[people/stevee/guardian.git] / modules / Config.pm

package Guardian::Config;
use strict;
use warnings;

use Exporter qw(import);

our @EXPORT_OK = qw(CheckConfig UseConfig);

# The default config file which is used, if no one has been specified.
my $configfile = "/etc/guardian/guardian.conf";

# The maximum amount of chars, which a line in the configfile is allowed to contain.
my $maxlength = "64";

# Hash with default settings. They may be overwritten by settings of the config file.
my %defaults = (
	"LogLevel" => "info",
	"LogFacility" => "syslog",
	"BlockCount" => "3",
	"BlockTime" => "86400",
	"FirewallEngine" => "none",
);

#
## UseConfig configuration function.
#
## This function does the main work. It is responsible for calling the subfunction
## to read the given config file (or use the default one if none has been specified),
## and push the returned object to the validate subfunction. Finally the validated
## settings will be merged with the default ones (existing defaults will be overwritten).
#
sub UseConfig ($) {
	my $file = $_[0];

	# If not file has been specified, use the default one.
	unless ($file) {
		$file = $configfile;
	}

	# Call subfunction to get the settings from config file.
	# Store the options and values in a temporary hash.
	my %temp = &ReadConfig($file);

	# Validate config settings.
	my $error = &CheckConfig(\%temp);

	# As long, as no error message is returned, the config is valid.
	unless ($error) {
		# Merge hash with contains the default
		# and temporary config hash. If both hashes contains
		# the same keys, the keys+values of the first one (%defaults)
		# will be overwritten.
		my %config = (%defaults, %temp);

		# Return the final configuration hash.
		return %config;

	# If an error message is returned, exit and print the error message.
	} else {
		die "Invalid configuration: $error";
	}
}

#
## ReadConfig (configfile) function.
#
## This function is used to read a given configuration file and store the
## values into a hash which will be returned.
#
sub ReadConfig ($) {
	my $file = $_[0];

	# Hash to store the read-in configuration options and values.
	my %config = ();

	# Check if the configfile exists and is read-able.
	unless (-r "$file") {
			die "The given configfile ($file) does not exist, or is not read-able: $!";
 	}

	# Open the config file and read-in all configuration options and values.
	open(CONF, "$file") or die "Could not open $file: $!";

	# Process line by line.
	while (my $line = <CONF>) {
		# Skip comments.
		next if ($line =~ /\#/);

		# Skip blank  lines.
		next if ($line =~ /^\s*$/);

		# Remove any newlines.
		chomp($line);

		# Check line lenght, skip it, if it is longer than, the
		# allowed maximum.
		my $length = length("$line");
		next if ($length gt $maxlength);

		# Remove any whitespaces.
		$line=~ s/ //g;

		# Splitt line into two parts.
		my ($option, $value) = split (/=/, $line);

		# Add config option and value to the config hash.
		$config{$option} = $value;
	}

	# Close the config file.
	close(CONF);

	# Return the configuration hash.
	return %config;
}

#
## The CheckConfig function.
#
## This function is responsible to validate configure options which has
## to be passed as a hash. It will return an error message which provides some
## deeper details, if any problems have been detected.
#
sub CheckConfig (\%) {
	# Dereference the given hash-ref and store
	# them into a new temporary hash.
	my %config = %{ $_[0] };

	# If a BlockTime has been configured, check if the value is a natural number.
	if (exists($config{BlockTime})) {
		# Get the configured value for "BlockTime".
		my $value = $config{BlockTime};

		# Call subroutine for validation.
		my $error = &check_number("$value");

		# If the check fails, immediately return an error message.
		if ($error) {
			return "Invalid BlockTime: $error";
		}
	}

	# If a BlockCount has been configured, check if the value is a natural number.
	if (exists($config{BlockCount})) {
		# Get the configured value for "BlockCount".
		my $value = $config{BlockCount};

		# Call subroutine for validation.
		my $error = &check_number("$value");

		# If the check fails, immediately return an error message.
		if ($error) {
			return "Invalid BlockCount: $error";
		}
	}

	# Gather details about supported log levels.
	my %supported_loglevels = &Guardian::Logger::GetLogLevels();

	# Check if the configured log level is valid.
	unless (exists ($supported_loglevels{$config{LogLevel}})) {
		return "Invalid LogLevel: $config{LogLevel}";
	}

	# Check if an optional configured SocketOwner is valid.
	if (exists($config{SocketOwner})) {
		my ($user, $group) = split(/:/, $config{SocketOwner});

		# Get the ID for the given user name.
		my $uid = getpwnam($user) or return "The user $user does not exist.";

		# Get the ID for given group name.
		my $gid = getgrnam($group) or return "The group $group does not exist.";
	} 

	# The config looks good, so return nothing (no error message).
	return undef
}

#
## The check_number subroutine.
#
## This simple subroutine is used to check if a given string is numeric
## and contains a natural number which has to be greater than zero.
#
sub check_number ($) {
	my $input = $_[0];

	# Check if the input is a natural number.
	unless ($input =~ /^\d+$/) {
		return "$input is not a natural number";
	}

	# Check if the number is greater than zero.
	unless ($input gt "0") {
		return "$input has to be greater than zero";
	}

	# Input is okay, return no error message (nothing).
	return undef;
}

1;
Commit	Line	Data
2aed491c SS	1	package Guardian::Config;
	2	use strict;
	3	use warnings;
	4
	5	use Exporter qw(import);
	6
	7	our @EXPORT_OK = qw(CheckConfig UseConfig);
	8
	9	# The default config file which is used, if no one has been specified.
	10	my $configfile = "/etc/guardian/guardian.conf";
	11
	12	# The maximum amount of chars, which a line in the configfile is allowed to contain.
	13	my $maxlength = "64";
	14
	15	# Hash with default settings. They may be overwritten by settings of the config file.
	16	my %defaults = (
	17	"LogLevel" => "info",
	18	"LogFacility" => "syslog",
	19	"BlockCount" => "3",
	20	"BlockTime" => "86400",
b3dd9bd0	21	"FirewallEngine" => "none",
2aed491c SS	22	);
	23
	24	#
	25	## UseConfig configuration function.
	26	#
	27	## This function does the main work. It is responsible for calling the subfunction
	28	## to read the given config file (or use the default one if none has been specified),
	29	## and push the returned object to the validate subfunction. Finally the validated
	30	## settings will be merged with the default ones (existing defaults will be overwritten).
	31	#
	32	sub UseConfig ($) {
	33	my $file = $_[0];
	34
	35	# If not file has been specified, use the default one.
	36	unless ($file) {
	37	$file = $configfile;
	38	}
	39
	40	# Call subfunction to get the settings from config file.
	41	# Store the options and values in a temporary hash.
	42	my %temp = &ReadConfig($file);
	43
	44	# Validate config settings.
	45	my $error = &CheckConfig(\%temp);
	46
	47	# As long, as no error message is returned, the config is valid.
	48	unless ($error) {
	49	# Merge hash with contains the default
	50	# and temporary config hash. If both hashes contains
	51	# the same keys, the keys+values of the first one (%defaults)
	52	# will be overwritten.
	53	my %config = (%defaults, %temp);
	54
	55	# Return the final configuration hash.
	56	return %config;
	57
	58	# If an error message is returned, exit and print the error message.
	59	} else {
c0a59a63	60	die "Invalid configuration: $error";
2aed491c SS	61	}
	62	}
	63
	64	#
	65	## ReadConfig (configfile) function.
	66	#
	67	## This function is used to read a given configuration file and store the
	68	## values into a hash which will be returned.
	69	#
	70	sub ReadConfig ($) {
	71	my $file = $_[0];
	72
	73	# Hash to store the read-in configuration options and values.
	74	my %config = ();
	75
	76	# Check if the configfile exists and is read-able.
	77	unless (-r "$file") {
c0a59a63	78	die "The given configfile ($file) does not exist, or is not read-able: $!";
2aed491c SS	79	}
	80
	81	# Open the config file and read-in all configuration options and values.
c0a59a63	82	open(CONF, "$file") or die "Could not open $file: $!";
2aed491c SS	83
	84	# Process line by line.
	85	while (my $line = <CONF>) {
	86	# Skip comments.
	87	next if ($line =~ /\#/);
	88
	89	# Skip blank lines.
	90	next if ($line =~ /^\s*$/);
	91
	92	# Remove any newlines.
	93	chomp($line);
	94
2aed491c SS	95	# Check line lenght, skip it, if it is longer than, the
	96	# allowed maximum.
	97	my $length = length("$line");
	98	next if ($length gt $maxlength);
	99
27d58348 SS	100	# Remove any whitespaces.
	101	$line=~ s/ //g;
	102
2aed491c SS	103	# Splitt line into two parts.
	104	my ($option, $value) = split (/=/, $line);
	105
	106	# Add config option and value to the config hash.
	107	$config{$option} = $value;
	108	}
	109
	110	# Close the config file.
	111	close(CONF);
	112
	113	# Return the configuration hash.
	114	return %config;
	115	}
	116
	117	#
	118	## The CheckConfig function.
	119	#
	120	## This function is responsible to validate configure options which has
	121	## to be passed as a hash. It will return an error message which provides some
	122	## deeper details, if any problems have been detected.
	123	#
	124	sub CheckConfig (\%) {
	125	# Dereference the given hash-ref and store
	126	# them into a new temporary hash.
	127	my %config = %{ $_[0] };
	128
	129	# If a BlockTime has been configured, check if the value is a natural number.
	130	if (exists($config{BlockTime})) {
	131	# Get the configured value for "BlockTime".
	132	my $value = $config{BlockTime};
	133
	134	# Call subroutine for validation.
	135	my $error = &check_number("$value");
	136
	137	# If the check fails, immediately return an error message.
	138	if ($error) {
	139	return "Invalid BlockTime: $error";
	140	}
	141	}
	142
	143	# If a BlockCount has been configured, check if the value is a natural number.
	144	if (exists($config{BlockCount})) {
	145	# Get the configured value for "BlockCount".
	146	my $value = $config{BlockCount};
	147
	148	# Call subroutine for validation.
	149	my $error = &check_number("$value");
	150
	151	# If the check fails, immediately return an error message.
	152	if ($error) {
	153	return "Invalid BlockCount: $error";
	154	}
	155	}
	156
43ab646a SS	157	# Gather details about supported log levels.
	158	my %supported_loglevels = &Guardian::Logger::GetLogLevels();
	159
	160	# Check if the configured log level is valid.
	161	unless (exists ($supported_loglevels{$config{LogLevel}})) {
	162	return "Invalid LogLevel: $config{LogLevel}";
	163	}
2aed491c	164
6bd7c588 SS	165	# Check if an optional configured SocketOwner is valid.
	166	if (exists($config{SocketOwner})) {
	167	my ($user, $group) = split(/:/, $config{SocketOwner});
	168
	169	# Get the ID for the given user name.
	170	my $uid = getpwnam($user) or return "The user $user does not exist.";
	171
	172	# Get the ID for given group name.
	173	my $gid = getgrnam($group) or return "The group $group does not exist.";
	174	}
	175
2aed491c SS	176	# The config looks good, so return nothing (no error message).
	177	return undef
	178	}
	179
	180	#
	181	## The check_number subroutine.
	182	#
	183	## This simple subroutine is used to check if a given string is numeric
	184	## and contains a natural number which has to be greater than zero.
	185	#
	186	sub check_number ($) {
	187	my $input = $_[0];
	188
	189	# Check if the input is a natural number.
	190	unless ($input =~ /^\d+$/) {
	191	return "$input is not a natural number";
	192	}
	193
	194	# Check if the number is greater than zero.
	195	unless ($input gt "0") {
	196	return "$input has to be greater than zero";
	197	}
	198
	199	# Input is okay, return no error message (nothing).
	200	return undef;
	201	}
	202
	203	1;