#!/usr/bin/perl -w

##=====================================================================##
## Copyright (C) 2001-2004 Stephen Zarkos.  All rights reserved.
## Obsid@Sentry.net
##
## Please see file: COPYRIGHT for further copyright information and
## disclaimer.  Or online at http://www.SentryFirewall.com/files/COPYRIGHT
##=====================================================================##

## File: cd-config.pl

require ("/etc/rc.d/SENTRY/do_config.pl");
require ("/etc/rc.d/SENTRY/get_config.pl");
require ("/etc/rc.d/SENTRY/process_conf.pl");
require ("/etc/rc.d/SENTRY/networking.pl");
require ("/etc/rc.d/SENTRY/file_functions.pl");

$ENV{'PATH'} = "/bin:/sbin";
$SIG{INT} = 'IGNORE';
$SIG{HUP} = 'IGNORE';
umask 022;


MAIN:
{

 ## Read stdin from rc.S
 my $READWRITE = <>;

 ## Other vars
 my $status = "0";
 my $config = 'sentry.conf';
 my $version = '1.5.0-rc16';

 ## Some Globals
 @conf = ();
 %prefs = ();
 $net = "0";
 $m_point = $device = '';

 ## Announcement that script is running
 print "\033[0;31m";
 print "Sentry Firewall CD-ROM";
 print "\033[0;39m";
 print " [v${version}] - (www.SentryFirewall.com)\n";
 &do_log("Sentry Firewall CD [v${version}] Starting...");

 ## Call sub get_config to try and retrieve config file
 $status = &get_config($config);

 if ($status ne '1')  {
    ## If we failed to mount anything and retrieve a config, then
    ## just grab the default config and throw it into @conf.

    print "Failed to find config file \"$config\", using /etc/default/${config}\n";
    &do_log("Failed to find config file \"${config}\", using /etc/rc.d/SENTRY/${config}");

    $status = '1';
    if (-f "/etc/rc.d/SENTRY/${config}")  {
       open(CONF,"</etc/default/${config}") or ($status = '0');
       if ($status eq '1')  {  ## open successful, get config file.
          @conf = <CONF>;
          close(CONF);
       }
    }
    elsif (!(-f "/etc/default/${config}") || ($status = '0'))  {
       print "Failed to open /etc/default/${config}\n";
       print "Using defaults... \n";
       &do_log("Failed to open /etc/default/${config}, using defaults.");
    }
 }  ## End if

 ## Process @conf, put entries into %prefs.
 &process_conf;

 ## Remount root file system read/write so we can do stuff.
 ## Root usually not mounted 'ro' for this application anyway.
 if ($READWRITE eq 'no')  {
    print "Remounting root read/write... ";
    system("/sbin/mount -w -n -o remount / 1>/dev/null");
    if (($?) && ($? > "0"))  {
       print "Error.\n";  ## This is bad, may have to exit.
    }
    else  {
       print "Done.\n";
    }
 }


 ## Parse config, make necessary symlinks.
 &do_config;

 print "Configuration complete...\n";

 ## Clean up, unmount $m_point.
 if ($m_point ne '')  {
    print "Attempting to unmount $device mounted on ${m_point}...";
    if (&do_command("umount -n $m_point", '10') != 1)  {
       print " Error.\n";
       &do_log("Failed to unmount ${device}, mounted on ${m_point}.");
    }
    else  {
       print " Done.\n";
    }
 }

 ## Double check to make sure the ssh_host*key files are chmodded correctly.
 chmod 0400, "/etc/ssh/ssh_host_rsa_key";
 chmod 0400, "/etc/ssh/ssh_host_dsa_key";
 chmod 0400, "/etc/ssh/ssh_host_key";

 ## Finish up, remove any stuff left in /tmp and some static binaries we
 ## no longer need.
 print "Cleaning up... ";
 system("rm -rf /tmp/* 1>/dev/null 2>/dev/null");
 print "Done.\n";

 ## Avoid some annoying warnings.
 %prefs = ();
 $net = '';
 $m_point = '';

 exit(0);

} ## End MAIN


return 1;


## _EOF_ ##