pacman supports differential security updates
[strongswan.git] / src / libimcv / plugins / imv_os / pacman.c
1 /*
2 * Copyright (C) 2012 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #define _GNU_SOURCE
17 #include <getopt.h>
18 #include <unistd.h>
19 #include <stdio.h>
20 #include <string.h>
21 #include <errno.h>
22 #include <syslog.h>
23 #include <time.h>
24
25 #include <library.h>
26 #include <utils/debug.h>
27
28 /**
29 * global debug output variables
30 */
31 static int debug_level = 1;
32 static bool stderr_quiet = TRUE;
33
34 /**
35 * pacman dbg function
36 */
37 static void pacman_dbg(debug_t group, level_t level, char *fmt, ...)
38 {
39 int priority = LOG_INFO;
40 char buffer[8192];
41 char *current = buffer, *next;
42 va_list args;
43
44 if (level <= debug_level)
45 {
46 if (!stderr_quiet)
47 {
48 va_start(args, fmt);
49 vfprintf(stderr, fmt, args);
50 fprintf(stderr, "\n");
51 va_end(args);
52 }
53
54 /* write in memory buffer first */
55 va_start(args, fmt);
56 vsnprintf(buffer, sizeof(buffer), fmt, args);
57 va_end(args);
58
59 /* do a syslog with every line */
60 while (current)
61 {
62 next = strchr(current, '\n');
63 if (next)
64 {
65 *(next++) = '\0';
66 }
67 syslog(priority, "%s\n", current);
68 current = next;
69 }
70 }
71 }
72
73 /**
74 * atexit handler to close everything on shutdown
75 */
76 static void cleanup(void)
77 {
78 closelog();
79 library_deinit();
80 }
81
82 static void usage(void)
83 {
84 printf("Usage:\n"
85 "ipsec pacman --product <name> --file <filename> [--update]\n");
86 }
87
88 /**
89 * Extract the time the package file was generated
90 */
91 static time_t extract_time(char *line)
92 {
93 struct tm t;
94 char wday[4], mon[4];
95 char* months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
96 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
97 int i;
98
99 if (sscanf(line, "Generated: %3s %3s %2d %2d:%2d:%2d %4d UTC", wday, mon,
100 &t.tm_mday, &t.tm_hour, &t.tm_min, &t.tm_sec, &t.tm_year) != 7)
101 {
102 return UNDEFINED_TIME;
103 }
104 t.tm_isdst = 0;
105 t.tm_year -= 1900;
106 t.tm_mon = 12;
107
108 for (i = 0; i < countof(months); i++)
109 {
110 if (streq(mon, months[i]))
111 {
112 t.tm_mon = i;
113 break;
114 }
115 }
116 if (t.tm_mon == 12)
117 {
118 return UNDEFINED_TIME;
119 }
120
121 return mktime(&t) - timezone;
122 }
123
124 /**
125 * Process a package file and store updates in the database
126 */
127 static void process_packages(char *filename, char *product, bool update)
128 {
129 char *uri, line[12288], *pos;
130 int count = 0, errored = 0, vulnerable = 0, new_packages = 0;
131 int new_versions = 0, updated_versions = 0, deleted_versions = 0;
132 u_int32_t pid = 0;
133 enumerator_t *e;
134 database_t *db;
135 FILE *file;
136
137 /* opening package file */
138 printf("loading\"%s\"\n", filename);
139 file = fopen(filename, "r");
140 if (!file)
141 {
142 fprintf(stderr, "could not open \"%s\"\n", filename);
143 exit(EXIT_FAILURE);
144 }
145
146 /* connect package database */
147 uri = lib->settings->get_str(lib->settings, "pacman.database", NULL);
148 if (!uri)
149 {
150 fprintf(stderr, "database URI pacman.database not set\n");
151 fclose(file);
152 exit(EXIT_FAILURE);
153 }
154 db = lib->db->create(lib->db, uri);
155 if (!db)
156 {
157 fprintf(stderr, "could not connect to database '%s'\n", uri);
158 fclose(file);
159 exit(EXIT_FAILURE);
160 }
161
162 /* check if product is already in database */
163 e = db->query(db, "SELECT id FROM products WHERE name = ?",
164 DB_TEXT, product, DB_INT);
165 if (e)
166 {
167 if (!e->enumerate(e, &pid))
168 {
169 pid = 0;
170 }
171 e->destroy(e);
172 }
173 if (!pid)
174 {
175 if (db->execute(db, &pid, "INSERT INTO products (name) VALUES (?)",
176 DB_TEXT, product) != 1)
177 {
178 fprintf(stderr, "could not store product '%s' to database\n",
179 product);
180 fclose(file);
181 db->destroy(db);
182 exit(EXIT_FAILURE);
183 }
184 }
185
186 while (fgets(line, sizeof(line), file))
187 {
188 char *package, *version;
189 char *cur_version, *version_update = NULL, *version_delete = NULL;
190 bool security, add_version = TRUE;
191 int cur_security, security_update = 0, security_delete = 0;
192 u_int32_t gid = 0, vid = 0, vid_update = 0, vid_delete = 0;
193 time_t gen_time, cur_time;
194
195 count++;
196 if (count == 1)
197 {
198 printf("%s", line);
199 }
200 if (count == 3)
201 {
202 gen_time = extract_time(line);
203
204 if (gen_time == UNDEFINED_TIME)
205 {
206 fprintf(stderr, "could not extract generation time\n");
207 fclose(file);
208 db->destroy(db);
209 exit(EXIT_FAILURE);
210 }
211 printf("Generated: %T\n", &gen_time, TRUE);
212 }
213 if (count < 7)
214 {
215 continue;
216 }
217
218 /* look for the package name */
219 pos = strchr(line, ' ');
220 if (!pos)
221 {
222 fprintf(stderr, "could not extract package name from '%.*s'",
223 strlen(line)-1, line);
224 errored++;
225 continue;
226 }
227 *pos++ = '\0';
228 package = line;
229
230 /* look for version string in parentheses */
231 if (*pos == '(')
232 {
233 version = ++pos;
234 pos = strchr(pos, ')');
235 if (pos)
236 {
237 *pos++ = '\0';
238 }
239 else
240 {
241 fprintf(stderr, "could not extract package version from '%.*s'\n",
242 strlen(line)-1, line);
243 errored++;
244 continue;
245 }
246 }
247 else
248 {
249 /* no version information, skip entry */
250 continue;
251 }
252 security = (strstr(pos, "[security]") != NULL);
253 if (security)
254 {
255 vulnerable++;
256 }
257
258 /* handle non-security packages in update mode only */
259 if (!update && !security)
260 {
261 continue;
262 }
263
264 /* check if package is already in database */
265 e = db->query(db, "SELECT id FROM packages WHERE name = ?",
266 DB_TEXT, package, DB_INT);
267 if (e)
268 {
269 if (!e->enumerate(e, &gid))
270 {
271 gid = 0;
272 }
273 e->destroy(e);
274 }
275 if (!gid && security)
276 {
277 if (db->execute(db, &gid, "INSERT INTO packages (name) VALUES (?)",
278 DB_TEXT, package) != 1)
279 {
280 fprintf(stderr, "could not store package '%s' to database\n",
281 package);
282 fclose(file);
283 db->destroy(db);
284 exit(EXIT_FAILURE);
285 }
286 new_packages++;
287 }
288
289 /* check for package versions already in database */
290 e = db->query(db,
291 "SELECT id, release, security, time FROM versions "
292 "WHERE package = ? AND product = ?",
293 DB_INT, gid, DB_INT, pid, DB_INT, DB_TEXT, DB_INT, DB_INT);
294 if (!e)
295 {
296 break;
297 }
298 while (e->enumerate(e, &vid, &cur_version, &cur_security, &cur_time))
299 {
300 if (streq(version, cur_version))
301 {
302 /* already in data base */
303 add_version = FALSE;
304 break;
305 }
306 else if (gen_time > cur_time)
307 {
308 if (security)
309 {
310 if (cur_security)
311 {
312 vid_update = vid;
313 version_update = strdup(cur_version);
314 security_update = cur_security;
315 }
316 else
317 {
318 vid_delete = vid;
319 version_delete = strdup(cur_version);
320 security_delete = cur_security;
321 }
322 }
323 else
324 {
325 if (!cur_security)
326 {
327 vid_update = vid;
328 version_update = strdup(cur_version);
329 security_update = cur_security;
330 }
331 }
332 }
333 else
334 {
335 if (security == cur_security)
336 {
337 add_version = FALSE;
338 }
339 }
340 }
341 e->destroy(e);
342
343 if ((!vid && !security) || (vid && !add_version))
344 {
345 continue;
346 }
347
348 if ((!vid && security) || (vid && !vid_update))
349 {
350 printf("%s (%s) %s\n", package, version, security ? "[s]" : "");
351
352 if (db->execute(db, &vid,
353 "INSERT INTO versions "
354 "(package, product, release, security, time) "
355 "VALUES (?, ?, ?, ?, ?)", DB_INT, gid, DB_INT, pid,
356 DB_TEXT, version, DB_INT, security, DB_INT, gen_time) != 1)
357 {
358 fprintf(stderr, "could not store version '%s' to database\n",
359 version);
360 fclose(file);
361 db->destroy(db);
362 exit(EXIT_FAILURE);
363 }
364 new_versions++;
365 }
366 else
367 {
368 printf("%s (%s) %s updated by\n",
369 package, version_update, security_update ? "[s]" : "");
370 printf("%s (%s) %s\n", package, version, security ? "[s]" : "");
371
372 if (db->execute(db, NULL,
373 "UPDATE versions SET release = ?, time = ? WHERE id = ?",
374 DB_TEXT, version, DB_INT, gen_time, DB_INT, vid_update) <= 0)
375 {
376 fprintf(stderr, "could not update version '%s' to database\n",
377 version);
378 fclose(file);
379 db->destroy(db);
380 exit(EXIT_FAILURE);
381 }
382 updated_versions++;
383 }
384
385 if (vid_delete)
386 {
387 printf("%s (%s) %s deleted\n",
388 package, version_delete, security_delete ? "[s]" : "");
389
390 if (db->execute(db, NULL,
391 "DELETE FROM versions WHERE id = ?",
392 DB_INT, vid_delete) <= 0)
393 {
394 fprintf(stderr, "could not delete version '%s' from database\n",
395 version_delete);
396 fclose(file);
397 db->destroy(db);
398 exit(EXIT_FAILURE);
399 }
400 deleted_versions++;
401 }
402 free(version_update);
403 free(version_delete);
404 }
405 fclose(file);
406 db->destroy(db);
407
408 printf("processed %d packages, %d security, %d new packages, "
409 "%d new versions, %d updated versions, %d deleted versions, "
410 "%d errored\n", count - 6, vulnerable, new_packages, new_versions,
411 updated_versions, deleted_versions, errored);
412 }
413
414 static void do_args(int argc, char *argv[])
415 {
416 char *filename = NULL, *product = NULL;
417 bool update = FALSE;
418
419 /* reinit getopt state */
420 optind = 0;
421
422 while (TRUE)
423 {
424 int c;
425
426 struct option long_opts[] = {
427 { "help", no_argument, NULL, 'h' },
428 { "file", required_argument, NULL, 'f' },
429 { "product", required_argument, NULL, 'p' },
430 { "update", no_argument, NULL, 'u' },
431 { 0,0,0,0 }
432 };
433
434 c = getopt_long(argc, argv, "", long_opts, NULL);
435 switch (c)
436 {
437 case EOF:
438 break;
439 case 'h':
440 usage();
441 exit(EXIT_SUCCESS);
442 case 'f':
443 filename = optarg;
444 continue;
445 case 'p':
446 product = optarg;
447 continue;
448 case 'u':
449 update = TRUE;
450 continue;
451 }
452 break;
453 }
454
455 if (filename && product)
456 {
457 process_packages(filename, product, update);
458 }
459 else
460 {
461 usage();
462 exit(EXIT_FAILURE);
463 }
464 }
465
466 int main(int argc, char *argv[])
467 {
468 /* enable attest debugging hook */
469 dbg = pacman_dbg;
470 openlog("pacman", 0, LOG_DEBUG);
471
472 atexit(cleanup);
473
474 /* initialize library */
475 if (!library_init(NULL))
476 {
477 exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
478 }
479 if (!lib->plugins->load(lib->plugins, NULL,
480 lib->settings->get_str(lib->settings, "attest.load", "sqlite")))
481 {
482 exit(SS_RC_INITIALIZATION_FAILED);
483 }
484 do_args(argc, argv);
485
486 exit(EXIT_SUCCESS);
487 }
488