cfengine  3.15.4
About: CFEngine is a configuration management system for configuring and maintaining Unix-like computers (using an own high level policy language). Community version.
  Fossies Dox: cfengine-3.15.4.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

server.h
Go to the documentation of this file.
1 /*
2  Copyright 2019 Northern.tech AS
3 
4  This file is part of CFEngine 3 - written and maintained by Northern.tech AS.
5 
6  This program is free software; you can redistribute it and/or modify it
7  under the terms of the GNU General Public License as published by the
8  Free Software Foundation; version 3.
9 
10  This program is distributed in the hope that it will be useful,
11  but WITHOUT ANY WARRANTY; without even the implied warranty of
12  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13  GNU General Public License for more details.
14 
15  You should have received a copy of the GNU General Public License
16  along with this program; if not, write to the Free Software
17  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
18 
19  To the extent this program is licensed as part of the Enterprise
20  versions of CFEngine, the applicable Commercial Open Source License
21  (COSL) may apply to this file if you as a licensee so wish it. See
22  included file COSL.txt.
23 */
24 
25 #ifndef CFENGINE_SERVER_H
26 #define CFENGINE_SERVER_H
27 
28 
29 #include <cf3.defs.h>
30 #include <cfnet.h> /* AgentConnection */
31 
32 #include <generic_agent.h>
33 
34 
35 //*******************************************************************
36 // TYPES
37 //*******************************************************************
38 
39 typedef struct Auth_ Auth;
40 
41 /* Access rights for a path, literal, context (classpattern), variable */
42 /* LEGACY CODE the new struct is paths_acl etc. */
43 struct Auth_
44 {
45  char *path;
46  int literal;
48  int variable;
49 
50  Item *accesslist; /* which hosts -- IP or hostnames */
51  Item *maproot; /* which hosts should have root read access */
52  int encrypt; /* which files HAVE to be transmitted securely */
53 
55 };
56 
57 typedef struct
58 {
59  Item *connectionlist; /* List of currently open connections */
60 
61  /* body server control options */
62  Item *nonattackerlist; /* "allowconnects" */
63  Item *attackerlist; /* "denyconnects" */
64  Item *allowuserlist; /* "allowusers" */
65  Item *multiconnlist; /* "allowallconnects" */
66  Item *trustkeylist; /* "trustkeysfrom" */
68  char *allowciphers;
70 
71  /* ACL for resource_type "path". */
76 
77  /* ACL for resource_type "literal", "query", "context", "variable". */
82 
83  int logconns;
84 
85  /* bundle server access_rules: shortcut for ACL entries, which expands to
86  * the ACL entry when seen in client requests. */
88 
89 } ServerAccess;
90 
91 /* TODO rename to IncomingConnection */
93 {
95  /* TODO sockaddr_storage, even though we can keep the text as cache. */
97 
98  /* TODO this is too big at 1025; maybe allocate dynamically from a pool? */
99  char revdns[NI_MAXHOST]; /* only populated in new protocol */
100 
101 #ifdef __MINGW32__
102  char sid[CF_MAXSIDSIZE]; /* 2K size too big! */
103 #endif
104  uid_t uid;
105 
106  /* TODO move username, hostname etc to a new struct identity. */
108 
109  /* The following are NOT POPULATED with the new protocol,
110  * TODO DEPRECATE! */
111 
112  /* hostname is copied from client-supplied CAUTH command */
115  bool rsa_auth;
116  /* TODO DANGEROUS! this is set for the whole connection if only one path
117  * is admitted as maproot. */
118  int maproot;
119  unsigned char *session_key;
121 
122  /* TODO pass it through function arguments, EvalContext has nothing to do
123  * with connection-specific data. */
125 };
126 
127 typedef struct
128 {
130  int encrypt;
131  int buf_size;
132  char *replybuff;
133  char *replyfile;
135 
136 
137 /* Used in cf-serverd-functions.c. */
138 void ServerEntryPoint(EvalContext *ctx, const char *ipaddr, ConnectionInfo *info);
139 
140 
142 
143 //*******************************************************************
144 // STATE
145 //*******************************************************************
146 
147 #define CLOCK_DRIFT 3600
148 
149 
150 extern int ACTIVE_THREADS;
151 extern int CFD_MAXPROCESSES;
152 extern bool DENYBADCLOCKS;
153 extern int MAXTRIES;
154 extern bool LOGENCRYPT;
155 extern int COLLECT_INTERVAL;
156 extern bool SERVER_LISTEN;
158 extern char CFRUNCOMMAND[CF_MAXVARSIZE];
159 extern bool NEED_REVERSE_LOOKUP;
160 
161 #endif
#define CF_MAX_IP_LEN
Definition: cfnet.h:39
#define CF_MAXVARSIZE
Definition: definitions.h:36
#define CF_MAXSIDSIZE
Definition: definitions.h:37
#define NI_MAXHOST
Definition: platform.h:962
char CFRUNCOMMAND[1024]
Definition: server.c:81
int MAXTRIES
Definition: server.c:73
void ServerEntryPoint(EvalContext *ctx, const char *ipaddr, ConnectionInfo *info)
Definition: server.c:93
bool DENYBADCLOCKS
Definition: server.c:72
int CFD_MAXPROCESSES
Definition: server.c:71
ServerAccess SERVER_ACCESS
Definition: server.c:79
bool NEED_REVERSE_LOOKUP
bool LOGENCRYPT
Definition: server.c:74
bool SERVER_LISTEN
Definition: server.c:77
int COLLECT_INTERVAL
Definition: server.c:75
int ACTIVE_THREADS
Definition: server.c:69
AgentConnection * ExtractCallBackChannel(ServerConnectionState *conn)
Definition: server.h:44
Auth * next
Definition: server.h:54
Item * accesslist
Definition: server.h:50
int variable
Definition: server.h:48
int literal
Definition: server.h:46
int classpattern
Definition: server.h:47
Item * maproot
Definition: server.h:51
int encrypt
Definition: server.h:52
char * path
Definition: server.h:45
Definition: item_lib.h:33
Item * multiconnlist
Definition: server.h:65
Item * trustkeylist
Definition: server.h:66
int logconns
Definition: server.h:83
Auth * deny
Definition: server.h:74
Item * allowuserlist
Definition: server.h:64
Auth * varadmit
Definition: server.h:78
StringMap * path_shortcuts
Definition: server.h:87
Auth * denytail
Definition: server.h:75
Auth * admittail
Definition: server.h:73
Auth * varadmittail
Definition: server.h:79
char * allowciphers
Definition: server.h:68
Item * nonattackerlist
Definition: server.h:62
Auth * vardeny
Definition: server.h:80
Item * connectionlist
Definition: server.h:59
Auth * vardenytail
Definition: server.h:81
Item * allowlegacyconnects
Definition: server.h:67
Item * attackerlist
Definition: server.h:63
char * allowtlsversion
Definition: server.h:69
Auth * admit
Definition: server.h:72
EvalContext * ctx
Definition: server.h:124
char username[1024]
Definition: server.h:107
char revdns[1025]
Definition: server.h:99
char hostname[1024]
Definition: server.h:113
unsigned char * session_key
Definition: server.h:119
ConnectionInfo * conn_info
Definition: server.h:94
ServerConnectionState * conn
Definition: server.h:129
char * replyfile
Definition: server.h:133
char * replybuff
Definition: server.h:132
Definition: map.h:212