File: yuleadmin.pl.in

package info (click to toggle)
samhain 4.1.4-7
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 9,720 kB
  • sloc: ansic: 84,043; sh: 15,325; asm: 5,756; makefile: 1,614; perl: 1,231
file content (310 lines) | stat: -rwxr-xr-x 8,097 bytes parent folder | download | duplicates (6) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
 
#! /usr/bin/perl

# Copyright (c) 2007 Riccardo Murri <riccardo.murri@gmail.com>
#
# License Information:
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#

use warnings;
use strict;
use Getopt::Long;
use File::Basename;
use File::Copy;
use File::Temp qw/ tempfile /;
use IO::File;

# Do I/O to the data file in binary mode (so it 
# wouldn't complain about invalid UTF-8 characters).
use bytes;

File::Temp->safe_level( File::Temp::HIGH );

my %opts = ();
my $outfile;
my $verbose;
my $base = basename($0);

#my $cfgfile  = "yulerc";
#my $yule     = "./yule";
#my $gpg      = "/usr/bin/gpg";

my $cfgfile  = "@myconffile@";
my $yule     = "@sbindir@/@install_name@";
my $gpg      = "@mygpg@";

$cfgfile  =~ s/^REQ_FROM_SERVER//;

$gpg = "gpg" if ($gpg eq "");

sub usage() {
    print <<__END_OF_TEXT__
Usage:
  $base { -a | --add } [options] HOSTNAME [PASSWORD]
    Add client HOSTNAME to configuration file. If PASSWORD is
    omitted, it is read from stdin.  If HOSTNAME already exists
    in the configuration file, an error is given.

  $base { -d | --delete } [options] HOSTNAME
    Remove client HOSTNAME from configuration file.

  $base { -l | --list } [options]
    List clients in the yule configuration file.

  $base { -r | --replace } [options] HOSTNAME [PASSWORD]
    Replace password of existing client HOSTNAME in configuration file. 
    If PASSWORD is omitted, it is read from stdin.  If HOSTNAME does not 
    already exist in the configuration file, an error is given.

  $base { -u | --update } [options] HOSTNAME [PASSWORD]
    Add client HOSTNAME to config file or replace its password with a new one.
    If PASSWORD is omitted, it is read from stdin.  

Options:
  -c CFGFILE    --cfgfile CFGFILE
    Select an alternate configuration file. (default: $cfgfile)

  -o OUTFILE    --output OUTFILE
    Write modified configuration to OUTFILE.  If this option is
    omitted, $base will rename the original configuration file
    to '$cfgfile.BAK' and overwrite it with the modified content.

  -Y YULECMD    --yule YULECMD
    Use command YULECMD to generate the client key from the password.
    (default: $yule)

  -v            --verbose
    Verbose output.

__END_OF_TEXT__
;
    return;
}


## subroutines

sub read_clients ($) {
    my $cfgfile = shift || '-';
    my %clients;

    open INPUT, "<$cfgfile"
	or die ("Cannot read configuration file '$cfgfile'. Aborting");

    my $section;
    while (<INPUT>) {
	# skip comment and blank lines
	next if m{^\s*#};
        next if m{^\s*$};

	# match section headers
	$section = $1 if m{^\s*\[([a-z0-9 ]+)\]}i;

	# ok, list matching lines
	if ($section =~ m/Clients/) {
	    if (m{^\s*Client=}i) {
		chomp;
		s{^\s*Client=}{}i;
		my ($client, $key) = split /@/,$_,2;

		$clients{lc($client)} = $key;
	    }
	}
    }
    
    close INPUT;
    return \%clients;
}


sub write_clients ($$$) {
    my $cfgfile_in = shift || '-';
    my $cfgfile_out = shift || $cfgfile_in;
    my $clients = shift;

    my @lines;
    my $in_clients_section;

    # copy-pass input file
    my $section = '';
    open INPUT, "<$cfgfile_in"
	or die ("Cannot read configuration file '$cfgfile_in'. Aborting");
    while (<INPUT>) {
	# match section headers
	if (m{^\s*\[([a-z0-9 ]+)\]}i) {
	    if ($in_clients_section and ($section ne $1)) {
		# exiting [Clients] section, output remaining ones
		foreach my $hostname (keys %{$clients}) {
		    push @lines, 
		        'Client=' . $hostname . '@' 
			. $clients->{lc($hostname)} . "\n";
		    delete $clients->{lc($hostname)};
		}
	    }
	    # update section title
	    $section = $1;
	    if ($section =~ m/Clients/i) {
		$in_clients_section = 1;
	    } else {
		$in_clients_section = 0;
	    }
	}

	# process entries in [Clients] section
	if ($in_clients_section) {
	    if (m{^\s*Client=}i) {
		my ($hostname, undef) = split /@/,$_,2;
		$hostname =~ s{^\s*Client=}{}i;
		if (defined($clients->{lc($hostname)})) {
		    # output (possibly) modified key
		    $_ = 'Client=' . $hostname . '@' . $clients->{lc($hostname)} . "\n";
		    delete $clients->{lc($hostname)};
		}
		else {
		    # client deleted, skip this line from output
		    $_ = '';
		}
	    }
	}

	# copy input to output
	push @lines, $_;
    }
    close INPUT;
    
    # if end-of-file reached within [Clients] section, output remaining ones
    if ($in_clients_section) {
	foreach my $hostname (keys %{$clients}) {
	    push @lines, 'Client=' . $hostname . '@' 
		. $clients->{lc($hostname)} . "\n";
	}
    }

    # if necessary, replace input file with output file
    if ($cfgfile_in eq $cfgfile_out) {
	copy($cfgfile_in, $cfgfile_in . '.BAK')
	    or die("Cannot backup config file '$cfgfile_in'. Aborting");
    }
    open OUTPUT, ">$cfgfile_out"
	or die ("Cannot write to file '$cfgfile_out'. Aborting");
    # overwrite config file line by line
    foreach my $line (@lines) { print OUTPUT $line; }
    close OUTPUT;
}


sub new_client_key ($) {
    my $password = shift;
    my $yulecmd = shift || $yule;

    my (undef, $key) = split /@/, `$yulecmd -P $password`, 2;
    chomp $key;
    return $key;
}


## main

Getopt::Long::Configure ("posix_default");
Getopt::Long::Configure ("bundling");
# Getopt::Long::Configure ("debug");

GetOptions (\%opts, 
	    'Y|yule=s',
	    'a|add',
	    'c|cfgfile=s',
	    'd|delete',
	    'h|help', 
	    'l|list',
	    'o|output=s',
	    'r|replace',
	    'u|update',
	    'v|verbose', 
	    );

if (defined ($opts{'h'})) {
    usage();
    exit;
}

if (defined($opts{'c'})) {
    $cfgfile = $opts{'c'};
    $outfile = $cfgfile unless defined($outfile);
}
if (defined($opts{'Y'})) {
    $yule = $opts{'Y'};
}
if (defined($opts{'v'})) {
    $verbose = 1;
}
if (defined($opts{'o'})) {
    $outfile = $opts{'o'};
}

if (defined($opts{'l'})) {
    # list contents
    my $clients = read_clients($cfgfile);
    
    foreach my $client (keys %{$clients}) {
	print "$client";
	print " ${$clients}{$client}" if $verbose;
	print "\n";
    }
}
elsif (defined($opts{'a'}) 
       or defined($opts{'u'})
       or defined($opts{'r'})) {
    # add HOSTNAME
    my $hostname = $ARGV[0]
	or die("Actions --add/--replace/--update require at least argument HOSTNAME. Aborting");

    my $password;
    if (defined($ARGV[1])) {
	$password = uc($ARGV[1]);
    } else {
	$password = uc(<STDIN>);
	# remove leading and trailing space
	$password =~ s{\s*}{}g;
    }
    # sanity check
    die ("Argument PASSWORD must be a 16-digit hexadecimal string. Aborting")
	unless ($password =~ m/[[:xdigit:]]{16}/);

    my $add = defined($opts{'a'});
    my $replace = defined($opts{'r'});

    my $clients = read_clients($cfgfile);
    die ("Client '$hostname' already present in config file - cannot add. Aborting")
	if ($add and defined(${$clients}{$hostname}));
    die ("Client '$hostname' not already present in config file - cannot replace. Aborting")
	if ($replace and not defined(${$clients}{$hostname}));

    $clients->{$hostname} = new_client_key($password)
      or die ("Cannot get key for the given password. Aborting");
    write_clients($cfgfile, $outfile, $clients);
}
elsif (defined($opts{'d'})) {
    # remove HOSTNAME
    my $hostname = $ARGV[0]
	or die("Action --delete requires one argument HOSTNAME. Aborting");

    my $clients = read_clients($cfgfile);
    delete ${$clients}{$hostname};
    write_clients($cfgfile, $outfile, $clients);
}
else {
    usage();
    die ("You must specify one of --list, --add or --remove options. Aborting");
}