⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.19
Server IP:
178.33.27.10
Server:
Linux cpanel.dev-unit.com 3.10.0-1160.108.1.el7.x86_64 #1 SMP Thu Jan 25 16:17:31 UTC 2024 x86_64
Server Software:
Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips
PHP Version:
8.2.11
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
lib64
/
perl5
/
vendor_perl
/
Razor2
/
Client
/
View File Name :
Config.pm
#!/usr/bin/perl -s ## ## Razor2::Client:Config ## ## Copyright (c) 2002, Vipul Ved Prakash. All rights reserved. ## This code is free software; you can redistribute it and/or modify ## it under the same terms as Perl itself. ## ## $Id: Config.pm,v 1.66 2007/05/10 20:32:10 rsoderberg Exp $ package Razor2::Client::Config; use strict; use Data::Dumper; use File::Copy; use File::Spec; use Razor2::Logger; #use base qw(Razor2::Logger); sub new { my ($class) = @_; return bless {}, $class; } # # figures out razorhome and razorconf file # sub read_conf { my ( $self, $params ) = @_; my $default_conf_fn = "$self->{global_razorhome}/razor-agent.conf"; my $conf; my $defaults = $self->default_agent_conf(); my $use_engines = $defaults->{use_engines}; if ( $self->{razorconf} ) { # # cmd-line config file specified # $conf = $self->read_file( $self->{razorconf}, $defaults ) unless ( $self->{opt}->{create} && $self->{opt}->{config} ); if ( $self->{opt}->{razorhome} ) { $self->{computed_razorhome} = $self->{razorhome} = $self->{opt}->{razorhome}; } else { $self->find_home( $self->{opt}->{razorhome} || $conf->{razorhome} ); } } else { $self->compute_razorconf(); if ( $self->{razorconf} ) { $conf = $self->read_file( $self->{razorconf}, $defaults ); } else { $self->log( 6, "No razor-agent.conf found, using defaults. " ); $conf = $defaults; } } foreach ( keys %{$defaults} ) { next if exists $conf->{$_}; $conf->{$_} = $defaults->{$_}; } # Override use_engines from defaults. To store use_engines # in the config file is a design flaw, since the client # supported engines are defined by the razor-agents source, # and could potentially be incorrect in the config file # after an upgrade. $conf->{use_engines} = $use_engines; foreach ( keys %{ $self->{opt} } ) { next if ( $_ eq '' || $_ eq 'use_engines' || $_ eq 'razorzone' ); $conf->{$_} = $self->{opt}->{$_}; } if ($params) { foreach ( keys %$params ) { next if ( $_ eq '' || $_ eq 'use_engines' || $_ eq 'razorzone' ); $conf->{$_} = $params->{$_}; } } $self->{conf} = $conf; # # post config processing # insert things that should not be in conf here # # turn off run-time warnings unless debug flag passed # http://www.perldoc.com/perl5.6.1/pod/perllexwarn.html $^W = 0 unless $conf->{debug}; # add full path to all config values that need them # if ( $self->{razorhome} ) { foreach ( qw( logfile pidfile listfile_catalogue listfile_nomination listfile_discovery whitelist identity) ) { next unless $conf->{$_}; next if $conf->{$_} =~ /^\//; next if ( $_ eq 'logfile' && ( $conf->{$_} eq 'syslog' || $conf->{$_} eq 'sys-syslog' || $conf->{$_} eq 'none' ) ); $conf->{$_} = "$self->{razorhome}/$conf->{$_}"; } } return $self->{conf}; } # # Figure out which conf to use - user's own, or system conf. # # If no user conf or no system conf, razorconf will be blank # but computed_razorconf will be set. # # However, if razorhome is still unknown, computed_razorconf can be blank # sub compute_razorconf { my $self = shift; my $default_conf_fn = "$self->{global_razorhome}/razor-agent.conf"; $self->{razorconf} = ""; $self->find_home(); if ( $self->{razorhome} ) { my $mycf = "$self->{razorhome}/razor-agent.conf"; $self->{computed_razorconf} = $mycf; if ( -r $mycf ) { $self->{razorconf} = $mycf; } elsif ( -e $mycf ) { $self->log( 5, "Found but can't read $mycf, skipping." ); } else { $self->log( 5, "No $mycf found, skipping." ); } } if ( !$self->{razorconf} && -e $default_conf_fn ) { if ( -r $default_conf_fn ) { $self->{razorconf} = $default_conf_fn; } else { $self->log( 5, "Found but can't read $default_conf_fn, skipping." ); $self->{computed_razorconf} ||= $default_conf_fn; } } } sub write_conf { my ( $self, $hash ) = @_; unless ( $self->{razorconf} ) { $self->log( 5, "Cannot write_conf without razorconf set" ); return $self->error("Cannot write_conf without razorconf set"); } my $now = localtime(); my $srcmsg; unless ($hash) { $hash = $self->default_agent_conf(); if ( -r $self->{razorconf} ) { $hash = $self->read_file( $self->{razorconf}, $hash ); $srcmsg = "Non-default values taken from $self->{razorconf}"; } else { $srcmsg = "Created with all default values"; } } my $clientheader = <<EOFCLIENT; # # Razor2 config file # # Autogenerated by $self->{name_version} # $now # $srcmsg # # see razor-agent.conf(5) man page # EOFCLIENT return $self->write_file( $self->{razorconf}, $hash, 0, $clientheader ); } sub find_user { my $self = shift; return 1 if $self->{user}; $self->{user} = getpwuid($>) || do { $self->log( 1, "Can't figure out who the effective user is: $!" ); return undef; }; return 1; } # compute razorhome. like so: # # -home=/tmp/razor/ used if readable, else # 'razorhome' from config file used if readable, else # <home>/.razor/ used if readable, else # <home>/.razor/ is created. if that fails, no razorhome. # -conf=/foo/razor/razor.conf if all else fails pick it up from the config file path, # if one is available sub find_home { my ( $self, $rhome ) = @_; my $dotrazor = '.razor'; $dotrazor = '_razor' if $^O eq 'VMS'; if ( defined $self->{razorhome} ) { $self->{razorhome_computed} = $self->{razorhome}; return 1; } if ( defined $self->{opt}->{razorhome} ) { $self->{razorhome_computed} = $self->{razorhome}; return 1; } # if razorhome is read from config file, its passed as rhome unless ($rhome) { if ( defined $ENV{HOME} ) { $rhome = File::Spec->catdir( "$ENV{HOME}", "$dotrazor" ); } else { return unless $self->find_user(); $rhome = File::Spec->catdir( ( getpwnam( $self->{user} ) )[7], "$dotrazor" ) || "/home/$self->{user}/$dotrazor"; } $rhome = VMS::Filespec::unixify($rhome) if $^O eq 'VMS'; $self->log( 8, "Computed razorhome from env: $rhome" ); } $self->{razorhome_computed} = $rhome; if ( -d $rhome ) { if ( -w $rhome ) { $self->log( 6, "Found razorhome: $rhome" ); } else { $self->log( 6, "Found razorhome: $rhome, however, can't write to it." ); } $self->{razorhome} = $rhome; return 1; } if ( $self->{razorconf} ) { my $path = $$self{razorconf}; if ( $path =~ m:/: ) { if ( $path =~ m:(.*)/: ) { $self->{razorhome} = $1; return 1; } } } $self->log( 5, "No razorhome found, using all defaults" ); $self->{razorhome} = ""; return 1; } sub create_home { my ( $self, $rhome ) = @_; if ( -d $rhome ) { $self->{razorhome} = $rhome; return 1; } if ( mkdir $rhome, 0755 ) { $self->log( 6, "Created razorhome: $rhome" ); $self->{razorhome} = $rhome; return 1; } return $self->error("Could not mkdir $rhome: $!"); } sub compute_identity { my ($self) = @_; $self->find_home() or return; return 1 if $self->{identity}; my $id; if ( $id = $self->{opt}->{identity} ) { $self->{identity} = $self->my_readlink($id); # warn we can't read it unless we are registering new identity $self->log( 6, "Can't read identity: $self->{identity}" ) unless ( $self->{opt}->{register} ) || ( -r $self->{identity} ); return 1; # if not specified via cmd-line, just compute it, don't read it. } elsif ( $id = $self->{conf}->{identity} ) { $self->{identity} = $self->my_readlink($id); return 1; } else { $id = $self->{razorhome} ? "$self->{razorhome}/identity" : ""; $self->{identity} = $self->my_readlink($id); return 1; } } sub get_ident { my ($self) = @_; $self->find_home() or return; my $idfn = $self->{identity}; return $self->error("Cannot read the identity file: $idfn") unless -r $idfn; $idfn = $self->my_readlink($idfn); my $mode = ( ( stat($idfn) )[2] ) & 07777; # mask off file type if ( $mode & 0007 ) { $self->log( 2, "Please chmod $idfn so it is not world readable." ); } return $self->read_file($idfn); } # returns { user => $user, pass => $pass } if success # returns 2 if error sub register_identity { my ( $self, $user, $pass ) = @_; my $ident = $self->register( { user => $user, pass => $pass, } ); $self->disconnect() or return 2; return $ident || 2; } sub ident_fn { my ( $self, $ident ) = @_; $self->find_home() or return; my $orig; my $syml; my $obase = "identity-$ident->{user}"; $obase = $1 if $obase =~ /^(\S+)$/; # untaint obase # if it's a user specified identity file, don't symlink unless ( $orig = $self->{opt}->{identity} ) { $orig = "$self->{razorhome}/$obase"; $syml = "$self->{razorhome}/identity"; $orig = $1 if $orig =~ /^(\S+)$/; # untaint orig $syml = $1 if $syml =~ /^(\S+)$/; # untaint syml } return ( $orig, $obase, $syml ); } sub save_ident { my ( $self, $ident ) = @_; my ( $orig, $obase, $syml ) = $self->ident_fn($ident); unless ( length $orig ) { return $self->error("couldn't figure out identity filename"); } rename( $orig, "$orig.bak" ) if -s $orig; my $umask = umask 0077; # disable group and all from read/write/execute $self->write_file( $orig, $ident ) or return; umask $umask; # don't create a symlink if user specified identity file from cmd-line return $orig unless $syml; unless ( $self->{opt}->{symlink} ) { return $orig if -e $syml; # already has another identity } unlink $syml; if ( eval { symlink( "", "" ); 1 } ) { $obase = $1 if $obase =~ /^(\S+)$/; # untaint obase $syml = $1 if $syml =~ /^(\S+)$/; # untaint syml symlink $obase, $syml or return $self->error("Created $orig, but could not symlink to it $syml: $!"); } else { $self->log( 5, "symlinks don't work on this machine" ); copy( $orig, $syml ); } return $orig; } sub my_readlink { my ( $self, $fn ) = @_; while (1) { return $fn unless -l $fn; if ( $fn =~ /^(.*)\/([^\/]+)$/ ) { my $dir = $1; $fn = readlink $fn; $fn = $1 if $fn =~ /^(\S+)$/; # untaint readlink $fn = "$dir/$fn" unless $fn =~ /^\//; } else { $fn = readlink $fn; $fn = $1 if $fn =~ /^(\S+)$/; # untaint readlink } } } sub parse_value { my ( $self, $value ) = @_; $value =~ s/^\s+//; $value =~ s/\s+$//; if ( $value =~ m:,: ) { my @values = split /,\s*/, $value; return [@values]; } else { return $value; } } # given filename, returns hash ref of key = val from file # if $nothash, than no key && val, just return array ref containing all lines. # sub read_file { my ( $self, $fn, $h, $nothash ) = @_; unless ( defined $fn && length $fn ) { $self->log( 5, "Filename not provided to read_file" ); return; } my $conf = ref($h) eq 'HASH' ? $h : {}; if ( $^O eq 'VMS' && $fn !~ /\[/ ) { my ( $dir, $file, $ext ) = ( $fn =~ /(^.*\/)(.*)(\..*)$/ ); $dir =~ s/\./_/g; $file =~ s/\./_/g; $fn = $dir . $file . $ext; } $fn = $1 if $fn =~ /^(\S+)$/; # untaint $fn unless ( defined($fn) && ( ( $fn =~ /^\// ) || -e $fn ) ) { $self->log( 7, "Can't read file $fn, looking relative to $self->{razorhome}" ); $fn = "$self->{razorhome}/$fn"; $fn = $1 if $fn =~ /^(\S+)$/; # untaint $fn } my $total = 0; my @lines; unless ( open CONF, "<$fn" ) { $self->log( 5, "Can't read file $fn: $!" ); return; } # set $/ to the default in case someone has overwritten $/ elsewhere local $/ = "\n"; for (<CONF>) { chomp; next if /^\s*#/; if ($nothash) { next unless s/^\s*(.+?)\s*$/$1/; # untaint $conf->{$_} = 7; push @lines, $_; } else { next unless /=/; my ( $attribute, $value ) = /^\s*(.+?)\s*=\s*(.+?)\s*$/; # untaint next unless ( defined $attribute && defined $value ); $conf->{$attribute} = $self->parse_value($value); } $total++; } close CONF; $self->log( 5, "read_file: $total items read from $fn" ); return $nothash ? \@lines : $conf; } # given hash ref, writes to file key = val # NOTE: key should not contain '='; # # given array ref, writes to file each item # # given scalar ref, writes to file # sub write_file { my ( $self, $fn, $hash, $append, $header, $lock ) = @_; $fn = "$self->{razorhome}/$fn" unless ( $fn =~ /^\// ); $fn = ">$fn" if $append; if ( $^O eq 'VMS' && $fn !~ /\[/ ) { my ( $dir, $file, $ext ) = ( $fn =~ /(^.*\/)(.*)(\..*)$/ ); $dir =~ s/\./_/g; $file =~ s/\./_/g; $fn = $dir . $file . $ext; } $fn = $1 if $fn =~ /^(\S+)$/; # untaint $fn # check for lock file my $lockfile = "$fn.lock"; $lockfile = "${fn}_lock;1" if $^O eq 'VMS'; if ($lock) { if ( -r "$lockfile" ) { return $self->error("File is locked, try again later: $lockfile"); } else { unless ( open LOCK, ">$fn.lock" ) { return $self->error("Can't create lock file $fn.lock: $!"); } close LOCK; } } unless ( open CONF, ">$fn" ) { return $self->error("Can't write file $fn: $!"); } print CONF "$header\n" if $header; my $total = 0; if ( ref($hash) eq 'HASH' ) { foreach ( sort keys %$hash ) { return $self->error("Key cannot contain '=': $_") if /=/; printf CONF "%-22s = ", $_; if ( ref( $hash->{$_} ) eq "ARRAY" ) { print CONF join( ',', @{ $hash->{$_} } ) . "\n"; } else { print CONF $hash->{$_} . "\n"; } $total++; } } elsif ( ref($hash) eq 'ARRAY' ) { foreach (@$hash) { next unless /\S/; if ( ref($_) eq "ARRAY" ) { print CONF join( ', ', @$_ ) . "\n"; } else { print CONF $_ . "\n"; } $total++; } } elsif ( ref($hash) eq 'SCALAR' ) { printf CONF $$hash; $total++; } close CONF; if ($lock) { 1 while unlink "$lockfile"; } $self->log( 5, "wrote $total " . ref($hash) . " items to file: $fn" ); #return $total; return 1; } sub default_server_conf { my $self = shift; my $defaults = { srl => -1, ep4 => '7542-10', bql => 4, ac => 0, bqs => 128, se => 'C8', # engines 4, 8 dre => 4, zone => 'razor2.cloudmark.com', logic_method => 4, }; # split strings with , into array foreach ( keys %$defaults ) { $defaults->{$_} = $self->parse_value( $defaults->{$_} ); } return $defaults; } sub default_agent_conf { my $self = shift; # # These get overwritten by whatever's in config file, # which in turn gets overwritten by cmd-line options. # my $defaults = { debuglevel => "3", logfile => "razor-agent.log", listfile_catalogue => "servers.catalogue.lst", listfile_nomination => "servers.nomination.lst", listfile_discovery => "servers.discovery.lst", min_cf => "ac", turn_off_discovery => "0", ignorelist => "0", razordiscovery => "discovery.razor.cloudmark.com", rediscovery_wait => "172800", report_headers => "1", whitelist => "razor-whitelist", use_engines => "4, 8", identity => "identity", logic_method => 4, }; # 'razorhome' can exist in .conf, but we compute it instead of listing it here # 'rlimit' ? # split strings with , into array foreach ( keys %$defaults ) { $defaults->{$_} = $self->parse_value( $defaults->{$_} ); } return $defaults; } 1;