#!/usr/bin/suidperl -U
#
#  Program:       custom
#
#  Copyright:     COPYRIGHT Compaq Computer Corporation 2001.  All rights reserved.
#
#  Description:   This program performs actual changes to the operating system.
#                 It serves as the ONLY point where critical changes to the
#                 system are allowed.  It is hoped that this limits the number
#                 of suidperl programs and provides a more concise locale for
#                 security analysis.
#
#                 In the future, this central point should also provide a 
#                 method for logging and additional security checks.
#
#  History:
#
use strict;
use lib qw (
	/var/cpqcfg/cgi-bin/CompaqConfigurator/system
);

use config;
use general;

# We do not fatal includes so that we don't have to include all custom packages
push(@INC,"/var/cpqcfg/cgi-bin/CompaqConfigurator/system/custom");
attemptUse("system.pm");
attemptUse("apache.pm");
attemptUse("alerts.pm");
attemptUse("backup.pm");
attemptUse("firewall.pm");
attemptUse("groups.pm");
attemptUse("majordomo.pm");
attemptUse("network.pm");
attemptUse("sendmail.pm");
attemptUse("upgrade.pm");
attemptUse("users.pm");

# First we retrieve the passed parameters
my $command = shift(@ARGV) || "";
my $parameters = \@ARGV || "";
my @parameters = @{$parameters};

my %system = config::system();

$| = 1;

# Determine which command to use
general::debug("custom called with command = \"$command\" and parameters \"@parameters\".");

# Shutdown the server
if ($command eq "shutdown") {
  system::shutdown(@parameters);
}
# Update the root password
elsif ($command eq "update_root") {
  system::updateRoot(@parameters);
}
# Update the date and time on the system
elsif ($command eq "update_datetime") {
  system::updateDateTime(@parameters);
}
# Update general network options
elsif ($command eq "update_network") {
  network::updateNetwork(@parameters);
}
# Update routing
elsif ($command eq "update_routing") {
  network::updateRouting(@parameters);
}
elsif ($command eq "update_nameresolution") {
  network::updateNameResolution(@parameters);
}
# Update a network interface
elsif ($command eq "update_interface") {
  network::updateInterface(@parameters);
}
# Add an NFS mount to the system
elsif ($command eq "add_nfsmount") {
  network::addNFSMount(@parameters);
}
# Remove an NFS mount from the system
elsif ($command eq "del_nfsmount") {
  network::delNFSMount(@parameters);
}
# Update the parameters on an NFS mount
elsif ($command eq "update_nfs_mounts") {
  network::updateNFSMounts();
}
# Add a user to the system
elsif ($command eq "add_user") {
  print users::addUser(@parameters);
}
# Update a particular user
elsif ($command eq "update_user") {
  users::updateUser(@parameters);
}
# Delete a user from the system
elsif ($command eq "del_user") {
  users::delUser(@parameters);
}
# Delete a user from the perspective of a virtual site admin
elsif ($command eq "del_user_virtualsite") {
  apache::delUserVirtualSite(@parameters);
}
# Add the sym link for a particular user to a particular site
elsif ($command eq "vs_sym_link") {
  apache::vs_sym_link(@parameters);
}
# Delete the sym link for a particular user who has been take from site
elsif ($command eq "del_sym_link") {
  apache::del_sym_link(@parameters);
}
# Add a group to the system
elsif ($command eq "add_group") {

  my $groupID = groups::addGroup(@parameters);

  # We had an error that prevented us from adding the group
  if ($groupID ne "") {
      print "$groupID";
    general::debug("Add group with ID $groupID");  
  }

}
# Update a user group
elsif ($command eq "update_group") {
  groups::updateGroup(@parameters);
}
# Delete a group from the system
elsif ($command eq "del_group") {
  groups::delGroup(@parameters);
}
# Update email aliases on the system
elsif ($command eq "update_emailaliases") {
  sendmail::updateEmailAliases(@parameters);
}
# Delete an email alias
elsif ($command eq "del_emailalias") {
  sendmail::delEmailAlias(@parameters);
}
# Add a virtual host to the system
elsif ($command eq "add_virtualsite") {
  apache::addVirtualSite(@parameters);
}
# Delete a virtual host from the system
elsif ($command eq "del_virtualsite") {
  apache::delVirtualSite(@parameters);
}
# Update the virtual hosts
elsif ($command eq "update_virtualsite") {
  apache::updateVirtualSite(@parameters);
  sendmail::updateSendmail();
  apache::stopApache();
  apache::restartApache();
}
# Update httpd.conf and restart server
elsif ($command eq "update_apache") {
  apache::updateApache(@parameters);
  apache::stopApache();
  apache::restartApache();
  apache::stopApache();
  apache::restartApache();
}
# A command to cycle Apache
elsif ($command eq "restart_apache") {
  apache::stopApache();
  apache::restartApache();
}
# A command to turn on/off apache modules
elsif ($command eq "set_apache_module") {
  apache::setApacheModule(@parameters);
  apache::updateApache();
  apache::stopApache();
  apache::restartApache();
}
# Apply a performance profile to the system
elsif ($command eq "apply_profile") {
  apache::applyApacheProfile(@parameters);
  apache::stopApache();
  apache::restartApache();
}
# Update sendmail and restart the server
elsif ($command eq "update_sendmail") {
  sendmail::updateSendmail(@parameters);
}
# System backup
elsif ($command eq "backup") {
  backup::systemBackup(@parameters);
}
# Log rotation configuration
elsif ($command eq "update_logconfig") {
  system::updateLogConfig(@parameters);
}
# SNMP configuration
elsif ($command eq "update_snmpconfig") {
  network::updateSNMPConfig(@parameters);
}
# Update network services
elsif ($command eq "update_services") {
  firewall::updateServices(@parameters);
}
# Grab the current SSL Key value
elsif ($command eq "get_apache_sslkey") {
    print apache::getApacheSSLKey(@parameters);
}
# Grab the current SSL CSR
elsif ($command eq "get_apache_sslcsr") {
  print apache::getApacheSSLCSR(@parameters);
}
# Grab the current SSL CRT
elsif ($command eq "get_apache_sslcrt") {
  print apache::getApacheSSLCRT(@parameters);
}
# Regenerate the apache SSL key automatically
elsif ($command eq "apache_key_regen") {
  apache::apacheSSLKeyRegen(@parameters);
  apache::updateApache();
  apache::stopApache();
  apache::restartApache();
}
# Grab the date/time of the current Apache SSL key files
elsif ($command eq "apache_key_dates") {
  print apache::getApacheSSLdates(@parameters);
}
# Update the existing keys with a given value
elsif ($command eq "apache_key_update") {
  apache::updateApacheSSLKeys(@parameters);
  apache::updateApache();
  apache::stopApache();
  apache::restartApache();
}
# Update SSH Settings
elsif ($command eq "update_ssh") {
  network::updateSSH(@parameters);
}
# Get SSH Public Key
elsif ($command eq "get_ssh_public") {
    print apache::getPublicSSHSSLKey();
}
# Get SSH Private Key
elsif ($command eq "get_ssh_private") {
    print apache::getPrivateSSHSSLKey();
}
# Enable Floppy for boot
elsif ($command eq "enable_cd_floppy") {
    `/usr/compaq/bin/floppy -u`;
}
# Disable floppy boot
elsif ($command eq "disable_cd_floppy") {
    `/usr/compaq/bin/floppy -l`;
}
# Check disk quota
elsif ($command eq "check_quota") {
    users::checkQuota(@parameters);
}
# Restore user and group quotas
elsif ($command eq "restore_quotas") {
  users::restoreQuotas();
  groups::restoreQuotas();
}
# Make call to eject the CD    
elsif ($command eq "eject_cd") {
    `/usr/bin/eject`;
}
# Switch the UID light on
elsif ($command eq "uid_on") {
    `/usr/compaq/bin/uidutil 1`;
}
# Switch the UID light off
elsif ($command eq "uid_off") {
    `/usr/compaq/bin/uidutil 2`;
}
# Grab current status for UID light
elsif ($command eq "uid_stat") {
    my $status = `/usr/compaq/bin/uidutil 4 2> /tmp/uidstatus.tmp; /bin/cat /tmp/uidstatus.tmp`;
   print "$status";
}
# Make a call to upgrade the system
elsif ($command eq "upgrade_system") {
  upgrade::upgradeSystem(@parameters);
}
# Update the configurator flag that indicates a one-time config has happened
elsif ($command eq "set_config_status") {
  system::setConfigStatus();
}
# Fix-up permissions on the shadow files
elsif ($command eq "fix_shadow_permissions") {

    my $result = `$system{'root'}/system/bin/chgrp cpqcfg /etc/passwd* /etc/shadow*`;
  general::debug("$result");

    $result = `$system{'root'}/system/bin/chmod g+r /etc/passwd* /etc/shadow*`;
  general::debug("$result");
}
# No valid command was given
else {
  general::debug("WARNING: No VALID command given to custom call");
  general::debug("    Remember to call custom with a valid command");
}

# A sub-routine to do a non-fatal include of packages
sub attemptUse {

    my ($filename) = @_;

    return 1 if $INC{$filename};

    my ($realfilename, $result);

  ITER: {
      
      foreach my $prefix (@INC) {

	  $realfilename = "$prefix/$filename";

	  if (-f $realfilename) {
	
	    general::debug("Loading \"$realfilename\"");	
	      
	      $INC{$filename} = $realfilename;
	      $result = do $realfilename;

	      if (!$result) {
		  delete $INC{$filename}
	      }
	      last ITER;
	  }
      }

    general::debug("Not Loading \"$filename\".");
      
  }    
    
#    die $@ if $@;
#    die "$filename did not return true value" unless $result;

    return $result;
}

exit(0);
