#!/bin/sh
#
#     tiger - A UN*X security checking system
#     Copyright (C) 2000, 2001, 2002 Javier Fernandez-Sanguino Pea
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 2, or (at your option)
#    any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#     Please see the file `COPYING' for the complete copyright notice.
#
# Linux/deb_nopackfiles - 23/08/2001
# 
# 05/07/2006 - jfs - Skip directories that are symbolic links, this happens
#              with /usr/X11R6/bin as the latest Xorg package
#              versions just symlink this to /usr/bin/  (Debian bug #367931)
# 03/21/2005 - jfs - Remove uneeded {} (Debian bug #297889). Also redirect
#              find stderr to /dev/null
# 06/18/2004 - jfs - Made the dirlist variable so that directories which
#              do not exist are not checked for (Debian bug #254574)
#              Also fixed SED check so that only binary files (and not
#              directories) are included in the list which should slightly
#              improve performance.
# 09/19/2003 - jfs - Applied patch from Nicolas Franois  which enhances
#            speed by restricting the list of files to check to those that
#            will be, indeed, tested and improved DPKG dependancy.
#            Send FIND errors to /dev/null just in case some of the
#            directories do not exist.
# 08/08/2003 - jfs - Improved temporary file creation and removed RM dependancy.
# 08/08/2003 - jfs - Applied patch from Nicolas Franois. 
#              Instead of grepping each file all the files are appended to
#              a single file and removed a redundant check.
# 11/05/2002 - jfs - Changed from a 'for' statement to a 'find'
#
# TODO:
# - Consider if the the path '/bin/ /usr/bin/ /sbin/ /usr/sbin/
# /lib/ /usr/X11R6/bin/' should be customizable in tigerrc.
# Also, the maxpath could be set in another option.
# - Consider the use of 'dlocate' which will be faster than DPKG. Notice
# however that it's priority "optional"
# dlocate could be faster
# DLOCATE=`which dlocate`
# DLOCATE=${DLOCATE:-$DPKG}
#
#-----------------------------------------------------------------------------
TigerInstallDir='.'


#
# Set default base directory.
# Order or preference:
#      -B option
#      TIGERHOMEDIR environment variable
#      TigerInstallDir installed location
#
basedir=${TIGERHOMEDIR:=$TigerInstallDir}

for parm
do
   case $parm in
   -B) basedir=$2; break;;
   esac
done

#
# Verify that a config file exists there, and if it does
# source it.
#
[ ! -r $basedir/config ] && {
  echo "--ERROR-- [init002e] No 'config' file in \`$basedir'."
  exit 1
}

. $basedir/config

. $BASEDIR/initdefs

#
# If run in test mode (-t) this will verify that all required
# elements are set.
#
[ "$Tiger_TESTMODE" = 'Y' ] && {
  haveallcmds FIND GREP || exit 1
  if [ "$Tiger_DPKG_Optimize" = "N" ]
  then
  	haveallcmds DPKG || exit 1
  fi
  haveallfiles BASEDIR WORKDIR || exit 1
  haveallvars TESTLINK HOSTNAME
  
  message CONFIG init003c "" "$0: Configuration ok..."
  exit 0
}

#------------------------------------------------------------------------
echo
echo "# Checking installed files against packages..."

haveallcmds FIND GREP || exit 1
if [ "$Tiger_DPKG_Optimize" = "N" ]
then
	haveallcmds DPKG || exit 1
fi

safe_temp $WORKDIR/dpkg-packages.list
trap 'delete $WORKDIR/dpkg-packages.list ; exit 1' 1 2 3 15

# NOTE: /usr/lib cannot be added here since quite a lot of packages
# will compile stuff there on installation which will result in a 
# tremendous report...
dirlist="/bin/ /usr/bin/ /sbin/ /usr/sbin/ /lib/ /usr/X11R6/bin"
okdirs=""
# Before using dirlist we are going to determine which values are ok
for dir in $dirlist ; do
	if [ -d $dir ] && [ ! -L $dir ] ; then
		if [ -n "$okdirs" ] ; then
			okdirs="$dir $okdirs" 
		else
			okdirs=$dir
		fi
	fi
done
dirlist=$okdirs
if [ -z "$dirlist" ]; then
	message ERROR linxxxw "" "None of the configured directories are available"
	exit 1
fi

# We have two options here, use dpkg (non-optimal but on the safe side)
# or use grep (optimal but not on the safe side)
if [ "$Tiger_DPKG_Optimize" = "N" ]
then
        $FIND $dirlist -type f 2>/dev/null|
        # We are not using -maxdepth here, but we could...
        while read file
        do
                pack=`$DPKG -S $file 2>/dev/null`
                [ "$pack" = "" ] && {
                message WARN lin001w "" "File \`$file' does not belong to any package." 
                }
        done       
else
        # Alternative (optimal but not following standard way)
	seddirlist=`echo $dirlist | $SED -e 's/ /\\\\\|/g; s/\//\\\\\//g'`
	$FIND /var/lib/dpkg/info -name "*.list" -exec cat {} \; |
        $SED -ne "/^\($seddirlist\)/p" > $WORKDIR/dpkg-packages.list
        $FIND $dirlist -type f  2>/dev/null |
        # We are not using -maxdepth here, but we could...
        $GREP -x -F -v -f $WORKDIR/dpkg-packages.list |
        # To search for diversions
        $GREP -x -F -v -f /var/lib/dpkg/diversions |
        while read file
        do
          message WARN lin001w "" "File \`$file' does not belong to any package."
        done
        delete $WORKDIR/dpkg-packages.list
fi

exit 0
