cfengine  3.15.4
About: CFEngine is a configuration management system for configuring and maintaining Unix-like computers (using an own high level policy language). Community version.
  Fossies Dox: cfengine-3.15.4.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

lastseen.h File Reference
#include <statistics.h>
Include dependency graph for lastseen.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  KeyHostSeen
 

Typedefs

typedef bool(* LastSeenQualityCallback) (const char *hostkey, const char *address, bool incoming, const KeyHostSeen *quality, void *ctx)
 

Enumerations

enum  LastSeenRole { LAST_SEEN_ROLE_CONNECT , LAST_SEEN_ROLE_ACCEPT }
 

Functions

bool Address2Hostkey (char *dst, size_t dst_size, const char *address)
 
void LastSaw1 (const char *ipaddress, const char *hashstr, LastSeenRole role)
 Same as LastSaw() but the digest parameter is the hash as a "SHA=..." string, to avoid converting twice. More...
 
void LastSaw (const char *ipaddress, const char *digest, LastSeenRole role)
 
bool DeleteIpFromLastSeen (const char *ip, char *digest, size_t digest_size)
 removes all traces of host 'ip' from lastseen DB More...
 
bool DeleteDigestFromLastSeen (const char *key, char *ip, size_t ip_size, bool a_entry_required)
 removes all traces of key digest 'key' from lastseen DB More...
 
bool ScanLastSeenQuality (LastSeenQualityCallback callback, void *ctx)
 
int LastSeenHostKeyCount (void)
 
bool IsLastSeenCoherent (void)
 check whether the lastseen DB is coherent or not. More...
 
int RemoveKeysFromLastSeen (const char *input, bool must_be_coherent, char *equivalent, size_t equivalent_size)
 removes all traces of entry 'input' from lastseen DB More...
 

Typedef Documentation

◆ LastSeenQualityCallback

typedef bool(* LastSeenQualityCallback) (const char *hostkey, const char *address, bool incoming, const KeyHostSeen *quality, void *ctx)

Definition at line 54 of file lastseen.h.

Enumeration Type Documentation

◆ LastSeenRole

Enumerator
LAST_SEEN_ROLE_CONNECT 
LAST_SEEN_ROLE_ACCEPT 

Definition at line 36 of file lastseen.h.

Function Documentation

◆ Address2Hostkey()

bool Address2Hostkey ( char *  dst,
size_t  dst_size,
const char *  address 
)

◆ DeleteDigestFromLastSeen()

bool DeleteDigestFromLastSeen ( const char *  key,
char *  ip,
size_t  ip_size,
bool  a_entry_required 
)

removes all traces of key digest 'key' from lastseen DB

Parameters
[in]key: either in (SHA/MD5 format)
[in,out]ip: return the key corresponding host. If NULL, return nothing
[in]ip_size: length of ip parameter
[in]a_entry_required: whether 'aIP_ADDR' entry is required for the 'kHOSTKEY' entry deletion
Return values
trueif entry was deleted, false otherwise

Definition at line 517 of file lastseen.c.

References CF_BUFSIZE, CloseDB(), dbid_lastseen, DBIdToPath(), DeleteDB(), free(), HasKeyDB(), Log(), LOG_LEVEL_ERR, NULL, OpenDB(), ReadDB(), strlcat(), and strlcpy().

Referenced by RemoveKeysFromLastSeen().

◆ DeleteIpFromLastSeen()

bool DeleteIpFromLastSeen ( const char *  ip,
char *  digest,
size_t  digest_size 
)

removes all traces of host 'ip' from lastseen DB

Parameters
[in]ip: either in (SHA/MD5 format)
[in,out]digestreturn corresponding digest of input host. If NULL, return nothing
[in]digest_sizesize of digest parameter
Return values
trueif entry was deleted, false otherwise

Definition at line 447 of file lastseen.c.

References CF_BUFSIZE, CloseDB(), dbid_lastseen, DBIdToPath(), DeleteDB(), free(), HasKeyDB(), Log(), LOG_LEVEL_ERR, NULL, OpenDB(), ReadDB(), strlcat(), and strlcpy().

Referenced by RemoveKeysFromLastSeen().

◆ IsLastSeenCoherent()

bool IsLastSeenCoherent ( void  )

check whether the lastseen DB is coherent or not.

It is allowed for a aIP1 -> KEY1 to not have a reverse kKEY1 -> IP. kKEY1 must exist, but may point to another IP. Same for IP values, they must appear as aIP entries, but we don't care where they point to. So for every aIP->KEY1 entry there should be a kKEY1->whatever entry. And for every kKEY->IP1 entry there should be a aIP1->whatever entry.

If a host changes IP, then we have a new entry aIP2 -> KEY1 together with the aIP1 -> KEY1 entry. ALLOWED.

If a host changes key, then its entry will become aIP1 -> KEY2. Then still it will exist kKEY1 -> IP1 but also kKEY2 -> IP1. ALLOWED

Can I have a IP value of some kKEY that does not have any aIP entry? NO because at some time aIP it was written in the database. SO EVERY kIP must be found in aIPS. kIPS SUBSET OF aIPS

Can I have a KEY value of some aIP that does not have any kKEY entry? NO for the same reason. SO EVERY akey must be found in kkeys. aKEYS SUBSET OF kKEYS

FIN

@TODO P.S. redesign lastseen. Really, these whole requirements are implemented on top of a simple key-value store, no wonder it's such a mess. I believe that reverse mapping is not even needed since only aIP entries are ever looked up. kKEY entries can be deprecated and forget all the false notion of "schema consistency" in this key-value store...

Return values
trueif the lastseen DB is coherent, false otherwise.

Definition at line 304 of file lastseen.c.

References CloseDB(), dbid_lastseen, DBIdToPath(), DeleteDBCursor(), DeleteItemList(), free(), IsItemIn(), Log(), LOG_LEVEL_ERR, LOG_LEVEL_WARNING, Item_::name, NewDBCursor(), Item_::next, NextDB(), NULL, OpenDB(), and PrependItem().

Referenced by AgentDiagnosticsCheckDB(), and RemoveKeysFromLastSeen().

◆ LastSaw()

void LastSaw ( const char *  ipaddress,
const char *  digest,
LastSeenRole  role 
)

◆ LastSaw1()

void LastSaw1 ( const char *  ipaddress,
const char *  hashstr,
LastSeenRole  role 
)

Same as LastSaw() but the digest parameter is the hash as a "SHA=..." string, to avoid converting twice.

Definition at line 83 of file lastseen.c.

References LAST_SEEN_ROLE_ACCEPT, MapAddress(), NULL, and UpdateLastSawHost().

Referenced by AuthenticationDialogue(), ServerConnection(), ServerTLSSessionEstablish(), and TrustKey().

◆ LastSeenHostKeyCount()

int LastSeenHostKeyCount ( void  )

Definition at line 645 of file lastseen.c.

References CloseDB(), dbid_lastseen, DeleteDBCursor(), NewDBCursor(), NextDB(), NULL, and OpenDB().

◆ RemoveKeysFromLastSeen()

int RemoveKeysFromLastSeen ( const char *  input,
bool  must_be_coherent,
char *  equivalent,
size_t  equivalent_size 
)

removes all traces of entry 'input' from lastseen DB

Parameters
[in]keydigest (SHA/MD5 format) or free host name string
[in]must_be_coherent.false : delete if lastseen is incoherent, true : don't if lastseen is incoherent
[out]equivalent.If input is a host, return its corresponding digest. If input is a digest, return its corresponding host. CAN BE NULL! If equivalent is null, it stays as NULL
Return values
0if entry was deleted, <>0 otherwise

Definition at line 694 of file lastseen.c.

References DeleteDigestFromLastSeen(), DeleteIpFromLastSeen(), input(), IsDigestOrHost(), IsLastSeenCoherent(), Log(), LOG_LEVEL_ERR, LOG_LEVEL_INFO, and LOG_LEVEL_VERBOSE.

Referenced by RemoveKeys().

◆ ScanLastSeenQuality()