Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-1817

server bundles do not honour local classes

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Priority: Medium
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.7.0
    • Component/s: Evaluation
    • Labels:
      None

      Description

      The classes one and two are not honoured and the two access promises are not
      kept. I test from the agent side too and agents were denied access.

      Example:

      <pre>
      body common control
      {
      bundlesequence =>

      { "main", }

      ;
      }

      bundle agent main
      {
      reports:
      "Main";
      }

      body server control
      {
      port => '5301';
      }
      bundle server myserver
      {
      classes:
      "one" expression => fileexists( "/etc/passwd" );
      "two" expression => 'any';

      access:
      one::
      "/tmp/"
      admit =>

      { "10.0.0.1" }

      ;
      two::
      "/var/tmp/"
      admit =>

      { "192.168.0.1" }

      ;
      }</pre>
      Run it in verbose, I expect to see these ips allowed:

      <pre>
      2015-01-21T20:08:15-0500 verbose: /default/myserver/classes: Evaluating promise 'one'
      2015-01-21T20:08:15-0500 verbose: /default/myserver/classes: Evaluating promise 'two'
      2015-01-21T20:08:15-0500 verbose: /default/myserver/access: Evaluating promise '/tmp/'
      2015-01-21T20:08:15-0500 verbose: /default/myserver/access: Skipping next promise '/tmp/', as context 'one' is not relevant
      2015-01-21T20:08:15-0500 verbose: /default/myserver/access: Evaluating promise '/var/tmp/'
      2015-01-21T20:08:15-0500 verbose: /default/myserver/access: Skipping next promise '/var/tmp/', as context 'two' is not relevant
      2015-01-21T20:08:15-0500 verbose: /default/myserver/classes: Evaluating promise 'one'
      2015-01-21T20:08:15-0500 verbose: /default/myserver/classes/'one'[0]: Adding local bundle class 'one'
      2015-01-21T20:08:15-0500 verbose: /default/myserver/classes: Evaluating promise 'two'
      2015-01-21T20:08:15-0500 verbose: /default/myserver/classes/'two'[0]: Adding local bundle class 'two'
      </pre>

      ^^^ classes added

      <pre>
      2015-01-21T20:08:15-0500 verbose: Setting default port number to 5301
      2015-01-21T20:08:15-0500 verbose: /default/myserver/access: Evaluating promise '/tmp/'
      2015-01-21T20:08:15-0500 verbose: /default/myserver/access: Skipping next promise '/tmp/', as context 'one' is not relevant
      2015-01-21T20:08:15-0500 verbose: /default/myserver/access: Evaluating promise '/var/tmp/'
      2015-01-21T20:08:15-0500 verbose: /default/myserver/access: Skipping next promise '/var/tmp/', as context 'two' is not relevant
      </pre>

      ^^^ but classes not defined? And no access rules listed below.

      <pre>
      2015-01-21T20:08:15-0500 verbose: === BEGIN summary of access promises ===
      2015-01-21T20:08:15-0500 verbose: Granted access to paths for classic protocol:
      2015-01-21T20:08:15-0500 verbose: Denied access to paths for classic protocol:
      2015-01-21T20:08:15-0500 verbose: Granted access to literal/variable/query data :
      2015-01-21T20:08:15-0500 verbose: Denied access to literal/variable/query data:
      2015-01-21T20:08:15-0500 verbose: Host IPs allowed connection access:
      2015-01-21T20:08:15-0500 verbose: Host IPs denied connection access:
      2015-01-21T20:08:15-0500 verbose: Host IPs allowed multiple connection access:
      2015-01-21T20:08:15-0500 verbose: Host IPs whose keys we shall establish trust to:
      2015-01-21T20:08:15-0500 verbose: Host IPs allowed legacy connections:
      2015-01-21T20:08:15-0500 verbose: Users from whom we accept connections:
      </pre>

      This is version 3.6.3 and 3.6.4. Nick tested with 3.5.1 and the promises were
      kept, but I think he did see misleading messages.

        Attachments

          Activity

            People

            Assignee:
            a10053 Marcin Pasinski
            Reporter:
            neilhwatson Neil Watson
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: