37 #define _DARWIN_C_SOURCE 1 41 #define __BSD_VISIBLE 1 57 static const char *module_str =
"policy_resalt_task";
58 static const time_t TIME_INF = ((time_t)-1);
67 generate_salt(
char *buf,
int len)
69 #ifdef HAVE_ARC4RANDOM 70 arc4random_buf(buf, len);
75 for (i = 0; i < len; i++)
76 buf[i] = rand() & 0xFF;
87 to_hex(
const char *buf,
int len,
char *out)
89 const char *h =
"0123456789abcdef";
92 for (i = 0; i < len; i++) {
93 out[2*i] = h[(buf[i]>>4) & 0x0F];
94 out[2*i+1] = h[buf[i] & 0x0F];
105 time_t schedule_time = TIME_INF, now = time_now(), resalt_time;
106 char salt[255], salthex[511];
109 (void) engine; (void) sockfd;
111 #ifndef HAVE_ARC4RANDOM 134 if (now >= resalt_time) {
136 if (saltlength <= 0 || saltlength > 255) {
138 "Must be in range [0..255]", module_str,
policy_name(policy));
143 generate_salt(salt, saltlength);
144 to_hex(salt, saltlength, salthex);
157 ods_log_error(
"[%s] signconf not updated: new salt cannot be written in signconf", module_str);
159 if ((resalt_time < schedule_time || schedule_time == TIME_INF) &&
policy_denial_resalt(policy) > 0)
160 schedule_time = resalt_time;
164 ods_log_debug(
"[%s] policies have been updated", module_str);
165 return schedule_time;
169 policy_resalt_task_perform(
task_type *task)
174 if (task->
when == -1) {
185 "policy_resalt_task_perform", policy_resalt_task_perform);
186 return task_create(what_id, time_now(),
"policies",
"resalt", engine, NULL);
202 if (status != ODS_STATUS_OK) {
void policy_list_free(policy_list_t *policy_list)
void ods_log_debug(const char *format,...)
unsigned int policy_denial_resalt(const policy_t *policy)
db_clause_list_t * db_clause_list_new(void)
const char * policy_name(const policy_t *policy)
void ods_fatal_exit(const char *format,...)
unsigned int policy_denial_salt_last_change(const policy_t *policy)
int perform_signconf(int sockfd, const db_connection_t *dbconn, int force)
ods_status schedule_task(schedule_type *schedule, task_type *task)
void ods_log_error(const char *format,...)
bool task_id_from_long_name(const char *long_name, task_id *pwhat)
unsigned int policy_passthrough(const policy_t *policy)
enum task_id_enum task_id
void db_clause_list_free(db_clause_list_t *clause_list)
policy_t * policy_list_get_next(policy_list_t *policy_list)
void policy_free(policy_t *policy)
task_type * policy_resalt_task(engine_type *engine)
int flush_resalt_task(engine_type *engine)
void task_cleanup(task_type *task)
int policy_update(policy_t *policy)
int schedule_flush_type(schedule_type *schedule, task_id id)
int policy_set_denial_salt(policy_t *policy, const char *denial_salt_text)
time_t perform_policy_resalt(int sockfd, engine_type *engine, db_connection_t *dbconn)
task_id task_register(const char *short_name, const char *long_name, how_type how)
db_clause_t * policy_denial_type_clause(db_clause_list_t *clause_list, policy_denial_type_t denial_type)
task_type * task_create(task_id what_id, time_t when, const char *who, const char *what, void *context, how_type clean_context)
unsigned int policy_denial_salt_length(const policy_t *policy)
int policy_set_denial_salt_last_change(policy_t *policy, unsigned int denial_salt_last_change)
policy_list_t * policy_list_new_get_by_clauses(const db_connection_t *connection, const db_clause_list_t *clause_list)