/var/lib/sorcery/modules/libsecurity

     1	#!/bin/bash
     2	
     3	#---------------------------------------------------------------------
     4	##
     5	## @Synopsis Set of functions for dealing with security related tasks.
     6	##
     7	## @Copyright
     8	##
     9	## Copyright 2002 by the Source Mage Team
    10	##
    11	##
    12	#---------------------------------------------------------------------
    13	
    14	
    15	
    16	#---------------------------------------------------------------------
    17	## @param spelldirectory
    18	## @param sourcenumber
    19	##
    20	## spelldirectory is the spell's directory.
    21	## sourcenumber is '' or '2', '3', '4', etc.
    22	## Checks the md5 of a single source file sourcenumber in spelldirectory.
    23	##
    24	#---------------------------------------------------------------------
    25	function gaze_checkmd5() {
    26	  i=$1/DETAILS
    27	  SOURCEnum=$2
    28	  SOURCEvar=SOURCE$SOURCEnum
    29	
    30	  SOURCE=${!SOURCEvar}
    31	  if [ -n "$SOURCEnum" ]
    32	  then
    33	    MD5num="$(($SOURCEnum-1))"
    34	  else
    35	    MD5num="0"
    36	  fi
    37	  tMD5=${MD5[$MD5num]}
    38	
    39	  GRIMOIRE=$(echo $i | sed -e 's/\/[^\/]*\/[^\/]*\/DETAILS//' -e 's/\/.*\///')
    40	  SECTION=$(echo $i | sed -e 's/\/[^\/]*\/DETAILS//' -e 's/\/.*\///')
    41	  if test "$SECTION" == "$SPELL" || test "$SECTION" == "DETAILS"
    42	  then
    43	    echo -en "${SPELL_COLOR}$SPELL${DEFAULT_COLOR} "
    44	  else
    45	    echo -en "$GRIMOIRE: $SECTION: ${SPELL_COLOR}$SPELL${DEFAULT_COLOR} "
    46	  fi
    47	
    48	  REALSOURCE=
    49	  if test "$SOURCE" != ''
    50	  then
    51	    if [ -f $SOURCE_CACHE/$SOURCE ]
    52	    then
    53	      APPEND=
    54	    else
    55	      OLDESTSOURCE="$SOURCE"
    56	      OLDSOURCE="$(echo $SOURCE | sed -e 's/\./\\\./g')"
    57	      SOURCE="$(echo $SOURCE | sed -e 's/\.[bt].*/\./')"
    58	      SOURCE="$(ls $SOURCE_CACHE/$SOURCE* 2> /dev/null | cut -d'/' -f 5 | head -n 1)"
    59	      if [ "$SOURCE" ]
    60	      then
    61	        if [[ -z $(echo ${SOURCE#$OLDSOURCE.} | egrep '^[0-9]{14}$') ]]
    62	        then
    63	          APPEND="FUZZ s/$OLDSOURCE/$SOURCE/ "
    64	        else
    65	          APPEND=
    66	          REALSOURCE="$OLDESTSOURCE"
    67	        fi
    68	      else
    69	        APPEND=
    70	        SOURCE="$OLDESTSOURCE"
    71	      fi
    72	    fi
    73	    if test -z "$PRECACHEDF"
    74	    then
    75	      if ! filename_indicates_compression "$SOURCE_CACHE/$SOURCE"
    76	      then
    77	        fMD5=`cat $SOURCE_CACHE/$SOURCE 2> /dev/null | md5sum | cut -d' ' -f1 | head -n 1`
    78	      else
    79	        fMD5=$(
    80	          uncompress $SOURCE_CACHE/$SOURCE `
    81	            guess_compressor $SOURCE_CACHE/$SOURCE` |
    82	          md5sum | cut -d' ' -f1
    83	        )
    84	      fi
    85	    else
    86	      fMD5="`grep " $SOURCE\$" $PRECACHEDF | grep -Ev '\.[0-9]{14}$' | grep -v '\.asc$' | cut -d' ' -f1 | head -n 1`"
    87	    fi
    88	    if [ -n "$REALSOURCE" ]
    89	    then
    90	      SOURCE="$REALSOURCE"
    91	    fi
    92	    if [ -z "$(find $SOURCE_CACHE/$SOURCE -maxdepth 1 -mtime +3 2> /dev/null)" ]
    93	    then
    94	      AGE="${GREEN}NEW${DEFAULT_COLOR}"
    95	    else
    96	      AGE="${YELLOW}${BOLD}OLD${DEFAULT_COLOR}"
    97	    fi
    98	    SRCDATA="SOURCE$SOURCEnum L:'${LICENSE[$MD5num]}' $SOURCE${DEFAULT_COLOR} $AGE"
    99	    if test "$fMD5" == "$tMD5"
   100	    then
   101	      echo -en "${GREEN}VERIFIED $SRCDATA${DEFAULT_COLOR}"
   102	    else
   103	      if test "$fMD5" == "$EMPTYMD5" || test "$fMD5" == ""
   104	      then
   105	        if test "$tMD5" == "IGNORE"
   106	        then
   107	          echo -en "SKIPIGN $SRCDATA"
   108	        else
   109	          echo -en "SKIPPED $SRCDATA"
   110	        fi
   111	      else
   112	        if test "$tMD5" == ""
   113	        then
   114	          echo -en "${YELLOW}${BOLD}UNCHECKED $SRCDATA INSERT MD5[$MD5num]=$fMD5 or MD5[$MD5num]=IGNORE"
   115	        else
   116	          if test "$tMD5" == "IGNORE"
   117	          then
   118	            echo -en "${YELLOW}IGNORED $SRCDATA"
   119	          else
   120	            if test -z "$PRECACHEDB"
   121	            then
   122	              bMD5="`md5sum $SOURCE_CACHE/$SOURCE | cut -d' ' -f1` | head -n 1"
   123	            else
   124	              bMD5="`grep " $SOURCE\$" $PRECACHEDB | grep -Ev '\.[0-9]{14}$' | grep -v '\.asc$'`"
   125	            fi
   126	            if test "$tMD5" == "$bMD5"
   127	            then
   128	              echo -en "${RED}MALFORMED $SRCDATA EDIT s/$tMD5/$fMD5/"
   129	            elif test "$tMD5" == "$EMPTYMD5"
   130	            then
   131	              echo -en "${RED}EMPTY $SRCDATA EDIT s/$tMD5/$fMD5/"
   132	            elif test "$tMD5" == "gpg"
   133	            then
   134	              echo -en "${RED}${BOLD}GPGCHECK $SRCDATA"
   135	            elif test -n "`echo $tMD5 | grep 'gpg$'`"
   136	            then
   137	              echo -en "${RED}${BOLD}GPG-SIGN $SRCDATA"
   138	            elif test -n "$PRECACHEDB" && test -n "`grep $tMD5 $PRECACHEDF`"
   139	            then
   140	              MATCHED="`grep "$tMD5" "$PRECACHEDF" | cut -c60- | head -n 1`"
   141	              if test -n "`echo "$MATCHED" | fgrep "$SOURCE"`"
   142	              then
   143	                echo -en "${RED}${BOLD}MODIFIED $SRCDATA EDIT s/$tMD5/$fMD5/${DEFAULT_COLOR} MATCHES $MATCHED"
   144	              else
   145	                echo -en "${RED}DIFFERENT $SRCDATA EDIT s/$tMD5/$fMD5/${DEFAULT_COLOR} MATCHES $MATCHED"
   146	              fi
   147	            else
   148	              echo -en "${RED}${BOLD}INCORRECT $SRCDATA EDIT s/$tMD5/$fMD5/${DEFAULT_COLOR}"
   149	            fi
   150	          fi
   151	        fi
   152	      fi
   153	    fi
   154	    echo -n " $APPEND"
   155	    if test "$tMD5" != "IGNORE" ; then
   156	      gaze_checkmd5syntax "$1" "$2"
   157	    fi
   158	  else
   159	    echo -n "NONSOURCE "
   160	  fi
   161	  echo
   162	
   163	}
   164	
   165	
   166	#---------------------------------------------------------------------
   167	## @param spelldirectory
   168	## @param sourcenumber
   169	##
   170	## spelldirectory is the spell's directory
   171	## sourcenumber is '' or '2', '3', '4', etc.
   172	## Checks the syntax related to md5 checking of a single source file
   173	## sourcenumber in spelldirectory.
   174	##
   175	#---------------------------------------------------------------------
   176	function gaze_checkmd5syntax() {
   177	  rp=$1
   178	  sn=$2
   179	  echo -en "${YELLOW}${BOLD}"
   180	  if test -f $rp/PRE_BUILD ; then
   181	    #echo $rp $sn
   182	    if test "`grep unpack $rp/* | grep SOURCE$sn[^0-9] | grep MD5`" = "" ; then
   183	      if test "$sn" != "" ; then
   184	        echo -n "ADD unpack md5 arg to EXISTING PRE_BUILD"
   185	      else
   186	        if test "`grep default_pre_build $rp/*`" = "" ; then
   187	          echo -n "ADD unpack md5 arg to EXISTING PRE_BUILD"
   188	        fi
   189	      fi
   190	    fi
   191	  else
   192	    if test -f $rp/POST_INSTALL ; then
   193	      if test "`grep unpack $rp/* | grep SOURCE$sn[^0-9] | grep MD5`" = "" ; then
   194	        if test "$sn" != "" ; then
   195	          echo -n "ADD unpack md5 arg to EXISTING POST_INSTALL or CREATED PRE_BUILD"
   196	        fi
   197	      fi
   198	    elif test -f $rp/BUILD ; then
   199	      if test "`grep unpack $rp/* | grep SOURCE$sn[^0-9] | grep MD5`" = "" ; then
   200	        if test "$sn" != "" ; then
   201	          echo -n "INIT unpack md5 arg or default_pre_build to NEW PRE_BUILD"
   202	        fi
   203	      fi
   204	    else
   205	      if test "$sn" != "" ; then
   206	        echo -n "APPEND unpack md5 arg to CREATED PRE_BUILD"
   207	      else
   208	        if test "$SOURCE2" != "" ; then
   209	          echo -n "INIT unpack md5 arg or default_pre_build to NEW PRE_BUILD"
   210	        fi
   211	      fi
   212	    fi
   213	  fi
   214	  echo -en "${DEFAULT_COLOR}"
   215	
   216	}
   217	
   218	#---------------------------------------------------------------------
   219	## @param spelldirectory
   220	##
   221	## spelldirectory is the spell's directory.
   222	## Checks the md5s of all source files in spelldirectory.
   223	##
   224	#---------------------------------------------------------------------
   225	function gaze_checkmd5s() {
   226	  spellroot=$1
   227	  SCRIPT_DIRECTORY=$spellroot
   228	  spellpath=$spellroot/DETAILS
   229	  spellname=`echo $spellroot | sed -e 's!/.*/!!'`
   230	  unset FORCE_DOWNLOAD
   231	  unset SOURCE
   232	  unset MD5 2> /dev/null
   233	  unset LICENSE 2> /dev/null
   234	  SPELL_CONFIG=$DEPENDS_CONFIG/$spellname
   235	
   236	  source $spellpath > /dev/null 2> /dev/null
   237	
   238	  gaze_checkmd5  $spellroot  ''
   239	
   240	  unset SOURCE
   241	  unset MD5[0] 2> /dev/null
   242	  unset LICENSE[0] 2> /dev/null
   243	  j=2
   244	  jj=SOURCE$j
   245	  while  [  -n "${!jj}"  ];  do
   246	
   247	    SOURCEvar=SOURCE$j
   248	    SOURCE=${!SOURCEvar}
   249	    if test "$SOURCE" != " " ; then
   250	
   251	      gaze_checkmd5  $spellroot  $j
   252	
   253	    fi
   254	    unset $jj
   255	    unset MD5[$(($j-1))] 2> /dev/null
   256	    unset LICENSE[$(($j-1))] 2> /dev/null
   257	    j=$(($j+1))
   258	    jj=SOURCE$j
   259	  done
   260	  unset VERSION
   261	
   262	}
   263	
   264	
   265	#---------------------------------------------------------------------
   266	## @param [<item> ...]
   267	##
   268	## item is a spell or section name.
   269	## Checks the md5s of various spells, sections, or if called with no
   270	## arguments, the entire grimoire.
   271	##
   272	#---------------------------------------------------------------------
   273	function gaze_md5check() {
   274	
   275	  message "${MESSAGE_COLOR}Going to check the md5 sums for the requested item, section or"
   276	  message "grimoire by testing your current collection of sources...${DEFAULT_COLOR}"
   277	
   278	  source /etc/sorcery/config
   279	
   280	  EMPTYMD5="`echo -n | md5sum | cut -d' ' -f1`"
   281	
   282	  #if CACHED is defined, then use some caches for speedy checking.
   283	  if ! test -z "$CACHED" ; then
   284	    PRECACHEDF=/var/spool/sorcery/reports/md5unpack
   285	    PRECACHEDB=/var/spool/sorcery/reports/md5sum
   286	  fi
   287	
   288	  unset  SECTIONS  SPELLS  UNKNOWN
   289	
   290	  [  -z  "$1"  ]  &&  SECTIONS=`codex_get_all_sections`
   291	
   292	  for  spell_or_section  in  $@;  do
   293	
   294	    if  codex_find_spell_or_section_by_name  $spell_or_section;  then
   295	      [  -n  "$CODEX_FOUND_SECTION"  ]  &&  SECTIONS="$SECTIONS $CODEX_FOUND_SECTION"
   296	      [  -n  "$CODEX_FOUND_SPELL"  ]    &&  SPELLS="$SPELLS $CODEX_FOUND_SPELL"
   297	    else
   298	      UNKNOWN="$spell_or_section $UNKNOWN"
   299	    fi
   300	
   301	  done
   302	
   303	  for i in $SECTIONS ; do
   304	    SPELLS="$SPELLS `codex_get_spells_in_section $i`"
   305	  done
   306	
   307	  for i in $SPELLS ; do
   308	    gaze_checkmd5s   $i
   309	  done
   310	
   311	  if [  -n  "$UNKNOWN"  ] ; then
   312	    for i in $UNKNOWN ; do
   313	      echo "unknown: $i"
   314	    done
   315	  fi
   316	
   317	}
   318