO_OFFSET)))
{
Log(LOG_LEVEL_INFO, "Decrypt error SQUERY");
RefuseAccess(conn, "decrypt error SQUERY");
return true;
}
memcpy(out, recvbuffer + CF_PROTO_OFFSET, len);
plainlen = DecryptString(conn->encryption_type, out, recvbuffer, conn->session_key, len);
if (strncmp(recvbuffer, "QUERY", 5) != 0)
{
Log(LOG_LEVEL_INFO, "QUERY protocol defect");
RefuseAccess(conn, "decryption failure");
return false;
}
if (!LiteralAccessControl(ctx, recvbuffer, conn, true))
{
Log(LOG_LEVEL_INFO, "Query access failure");
RefuseAccess(conn, recvbuffer);
return false;
}
if (GetServerQuery(conn, recvbuffer, true)) /* always encrypt */
{
return true;
}
break;
case PROTOCOL_COMMAND_CALL_ME_BACK:
sscanf(recvbuffer, "SCALLBACK %u", &len);
if ((len >= sizeof(out)) || (received != (len + CF_PROTO_OFFSET)))
{
Log(LOG_LEVEL_INFO, "Decrypt error CALL_ME_BACK");
RefuseAccess(conn, "decrypt error CALL_ME_BACK");
return true;
}
memcpy(out, recvbuffer + CF_PROTO_OFFSET, len);
plainlen = DecryptString(conn->encryption_type, out, recvbuffer, conn->session_key, len);
if (strncmp(recvbuffer, "CALL_ME_BACK collect_calls", strlen("CALL_ME_BACK collect_calls")) != 0)
{
Log(LOG_LEVEL_INFO, "CALL_ME_BACK protocol defect");
RefuseAccess(conn, "decryption failure");
return false;
}
if (!LiteralAccessControl(ctx, recvbuffer, conn, true))
{
Log(LOG_LEVEL_INFO, "Query access failure");
RefuseAccess(conn, recvbuffer);
return false;
}
if (ReceiveCollectCall(conn))
{
return true;
}
case PROTOCOL_COMMAND_AUTH_PLAIN:
case PROTOCOL_COMMAND_AUTH_SECURE:
case PROTOCOL_COMMAND_AUTH:
case PROTOCOL_COMMAND_CONTEXTS:
case PROTOCOL_COMMAND_BAD:
Log(LOG_LEVEL_WARNING, "Unexpected protocol command");
}
strcpy(sendbuffer, "BAD: Request denied");
SendTransaction(conn->conn_info, sendbuffer, 0, CF_DONE);
Log(LOG_LEVEL_INFO, "Closing connection, due to request: '%s'", recvbuffer);
return false;
}
void StartServer(EvalContext *ctx, Policy **policy, GenericAgentConfig *config)
{
int sd = -1, sd_reply;
fd_set rset;
struct timeval timeout;
int ret_val;
CfLock thislock;
time_t starttime = time(NULL), last_collect = 0;
struct sockaddr_storage cin;
socklen_t addrlen = sizeof(cin);
signal(SIGINT, HandleSignalsForDaemon);
signal(SIGTERM, HandleSignalsForDaemon);
signal(SIGHUP, SIG_IGN);
signal(SIGPIPE, SIG_IGN);
signal(SIGUSR1, HandleSignalsForDaemon);
signal(SIGUSR2, HandleSignalsForDaemon);
sd = SetServerListenState(ctx, QUEUESIZE);
TransactionContext tc = {
.ifelapsed = 0,
.expireafter = 1,
};
Policy *server_cfengine_policy = PolicyNew();
Promise *pp = NULL;
{
Bundle *bp = PolicyAppendBundle(server_cfengine_policy, NamespaceDefault(), "server_cfengine_bundle", "agent", NULL, NULL);
PromiseType *tp = BundleAppendPromiseType(bp, "server_cfengine");
pp = PromiseTypeAppendPromise(tp, config->input_file, (Rval) { NULL, RVAL_TYPE_NOPROMISEE }, NULL);
}
assert(pp);
thislock = AcquireLock(ctx, pp->promiser, VUQNAME, CFSTARTTIME, tc, pp, false);
if (thislock.lock == NULL)
{
PolicyDestroy(server_cfengine_policy);
return;
}
Log(LOG_LEVEL_INFO, "cf-serverd starting %.24s", ctime(&starttime));
if (sd != -1)
{
Log(LOG_LEVEL_VERBOSE, "Listening for connections ...");
}
#ifdef __MINGW32__
if (!NO_FORK)
{
Log(LOG_LEVEL_VERBOSE, "Windows does not support starting processes in the background - starting in foreground");
}
#else /* !__MINGW32__ */
if ((!NO_FORK) && (fork() != 0))
{
_exit(0);
}
if (!NO_FORK)
{
ActAsDaemon(sd);
}
#endif /* !__MINGW32__ */
WritePID("cf-serverd.pid");
/* Andrew Stribblehill <*****@*****.**> -- close sd on exec */
#ifndef __MINGW32__
fcntl(sd, F_SETFD, FD_CLOEXEC);
#endif
while (!IsPendingTermination())
{
time_t now = time(NULL);
/* Note that this loop logic is single threaded, but ACTIVE_THREADS
might still change in threads pertaining to service handling */
if (ThreadLock(cft_server_children))
{
if (ACTIVE_THREADS == 0)
{
CheckFileChanges(ctx, policy, config);
}
ThreadUnlock(cft_server_children);
}
// Check whether we should try to establish peering with a hub
if ((COLLECT_INTERVAL > 0) && ((now - last_collect) > COLLECT_INTERVAL))
{
TryCollectCall();
last_collect = now;
continue;
}
/* check if listening is working */
if (sd != -1)
{
// Look for normal incoming service requests
FD_ZERO(&rset);
FD_SET(sd, &rset);
/* Set 1 second timeout for select, so that signals are handled in
* a timely manner */
timeout.tv_sec = 1;
timeout.tv_usec = 0;
Log(LOG_LEVEL_DEBUG, "Waiting at incoming select...");
ret_val = select((sd + 1), &rset, NULL, NULL, &timeout);
if (ret_val == -1) /* Error received from call to select */
{
if (errno == EINTR)
{
continue;
}
else
{
Log(LOG_LEVEL_ERR, "select failed. (select: %s)", GetErrorStr());
exit(1);
}
}
else if (!ret_val) /* No data waiting, we must have timed out! */
{
continue;
}
Log(LOG_LEVEL_VERBOSE, "Accepting a connection");
if ((sd_reply = accept(sd, (struct sockaddr *) &cin, &addrlen)) != -1)
{
/* Just convert IP address to string, no DNS lookup. */
char ipaddr[CF_MAX_IP_LEN] = "";
getnameinfo((struct sockaddr *) &cin, addrlen,
ipaddr, sizeof(ipaddr),
NULL, 0, NI_NUMERICHOST);
ServerEntryPoint(ctx, sd_reply, ipaddr);
}
}
}
PolicyDestroy(server_cfengine_policy);
}
/*********************************************************************/
/* Level 2 */
/*********************************************************************/
int InitServer(size_t queue_size)
{
int sd = -1;
if ((sd = OpenReceiverChannel()) == -1)
{
Log(LOG_LEVEL_ERR, "Unable to start server");
exit(1);
}
if (listen(sd, queue_size) == -1)
{
Log(LOG_LEVEL_ERR, "listen failed. (listen: %s)", GetErrorStr());
exit(1);
}
return sd;
}
bool BusyWithNewProtocol(EvalContext *ctx, ServerConnectionState *conn)
{
/* The CF_BUFEXT extra space is there to ensure we're not reading out of
* bounds in commands that carry extra binary arguments, like MD5. */
char recvbuffer[CF_BUFSIZE + CF_BUFEXT] = { 0 };
char sendbuffer[CF_BUFSIZE] = { 0 };
char filename[CF_BUFSIZE + 1]; /* +1 for appending slash sometimes */
int received;
ServerFileGetState get_args = { 0 };
/* We already encrypt because of the TLS layer, no need to encrypt more. */
const int encrypted = 0;
/* Legacy stuff only for old protocol. */
assert(conn->rsa_auth == 1);
assert(conn->user_data_set == 1);
/* Receive up to CF_BUFSIZE - 1 bytes. */
received = ReceiveTransaction(conn->conn_info, recvbuffer, NULL);
if (received == -1 || received == 0)
{
return false;
}
if (strlen(recvbuffer) == 0)
{
Log(LOG_LEVEL_WARNING, "Got NULL transmission, skipping!");
return true;
}
/* Don't process request if we're signalled to exit. */
if (IsPendingTermination())
{
Log(LOG_LEVEL_VERBOSE, "Server must exit, closing connection");
return false;
}
/* TODO break recvbuffer here: command, param1, param2 etc. */
switch (GetCommandNew(recvbuffer))
{
case PROTOCOL_COMMAND_EXEC:
{
/* TODO check it is always file, never directory, no end with '/' */
char args[256];
int ret = sscanf(recvbuffer, "EXEC %255[^\n]", args);
if (ret != 1) /* No arguments, use default args. */
{
args[0] = '\0';
}
if (!AllowedUser(conn->username))
{
Log(LOG_LEVEL_INFO, "EXEC denied due to not allowed user: %s",
conn->username);
RefuseAccess(conn, recvbuffer);
return true;
}
char arg0[PATH_MAX];
size_t zret = CommandArg0_bound(arg0, CFRUNCOMMAND, sizeof(arg0));
if (zret == (size_t) -1)
{
goto protocol_error;
}
zret = PreprocessRequestPath(arg0, sizeof(arg0));
if (zret == (size_t) -1)
{
goto protocol_error;
}
/* TODO EXEC should not just use paths_acl access control, but
* specific "path_exec" ACL. Then different command execution could be
* allowed per host, and the host could even set argv[0] in his EXEC
* request, rather than only the arguments. */
if (acl_CheckPath(paths_acl, arg0,
conn->ipaddr, conn->revdns,
KeyPrintableHash(ConnectionInfoKey(conn->conn_info)))
== false)
{
Log(LOG_LEVEL_INFO, "EXEC denied due to ACL for file: %s", arg0);
RefuseAccess(conn, recvbuffer);
return true;
}
if (!MatchClasses(ctx, conn))
{
Log(LOG_LEVEL_INFO, "EXEC denied due to failed class match");
Terminate(conn->conn_info);
return true;
}
DoExec(ctx, conn, args);
Terminate(conn->conn_info);
return true;
}
case PROTOCOL_COMMAND_VERSION:
snprintf(sendbuffer, sizeof(sendbuffer), "OK: %s", Version());
SendTransaction(conn->conn_info, sendbuffer, 0, CF_DONE);
return true;
case PROTOCOL_COMMAND_GET:
{
int ret = sscanf(recvbuffer, "GET %d %[^\n]",
&(get_args.buf_size), filename);
if (ret != 2 ||
get_args.buf_size <= 0 || get_args.buf_size > CF_BUFSIZE)
{
goto protocol_error;
}
Log(LOG_LEVEL_VERBOSE, "%14s %7s %s",
"Received:", "GET", filename);
/* TODO batch all the following in one function since it's very
* similar in all of GET, OPENDIR and STAT. */
size_t zret = ShortcutsExpand(filename, sizeof(filename),
SV.path_shortcuts,
conn->ipaddr, conn->revdns,
KeyPrintableHash(ConnectionInfoKey(conn->conn_info)));
if (zret == (size_t) -1)
{
goto protocol_error;
}
zret = PreprocessRequestPath(filename, sizeof(filename));
if (zret == (size_t) -1)
{
goto protocol_error;
}
PathRemoveTrailingSlash(filename, strlen(filename));
Log(LOG_LEVEL_VERBOSE, "%14s %7s %s",
"Translated to:", "GET", filename);
if (acl_CheckPath(paths_acl, filename,
conn->ipaddr, conn->revdns,
KeyPrintableHash(ConnectionInfoKey(conn->conn_info)))
== false)
{
Log(LOG_LEVEL_INFO, "access denied to GET: %s", filename);
RefuseAccess(conn, recvbuffer);
return true;
}
memset(sendbuffer, 0, sizeof(sendbuffer));
if (get_args.buf_size >= CF_BUFSIZE)
{
get_args.buf_size = 2048;
}
/* TODO eliminate! */
get_args.conn = conn;
get_args.encrypt = false;
get_args.replybuff = sendbuffer;
get_args.replyfile = filename;
CfGetFile(&get_args);
return true;
}
case PROTOCOL_COMMAND_OPENDIR:
{
memset(filename, 0, sizeof(filename));
int ret = sscanf(recvbuffer, "OPENDIR %[^\n]", filename);
if (ret != 1)
{
goto protocol_error;
}
Log(LOG_LEVEL_VERBOSE, "%14s %7s %s",
"Received:", "OPENDIR", filename);
/* sizeof()-1 because we need one extra byte for
appending '/' afterwards. */
size_t zret = ShortcutsExpand(filename, sizeof(filename) - 1,
SV.path_shortcuts,
conn->ipaddr, conn->revdns,
KeyPrintableHash(ConnectionInfoKey(conn->conn_info)));
if (zret == (size_t) -1)
{
goto protocol_error;
}
zret = PreprocessRequestPath(filename, sizeof(filename) - 1);
if (zret == (size_t) -1)
{
goto protocol_error;
}
/* OPENDIR *must* be directory. */
PathAppendTrailingSlash(filename, strlen(filename));
Log(LOG_LEVEL_VERBOSE, "%14s %7s %s",
"Translated to:", "OPENDIR", filename);
if (acl_CheckPath(paths_acl, filename,
conn->ipaddr, conn->revdns,
KeyPrintableHash(ConnectionInfoKey(conn->conn_info)))
== false)
{
Log(LOG_LEVEL_INFO, "access denied to OPENDIR: %s", filename);
RefuseAccess(conn, recvbuffer);
return true;
}
CfOpenDirectory(conn, sendbuffer, filename);
return true;
}
case PROTOCOL_COMMAND_SYNCH:
{
long time_no_see = 0;
memset(filename, 0, sizeof(filename));
int ret = sscanf(recvbuffer, "SYNCH %ld STAT %[^\n]",
&time_no_see, filename);
if (ret != 2 || filename[0] == '\0')
{
goto protocol_error;
}
time_t tloc = time(NULL);
if (tloc == -1)
{
/* Should never happen. */
Log(LOG_LEVEL_ERR, "Couldn't read system clock. (time: %s)", GetErrorStr());
SendTransaction(conn->conn_info, "BAD: clocks out of synch", 0, CF_DONE);
return true;
}
time_t trem = (time_t) time_no_see;
int drift = (int) (tloc - trem);
Log(LOG_LEVEL_VERBOSE, "%14s %7s %s",
"Received:", "STAT", filename);
/* sizeof()-1 because we need one extra byte for
appending '/' afterwards. */
size_t zret = ShortcutsExpand(filename, sizeof(filename) - 1,
SV.path_shortcuts,
conn->ipaddr, conn->revdns,
KeyPrintableHash(ConnectionInfoKey(conn->conn_info)));
if (zret == (size_t) -1)
{
goto protocol_error;
}
zret = PreprocessRequestPath(filename, sizeof(filename) - 1);
if (zret == (size_t) -1)
{
RefuseAccess(conn, recvbuffer);
return true;
}
if (IsDirReal(filename) == 1)
{
PathAppendTrailingSlash(filename, strlen(filename));
}
else
{
PathRemoveTrailingSlash(filename, strlen(filename));
}
Log(LOG_LEVEL_VERBOSE, "%14s %7s %s",
"Translated to:", "STAT", filename);
if (acl_CheckPath(paths_acl, filename,
conn->ipaddr, conn->revdns,
KeyPrintableHash(ConnectionInfoKey(conn->conn_info)))
== false)
{
Log(LOG_LEVEL_INFO, "access denied to STAT: %s", filename);
RefuseAccess(conn, recvbuffer);
return true;
}
if (DENYBADCLOCKS && (drift * drift > CLOCK_DRIFT * CLOCK_DRIFT))
{
snprintf(sendbuffer, sizeof(sendbuffer),
"BAD: Clocks are too far unsynchronized %ld/%ld",
(long) tloc, (long) trem);
Log(LOG_LEVEL_INFO, "denybadclocks %s", sendbuffer);
SendTransaction(conn->conn_info, sendbuffer, 0, CF_DONE);
return true;
}
else
{
Log(LOG_LEVEL_DEBUG, "Clocks were off by %ld", (long) tloc - (long) trem);
StatFile(conn, sendbuffer, filename);
}
return true;
}
case PROTOCOL_COMMAND_MD5:
{
int ret = sscanf(recvbuffer, "MD5 %[^\n]", filename);
if (ret != 1)
{
goto protocol_error;
}
Log(LOG_LEVEL_VERBOSE, "%14s %7s %s",
"Received:", "MD5", filename);
/* TODO batch all the following in one function since it's very
* similar in all of GET, OPENDIR and STAT. */
size_t zret = ShortcutsExpand(filename, sizeof(filename),
SV.path_shortcuts,
conn->ipaddr, conn->revdns,
KeyPrintableHash(ConnectionInfoKey(conn->conn_info)));
if (zret == (size_t) -1)
{
goto protocol_error;
}
zret = PreprocessRequestPath(filename, sizeof(filename));
if (zret == (size_t) -1)
{
goto protocol_error;
}
PathRemoveTrailingSlash(filename, strlen(filename));
Log(LOG_LEVEL_VERBOSE, "%14s %7s %s",
"Translated to:", "MD5", filename);
if (acl_CheckPath(paths_acl, filename,
conn->ipaddr, conn->revdns,
KeyPrintableHash(ConnectionInfoKey(conn->conn_info)))
== false)
{
Log(LOG_LEVEL_INFO, "access denied to file: %s", filename);
RefuseAccess(conn, recvbuffer);
return true;
}
assert(CF_DEFAULT_DIGEST_LEN <= EVP_MAX_MD_SIZE);
unsigned char digest[EVP_MAX_MD_SIZE + 1];
assert(CF_BUFSIZE + CF_SMALL_OFFSET + CF_DEFAULT_DIGEST_LEN
<= sizeof(recvbuffer));
memcpy(digest, recvbuffer + strlen(recvbuffer) + CF_SMALL_OFFSET,
CF_DEFAULT_DIGEST_LEN);
CompareLocalHash(filename, digest, sendbuffer);
SendTransaction(conn->conn_info, sendbuffer, 0, CF_DONE);
return true;
}
case PROTOCOL_COMMAND_VAR:
{
char var[256];
int ret = sscanf(recvbuffer, "VAR %255[^\n]", var);
if (ret != 1)
{
goto protocol_error;
}
/* TODO if this is literals_acl, then when should I check vars_acl? */
if (acl_CheckExact(literals_acl, var,
conn->ipaddr, conn->revdns,
KeyPrintableHash(ConnectionInfoKey(conn->conn_info)))
== false)
{
Log(LOG_LEVEL_INFO, "access denied to variable: %s", var);
RefuseAccess(conn, recvbuffer);
return true;
}
GetServerLiteral(ctx, conn, sendbuffer, recvbuffer, encrypted);
return true;
}
case PROTOCOL_COMMAND_CONTEXT:
{
char client_regex[256];
int ret = sscanf(recvbuffer, "CONTEXT %255[^\n]", client_regex);
if (ret != 1)
{
goto protocol_error;
}
/* WARNING: this comes from legacy code and must be killed if we care
* about performance. We should not accept regular expressions from
* the client, but this will break backwards compatibility.
*
* I replicated the code in raw form here to emphasize complexity,
* it's the only *slow* command currently in the protocol. */
Item *persistent_classes = ListPersistentClasses();
Item *matched_classes = NULL;
/* For all persistent classes */
for (Item *ip = persistent_classes; ip != NULL; ip = ip->next)
{
const char *class_name = ip->name;
/* Does this class match the regex the client sent? */
if (StringMatchFull(client_regex, class_name))
{
/* For all ACLs */
for (size_t i = 0; i < classes_acl->len; i++)
{
struct resource_acl *racl = &classes_acl->acls[i];
/* Does this ACL apply to this host? */
if (access_CheckResource(racl, conn->ipaddr, conn->revdns,
KeyPrintableHash(ConnectionInfoKey(conn->conn_info)))
== true)
{
const char *allowed_classes_regex =
classes_acl->resource_names->list[i]->str;
/* Does this ACL admits access for this class to the
* connected host? */
if (StringMatchFull(allowed_classes_regex, class_name))
{
PrependItem(&matched_classes, class_name, NULL);
}
}
}
}
}
if (matched_classes == NULL)
{
Log(LOG_LEVEL_INFO,
"No allowed classes for remoteclassesmatching: %s",
client_regex);
RefuseAccess(conn, recvbuffer);
return true;
}
ReplyServerContext(conn, encrypted, matched_classes);
return true;
}
case PROTOCOL_COMMAND_QUERY:
{
char query[256], name[128];
int ret1 = sscanf(recvbuffer, "QUERY %255[^\n]", query);
int ret2 = sscanf(recvbuffer, "QUERY %127s", name);
if (ret1 != 1 || ret2 != 1)
{
goto protocol_error;
}
if (acl_CheckExact(query_acl, name,
conn->ipaddr, conn->revdns,
KeyPrintableHash(ConnectionInfoKey(conn->conn_info)))
== false)
{
Log(LOG_LEVEL_INFO, "access denied to query: %s", query);
RefuseAccess(conn, recvbuffer);
return true;
}
if (GetServerQuery(conn, recvbuffer, encrypted))
{
return true;
}
break;
}
case PROTOCOL_COMMAND_CALL_ME_BACK:
if (acl_CheckExact(query_acl, "collect_calls",
conn->ipaddr, conn->revdns,
KeyPrintableHash(ConnectionInfoKey(conn->conn_info)))
== false)
{
Log(LOG_LEVEL_INFO,
"access denied to Call-Collect, check the ACL for class: collect_calls");
return false;
}
ReceiveCollectCall(conn);
/* On success that returned true; otherwise, it did all
* relevant Log()ging. Either way, it closed the connection,
* so we're no longer busy with it: */
return false;
case PROTOCOL_COMMAND_BAD:
Log(LOG_LEVEL_WARNING, "Unexpected protocol command: %s", recvbuffer);
}
/* We should only reach this point if something went really bad, and
* close connection. In all other cases (like access denied) connection
* shouldn't be closed.
* TODO So we need this function to return more than true/false, because
* now we return true even when access is denied! E.g. return -1 for
* error, 0 on success, 1 on access denied. It can be an option if
* connection will close on denial. */
protocol_error:
strcpy(sendbuffer, "BAD: Request denied");
SendTransaction(conn->conn_info, sendbuffer, 0, CF_DONE);
Log(LOG_LEVEL_INFO, "Closing connection due to request: %s", recvbuffer);
return false;
}
Rlist *PipeReadData(const IOData *io, int pipe_timeout_secs, int pipe_termination_check_secs)
{
char buff[CF_BUFSIZE] = {0};
Buffer *data = BufferNew();
if (!data)
{
Log(LOG_LEVEL_VERBOSE,
"Unable to allocate buffer for handling pipe responses.");
return NULL;
}
int timeout_seconds_left = pipe_timeout_secs;
while (!IsPendingTermination() && timeout_seconds_left > 0)
{
int fd = PipeIsReadWriteReady(io, pipe_termination_check_secs);
if (fd < 0)
{
Log(LOG_LEVEL_DEBUG,
"Error reading data from application pipe %d", fd);
break;
}
else if (fd == io->read_fd)
{
ssize_t res = read(fd, buff, sizeof(buff) - 1);
if (res == -1)
{
if (errno == EINTR)
{
continue;
}
else
{
Log(LOG_LEVEL_ERR,
"Unable to read output from application pipe: %s",
GetErrorStr());
BufferDestroy(data);
return NULL;
}
}
else if (res == 0) /* reached EOF */
{
break;
}
Log(LOG_LEVEL_DEBUG, "Data read from application pipe: %zd [%s]",
res, buff);
BufferAppendString(data, buff);
memset(buff, 0, sizeof(buff));
}
else if (fd == 0) /* timeout */
{
timeout_seconds_left -= pipe_termination_check_secs;
continue;
}
}
char *read_string = BufferClose(data);
#ifdef __MINGW32__
bool detect_crlf = true;
#else
bool detect_crlf = false;
#endif
Rlist *response_lines = RlistFromStringSplitLines(read_string, detect_crlf);
free(read_string);
return response_lines;
}
static bool IsReadReady(int fd, int timeout_sec)
{
fd_set rset;
FD_ZERO(&rset);
FD_SET(fd, &rset);
struct timeval tv = {
.tv_sec = timeout_sec,
.tv_usec = 0,
};
int ret = select(fd + 1, &rset, NULL, NULL, &tv);
if(ret < 0)
{
Log(LOG_LEVEL_ERR, "IsReadReady: Failed checking for data. (select: %s)", GetErrorStr());
return false;
}
if(FD_ISSET(fd, &rset))
{
return true;
}
if(ret == 0) // timeout
{
return false;
}
// can we get here?
Log(LOG_LEVEL_ERR, "IsReadReady: Unknown outcome (ret > 0 but our only fd is not set). (select: %s)", GetErrorStr());
return false;
}
#if defined(__hpux) && defined(__GNUC__)
#pragma GCC diagnostic warning "-Wstrict-aliasing"
#endif
#endif /* __MINGW32__ */
void LocalExec(const ExecConfig *config)
{
time_t starttime = time(NULL);
void *thread_name = ThreadUniqueName();
{
char starttime_str[64];
cf_strtimestamp_local(starttime, starttime_str);
Log(LOG_LEVEL_VERBOSE, "----------------------------------------------------------------");
Log(LOG_LEVEL_VERBOSE, " LocalExec(%sscheduled) at %s", config->scheduled_run ? "" : "not ", starttime_str);
Log(LOG_LEVEL_VERBOSE, "----------------------------------------------------------------");
}
/* Need to make sure we have LD_LIBRARY_PATH here or children will die */
char cmd[CF_BUFSIZE];
if (strlen(config->exec_command) > 0)
{
strlcpy(cmd, config->exec_command, CF_BUFSIZE);
if (!strstr(cmd, "-Dfrom_cfexecd"))
{
strcat(cmd, " -Dfrom_cfexecd");
}
}
else
{
ConstructFailsafeCommand(config->scheduled_run, cmd);
}
char esc_command[CF_BUFSIZE];
strlcpy(esc_command, MapName(cmd), CF_BUFSIZE);
char filename[CF_BUFSIZE];
{
char line[CF_BUFSIZE];
snprintf(line, CF_BUFSIZE, "_%jd_%s", (intmax_t) starttime, CanonifyName(ctime(&starttime)));
{
char canonified_fq_name[CF_BUFSIZE];
strlcpy(canonified_fq_name, config->fq_name, CF_BUFSIZE);
CanonifyNameInPlace(canonified_fq_name);
snprintf(filename, CF_BUFSIZE, "%s/outputs/cf_%s_%s_%p",
GetWorkDir(), canonified_fq_name, line, thread_name);
MapName(filename);
}
}
/* What if no more processes? Could sacrifice and exec() - but we need a sentinel */
FILE *fp = fopen(filename, "w");
if (!fp)
{
Log(LOG_LEVEL_ERR, "Couldn't open '%s' - aborting exec. (fopen: %s)", filename, GetErrorStr());
return;
}
/*
* Don't inherit this file descriptor on fork/exec
*/
if (fileno(fp) != -1)
{
SetCloseOnExec(fileno(fp), true);
}
Log(LOG_LEVEL_VERBOSE, "Command => %s", cmd);
FILE *pp = cf_popen_sh(esc_command, "r");
if (!pp)
{
Log(LOG_LEVEL_ERR, "Couldn't open pipe to command '%s'. (cf_popen: %s)", cmd, GetErrorStr());
fclose(fp);
return;
}
Log(LOG_LEVEL_VERBOSE, "Command is executing...%s", esc_command);
int count = 0;
int complete = false;
size_t line_size = CF_BUFSIZE;
char *line = xmalloc(line_size);
while (!IsPendingTermination())
{
if (!IsReadReady(fileno(pp),
config->agent_expireafter * SECONDS_PER_MINUTE))
{
char errmsg[] =
"cf-execd: timeout waiting for output from agent"
" (agent_expireafter=%d) - terminating it\n";
fprintf(fp, errmsg, config->agent_expireafter);
/* Trim '\n' before Log()ing. */
errmsg[strlen(errmsg) - 1] = '\0';
Log(LOG_LEVEL_NOTICE, errmsg, config->agent_expireafter);
count++;
pid_t pid_agent;
if (PipeToPid(&pid_agent, pp))
{
ProcessSignalTerminate(pid_agent);
}
else
{
Log(LOG_LEVEL_ERR, "Could not get PID of agent");
}
break;
}
ssize_t res = CfReadLine(&line, &line_size, pp);
if (res == -1)
{
if (feof(pp))
{
complete = true;
}
else
{
Log(LOG_LEVEL_ERR,
"Unable to read output from command '%s'. (cfread: %s)",
cmd, GetErrorStr());
}
break;
}
const char *sp = line;
while (*sp != '\0' && isspace(*sp))
{
sp++;
}
if (*sp != '\0') /* line isn't entirely blank */
{
char *line_escaped = xmalloc(2 * line_size);
ReplaceStr(line, line_escaped, 2 * line_size, "%", "%%");
fprintf(fp, "%s\n", line_escaped);
count++;
/* If we can't send mail, log to syslog */
if (strlen(config->mail_to_address) == 0)
{
strncat(line_escaped, "\n", sizeof(line_escaped) - 1 - strlen(line_escaped));
if ((strchr(line_escaped, '\n')) == NULL)
{
line_escaped[sizeof(line_escaped) - 2] = '\n';
}
Log(LOG_LEVEL_INFO, "%s", line_escaped);
}
line[0] = '\0';
free(line_escaped);
}
}
free(line);
cf_pclose(pp);
Log(LOG_LEVEL_DEBUG, "Closing fp");
fclose(fp);
Log(LOG_LEVEL_VERBOSE,
complete ? "Command is complete" : "Terminated command");
if (count)
{
Log(LOG_LEVEL_VERBOSE, "Mailing result");
MailResult(config, filename);
}
else
{
Log(LOG_LEVEL_VERBOSE, "No output");
unlink(filename);
}
}
/* Might be called back from NovaWin_StartExecService */
void StartServer(Policy *policy, GenericAgentConfig *config, ExecConfig *exec_config, const ReportContext *report_context)
{
#if !defined(__MINGW32__)
time_t now = time(NULL);
#endif
Promise *pp = NewPromise("exec_cfengine", "the executor agent");
Attributes dummyattr;
CfLock thislock;
pthread_attr_init(&threads_attrs);
pthread_attr_setdetachstate(&threads_attrs, PTHREAD_CREATE_DETACHED);
pthread_attr_setstacksize(&threads_attrs, (size_t)2048*1024);
Banner("Starting executor");
memset(&dummyattr, 0, sizeof(dummyattr));
dummyattr.restart_class = "nonce";
dummyattr.transaction.ifelapsed = CF_EXEC_IFELAPSED;
dummyattr.transaction.expireafter = CF_EXEC_EXPIREAFTER;
if (!ONCE)
{
thislock = AcquireLock(pp->promiser, VUQNAME, CFSTARTTIME, dummyattr, pp, false);
if (thislock.lock == NULL)
{
PromiseDestroy(pp);
return;
}
/* Kill previous instances of cf-execd if those are still running */
Apoptosis();
/* FIXME: kludge. This code re-sets "last" lock to the one we have
acquired a few lines before. If the cf-execd is terminated, this lock
will be removed, and subsequent restart of cf-execd won't fail.
The culprit is Apoptosis(), which creates a promise and executes it,
taking locks during it, so CFLOCK/CFLAST/CFLOG get reset.
Proper fix is to keep all the taken locks in the memory, and release
all of them during process termination.
*/
strcpy(CFLOCK, thislock.lock);
strcpy(CFLAST, thislock.last ? thislock.last : "");
strcpy(CFLOG, thislock.log ? thislock.log : "");
}
#ifdef __MINGW32__
if (!NO_FORK)
{
CfOut(OUTPUT_LEVEL_VERBOSE, "", "Windows does not support starting processes in the background - starting in foreground");
}
#else /* !__MINGW32__ */
if ((!NO_FORK) && (fork() != 0))
{
CfOut(OUTPUT_LEVEL_INFORM, "", "cf-execd starting %.24s\n", cf_ctime(&now));
_exit(0);
}
if (!NO_FORK)
{
ActAsDaemon(0);
}
#endif /* !__MINGW32__ */
WritePID("cf-execd.pid");
signal(SIGINT, HandleSignalsForDaemon);
signal(SIGTERM, HandleSignalsForDaemon);
signal(SIGHUP, SIG_IGN);
signal(SIGPIPE, SIG_IGN);
signal(SIGUSR1, HandleSignalsForDaemon);
signal(SIGUSR2, HandleSignalsForDaemon);
umask(077);
if (ONCE)
{
CfOut(OUTPUT_LEVEL_VERBOSE, "", "Sleeping for splaytime %d seconds\n\n", SPLAYTIME);
sleep(SPLAYTIME);
LocalExec(exec_config);
CloseLog();
}
else
{
while (!IsPendingTermination())
{
if (ScheduleRun(&policy, config, exec_config, report_context))
{
CfOut(OUTPUT_LEVEL_VERBOSE, "", "Sleeping for splaytime %d seconds\n\n", SPLAYTIME);
sleep(SPLAYTIME);
if (!LocalExecInThread(exec_config))
{
CfOut(OUTPUT_LEVEL_INFORM, "", "Unable to run agent in thread, falling back to blocking execution");
LocalExec(exec_config);
}
}
}
YieldCurrentLock(thislock);
}
}
void StartServer(EvalContext *ctx, Policy **policy, GenericAgentConfig *config)
{
int sd = -1;
fd_set rset;
int ret_val;
CfLock thislock;
time_t last_policy_reload = 0;
extern int COLLECT_WINDOW;
struct sockaddr_storage cin;
socklen_t addrlen = sizeof(cin);
MakeSignalPipe();
signal(SIGINT, HandleSignalsForDaemon);
signal(SIGTERM, HandleSignalsForDaemon);
signal(SIGHUP, SIG_IGN);
signal(SIGPIPE, SIG_IGN);
signal(SIGUSR1, HandleSignalsForDaemon);
signal(SIGUSR2, HandleSignalsForDaemon);
ServerTLSInitialize();
sd = SetServerListenState(ctx, QUEUESIZE, SERVER_LISTEN, &InitServer);
TransactionContext tc = {
.ifelapsed = 0,
.expireafter = 1,
};
Policy *server_cfengine_policy = PolicyNew();
Promise *pp = NULL;
{
Bundle *bp = PolicyAppendBundle(server_cfengine_policy, NamespaceDefault(), "server_cfengine_bundle", "agent", NULL, NULL);
PromiseType *tp = BundleAppendPromiseType(bp, "server_cfengine");
pp = PromiseTypeAppendPromise(tp, config->input_file, (Rval) { NULL, RVAL_TYPE_NOPROMISEE }, NULL);
}
assert(pp);
thislock = AcquireLock(ctx, pp->promiser, VUQNAME, CFSTARTTIME, tc, pp, false);
if (thislock.lock == NULL)
{
PolicyDestroy(server_cfengine_policy);
return;
}
if (sd != -1)
{
Log(LOG_LEVEL_VERBOSE, "Listening for connections ...");
}
#ifdef __MINGW32__
if (!NO_FORK)
{
Log(LOG_LEVEL_VERBOSE, "Windows does not support starting processes in the background - starting in foreground");
}
#else /* !__MINGW32__ */
if ((!NO_FORK) && (fork() != 0))
{
_exit(EXIT_SUCCESS);
}
if (!NO_FORK)
{
ActAsDaemon();
}
#endif /* !__MINGW32__ */
WritePID("cf-serverd.pid");
/* Andrew Stribblehill <*****@*****.**> -- close sd on exec */
#ifndef __MINGW32__
fcntl(sd, F_SETFD, FD_CLOEXEC);
#endif
CollectCallStart(COLLECT_INTERVAL);
while (!IsPendingTermination())
{
/* Note that this loop logic is single threaded, but ACTIVE_THREADS
might still change in threads pertaining to service handling */
if (ThreadLock(cft_server_children))
{
if (ACTIVE_THREADS == 0)
{
CheckFileChanges(ctx, policy, config, &last_policy_reload);
}
ThreadUnlock(cft_server_children);
}
// Check whether we have established peering with a hub
if (CollectCallHasPending())
{
int waiting_queue = 0;
int new_client = CollectCallGetPending(&waiting_queue);
if (waiting_queue > COLLECT_WINDOW)
{
Log(LOG_LEVEL_INFO, "Closing collect call because it would take"
"longer than the allocated window [%d]", COLLECT_WINDOW);
}
ConnectionInfo *info = ConnectionInfoNew();
if (info)
{
ConnectionInfoSetSocket(info, new_client);
ServerEntryPoint(ctx, POLICY_SERVER, info);
CollectCallMarkProcessed();
}
}
else
{
/* check if listening is working */
if (sd != -1)
{
// Look for normal incoming service requests
int signal_pipe = GetSignalPipe();
FD_ZERO(&rset);
FD_SET(sd, &rset);
FD_SET(signal_pipe, &rset);
Log(LOG_LEVEL_DEBUG, "Waiting at incoming select...");
struct timeval timeout = {
.tv_sec = 60,
.tv_usec = 0
};
int max_fd = (sd > signal_pipe) ? (sd + 1) : (signal_pipe + 1);
ret_val = select(max_fd, &rset, NULL, NULL, &timeout);
// Empty the signal pipe. We don't need the values.
unsigned char buf;
while (recv(signal_pipe, &buf, 1, 0) > 0) {}
if (ret_val == -1) /* Error received from call to select */
{
if (errno == EINTR)
{
continue;
}
else
{
Log(LOG_LEVEL_ERR, "select failed. (select: %s)", GetErrorStr());
exit(1);
}
}
else if (!ret_val) /* No data waiting, we must have timed out! */
{
continue;
}
if (FD_ISSET(sd, &rset))
{
int new_client = accept(sd, (struct sockaddr *)&cin, &addrlen);
if (new_client == -1)
{
continue;
}
/* Just convert IP address to string, no DNS lookup. */
char ipaddr[CF_MAX_IP_LEN] = "";
getnameinfo((struct sockaddr *) &cin, addrlen,
ipaddr, sizeof(ipaddr),
NULL, 0, NI_NUMERICHOST);
ConnectionInfo *info = ConnectionInfoNew();
if (info)
{
ConnectionInfoSetSocket(info, new_client);
ServerEntryPoint(ctx, ipaddr, info);
}
}
}
}
}
CollectCallStop();
PolicyDestroy(server_cfengine_policy);
}
/*********************************************************************/
/* Level 2 */
/*********************************************************************/
int InitServer(size_t queue_size)
{
int sd = -1;
if ((sd = OpenReceiverChannel()) == -1)
{
Log(LOG_LEVEL_ERR, "Unable to start server");
exit(EXIT_FAILURE);
}
if (listen(sd, queue_size) == -1)
{
Log(LOG_LEVEL_ERR, "listen failed. (listen: %s)", GetErrorStr());
exit(EXIT_FAILURE);
}
return sd;
}
static bool CFTestD_BusyLoop(
ServerConnectionState *conn, CFTestD_Config *config)
{
char recvbuffer[CF_BUFSIZE + CF_BUFEXT] = "";
char sendbuffer[CF_BUFSIZE - CF_INBAND_OFFSET] = "";
const int received =
ReceiveTransaction(conn->conn_info, recvbuffer, NULL);
if (received == -1)
{
/* Already Log()ged in case of error. */
return false;
}
if (received > CF_BUFSIZE - 1)
{
UnexpectedError("Received transaction of size %d", received);
return false;
}
if (strlen(recvbuffer) == 0)
{
Log(LOG_LEVEL_WARNING,
"Got NULL transmission (of size %d)",
received);
return true;
}
/* Don't process request if we're signalled to exit. */
if (IsPendingTermination())
{
Log(LOG_LEVEL_VERBOSE, "Server must exit, closing connection");
return false;
}
// See BusyWithNewProtocol() in server_tls.c for how to add other commands
switch (GetCommandNew(recvbuffer))
{
case PROTOCOL_COMMAND_QUERY:
{
char query[256], name[128];
int ret1 = sscanf(recvbuffer, "QUERY %255[^\n]", query);
int ret2 = sscanf(recvbuffer, "QUERY %127s", name);
if (ret1 != 1 || ret2 != 1)
{
return CFTestD_ProtocolError(conn, recvbuffer, sendbuffer);
}
if (CFTestD_GetServerQuery(conn, recvbuffer, config))
{
return true;
}
break;
}
case PROTOCOL_COMMAND_BAD:
default:
Log(LOG_LEVEL_WARNING, "Unexpected protocol command: %s", recvbuffer);
}
return CFTestD_ProtocolError(conn, recvbuffer, sendbuffer);
}
void StartServer(Policy *policy, GenericAgentConfig *config, const ReportContext *report_context)
{
int sd = -1, sd_reply;
fd_set rset;
struct timeval timeout;
int ret_val;
Promise *pp = NewPromise("server_cfengine", config->input_file);
Attributes dummyattr = { {0} };
CfLock thislock;
time_t starttime = time(NULL), last_collect = 0;
#if defined(HAVE_GETADDRINFO)
socklen_t addrlen = sizeof(struct sockaddr_in6);
struct sockaddr_in6 cin;
#else
socklen_t addrlen = sizeof(struct sockaddr_in);
struct sockaddr_in cin;
#endif
memset(&dummyattr, 0, sizeof(dummyattr));
signal(SIGINT, HandleSignalsForDaemon);
signal(SIGTERM, HandleSignalsForDaemon);
signal(SIGHUP, SIG_IGN);
signal(SIGPIPE, SIG_IGN);
signal(SIGUSR1, HandleSignalsForDaemon);
signal(SIGUSR2, HandleSignalsForDaemon);
sd = SetServerListenState(QUEUESIZE);
dummyattr.transaction.ifelapsed = 0;
dummyattr.transaction.expireafter = 1;
thislock = AcquireLock(pp->promiser, VUQNAME, CFSTARTTIME, dummyattr, pp, false);
if (thislock.lock == NULL)
{
return;
}
CfOut(cf_inform, "", "cf-serverd starting %.24s\n", cf_ctime(&starttime));
if (sd != -1)
{
CfOut(cf_verbose, "", "Listening for connections ...\n");
}
#ifdef __MINGW32__
if (!NO_FORK)
{
CfOut(cf_verbose, "", "Windows does not support starting processes in the background - starting in foreground");
}
#else /* !__MINGW32__ */
if ((!NO_FORK) && (fork() != 0))
{
_exit(0);
}
if (!NO_FORK)
{
ActAsDaemon(sd);
}
#endif /* !__MINGW32__ */
WritePID("cf-serverd.pid");
/* Andrew Stribblehill <*****@*****.**> -- close sd on exec */
#ifndef __MINGW32__
fcntl(sd, F_SETFD, FD_CLOEXEC);
#endif
while (!IsPendingTermination())
{
time_t now = time(NULL);
/* Note that this loop logic is single threaded, but ACTIVE_THREADS
might still change in threads pertaining to service handling */
if (ThreadLock(cft_server_children))
{
if (ACTIVE_THREADS == 0)
{
CheckFileChanges(&policy, config, report_context);
}
ThreadUnlock(cft_server_children);
}
// Check whether we should try to establish peering with a hub
if ((COLLECT_INTERVAL > 0) && ((now - last_collect) > COLLECT_INTERVAL))
{
TryCollectCall();
last_collect = now;
continue;
}
/* check if listening is working */
if (sd != -1)
{
// Look for normal incoming service requests
FD_ZERO(&rset);
FD_SET(sd, &rset);
timeout.tv_sec = 10; /* Set a 10 second timeout for select */
timeout.tv_usec = 0;
CfDebug(" -> Waiting at incoming select...\n");
ret_val = select((sd + 1), &rset, NULL, NULL, &timeout);
if (ret_val == -1) /* Error received from call to select */
{
if (errno == EINTR)
{
continue;
}
else
{
CfOut(cf_error, "select", "select failed");
exit(1);
}
}
else if (!ret_val) /* No data waiting, we must have timed out! */
{
continue;
}
CfOut(cf_verbose, "", " -> Accepting a connection\n");
if ((sd_reply = accept(sd, (struct sockaddr *) &cin, &addrlen)) != -1)
{
char ipaddr[CF_MAXVARSIZE];
memset(ipaddr, 0, CF_MAXVARSIZE);
ThreadLock(cft_getaddr);
snprintf(ipaddr, CF_MAXVARSIZE - 1, "%s", sockaddr_ntop((struct sockaddr *) &cin));
ThreadUnlock(cft_getaddr);
ServerEntryPoint(sd_reply, ipaddr, SV);
}
}
}
}
/* Might be called back from NovaWin_StartExecService */
void StartServer(EvalContext *ctx, Policy *policy, GenericAgentConfig *config, ExecConfig *exec_config)
{
#if !defined(__MINGW32__)
time_t now = time(NULL);
#endif
pthread_attr_init(&threads_attrs);
pthread_attr_setdetachstate(&threads_attrs, PTHREAD_CREATE_DETACHED);
pthread_attr_setstacksize(&threads_attrs, (size_t)2048*1024);
Banner("Starting executor");
#ifndef __MINGW32__
if (!ONCE)
{
/* Kill previous instances of cf-execd if those are still running */
Apoptosis();
}
#endif
#ifdef __MINGW32__
if (!NO_FORK)
{
CfOut(OUTPUT_LEVEL_VERBOSE, "", "Windows does not support starting processes in the background - starting in foreground");
}
#else /* !__MINGW32__ */
if ((!NO_FORK) && (fork() != 0))
{
CfOut(OUTPUT_LEVEL_INFORM, "", "cf-execd starting %.24s\n", cf_ctime(&now));
_exit(0);
}
if (!NO_FORK)
{
ActAsDaemon(0);
}
#endif /* !__MINGW32__ */
WritePID("cf-execd.pid");
signal(SIGINT, HandleSignalsForDaemon);
signal(SIGTERM, HandleSignalsForDaemon);
signal(SIGHUP, SIG_IGN);
signal(SIGPIPE, SIG_IGN);
signal(SIGUSR1, HandleSignalsForDaemon);
signal(SIGUSR2, HandleSignalsForDaemon);
umask(077);
if (ONCE)
{
LocalExec(exec_config);
CloseLog();
}
else
{
while (!IsPendingTermination())
{
if (ScheduleRun(ctx, &policy, config, exec_config))
{
CfOut(OUTPUT_LEVEL_VERBOSE, "", "Sleeping for splaytime %d seconds\n\n", exec_config->splay_time);
sleep(exec_config->splay_time);
if (!LocalExecInThread(exec_config))
{
CfOut(OUTPUT_LEVEL_INFORM, "", "Unable to run agent in thread, falling back to blocking execution");
LocalExec(exec_config);
}
}
}
}
}
/**
* Currently this function returns false when we want the connection
* closed, and true, when we want to proceed further with requests.
*
* @TODO So we need this function to return more than true/false, because now
* we return true even when access is denied! E.g. return -1 for error, 0 on
* success, 1 on access denied. It can be an option if connection will close
* on denial.
*/
bool BusyWithNewProtocol(EvalContext *ctx, ServerConnectionState *conn)
{
/* The CF_BUFEXT extra space is there to ensure we're not *reading* out of
* bounds in commands that carry extra binary arguments, like MD5. */
char recvbuffer[CF_BUFSIZE + CF_BUFEXT] = { 0 };
/* This size is the max we can SendTransaction(). */
char sendbuffer[CF_BUFSIZE - CF_INBAND_OFFSET] = { 0 };
char filename[CF_BUFSIZE + 1]; /* +1 for appending slash sometimes */
ServerFileGetState get_args = { 0 };
/* We already encrypt because of the TLS layer, no need to encrypt more. */
const int encrypted = 0;
/* Legacy stuff only for old protocol. */
assert(conn->rsa_auth == 1);
assert(conn->user_data_set == 1);
/* Receive up to CF_BUFSIZE - 1 bytes. */
const int received = ReceiveTransaction(conn->conn_info,
recvbuffer, NULL);
if (received == -1)
{
/* Already Log()ged in case of error. */
return false;
}
if (received > CF_BUFSIZE - 1)
{
UnexpectedError("Received transaction of size %d", received);
return false;
}
if (strlen(recvbuffer) == 0)
{
Log(LOG_LEVEL_WARNING,
"Got NULL transmission (of size %d)", received);
return true;
}
/* Don't process request if we're signalled to exit. */
if (IsPendingTermination())
{
Log(LOG_LEVEL_VERBOSE, "Server must exit, closing connection");
return false;
}
/* TODO break recvbuffer here: command, param1, param2 etc. */
switch (GetCommandNew(recvbuffer))
{
case PROTOCOL_COMMAND_EXEC:
{
const size_t EXEC_len = strlen(PROTOCOL_NEW[PROTOCOL_COMMAND_EXEC]);
/* Assert recvbuffer starts with EXEC. */
assert(strncmp(PROTOCOL_NEW[PROTOCOL_COMMAND_EXEC],
recvbuffer, EXEC_len) == 0);
char *args = &recvbuffer[EXEC_len];
args += strspn(args, " \t"); /* bypass spaces */
Log(LOG_LEVEL_VERBOSE, "%14s %7s %s",
"Received:", "EXEC", args);
bool b = DoExec2(ctx, conn, args,
sendbuffer, sizeof(sendbuffer));
/* In the end we might keep the connection open (return true) to be
* ready for next requests, but we must always send the TERMINATOR
* string so that the client can close the connection at will. */
Terminate(conn->conn_info);
return b;
}
case PROTOCOL_COMMAND_VERSION:
snprintf(sendbuffer, sizeof(sendbuffer), "OK: %s", Version());
SendTransaction(conn->conn_info, sendbuffer, 0, CF_DONE);
return true;
case PROTOCOL_COMMAND_GET:
{
int ret = sscanf(recvbuffer, "GET %d %[^\n]",
&(get_args.buf_size), filename);
if (ret != 2 ||
get_args.buf_size <= 0 || get_args.buf_size > CF_BUFSIZE)
{
goto protocol_error;
}
Log(LOG_LEVEL_VERBOSE, "%14s %7s %s",
"Received:", "GET", filename);
/* TODO batch all the following in one function since it's very
* similar in all of GET, OPENDIR and STAT. */
size_t zret = ShortcutsExpand(filename, sizeof(filename),
SV.path_shortcuts,
conn->ipaddr, conn->revdns,
KeyPrintableHash(ConnectionInfoKey(conn->conn_info)));
if (zret == (size_t) -1)
{
goto protocol_error;
}
zret = PreprocessRequestPath(filename, sizeof(filename));
if (zret == (size_t) -1)
{
RefuseAccess(conn, recvbuffer);
return true;
}
PathRemoveTrailingSlash(filename, strlen(filename));
Log(LOG_LEVEL_VERBOSE, "%14s %7s %s",
"Translated to:", "GET", filename);
if (acl_CheckPath(paths_acl, filename,
conn->ipaddr, conn->revdns,
KeyPrintableHash(ConnectionInfoKey(conn->conn_info)))
== false)
{
Log(LOG_LEVEL_INFO, "access denied to GET: %s", filename);
RefuseAccess(conn, recvbuffer);
return true;
}
memset(sendbuffer, 0, sizeof(sendbuffer));
if (get_args.buf_size >= CF_BUFSIZE)
{
get_args.buf_size = 2048;
}
/* TODO eliminate! */
get_args.conn = conn;
get_args.encrypt = false;
get_args.replybuff = sendbuffer;
get_args.replyfile = filename;
CfGetFile(&get_args);
return true;
}
case PROTOCOL_COMMAND_OPENDIR:
{
memset(filename, 0, sizeof(filename));
int ret = sscanf(recvbuffer, "OPENDIR %[^\n]", filename);
if (ret != 1)
{
goto protocol_error;
}
Log(LOG_LEVEL_VERBOSE, "%14s %7s %s",
"Received:", "OPENDIR", filename);
/* sizeof()-1 because we need one extra byte for
appending '/' afterwards. */
size_t zret = ShortcutsExpand(filename, sizeof(filename) - 1,
SV.path_shortcuts,
conn->ipaddr, conn->revdns,
KeyPrintableHash(ConnectionInfoKey(conn->conn_info)));
if (zret == (size_t) -1)
{
goto protocol_error;
}
zret = PreprocessRequestPath(filename, sizeof(filename) - 1);
if (zret == (size_t) -1)
{
RefuseAccess(conn, recvbuffer);
return true;
}
/* OPENDIR *must* be directory. */
PathAppendTrailingSlash(filename, strlen(filename));
Log(LOG_LEVEL_VERBOSE, "%14s %7s %s",
"Translated to:", "OPENDIR", filename);
if (acl_CheckPath(paths_acl, filename,
conn->ipaddr, conn->revdns,
KeyPrintableHash(ConnectionInfoKey(conn->conn_info)))
== false)
{
Log(LOG_LEVEL_INFO, "access denied to OPENDIR: %s", filename);
RefuseAccess(conn, recvbuffer);
return true;
}
CfOpenDirectory(conn, sendbuffer, filename);
return true;
}
case PROTOCOL_COMMAND_SYNCH:
{
long time_no_see = 0;
memset(filename, 0, sizeof(filename));
int ret = sscanf(recvbuffer, "SYNCH %ld STAT %[^\n]",
&time_no_see, filename);
if (ret != 2 || filename[0] == '\0')
{
goto protocol_error;
}
time_t tloc = time(NULL);
if (tloc == -1)
{
/* Should never happen. */
Log(LOG_LEVEL_ERR, "Couldn't read system clock. (time: %s)", GetErrorStr());
SendTransaction(conn->conn_info, "BAD: clocks out of synch", 0, CF_DONE);
return true;
}
time_t trem = (time_t) time_no_see;
int drift = (int) (tloc - trem);
Log(LOG_LEVEL_VERBOSE, "%14s %7s %s",
"Received:", "STAT", filename);
/* sizeof()-1 because we need one extra byte for
appending '/' afterwards. */
size_t zret = ShortcutsExpand(filename, sizeof(filename) - 1,
SV.path_shortcuts,
conn->ipaddr, conn->revdns,
KeyPrintableHash(ConnectionInfoKey(conn->conn_info)));
if (zret == (size_t) -1)
{
goto protocol_error;
}
zret = PreprocessRequestPath(filename, sizeof(filename) - 1);
if (zret == (size_t) -1)
{
RefuseAccess(conn, recvbuffer);
return true;
}
if (IsDirReal(filename) == 1)
{
PathAppendTrailingSlash(filename, strlen(filename));
}
else
{
PathRemoveTrailingSlash(filename, strlen(filename));
}
Log(LOG_LEVEL_VERBOSE, "%14s %7s %s",
"Translated to:", "STAT", filename);
if (acl_CheckPath(paths_acl, filename,
conn->ipaddr, conn->revdns,
KeyPrintableHash(ConnectionInfoKey(conn->conn_info)))
== false)
{
Log(LOG_LEVEL_INFO, "access denied to STAT: %s", filename);
RefuseAccess(conn, recvbuffer);
return true;
}
Log(LOG_LEVEL_DEBUG, "Clocks were off by %ld",
(long) tloc - (long) trem);
if (DENYBADCLOCKS && (drift * drift > CLOCK_DRIFT * CLOCK_DRIFT))
{
snprintf(sendbuffer, sizeof(sendbuffer),
"BAD: Clocks are too far unsynchronized %ld/%ld",
(long) tloc, (long) trem);
Log(LOG_LEVEL_INFO, "denybadclocks %s", sendbuffer);
SendTransaction(conn->conn_info, sendbuffer, 0, CF_DONE);
return true;
}
StatFile(conn, sendbuffer, filename);
return true;
}
case PROTOCOL_COMMAND_MD5:
{
int ret = sscanf(recvbuffer, "MD5 %[^\n]", filename);
if (ret != 1)
{
goto protocol_error;
}
Log(LOG_LEVEL_VERBOSE, "%14s %7s %s",
"Received:", "MD5", filename);
/* TODO batch all the following in one function since it's very
* similar in all of GET, OPENDIR and STAT. */
size_t zret = ShortcutsExpand(filename, sizeof(filename),
SV.path_shortcuts,
conn->ipaddr, conn->revdns,
KeyPrintableHash(ConnectionInfoKey(conn->conn_info)));
if (zret == (size_t) -1)
{
goto protocol_error;
}
zret = PreprocessRequestPath(filename, sizeof(filename));
if (zret == (size_t) -1)
{
RefuseAccess(conn, recvbuffer);
return true;
}
PathRemoveTrailingSlash(filename, strlen(filename));
Log(LOG_LEVEL_VERBOSE, "%14s %7s %s",
"Translated to:", "MD5", filename);
if (acl_CheckPath(paths_acl, filename,
conn->ipaddr, conn->revdns,
KeyPrintableHash(ConnectionInfoKey(conn->conn_info)))
== false)
{
Log(LOG_LEVEL_INFO, "access denied to file: %s", filename);
RefuseAccess(conn, recvbuffer);
return true;
}
assert(CF_DEFAULT_DIGEST_LEN <= EVP_MAX_MD_SIZE);
unsigned char digest[EVP_MAX_MD_SIZE + 1];
assert(CF_BUFSIZE + CF_SMALL_OFFSET + CF_DEFAULT_DIGEST_LEN
<= sizeof(recvbuffer));
memcpy(digest, recvbuffer + strlen(recvbuffer) + CF_SMALL_OFFSET,
CF_DEFAULT_DIGEST_LEN);
CompareLocalHash(filename, digest, sendbuffer);
SendTransaction(conn->conn_info, sendbuffer, 0, CF_DONE);
return true;
}
case PROTOCOL_COMMAND_VAR:
{
char var[256];
int ret = sscanf(recvbuffer, "VAR %255[^\n]", var);
if (ret != 1)
{
goto protocol_error;
}
/* TODO if this is literals_acl, then when should I check vars_acl? */
if (acl_CheckExact(literals_acl, var,
conn->ipaddr, conn->revdns,
KeyPrintableHash(ConnectionInfoKey(conn->conn_info)))
== false)
{
Log(LOG_LEVEL_INFO, "access denied to variable: %s", var);
RefuseAccess(conn, recvbuffer);
return true;
}
GetServerLiteral(ctx, conn, sendbuffer, recvbuffer, encrypted);
return true;
}
case PROTOCOL_COMMAND_CONTEXT:
{
char client_regex[256];
int ret = sscanf(recvbuffer, "CONTEXT %255[^\n]", client_regex);
if (ret != 1)
{
goto protocol_error;
}
Log(LOG_LEVEL_VERBOSE, "%14s %7s %s",
"Received:", "CONTEXT", client_regex);
/* WARNING: this comes from legacy code and must be killed if we care
* about performance. We should not accept regular expressions from
* the client, but this will break backwards compatibility.
*
* I replicated the code in raw form here to emphasize complexity,
* it's the only *slow* command currently in the protocol. */
Item *persistent_classes = ListPersistentClasses();
Item *matched_classes = NULL;
/* For all persistent classes */
for (Item *ip = persistent_classes; ip != NULL; ip = ip->next)
{
const char *class_name = ip->name;
/* Does this class match the regex the client sent? */
if (StringMatchFull(client_regex, class_name))
{
/* Is this class allowed to be given to the specific
* host, according to the regexes in the ACLs? */
if (acl_CheckRegex(classes_acl, class_name,
conn->ipaddr, conn->revdns,
KeyPrintableHash(ConnectionInfoKey(conn->conn_info)),
NULL)
== true)
{
Log(LOG_LEVEL_DEBUG, "Access granted to class: %s",
class_name);
PrependItem(&matched_classes, class_name, NULL);
}
}
}
if (matched_classes == NULL)
{
Log(LOG_LEVEL_INFO,
"No allowed classes for remoteclassesmatching: %s",
client_regex);
RefuseAccess(conn, recvbuffer);
return true;
}
ReplyServerContext(conn, encrypted, matched_classes);
return true;
}
case PROTOCOL_COMMAND_QUERY:
{
char query[256], name[128];
int ret1 = sscanf(recvbuffer, "QUERY %255[^\n]", query);
int ret2 = sscanf(recvbuffer, "QUERY %127s", name);
if (ret1 != 1 || ret2 != 1)
{
goto protocol_error;
}
if (acl_CheckExact(query_acl, name,
conn->ipaddr, conn->revdns,
KeyPrintableHash(ConnectionInfoKey(conn->conn_info)))
== false)
{
Log(LOG_LEVEL_INFO, "access denied to query: %s", query);
RefuseAccess(conn, recvbuffer);
return true;
}
if (GetServerQuery(conn, recvbuffer, encrypted))
{
return true;
}
break;
}
case PROTOCOL_COMMAND_CALL_ME_BACK:
/* Server side, handing the collect call off to cf-hub. */
if (acl_CheckExact(query_acl, "collect_calls",
conn->ipaddr, conn->revdns,
KeyPrintableHash(ConnectionInfoKey(conn->conn_info)))
== false)
{
Log(LOG_LEVEL_INFO,
"access denied to Call-Collect, check the ACL for class: collect_calls");
return false;
}
ReceiveCollectCall(conn);
/* On success that returned true; otherwise, it did all
* relevant Log()ging. Either way, we're no longer busy with
* it and our caller can close the connection: */
return false;
case PROTOCOL_COMMAND_BAD:
Log(LOG_LEVEL_WARNING, "Unexpected protocol command: %s", recvbuffer);
}
/* We should only reach this point if something went really bad, and
* close connection. In all other cases (like access denied) connection
* shouldn't be closed.
*/
protocol_error:
strcpy(sendbuffer, "BAD: Request denied");
SendTransaction(conn->conn_info, sendbuffer, 0, CF_DONE);
Log(LOG_LEVEL_INFO,
"Closing connection due to illegal request: %s", recvbuffer);
return false;
}
