public static function setUpBeforeClass() { include 'setuptests.php'; self::$i = FreePBX::Installer(); }
/** * Check the module.sig file against the contents of the * directory * * @param string Module name * @return array (status => GPG::STATE_whatever, details => array (details, details)) */ public function verifyModule($modulename = null) { if (!$modulename) { throw new Exception(_("No module to check")); } if (strpos($modulename, "/") !== false) { throw new Exception(_("Path given to verifyModule. Only provide a module name")); } // Get the module.sig file. $file = FreePBX::Config()->get('AMPWEBROOT') . "/admin/modules/{$modulename}/module.sig"; if (!file_exists($file)) { // Well. That was easy. return array("status" => GPG::STATE_UNSIGNED, "details" => array(_("unsigned"))); } // Check the signature on the module.sig $module = $this->checkSig($file); if (isset($module['status'])) { return array("status" => $module['status'], "details" => array(sprintf(_("module.sig check failed! %s"), $module['trustdetails'][0]))); } // OK, signature is valid. Let's look at the files we know // about, and make sure they haven't been touched. $retarr['status'] = GPG::STATE_GOOD | GPG::STATE_TRUSTED; $retarr['details'] = array(); foreach ($module['hashes'] as $file => $hash) { $dest = FreePBX::Installer()->getDestination($modulename, $file); if ($dest === false) { // If the file is explicitly un-checkable, ignore it. continue; } if (!file_exists($dest)) { $retarr['details'][] = $dest . " " . _("missing"); $retarr['status'] |= GPG::STATE_TAMPERED; $retarr['status'] &= ~GPG::STATE_GOOD; } elseif (hash_file('sha256', $dest) != $hash) { // If you i18n this string, also note that it's used explicitly // as a comparison of "altered" in modulefunctions.class, to // warn people about bin/amportal needing to be updated // with 'amportal chown'. Don't make them different! $retarr['details'][] = $dest . " " . _("altered"); $retarr['status'] |= GPG::STATE_TAMPERED; $retarr['status'] &= ~GPG::STATE_GOOD; } } return $retarr; // Reminder for people doing i18n. if (false) { echo _("If you're i18n-ing this file, read the comment about 'altered' and 'missing'"); } }
/** * Check the module.sig file against the contents of the * directory * * @param string Module name * @return array (status => GPG::STATE_whatever, details => array (details, details)) */ public function verifyModule($modulename = null) { if (!$modulename) { throw new Exception(_("No module to check")); } if (strpos($modulename, "/") !== false) { throw new Exception(_("Path given to verifyModule. Only provide a module name")); } // Get the module.sig file. $file = \FreePBX::Config()->get('AMPWEBROOT') . "/admin/modules/{$modulename}/module.sig"; if (!file_exists($file)) { // Well. That was easy. return array("status" => GPG::STATE_UNSIGNED, "details" => array(_("unsigned"))); } $module = $this->checkSig($file); // Is this a local module? if (isset($module['parsedout']) && $module['parsedout']['config']['version'] > "1" && $module['parsedout']['config']['type'] == "local") { // We need to actually validate the LOCAL SECURE module $module = $this->processLocalSig($modulename, $module['parsedout']); } else { // Check the signature on the module.sig if (isset($module['status'])) { return array("status" => $module['status'], "details" => array(sprintf(_("module.sig check failed! %s"), $module['trustdetails'][0]))); } } // OK, signature is valid. Let's look at the files we know // about, and make sure they haven't been touched. $retarr['status'] = GPG::STATE_GOOD | GPG::STATE_TRUSTED; $retarr['details'] = array(); // RINGFREE - SIGNATURE CHECK BYPASS (OPEN) if (1 == 2) { // RINGFREE - SIGNATURE CHECK BYPASS (CLOSE) foreach ($module['hashes'] as $file => $hash) { $dest = \FreePBX::Installer()->getDestination($modulename, $file, true); if ($dest === false) { // If the file is explicitly un-checkable, ignore it. continue; } if (!file_exists($dest)) { $retarr['details'][] = $dest . " " . _("missing"); $retarr['status'] |= GPG::STATE_TAMPERED; $retarr['status'] &= ~GPG::STATE_GOOD; } elseif (hash_file('sha256', $dest) != $hash) { // If you i18n this string, also note that it's used explicitly // as a comparison of "altered" in modulefunctions.class, to // warn people about bin/fwconsole needing to be updated // with 'fwconsole chown'. Don't make them different! $retarr['details'][] = $dest . " " . _("altered"); $retarr['status'] |= GPG::STATE_TAMPERED; $retarr['status'] &= ~GPG::STATE_GOOD; } } // RINGFREE - SIGNATURE CHECK BYPASS (OPEN) } else { $set['SIGNATURECHECK'] = false; // here's the slower BASH equivalent using PHP // exec("/var/lib/asterisk/bin/freepbx_setting SIGNATURECHECK 0"); } // RINGFREE - SIGNATURE CHECK BYPASS (CLOSE) return $retarr; // Reminder for people doing i18n. if (false) { echo _("If you're i18n-ing this file, read the comment about 'altered' and 'missing'"); } }