cfengine · larsewi · Mar 28, 2025 · Jan 28, 2025 · Feb 6, 2025 · Apr 1, 2025
diff --git a/libpromises/Makefile.am b/libpromises/Makefile.am
@@ -137,6 +137,7 @@ libpromises_la_SOURCES = \
 	modes.c \
 	monitoring_read.c monitoring_read.h \
 	ornaments.c ornaments.h \
+	override_fsattrs.c override_fsattrs.h \
 	policy.c policy.h \
 	parser.c parser.h \
 	parser_helpers.h \

diff --git a/libpromises/override_fsattrs.c b/libpromises/override_fsattrs.c
@@ -0,0 +1,140 @@
+#include <override_fsattrs.h>
+#include <platform.h>
+#include <fsattrs.h>
+#include <logging.h>
+#include <stdlib.h>
+#include <files_copy.h>
+#include <cf3.defs.h>
+#include <string_lib.h>
+
+bool OverrideImmutableBegin(const char *orig, char *copy, size_t copy_len)
+{
+    srand(time(NULL)); /* Seed random number generator */
+    int rand_number = rand() % 999999;
+    assert(rand_number >= 0);
+
+    /* Inspired by mkstemp(3) */
+    int ret = snprintf(copy, copy_len, "%s.%06d" CF_NEW, orig, rand_number);
+    if (ret < 0 || (size_t) ret >= copy_len)
+    {
+        Log(LOG_LEVEL_ERR,
+            "Failed to generate name for temporary copy of '%s': Filename is too long (%d >= %zu)",
+            orig,
+            ret,
+            copy_len);
+        return false;
+    }
+
+    /* We'll match the original file permissions on commit */
+    if (!CopyRegularFileDiskPerms(orig, copy, 0600))
+    {
+        Log(LOG_LEVEL_ERR,
+            "Failed to copy file '%s' to temporary file '%s'",
+            orig,
+            copy);
+        return false;
+    }
+
+    return true;
+}
+
+bool OverrideImmutableCommit(const char *orig, const char *copy)
+{
+    struct stat sb;
+    if (lstat(orig, &sb) == -1)
+    {
+        Log(LOG_LEVEL_ERR, "Failed to stat file '%s'", orig);
+        unlink(copy);
+        return false;
+    }
+
+    if (chmod(copy, sb.st_mode) == -1)
+    {
+        Log(LOG_LEVEL_ERR,
+            "Failed to change mode bits on file '%s' to %04jo: %s",
+            orig,
+            (uintmax_t) sb.st_mode,
+            GetErrorStr());
+        unlink(copy);
+        return false;
+    }
+
+    /* If the operations on the file system attributes fails for any reason,
+     * we can still proceed to try to replace the original file. We will only
+     * log an actual error in case of an unexpected failure (i.e., when
+     * FS_ATTRS_FAILURE is returned). Other failures will be logged as verbose
+     * messages because they can be useful, but are be quite verbose. */
+
+    bool is_immutable;
+    FSAttrsResult res = FSAttrsGetImmutableFlag(orig, &is_immutable);
+    if (res == FS_ATTRS_SUCCESS)
+    {
+        if (is_immutable)
+        {
+            res = FSAttrsUpdateImmutableFlag(orig, false);
+            if (res == FS_ATTRS_SUCCESS)
+            {
+                Log(LOG_LEVEL_VERBOSE,
+                    "Temporarily cleared immutable bit for file '%s'",
+                    orig);
+            }
+            else
+            {
+                Log((res == FS_ATTRS_FAILURE) ? LOG_LEVEL_ERR
+                                              : LOG_LEVEL_VERBOSE,
+                    "Failed to temporarily clear immutable bit for file '%s': %s",
+                    orig,
+                    FSAttrsErrorCodeToString(res));
+            }
+        }
+        else
+        {
+            Log(LOG_LEVEL_DEBUG,
+                "The immutable bit is not set on file '%s'",
+                orig);
+        }
+    }
+    else
+    {
+        Log((res == FS_ATTRS_FAILURE) ? LOG_LEVEL_ERR : LOG_LEVEL_VERBOSE,
+            "Failed to get immutable bit from file '%s': %s",
+            orig,
+            FSAttrsErrorCodeToString(res));
+    }
+
+    if (rename(copy, orig) == -1)
+    {
+        Log(LOG_LEVEL_ERR,
+            "Failed to replace original file '%s' with copy '%s'",
+            orig,
+            copy);
+        unlink(copy);
+        return false;
+    }
+
+    if ((res == FS_ATTRS_SUCCESS) && is_immutable)
+    {
+        res = FSAttrsUpdateImmutableFlag(orig, true);
+        if (res == FS_ATTRS_SUCCESS)
+        {
+            Log(LOG_LEVEL_VERBOSE,
+                "Reset immutable bit after temporarily clearing it from file '%s'",
+                orig);
+        }
+        else
+        {
+            Log((res == FS_ATTRS_FAILURE) ? LOG_LEVEL_ERR : LOG_LEVEL_VERBOSE,
+                "Failed to reset immutable bit after temporarily clearing it from file '%s': %s",
+                orig,
+                FSAttrsErrorCodeToString(res));
+        }
+    }
+
+    return true;
+}
+
+bool OverrideImmutableAbort(ARG_UNUSED const char *orig, const char *copy)
+{
+    assert(copy != NULL);
+    return unlink(copy) == 0;
+}
diff --git a/libpromises/override_fsattrs.h b/libpromises/override_fsattrs.h
@@ -0,0 +1,58 @@
+/*
+  Copyright 2025 Northern.tech AS
+
+  This file is part of CFEngine 3 - written and maintained by Northern.tech AS.
+
+  This program is free software; you can redistribute it and/or modify it
+  under the terms of the GNU General Public License as published by the
+  Free Software Foundation; version 3.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA
+
+  To the extent this program is licensed as part of the Enterprise
+  versions of CFEngine, the applicable Commercial Open Source License
+  (COSL) may apply to this file if you as a licensee so wish it. See
+  included file COSL.txt.
+*/
+
+#ifndef CFENGINE_OVERRIDE_FSATTRS_H
+#define CFENGINE_OVERRIDE_FSATTRS_H
+
+#include <stdbool.h>
+#include <stddef.h>
+
+/**
+ * @brief Creates a mutable copy of the original file
+ * @param orig The original file (may be immutable)
+ * @param copy Updated to contain the filename of the mutable copy
+ * @param copy_len The size of the buffer to store the filename of the copy
+ * @return false in case of failure
+ */
+bool OverrideImmutableBegin(const char *orig, char *copy, size_t copy_len);
+
+/**
+ * @brief Temporarily clears the immutable bit of the original file and
+ * replaces it with the mutated copy
+ * @param orig The original file (may be immutable)
+ * @param copy The mutated copy to replace the original
+ * @return false in case of failure
+ * @note The immutable bit is reset to it's original state
+ */
+bool OverrideImmutableCommit(const char *orig, const char *copy);
+
+/**
+ * @brief Simply unlinks the mutable copy
+ * @param orig Not used (reserved in for future use)
+ * @param copy The mutated copy to unlink
+ * @return false in case of failure (but you probably don't care)
+ */
+bool OverrideImmutableAbort(const char *orig, const char *copy);
+
+#endif /* CFENGINE_OVERRIDE_FSATTRS_H */