#!/usr/bin/perl -w

##=====================================================================##
## Copyright (C) 2001-2004 Stephen Zarkos.  All rights reserved.
## Obsid@Sentry.net
##
## Please see file: COPYRIGHT for further copyright information and
## disclaimer.  Or online at http://www.SentryFirewall.com/files/COPYRIGHT
##=====================================================================##

## File: get_config.pl

$ENV{PATH} = "/bin:/sbin";
umask 022;


##-------------------------------------------------------------------------##
## Sub get_config().
## Attempts to mount a device and obtain a sentry.conf file.

sub get_config  {

 my $config = "$_[0]";
 my $status = 0;

 my $dev = '';
 my @devices = ('/dev/fd0', '/dev/sda1', '/dev/hda1');

 ## Before probing for drives, disable logging to the console.
 system('/bin/dmesg', '-n1');

 ## Disable kmod for a bit to avoid modprobe errors on the console.
 &kmod('DIS_KMOD');


 foreach $dev (@devices)  {
    $m_point = ($dev eq '/dev/hda1') ? '/mnt' : '/floppy';

    print "Checking for media on ${dev}...";

    ## Test to see if device is available.
    $status = &do_command("/bin/dd if=${dev} of=/dev/null bs=1 count=1", '2');

    if ($status == 1)  {
       print " Device Found.\n";
       print "Attempting to mount ${dev}...";

       if ($dev eq '/dev/sda1')  {
          &do_command('mount -tproc proc /proc', '10');
          $status = &do_command("mount -tvfat,ext2,umsdos,msdos -r -n $dev $m_point", '10');
       }
       elsif ($dev eq '/dev/fd0')  {
          $status = &do_command("mount -text2,vfat,umsdos,msdos -r -n $dev $m_point", '10');
       }
       else  {
          $status = &do_command("mount -r -n $dev $m_point", '10');
       }

       if ($status == 0)  {
          print " Error.\n";
       }
       elsif ($status == 1)  {
          &do_log("INFO: $dev successfully mounted on ${m_point}.");
          print " Done.\n";
       }
       elsif ($status == 2)  {
          print " Timed Out.\n";
       }
       else  {  print " Undefined Error(${status})\n";  }

       next unless ($status == 1);

       ## Try to retrieve the config file.
       if (open(CONF,"<${m_point}/${config}"))  {
          @conf = <CONF>;
          close(CONF);

          print "Found sentry.conf on device ${dev}.\n";
          &do_log("INFO: Found sentry.conf on device ${dev}.");
          $device = $dev;
          last;
       }
       else  {
          print "Unable to find a valid sentry.conf on device $dev.\n";
          &do_log("INFO: Unable to find a valid sentry.conf on device $dev.");

          print "Unmounting $dev...";
          if (&do_command("umount -n $m_point", '10') == 1)  {
             &do_log("INFO: $dev successfully unmounted.");
             print " Done.\n";
          }
          else  {
             &do_log("INFO: Unable to unmount ${dev}.");
             print " Failed.\n";
          }
          $status = 0;
       }
    }
    else  {
       print " Not Found.\n";
    }
 }

 if ($status != 1)  {
    $m_point = '';
 }

 ## Re-enable kernel module loading.
 &kmod('ENA_KMOD');

 ## Reset console log level.
 system('/bin/dmesg', '-n6');

 return 0 if ($status != 1);

 return 1;

}  ## End sub get_config().
##-------------------------------------------------------------------------##


##-------------------------------------------------------------------------##
## Sub do_command()
## This function attempts to execute a command passed to it, with a timeout,
## also passed.  Returns 0 on error, 1 on success, and 2 if operation timed out.

sub do_command  {

local $SIG{ALRM} = sub {  die "TIMEOUT";  };
local $SIG{CHLD} = 'IGNORE';

return 0 if (!(defined($_[0])) || ($_[0] eq ''));

my @command = split(/\s+/, $_[0]);
my $timeout = "$_[1]";

## Round and set timeout to "10" if number is bogus or not between 1 and 499.
$timeout = sprintf("%.0f", $timeout);
$timeout = (($timeout > "0") && ($timeout < 500)) ? $timeout : "10";

## Debug
if ((exists($prefs{'debug'})) && ($prefs{'debug'} eq '1'))  {
   &do_log("DEBUG: $_[0]");
}

## Fork and exec.
my $pid = open(PH, "-|");
if ($pid)  {
   eval {
      local $SIG{CHLD} = sub {  wait;  die if ($? > 0);  };
      alarm($timeout);
      while (<PH>)  {  }
      alarm(0);
   };
}
else  {
   open (STDERR, '>/dev/null') or die;
   (exec("@command")) or die;  ## Dies if @command unsuccessful.
}

if ($@)  {
   if ($@ =~ /TIMEOUT/)  {
      ## Command timed out.
      kill(15, $pid); sleep 2; kill(9, $pid);
      close(PH);
      return 2;  ## Timed Out
   }
   else {
      close(PH);
      alarm(0);
      return 0;  ## Return Error
   }
}

else  {
   close(PH);
   sleep 1;
   return 1;  Return Success
}


}  ## End sub do_command().
##-------------------------------------------------------------------------##


##-------------------------------------------------------------------------##
## Sub kmod()
## Disables/enables kernel module loading.  Kernel module loading is
## disabled for the first part of the configuration process since there
## are no modules available until the CDROM is mounted.

sub kmod  {

 return 0 if ((! defined($_[0])) || ($_[0] eq ''));
 return 0 if (($_[0] ne 'DIS_KMOD') && ($_[0] ne 'ENA_KMOD'));

 my $mode = "$_[0]";
 my $mprobe = ($mode eq 'DIS_KMOD') ? '/bin/true' : '/sbin/modprobe';

 if (! -f "/proc/sys/kernel/modprobe")  {
    if (&do_command('mount -tproc proc /proc', '10') != 1)  {
       &do_log("ERROR: kmod(): Unable to mount /proc(${mode})");
       return 0;
    }
 }

 if (open(FH,">/proc/sys/kernel/modprobe"))  {
    print FH "$mprobe";
    close(FH);
 }
 else  {
    &do_log("ERROR: kmod(): Unable to open \'/proc/sys/kernel/modprobe\'");
    return 0;
 }

 if (&do_command('umount /proc','10') != 1)  {
    &do_log("ERROR: kmod(): Unable to unmount /proc.");
 }

 return 1;

}  ## End sub kmod().
##-------------------------------------------------------------------------##


return 1;


## _EOF_ ##