#!/bin/bash
#
# xinetd-config, Copyright 2010 Charles Wilson
#
# This file is part of the Cygwin port of xinetd.

# ======================================================================
# Initialization
# ======================================================================
PROGNAME=$(basename $0)
_tdir=$(dirname $0)
PROGDIR=$(cd $_tdir && pwd)

CSIH_SCRIPT=/usr/share/csih/cygwin-service-installation-helper.sh

# Subdirectory where the new package is being installed
PREFIX=/usr

# Directory where the config files are stored
SYSCONFDIR=/etc
CONFDIR=/etc/xinetd.d
LOGDIR=/var/log
RUNDIR=/var/run
LOCKDIR=/var/lock/subsys

source ${CSIH_SCRIPT}

# ======================================================================
# Routine: install_service
#   Install xinetd as a service
# ======================================================================
install_service() {
  local run_service_as
  local password
  local force_arg
  local user_arg

  if [ "$opt_force" == "yes" ]
  then
    force_arg=-f
  fi
  if [ -n "$opt_default_service_acct" ]
  then
    user_arg=-u
  fi
  if csih_is_nt
  then
    if cygrunsrv -Q inetd > /dev/null 2>&1
    then
      csih_warning "The inetd service is already installed.  You can not"
      csih_warning "run both inetd and xinetd parallel."
      echo
      if csih_request "Do you want to uninstall the inetd service in favor of xinetd?"
      then
        cygrunsrv -E inetd
        cygrunsrv -R inetd
      fi
    fi

    # Install xinetd service if it is not already installed
    if ! cygrunsrv -Q xinetd >/dev/null 2>&1
    then
      csih_inform "Note that the inetd service and the xinetd service must not"
      csih_inform "both be active at the same time.  The easiest way to ensure"
      csih_inform "this is to only install one or the other as a service."
      if csih_request "Do you want to install the xinetd super-server as a service?"
      then
        csih_get_cygenv "${cygwin_value}"
        if ! csih_is_nt2003
        then
          if [ "$csih_FORCE_PRIVILEGED_USER" != "yes" ]
          then
            # we won't create a new user, but this will initialize
            # csih so that IF one already exists, csih_service_should_run_as
            # will return that user.
            csih_select_privileged_username $force_arg $user_arg "$opt_default_service_acct"
          else
            csih_inform "You have requested that a special privileged user be used"
            csih_inform "by the service, and are running on Windows NT, 2k or XP where"
            csih_inform "this is not actually required (LocalSystem would also work)."
            csih_inform "This script will help you create the necessary privileged"
            csih_inform "user, or to select one that already exists."
            echo
          fi
        else
          csih_inform "On Windows Server 2003, Windows Vista, and above, the"
          csih_inform "SYSTEM account cannot setuid to other users -- a capability"
          csih_inform "xinetd requires.  You need to have or to create a privileged"
          csih_inform "account.  This script will help you do so."
          echo
        fi
        if ( csih_is_nt2003 || [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] )
        then
          csih_select_privileged_username $force_arg $user_arg "$opt_default_service_acct"
          if ! csih_create_privileged_user "${password_value}"
          then
            csih_error_recoverable "There was a serious problem creating a privileged user."
            csih_request "Do you want to proceed anyway?" || exit 1
          fi
        fi

        # never returns empty if NT or above
        run_service_as=$(csih_service_should_run_as)

        if [ "${run_service_as}" = "${csih_PRIVILEGED_USERNAME}" ]
        then
          password="${csih_PRIVILEGED_PASSWORD}"
          if [ -z "${password}" ]
          then
            csih_get_value "Please enter the password for user '${run_service_as}':" "-s"
            password="${csih_value}"
          fi
        fi

        # at this point, we either have $run_service_as = "system" and
        # $password is empty, or $run_service_as is some privileged user
        # and (hopefully) $password contains the correct password.  So,
        # from here out, we use '-z "${password}"' to discriminate the
        # two cases.

        csih_check_user "${run_service_as}"

        if [ -z "${password}" ]
        then
	  if cygrunsrv -I xinetd -d "CYGWIN xinetd" -p /usr/sbin/xinetd -a "-stayalive -dontfork" \
            -y tcpip -e CYGWIN="${csih_cygenv}"
          then
            echo ""
            csih_inform "The xinetd service has been installed under the LocalSystem"
            csih_inform "account (also known as SYSTEM). To start the service now, call"
            csih_inform "\`net start xinetd' or \`cygrunsrv -S xinetd'.  Otherwise, it"
            csih_inform "will start automatically after the next reboot."
            echo ""
            csih_inform "Check ${SYSCONFDIR}/xinetd.conf, ${SYSCONFDIR}/xinetd.d/, and"
            csih_inform "/usr/share/doc/Cygwin/xinetd.README before starting the service!"
          fi
        else
	  if cygrunsrv -I xinetd -d "CYGWIN xinetd" -p /usr/sbin/xinetd -a "-stayalive -dontfork" \
            -y tcpip -e CYGWIN="${csih_cygenv}" -u "${run_service_as}" -w "${password}"
          then
            echo ""
            csih_inform "The xinetd service has been installed under the '${run_service_as}'"
            csih_inform "account.  To start the service now, call \`net start xinetd' or"
            csih_inform "\`cygrunsrv -S xinetd'.  Otherwise, it will start automatically"
            csih_inform "after the next reboot."
            echo ""
            csih_inform "Check ${SYSCONFDIR}/xinetd.conf, ${SYSCONFDIR}/xinetd.d/, and"
            csih_inform "/usr/share/doc/Cygwin/xinetd.README before starting the service!"
          fi
        fi

        # now, if successfully installed, set ownership of the affected files
        if cygrunsrv -Q xinetd >/dev/null 2>&1
        then
          chown "${run_service_as}".544 "${SYSCONFDIR}/xinetd.conf"
          chown "${run_service_as}".544 "${SYSCONFDIR}/xinetd.d"
          for f in ${SYSCONFDIR}/xinetd.d/*
          do
            chown "${run_service_as}".544 "${f}"
          done
        else
          csih_warning "Something went wrong installing the xinetd service."
        fi
      fi # user allowed us to install as service
    fi # service not yet installed
  fi # csih_is_nt
} # --- End of install_service --- #

# ======================================================================
# Routine: perms_conf_file
# ======================================================================
perms_conf_file() {
  local conf_file=$1
  chmod 644 "${conf_file}" >&/dev/null || /bin/true
  setfacl -m u:system:rw- "${conf_file}" >& /dev/null || /bin/true
  setfacl -m g:544:rw- "${conf_file}" >& /dev/null || /bin/true
  csih_check_access "${conf_file}" "rw."
} # --- End of perms_conf_file --- #


# ======================================================================
# Main Entry Point
# ======================================================================


# Check how the script has been started.  If
#   (1) it has been started by giving the full path and
#       that path is /etc/postinstall, OR
#   (2) Otherwise, if the environment variable
#       CONFIG_AUTO_ANSWER_NO is set
# then set auto_answer to "no".  This allows automatic
# creation of the config files in /etc w/o overwriting
# them if they already exist.  In both cases, color
# escape sequences are suppressed, so as to prevent
# cluttering setup's logfiles.
if [ "$PROGDIR" = "/etc/postinstall" ]
then
  csih_auto_answer="no"
  csih_disable_color
fi
if [ -n "${XINETD_CONFIG_AUTO_ANSWER_NO}" ]
then
  csih_auto_answer="no"
  csih_disable_color
fi


# ======================================================================
# Parse options
# ======================================================================
while :
do
  case $# in
  0)
    break
    ;;
  esac

  option=$1
  shift

  case "$option" in
  -d | --debug )
    set -x
    csih_trace_on
    ;;

  -y | --yes )
    csih_auto_answer=yes
    ;;

  -n | --no )
    csih_auto_answer=no
    ;;

  *)
    echo "usage: ${PROGNAME} [OPTION]..."
    echo
    echo "This script creates a basic xinetd configuration."
    echo
    echo "Options:"
    echo "    --debug  -d     Enable shell's debug output."
    echo "    --yes    -y     Answer all questions with \"yes\" automatically."
    echo "    --no     -n     Answer all questions with \"no\" automatically."
    echo
    exit 1
    ;;

  esac
done

# ======================================================================
# Action!
# ======================================================================


# explicitly invoke _csih_setup early, to ensure basic directories
# exist and have correct permissions (/etc, /var/[log|run|empty])
_csih_setup


# Check for xinetd configuration directory
csih_make_dir "${CONFDIR}" "Could not create configuration directory."
chmod 775 "${CONFDIR}"
setfacl -m u:system:rwx "${CONFDIR}"


# Check for ${LOCKDIR} directory
csih_make_dir "${LOCKDIR}" "LOCK files of running processes will not be created."
chmod 775 "${LOCKDIR}"               >&/dev/null || /bin/true
setfacl -m u:system:rwx "${LOCKDIR}" >&/dev/null || /bin/true
setfacl -m g:544:rwx "${LOCKDIR}"    >&/dev/null || /bin/true
csih_check_access "${LOCKDIR}" "rwx"


# Validate permissions on configuration files
for f in /etc/sysconfig/xinetd /etc/xinetd.conf /etc/xinetd.d/*
do
  if [ -f "$f" ]
  then
    chmod 664 "$f"                   >&/dev/null || /bin/true
    setfacl -m u:system:rw- "$f"     >&/dev/null || /bin/true
    setfacl -m g:544:rw- "$f"        >&/dev/null || /bin/true
    csih_check_access "$f" "rw."
  fi
done

# This is an executable script, not a config file
if [ -f /etc/rc.d/init.d/xinetd ]
then
  chmod 755 "$f"                   >&/dev/null || /bin/true
  setfacl -m u:system:rwx "$f"     >&/dev/null || /bin/true
  setfacl -m g:544:rwx "$f"        >&/dev/null || /bin/true
  csih_check_access "$f" "rwx"
fi

# maybe: csih_auto_answer=no will skip,
# interactive user will get a chance to override
install_service

echo
echo "Configuration finished. Have fun!"
