void GenericAgentInitialize(EvalContext *ctx, GenericAgentConfig *config) { int force = false; struct stat statbuf, sb; char vbuff[CF_BUFSIZE]; char ebuff[CF_EXPANDSIZE]; #ifdef __MINGW32__ InitializeWindows(); #endif DetermineCfenginePort(); EvalContextClassPutHard(ctx, "any", "source=agent"); GenericAgentAddEditionClasses(ctx); strcpy(VPREFIX, GetConsolePrefix()); /* Define trusted directories */ { const char *workdir = GetWorkDir(); if (!workdir) { FatalError(ctx, "Error determining working directory"); } strcpy(CFWORKDIR, workdir); MapName(CFWORKDIR); } OpenLog(LOG_USER); SetSyslogFacility(LOG_USER); Log(LOG_LEVEL_VERBOSE, "Work directory is %s", CFWORKDIR); snprintf(vbuff, CF_BUFSIZE, "%s%cupdate.conf", GetInputDir(), FILE_SEPARATOR); MakeParentDirectory(vbuff, force); snprintf(vbuff, CF_BUFSIZE, "%s%cbin%ccf-agent -D from_cfexecd", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR); MakeParentDirectory(vbuff, force); snprintf(vbuff, CF_BUFSIZE, "%s%coutputs%cspooled_reports", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR); MakeParentDirectory(vbuff, force); snprintf(vbuff, CF_BUFSIZE, "%s%clastseen%cintermittencies", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR); MakeParentDirectory(vbuff, force); snprintf(vbuff, CF_BUFSIZE, "%s%creports%cvarious", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR); MakeParentDirectory(vbuff, force); snprintf(vbuff, CF_BUFSIZE, "%s", GetInputDir()); if (stat(vbuff, &sb) == -1) { FatalError(ctx, " No access to WORKSPACE/inputs dir"); } else { chmod(vbuff, sb.st_mode | 0700); } snprintf(vbuff, CF_BUFSIZE, "%s%coutputs", CFWORKDIR, FILE_SEPARATOR); if (stat(vbuff, &sb) == -1) { FatalError(ctx, " No access to WORKSPACE/outputs dir"); } else { chmod(vbuff, sb.st_mode | 0700); } snprintf(ebuff, sizeof(ebuff), "%s%cstate%ccf_procs", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR); MakeParentDirectory(ebuff, force); if (stat(ebuff, &statbuf) == -1) { CreateEmptyFile(ebuff); } snprintf(ebuff, sizeof(ebuff), "%s%cstate%ccf_rootprocs", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR); if (stat(ebuff, &statbuf) == -1) { CreateEmptyFile(ebuff); } snprintf(ebuff, sizeof(ebuff), "%s%cstate%ccf_otherprocs", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR); if (stat(ebuff, &statbuf) == -1) { CreateEmptyFile(ebuff); } snprintf(ebuff, sizeof(ebuff), "%s%cstate%cprevious_state%c", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR, FILE_SEPARATOR); MakeParentDirectory(ebuff, force); snprintf(ebuff, sizeof(ebuff), "%s%cstate%cdiff%c", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR, FILE_SEPARATOR); MakeParentDirectory(ebuff, force); snprintf(ebuff, sizeof(ebuff), "%s%cstate%cuntracked%c", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR, FILE_SEPARATOR); MakeParentDirectory(ebuff, force); OpenNetwork(); CryptoInitialize(); CheckWorkingDirectories(ctx); /* Initialize keys and networking. cf-key, doesn't need keys. In fact it must function properly even without them, so that it generates them! */ if (config->agent_type != AGENT_TYPE_KEYGEN) { LoadSecretKeys(); char *bootstrapped_policy_server = ReadPolicyServerFile(CFWORKDIR); PolicyHubUpdateKeys(bootstrapped_policy_server); free(bootstrapped_policy_server); cfnet_init(); } size_t cwd_size = PATH_MAX; while (true) { char cwd[cwd_size]; if (!getcwd(cwd, cwd_size)) { if (errno == ERANGE) { cwd_size *= 2; continue; } Log(LOG_LEVEL_WARNING, "Could not determine current directory. (getcwd: '%s')", GetErrorStr()); break; } EvalContextSetLaunchDirectory(ctx, cwd); break; } if (!MINUSF) { GenericAgentConfigSetInputFile(config, GetInputDir(), "promises.cf"); } VIFELAPSED = 1; VEXPIREAFTER = 1; setlinebuf(stdout); if (config->agent_specific.agent.bootstrap_policy_server) { snprintf(vbuff, CF_BUFSIZE, "%s%cfailsafe.cf", GetInputDir(), FILE_SEPARATOR); if (stat(vbuff, &statbuf) == -1) { GenericAgentConfigSetInputFile(config, GetInputDir(), "failsafe.cf"); } else { GenericAgentConfigSetInputFile(config, GetInputDir(), vbuff); } } }
void GenericAgentInitialize(EvalContext *ctx, GenericAgentConfig *config) { int force = false; struct stat statbuf, sb; char vbuff[CF_BUFSIZE]; char ebuff[CF_EXPANDSIZE]; SHORT_CFENGINEPORT = htons((unsigned short) 5308); snprintf(STR_CFENGINEPORT, 15, "5308"); EvalContextHeapAddHard(ctx, "any"); strcpy(VPREFIX, GetConsolePrefix()); /* Define trusted directories */ { const char *workdir = GetWorkDir(); if (!workdir) { FatalError(ctx, "Error determining working directory"); } strcpy(CFWORKDIR, workdir); MapName(CFWORKDIR); } /* On windows, use 'binary mode' as default for files */ #ifdef __MINGW32__ _fmode = _O_BINARY; #endif OpenLog(LOG_USER); SetSyslogFacility(LOG_USER); if (!LOOKUP) /* cf-know should not do this in lookup mode */ { Log(LOG_LEVEL_VERBOSE, "Work directory is %s", CFWORKDIR); snprintf(vbuff, CF_BUFSIZE, "%s%cinputs%cupdate.conf", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR); MakeParentDirectory(vbuff, force); snprintf(vbuff, CF_BUFSIZE, "%s%cbin%ccf-agent -D from_cfexecd", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR); MakeParentDirectory(vbuff, force); snprintf(vbuff, CF_BUFSIZE, "%s%coutputs%cspooled_reports", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR); MakeParentDirectory(vbuff, force); snprintf(vbuff, CF_BUFSIZE, "%s%clastseen%cintermittencies", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR); MakeParentDirectory(vbuff, force); snprintf(vbuff, CF_BUFSIZE, "%s%creports%cvarious", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR); MakeParentDirectory(vbuff, force); snprintf(vbuff, CF_BUFSIZE, "%s%cinputs", CFWORKDIR, FILE_SEPARATOR); if (stat(vbuff, &sb) == -1) { FatalError(ctx, " No access to WORKSPACE/inputs dir"); } else { chmod(vbuff, sb.st_mode | 0700); } snprintf(vbuff, CF_BUFSIZE, "%s%coutputs", CFWORKDIR, FILE_SEPARATOR); if (stat(vbuff, &sb) == -1) { FatalError(ctx, " No access to WORKSPACE/outputs dir"); } else { chmod(vbuff, sb.st_mode | 0700); } sprintf(ebuff, "%s%cstate%ccf_procs", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR); MakeParentDirectory(ebuff, force); if (stat(ebuff, &statbuf) == -1) { CreateEmptyFile(ebuff); } sprintf(ebuff, "%s%cstate%ccf_rootprocs", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR); if (stat(ebuff, &statbuf) == -1) { CreateEmptyFile(ebuff); } sprintf(ebuff, "%s%cstate%ccf_otherprocs", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR); if (stat(ebuff, &statbuf) == -1) { CreateEmptyFile(ebuff); } } OpenNetwork(); CryptoInitialize(); if (!LOOKUP) { CheckWorkingDirectories(ctx); } const char *bootstrapped_policy_server = ReadPolicyServerFile(CFWORKDIR); /* Initialize keys and networking. cf-key, doesn't need keys. In fact it must function properly even without them, so that it generates them! */ if (config->agent_type != AGENT_TYPE_KEYGEN) { LoadSecretKeys(bootstrapped_policy_server); cfnet_init(); } if (!MINUSF) { GenericAgentConfigSetInputFile(config, GetWorkDir(), "promises.cf"); } DetermineCfenginePort(); VIFELAPSED = 1; VEXPIREAFTER = 1; setlinebuf(stdout); if (config->agent_specific.agent.bootstrap_policy_server) { snprintf(vbuff, CF_BUFSIZE, "%s%cinputs%cfailsafe.cf", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR); #ifndef HAVE_ENTERPRISE if (stat(vbuff, &statbuf) == -1) { GenericAgentConfigSetInputFile(config, GetWorkDir(), "failsafe.cf"); } else #endif { GenericAgentConfigSetInputFile(config, GetWorkDir(), vbuff); } } }
static GenericAgentConfig *CheckOpts(int argc, char **argv) { extern char *optarg; char *sp; int optindex = 0; int c, alpha = false, v6 = false; GenericAgentConfig *config = GenericAgentConfigNewDefault(AGENT_TYPE_AGENT); /* Because of the MacOS linker we have to call this from each agent individually before Generic Initialize */ POLICY_SERVER[0] = '\0'; while ((c = getopt_long(argc, argv, "rdvnKIf:D:N:Vs:x:MBb:h", OPTIONS, &optindex)) != EOF) { switch ((char) c) { case 'f': if (optarg && strlen(optarg) < 5) { FatalError(" -f used but argument \"%s\" incorrect", optarg); } GenericAgentConfigSetInputFile(config, optarg); MINUSF = true; break; case 'b': if (optarg) { config->bundlesequence = SplitStringAsRList(optarg, ','); CBUNDLESEQUENCE_STR = optarg; } break; case 'd': HardClass("opt_debug"); DEBUG = true; break; case 'B': BOOTSTRAP = true; MINUSF = true; GenericAgentConfigSetInputFile(config, "promises.cf"); IGNORELOCK = true; HardClass("bootstrap_mode"); break; case 's': if(IsLoopbackAddress(optarg)) { FatalError("Use a non-loopback address when bootstrapping"); } // temporary assure that network functions are working OpenNetwork(); strncpy(POLICY_SERVER, Hostname2IPString(optarg), CF_BUFSIZE - 1); CloseNetwork(); for (sp = POLICY_SERVER; *sp != '\0'; sp++) { if (isalpha((int)*sp)) { alpha = true; } if (ispunct((int)*sp) && *sp != ':' && *sp != '.') { alpha = true; } if (*sp == ':') { v6 = true; } } if (alpha && !v6) { FatalError ("Error specifying policy server. The policy server's IP address could not be looked up. Please use the IP address instead if there is no error."); } break; case 'K': IGNORELOCK = true; break; case 'D': NewClassesFromString(optarg); break; case 'N': NegateClassesFromString(optarg); break; case 'I': INFORM = true; break; case 'v': VERBOSE = true; break; case 'n': DONTDO = true; IGNORELOCK = true; HardClass("opt_dry_run"); break; case 'V': PrintVersionBanner("cf-agent"); exit(0); case 'h': Syntax("cf-agent - cfengine's change agent", OPTIONS, HINTS, ID); exit(0); case 'M': ManPage("cf-agent - cfengine's change agent", OPTIONS, HINTS, ID); exit(0); case 'x': CfOut(cf_error, "", "Self-diagnostic functionality is retired"); exit(0); case 'r': SHOWREPORTS = true; break; default: Syntax("cf-agent - cfengine's change agent", OPTIONS, HINTS, ID); exit(1); } } if (argv[optind] != NULL) { CfOut(cf_error, "", "Unexpected argument with no preceding option: %s\n", argv[optind]); FatalError("Aborted"); } CfDebug("Set debugging\n"); return config; }
void CheckOpts(int argc,char **argv) { extern char *optarg; char arg[CF_BUFSIZE],*sp; int optindex = 0; int c,alpha = false,v6 = false; /* Because of the MacOS linker we have to call this from each agent individually before Generic Initialize */ POLICY_SERVER[0] = '\0'; while ((c=getopt_long(argc,argv,"rd:vnKIf:D:N:Vs:x:MBb:",OPTIONS,&optindex)) != EOF) { switch ((char) c) { case 'f': if (optarg == NULL) { FatalError(" -f used but no argument"); } if (optarg && strlen(optarg) < 5) { snprintf(arg,CF_MAXVARSIZE," -f used but argument \"%s\" incorrect",optarg); FatalError(arg); } strncpy(VINPUTFILE,optarg,CF_BUFSIZE-1); MINUSF = true; break; case 'b': if (optarg) { CBUNDLESEQUENCE = SplitStringAsRList(optarg,','); CBUNDLESEQUENCE_STR = optarg; } break; case 'd': NewClass("opt_debug"); switch ((optarg==NULL) ? '3' : *optarg) { case '1': D1 = true; DEBUG = true; break; case '2': D2 = true; DEBUG = true; break; default: DEBUG = true; break; } break; case 'B': BOOTSTRAP = true; MINUSF = true; IGNORELOCK = true; NewClass("bootstrap_mode"); break; case 's': // temporary assure that network functions are working OpenNetwork(); strncpy(POLICY_SERVER,Hostname2IPString(optarg),CF_BUFSIZE-1); CloseNetwork(); for (sp = POLICY_SERVER; *sp != '\0'; sp++) { if (isalpha(*sp)) { alpha = true; } if (ispunct(*sp) && *sp != ':' && *sp != '.') { alpha = true; } if (*sp == ':') { v6 = true; } } if (alpha && !v6) { FatalError("Error specifying policy server. The policy server's IP address could not be looked up. Please use the IP address instead if there is no error."); } break; case 'K': IGNORELOCK = true; break; case 'D': NewClassesFromString(optarg); break; case 'N': NegateClassesFromString(optarg,&VNEGHEAP); break; case 'I': INFORM = true; break; case 'v': VERBOSE = true; break; case 'n': DONTDO = true; IGNORELOCK = true; NewClass("opt_dry_run"); break; case 'V': PrintVersionBanner("cf-agent"); exit(0); case 'h': Syntax("cf-agent - cfengine's change agent",OPTIONS,HINTS,ID); exit(0); case 'M': ManPage("cf-agent - cfengine's change agent",OPTIONS,HINTS,ID); exit(0); case 'x': AgentDiagnostic(optarg); exit(0); case 'r': SHOWREPORTS = true; break; default: Syntax("cf-agent - cfengine's change agent",OPTIONS,HINTS,ID); exit(1); } } if (argv[optind] != NULL) { CfOut(cf_error,"","Unexpected argument with no preceding option: %s\n",argv[optind]); FatalError("Aborted"); } Debug("Set debugging\n"); }
void InitializeGA(int argc,char *argv[]) { int seed,force = false; struct stat statbuf,sb; unsigned char s[16]; char vbuff[CF_BUFSIZE]; char ebuff[CF_EXPANDSIZE]; SHORT_CFENGINEPORT = htons((unsigned short)5308); snprintf(STR_CFENGINEPORT,15,"5308"); NewClass("any"); #if defined HAVE_CONSTELLATION NewClass("constellation_edition"); #elif defined HAVE_NOVA NewClass("nova_edition"); #else NewClass("community_edition"); #endif strcpy(VPREFIX,GetConsolePrefix()); if (VERBOSE) { NewClass("verbose_mode"); } if (INFORM) { NewClass("inform_mode"); } if (DEBUG) { NewClass("debug_mode"); } CfOut(cf_verbose,"","Cfengine - autonomous configuration engine - commence self-diagnostic prelude\n"); CfOut(cf_verbose,"","------------------------------------------------------------------------\n"); /* Define trusted directories */ #ifdef MINGW if(NovaWin_GetProgDir(CFWORKDIR, CF_BUFSIZE - sizeof("Cfengine"))) { strcat(CFWORKDIR, "\\Cfengine"); } else { CfOut(cf_error, "", "!! Could not get CFWORKDIR from Windows environment variable, falling back to compile time dir (%s)", WORKDIR); strcpy(CFWORKDIR,WORKDIR); } Debug("Setting CFWORKDIR=%s\n", CFWORKDIR); #elif defined(CFCYG) strcpy(CFWORKDIR,WORKDIR); MapName(CFWORKDIR); #else if (getuid() > 0) { strncpy(CFWORKDIR,GetHome(getuid()),CF_BUFSIZE-10); strcat(CFWORKDIR,"/.cfagent"); if (strlen(CFWORKDIR) > CF_BUFSIZE/2) { FatalError("Suspicious looking home directory. The path is too long and will lead to problems."); } } else { strcpy(CFWORKDIR,WORKDIR); } #endif /* On windows, use 'binary mode' as default for files */ #ifdef MINGW _fmode = _O_BINARY; #endif strcpy(SYSLOGHOST,"localhost"); SYSLOGPORT = htons(514); Cf3OpenLog(LOG_USER); if (!LOOKUP) /* cf-know should not do this in lookup mode */ { CfOut(cf_verbose,"","Work directory is %s\n",CFWORKDIR); snprintf(HASHDB,CF_BUFSIZE-1,"%s%c%s",CFWORKDIR,FILE_SEPARATOR,CF_CHKDB); snprintf(vbuff,CF_BUFSIZE,"%s%cinputs%cupdate.conf",CFWORKDIR,FILE_SEPARATOR,FILE_SEPARATOR); MakeParentDirectory(vbuff,force); snprintf(vbuff,CF_BUFSIZE,"%s%cbin%ccf-agent -D from_cfexecd",CFWORKDIR,FILE_SEPARATOR,FILE_SEPARATOR); MakeParentDirectory(vbuff,force); snprintf(vbuff,CF_BUFSIZE,"%s%coutputs%cspooled_reports",CFWORKDIR,FILE_SEPARATOR,FILE_SEPARATOR); MakeParentDirectory(vbuff,force); snprintf(vbuff,CF_BUFSIZE,"%s%clastseen%cintermittencies",CFWORKDIR,FILE_SEPARATOR,FILE_SEPARATOR); MakeParentDirectory(vbuff,force); snprintf(vbuff,CF_BUFSIZE,"%s%creports%cvarious",CFWORKDIR,FILE_SEPARATOR,FILE_SEPARATOR); MakeParentDirectory(vbuff,force); snprintf(vbuff,CF_BUFSIZE,"%s%cinputs",CFWORKDIR,FILE_SEPARATOR); if (cfstat(vbuff,&sb) == -1) { FatalError(" !!! No access to WORKSPACE/inputs dir"); } else { cf_chmod(vbuff,sb.st_mode | 0700); } snprintf(vbuff,CF_BUFSIZE,"%s%coutputs",CFWORKDIR,FILE_SEPARATOR); if (cfstat(vbuff,&sb) == -1) { FatalError(" !!! No access to WORKSPACE/outputs dir"); } else { cf_chmod(vbuff,sb.st_mode | 0700); } sprintf(ebuff,"%s%cstate%ccf_procs",CFWORKDIR,FILE_SEPARATOR,FILE_SEPARATOR); MakeParentDirectory(ebuff,force); if (cfstat(ebuff,&statbuf) == -1) { CreateEmptyFile(ebuff); } sprintf(ebuff,"%s%cstate%ccf_rootprocs",CFWORKDIR,FILE_SEPARATOR,FILE_SEPARATOR); if (cfstat(ebuff,&statbuf) == -1) { CreateEmptyFile(ebuff); } sprintf(ebuff,"%s%cstate%ccf_otherprocs",CFWORKDIR,FILE_SEPARATOR,FILE_SEPARATOR); if (cfstat(ebuff,&statbuf) == -1) { CreateEmptyFile(ebuff); } } OpenNetwork(); /* Init crypto stuff */ OpenSSL_add_all_algorithms(); OpenSSL_add_all_digests(); ERR_load_crypto_strings(); if(!LOOKUP) { CheckWorkingDirectories(); } RandomSeed(); RAND_bytes(s,16); s[15] = '\0'; seed = ElfHash(s); srand48((long)seed); LoadSecretKeys(); /* CheckOpts(argc,argv); - MacOS can't handle this back reference */ if (!MINUSF) { snprintf(VINPUTFILE,CF_BUFSIZE-1,"promises.cf"); } AUDITDBP = NULL; DetermineCfenginePort(); VIFELAPSED = 1; VEXPIREAFTER = 1; setlinebuf(stdout); if (BOOTSTRAP) { snprintf(vbuff,CF_BUFSIZE,"%s%cinputs%cfailsafe.cf",CFWORKDIR,FILE_SEPARATOR,FILE_SEPARATOR); if (!IsEnterprise() && cfstat(vbuff,&statbuf) == -1) { snprintf(VINPUTFILE,CF_BUFSIZE-1,".%cfailsafe.cf",FILE_SEPARATOR); } else { strncpy(VINPUTFILE,vbuff,CF_BUFSIZE-1); } } }
int IpAddr2Name(char *hostname) { #if !TARGET_API_MAC_CARBON struct hostInfo hInfoMacTCP; OSErr err; int cnt, tmp; char *cptr; Boolean done; #endif OSStatus lStatus; InetHost lHostAddr; if (!slNetChecked) { slNetPresent = OpenNetwork(); slNetChecked = 1; } if (slNetPresent == 1) { /* turn ascii with periods into a long */ lStatus = OTInetStringToHost(hostname, &lHostAddr); if (lStatus != noErr) return 0; /* turn the long into a reverse-resolved name */ sSvcRef.done=false; lStatus=OTInetAddressToName(sSvcRef.ref,lHostAddr,hostname); if (!lStatus) { do { MacIdle(); } while (!sSvcRef.done); lStatus=sSvcRef.result; } if (!lStatus) { if (hostname[strlen(hostname)-1]=='.') hostname[strlen(hostname)-1]=0; return(1); } } #if !TARGET_API_MAC_CARBON else if (slNetPresent==2) { lHostAddr=0; cptr=hostname; for (cnt=0; cnt<4; ++cnt) { if (!ISDIGIT(*cptr)) return(0); tmp=atoi(cptr); if (tmp<0 || tmp>255) return(0); lHostAddr=(lHostAddr<<8)|tmp; while (ISDIGIT(*cptr)) ++cptr; if (cnt!=3 && *cptr!='.') return(0); ++cptr; } memset(&hInfoMacTCP, 0, sizeof(hInfoMacTCP)); done=false; err = AddrToName(lHostAddr, &hInfoMacTCP, gMacTCPDNRResultProcUPP, (char*)&done); if (err == cacheFault) { while (!done) MacIdle(); err = hInfoMacTCP.rtnCode; } if (err == noErr) { hInfoMacTCP.cname[254] = 0; (void)strcpy(hostname, hInfoMacTCP.cname); if (hostname[strlen(hostname)-1]=='.') hostname[strlen(hostname)-1]=0; return(1); } } #endif return 0; } /* end IpAddr2Name() */