Top Level Namespace

Instance Method Summary

• #_e_log_accessed?(raw_exception) ⇒ Boolean
• #_e_log_blocked?(raw_exception) ⇒ Boolean
• #_host ⇒ Object
• #_lu_password ⇒ Object
• #_p_log_accessed?(action) ⇒ Boolean
• #_p_log_blocked?(action) ⇒ Boolean
• #_port ⇒ Object
• #_ru_password ⇒ Object
• #add_nl(s) ⇒ Object
• #become_root ⇒ Object
• #debug(string) ⇒ Object
• #disable_echo(&block) ⇒ Object
• #err_check(buffer) ⇒ Object
• #extract_action(raw_assignment) ⇒ Object
• #extract_cff_profiles(raw_proxy_profile) ⇒ Object
• #extract_exceptions(http) ⇒ Object
• #extract_profiles(http) ⇒ Object
• #fingerprint_prompt?(string) ⇒ Boolean
• #get(x, command = 'get') ⇒ Object
• #get_action(raw_assignment) ⇒ Object
• #get_comment(raw) ⇒ Object
• #get_name(raw) ⇒ Object
• #get_object(x) ⇒ Object
• #log(string = String.new) ⇒ Object
• #login ⇒ Object
• #print_raction(raw_action) ⇒ Object
• #print_results(results) ⇒ Object
• #prompt(question, password = false) ⇒ Object
• #run ⇒ Object
• #search_exceptions(exceptions) ⇒ Object
• #search_profiles(profiles) ⇒ Object
• #until_prompt(prompt, alt = false) ⇒ Object
• #wrong_password?(buffer, regexp) ⇒ Boolean

Instance Method Details

#_e_log_accessed?(raw_exception) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/utm-plc.rb', line 210

def _e_log_accessed? raw_exception
  raw_exception[/'skiplist' => \[[^\]]*/].gsub("'skiplist' => \[",'').split(',').collect {|l|
    l.gsub(/'/,'').strip
  }.include? 'log_access'
end

#_e_log_blocked?(raw_exception) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/utm-plc.rb', line 216

def _e_log_blocked? raw_exception
  raw_exception[/'skiplist' => \[[^\]]*/].gsub("'skiplist' => \[",'').split(',').collect {|l|
    l.gsub(/'/,'').strip
  }.include? 'log_blocked'
end

#_host ⇒ Object

# File 'lib/utm-plc.rb', line 25

def _host;          prompt('Which host?: ')                                 end

#_lu_password ⇒ Object

# File 'lib/utm-plc.rb', line 27

def _lu_password;   prompt('What is the password for loginuser?: ', true)   end

#_p_log_accessed?(action) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/utm-plc.rb', line 196

def _p_log_accessed? action
  if action[/'log_access' => \d/].nil?
    raise ArgumentError "_p_log_accessed?(action): action doesn't contain a 'log_access' attribute?"
  end
  action[/'log_access' => \d/].gsub(/'log_access' => /,'')=='1'
end

#_p_log_blocked?(action) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/utm-plc.rb', line 203

def _p_log_blocked? action
  if action[/'log_blocked' => \d/].nil?
    raise ArgumentError "_p_log_blocked?(action): action doesn't contain a 'log_blocked' attribute?"
  end
  action[/'log_blocked' => \d/].gsub(/'log_blocked' => /,'')=='1'
end

#_port ⇒ Object

# File 'lib/utm-plc.rb', line 26

def _port;          prompt('What port?: ')                                  end

#_ru_password ⇒ Object

# File 'lib/utm-plc.rb', line 28

def _ru_password;   prompt('What is the password for root?: ', true)        end

#add_nl(s) ⇒ Object

# File 'lib/utm-plc.rb', line 87

def add_nl s
  #append a "\n" (newline) to a string if it doesn't already end with one.
  (s[/\\n$/].nil? ? s+"\n" : s)
end

#become_root ⇒ Object

# File 'lib/utm-plc.rb', line 112

def become_root
  log "Using su to become root..."
  $in.printf( "su\n" )
  debug until_prompt( 'Password:' )
  $in.printf( "#{_ru_password}\n" )
  debug until_prompt( '/home/login #', :check_badpass )
  log "Am now root."
end

#debug(string) ⇒ Object

# File 'lib/utm-plc.rb', line 99

def debug string
  if $logging and $debugging
    printf add_nl(string) 
  end
  string
end

#disable_echo(&block) ⇒ Object

# File 'lib/utm-plc.rb', line 78

def disable_echo &block
  system('stty -echo')
  x=yield
  system('stty echo')
  #so that the next line doesn't start on the same line as the password prompt
  log
  x
end

#err_check(buffer) ⇒ Object

# File 'lib/utm-plc.rb', line 41

def err_check buffer
  if fingerprint_prompt?(buffer)
    printf "SSH Fingerprint prompt detected.\nPlease SSH to this system at least once before using this program to verify the SSH fingerprint manually, then run this program again.\n\n"
    exit
  end

  if wrong_password?(buffer, 'Permission denied')
    printf "Permission denied! Get off my lawn!\n"
    exit
  end

  if wrong_password?(buffer, 'incorrect password')
    printf "Bad root password! Go away!\n"
    exit
  end
end

#extract_action(raw_assignment) ⇒ Object

# File 'lib/utm-plc.rb', line 148

def extract_action raw_assignment
  raw_assignment[/'action' => '[^']*/].gsub(/'action' => '/,'').strip
end

#extract_cff_profiles(raw_proxy_profile) ⇒ Object

# File 'lib/utm-plc.rb', line 140

def extract_cff_profiles raw_proxy_profile
  debug "Found cff_profiles: "
  cff_p=raw_proxy_profile[/'cff_profiles' => \[[^\]]*/].gsub( "'cff_profiles' => \[",'' ).
    strip.gsub(',','').strip.gsub(/^'/,'').gsub(/'$/,'').strip.gsub(/^'/,'').gsub(/'$/,'')
  debug "               -- "+cff_p
  cff_p
end

#extract_exceptions(http) ⇒ Object

# File 'lib/utm-plc.rb', line 132

def extract_exceptions http
  exceptions=http[/'exceptions' => \[[^\]]*/].gsub("'exceptions' => \[",'').split(',').collect {|l|
    l.gsub(/'/,'').strip 
  }
  debug "Found #{exceptions.size} exceptions:"
  exceptions.each {|e| debug "               -- "+e }
end

#extract_profiles(http) ⇒ Object

# File 'lib/utm-plc.rb', line 121

def extract_profiles http
  debug "Extracting profiles from 'http'="
  profiles=http[/'profiles' => \[[^\]]*/].gsub( "'profiles' => \[",'' ).split(',').collect {|p| 
    p.strip.gsub(/^'/,'').gsub(/'$/,'') 
  }
  debug "Found #{profiles.size} profiles:"
  profiles.each {|p|
      debug "               -- "+p
  }
end

#fingerprint_prompt?(string) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/utm-plc.rb', line 33

def fingerprint_prompt? string
  !string[/\(yes\/no\)\?/].nil?
end

#get(x, command = 'get') ⇒ Object

# File 'lib/utm-plc.rb', line 247

def get x, command='get'
  debug "Running: 'cc #{command} #{x}'..."
  $in.printf("cc #{command} #{x}\n")
  debug until_prompt(':/home/login #')
end

#get_action(raw_assignment) ⇒ Object

# File 'lib/utm-plc.rb', line 266

def get_action raw_assignment
  raw_assignment[/'action' => '[^']*/].gsub(/'action' => '/,'').strip
end

#get_comment(raw) ⇒ Object

# File 'lib/utm-plc.rb', line 262

def get_comment raw
  raw[/'comment' => '[^']*/].gsub(/'comment' => '/,'')
end

#get_name(raw) ⇒ Object

# File 'lib/utm-plc.rb', line 258

def get_name raw
  raw[/'name' => '[^']*/].gsub(/'name' => '/,'')
end

#get_object(x) ⇒ Object

# File 'lib/utm-plc.rb', line 270

def get_object x
  get x, 'get_object'
end

#log(string = String.new) ⇒ Object

# File 'lib/utm-plc.rb', line 92

def log string=String.new
  if $logging==true
    printf add_nl(string)
  end
  string
end

#login ⇒ Object

# File 'lib/utm-plc.rb', line 106

def login
  log "Logging in as loginuser..."
  $in.printf( _lu_password + "\n" )
  debug until_prompt( '/home/login >', :check_badpass )
end

#print_raction(raw_action) ⇒ Object

# File 'lib/utm-plc.rb', line 253

def print_raction raw_action
  log "Name: #{get_name(raw_action)}"
  log "Comment: #{get_comment(raw_action)}"
end

#print_results(results) ⇒ Object

# File 'lib/utm-plc.rb', line 222

def print_results results
  log "\n\nPrinting results:"
  results.each {|x,y|
    if x==:profiles
      y.each {|z|
        if !_p_log_accessed?(z)
          log "Please activate the 'Log Accessed Pages' option for the Web Filter Action named: #{get_name(z)}"
        end
        if !_p_log_blocked?(z)
          log "Please activate the 'Log Blocked Pages' option for the Web Filter Action named: #{get_name(z)}"
        end
      }
    elsif x==:exceptions
      y.each {|z|
        if _e_log_accessed?(get_object(z))
         log "Please deactivate the option to skip logging of accessed pages for the Exception named: #{get_name(get_object(z))}"
        end
        if _e_log_blocked?(get_object(z))
         log "Please deactivate the option to skip logging of blocked pages for the Exception named: #{get_name(get_object(z))}"
        end
      }
    end
  }
end

#prompt(question, password = false) ⇒ Object

# File 'lib/utm-plc.rb', line 276

def prompt question, password=false
  printf question
  if password==true
    disable_echo {
      (s=gets.strip).empty? ? prompt(question) : s
    }
  else
    (s=gets.strip).empty? ? prompt(question) : s
  end
end

#run ⇒ Object

# File 'lib/utm-plc.rb', line 287

def run 
  PTY.spawn("ssh -p #{_port} loginuser@#{_host}") {|stdout,stdin,pid|
    begin
      old_out=$out; $out=stdout
      old_in=$in;   $in =stdin

      debug( until_prompt('password:') )
      login
      become_root

      #Because the main Web Filter is treated as a profile, this
      #will operate on all Web Filters and proxy profiles.
      results= search_profiles( extract_profiles( http=get('http') ) )
      results.merge!( search_exceptions( extract_exceptions( http ) ) )

      print_results( results )

      stdin.printf( "exit\n" )
      until_prompt( ":/home/login >" )
      stdin.printf( "exit\n" )

      $out=old_out
      $in=old_in
    rescue Errno::EIO
      printf "SSH Connection failed.  Are you able to ssh in from this machine? If not, start troubleshooting from here.\n"
      exit
    end
  }
  log 'Done'
end

#search_exceptions(exceptions) ⇒ Object

# File 'lib/utm-plc.rb', line 152

def search_exceptions exceptions
  if exceptions.class!=Array
    raise ArgumentError "search_exceptions(exceptions): 'exceptions' must be an array but it's something else, possibly a cheeseburger..."
  elsif exceptions.empty?
    raise ArgumentError "search_exceptions(exceptions): 'exceptions' must be a non-empty array! What have you done?!?"
  end

  results={:exceptions=>[]}
  exceptions.each {|exception|
    debug raw_exception=get_object(exception)
    log "Checking exception: #{get_name(raw_exception)}"
    if _e_log_accessed?(raw_exception)
      results[:exceptions] << exception
    elsif _e_log_blocked?(raw_exception)
      results[:exceptions] << exception
    end
  }
  results
end

#search_profiles(profiles) ⇒ Object

# File 'lib/utm-plc.rb', line 172

def search_profiles profiles
  if profiles.class!=Array
    raise ArgumentError "search_profiles(profiles): 'profiles' must be an array but it's something else, possibly a cheeseburger..."
  elsif profiles.empty?
    raise ArgumentError "search_profiles(profiles): 'profiles' must be a non-empty array! What have you done?!?"
  end
  results={:profiles=>[]}
  profiles.each {|profile|
    debug raw_proxy_profile=get_object(profile)
    log "Checking profile: #{get_name(raw_proxy_profile)}"
    debug raw_assignment=get_object( extract_cff_profiles(raw_proxy_profile) )
    log "Got the assignment for that profile..."
    action= get_action(raw_assignment)
    raw_action= get_object( extract_action(raw_assignment) )
    log "Got the action for that assignment..."

    if !_p_log_accessed?(raw_action) || !_p_log_blocked?(raw_action)
      log "Found an action that isn't logging everything: #{get_name(raw_action)}"
      results[:profiles] << raw_action
    end
  }
  results
end

#until_prompt(prompt, alt = false) ⇒ Object

# File 'lib/utm-plc.rb', line 58

def until_prompt( prompt, alt=false )
  buffer= ""
  begin
    Timeout.timeout( 60 ) {
      loop do
        buffer << $out.getc.chr
        err_check( buffer )
        break if buffer =~ Regexp.new(prompt)
      end
    }
    return buffer
  rescue Timeout::Error => error
    printf "Error - Timed out waiting for \"#{prompt.gsub('"','\"') }\", printing stacktrace...\n "
    printf error.backtrace.join("\n") + "\n"
    printf "Dumping buffer...\n"
    pp buffer
    printf "-------\n\n"
  end 
end

#wrong_password?(buffer, regexp) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/utm-plc.rb', line 37

def wrong_password? buffer, regexp
  !buffer[ Regexp.new( regexp ) ].nil?
end