#!/bin/bash

# Tenho que criar duas acções associadas a dois scripts

# Update - Reaplica a configuração, tendo em atenção que o meio
# ambiente pode ter sido alterado e por isso pode ser necessário
# alterar coisas

# Config - Voltar a perguntar as opções de configuração e no fim
# aplica a configuraçao escolhida.

PACKNAME=tp-srv-conf
CONFIG=/etc/${PACKNAME}/${PACKNAME}.conf
source ${CONFIG}

SHAREDIR=/usr/share/${PACKNAME}
SPATCH=${SHAREDIR}/spatch

CLEAN=no
RESTART=yes
SILENT=no
VERBOSE=no

function usage () {
    echo "$0: [--update|--clean|--revert] [--silent|--verbose]"
    echo "--update - updates configuration by reapplying the same settings"
    echo "--clean - try to remove configuration and restart services"
    echo "--revert - remove the patchs for easier updates, so don't restart ther services"
}

function sysklogd_in_rcS.d () {
    case $1 in
	No)
	    update-rc.d -n sysklogd   start 10 2 3 4 5 . stop 90 0 1 6 .
	    update-rc.d -n klogd      start 11 2 3 4 5 . stop 89 0 1 6 .
	    update-rc.d -n networking start 40 S . start 35 0 1 6 .
	    ;;
	Yes)
	    sysklogd_in_rcS.d config-off
	    update-rc.d -n sysklogd   start 40 S . start 10 2 3 4 5 . stop 90 0 1 6 .
	    update-rc.d -n klogd      start 41 S . start 11 2 3 4 5 . stop 89 0 1 6 .
	    update-rc.d -n networking start 41 S . start 35 0 1 6 .
	    TpSrvConfSysklogdInRcS=Yes
	    echo "# Run sysklogd and  klogd in state S" >> ${CONFIG}
	    echo "TpSrvConfSysklogdInRcS=Yes" >> ${CONFIG}
	    ;;
	config)
	    echo "Run sysklogd and klogd in state S is $TpSrvConfSysklogdInRcS"
	    echo "0 - To turn Yes"
	    echo "1 - To turn No"
	    echo "default is no change"
	    read r
	    case $r in
		0)
		    sysklogd_in_rcS.d Yes
		    ;;
		1)
		    sysklogd_in_rcS.d No
		    ;;
	    esac
	    ;;
	update)
	    sysklogd_in_rcS.d No
	    sysklogd_in_rcS.d Yes
	    ;;
	*)
	    
    esac
}

function applied-patch () {
    if ${SPATCH} status $1 | grep -q " not applied " ; then
	# False
	return 1;
    else
	# True
	return 0;
    fi
}

function deapply-patches () {
    # Nao esta a funcionar
    for patch in $* ; do
	if applied-patch $patch ; then
	    ${SPATCH} deapply $patch
	fi
    done
    #${SPATCH} deapply $*
}

function update-patches () {
    deapply-patches $*
    ${SPATCH} apply $1
}

function update-clean-patches () {
    deapply-patches $*
    if [ $CLEAN = no ] ; then
	${SPATCH} apply $1
    fi
}

while [ $# -ge 1 ] ; do
    case $1 in
	--update)
	    CLEAN=no
	    RESTART=yes
	    shift
	    ;;
	--clean)
	    CLEAN=yes
	    RESTART=yes
	    shift
	    ;;
	--revert)
	    CLEAN=yes
	    RESTART=no
	    shift
	    ;;
	--silent)
	    SILENT=yes
	    VERBOSE=no
	    shift
	    ;;
	--verbose)
	    SILENT=no
	    VERBOSE=yes
	    shift
	    ;;
	help)
	    usage
	    shift
	    exit 0
	    ;;
	*)
	    usage
	    CLEAN=no
	    REVERT=yes
	    shift
	    exit 1
    esac
done

# Show warnings about this update script
if [ $SILENT = "no" ] ; then
    ${SHAREDIR}/update-tripwire --warning
    echo "Press enter to continue"
    read
fi

# Doing updates
update-clean-patches 10_bootlogd_v00
if [ -r /boot/grub/menu.lst ] ; then
    update-clean-patches 10_grub_menu.lst_v00 10_grub_menu.lst
fi

#Patching ldap.conf
if [ -e /etc/ldap/ldap.conf ] ; then
    case $TpLdapClientConf in
	tagus)
	    deapply-patches 10_ldap_client_tagus_v00 10_ldap_client_alameda_v00
	    update-clean-patches 10_ldap_client_tagus_v00
	    ;;
	alameda)
	    echo "Not usable yet, use at your won risk"
	    deapply-patches 10_ldap_client_tagus_v00 10_ldap_client_alameda_v00
	    update-clean-patches 10_ldap_client_alameda_v00
	    ;;
	none)
	    deapply-patches 10_ldap_client_tagus_v00 10_ldap_client_alameda_v00
	    ;;
	*)
	    echo "Doing nothing about /etc/ldap/ldap.conf"
    esac
fi

#Patching policy of rotating logs
update-clean-patches 10_logrotate.conf_v00 
update-clean-patches 10_sysklogd_cron.daily_v01 10_sysklogd_cron.daily_v00
update-clean-patches 10_sysklogd_cron.weekly_v01 10_sysklogd_cron.weekly_v00

#Patching configuration of ntp and ntpdate
if egrep "^server 0.debian.pool.ntp.org iburst" /etc/ntp.conf > /dev/null ; then
    case $TpSrvConfNtpRef in
	tagus)
	    deapply-patches 10_ntp.conf_etch_alameda_v00
	    #deapply-patches 10_ntpdate_alameda_v00
	    update-clean-patches 10_ntp.conf_etch_tagus_v00
	    if ! egrep "NTPDATE_USE_NTP_CONF=yes" /etc/default/ntpdate > /dev/null ; then
		update-clean-patches 10_ntpdate_tagus_v01 
	    fi
	    ;;
	alameda)
	    deapply-patches 10_ntp.conf_etch_tagus_v00 
	    #deapply-patches 10_ntpdate_tagus_v01 10_ntpdate_tagus_v00 
	    update-clean-patches 10_ntp.conf_etch_alameda_v00
	    if ! egrep "NTPDATE_USE_NTP_CONF=yes" /etc/default/ntpdate > /dev/null ; then
		update-clean-patches 10_ntpdate_alameda_v00
	    fi
	    ;;
	pool)
	    deapply-patches 10_ntp.conf_etch_tagus_v00 
	    #deapply-patches 10_ntpdate_tagus_v01 10_ntpdate_tagus_v00 
	    ;;
	*)
	    echo "Unknown NTP Reference $TpSrvConfNtpRef"
	    echo "Use only [tagus|alameda|pool]"
    esac
else
    case $TpSrvConfNtpRef in
	tagus)
	    deapply-patches 10_ntp.conf_alameda_v00
	    deapply-patches 10_ntpdate_alameda_v00
	    update-clean-patches 10_ntp.conf_tagus_v00
	    if ! egrep "NTPDATE_USE_NTP_CONF=yes" /etc/default/ntpdate > /dev/null ; then
		update-clean-patches 10_ntpdate_tagus_v01 
	    fi
	    ;;
	alameda)
	    deapply-patches 10_ntp.conf_tagus_v00 
	    deapply-patches 10_ntpdate_tagus_v01 10_ntpdate_tagus_v00 
	    update-clean-patches 10_ntp.conf_alameda_v00
	    if ! egrep "NTPDATE_USE_NTP_CONF=yes" /etc/default/ntpdate > /dev/null ; then
		update-clean-patches 10_ntpdate_alameda_v00
	    fi
	    ;;
	pool)
	    deapply-patches 10_ntp.conf_tagus_v00 
	    deapply-patches 10_ntpdate_tagus_v01 10_ntpdate_tagus_v00 
	    ;;
	*)
	    echo "Unknown NTP Reference $TpSrvConfNtpRef"
	    echo "Use only [tagus|alameda|pool]"
    esac
fi
if [ ${RESTART} = "yes" -a -x /etc/init.d/ntp-server ] ; then
    invoke-rc.d ntp-server restart
fi

# openssh-server on etch don't need patch
deapply-patches 10_sshd_config_v00 10_sshd_config
if egrep "[[:space:]]*X11Forwarding[[:space:]]+yes" /etc/ssh/sshd_config > /dev/null ; then
    echo "openssh-server on etch don't need patch"
else
    update-clean-patches 10_sshd_config_v00 10_sshd_config 
    if [ ${RESTART} = "yes" ] ; then
	invoke-rc.d ssh reload
    fi
fi

# Patching tripwire
if ( applied-patch 10_tripwire || applied-patch 10_tripwire_v00 ||
	applied-patch 10_tripwire_v01 || 
	applied-patch 10_tripwire_twpoltxt_v00 ) ; then 
    ${SHAREDIR}/update-tripwire --silent --clean
fi
update-clean-patches 10_tripwire_twpoltxt_v00 10_tripwire 10_tripwire_v00 10_tripwire_v01 
if ( applied-patch 10_tripwire_twpoltxt_v00 ) ; then
    ${SHAREDIR}/update-tripwire --silent
fi
update-clean-patches 10_tripwire_twcfgtxt_v00 10_tripwire 10_tripwire_v00 10_tripwire_v01

update-clean-patches 10_tigerrc_v04 10_tigerrc 10_tigerrc_v00 10_tigerrc_v01 10_tigerrc_v02 10_tigerrc_v03


if egrep "^# Functions previously found in netbase$" /etc/sysctl.conf ; then
    #echo "Etch sysctl.conf"
    case $TpSrvConfNetOptionsRouter in
	Yes|yes|YES)
	    deapply-patches 10_network_sys_net_options_etch_v00 \
		10_network_sys_net_options_etch_routers_v00
	    update-clean-patches 10_network_sys_net_options_etch_routers_v00
	    ;;
	*)
	    deapply-patches 10_network_sys_net_options_etch_v00 \
		10_network_sys_net_options_etch_routers_v00
	    update-clean-patches 10_network_sys_net_options_etch_v00
    esac
else
    #Patching runtime configuration of kernel
    NetOptionsRouterYesPatches="20_network_sys_net_options_routers_v01 \
      10_network_sys_net_options_routers 20_network_sys_net_options_routers \
      20_network_sys_net_options_routers_v00"
    NetOptionsRouterNoPatches="20_network_sys_net_options_v00 \
      10_network_sys_net_options 20_network_sys_net_options"
    case $TpSrvConfNetOptionsRouter in
	Yes|yes|YES)
	    deapply-patches ${NetOptionsRouterNoPatches} \
		${NetOptionsRouterYesPatches}
	    update-clean-patches 10_entropy_settings_v00 10_entropy_settings
	    update-clean-patches ${NetOptionsRouterYesPatches}
	    ;;
	*)
	    deapply-patches ${NetOptionsRouterNoPatches} \
		${NetOptionsRouterYesPatches}
	    update-clean-patches 10_entropy_settings_v00 10_entropy_settings
	    update-clean-patches ${NetOptionsRouterNoPatches}
    esac
fi
if [ ${RESTART} = "yes" ] ; then
    sysctl -p
fi

#Patching /etc/modules
ModulesAllPatches="20_modules_firewalls_v00 20_modules_routers_v00 \
20_modules_tagus_policy_v00 10_modules_prerequisites_v00"
deapply-patches $ModulesAllPatches
update-clean-patches 10_modules_prerequisites_v00
update-clean-patches 20_modules_tagus_policy_v00
case $TpSrvConfNetOptionsRouter in
    Yes|yes|YES)
	update-clean-patches 20_modules_routers_v00
	;;
esac

case $TpSrvConfNetOptionsFirewall in
    Yes|yes|YES)
	update-clean-patches 20_modules_firewalls_v00
	;;
    *)
esac
