1b8e53d1a8c21004540bc866a1a2b1304a64ef1e
[strongswan.git] / src / libimcv / plugins / imv_os / pacman.c
1 /*
2 * Copyright (C) 2012 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #define _GNU_SOURCE
17 #include <getopt.h>
18 #include <unistd.h>
19 #include <stdio.h>
20 #include <string.h>
21 #include <errno.h>
22 #include <syslog.h>
23 #include <time.h>
24
25 #include <library.h>
26 #include <utils/debug.h>
27
28 /**
29 * global debug output variables
30 */
31 static int debug_level = 1;
32 static bool stderr_quiet = TRUE;
33
34 /**
35 * pacman dbg function
36 */
37 static void pacman_dbg(debug_t group, level_t level, char *fmt, ...)
38 {
39 int priority = LOG_INFO;
40 char buffer[8192];
41 char *current = buffer, *next;
42 va_list args;
43
44 if (level <= debug_level)
45 {
46 if (!stderr_quiet)
47 {
48 va_start(args, fmt);
49 vfprintf(stderr, fmt, args);
50 fprintf(stderr, "\n");
51 va_end(args);
52 }
53
54 /* write in memory buffer first */
55 va_start(args, fmt);
56 vsnprintf(buffer, sizeof(buffer), fmt, args);
57 va_end(args);
58
59 /* do a syslog with every line */
60 while (current)
61 {
62 next = strchr(current, '\n');
63 if (next)
64 {
65 *(next++) = '\0';
66 }
67 syslog(priority, "%s\n", current);
68 current = next;
69 }
70 }
71 }
72
73 /**
74 * atexit handler to close everything on shutdown
75 */
76 static void cleanup(void)
77 {
78 closelog();
79 library_deinit();
80 }
81
82 static void usage(void)
83 {
84 printf("Usage:\n"
85 "ipsec pacman --file <filename> --package <name>\n");
86 }
87
88 /**
89 * Extract the time the package file was generated
90 */
91 static time_t extract_time(char *line)
92 {
93 struct tm t;
94 char wday[4], mon[4];
95 char* months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
96 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
97 int i;
98
99 if (sscanf(line, "Generated: %3s %3s %2d %2d:%2d:%2d %4d UTC", wday, mon,
100 &t.tm_mday, &t.tm_hour, &t.tm_min, &t.tm_sec, &t.tm_year) != 7)
101 {
102 return UNDEFINED_TIME;
103 }
104 t.tm_isdst = 0;
105 t.tm_year -= 1900;
106 t.tm_mon = 12;
107
108 for (i = 0; i < countof(months); i++)
109 {
110 if (streq(mon, months[i]))
111 {
112 t.tm_mon = i;
113 break;
114 }
115 }
116 if (t.tm_mon == 12)
117 {
118 return UNDEFINED_TIME;
119 }
120
121 return mktime(&t) - timezone;
122 }
123
124 /**
125 * Process a package file and store updates in the database
126 */
127 static void process_packages(char *filename, char *product, bool update)
128 {
129 char *uri, line[12288], *pos;
130 int count = 0, errored = 0, vulnerable = 0;
131 int new_packages = 0, new_versions = 0;
132 u_int32_t pid = 0;
133 enumerator_t *e;
134 database_t *db;
135 FILE *file;
136
137 /* opening package file */
138 printf("loading\"%s\"\n", filename);
139 file = fopen(filename, "r");
140 if (!file)
141 {
142 fprintf(stderr, "could not open \"%s\"\n", filename);
143 exit(EXIT_FAILURE);
144 }
145
146 /* connect package database */
147 uri = lib->settings->get_str(lib->settings, "pacman.database", NULL);
148 if (!uri)
149 {
150 fprintf(stderr, "database URI pacman.database not set\n");
151 fclose(file);
152 exit(EXIT_FAILURE);
153 }
154 db = lib->db->create(lib->db, uri);
155 if (!db)
156 {
157 fprintf(stderr, "could not connect to database '%s'\n", uri);
158 fclose(file);
159 exit(EXIT_FAILURE);
160 }
161
162 /* check if product is already in database */
163 e = db->query(db, "SELECT id FROM products WHERE name = ?",
164 DB_TEXT, product, DB_INT);
165 if (e)
166 {
167 if (!e->enumerate(e, &pid))
168 {
169 pid = 0;
170 }
171 e->destroy(e);
172 }
173 if (!pid)
174 {
175 if (db->execute(db, &pid, "INSERT INTO products (name) VALUES (?)",
176 DB_TEXT, product) != 1)
177 {
178 fprintf(stderr, "could not store product '%s' to database\n",
179 product);
180 fclose(file);
181 db->destroy(db);
182 exit(EXIT_FAILURE);
183 }
184 }
185
186 while (fgets(line, sizeof(line), file))
187 {
188 char *package, *version, *current_version;
189 bool security, update_version = TRUE;
190 int current_security;
191 u_int32_t gid = 0, vid = 0;
192 time_t generation_time;
193
194 count++;
195 if (count == 1)
196 {
197 printf("%s", line);
198 }
199 if (count == 3)
200 {
201 generation_time = extract_time(line);
202
203 if (generation_time == UNDEFINED_TIME)
204 {
205 fprintf(stderr, "could not extract generation time\n");
206 fclose(file);
207 db->destroy(db);
208 exit(EXIT_FAILURE);
209 }
210 printf("Generated: %T\n", &generation_time, TRUE);
211 }
212 if (count < 7)
213 {
214 continue;
215 }
216
217 /* look for the package name */
218 pos = strchr(line, ' ');
219 if (!pos)
220 {
221 fprintf(stderr, "could not extract package name from '%.*s'",
222 strlen(line)-1, line);
223 errored++;
224 continue;
225 }
226 *pos++ = '\0';
227 package = line;
228
229 /* look for version string in parentheses */
230 if (*pos == '(')
231 {
232 version = ++pos;
233 pos = strchr(pos, ')');
234 if (pos)
235 {
236 *pos++ = '\0';
237 }
238 else
239 {
240 fprintf(stderr, "could not extract package version from '%.*s'\n",
241 strlen(line)-1, line);
242 errored++;
243 continue;
244 }
245 }
246 else
247 {
248 /* no version information, skip entry */
249 continue;
250 }
251 security = (strstr(pos, "[security]") != NULL);
252 if (security)
253 {
254 vulnerable++;
255 }
256
257 /* handle non-security packages in update mode only */
258 if (!update && !security)
259 {
260 continue;
261 }
262
263 /* check if package is already in database */
264 e = db->query(db, "SELECT id FROM packages WHERE name = ?",
265 DB_TEXT, package, DB_INT);
266 if (e)
267 {
268 if (!e->enumerate(e, &gid))
269 {
270 gid = 0;
271 }
272 e->destroy(e);
273 }
274 if (!gid && security)
275 {
276 if (db->execute(db, &gid, "INSERT INTO packages (name) VALUES (?)",
277 DB_TEXT, package) != 1)
278 {
279 fprintf(stderr, "could not store package '%s' to database\n",
280 package);
281 fclose(file);
282 db->destroy(db);
283 exit(EXIT_FAILURE);
284 }
285 new_packages++;
286 }
287
288 /* check for package versions already in database */
289 e = db->query(db, "SELECT id, release, security FROM versions "
290 "WHERE package = ? AND product = ?",
291 DB_INT, gid, DB_INT, pid, DB_INT, DB_TEXT, DB_INT);
292 if (e)
293 {
294 while (e->enumerate(e, &vid, &current_version, &current_security))
295 {
296 if (streq(version, current_version))
297 {
298 update_version = FALSE;
299 }
300 }
301 e->destroy(e);
302 }
303 if ((!vid && security) || (vid && update_version))
304 {
305 printf("'%s' (%s) %s\n", package, version, security ? "[s]" : "");
306
307 if (db->execute(db, &gid,
308 "INSERT INTO versions (package, product, release, security) "
309 "VALUES (?, ?, ?, ?)", DB_INT, gid, DB_INT, pid,
310 DB_TEXT, version, DB_INT, security) != 1)
311 {
312 fprintf(stderr, "could not store version '%s' to database\n",
313 version);
314 fclose(file);
315 db->destroy(db);
316 exit(EXIT_FAILURE);
317 }
318 new_versions++;
319 }
320 }
321
322 fclose(file);
323 db->destroy(db);
324 printf("processed %d packages, %d vulnerable, %d errored, "
325 "%d new packages, %d new versions\n", count - 6, vulnerable,
326 errored, new_packages, new_versions);
327 }
328
329 static void do_args(int argc, char *argv[])
330 {
331 char *filename = NULL, *product = NULL;
332 bool update = FALSE;
333
334 /* reinit getopt state */
335 optind = 0;
336
337 while (TRUE)
338 {
339 int c;
340
341 struct option long_opts[] = {
342 { "help", no_argument, NULL, 'h' },
343 { "file", required_argument, NULL, 'f' },
344 { "product", required_argument, NULL, 'p' },
345 { "update", no_argument, NULL, 'u' },
346 { 0,0,0,0 }
347 };
348
349 c = getopt_long(argc, argv, "", long_opts, NULL);
350 switch (c)
351 {
352 case EOF:
353 break;
354 case 'h':
355 usage();
356 exit(EXIT_SUCCESS);
357 case 'f':
358 filename = optarg;
359 continue;
360 case 'p':
361 product = optarg;
362 continue;
363 case 'u':
364 update = TRUE;
365 continue;
366 }
367 break;
368 }
369
370 if (filename && product)
371 {
372 process_packages(filename, product, update);
373 }
374 else
375 {
376 usage();
377 exit(EXIT_FAILURE);
378 }
379 }
380
381 int main(int argc, char *argv[])
382 {
383 /* enable attest debugging hook */
384 dbg = pacman_dbg;
385 openlog("pacman", 0, LOG_DEBUG);
386
387 atexit(cleanup);
388
389 /* initialize library */
390 if (!library_init(NULL))
391 {
392 exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
393 }
394 if (!lib->plugins->load(lib->plugins, NULL,
395 lib->settings->get_str(lib->settings, "attest.load", "sqlite")))
396 {
397 exit(SS_RC_INITIALIZATION_FAILED);
398 }
399 do_args(argc, argv);
400
401 exit(EXIT_SUCCESS);
402 }
403