Skip to content
Snippets Groups Projects
Commit c5850d29 authored by Laurent Destailleur's avatar Laurent Destailleur
Browse files

Fix checksum integrity. Also add a global checksum.

parent 83a8fcb7
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
build/generate_filelist_xml.php
+ 20
2
View file @ c5850d29
...@@ -65,6 +65,8 @@ fputs($fp, '<checksum_list version="'.$release.'">'."\n"); ...@@ -65,6 +65,8 @@ fputs($fp, '<checksum_list version="'.$release.'">'."\n");
fputs($fp, '<dolibarr_htdocs_dir>'."\n"); fputs($fp, '<dolibarr_htdocs_dir>'."\n");
$checksumconcat=array();
$dir_iterator1 = new RecursiveDirectoryIterator(dirname(__FILE__).'/../htdocs/'); $dir_iterator1 = new RecursiveDirectoryIterator(dirname(__FILE__).'/../htdocs/');
$iterator1 = new RecursiveIteratorIterator($dir_iterator1); $iterator1 = new RecursiveIteratorIterator($dir_iterator1);
// need to ignore document custom etc // need to ignore document custom etc
...@@ -81,12 +83,22 @@ foreach ($files as $file) { ...@@ -81,12 +83,22 @@ foreach ($files as $file) {
$needtoclose=1; $needtoclose=1;
} }
if (filetype($file)=="file") { if (filetype($file)=="file") {
fputs($fp, '<md5file name="'.basename($file).'">'.md5_file($file).'</md5file>'."\n"); $md5=md5_file($file);
$checksumconcat[]=$md5;
fputs($fp, '<md5file name="'.basename($file).'">'.$md5.'</md5file>'."\n");
} }
} }
fputs($fp, '</dir>'."\n"); fputs($fp, '</dir>'."\n");
fputs($fp, '</dolibarr_htdocs_dir>'."\n"); fputs($fp, '</dolibarr_htdocs_dir>'."\n");
asort($checksumconcat); // Sort list of checksum
//var_dump($checksumconcat);
fputs($fp, '<dolibarr_htdocs_dir_checksum>'."\n");
fputs($fp, md5(join(',',$checksumconcat))."\n");
fputs($fp, '</dolibarr_htdocs_dir_checksum>'."\n");
$checksumconcat=array();
fputs($fp, '<dolibarr_script_dir version="'.$release.'">'."\n"); fputs($fp, '<dolibarr_script_dir version="'.$release.'">'."\n");
...@@ -106,12 +118,18 @@ foreach ($files as $file) { ...@@ -106,12 +118,18 @@ foreach ($files as $file) {
$needtoclose=1; $needtoclose=1;
} }
if (filetype($file)=="file") { if (filetype($file)=="file") {
fputs($fp, '<md5file name="'.basename($file).'">'.md5_file($file).'</md5file>'."\n"); $md5=md5_file($file);
$checksumconcat[]=$md5;
fputs($fp, '<md5file name="'.basename($file).'">'.$md5.'</md5file>'."\n");
} }
} }
fputs($fp, '</dir>'."\n"); fputs($fp, '</dir>'."\n");
fputs($fp, '</dolibarr_script_dir>'."\n"); fputs($fp, '</dolibarr_script_dir>'."\n");
asort($checksumconcat); // Sort list of checksum
fputs($fp, '<dolibarr_script_dir_checksum>'."\n");
fputs($fp, md5(join(',',$checksumconcat))."\n");
fputs($fp, '</dolibarr_script_dir_checksum>'."\n");
fputs($fp, '</checksum_list>'."\n"); fputs($fp, '</checksum_list>'."\n");
fclose($fp); fclose($fp);
......
htdocs/admin/system/filecheck.php
+ 42
13
View file @ c5850d29
...@@ -148,11 +148,14 @@ if (GETPOST('target') == 'remote') ...@@ -148,11 +148,14 @@ if (GETPOST('target') == 'remote')
if ($xml) if ($xml)
{ {
$checksumconcat = array();
// Scan htdocs
if (is_object($xml->dolibarr_htdocs_dir[0])) if (is_object($xml->dolibarr_htdocs_dir[0]))
{ {
$file_list = array(); $file_list = array();
$ret = getFilesUpdated($file_list, $xml->dolibarr_htdocs_dir[0]); // Fill array $file_list $ret = getFilesUpdated($file_list, $xml->dolibarr_htdocs_dir[0], '', DOL_DOCUMENT_ROOT, $checksumconcat); // Fill array $file_list
print '<table class="noborder">'; print '<table class="noborder">';
print '<tr class="liste_titre">'; print '<tr class="liste_titre">';
print '<td>' . $langs->trans("FilesMissing") . '</td>'; print '<td>' . $langs->trans("FilesMissing") . '</td>';
...@@ -223,6 +226,29 @@ if ($xml) ...@@ -223,6 +226,29 @@ if ($xml)
print 'Error: Failed to found dolibarr_htdocs_dir into XML file '.$xmlfile; print 'Error: Failed to found dolibarr_htdocs_dir into XML file '.$xmlfile;
$error++; $error++;
} }
// Scan scripts
/*
if (is_object($xml->dolibarr_script_dir[0]))
{
$file_list = array();
$ret = getFilesUpdated($file_list, $xml->dolibarr_htdocs_dir[0], '', ???, $checksumconcat); // Fill array $file_list
}*/
asort($checksumconcat); // Sort list of checksum
//var_dump($checksumconcat);
$checksumget = md5(join(',',$checksumconcat));
$checksumtoget = $xml->dolibarr_htdocs_dir_checksum;
if ($checksumtoget)
{
print '<br>';
print '<strong>'.$langs->trans("GlobalChecksum").'</strong><br>';
print $langs->trans("ExpectedChecksum").' = '.$checksumtoget.'<br>';
print $langs->trans("CurrentChecksum").' = '.$checksumget;
}
} }
...@@ -239,12 +265,14 @@ exit($error); ...@@ -239,12 +265,14 @@ exit($error);
* Function to get list of updated or modified files. * Function to get list of updated or modified files.
* $file_list is used as global variable * $file_list is used as global variable
* *
* @param array $file_list Array for response * @param array $file_list Array for response
* @param SimpleXMLElement $dir SimpleXMLElement of files to test * @param SimpleXMLElement $dir SimpleXMLElement of files to test
* @param string $path Path of file * @param string $path Path of files relative to $pathref. We start with ''. Used by recursive calls.
* @return array Array of filenames * @param string $pathref Path ref (DOL_DOCUMENT_ROOT)
* @param array $checksumconcat Array of checksum
* @return array Array of filenames
*/ */
function getFilesUpdated(&$file_list, SimpleXMLElement $dir, $path = '') function getFilesUpdated(&$file_list, SimpleXMLElement $dir, $path = '', $pathref = '', &$checksumconcat = array())
{ {
$exclude = 'install'; $exclude = 'install';
...@@ -252,20 +280,21 @@ function getFilesUpdated(&$file_list, SimpleXMLElement $dir, $path = '') ...@@ -252,20 +280,21 @@ function getFilesUpdated(&$file_list, SimpleXMLElement $dir, $path = '')
{ {
$filename = $path.$file['name']; $filename = $path.$file['name'];
if (preg_match('#'.$exclude.'#', $filename)) continue; //if (preg_match('#'.$exclude.'#', $filename)) continue;
if (!file_exists(DOL_DOCUMENT_ROOT.'/'.$filename)) if (!file_exists($pathref.'/'.$filename))
{ {
$file_list['missing'][] = array('filename'=>$filename, 'expectedmd5'=>(string) $file); $file_list['missing'][] = array('filename'=>$filename, 'expectedmd5'=>(string) $file);
} }
else else
{ {
$md5_local = md5_file(DOL_DOCUMENT_ROOT.'/'.$filename); $md5_local = md5_file($pathref.'/'.$filename);
if ($md5_local != (string) $file) $file_list['updated'][] = array('filename'=>$filename, 'expectedmd5'=>(string) $file, 'md5'=>(string) $md5_local); if ($md5_local != (string) $file) $file_list['updated'][] = array('filename'=>$filename, 'expectedmd5'=>(string) $file, 'md5'=>(string) $md5_local);
} $checksumconcat[] = $md5_local;
}
} }
foreach ($dir->dir as $subdir) getFilesUpdated($file_list, $subdir, $path.$subdir['name'].'/'); foreach ($dir->dir as $subdir) getFilesUpdated($file_list, $subdir, $path.$subdir['name'].'/', $pathref, $checksumconcat);
return $file_list; return $file_list;
} }
htdocs/langs/en_US/admin.lang
+ 1
0
View file @ c5850d29
...@@ -12,6 +12,7 @@ FileCheck=Files integrity checker ...@@ -12,6 +12,7 @@ FileCheck=Files integrity checker
FileCheckDesc=This tool allows you to check the integrity of files of your application, comparing each files with the official ones. You can use this tool to detect if some files were modified by a hacker for example. FileCheckDesc=This tool allows you to check the integrity of files of your application, comparing each files with the official ones. You can use this tool to detect if some files were modified by a hacker for example.
FileIntegrityIsStrictlyConformedWithReference=Files integrity is strictly conformed with the reference. FileIntegrityIsStrictlyConformedWithReference=Files integrity is strictly conformed with the reference.
FileIntegritySomeFilesWereRemovedOrModified=Files integrity check has failed. Some files were modified of removed. FileIntegritySomeFilesWereRemovedOrModified=Files integrity check has failed. Some files were modified of removed.
GlobalChecksum=Global checksum
MakeIntegrityAnalysisFrom=Make integrity analysis of application files from MakeIntegrityAnalysisFrom=Make integrity analysis of application files from
LocalSignature=Embedded local signature (less reliable) LocalSignature=Embedded local signature (less reliable)
RemoteSignature=Remote distant signature (more reliable) RemoteSignature=Remote distant signature (more reliable)
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment