inncheck

早期freebsd实现

#	    print "$file:$start: consider adding !junk to $site\n"
#		if $pats !~ /!junk/;
#	    print "$file:$start: consider adding !control to $site\n"
#		if $pats !~ /!control/;
#	}

	##  Check distributions.
	if ( ($dists) = $pats =~ m@.*/(.*)@ ) {
	    $bang = $nobang = 0;
	    dist: foreach $d ( split(/,/, $dists) ) {
		if ( $d =~ /^!/ ) {
		    $bang++;
		}
		else {
		    $nobang++;
		}
		print "$file:$start: questionable distribution `$d'\n"
		    if $d !~ /^!?[a-z0-9-]+$/;
	    }
	    print "$file:$start: both ! and non-! distributions\n"
		if $bang && $nobang;
	}
	$type = "f";
	flag: foreach $flag ( split(/,/, $flags) ) {
	    ($k, $v) = $flag =~ /(.)(.*)/;
	    if ( !defined $newsfeeds'flags{$k} ) {
		print "$file:$start: unknown flag `$flag'\n";
		next flag;
	    }
	    if ( $v !~ /$newsfeeds'flags{$k}/ ) {
		print "$file:$start: bad value `$v' for flag `$k'\n";
		next flag;
	    }
	    $type = $v
		if $k eq "T";
	}

	##  Warn about multiple feeds.
	if ( !defined $sites{$site} ) {
	    $sites{$site} = $type;
	} elsif ( $sites{$site} ne $type ) {
	    print "$file:$start: feed $site multiple conflicting feeds\n";
	}

	if ( $type =~ /[cpx]/ ) {
	    $prog = $param;
	    $prog =~ s/\s.*//;
	    print "$file:$start: relative path for $site\n"
		if $prog !~ m@^/@;
	    print "$file:$start: `$prog' is not executable for $site\n"
		if ! -x $prog;
	}

	##  If multiplex target not known, add to multiplex list.
	push(@muxes, "$start: undefined multiplex `$param'")
	    if $type eq "m" && !defined $sites{$param};
    }

    ##  Go through and make sure all referenced multiplex exist.
    foreach (@muxes) {
	print "$file:$_\n"
	    if /`(.*)'/ && !defined $sites{$1};
    }
    print "$file:0: ME entry accepts all incoming article distributions\n"
	if !defined $sites{"ME"} || $me_empty;

    print "done.\n"
	if $verbose;
    1;
}


##
##  overview.fmt
##
%overview_fmtheaders = (
    'Approved',		1,
    'Bytes',		1,
    'Control',		1,
    'Date',		1,
    'Distribution',	1,
    'Expires',		1,
    'From',		1,
    'Lines',		1,
    'Message-ID',	1,
    'Newsgroups',	1,
    'Path',		1,
    'References',	1,
    'Reply-To',		1,
    'Sender',		1,
    'Subject',		1,
    'Supersedes',	1,
);

sub
overview_fmt
{
    local ($header, $mode, $sawfull);

    $sawfull = 0;
    input: while ( <IN> ) {
	next input if &spacious($file, ++$line);

	unless ( ($header, $mode) = /^([^:]+):([^:]*)$/ ) {
	    print "$file:$line: malformed line.\n";
	    next input;
	}

	#print "$file:$line: unknown header `$header'\n"
	#    if !defined $overview_fmtheaders{$header};
	if ( $mode eq "full" ) {
	    $sawfull++;
	} elsif ( $mode eq "" ) {
	    print "$file:$line: short header `$header' appears after full one\n"
		if $sawfull;
	} else {
	    print "$file:$line: unknown mode `$mode'\n";
	}
    }
    1;
}


##
##  nnrp.access
##
sub
nnrp_access
{
    local ($host, $perm, $user, $pass, $groups);

    input: while ( <IN> ) {
	next input if &spacious($file, ++$line);

	unless ( ($host, $perm, $user, $pass, $groups) =
	    /^([^:])+:([^:]*):([^:]*):([^:]*):([^:]+)$/ ) {
	    print "$file:$line: malformed line.\n";
	    next input;
	}

	print "$file:$line: access list has a / in it\n"
	    if $host =~ m@/@;
	print "$file:$line: unknown permissions: `$perm'\n"
	    unless $perm eq "" || $perm =~ /[RP]/;
    }
    1;
}


##
##  nntpsend.ctl
##
sub
nntpsend_ctl
{
    local ($site, $fqdn, $flags, $f, $v);

    input: while ( <IN> ) {
	next input if &spacious($file, ++$line);

	##  Ignore the size info for now.
	unless ( ($site, $fqdn, $flags) =
		    /^([\w\-\.]+):([^:]*):[^:]*:([^:]*)$/ ) {
	    print "$file:$line: malformed line.\n";
	    next input;
	}
	print "$file:$line: FQDN is empty for `$site'\n"
	    if $fqdn eq "";

	next input if $flags eq "";
	flag: foreach (split(/ /, $flags)) {
	    unless ( ($f, $v) = /^-([adrtTpS])(.*)$/ ) {
		print "$file:$line: unknown argument for `$site'\n";
		next flag;
	    }
	    print "$file:$line: unknown argument to option `$f': $flags\n"
		if ( $f eq "t" || $f eq "T" ) && $v !~ /\d+/;
	}
    }
    1;
}


##
##  passwd.nntp
##
sub
passwd_nntp
{
    local ($name, $pass);

    input: while ( <IN> ) {
	next input if &spacious($file, ++$line);

	unless ( ($name, $pass) = /[\w\-\.]+:(.*):(.*)(:authinfo)?$/ ) {
	    next input;
	    print "$file:$line: malformed line.\n";
	}
	print "$file:$line: username/password must both be blank or non-blank\n"
	    if ( $name eq "" && $pass ne "" ) || ($name ne "" && $pass eq "");
    }
    1;
}


##
##  Routines to check permissions
##

##  Given a file F, check its mode to be M, and its ownership to be by the
##  user U in the group G.  U and G have defaults.
sub
checkperm
{
    local ($f, $m, $u, $g) = ( @_, $newsuser, $newsgroup);
    local (@sb, $owner, $group, $mode);

    die "Internal error, undefined name in perm from ", (caller(0))[2], "\n"
	if !defined $f;
    die "Internal error, undefined mode in perm from ", (caller(0))[2], "\n"
	if !defined $m;

    if ( ! -e $f ) {
	print "$pfx$f:0: missing\n";
    }
    else {
	@sb = stat _;
	$owner = (getpwuid(@sb[$ST_UID]))[0];
	$group = (getgrgid(@sb[$ST_GID]))[0];
	$mode  = @sb[$ST_MODE] & ~0770000;

	##  Ignore setgid bit on directories.
	$mode &= ~0777000
	    if -d _;

	if ( $owner ne $u ) {
	    print "$pfx$f:0: owned by $owner, should be $u\n";
	    print "chown $u $f\n"
		if $fix;
	}
	if ( $group ne $g ) {
	    print "$pfx$f:0: in group $group, should be $g\n";
	    print "chgrp $g $f\n"
		if $fix;
	}
	if ( $mode ne $m ) {
	    printf "$pfx$f:0: mode %o, should be %o\n", $mode, $m;
	    printf "chmod %o $f\n", $m
		if $fix;
	}
    }
}

##  Return 1 if the Intersection of the files in the DIR and FILES is empty.
##  Otherwise, report an error for each illegal file, and return 0.
sub
intersect
{
    local ($dir, @files) = @_;
    local (@in, %dummy, $i);

    if ( !opendir(DH, $dir) ) {
	print "$pfx$dir:0: can't open directory\n";
    }
    else {
	@in = grep($_ ne "." && $_ ne "..", readdir(DH));
	closedir(DH);
    }

    $i = 1;
    if ( scalar(@in) ) {
	foreach ( @files ) {
	    $dummy{$_}++;
	}
	foreach ( grep ($dummy{$_} == 0, @in) ) {
	    print "$pfx$dir:0: ERROR: illegal file `$_' in directory\n";
	    $i = 0;
	}
    }
    $i;
}

@directories = (
    'archive', 'badnews', 'batchdir', 'ctlprogs', 'most_logs', 'newsbin',
    'newslib', 'oldlogs', 'rnewsprogs', 'spooltemp', 'spool', 'spoolnews'
);
@control_scripts = (
    'checkgroups', 'default', 'docheckgroups', 'ihave', 'newgroup', 'rmgroup',
    'sendme', 'sendsys', 'senduuname', 'version'
);
@rnews_programs = (
    'c7unbatch', 'decode', 'encode'
);
@newsbin_public = (
    'archive', 'batcher', 'buffchan', 'convdate', 'cvtbatch', 'expire',
    'filechan', 'getlist', 'grephistory', 'innconfval', 'innxmit',
    'makeactive', 'makehistory', 'newsrequeue', 'nntpget', 'overchan',
    'prunehistory', 'shlock', 'shrinkfile'
);
@newsbin_private = (
    'ctlinnd', 'ctlrun', 'expirerm', 'inncheck', 'innstat', 'innwatch',
    'makegroup', 'news.daily', 'nntpsend', 'scanlogs', 'sendbatch',
    'tally.control', 'tally.unwanted', 'updatemods', 'writelog'
);
@newslib_private = (
    'send-ihave', 'send-nntp', 'send-uucp'
);
@newslib_private_read = (
    'innlog.awk'
);

## The modes for the various programs.
%prog_modes = (
    'inews',		02555,
    'innd',		 0555,
    'newsboot',		 0550,
    'nnrpd',		 0555,
    'parsectl',		 0550,
    'rnews',		02555
);

##  Check the permissions of nearly every file in an INN installation.
sub
check_all_perms
{
    local ($rnewsprogs) = $paths{'rnewsprogs'};
    local ($ctlprogs) = $paths{'ctlprogs'};
    local ($newsbin) = $paths{'newsbin'};
    local ($newslib) = $paths{'newslib'};

    foreach ( @directories ) {
	&checkperm($paths{$_}, 0775);
    }
    &checkperm($paths{'innddir'}, 0770);
    foreach ( keys %prog_modes ) {
	&checkperm($paths{$_}, $prog_modes{$_});
    }
    &checkperm($paths{'inndstart'}, 0555, 'root', 'bin');
    foreach ( keys %paths ) {
	&checkperm($paths{$_}, $modes{$_})
	    if defined $modes{$_};
    }
    foreach ( @newslib_private ) {
	&checkperm("$newslib/$_", 0550);
    }
    foreach ( @newslib_private_read ) {
	&checkperm("$newslib/$_", 0440);
    }
    foreach ( @newsbin_private ) {
	&checkperm("$newsbin/$_", 0550);
    }
    foreach ( @newsbin_public ) {
	&checkperm("$newsbin/$_", 0555);
    }
    foreach ( @control_scripts ) {
	&checkperm("$ctlprogs/$_", 0550);
    }
    foreach ( @rnews_programs ) {
	&checkperm("$rnewsprogs/$_", 0555);
    }

    ##  Also make sure that @rnews_programs are the *only* programs in there;
    ##  anything else is probably someone trying to spoof rnews into being bad.
    &intersect($rnewsprogs, @rnews_programs);

    1;
}


##
##  Parsing, main routine.
##

sub
Usage
{
    local ($i) = 0;

    print "Usage error: @_.\n";
    print
"Usage:
	$program [-v] [-noperm] [-pedantic] [-perms [-fix] ] [-a|file...]
File to check may be followed by \"=path\" to use the specified path.  All
files are checked if -a is used or if -perms is not used.  Files that may
be checked are:\n";
    foreach ( sort(keys %checklist) ) {
	printf "     %-20s", $_;
	if ( ++$i == 3) {
	    print "\n";
	    $i = 0;
	}
    }
    print "\n"
	if $i;
    exit 0;
}


sub
parse_flags
{
    $all = 0;
    $fix = 0;
    $perms = 0;
    $noperms = 0;
    $verbose = 0;
    @todo = ();

    arg: foreach ( @ARGV ) {
	if ( /-a/ ) {
	    $all++;
	    next arg;
	}
	if ( /^-v/ ) {
	    $verbose++;
	    next arg;
	}
	if ( /^-ped/ ) {
	    $pedantic++;
	    next arg;
	}
	if ( /^-f/ ) {
	    $fix++;
	    next arg;
	}
	if ( /^-per/ ) {
	    $perms++;
	    next arg;
	}
	if ( /^-noperm/ ) {
	    $noperms++;
	    next arg;
	}
	if ( /^-/ ) {
	    &Usage("Unknown flag `$_'");
	}
	if ( ($k, $v) = /(.*)=(.*)/ ) {
	    &Usage("Can't check `$k'")
		if !defined $checklist{$k};
	    push(@todo, $k);
	    $paths{$k} = $v;
	    next arg;
	}
	&Usage("Can't check `$_'")
	    if !defined $checklist{$_};
	push(@todo, $_);
    }

    &Usage("Can't use `-fix' without `-perm'")
	if $fix && !$perms;
    &Usage("Can't use `-noperm' with `-perm'")
	if $noperms && $perms;
    $pfx = $fix ? '# ' : '';

    @todo = grep(defined $checklist{$_}, sort(keys %paths))
	if $all || (scalar(@todo) == 0 && ! $perms);
}


$program = $0;
$program =~ s@.*/@@;
$| = 1;
&parse_flags();
action: foreach $workfile ( @todo ) {
    $file = $paths{$workfile};
    if ( ! -f $file ) {
	print "$file:0: file missing\n";
	next action;
    }
    print "Looking at $file...\n"
	if $verbose;
    if ( !open(IN, $file) ) {
	print "$pfx$workfile:0: can't open $!\n";
	next action;
    }
    &checkperm($file, $modes{$workfile})
	if $noperms == 0 && !$perms && defined $modes{$workfile};
    $line = 0;
    eval "&$checklist{$workfile}" || warn "$@";
    close(IN);
}

&check_all_perms()
    if $perms;
exit(0);

if ( 0 ) {
    &active();
    &control_ctl();
    &hosts_nntp();
    &expire_ctl();
    &inn_conf();
    &moderators();
    &nntpsend_ctl();
    &nnrp_access();
    &newsfeeds();
    &overview_fmt();
    &passwd_nntp();
}