summaryrefslogtreecommitdiff
path: root/src/libimcv/plugins/imv_os
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@corsac.net>2017-11-21 10:22:31 +0100
committerYves-Alexis Perez <corsac@corsac.net>2017-11-21 10:22:31 +0100
commite1d78dc2faaa06e7c3f71ef674a71e4de2f0758e (patch)
treeae0c8b5f4cd8289d0797882ea18969f33ea59a1e /src/libimcv/plugins/imv_os
parent11d6b62db969bdd808d0f56706cb18f113927a31 (diff)
downloadvyos-strongswan-e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e.tar.gz
vyos-strongswan-e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e.zip
New upstream version 5.6.1
Diffstat (limited to 'src/libimcv/plugins/imv_os')
-rw-r--r--src/libimcv/plugins/imv_os/Makefile.am9
-rw-r--r--src/libimcv/plugins/imv_os/Makefile.in110
-rw-r--r--src/libimcv/plugins/imv_os/imv_os_agent.c3
-rw-r--r--src/libimcv/plugins/imv_os/imv_os_database.c34
-rw-r--r--src/libimcv/plugins/imv_os/imv_os_state.c24
-rw-r--r--src/libimcv/plugins/imv_os/imv_os_state.h10
-rw-r--r--src/libimcv/plugins/imv_os/pacman.c499
-rwxr-xr-xsrc/libimcv/plugins/imv_os/pacman.sh203
8 files changed, 59 insertions, 833 deletions
diff --git a/src/libimcv/plugins/imv_os/Makefile.am b/src/libimcv/plugins/imv_os/Makefile.am
index f5bc9010c..50a87d877 100644
--- a/src/libimcv/plugins/imv_os/Makefile.am
+++ b/src/libimcv/plugins/imv_os/Makefile.am
@@ -18,12 +18,3 @@ imv_os_la_SOURCES = \
imv_os_database.c imv_os_database.h
imv_os_la_LDFLAGS = -module -avoid-version -no-undefined
-
-if !USE_WINDOWS
-ipsec_PROGRAMS = pacman
-pacman_SOURCES = pacman.c
-pacman_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
-pacman.o : $(top_builddir)/config.status
-
-EXTRA_DIST = pacman.sh
-endif
diff --git a/src/libimcv/plugins/imv_os/Makefile.in b/src/libimcv/plugins/imv_os/Makefile.in
index a8d80b3f8..d5a6f07f1 100644
--- a/src/libimcv/plugins/imv_os/Makefile.in
+++ b/src/libimcv/plugins/imv_os/Makefile.in
@@ -14,7 +14,6 @@
@SET_MAKE@
-
VPATH = @srcdir@
am__is_gnu_make = { \
if test -z '$(MAKELEVEL)'; then \
@@ -89,7 +88,6 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-@USE_WINDOWS_FALSE@ipsec_PROGRAMS = pacman$(EXEEXT)
subdir = src/libimcv/plugins/imv_os
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -136,7 +134,7 @@ am__uninstall_files_from_dir = { \
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
$(am__cd) "$$dir" && rm -f $$files; }; \
}
-am__installdirs = "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(ipsecdir)"
+am__installdirs = "$(DESTDIR)$(imcvdir)"
LTLIBRARIES = $(imcv_LTLIBRARIES)
imv_os_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \
$(top_builddir)/src/libstrongswan/libstrongswan.la
@@ -150,11 +148,6 @@ am__v_lt_1 =
imv_os_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(imv_os_la_LDFLAGS) $(LDFLAGS) -o $@
-PROGRAMS = $(ipsec_PROGRAMS)
-am__pacman_SOURCES_DIST = pacman.c
-@USE_WINDOWS_FALSE@am_pacman_OBJECTS = pacman.$(OBJEXT)
-pacman_OBJECTS = $(am_pacman_OBJECTS)
-@USE_WINDOWS_FALSE@pacman_DEPENDENCIES = $(top_builddir)/src/libstrongswan/libstrongswan.la
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
@@ -189,8 +182,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
-SOURCES = $(imv_os_la_SOURCES) $(pacman_SOURCES)
-DIST_SOURCES = $(imv_os_la_SOURCES) $(am__pacman_SOURCES_DIST)
+SOURCES = $(imv_os_la_SOURCES)
+DIST_SOURCES = $(imv_os_la_SOURCES)
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
@@ -250,9 +243,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
@@ -472,9 +467,6 @@ imv_os_la_SOURCES = \
imv_os_database.c imv_os_database.h
imv_os_la_LDFLAGS = -module -avoid-version -no-undefined
-@USE_WINDOWS_FALSE@pacman_SOURCES = pacman.c
-@USE_WINDOWS_FALSE@pacman_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
-@USE_WINDOWS_FALSE@EXTRA_DIST = pacman.sh
all: all-am
.SUFFIXES:
@@ -546,59 +538,6 @@ clean-imcvLTLIBRARIES:
imv-os.la: $(imv_os_la_OBJECTS) $(imv_os_la_DEPENDENCIES) $(EXTRA_imv_os_la_DEPENDENCIES)
$(AM_V_CCLD)$(imv_os_la_LINK) -rpath $(imcvdir) $(imv_os_la_OBJECTS) $(imv_os_la_LIBADD) $(LIBS)
-install-ipsecPROGRAMS: $(ipsec_PROGRAMS)
- @$(NORMAL_INSTALL)
- @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \
- if test -n "$$list"; then \
- echo " $(MKDIR_P) '$(DESTDIR)$(ipsecdir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" || exit 1; \
- fi; \
- for p in $$list; do echo "$$p $$p"; done | \
- sed 's/$(EXEEXT)$$//' | \
- while read p p1; do if test -f $$p \
- || test -f $$p1 \
- ; then echo "$$p"; echo "$$p"; else :; fi; \
- done | \
- sed -e 'p;s,.*/,,;n;h' \
- -e 's|.*|.|' \
- -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
- sed 'N;N;N;s,\n, ,g' | \
- $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
- { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
- if ($$2 == $$4) files[d] = files[d] " " $$1; \
- else { print "f", $$3 "/" $$4, $$1; } } \
- END { for (d in files) print "f", d, files[d] }' | \
- while read type dir files; do \
- if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
- test -z "$$files" || { \
- echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(ipsecdir)$$dir'"; \
- $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(ipsecdir)$$dir" || exit $$?; \
- } \
- ; done
-
-uninstall-ipsecPROGRAMS:
- @$(NORMAL_UNINSTALL)
- @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \
- files=`for p in $$list; do echo "$$p"; done | \
- sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
- -e 's/$$/$(EXEEXT)/' \
- `; \
- test -n "$$list" || exit 0; \
- echo " ( cd '$(DESTDIR)$(ipsecdir)' && rm -f" $$files ")"; \
- cd "$(DESTDIR)$(ipsecdir)" && rm -f $$files
-
-clean-ipsecPROGRAMS:
- @list='$(ipsec_PROGRAMS)'; test -n "$$list" || exit 0; \
- echo " rm -f" $$list; \
- rm -f $$list || exit $$?; \
- test -n "$(EXEEXT)" || exit 0; \
- list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
- echo " rm -f" $$list; \
- rm -f $$list
-
-pacman$(EXEEXT): $(pacman_OBJECTS) $(pacman_DEPENDENCIES) $(EXTRA_pacman_DEPENDENCIES)
- @rm -f pacman$(EXEEXT)
- $(AM_V_CCLD)$(LINK) $(pacman_OBJECTS) $(pacman_LDADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -610,7 +549,6 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_os_agent.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_os_database.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_os_state.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pacman.Po@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@@ -726,9 +664,9 @@ distdir: $(DISTFILES)
done
check-am: all-am
check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS)
+all-am: Makefile $(LTLIBRARIES)
installdirs:
- for dir in "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(ipsecdir)"; do \
+ for dir in "$(DESTDIR)$(imcvdir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-am
@@ -763,8 +701,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-imcvLTLIBRARIES clean-ipsecPROGRAMS \
- clean-libtool mostlyclean-am
+clean-am: clean-generic clean-imcvLTLIBRARIES clean-libtool \
+ mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -784,7 +722,7 @@ info: info-am
info-am:
-install-data-am: install-imcvLTLIBRARIES install-ipsecPROGRAMS
+install-data-am: install-imcvLTLIBRARIES
install-dvi: install-dvi-am
@@ -830,29 +768,27 @@ ps: ps-am
ps-am:
-uninstall-am: uninstall-imcvLTLIBRARIES uninstall-ipsecPROGRAMS
+uninstall-am: uninstall-imcvLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
- clean-imcvLTLIBRARIES clean-ipsecPROGRAMS clean-libtool \
- cscopelist-am ctags ctags-am distclean distclean-compile \
- distclean-generic distclean-libtool distclean-tags distdir dvi \
- dvi-am html html-am info info-am install install-am \
- install-data install-data-am install-dvi install-dvi-am \
- install-exec install-exec-am install-html install-html-am \
+ clean-imcvLTLIBRARIES clean-libtool cscopelist-am ctags \
+ ctags-am distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am \
install-imcvLTLIBRARIES install-info install-info-am \
- install-ipsecPROGRAMS install-man install-pdf install-pdf-am \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags tags-am uninstall uninstall-am uninstall-imcvLTLIBRARIES \
- uninstall-ipsecPROGRAMS
+ install-man install-pdf install-pdf-am install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
+ uninstall-am uninstall-imcvLTLIBRARIES
.PRECIOUS: Makefile
-@USE_WINDOWS_FALSE@pacman.o : $(top_builddir)/config.status
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libimcv/plugins/imv_os/imv_os_agent.c b/src/libimcv/plugins/imv_os/imv_os_agent.c
index 4bf6c7e21..3fa3d0965 100644
--- a/src/libimcv/plugins/imv_os/imv_os_agent.c
+++ b/src/libimcv/plugins/imv_os/imv_os_agent.c
@@ -705,8 +705,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
eval = fail ? TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR :
TNC_IMV_EVALUATION_RESULT_COMPLIANT;
snprintf(result_str, BUF_LEN, "processed %d packages: "
- "%d not updated, %d blacklisted, %d ok, "
- "%d unknown",
+ "%d vulnerable, %d blacklisted, %d ok, %d unknown",
count, count_update, count_blacklist, count_ok,
count - count_update - count_blacklist - count_ok);
break;
diff --git a/src/libimcv/plugins/imv_os/imv_os_database.c b/src/libimcv/plugins/imv_os/imv_os_database.c
index 31b889b74..049c844bc 100644
--- a/src/libimcv/plugins/imv_os/imv_os_database.c
+++ b/src/libimcv/plugins/imv_os/imv_os_database.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012-2014 Andreas Steffen
+ * Copyright (C) 2012-2017 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -51,7 +51,7 @@ METHOD(imv_os_database_t, check_packages, status_t,
char *product, *package, *release, *cur_release;
chunk_t name, version;
int pid, gid, security, blacklist;
- int count = 0, count_ok = 0, count_no_match = 0, count_blacklist = 0;
+ int count = 0, count_ok = 0, count_security = 0, count_blacklist = 0;
enumerator_t *e;
status_t status = SUCCESS;
bool found, match;
@@ -103,11 +103,8 @@ METHOD(imv_os_database_t, check_packages, status_t,
if (!e->enumerate(e, &gid))
{
/* package not present in database for any product - skip */
- if (os_type == OS_TYPE_ANDROID)
- {
- DBG2(DBG_IMV, "package '%s' (%.*s) not found",
- package, version.len, version.ptr);
- }
+ DBG2(DBG_IMV, "package '%s' (%.*s) not found",
+ package, version.len, version.ptr);
free(package);
e->destroy(e);
continue;
@@ -148,36 +145,41 @@ METHOD(imv_os_database_t, check_packages, status_t,
{
if (blacklist)
{
- DBG2(DBG_IMV, "package '%s' (%s) is blacklisted",
+ DBG1(DBG_IMV, "package '%s' (%s) is blacklisted",
package, release);
count_blacklist++;
os_state->add_bad_package(os_state, package,
OS_PACKAGE_STATE_BLACKLIST);
}
+ else if (security)
+ {
+ DBG1(DBG_IMV, "package '%s' (%s) is vulnerable",
+ package, release);
+ os_state->add_bad_package(os_state, package,
+ OS_PACKAGE_STATE_SECURITY);
+ count_security++;
+ }
else
{
- DBG2(DBG_IMV, "package '%s' (%s)%s is ok", package, release,
- security ? " [s]" : "");
+ DBG2(DBG_IMV, "package '%s' (%s) is ok",
+ package, release);
count_ok++;
}
}
else
{
DBG1(DBG_IMV, "package '%s' (%s) no match", package, release);
- count_no_match++;
- os_state->add_bad_package(os_state, package,
- OS_PACKAGE_STATE_SECURITY);
}
}
else
{
- /* package not present in database for this product - skip */
+ DBG2(DBG_IMV, "package '%s' (%s) unknown", package, release);
}
free(package);
free(release);
}
- os_state->set_count(os_state, count, count_no_match,
- count_blacklist, count_ok);
+ os_state->set_count(os_state, count, count_security, count_blacklist,
+ count_ok);
return status;
}
diff --git a/src/libimcv/plugins/imv_os/imv_os_state.c b/src/libimcv/plugins/imv_os/imv_os_state.c
index ac826a77c..af5daf0fc 100644
--- a/src/libimcv/plugins/imv_os/imv_os_state.c
+++ b/src/libimcv/plugins/imv_os/imv_os_state.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012-2014 Andreas Steffen
+ * Copyright (C) 2012-2017 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -121,9 +121,9 @@ struct private_imv_os_state_t {
int count;
/**
- * Number of not updated packages
+ * Number of vulnerable packages
*/
- int count_update;
+ int count_security;
/**
* Number of blacklisted packages
@@ -372,7 +372,7 @@ METHOD(imv_state_t, get_reason_string, bool,
private_imv_os_state_t *this, enumerator_t *language_enumerator,
chunk_t *reason_string, char **reason_language)
{
- if (!this->count_update && !this->count_blacklist & !this->os_settings)
+ if (!this->count_security && !this->count_blacklist & !this->os_settings)
{
return FALSE;
}
@@ -383,7 +383,7 @@ METHOD(imv_state_t, get_reason_string, bool,
DESTROY_IF(this->reason_string);
this->reason_string = imv_reason_string_create(*reason_language, "\n");
- if (this->count_update || this->count_blacklist)
+ if (this->count_security || this->count_blacklist)
{
this->reason_string->add_reason(this->reason_string, reason_packages);
}
@@ -403,7 +403,7 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
imv_os_info_t *os_info;
bool as_xml = FALSE;
- if (!this->count_update && !this->count_blacklist & !this->os_settings)
+ if (!this->count_security && !this->count_blacklist & !this->os_settings)
{
return FALSE;
}
@@ -430,7 +430,7 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
}
/* List of packages in need of an update, if any */
- if (this->count_update)
+ if (this->count_security)
{
this->remediation_string->add_instruction(this->remediation_string,
instr_update_packages_title,
@@ -492,26 +492,26 @@ METHOD(imv_os_state_t, get_handshake_state, imv_os_handshake_state_t,
METHOD(imv_os_state_t, set_count, void,
- private_imv_os_state_t *this, int count, int count_update,
+ private_imv_os_state_t *this, int count, int count_security,
int count_blacklist, int count_ok)
{
this->count += count;
- this->count_update += count_update;
+ this->count_security += count_security;
this->count_blacklist += count_blacklist;
this->count_ok += count_ok;
}
METHOD(imv_os_state_t, get_count, void,
- private_imv_os_state_t *this, int *count, int *count_update,
+ private_imv_os_state_t *this, int *count, int *count_security,
int *count_blacklist, int *count_ok)
{
if (count)
{
*count = this->count;
}
- if (count_update)
+ if (count_security)
{
- *count_update = this->count_update;
+ *count_security = this->count_security;
}
if (count_blacklist)
{
diff --git a/src/libimcv/plugins/imv_os/imv_os_state.h b/src/libimcv/plugins/imv_os/imv_os_state.h
index aa9b64076..d73a47412 100644
--- a/src/libimcv/plugins/imv_os/imv_os_state.h
+++ b/src/libimcv/plugins/imv_os/imv_os_state.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012-2014 Andreas Steffen
+ * Copyright (C) 2012-2017 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -81,22 +81,22 @@ struct imv_os_state_t {
* Set [or with multiple attributes increment] package counters
*
* @param count Number of processed packages
- * @param count_update Number of not updated packages
+ * @param count_security Number of vulnerable packages
* @param count_blacklist Number of blacklisted packages
* @param count_ok Number of whitelisted packages
*/
- void (*set_count)(imv_os_state_t *this, int count, int count_update,
+ void (*set_count)(imv_os_state_t *this, int count, int count_security,
int count_blacklist, int count_ok);
/**
* Set [or with multiple attributes increment] package counters
*
* @param count Number of processed packages
- * @param count_update Number of not updated packages
+ * @param count_security Number of vulnerable packages
* @param count_blacklist Number of blacklisted packages
* @param count_ok Number of whitelisted packages
*/
- void (*get_count)(imv_os_state_t *this, int *count, int *count_update,
+ void (*get_count)(imv_os_state_t *this, int *count, int *count_security,
int *count_blacklist, int *count_ok);
/**
diff --git a/src/libimcv/plugins/imv_os/pacman.c b/src/libimcv/plugins/imv_os/pacman.c
deleted file mode 100644
index fbcab5eba..000000000
--- a/src/libimcv/plugins/imv_os/pacman.c
+++ /dev/null
@@ -1,499 +0,0 @@
-/*
- * Copyright (C) 2012 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#define _GNU_SOURCE
-#include <getopt.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include <syslog.h>
-#include <time.h>
-#include <sys/stat.h>
-
-#include "imv_os_state.h"
-
-#include <library.h>
-#include <utils/debug.h>
-
-typedef enum pacman_state_t pacman_state_t;
-
-enum pacman_state_t {
- PACMAN_STATE_BEGIN_PACKAGE,
- PACMAN_STATE_VERSION,
- PACMAN_STATE_END_PACKAGE
-};
-
-typedef struct stats_t stats_t;
-
-struct stats_t {
- time_t release;
- int product;
- int packages;
- int new_packages;
- int new_versions;
- int updated_versions;
- int deleted_versions;
-};
-
-/**
- * global debug output variables
- */
-static int debug_level = 1;
-static bool stderr_quiet = TRUE;
-
-/**
- * pacman dbg function
- */
-static void pacman_dbg(debug_t group, level_t level, char *fmt, ...)
-{
- int priority = LOG_INFO;
- char buffer[8192];
- char *current = buffer, *next;
- va_list args;
-
- if (level <= debug_level)
- {
- if (!stderr_quiet)
- {
- va_start(args, fmt);
- vfprintf(stderr, fmt, args);
- fprintf(stderr, "\n");
- va_end(args);
- }
-
- /* write in memory buffer first */
- va_start(args, fmt);
- vsnprintf(buffer, sizeof(buffer), fmt, args);
- va_end(args);
-
- /* do a syslog with every line */
- while (current)
- {
- next = strchr(current, '\n');
- if (next)
- {
- *(next++) = '\0';
- }
- syslog(priority, "%s\n", current);
- current = next;
- }
- }
-}
-
-/**
- * atexit handler to close everything on shutdown
- */
-static void cleanup(void)
-{
- closelog();
- library_deinit();
-}
-
-static void usage(void)
-{
- printf("Parses package information files from Debian/Ubuntu repositories and\n");
- printf("stores the extracted information in the database used by the OS IMV.\n\n");
- printf("ipsec pacman --product <name> --file <filename> [--security]\n\n");
- printf(" --help print usage information\n");
- printf(" --product <name> name of the Debian/Ubuntu release, as stored in the DB\n");
- printf(" --file <filename> package information file to parse\n");
- printf(" --security set this when parsing a file with security updates\n");
- printf("\n");
-}
-
-/**
- * Update the package database
- */
-static bool update_database(database_t *db, char *package, char *version,
- bool security, stats_t *stats)
-{
- char *cur_version, *version_update = NULL, *version_delete = NULL;
- int cur_security, security_update = 0, security_delete = 0;
- int pac_id = 0, vid = 0, vid_update = 0, vid_delete = 0;
- u_int cur_time;
- bool add_version = TRUE;
- enumerator_t *e;
-
- /* increment package count */
- stats->packages++;
-
- /* check if package is already in database */
- e = db->query(db, "SELECT id FROM packages WHERE name = ?",
- DB_TEXT, package, DB_INT);
- if (!e)
- {
- return FALSE;
- }
- if (!e->enumerate(e, &pac_id))
- {
- pac_id = 0;
- }
- e->destroy(e);
-
- if (!pac_id && security)
- {
- if (db->execute(db, &pac_id, "INSERT INTO packages (name) VALUES (?)",
- DB_TEXT, package) != 1)
- {
- fprintf(stderr, "could not store package '%s' to database\n",
- package);
- return FALSE;
- }
- stats->new_packages++;
- }
-
- /* check for package versions already in database */
- e = db->query(db,
- "SELECT id, release, security, time FROM versions "
- "WHERE package = ? AND product = ?", DB_INT, pac_id,
- DB_INT, stats->product, DB_INT, DB_TEXT, DB_INT, DB_UINT);
- if (!e)
- {
- return FALSE;
- }
-
- while (e->enumerate(e, &vid, &cur_version, &cur_security, &cur_time))
- {
- if (streq(version, cur_version))
- {
- /* already in data base */
- add_version = FALSE;
- break;
- }
- else if (stats->release >= cur_time)
- {
- if (security)
- {
- if (cur_security)
- {
- vid_update = vid;
- version_update = strdup(cur_version);
- security_update = cur_security;
- }
- else
- {
- vid_delete = vid;
- version_delete = strdup(cur_version);
- security_delete = cur_security;
- }
- }
- else
- {
- if (!cur_security)
- {
- vid_update = vid;
- version_update = strdup(cur_version);
- security_update = cur_security;
- }
- }
- }
- else
- {
- if (security == cur_security)
- {
- add_version = FALSE;
- }
- }
- }
- e->destroy(e);
-
- if ((!vid && !security) || (vid && !add_version))
- {
- free(version_update);
- free(version_delete);
- return TRUE;
- }
-
- if ((!vid && security) || (vid && !vid_update))
- {
- printf("%s (%s) %s\n", package, version, security ? "[s]" : "");
-
- if (db->execute(db, &vid,
- "INSERT INTO versions "
- "(package, product, release, security, time) "
- "VALUES (?, ?, ?, ?, ?)", DB_INT, pac_id, DB_INT, stats->product,
- DB_TEXT, version, DB_INT, security, DB_INT, stats->release) != 1)
- {
- fprintf(stderr, "could not store version '%s' to database\n",
- version);
- free(version_update);
- free(version_delete);
- return FALSE;
- }
- stats->new_versions++;
- }
- else
- {
- printf("%s (%s) %s updated by\n",
- package, version_update, security_update ? "[s]" : "");
- printf("%s (%s) %s\n", package, version, security ? "[s]" : "");
-
- if (db->execute(db, NULL,
- "UPDATE versions SET release = ?, time = ? WHERE id = ?",
- DB_TEXT, version, DB_INT, stats->release, DB_INT, vid_update) <= 0)
- {
- fprintf(stderr, "could not update version '%s' to database\n",
- version);
- free(version_update);
- free(version_delete);
- return FALSE;
- }
- stats->updated_versions++;
- }
-
- if (vid_delete)
- {
- printf("%s (%s) %s deleted\n",
- package, version_delete, security_delete ? "[s]" : "");
- if (db->execute(db, NULL,
- "DELETE FROM versions WHERE id = ?",
- DB_INT, vid_delete) <= 0)
- {
- fprintf(stderr, "could not delete version '%s' from database\n",
- version_delete);
- free(version_update);
- free(version_delete);
- return FALSE;
- }
- stats->deleted_versions++;
- }
- free(version_update);
- free(version_delete);
-
- return TRUE;
-}
-
-/**
- * Process a package file and store updates in the database
- */
-static void process_packages(char *filename, char *product, bool security)
-{
- char *uri, line[BUF_LEN], *pos, *package = NULL, *version = NULL;
- pacman_state_t pacman_state;
- enumerator_t *e;
- database_t *db;
- int pid;
- FILE *file;
- stats_t stats;
- bool success;
-
- /* initialize statistics */
- memset(&stats, 0x00, sizeof(stats_t));
-
- /* Set release date to current time */
- stats.release = time(NULL);
-
- /* opening package file */
- printf("loading\"%s\"\n", filename);
- file = fopen(filename, "r");
- if (!file)
- {
- fprintf(stderr, "could not open \"%s\"\n", filename);
- exit(EXIT_FAILURE);
- }
-
- /* connect package database */
- uri = lib->settings->get_str(lib->settings, "pacman.database", NULL);
- if (!uri)
- {
- fprintf(stderr, "database URI pacman.database not set\n");
- fclose(file);
- exit(EXIT_FAILURE);
- }
- db = lib->db->create(lib->db, uri);
- if (!db)
- {
- fprintf(stderr, "could not connect to database '%s'\n", uri);
- fclose(file);
- exit(EXIT_FAILURE);
- }
-
- /* check if product is already in database */
- e = db->query(db, "SELECT id FROM products WHERE name = ?",
- DB_TEXT, product, DB_INT);
- if (e)
- {
- if (e->enumerate(e, &pid))
- {
- stats.product = pid;
- }
- e->destroy(e);
- }
- if (!stats.product)
- {
- if (db->execute(db, &pid, "INSERT INTO products (name) VALUES (?)",
- DB_TEXT, product) != 1)
- {
- fprintf(stderr, "could not store product '%s' to database\n",
- product);
- fclose(file);
- db->destroy(db);
- exit(EXIT_FAILURE);
- }
- stats.product = pid;
- }
-
- pacman_state = PACMAN_STATE_BEGIN_PACKAGE;
-
- while (fgets(line, sizeof(line), file))
- {
- /* set read pointer to beginning of line */
- pos = line;
-
- switch (pacman_state)
- {
- case PACMAN_STATE_BEGIN_PACKAGE:
- pos = strstr(pos, "Package: ");
- if (!pos)
- {
- continue;
- }
- pos += 9;
- package = pos;
- pos = strchr(pos, '\n');
- if (pos)
- {
- package = strndup(package, pos - package);
- pacman_state = PACMAN_STATE_VERSION;
- }
- break;
- case PACMAN_STATE_VERSION:
- pos = strstr(pos, "Version: ");
- if (!pos)
- {
- continue;
- }
- pos += 9;
- version = pos;
- pos = strchr(pos, '\n');
- if (pos)
- {
- version = strndup(version, pos - version);
- pacman_state = PACMAN_STATE_END_PACKAGE;
- }
- break;
- case PACMAN_STATE_END_PACKAGE:
- if (*pos != '\n')
- {
- continue;
- }
- success = update_database(db, package, version, security, &stats);
- free(package);
- free(version);
- if (!success)
- {
- fclose(file);
- db->destroy(db);
- exit(EXIT_FAILURE);
- }
- pacman_state = PACMAN_STATE_BEGIN_PACKAGE;
- }
- }
- switch (pacman_state)
- {
- case PACMAN_STATE_END_PACKAGE:
- free(version);
- /* fall-through */
- case PACMAN_STATE_VERSION:
- free(package);
- break;
- default:
- break;
- }
- fclose(file);
- db->destroy(db);
-
- printf("processed %d packages, %d new packages, %d new versions, "
- "%d updated versions, %d deleted versions\n",
- stats.packages, stats.new_packages, stats.new_versions,
- stats.updated_versions, stats.deleted_versions);
-}
-
-static void do_args(int argc, char *argv[])
-{
- char *filename = NULL, *product = NULL;
- bool security = FALSE;
-
- /* reinit getopt state */
- optind = 0;
-
- while (TRUE)
- {
- int c;
-
- struct option long_opts[] = {
- { "help", no_argument, NULL, 'h' },
- { "file", required_argument, NULL, 'f' },
- { "product", required_argument, NULL, 'p' },
- { "security", no_argument, NULL, 's' },
- { 0,0,0,0 }
- };
-
- c = getopt_long(argc, argv, "", long_opts, NULL);
- switch (c)
- {
- case EOF:
- break;
- case 'h':
- usage();
- exit(EXIT_SUCCESS);
- case 'f':
- filename = optarg;
- continue;
- case 'p':
- product = optarg;
- continue;
- case 's':
- security = TRUE;
- continue;
- }
- break;
- }
-
- if (filename && product)
- {
- process_packages(filename, product, security);
- }
- else
- {
- usage();
- exit(EXIT_FAILURE);
- }
-}
-
-int main(int argc, char *argv[])
-{
- /* enable attest debugging hook */
- dbg = pacman_dbg;
- openlog("pacman", 0, LOG_DEBUG);
-
- atexit(cleanup);
-
- /* initialize library */
- if (!library_init(NULL, "pacman"))
- {
- exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
- }
- if (!lib->plugins->load(lib->plugins,
- lib->settings->get_str(lib->settings, "pacman.load", "sqlite")))
- {
- exit(SS_RC_INITIALIZATION_FAILED);
- }
- do_args(argc, argv);
-
- exit(EXIT_SUCCESS);
-}
-
diff --git a/src/libimcv/plugins/imv_os/pacman.sh b/src/libimcv/plugins/imv_os/pacman.sh
deleted file mode 100755
index fcf35b644..000000000
--- a/src/libimcv/plugins/imv_os/pacman.sh
+++ /dev/null
@@ -1,203 +0,0 @@
-#!/bin/sh
-
-DIR="/etc/pts"
-DATE=`date +%Y%m%d-%H%M`
-UBUNTU="http://security.ubuntu.com/ubuntu/dists"
-UBUNTU_VERSIONS="trusty saucy raring quantal precise lucid"
-UBUNTU_DIRS="main multiverse restricted universe"
-UBUNTU_ARCH="binary-amd64 binary-i386"
-DEBIAN="http://security.debian.org/dists"
-DEBIAN_VERSIONS="jessie wheezy squeeze"
-DEBIAN_DIRS="main contrib non-free"
-DEBIAN_ARCH="binary-amd64 binary-i386"
-PACMAN=/usr/libexec/ipsec/pacman
-PACMAN_LOG="$DIR/$DATE-pacman.log"
-
-mkdir -p $DIR/dists
-cd $DIR/dists
-
-for v in $UBUNTU_VERSIONS
-do
- for a in $UBUNTU_ARCH
- do
- mkdir -p $v-security/$a $v-updates/$a
- for d in $UBUNTU_DIRS
- do
- wget $UBUNTU/$v-security/$d/$a/Packages.bz2 -O $v-security/$a/Packages-$d.bz2
- bunzip2 -f $v-security/$a/Packages-$d.bz2
- wget $UBUNTU/$v-updates/$d/$a/Packages.bz2 -O $v-updates/$a/Packages-$d.bz2
- bunzip2 -f $v-updates/$a/Packages-$d.bz2
- done
- done
-done
-
-for v in $DEBIAN_VERSIONS
-do
- for a in $DEBIAN_ARCH
- do
- mkdir -p $v-updates/$a
- for d in $DEBIAN_DIRS
- do
- wget $DEBIAN/$v/updates/$d/$a/Packages.bz2 -O $v-updates/$a/Packages-$d.bz2
- bunzip2 -f $v-updates/$a/Packages-$d.bz2
- done
- done
-done
-
-for f in trusty-security/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 14.04 x86_64" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in trusty-updates/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 14.04 x86_64" --file $f >> $PACMAN_LOG
-done
-echo
-for f in trusty-security/binary-i386/*
-do
- $PACMAN --product "Ubuntu 14.04 i686" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in trusty-updates/binary-i386/*
-do
- $PACMAN --product "Ubuntu 14.04 i686" --file $f >> $PACMAN_LOG
-done
-echo
-
-for f in saucy-security/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 13.10 x86_64" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in saucy-updates/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 13.10 x86_64" --file $f >> $PACMAN_LOG
-done
-echo
-for f in saucy-security/binary-i386/*
-do
- $PACMAN --product "Ubuntu 13.10 i686" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in saucy-updates/binary-i386/*
-do
- $PACMAN --product "Ubuntu 13.10 i686" --file $f >> $PACMAN_LOG
-done
-echo
-
-for f in raring-security/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 13.04 x86_64" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in raring-updates/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 13.04 x86_64" --file $f >> $PACMAN_LOG
-done
-echo
-for f in raring-security/binary-i386/*
-do
- $PACMAN --product "Ubuntu 13.04 i686" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in raring-updates/binary-i386/*
-do
- $PACMAN --product "Ubuntu 13.04 i686" --file $f >> $PACMAN_LOG
-done
-echo
-
-for f in quantal-security/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 12.10 x86_64" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in quantal-updates/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 12.10 x86_64" --file $f >> $PACMAN_LOG
-done
-echo
-for f in quantal-security/binary-i386/*
-do
- $PACMAN --product "Ubuntu 12.10 i686" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in quantal-updates/binary-i386/*
-do
- $PACMAN --product "Ubuntu 12.10 i686" --file $f >> $PACMAN_LOG
-done
-echo
-
-for f in precise-security/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 12.04 x86_64" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in precise-updates/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 12.04 x86_64" --file $f >> $PACMAN_LOG
-done
-echo
-for f in precise-security/binary-i386/*
-do
- $PACMAN --product "Ubuntu 12.04 i686" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in precise-updates/binary-i386/*
-do
- $PACMAN --product "Ubuntu 12.04 i686" --file $f >> $PACMAN_LOG
-done
-echo
-
-for f in lucid-security/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 10.04 x86_64" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in lucid-updates/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 10.04 x86_64" --file $f >> $PACMAN_LOG
-done
-echo
-for f in lucid-security/binary-i386/*
-do
- $PACMAN --product "Ubuntu 10.04 i686" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in lucid-updates/binary-i386/*
-do
- $PACMAN --product "Ubuntu 10.04 i686" --file $f >> $PACMAN_LOG
-done
-echo
-
-for f in jessie-updates/binary-amd64/*
-do
- $PACMAN --product "Debian 8.0 x86_64" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in jessie-updates/binary-i386/*
-do
- $PACMAN --product "Debian 8.0 i686" --file $f --security >> $PACMAN_LOG
-done
-
-for f in wheezy-updates/binary-amd64/*
-do
- $PACMAN --product "Debian 7.0 x86_64" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in wheezy-updates/binary-i386/*
-do
- $PACMAN --product "Debian 7.0 i686" --file $f --security >> $PACMAN_LOG
-done
-
-for f in squeeze-updates/binary-amd64/*
-do
- $PACMAN --product "Debian 6.0 x86_64" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in squeeze-updates/binary-i386/*
-do
- $PACMAN --product "Debian 6.0 i686" --file $f --security >> $PACMAN_LOG
-done
-
-cp $DIR/config.db $DIR/config.db-$DATE