#!/bin/sh
#
#     tiger - A UN*X security checking system
#
#     Copyright (C) 2002 Javier Fernandez-Sanguino Pea
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 1, or (at your option)
#    any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#     Please see the file `COPYING' for the complete copyright notice.
#
# check_tcpd - 26/05/2002
#
# check_tcpd - 07/25/2002 - jfs
#       Changed TigerInstallDir to .
#
# Script made based on checkd_inetd in order to only test for existance
# of tcp-wrappers and changes in their configuration.
#
# TODO: it is not currently able to determine services which are compiled
# against libwrap (many in Debian GNU/Linux) and tell the user that they
# are protected this way.
#-----------------------------------------------------------------------------
#
TigerInstallDir='.'

#
# Set default base directory.
# Order or preference:
#      -B option
#      TIGERHOMEDIR environment variable
#      TigerInstallDir installed location
#
basedir=${TIGERHOMEDIR:=$TigerInstallDir}

for parm
do
   case $parm in
   -B) basedir=$2; break;;
   esac
done
#
# Verify that a config file exists there, and if it does
# source it.
#
[ ! -r $basedir/config ] && {
  echo "--ERROR-- [init002e] No 'config' file in \`$basedir'."
  exit 1
}
. $basedir/config

. $BASEDIR/initdefs
#
# If run in test mode (-t) this will verify that all required
# elements are set.
#
[ "$Tiger_TESTMODE" = 'Y' ] && {
  haveallcmds SED AWK CAT COMM GEN_INETD_SETS GEN_SERVICES_SETS GREP JOIN LS RM SORT TAIL UNIQ || exit 1
  haveallfiles BASEDIR WORKDIR INETDFILE SERVICESFILE || exit 1
  
  echo "--CONFIG-- [init003c] $0: Configuration ok..."
  exit 0
}

#------------------------------------------------------------------------
echo
echo "# Performing check of services with tcp wrappers..."

haveallcmds SED CAT AWK LS SORT GREP COMM JOIN || exit 1
haveallfiles BASEDIR WORKDIR || exit 1

saveifs=$IFS

tmpservices=$WORKDIR/sec.$$ts
delete $tmpservices
tmpinetd=$WORKDIR/sec.$$in
delete $tmpinetd

trap 'delete $tmpservices $tmpinetd; exit 1' 1 2 3 15
checkinetd ()
{
  infile=$1

  $JOIN -o 1.1 2.6 1.6 1.7 $infile $INETDFILE > $WORKDIR/cinetd.$$

# TODO: This is not used (what do we need it for?) - jfs
  __xx="`$LS -id \`$AWK '{print $3}' $WORKDIR/cinetd.$$ |
           $GREP -v internal
          \` 2>/dev/null |
         $SORT |
         $UNIQ -c |
         $SORT -rn |
         $SED -e '1q'`"
  set x $__xx
	 
  count="$2"
  size="$3"
#  tcpdpath="$4"
  tcpdpath=$TCPD

#  [ "$count" -lt 2 ] && tcpdpath=
    
  $GREP -v '^#' $infile | grep -v '^$' |
  while read currservice s p t user currbinary parm1 parms
  do
      if [ "$currbinary" = "$tcpdpath" ] ; then
       message INFO inet015i "" "Service $currservice is using tcp wrappers."
      fi
  done

  $CAT $WORKDIR/cinetd.$$ |
  while read service exppath currpath callpath
  do
    if [ "`echo $currpath | $GREP '?'`" ]; then
     currpath=`echo $currpath | $SED -e "s/\?//"`
    fi
    if [ "`echo $exppath | $GREP '?'`" ]; then
     exppath=`echo $exppath | $SED -e "s/\?//"`
    fi

    if [ "$currpath" = "$tcpdpath" -a "$currpath" != "$exppath" ] ; then
       message INFO inet014i "" "Service $service has been modified to run under tcp wrappers."
    fi

    if [ "$currpath" != "$exppath" -a  "$exppath" != "$tcpath" ]; then
	message FAIL inet016f "" "Service $service which was previously protected by tcpwrappers is now using $currpath (instead of $exppath)."
    fi
  done 
  
  delete $WORKDIR/cinetd.$$
}

realpath="$REALPATH -d"

[ ! -n "$REALPATH" -o ! $TESTEXEC "$REALPATH" ] && realpath="echo"


haveallcmds GEN_INETD_SETS UNIQ TAIL &&
haveallfiles INETDFILE && {
    $GEN_INETD_SETS |
    while read inetd_set
    do
      inetdsrc=`$CAT $inetd_set.src`
      echo "# Analysing inetd entries from $inetdsrc"

      checkinetd $inetd_set

      delete $inetd_set $inetd_set.src
    done
  }

exit 0
