From 24acc61dd133a33ad314811265e9631b47326314 Mon Sep 17 00:00:00 2001 From: flynn1973 Date: Wed, 21 Apr 2021 11:13:26 +0200 Subject: [PATCH 1/5] Increase Filedescriptor Limit to a more contemporary Value Ticket: CFE-3625 Changelog: Title --- libpromises/pipes_unix.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libpromises/pipes_unix.c b/libpromises/pipes_unix.c index 0897e20502..17d357960e 100644 --- a/libpromises/pipes_unix.c +++ b/libpromises/pipes_unix.c @@ -39,7 +39,7 @@ static bool CfSetuid(uid_t uid, gid_t gid); static int cf_pwait(pid_t pid); static pid_t *CHILDREN = NULL; /* GLOBAL_X */ -static int MAX_FD = 128; /* GLOBAL_X */ /* Max number of simultaneous pipes */ +static int MAX_FD = 8192; /* GLOBAL_X */ /* Max number of simultaneous pipes */ static void ChildrenFDInit() From 1a2f244bf1249ce1c77958cf5ddaaeb4383c7267 Mon Sep 17 00:00:00 2001 From: flynn1973 Date: Sat, 24 Apr 2021 10:37:32 +0200 Subject: [PATCH 2/5] Update libpromises/pipes_unix.c Co-authored-by: Ole Herman Schumacher Elgesem --- libpromises/pipes_unix.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libpromises/pipes_unix.c b/libpromises/pipes_unix.c index 17d357960e..fa344428b6 100644 --- a/libpromises/pipes_unix.c +++ b/libpromises/pipes_unix.c @@ -39,7 +39,7 @@ static bool CfSetuid(uid_t uid, gid_t gid); static int cf_pwait(pid_t pid); static pid_t *CHILDREN = NULL; /* GLOBAL_X */ -static int MAX_FD = 8192; /* GLOBAL_X */ /* Max number of simultaneous pipes */ +static int MAX_FD = 2048; /* GLOBAL_X */ /* Max number of simultaneous pipes */ static void ChildrenFDInit() From da050f69ace04df6e638af2813e2d9a159d3fff6 Mon Sep 17 00:00:00 2001 From: Ole Herman Schumacher Elgesem Date: Sat, 17 Apr 2021 21:06:58 -0500 Subject: [PATCH 3/5] Fixed memory leak when exiting after policy errors No changelog entry since this memory is not really leaking, it's just not cleaned up properly right before an exit(). Changelog: None Ticket: CFE-3431 Signed-off-by: Ole Herman Schumacher Elgesem --- libpromises/loading.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libpromises/loading.c b/libpromises/loading.c index 07e29a9b11..c2eee8271a 100644 --- a/libpromises/loading.c +++ b/libpromises/loading.c @@ -544,6 +544,7 @@ Policy *LoadPolicy(EvalContext *ctx, GenericAgentConfig *config) PolicyErrorWrite(writer, errors->data[i]); } WriterClose(writer); + SeqDestroy(errors); DoCleanupAndExit(EXIT_FAILURE); // TODO: do not exit } From c8717d4d94b3d8af112e0c6c25e1f66913fc9d14 Mon Sep 17 00:00:00 2001 From: Ole Herman Schumacher Elgesem Date: Mon, 19 Apr 2021 11:11:12 -0500 Subject: [PATCH 4/5] Added unless attribute for custom promise types Also added acceptance test. Changelog: unless can now be used with custom promise types Ticket: CFE-3431 Signed-off-by: Ole Herman Schumacher Elgesem --- libpromises/mod_custom.c | 13 +- libpromises/policy.c | 1 - .../30_custom_promise_types/11_unless.cf | 129 ++++++++++++++++++ 3 files changed, 140 insertions(+), 3 deletions(-) create mode 100644 tests/acceptance/30_custom_promise_types/11_unless.cf diff --git a/libpromises/mod_custom.c b/libpromises/mod_custom.c index 4ca26bc962..90bcb619ff 100644 --- a/libpromises/mod_custom.c +++ b/libpromises/mod_custom.c @@ -572,8 +572,10 @@ static void PromiseModule_AppendAllAttributes( const Constraint *attribute = SeqAt(pp->conlist, i); const char *const name = attribute->lval; assert(!StringEqual(name, "ifvarclass")); // Not allowed by validation - if (IsClassesBodyConstraint(name) || - StringEqual(name, "if") || StringEqual(name, "ifvarclass")) + if (IsClassesBodyConstraint(name) + || StringEqual(name, "if") + || StringEqual(name, "ifvarclass") + || StringEqual(name, "unless")) { // Evaluated by agent and not sent to module, skip continue; @@ -621,6 +623,13 @@ static inline bool CustomPromise_IsFullyResolved(const Promise *pp, bool slists_ /* Passed to the module as 'log_level' request field, not as an attribute. */ continue; } + if (StringEqual(attribute->lval, "unless")) + { + /* unless can actually have unresolved variables here, + it defaults to evaluate in case of unresolved variables, + to be the true opposite of if. (if would skip).*/ + continue; + } if ((attribute->rval.type != RVAL_TYPE_SCALAR) && (!slists_allowed || (attribute->rval.type != RVAL_TYPE_LIST))) { diff --git a/libpromises/policy.c b/libpromises/policy.c index 79628770e7..986ca4299d 100644 --- a/libpromises/policy.c +++ b/libpromises/policy.c @@ -2742,7 +2742,6 @@ static bool ValidateCustomPromise(const Promise *pp, Seq *errors) || StringEqual(name, "depends_on") || StringEqual(name, "handle") || StringEqual(name, "meta") - || StringEqual(name, "unless") || StringEqual(name, "with")) { // TODO: Remove 1 attribute at a time, test and fix. diff --git a/tests/acceptance/30_custom_promise_types/11_unless.cf b/tests/acceptance/30_custom_promise_types/11_unless.cf new file mode 100644 index 0000000000..d845fde90b --- /dev/null +++ b/tests/acceptance/30_custom_promise_types/11_unless.cf @@ -0,0 +1,129 @@ +###################################################### +# +# Test that custom promises can use unless attribute +# +##################################################### +body common control +{ + inputs => { "../default.cf.sub" }; + bundlesequence => { default("$(this.promise_filename)") }; + version => "1.0"; +} + +####################################################### + +bundle agent init +{ + files: + "$(G.testfile)-0" + delete => init_delete; + "$(G.testfile)-1" + delete => init_delete; + "$(G.testfile)-2" + delete => init_delete; + "$(G.testfile)-3" + delete => init_delete; + "$(G.testfile)-4" + delete => init_delete; + "$(G.testfile)-5" + delete => init_delete; + "$(G.testfile)-6" + delete => init_delete; + "$(G.testfile)-7" + delete => init_delete; + "$(G.testfile)-8" + delete => init_delete; + "$(G.testfile)-9" + delete => init_delete; + "$(G.testfile)-10" + delete => init_delete; +} + +body delete init_delete +{ + dirlinks => "delete"; + rmdirs => "true"; +} + +####################################################### + +promise agent example +{ + interpreter => "/bin/bash"; + path => "$(this.promise_dirname)/example_module.sh"; +} + +bundle agent test +{ + meta: + "description" -> { "CFE-3431" } + string => "Test that custom promises work with unless attribute"; + + vars: + "false_variable" + string => "cfengine.(!cfengine)"; + "true_variable" + string => "cfengine|(!cfengine)"; + + example: + cfengine:: + "$(G.testfile)-0" # Created - no condition + message => "x"; + "$(G.testfile)-1" # Not created - true condition + message => "x", + unless => "cfengine"; + "$(G.testfile)-2" # Not created - true condition from variable + message => "x", + unless => "$(true_variable)"; + "$(G.testfile)-3" # Not created - true condition (inverted false variable) + message => "x", + unless => "!($(false_variable))"; + "$(G.testfile)-4" # NOT - not function call of something false + message => "x", + unless => not("$(false_variable)"); + "$(G.testfile)-5" # Created - false condition + message => "x", + unless => "!cfengine"; + "$(G.testfile)-6" # Created - false condition from variable + message => "x", + unless => "$(false_variable)"; + "$(G.testfile)-7" # Created - false condition (inverted true variable) + message => "x", + unless => "!($(true_variable))"; + "$(G.testfile)-8" # Created - not function call of something true + message => "x", + unless => not("$(true_variable)"); + "$(G.testfile)-9" # Created - undefined variable in unless + message => "x", + unless => "$(undefined_variable)"; + "$(G.testfile)-10" # Created - unresolved function call in unless + message => "x", + unless => not("$(undefined_variable)"); +} + +####################################################### + +bundle agent check +{ + classes: + "ok" + and => { + fileexists("$(G.testfile)-0"), + not(fileexists("$(G.testfile)-1")), + not(fileexists("$(G.testfile)-2")), + not(fileexists("$(G.testfile)-3")), + not(fileexists("$(G.testfile)-4")), + fileexists("$(G.testfile)-5"), + fileexists("$(G.testfile)-6"), + fileexists("$(G.testfile)-7"), + fileexists("$(G.testfile)-8"), + fileexists("$(G.testfile)-9"), + fileexists("$(G.testfile)-10"), + }; + + reports: + ok:: + "$(this.promise_filename) Pass"; + !ok:: + "$(this.promise_filename) FAIL"; +} From 26371726023a67b6d0b8772b236d4550e77c62d5 Mon Sep 17 00:00:00 2001 From: flynn1973 Date: Wed, 21 Apr 2021 11:13:26 +0200 Subject: [PATCH 5/5] Increase Filedescriptor Limit to a more contemporary Value Ticket: CFE-3625 Changelog: Title --- libpromises/pipes_unix.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libpromises/pipes_unix.c b/libpromises/pipes_unix.c index 0897e20502..17d357960e 100644 --- a/libpromises/pipes_unix.c +++ b/libpromises/pipes_unix.c @@ -39,7 +39,7 @@ static bool CfSetuid(uid_t uid, gid_t gid); static int cf_pwait(pid_t pid); static pid_t *CHILDREN = NULL; /* GLOBAL_X */ -static int MAX_FD = 128; /* GLOBAL_X */ /* Max number of simultaneous pipes */ +static int MAX_FD = 8192; /* GLOBAL_X */ /* Max number of simultaneous pipes */ static void ChildrenFDInit()