1 kumpf 1.2 /*
2 //%2006////////////////////////////////////////////////////////////////////////
3 //
4 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
5 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
6 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
7 // IBM Corp.; EMC Corporation, The Open Group.
8 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
9 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
10 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
11 // EMC Corporation; VERITAS Software Corporation; The Open Group.
12 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
13 // EMC Corporation; Symantec Corporation; The Open Group.
14 //
15 // Permission is hereby granted, free of charge, to any person obtaining a copy
16 // of this software and associated documentation files (the "Software"), to
17 // deal in the Software without restriction, including without limitation the
18 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
19 // sell copies of the Software, and to permit persons to whom the Software is
20 // furnished to do so, subject to the following conditions:
21 //
22 kumpf 1.2 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
23 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
24 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
25 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
26 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
27 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
28 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
29 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
30 //
31 //%/////////////////////////////////////////////////////////////////////////////
32 */
33
34 #include <string.h>
35 #include <unistd.h>
36 #include <ctype.h>
37 #include <fcntl.h>
38 #include "Policy.h"
39 #include "Defines.h"
40 #include "Macro.h"
41 #include "Path.h"
42 #include "Fatal.h"
43 kumpf 1.2 #include "Log.h"
44 #include "Match.h"
45 #include "Messages.h"
46 #include "Globals.h"
47 #include "Strlcat.h"
48 #include "Strlcpy.h"
49
50 /*
51 **==============================================================================
52 **
53 ** ARG()
54 **
55 ** Expands function arguments to "name, value" for use in formatted
56 ** output statements.
57 **
58 ** For example, this,
59 **
60 ** printf("%s=\"%s\"", ARG(count));
61 **
62 ** is expanded to this:
63 **
64 kumpf 1.2 ** printf("%s=\"%s\"", "count", count);
65 **
66 **==============================================================================
67 */
68
69 #define ARG(X) #X, X
70
71 /*
72 **==============================================================================
73 **
74 ** _staticPolicyTable[]
75 **
76 ** This array defines the static policy table for the executor.
77 **
78 **==============================================================================
79 */
80
81 static struct Policy _staticPolicyTable[] =
82 {
83 /* cimserver_current.conf policies */
84 {
85 kumpf 1.2 EXECUTOR_OPEN_FILE_MESSAGE,
86 "${currentConfigFilePath}",
87 "w",
88 },
89 {
90 EXECUTOR_RENAME_FILE_MESSAGE,
91 "${currentConfigFilePath}",
92 "${currentConfigFilePath}.bak",
93 },
94 {
95 EXECUTOR_REMOVE_FILE_MESSAGE,
96 "${currentConfigFilePath}",
97 NULL,
98 },
99 {
100 EXECUTOR_REMOVE_FILE_MESSAGE,
101 "${currentConfigFilePath}.bak",
102 NULL,
103 },
104 /* cimserver_planned.conf policies */
105 {
106 kumpf 1.2 EXECUTOR_OPEN_FILE_MESSAGE,
107 "${plannedConfigFilePath}",
108 "w",
109 },
110 {
111 EXECUTOR_RENAME_FILE_MESSAGE,
112 "${plannedConfigFilePath}",
113 "${plannedConfigFilePath}.bak",
114 },
115 {
116 EXECUTOR_REMOVE_FILE_MESSAGE,
117 "${plannedConfigFilePath}",
118 NULL,
119 },
120 {
121 EXECUTOR_REMOVE_FILE_MESSAGE,
122 "${plannedConfigFilePath}.bak",
123 NULL,
124 },
125 /* cimserver.passwd policies */
126 {
127 kumpf 1.2 EXECUTOR_OPEN_FILE_MESSAGE,
128 "${passwordFilePath}",
129 "w",
130 },
131 {
132 EXECUTOR_RENAME_FILE_MESSAGE,
133 "${passwordFilePath}.bak",
134 "${passwordFilePath}",
135 },
136 {
137 EXECUTOR_RENAME_FILE_MESSAGE,
138 "${passwordFilePath}",
139 "${passwordFilePath}.bak",
140 },
141 {
142 EXECUTOR_REMOVE_FILE_MESSAGE,
143 "${passwordFilePath}.bak",
144 NULL,
145 },
146 {
147 EXECUTOR_REMOVE_FILE_MESSAGE,
148 kumpf 1.2 "${passwordFilePath}",
149 NULL,
150 },
151 /* SSL key file policies. */
152 {
153 EXECUTOR_OPEN_FILE_MESSAGE,
154 "${sslKeyFilePath}",
155 "r",
156 },
157 /* SSL trust store policies. */
158 {
159 EXECUTOR_OPEN_FILE_MESSAGE,
160 "${sslTrustStore}/*",
161 "w",
162 },
163 {
164 EXECUTOR_REMOVE_FILE_MESSAGE,
165 "${sslTrustStore}/*",
166 NULL,
167 },
168 /* CRL store policies. */
169 kumpf 1.2 {
170 EXECUTOR_OPEN_FILE_MESSAGE,
171 "${crlStore}/*",
172 "w",
173 },
174 {
175 EXECUTOR_REMOVE_FILE_MESSAGE,
176 "${crlStore}/*",
177 NULL,
178 },
179 };
180
181 static const size_t _staticPolicyTableSize =
182 sizeof(_staticPolicyTable) / sizeof(_staticPolicyTable[0]);
183
184 /*
185 **==============================================================================
186 **
187 ** CheckPolicy()
188 **
189 **==============================================================================
190 kumpf 1.2 */
191
|
193 kumpf 1.2 const struct Policy* policyTable,
194 size_t policyTableSize,
195 enum ExecutorMessageCode messageCode,
196 const char* arg1,
197 const char* arg2)
198 {
199 size_t i;
200
201 for (i = 0; i < policyTableSize; i++)
202 {
203 const struct Policy* p;
204
205 p = &policyTable[i];
206
207 /* Check message code */
208
209 if (p->messageCode != messageCode)
210 continue;
211
212 /* Check arg1. */
213
214 kumpf 1.2 if (p->arg1)
215 {
216 char pat[EXECUTOR_BUFFER_SIZE];
217
218 if (ExpandMacros(p->arg1, pat) != 0 || Match(pat, arg1) != 0)
219 continue;
220 }
221
222 /* Check arg2. */
223
224 if (p->arg2)
225 {
226 char pat[EXECUTOR_BUFFER_SIZE];
227
228 if (ExpandMacros(p->arg2, pat) != 0 || Match(pat, arg2) != 0)
229 continue;
230 }
231
232 /* Found a matching policy! */
233 return 0;
234 }
235 kumpf 1.2
236 /* Failed to find any matching policy. */
237
238 return -1;
239 }
240
241 /*
242 **==============================================================================
243 **
244 ** CheckOpenFilePolicy()
245 **
246 **==============================================================================
247 */
248
249 int CheckOpenFilePolicy(const char* path, int mode)
250 {
251 char arg2[2];
252
253 arg2[0] = mode;
254 arg2[1] = '\0';
255
256 kumpf 1.2 if (CheckPolicy(_staticPolicyTable, _staticPolicyTableSize,
257 EXECUTOR_OPEN_FILE_MESSAGE, path, arg2) == 0)
258 {
259 Log(LL_TRACE, "CheckOpenFilePolicy(%s=\"%s\", %s='%c') passed",
260 ARG(path), ARG(mode));
261 return 0;
262 }
263
264 Log(LL_SEVERE, "CheckOpenFilePolicy(%s=\"%s\", %s='%c') failed",
265 ARG(path), ARG(mode));
266
267 #if defined(EXIT_ON_POLICY_FAILURE)
268 Fatal(FL, "exited due to policy failure");
269 #endif
270
271 return -1;
272 }
273
274 /*
275 **==============================================================================
276 **
277 kumpf 1.2 ** CheckRemoveFilePolicy()
278 **
279 **==============================================================================
280 */
281
282 int CheckRemoveFilePolicy(const char* path)
283 {
284 if (CheckPolicy(_staticPolicyTable, _staticPolicyTableSize,
285 EXECUTOR_REMOVE_FILE_MESSAGE, path, NULL) == 0)
286 {
287 Log(LL_TRACE, "CheckRemoveFilePolicy(%s=\"%s\") passed", ARG(path));
288 return 0;
289 }
290
291 Log(LL_SEVERE, "CheckRemoveFilePolicy(%s=\"%s\") failed", ARG(path));
292
293 #if defined(EXIT_ON_POLICY_FAILURE)
294 Fatal(FL, "exited due to policy failure");
295 #endif
296
297 return -1;
298 kumpf 1.2 }
299
300 /*
301 **==============================================================================
302 **
303 ** CheckRenameFilePolicy()
304 **
305 **==============================================================================
306 */
307
308 int CheckRenameFilePolicy(const char* oldPath, const char* newPath)
309 {
310 if (CheckPolicy(_staticPolicyTable, _staticPolicyTableSize,
311 EXECUTOR_RENAME_FILE_MESSAGE, oldPath, newPath) == 0)
312 {
313 Log(LL_TRACE, "CheckRenameFilePolicy(%s=\"%s\", %s=\"%s\") passed",
314 ARG(oldPath), ARG(newPath));
315 return 0;
316 }
317
318 Log(LL_SEVERE, "CheckRenameFilePolicy(%s=\"%s\", %s=\"%s\") failed",
319 kumpf 1.2 ARG(oldPath), ARG(newPath));
320
321 #if defined(EXIT_ON_POLICY_FAILURE)
322 Fatal(FL, "exited due to policy failure");
323 #endif
324
325 return -1;
326 }
327
328 /*
329 **==============================================================================
330 **
331 ** _DumpPolicyHelper()
332 **
333 ** Dump the policy table given by *policyTable* and *policyTableSize*.
334 ** Expand any macros in the entries.
335 **
336 **==============================================================================
337 */
338
339 static void _DumpPolicyHelper(
340 kumpf 1.2 const struct Policy* policyTable,
341 size_t policyTableSize,
342 int expandMacros)
343 {
344 size_t i;
345
346 for (i = 0; i < policyTableSize; i++)
347 {
348 const struct Policy* p = &policyTable[i];
349 const char* codeStr = MessageCodeToString(p->messageCode);
350 char arg1[EXECUTOR_BUFFER_SIZE];
351 char arg2[EXECUTOR_BUFFER_SIZE];
352
353 if (expandMacros)
354 {
355 ExpandMacros(p->arg1, arg1);
356
357 if (p->arg2)
358 ExpandMacros(p->arg2, arg2);
359 }
360 else
361 kumpf 1.2 {
362 Strlcpy(arg1, p->arg1, sizeof(arg1));
363
364 if (p->arg2)
365 Strlcpy(arg2, p->arg2, sizeof(arg2));
366 }
367
368 if (p->arg2)
369 printf("%s(\"%s\", \"%s\")\n", codeStr, arg1, arg2);
370 else
371 printf("%s(\"%s\")\n", codeStr, arg1);
372 }
373 }
374
375 /*
376 **==============================================================================
377 **
378 ** DumpPolicy()
379 **
380 ** Dump both the static and dynamic policy tables.
381 **
382 kumpf 1.2 **==============================================================================
383 */
384
385 void DumpPolicy(int expandMacros)
386 {
387 printf("===== Policy:\n");
388
389 _DumpPolicyHelper(
390 _staticPolicyTable, _staticPolicyTableSize, expandMacros);
391
392 putchar('\n');
393 }
|