[news.admin] Map unpacking software.

clewis@ecicrl.UUCP (02/16/89)

#!/bin/sh
echo 'Start of pack.out, part 01 of 01:'
echo 'x - README'
sed 's/^X//' > README << '/'
XThis is source for a simple map unpacking facility.
X
XPlease forgive me for posting this to news.admin, but before I do a
Xmore formal release to comp.sources.unix I'd like as much feedback as
Xpossible.  Besides, someone asked for something like this.  I would
Xhave liked to be able to post this months ago, but things have been kinda
Xbusy.
X
XIt is much simpler than uuhosts, though it will grow somewhat.
XThe intent is that any UNIX/XENIX system that can run news will
Xbe able to run this too, so I'm attempting to keep to 
Xleast-common-denominator except for pathalias and things that I implement
Xmyself.
X
XThe next release will contain such things as map compression,
Xmore efficient path file modification, a method for viewing
Xthe map files analogously to uuhosts (from which this software derives 
Xa considerable amount of inspiration), and more automated installation.
X
XRegarding security: as many may remember, there's been a fair bit of
Xdiscussion on security of map unpacking on the net.  Rather than play
Xaround with trying to make a secure unshar, which probably noone would
Xtrust because it would be so big, I simply made a few simplifying assumptions
Xabout the map format and use an awk script to unpack a map article into
Xa map file.  It checks for and refuses to unpack articles which have
Xslashes in their names.  I sent off some mail to Mel asking whether the
Xassumptions I've made about map format are true, but never got any
Xresponse.  I believe that this is *pretty* secure, in that it doesn't
Xhave to be run as root, doesn't rely on the Bourne shell, and is careful
Xabout the file names it creates.  Please let me know if there are any
Xholes I didn't think of.
X
XInstallation:
X	- edit unpackmaps to set the variables at the beginning of
X	  the shell script.
X	- make the directory for the map files, owned by news.
X	- put unpackmaps in a suitable place.  Eg: /usr/lib/news
X	- run this from the userid that owns and runs news.
X	- su to the news userid, and run:
X		unpackmaps -i
X	  This will build the initial path file.
X	- insert into your crontab something like:
X	    30 3 * * * /bin/su news -c "<path to unpackmaps>/unpackmaps > <someplace>
X
XThe package will send mail to who you specify indicating which maps were
Xunpacked, and any error returns from pathalias.
X
XLet me know of any changes you needed to make to get this to work.
XI'm also open to suggestions for new features....
X----------
XChris Lewis, Markham, Ontario, Canada
X{uunet!attcan,utgpu,yunexus,utzoo}!lsuc!ecicrl!clewis
XFerret Mailing list: ...!lsuc!gate!eci386!ferret-request
X(or lsuc!gate!eci386!clewis or lsuc!clewis)
/
echo 'x - unpackmaps'
sed 's/^X//' > unpackmaps << '/'
Xtrap "rm -f /tmp/unp?$$; exit" 0 1 2 3 15
XIFS="	 "
Xexport IFS
XPATH=/bin:/usr/bin
Xexport PATH
X
X#	The name of the file that you've caused your news system to
X#	batch the file names of the map articles.
XBATCH=/usr/spool/batch/maps
X#	News spool directory
XNEWSSPOOL=/usr/spool/news
X#	Where you want the maps to go.
XMAPDIR=/usr/spool/maps
X#	Person to send mail to
XNOTIFY=clewis
X#	pathalias binary
XPATHALIAS=/usr/lbin/pathalias
X#	Local tastes....
XPATHOPTS="-dutai -dwatmath -dutgpu -dutcsri"
X#	This is your own private map entry
XPATHLOCAL=/u/clewis/mkmaps/path.local
X
X#	Edit no more....
X
Xumask 022
X
XPATH=/bin:/usr/bin
Xexport PATH
X
Xif test ! -d $MAPDIR -o ! -w $MAPDIR
Xthen
X    echo "$MAPDIR missing, unwritable or not a directory" >&2
X    exit
Xfi
X
Xif [ $# = 1 ]
Xthen
X    case $1 in
X	-p)
X	    forcepath=true
X	    ;;
X	-i)
X	    cd /
X	    rm -f $BATCH.work
X	    # using find/sort instead of ls just in case there's lots of
X	    # articles....
X	    find $NEWSSPOOL/comp/mail/maps -type f -print | sort > $BATCH
X	    ;;
X	*)
X	    echo "usage: unpackmaps [-i] [-p]" >&2
X	    exit 1
X	    ;;
X    esac
Xfi
X
Xcd $MAPDIR
X	    
Xwhile [ -f $BATCH -o -f $BATCH.work ]
Xdo
X    # There is no window of vulnerability here as long as noone else is
X    # creating $BATCH.work.
X    if [ ! -f $BATCH.work ]
X    then
X	mv $BATCH $BATCH.work
X    fi
X
X    while read i stuff
X    do
X	#	Using stuff to capture remaining junk on line.
X	#	Eg: C-news article sizes.
X
X	if [ -z "$i" ]
X	then
X	    break
X	fi
X
X	if [ ! -r $i ]
X	then
X	    echo "$i apparently superseded or expired"
X	    continue
X	fi
X
X	# This awk script depends on the following map article format:
X	# <don't cares>
X	# cat << 'something' > filename
X	# map body
X	# something
X	# <don't cares>
X	# "something" doesn't have to be enclosed in quotes in the cat line.
X	# This isn't particularly fast - could be dramatically speeded up
X	# if written in C, but I was trying to ensure that this is as simple
X	# and self-evident as possible.
X
X	awk '
X	$1 == "cat" {
X		endtoken=$3;
X		if (substr(endtoken, 1, 1) == "'"'"'")
X		    endtoken=substr(endtoken, 2, length(endtoken)-2);
X		collecting=1;
X		name = $5;
X		if (index(name, "/") != 0) {
X		    printf("Security violation attempt in %s!\n", "'$i'");
X		    exit;
X		} else
X		    printf("extracting %s from %s\n", name, "'$i'");
X		next;
X	    }
X
X	    {
X		if (!collecting)
X		    next;
X		if ($1 == endtoken)
X		    exit;
X		print $0 > name
X	    }' $i
X    done < $BATCH.work
X    rm $BATCH.work
Xdone > /tmp/unpA$$ 2>&1
X
Xif test -n "$PATHALIAS" -a -x "$PATHALIAS" 
Xthen
X    if test -s /tmp/unpA$$ -o -n "$forcepath"
X    then
X	cd $MAPDIR
X
X	(
X	$PATHALIAS -f $PATHOPTS ?.* $PATHLOCAL |
X
X	# format of the pathalias -f output is
X	# cost	host	route
X	#
X	# format of a 'paths' file for smail is
X	# host	route	first_hop_cost
X	#
X	# move cost field to end of line:
X
X	sed 's/\(.*\)	\(.*\)	\(.*\)/\2	\3	\1/' |
X
X	# convert target domain/host to lower case:
X
X	#lcasep |
X	
X	# remove some additional wierdnesses (per Peter Honeyman):
X
X	egrep -v '(\.(com|edu|mil|gov|net|org|arpa|[a-z][a-z])	.*!.*!)|(.\.(com|edu|mil|gov|net|org|arpa|[a-z][a-z])	)' |
X
X	# sort the stream:
X	
X	sort > /tmp/paths ) 2> /tmp/unpB$$
X
X	if test ! -s /tmp/paths
X	then
X	    echo "Pathalias failed no map file created" >> /tmp/unpB$$
X	else
X	    echo "Map remade" >> /tmp/unpB$$
X	fi
X
X	if test -s /tmp/unpB$$
X	then
X	    echo "Pathalias output:" >> /tmp/unpA$$
X	    cat /tmp/unpB$$ >> /tmp/unpA$$
X	fi
X    fi
Xfi
X
Xif test -s /tmp/unpA$$
Xthen
X    mail $NOTIFY < /tmp/unpA$$
Xfi
/
echo 'Part 01 of pack.out complete.'
exit
-- 
Chris Lewis, Markham, Ontario, Canada
{uunet!attcan,utgpu,yunexus,utzoo}!lsuc!ecicrl!clewis
Ferret Mailing list: ...!lsuc!gate!eci386!ferret-request
(or lsuc!gate!eci386!clewis or lsuc!clewis)