You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

384 lines
8.7 KiB

package main
import (
"fmt"
"os"
"os/exec"
"reflect"
"strconv"
"strings"
"syscall"
"github.com/subgraph/oz"
"github.com/codegangsta/cli"
)
var PathDpkgDivert string
var PathDpkg string
var OzConfig *oz.Config
var OzProfiles *oz.Profiles
var OzProfile *oz.Profile
func init() {
checkRoot()
PathDpkgDivert = checkDpkgDivert()
PathDpkg = checkDpkg()
}
func main() {
app := cli.NewApp()
app.Name = "oz-utils"
app.Usage = "command line interface to install, remove, and create Oz sandboxes\nYou can specify a package name, a binary path, or a Oz profile file "
app.Author = "Subgraph"
app.Email = "info@subgraph.com"
app.Version = oz.OzVersion
app.EnableBashCompletion = true
flagsHookMode := []cli.Flag{
cli.BoolFlag{
Name: "hook",
Usage: "Run in hook mode, not normally used by the end user",
},
}
app.Commands = []cli.Command{
{
Name: "config",
Usage: "check and show Oz configurations",
Subcommands: []cli.Command{
{
Name: "check",
Usage: "check oz configuration and profiles for errors",
Action: handleConfigcheck,
},
{
Name: "show",
Usage: "prints ouf oz configuration",
Action: handleConfigshow,
},
},
},
{
Name: "install",
Usage: "install binary diversion for a program",
Action: handleInstall,
Flags: flagsHookMode,
},
{
Name: "remove",
Usage: "remove a binary diversion for a program",
Action: handleRemove,
Flags: flagsHookMode,
},
{
Name: "status",
Usage: "show the status of a binary diversion for a program",
Action: handleStatus,
},
{
Name: "create",
Usage: "create a new sandbox profile",
Action: handleCreate,
},
}
app.Run(os.Args)
}
func handleConfigcheck(c *cli.Context) {
_, err := oz.LoadConfig(oz.DefaultConfigPath)
if err != nil {
if !os.IsNotExist(err) {
fmt.Fprintf(os.Stderr, "Could not load configuration `%s`: %v\n", oz.DefaultConfigPath, err)
os.Exit(1)
}
}
OzConfig = loadConfig()
_, err = oz.LoadProfiles(OzConfig.ProfileDir)
if err != nil {
fmt.Fprintf(os.Stderr, "Unable to load profiles from `%s`: %v\n", OzConfig.ProfileDir, err)
os.Exit(1)
}
fmt.Println("Configurations and profiles ok!")
os.Exit(0)
}
func handleConfigshow(c *cli.Context) {
config, err := oz.LoadConfig(oz.DefaultConfigPath)
useDefaults := false
if err != nil {
if os.IsNotExist(err) {
config = oz.NewDefaultConfig()
useDefaults = true
} else {
fmt.Fprintf(os.Stderr, "Could not load configuration `%s`: %v\n", oz.DefaultConfigPath, err)
os.Exit(1)
}
}
v := reflect.ValueOf(*config)
vt := reflect.TypeOf(*config)
maxFieldLength := 0
for i := 0; i < v.NumField(); i++ {
flen := len(vt.Field(i).Tag.Get("json"))
if flen > maxFieldLength {
maxFieldLength = flen
}
}
maxValueLength := 0
for i := 0; i < v.NumField(); i++ {
sval := fmt.Sprintf("%v", v.Field(i).Interface())
flen := len(sval)
if flen > maxValueLength {
maxValueLength = flen
}
}
sfmt := "%-" + strconv.Itoa(maxFieldLength) + "s: %-" + strconv.Itoa(maxValueLength) + "v"
hfmt := "%-" + strconv.Itoa(maxFieldLength) + "s: %s\n"
if !useDefaults {
fmt.Printf(hfmt, "Config file", oz.DefaultConfigPath)
} else {
fmt.Printf(hfmt, "Config file", "Not found - using defaults")
}
for i := 0; i < len(fmt.Sprintf(sfmt, "", "")); i++ {
fmt.Print("=")
}
fmt.Println("")
for i := 0; i < v.NumField(); i++ {
fval := fmt.Sprintf("%v", v.Field(i).Interface())
fmt.Printf(sfmt, vt.Field(i).Tag.Get("json"), fval)
desc := vt.Field(i).Tag.Get("desc")
if desc != "" {
fmt.Printf(" # %s", desc)
}
fmt.Println("")
}
os.Exit(0)
}
func handleInstall(c *cli.Context) {
OzConfig = loadConfig()
pname := c.Args()[0]
OzProfile, err := loadProfile(pname, OzConfig.ProfileDir)
if err != nil || OzProfile == nil {
installExit(c.Bool("hook"), fmt.Errorf("Unable to load profiles for %s (%v).\n", pname, err))
return // For clarity
}
if OzConfig.DivertSuffix == "" {
installExit(c.Bool("hook"), fmt.Errorf("Divert requires a suffix to be set.\n"))
return // For clarity
}
isInstalled, err := isDivertInstalled(OzProfile.Path)
if err != nil {
fmt.Fprintf(os.Stderr, "Unknown error: %+v\n", err)
os.Exit(1)
}
if isInstalled == true {
fmt.Println("Divert already installed for ", OzProfile.Path)
os.Exit(0)
}
dpkgArgs := []string{
"--add",
"--package",
"oz",
"--rename",
"--divert",
getBinaryPath(OzProfile.Path),
OzProfile.Path,
}
_, err = exec.Command(PathDpkgDivert, dpkgArgs...).Output()
if err != nil {
fmt.Fprintf(os.Stderr, "Dpkg divert command `%s %+s` failed: %s", PathDpkgDivert, dpkgArgs, err)
os.Exit(1)
}
err = syscall.Symlink(OzConfig.ClientPath, OzProfile.Path)
if err != nil {
fmt.Fprintf(os.Stderr, "Failed to create symlink %s", err)
os.Exit(1)
}
fmt.Printf("Successfully installed Oz sandbox for: %s.\n", OzProfile.Path)
}
func handleRemove(c *cli.Context) {
OzConfig = loadConfig()
pname := c.Args()[0]
OzProfile, err := loadProfile(pname, OzConfig.ProfileDir)
if err != nil || OzProfile == nil {
installExit(c.Bool("hook"), fmt.Errorf("Unable to load profiles for %s.\n", pname))
return // For clarity
}
if OzConfig.DivertSuffix == "" {
installExit(c.Bool("hook"), fmt.Errorf("Divert requires a suffix to be set.\n"))
return // For clarity
}
isInstalled, err := isDivertInstalled(OzProfile.Path)
if err != nil {
fmt.Fprintf(os.Stderr, "Unknown error: %+v\n", err)
os.Exit(1)
}
if isInstalled == false {
fmt.Println("Divert is not installed for ", OzProfile.Path)
os.Exit(0)
}
os.Remove(OzProfile.Path)
dpkgArgs := []string{
"--rename",
"--package",
"oz",
"--remove",
OzProfile.Path,
}
_, err = exec.Command(PathDpkgDivert, dpkgArgs...).Output()
if err != nil {
fmt.Fprintf(os.Stderr, "Dpkg divert command `%s %+s` failed: %s", PathDpkgDivert, dpkgArgs, err)
os.Exit(1)
}
fmt.Printf("Successfully remove jail for: %s.\n", OzProfile.Path)
}
func handleStatus(c *cli.Context) {
OzConfig = loadConfig()
pname := c.Args()[0]
OzProfile, err := loadProfile(pname, OzConfig.ProfileDir)
if err != nil || OzProfile == nil {
fmt.Fprintf(os.Stderr, "Unable to load profiles (%s).\n", err)
os.Exit(1)
}
if OzConfig.DivertSuffix == "" {
fmt.Fprintf(os.Stderr, "Divert requires a suffix to be set.\n")
os.Exit(1)
}
isInstalled, err := isDivertInstalled(OzProfile.Path)
if err != nil {
fmt.Fprintf(os.Stderr, "Unknown error: %+v\n", err)
os.Exit(1)
}
if isInstalled {
fmt.Println("Package divert is \033[0;32minstalled\033[0m for: ", OzProfile.Path)
} else {
fmt.Println("Package divert is \033[0;31mnot installed\033[0m for: ", OzProfile.Path)
}
}
func handleCreate(c *cli.Context) {
OzConfig = loadConfig()
fmt.Println("The weasels ran off with this command... please come back later!")
os.Exit(1)
}
/*
* UTILITIES
*/
func checkRoot() {
if os.Getuid() != 0 {
fmt.Fprintf(os.Stderr, "%s should be used as root.\n", os.Args[0])
os.Exit(1)
}
}
func checkDpkgDivert() string {
ddpath, err := exec.LookPath("dpkg-divert")
if err != nil {
fmt.Fprintln(os.Stderr, "You do not appear to have dpkg-divert, are you not running Debian/Ubuntu?")
os.Exit(1)
}
return ddpath
}
func checkDpkg() string {
dpath, err := exec.LookPath("dpkg")
if err != nil {
fmt.Fprintln(os.Stderr, "You do not appear to have dpkg, are you not running Debian/Ubuntu?")
os.Exit(1)
}
return dpath
}
func isDivertInstalled(bpath string) (bool, error) {
outp, err := exec.Command(PathDpkgDivert, "--truename", bpath).Output()
if err != nil {
return false, err
}
dpath := strings.TrimSpace(string(outp))
isInstalled := (dpath == getBinaryPath(string(bpath)))
if isInstalled {
_, err := os.Readlink(bpath)
if err != nil {
return false, fmt.Errorf("`%s` appears to be diverted but is not installed", dpath)
}
}
return isInstalled, nil
}
func getBinaryPath(bpath string) string {
bpath = strings.TrimSpace(string(bpath))
if strings.HasSuffix(bpath, "."+OzConfig.DivertSuffix) == false {
bpath += "." + OzConfig.DivertSuffix
}
return bpath
}
func loadConfig() *oz.Config {
config, err := oz.LoadConfig(oz.DefaultConfigPath)
if err != nil {
if os.IsNotExist(err) {
fmt.Fprintln(os.Stderr, "Configuration file (%s) is missing, using defaults.", oz.DefaultConfigPath)
config = oz.NewDefaultConfig()
} else {
fmt.Fprintln(os.Stderr, "Could not load configuration: %s", oz.DefaultConfigPath, err)
os.Exit(1)
}
}
return config
}
func loadProfile(name, profileDir string) (*oz.Profile, error) {
ps, err := oz.LoadProfiles(profileDir)
if err != nil {
return nil, err
}
return ps.GetProfileByName(name)
}
func installExit(hook bool, err error) {
if hook {
os.Exit(0)
} else {
fmt.Fprintf(os.Stderr, "%s", err)
os.Exit(1)
}
}