#!/bin/bash
### Copyright 1999-2017. Parallels IP Holdings GmbH. All Rights Reserved.
#

#
# Plesk script
#


### Copyright 1999-2017. Parallels IP Holdings GmbH. All Rights Reserved.

### Copyright 1999-2017. Parallels IP Holdings GmbH. All Rights Reserved.
set_apache_params()
{
	apache_user="apache"
	apache_UID=80
	apache_group="apache"
	apache_GID=80

	user_apxs="/usr/sbin/apxs"

	apache_pid_file="$APACHE_ROOT/logs/httpd.pid"
	apache_lock_file="$APACHE_ROOT/logs/httpd.lock"
	product_lock_file="$HTTPD_CONF_D/cnf.lock"
	apache_service_name="httpd"

	apache_modules_d="/usr/lib64/httpd/modules"

	apache_service="$apache_service_name"

	apache_httpd_conf="$HTTPD_CONF_D/httpd.conf"
	apache_httpd_conf2="$HTTPD_CONF_D/httpd2.conf"
	apache_httpd_conf_in="$HTTPD_CONF_D/httpd.conf.in"

	apache_httpd_include="$HTTPD_INCLUDE_D/zz010_psa_httpd.conf"

	APACHE_CERT="$HTTPD_CONF_D/httpd.pem"
	APACHE_ROOT="/usr"

	min_suexec_UID=10000
	max_suexec_UID=16000
	min_suexec_GID=$min_suexec_UID
	max_suexec_GID=$max_suexec_UID

	suexec_storage=/usr/lib64/plesk-9.0/suexec
	suexec=/usr/sbin/suexec
	suexec_dir=/usr/sbin
	suexec_file=suexec

	rpm_httpd_bin=/usr/sbin/httpd
}

### Copyright 1999-2017. Parallels IP Holdings GmbH. All Rights Reserved.
# vim:ft=sh
# Usage:  pleskrc <service> <action>
pleskrc()
{
	[ 2 -le $# ] || die "Not enough arguments"

	local service_name=$1
	local action=$2
	local ret=0
	local inten
	shift
	shift

	# Now check redefined functions
	if test "$machine" = "linux" && is_function "${service_name}_${action}_${machine}_${linux_distr}"; then
		"${service_name}_${action}_${machine}_${linux_distr}" "$@"
		return $?
	elif is_function "${service_name}_${action}_${machine}"; then
		"${service_name}_${action}_${machine}" "$@"
		return $?
	elif is_function "${service_name}_${action}"; then
		"${service_name}_${action}" "$@"
		return $?
	fi

	# Not redefined - call default action
	eval "service=\$${service_name}_service"
	[ -n "$service" ] || die "$action $service_name service (Empty service name for '$service_name')"

	inten="$action service $service"
	[ "$action" = "status" -o "$action" = "exists" ] || echo_try "$inten"

	service_ctl "$action" "$service" "$service_name"

	ret="$?"
	if [ "$action" != "status" -a "${action}" != "exists" ]; then
		if [ "$ret" -eq 0 ]; then
			suc
		else
			if [ -x "/bin/systemctl" ]; then
				/bin/systemctl -l status "${service}.service" | awk 'BEGIN {s=0} s==1 {s=2} /^$/ {s=1} s==2 {print}' | tee /tmp/service_control.log >> "$product_log"
			fi
			warn "$inten"
		fi
	fi

	return $ret
}

# NOTE:
#	Function service_ctl is just helper for pleskrc().
#	Do not call it directly, use pleskrc()!!!
service_ctl()
{
	local action=$1
	local service=$2
	local service_name=$3

	if [ "$action" != "exists" ]; then
		_service_exec $service exists;
		if [ "$?" != "0" ]; then
			warn "attempt to ${inten} - control script doesn't exist or isn't executable"
			return 1
		fi
	fi

	case "$action" in
		start)
			pleskrc "$service_name" status || _service_exec "$service" "$action"
			;;
		stop)
			! pleskrc "$service_name" status || _service_exec "$service" "$action"
			;;
		restart)
			if pleskrc "$service_name" status; then
				_service_exec "$service" "$action"
			else
				_service_exec "$service" start
			fi
			;;
		reload)
			! pleskrc "$service_name" status || _service_exec "$service" "$action"
			;;
		status)
			_service_exec "$service" status
			;;
		try-restart)
			if [ -x "/bin/systemctl" ]; then
				_service_exec "$service" "$action"
			else
				! pleskrc "$service_name" status || _service_exec "$service" "restart"
			fi
			;;
		try-reload)
			! pleskrc "$service_name" status || _service_exec "$service" "reload"
			;;
		reload-or-restart)
			if [ -x "/bin/systemctl" ]; then
				_service_exec "$service" "$action"
			elif pleskrc "$service_name" status; then
				_service_exec "$service" "reload"
			else
				_service_exec "$service" "start"
			fi
			;;
		*)
			_service_exec "$service" "$action"
			;;
	esac >> "$product_log"
}

_service_exec()
{
	local service=$1
	local action=$2

	local action_cmd
	local sysvinit_service="/etc/init.d/$service"

	if [ -x "/bin/systemctl" ]; then
		case "${action}" in
			exists)
				if /bin/systemctl list-unit-files | awk 'BEGIN { rc = 1 } $1 == "'$service'.service" { rc = 0;} END { exit rc }'; then
					return 0 # systemd unit
				elif [ -x "$sysvinit_service" ]; then
					return 0 # sysvinit compat
				fi
				return 1 # not found
				;;
			status)
				action="is-active"
				;;
			reload|graceful)
				action='reload-or-try-restart'
				;;
		esac
		/bin/systemctl "$action" "${service}.service"
	elif  [ -x "/sbin/initctl" -a -e "/etc/init/$service.conf" ]; then  # upstart (ubuntu)
		if [ "$action" = "status" ]; then
			/sbin/initctl status "$service" | grep -qE ' ([0-9]+)$' && return 0 || return 1
		elif [ "$action" = "exists" ]; then
			return 0
		else
			/sbin/initctl "$action" "$service"
		fi
	else
		if [ -x "/usr/sbin/invoke-rc.d" ]; then
			action_cmd="/usr/sbin/invoke-rc.d $service"
		elif [ -x "/sbin/service" ]; then
			action_cmd="/sbin/service $service"
		elif [ -x "/usr/sbin/service" ]; then
			action_cmd="/usr/sbin/service $service"
		else
			action_cmd="$sysvinit_service"
		fi

		if [ "$action" = "exists" ]; then
			[ -x "$sysvinit_service" ] && return 0 || return 1
		else
			$action_cmd $action 2>/dev/null
		fi
	fi
}

is_function()
{
	local type_output=$(type -t "$1")
	test "X${type_output}" = "Xfunction"
}

# echo message to product log, unless debug
p_echo()
{
    if [ -n "$PLESK_INSTALLER_DEBUG" -o -n "$PLESK_INSTALLER_VERBOSE" -o -z "$product_log" ] ; then
        echo "$@" >&2
    else
        echo "$@" >> "$product_log" 2>&1
    fi
}

# echo message to product log without new line, unless debug
pnnl_echo()
{
    if [ -n "$PLESK_INSTALLER_DEBUG" -o -n "$PLESK_INSTALLER_VERBOSE" -o -z "$product_log" ] ; then
        echo -n "$*" >&2
    else
        echo -n "$*" >> "$product_log" 2>&1
    fi
}

die()
{
	PACKAGE_SCRIPT_FAILED="$*"

	report_problem \
		"ERROR while trying to $*" \
		"Check the error reason(see log file: ${product_log}), fix and try again"

	selinux_close

	exit 1
}

warn()
{
	local inten
	inten="$1"
	p_echo
	p_echo "WARNING!"
	pnnl_echo "Some problems are found during $inten"
	p_echo "(see log file: ${product_log})"
	p_echo
	p_echo "Continue..."
	p_echo

	product_log_tail | send_error_report_with_input "Warning: $inten"

	[ -n "$PLESK_INSTALLER_DEBUG" -o -n "$PLESK_INSTALLER_VERBOSE" ] || \
	product_log_tail
}

# Use this function to report failed actions.
# Typical report should contain
# - reason or problem description (example: file copying failed)
# - how to resolve or investigate problem (example: check file permissions, free disk space)
# - how to re-run action (example: perform specific command, restart bootstrapper script, run installation again)
report_problem()
{
	[ -n "$product_problems_log" ] || product_problems_log="/dev/stderr"

	p_echo
	if [ "0$problems_occured" -eq 0 ]; then
		echo "***** $process problem report *****" >> "$product_problems_log" 2>&1
	fi
	for problem_message in "$@"; do
		p_echo "$problem_message"
		echo "$problem_message" >> "$product_problems_log" 2>&1
	done
	p_echo

	product_log_tail | send_error_report_with_input "Problem: $@"

	[ -n "$PLESK_INSTALLER_DEBUG" -o -n "$PLESK_INSTALLER_VERBOSE" ] || \
		product_log_tail

	problems_occured=1
}

echo_try()
{
	msg="$*"
	pnnl_echo " Trying to $msg... "
}

suc()
{
	p_echo "done"
}

# do not call it w/o input! Use send_error_report in these cases.
send_error_report_with_input()
{
	get_product_versions
	{
		echo "$@"
		echo ""
		if [ -n "$error_report_context" ]; then
			echo "Context: $error_report_context"
			echo ""
		fi
		if [ -n "$RP_LOADED_PATCHES" ]; then
			echo "Loaded runtime patches: $RP_LOADED_PATCHES"
			echo ""
		fi
		cat -
	} | $PRODUCT_ROOT_D/admin/bin/send-error-report --version "$product_this_version" install >/dev/null 2>&1
}

# accumulates chown and chmod
set_ac()
{
	local u_owner g_owner perms node
	u_owner="$1"
	g_owner="$2"
	perms="$3"
	node="$4"

	# A very small optimization - replacing of two execs by one,
	#    it works only if the following conditions are observed:
	#       - u_owner is username (not UID);
	#       - g_owner is group (not GID);
	#       - perms is in octal mode.
	# If some conditions aren't observed,
	#    optimization doesn't work,
	#    but it doesn't break function
	[ "$(stat -c '%U:%G 0%a' $node)" != "$u_owner:$g_owner $perms" ] || return 0
	chown $u_owner:$g_owner $node || die "chown $u_owner:$g_owner $node"
	chmod $perms $node || die "chmod $perms $node"
}

call_optional_function()
{
	export LANG=C LC_MESSAGES=C LC_ALL=C
	local type_output="`type \"$1\" 2>/dev/null | head -n 1`"
	case "$type_output" in
		*function)
			"$@"
			;;
		*)
			return 0
			;;
	esac
}
### Copyright 1999-2017. Parallels IP Holdings GmbH. All Rights Reserved.
#-*- vim:syntax=sh

product_log_name_ex()
{
	local aux_descr="$1"
	local action="${CUSTOM_LOG_ACTION_NAME-installation}"

	if [ -n "$aux_descr" ]; then
		aux_descr="_${aux_descr}"
	fi

	if [ -n "$CUSTOM_LOG_NAME" ]; then
		echo "${CUSTOM_LOG_NAME}${action:+_$action}${aux_descr}.log"
	else
		echo "plesk_17.5.3${action:+_$action}${aux_descr}.log"
	fi
}

product_log_name()
{
	product_log_name_ex
}

product_problems_log_name()
{
	product_log_name_ex "problems"
}

problems_log_tail()
{
	[ -f "$product_problems_log" ] || return 0
	tac "$product_problems_log" | awk '/^START/ { exit } { print }' | tac
}

product_log_tail()
{
	[ -f "$product_log" ] || return 0
	{
		tac "$product_log" | awk '/^START/ { exit } { print }' | tac
	} 2>/dev/null
}

cleanup_problems_log()
{
	[ -f "$product_problems_log" ] || return 0
	touch "$product_problems_log.tmp"
	chmod 0600 "$product_problems_log.tmp"
	awk 'BEGIN 						{ st = "" } 
		 /^START/ 					{ st=$0; next } 
		 /^STOP/ && (st ~ /^START/) { st=""; next } 
		 (st != "") 				{ print st; st="" } 
		 							{ print }
		' "$product_problems_log" > "$product_problems_log.tmp" && 	mv -f "$product_problems_log.tmp" "$product_problems_log" || 	rm -f "$product_problems_log.tmp"
	
	if [ ! -s "$product_problems_log" ]; then 
		rm -f "$product_problems_log"
	fi
}

mktemp_log()
{
	local logname="$1"
	local dir="$2"

	if [ "${logname:0:1}" != "/" ]; then
		logname="$dir/$logname"
	fi
	dir="`dirname $logname`"
	if [ ! -d "$dir" ]; then
		mkdir -p "$dir" || { echo "Unable to create log directory : $dir"; exit 1; }
		if [ "$EUID" -eq "0" ]; then
			set_ac root root 0700 "$dir"
		fi
	fi

	if [ "${logname%XXX}" != "$logname" ]; then
		mktemp "$logname"
	else
		echo "$logname"
	fi
}

log_is_in_dev()
{
	test "${1:0:5}" = "/dev/"
}

start_writing_logfile()
{
	local logfile="$1"
	local title="$2"
	! log_is_in_dev "$logfile" || return 0
	echo "START $title" >> "$logfile" || { echo "Cannot write installation log $logfile" >&2; exit 1; }
	[ "$EUID" -ne "0" ] || set_ac root root 0600 "$logfile"
}

create_product_log_symlink()
{
	local logfile="$1"
	local prevdir="$2"

	local prevlog="$prevdir/`basename $logfile`"
	[ -e "$prevlog" ] || ln -sf "$logfile" "$prevlog"
}

log_start()
{
	true product_log_name product_problems_log_name mktemp_log

	local title="$1"
	local custom_log="$2"
	local custom_problems_log="$3"

	local product_log_dir="/var/log/plesk/install"

	product_log="$product_log_dir/`product_log_name`"
	product_problems_log="$product_log_dir/`product_problems_log_name`"
	problems_occured=0

	# init product log
	[ ! -n "$custom_log" ] || product_log="$custom_log"
	product_log=`mktemp_log "$product_log" "$product_log_dir"`

	# init problems log
	if [ -n "$custom_problems_log" ]; then
		product_problems_log=`mktemp_log "$custom_problems_log" "$product_log_dir"`
	elif [ -n "$custom_log" ]; then
		product_problems_log="$product_log"
	else
		product_problems_log=`mktemp_log "$product_problems_log" "$product_log_dir"`
	fi

	# write starting message into logs
	start_writing_logfile "$product_log" "$title"
	if [ "$product_log" != "$product_problems_log" ]; then
		start_writing_logfile "$product_problems_log" "$title"
	fi

	# create compat symlinks if logs are written to default localtions
	if [ -z "$custom_log" -a -z "$CUSTOM_LOG_NAME" ]; then
		create_product_log_symlink "$product_log" "/tmp"
		[ ! -z "$custom_problems_log" ] || create_product_log_symlink "$product_problems_log" "/tmp"
	fi

	is_function profiler_setup && profiler_setup "$title" || :
}

log_transaction_start()
{
	LOG_TRANSACTION_TITLE="$1"
	LOG_TRANSACTION_SUBJECT="$2"
	local log_transaction_custom_logfile="$3"
	local log_transaction_custom_problems_logfile="$4"

	transaction_begin autocommit
	log_start "$LOG_TRANSACTION_TITLE" "$log_transaction_custom_logfile" "$log_transaction_custom_problems_logfile"
	transaction_add_commit_action "log_transaction_stop"
}

log_transaction_stop()
{
	log_stop "$LOG_TRANSACTION_TITLE" "$LOG_TRANSACTION_SUBJECT"
}

log_stop()
{
	local title="$1"
	local subject="$2"

	if [ "$product_log" = "$product_problems_log" ] || 			log_is_in_dev "$product_problems_log"; then
		[ -e "$product_log" ] && echo "STOP $title" >>"$product_log"
		is_function profiler_stop && profiler_stop || :
		return
	fi

	if [ -z "$subject" ]; then
		subject="[${title}]"
	fi

	# check if problems are non-empty, check for problems_occured
	local status
	local problem_lines="`problems_log_tail | wc -l`"
	if [ "$problem_lines" -eq 0 ]; then
		status="completed successfully"
	else
		if [ $problems_occured -ne 0 ]; then
			status="failed"
		else
			status="completed with warnings"
		fi
	fi

	if [ -e "$product_log" ]; then
		p_echo
		p_echo "**** $subject $status."
		p_echo
	fi

	if [ "$problem_lines" -ne 0 ]; then
		[ ! -e "$product_log" ] || problems_log_tail >>"$product_log" 2>&1
		problems_log_tail
	fi

	[ ! -e "$product_log" ] || echo "STOP $title" >>"$product_log"
	if [ $problems_occured -ne 0 ]; then
		echo "STOP $title: PROBLEMS FOUND" >>"$product_problems_log"
	else
		[ ! -s "$product_problems_log" ] || echo "STOP $title: OK" >>"$product_problems_log"
	fi

	if [ "X${PLESK_INSTALLER_KEEP_PROBLEMS_LOG}" = "X" ]; then
		cleanup_problems_log
	fi

	# remove symlink to problems log if the log was removed
	local linkpath="/tmp/`basename $product_problems_log`"
	if [ -L "$linkpath" -a ! -e "$linkpath" ]; then
		rm -f "$linkpath"
	fi

	is_function profiler_stop && profiler_stop || :
}
### Copyright 1999-2017. Parallels IP Holdings GmbH. All Rights Reserved.

#
# Support for runtime patching of shell scripts (including utilities and package scripts).
#

# --- Service functions ---

# Load and apply a patch in a relatively safe way
rp_safe_load_patch()
{
	local patch_file="$1"
	echo_try "load shell patch '$patch_file'"
	/bin/sh -n "$RP_BASEDIR/$patch_file" && 
	{
		. "$RP_BASEDIR/$patch_file"
		RP_LOADED_PATCHES="$RP_LOADED_PATCHES $patch_file"
	} &&
	suc
}

# Apply patches specific to the current context (e.g., depending on utility basename or package name)
# This is currently not implemented. This may be overriden by "spark".
rp_patch_runtime_context_specific()
{
	:
}

# --- Main entry points ---

rp_patch_runtime()
{
	# List of loaded patch files
	RP_LOADED_PATCHES=

	local RP_BASEDIR="$PRODUCT_BOOTSTRAPPER_DIR/rp"
	[ -d "$RP_BASEDIR" ] || return 0

	if [ -r "$RP_BASEDIR/spark" ]; then
		rp_safe_load_patch "spark"
	fi

	call_optional_function rp_patch_runtime_context_specific "$@"
}

selinux_close()
{
	if [ -z "$SELINUX_ENFORCE" -o "$SELINUX_ENFORCE" = "Disabled" ]; then
		return
	fi

	setenforce "$SELINUX_ENFORCE"
}
### Copyright 1999-2017. Parallels IP Holdings GmbH. All Rights Reserved.
# vim:ft=sh:

#set_params

set_common_params()
{
	common_var=0

	PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
	LANG=C
	export PATH LANG
	unset GREP_OPTIONS
	umask 022
	ulimit -n 65535 2>/dev/null

	K_HUP="/bin/kill -HUP"
	K_KILL="/bin/kill -KILL"
	K_TERM="/bin/kill -TERM"
	K_USR2="/bin/kill -USR2"
	K_TEST="/bin/kill -0"

	users_created=""
	groups_created=""

	certificate_file="$PRODUCT_ETC_D/httpsd.pem"
	services="/etc/services"
	mtab="/etc/mtab"
	get_hostname="hostname"
	get_domainname="domainname"

	#default parameters
	tar="tar"
	crontab="/usr/bin/crontab"

	cp_preserve="cp -p"
	SYSTEM_RC_D=/etc/init.d
	PLESK_LIBEXEC_DIR="/usr/lib64/plesk-9.0"
	PLESK_DB_DIR="/var/lib/plesk"
	POSTFIX_LIBEXEC_DIR="/usr/libexec/postfix"
	PRODUCT_BOOTSTRAPPER_DIR="/usr/local/psa/bootstrapper/pp17.5.3-bootstrapper"
	AUTOGENERATED_CONFIGS="#ATTENTION!\n#\n#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,\n#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.\n"
	AUTOGENERATED_CONFIGS_UPGRADE="#ATTENTION!\n#\n#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,\n#SO ALL YOUR CHANGES WILL BE LOST AFTER YOU UPGRADE PARALLELS PLESK PANEL.\n"
	PRODUCT_LOGS_D="/var/log/plesk"

	set_common_params_linux 

	rp_patch_runtime
}

set_common_params_linux()
{
	get_hostname="hostname -f"
	fstab="/etc/fstab"
	cp_preserve="cp --preserve=all --remove-destination"
	machine="linux"
	sendmail="/usr/sbin/sendmail"
	ps="ps axw"
	ps_long="ps axuw"
	false_shell="/bin/false"
	dummy_home="/"
	compress="gzip -9 -c"
	uncompress="gunzip -c"
	uudecode="uudecode -o /dev/stdout"
	ifconfig="/sbin/ifconfig -a"
	inet_str="inet addr"

	useradd_options="-r"
	if [ -f /etc/SuSE-release ]; then
		linux_distr="suse"
	elif [ -f /etc/debian_version ]; then
		linux_distr="debian"
		get_domainname="dnsdomainname"
	else
		linux_distr="redhat"
	fi

	sndml_ini="/etc/init.d/sendmail"
	mail_local="/usr/libexec/mail.local"
	if [ -x /sbin/nologin ]; then
		dummy_shell="/sbin/nologin"
	else
		dummy_shell="/bin/false"
	fi
	bash_shell="/bin/bash"
	rbash_shell="/bin/rbash"
	uudecode_full="/usr/bin/uudecode"
	# FIXME: remove or keep? can't find use of this variable
	# named_osrelease=`perl -F"/[.-]/" -n -a  -e 'printf "%02u%02u%02u\n", $F[0],$F[1],$F[2]' /proc/sys/kernel/osrelease`

	return 0
}

get_product_versions()
{
	local prod_root_d="/usr/local/psa"
	
	product_name="psa"
	product_this_version="17.5.3"
	product_this_version_tag="testing"
	if [ -z "$product_prev_version" ]; then
		if [ -r "$prod_root_d/version.upg" ]; then
			product_prev_version=`awk '{ print $1 }' "$prod_root_d/version.upg"`
		elif [ -r "$prod_root_d/version" ]; then
			product_prev_version=`awk '{ print $1 }' "$prod_root_d/version"`
		else
			product_prev_version="$product_this_version"
		fi
	fi
}

### Copyright 1999-2017. Parallels IP Holdings GmbH. All Rights Reserved.
transaction_begin()
{
	[ -n "$TRANSACTION_STARTED" ] && die "Another transaction in progress!"
	TRANSACTION_STARTED="true"
	TRANSACTION_ROLLBACK_FUNCS=
	TRANSACTION_COMMIT_FUNCS=
	local transaction_autocommit="$1"
	if [ -n "$transaction_autocommit" ]; then
		trap "transaction_commit" PIPE EXIT
		trap "transaction_rollback" HUP INT QUIT TERM
	else
		trap "transaction_rollback" HUP PIPE INT QUIT TERM EXIT
	fi
}

transaction_rollback()
{
	[ -z "$TRANSACTION_STARTED" ] && die "Transaction is not started!"
	# perform rollback actions
	local f
	for f in ${TRANSACTION_ROLLBACK_FUNCS}; do
		"$f"
	done
	TRANSACTION_STARTED=
	TRANSACTION_ROLLBACK_FUNCS=
	TRANSACTION_COMMIT_FUNCS=
	trap - HUP PIPE INT QUIT TERM EXIT
	exit 1
}

transaction_commit()
{
	[ -z "$TRANSACTION_STARTED" ] && die "Transaction is not started!"
	# perform commit actions
	local f
	for f in ${TRANSACTION_COMMIT_FUNCS}; do
		"$f"
	done
	TRANSACTION_STARTED=
	TRANSACTION_ROLLBACK_FUNCS=
	TRANSACTION_COMMIT_FUNCS=
	trap - HUP PIPE INT QUIT TERM EXIT
}

transaction_add_commit_action()
{
	[ -z "$TRANSACTION_STARTED" ] && die "Transaction is not started!"
	# FIFO commit order
	[ -z "$TRANSACTION_COMMIT_FUNCS" ] \
		&& TRANSACTION_COMMIT_FUNCS="$1" \
		|| TRANSACTION_COMMIT_FUNCS="$TRANSACTION_COMMIT_FUNCS $1"
}

# vim: ft=sh
### Copyright 1999-2017. Parallels IP Holdings GmbH. All Rights Reserved.

modsec_list_rulesets() {
	local dir="$1"
	local enabled_only="$2"
	local rules_conf_path="$3"
	if [ -z "$enabled_only" ]; then
		cd "$dir" || { echo >&2 "Unable to cd into '$dir'"; return 1; }
		ls | grep -v '\.backup$' | egrep -v '\.saved-[0-9]+'
		cd - >/dev/null 2>&1
	else
		[ -r "$rules_conf_path" ] || return 0
		local dir_len=`echo "$dir//" | wc -L`
		cat "$rules_conf_path" | grep --only-matching "$dir/[^/]\+" | cut -c "${dir_len}-" | sort | uniq
	fi
}

modsec_list_configs() {
	local dir="$1"
	local enabled_only="$2"
	local rules_conf_path="$3"
	local ruleset="$4"

	if [ -z "$enabled_only" ]; then
		local ret=0
		cd "$dir" || { echo >&2 "Unable to cd into '$dir'"; return 1; }
		if [ -z "$ruleset" ]; then
			modsec_list_rulesets "$dir" "" "$rules_conf_path" | xargs -I{} -n 1 find {} -name \*.conf | sort
		else
			if ls "$ruleset" > /dev/null 2>&1; then
				find "$ruleset" -name \*.conf | sort
			else
				echo >&2 "No such ruleset: $ruleset"
				ret=1
			fi
		fi
		cd - >/dev/null 2>&1
		return $ret
	else
		[ -r "$rules_conf_path" ] || return 0
		local dir_ruleset="${dir}${ruleset:+/$ruleset}"
		local dir_len=`echo "$dir//" | wc -L`
		if [ "$enabled_only" = "raw" ]; then
			cat "$rules_conf_path" | grep -o "^[^#]*" | grep -o "$dir_ruleset/.*\.conf" | cut -c ${dir_len}-
		else
			for c in `cat "$rules_conf_path" | grep -o "^[^#]*" | grep -o "$dir_ruleset/.*\.conf"`; do
				echo $c | cut -c ${dir_len}-
				modsec_list_configs "$dir" "$enabled_only" "$c"
			done
		fi
	fi
}

# vim:ft=sh:
### Copyright 1999-2017. Parallels IP Holdings GmbH. All Rights Reserved.

# N.B.: not using 'reexec_with_clean_env "$@"' here due to MODSEC_VENDOR_* environment variables.

# constants
PN=`basename $0`
RULES_CONFIG="/etc/httpd/conf/modsecurity.d/zz_rules.conf"
RULES_BASE_DIR="/etc/httpd/conf/modsecurity.d/rules"
HTTPD_MODULES_CTL="/usr/local/psa//admin/sbin/httpd_modules_ctl"
DEFAULT_RULESET="modsecurity_crs-plesk"

usage() {
	cat << EOT
Usage: modsecurity_ctl [COMMANDS] [OPTIONS]...

commands:
    -e, --enable                 enable plesk modsecurity backend
    -d, --disable                disable plesk modsecurity backend
    -s, --status                 show status of modsecurity backend

    -E, --enable-ruleset         enable specified rule sets
    -l, --list-rules             list separate rules (one rule for each .conf file)
    -L, --list-rulesets          list rule sets
    -t, --list-tags              list tags
    -i, --install                install new rule set
    -u, --uninstall              uninstall rule set
    --rollback                   rollback rule set on previous state
    --enable-only-rules          enable specified rules
    -D, --disable-all-rules      disable all rules

    -B, --rules-base-dir         show base directory for rule sets

    -h, --help                   show this help

options:
    -a, --archive-path <PATH>    path to archive contained rule set
    -r, --rule <CONF>            rule to be enabled by --enable-rules command (can be specified several times)
    -R, --ruleset <RULESET>          rule set for --install, --enable-ruleset and --uninstall commands
                                 possible values: crs, atomic, comodo, custom.
    --with-backup                backup rule set before installing new rule set
    --enabled                    list only enabled rules or rulesets (for --list-rules, --list-sets and --list-tags commands)
    --enabled-raw                display list of includes as-is (for --list-rules)

examples:
    Install and enable custom rule set, backup previous custom set if exists:
    # modsecurity_ctl --install --with-backup --enable-ruleset --ruleset custom --archive-path <PATH>

    Install (download and unpack) comodo rule set, backup previous comodo set if exists:
    # env MODSEC_VENDOR_LOGIN=<login> MODSEC_VENDOR_PASS=<pass> modsecurity_ctl --install --with-backup --ruleset comodo

    Rollback custom rule set and enable previous custom configuration if exists:
    # modsecurity_ctl --rollback --ruleset custom
EOT
}

# make plesk work with mod_security package from atomicorp:
# fix apache config files, restart apache if necessary
fix_atomic_modsec_layout()
{
	[ "$linux_distr" = "redhat" ] || return 0

	local atomic_conf_path="/etc/httpd/conf.d/00_mod_security.conf"
	local plesk_conf_path="/etc/httpd/conf.d/security2.conf"
	local require_apache_restart=""

	local count_config_lines=0

	if [ -e "$atomic_conf_path" ]; then
		count_config_lines=$(cat "$atomic_conf_path" | egrep -v '^\s*$' | egrep -v '^\s*#' | wc -l)
		if [ "$count_config_lines" -gt 0 ]; then
			# edit atomic config to prevent recreating on mod_security package upgrade
			printf "$AUTOGENERATED_CONFIGS" >  "$atomic_conf_path"
			require_apache_restart=yes
		fi
	fi

	if [ ! -e "$plesk_conf_path" ]; then
		cat - > "$plesk_conf_path" <<EOL
#LoadModule security2_module modules/mod_security2.so

<IfModule security2_module>
	SecDataDir /var/cache/modsecurity
	Include "/etc/httpd/conf/modsecurity.d/*.conf"
</IfModule>
EOL
		require_apache_restart=yes
	fi
	if [ "$require_apache_restart" = "yes" ] && ! pleskrc apache restart > /dev/null; then
		echo "Unable to restart apache." >&2
		return 1
	fi
}

modsecurity_enable() {
	fix_atomic_modsec_layout || return 1
# enable apache modules mod_security and unique_id
	"$HTTPD_MODULES_CTL" --enable security2,unique_id
}

modsecurity_disable() {
	fix_atomic_modsec_layout || return 1
# disable mod_security module
	"$HTTPD_MODULES_CTL" --disable security2
}

modsecurity_status() {
	fix_atomic_modsec_layout || return 1
	local modules_list
	modules_list=`"$HTTPD_MODULES_CTL" --status --all-modules`
	modsecurity_loaded=`echo "$modules_list" | grep "security2 on"`
	unique_id_loaded=`echo "$modules_list" | grep "unique_id on"`
	if [ -n "$modsecurity_loaded" -a -n "$unique_id_loaded" ]; then
		echo "Enabled"
	else
		echo "Disabled"
	fi
}

unpack_zip_archive() {
	local archive="$1"
	local target_dir="$2"
	unzip -j -d "$target_dir" "$archive"
}

unpack_tarxx_archive() {
	local archive="$1"
	local target_dir="$2"
	tar -C "$target_dir" -x -f "$archive"
}

install_config() {
	local config="$1"
	local target_dir="$2"
	cp -f "$config" "$target_dir/$config"
}

install_archive() {
	local archive="$1"
	local base_dir="$2"
	local target_name="$3"
	local type="$4"

	if [ -z "$type" ]; then
# detect archive type
		if expr match "$archive" '.*\.zip' >/dev/null ; then
			type="zip"
		elif expr match "$archive" '.*\.tar\.gz' >/dev/null ; then
			type="tar.gz"
		elif expr match "$archive" '.*\.tgz' >/dev/null ; then
			type="tgz"
		elif expr match "$archive" '.*\.tar\.bz2' >/dev/null ; then
			type="tar.bz2"
		elif expr match "$archive" '.*\.conf' >/dev/null ; then
			type="conf"
		else
			echo >&2 "Unknown archive type: '$archive'"
			return 1
		fi
	fi

	if [ -z "$target_name" ]; then
# get filename
		filename=`basename "$archive" ".$type"`
# create target dir
		target_dir=`mktemp -d "$base_dir/$filename.XXXX"`
	else
		target_dir="$base_dir/$target_name"
		rm -rf "$target_dir"
		mkdir -p "$target_dir"
	fi
# extract
	case "$type" in
		zip) unpack_zip_archive "$archive" "$target_dir";;
		tar.gz|tar.bz2|tgz) unpack_tarxx_archive "$archive" "$target_dir";;
		conf) install_config "$archive" "$target_dir";;
		*) echo >&2 "Unknown archive type: '$archive'"; exit 1;;
	esac
}

uninstall_ruleset() {
	local ruleset="$1"
	local base_dir="$2"
	rm -rf "$base_dir/$ruleset"
}

enable_ruleset() {
	local rules_conf_path="$1"
	local base_dir="$2"
	local ruleset="$3"
	enable_only_configs "$rules_conf_path" "$base_dir" "$ruleset/*.conf"
}

enable_only_configs() {
	local rules_conf_path="$1"
	local base_dir="$2"
	local configs="$3"

	printf "$AUTOGENERATED_CONFIGS\n" > "$rules_conf_path"
	local old_ifs="$IFS"
	IFS="
"
	for conf in "$configs"; do
		process_init_config_template `dirname "$base_dir/$conf"`
		local conf_trimmed=`echo "$conf" | sed -e 's/\s*$//g' -e 's/^\s*//g'`
		[ -z "$conf_trimmed" ] || echo "Include \"$base_dir/$conf_trimmed\"" >> "$rules_conf_path"
	done
}

process_init_config_template()
{
	local dir="$1"
	local init_conf="$dir/plesk_init.conf"
	if [ -r "${init_conf}.tpl" ]; then
		printf "$AUTOGENERATED_CONFIGS\n" > "${init_conf}"
		sed -e "s#@ruleset_base_dir@#$dir#g" < "${init_conf}.tpl" >> "${init_conf}"
	fi
}

list_tags() {
	local dir="$1"
	local enabled_only="$2"
	local rules_conf_path="$3"
	cd "$dir" || { echo >&2 "Unable to cd into '$dir'"; return 1; }
	egrep -o "tag:'([^']*)'" `modsec_list_configs "$dir" "$enabled_only" "$rules_conf_path"` | cut -d"'" -f2 | sort | uniq
	cd - >/dev/null 2>&1
}

backup_rules_conf() {
	local rules_conf_path="$1"
	local rules_conf_backup="${rules_conf_path}.backup"
	[ ! -e "$rules_conf_path" ] || cp -f "$rules_conf_path" "$rules_conf_backup"
}

rollback_rules_conf() {
	local rules_conf_path="$1"
	local rules_conf_backup="${rules_conf_path}.backup"
	[ ! -e "$rules_conf_backup" ] || cp -f "$rules_conf_backup" "$rules_conf_path"
}

backup_ruleset() {
	local dir="$1"
	local backup_dir="${dir}.backup"
	if [ ! -d "$dir" ]; then
		echo >&2 "Unable to backup: directory doesn't exist: '$dir'"
		return 1
	fi
	if [ -e "$backup_dir" ]; then
		rm -rf "$backup_dir"
	fi
	cp -r "$dir" "$backup_dir"
}

rollback_ruleset() {
	local base_dir="$1"
	local ruleset="$2"
	local rules_conf_path="$3"
	rm -f "$rules_conf_path" # disable ruleset
	local ruleset_dir="$base_dir/$ruleset"
	local backup_dir="${ruleset_dir}.backup"
	[ ! -d "${ruleset_dir}.new" ] || rm -rf "${ruleset_dir}.new"
	[ ! -d "$ruleset_dir" ] || mv "$ruleset_dir" "${ruleset_dir}.new"
	[ ! -d "$backup_dir" ] || mv "$backup_dir" "$ruleset_dir"
}

#parse options
TEMP=`getopt -o edsElLtiua:r:R:BDh --long \
	enable,disable,status,enable-ruleset,list-rules,list-rulesets,list-tags,install,uninstall,enable-only-rules,rules-base-dir,archive-path:,rule:,ruleset:,with-backup,rollback,enabled,enabled-raw,disable-all-rules,help \
     -n "$PN" -- "$@"`

if [ $? != 0 ] ; then echo "Inrernal error!" >&2 ; exit 1 ; fi
eval set -- "$TEMP"

opt_enable=0
opt_disable=0
opt_status=0
opt_enable_ruleset=0
opt_list_rules=0
opt_list_sets=0
opt_list_tags=0
opt_install=0
opt_uninstall=0
opt_enable_only_rules=0
opt_disable_all_rules=0
opt_rollback=0
opt_archive_path=
opt_ruleset=
opt_rules=
opt_with_backup=0
opt_rules_base_dir=0


while true ; do
	case "$1" in
		-e|--enable) opt_enable=1; shift;;
		-d|--disable) opt_disable=1; shift;;
		-s|--status) opt_status=1; shift;;
		-E|--enable-ruleset) opt_enable_ruleset=1; shift;;
		-l|--list-rules) opt_list_rules=1; shift;;
		-L|--list-rulesets) opt_list_sets=1; shift;;
		-t|--list-tags) opt_list_tags=1; shift;;
		-i|--install) opt_install=1; shift;;
		-u|--uninstall) opt_uninstall=1; shift;;
		--rollback) opt_rollback=1; shift;;
		--enable-only-rules) opt_enable_only_rules=1; shift;;
		-D|--disable-all-rules) opt_disable_all_rules=1; shift;;
		-B|--rules-base-dir) opt_rules_base_dir=1; shift;;
		-a|--archive-path) opt_archive_path="$2"; shift; shift;;
		-r|--rule)
			if [ -z "$opt_rules" ]; then
				opt_rules="$2"
			else
				opt_rules="$opt_rules
$2"
				opt_rules=`echo "$opt_rules" | sed 's/^\s*//g'`
				shift 2
			fi;;
		-R|--ruleset) opt_ruleset="$2"; [ ! "$opt_ruleset" = "crs" ] || opt_ruleset="$DEFAULT_RULESET"; shift; shift;;
		--with-backup) opt_with_backup=1; shift;;
		--enabled) opt_enabled="enabled_only"; shift;;
		--enabled-raw) opt_enabled="raw"; shift;;
		-h|--help) usage; exit 0;;
		--) shift ; break ;;
		*) echo "Internal error!" ; exit 1 ;;
	esac
done

# to set $product_log:
log_transaction_start "$PN" "" "/dev/null"
# to set $linux_distr and $AUTOGENERATED_CONFIGS:
set_common_params
# to set $apache_service for pleskrc():
set_apache_params

if [ "$opt_enable" = "1" ]; then
	modsecurity_enable
elif [ "$opt_disable" = "1" ]; then
	modsecurity_disable
elif [ "$opt_status" = "1" ]; then
	modsecurity_status
	exit $?
elif [ "$opt_install" = "1" ]; then
	if [ -z "$opt_ruleset" ]; then
		echo >&2 "--ruleset is not specified"
		exit 1
	fi

	rm -rf "$RULES_BASE_DIR/${opt_ruleset}.new"

	if [ "$opt_with_backup" = "1" -a -d "$RULES_BASE_DIR/$opt_ruleset" ]; then
		backup_ruleset "$RULES_BASE_DIR/$opt_ruleset" || exit 1
	fi

	if [ -f "$RULES_CONFIG" ]; then
		backup_rules_conf "$RULES_CONFIG"
		rm -f "$RULES_CONFIG"
	fi

	archive_type=
	if [ "$opt_ruleset" = "comodo" -o "$opt_ruleset" = "atomic" -o "$opt_ruleset" = "tortix" ]; then
		archive_type="tar.gz"
		temp_archive_path=`mktemp /tmp/vendor_rule_set.tar.gz.XXXXXXXX`
		"$PLESK_LIBEXEC_DIR/modsecurity_get_${opt_ruleset}_ruleset" "$temp_archive_path" "$RULES_BASE_DIR/$opt_ruleset"
		if [ "$?" -ne 0 ]; then
			echo "Unable to download $opt_ruleset rule set" >&2
			rm -f "$temp_archive_path"
			if ! pleskrc apache status >/dev/null 2>&1; then
				# try to resurrect apache if it was unsuccessfully restarted by get_?_ruleset-script.
				# (apache configs should be reverted at the moment)
				pleskrc apache restart
			fi
			exit 1
		fi
		opt_archive_path="$temp_archive_path"
	fi

	[ -n "$opt_archive_path" ] || { echo >&2 "--archive-path is not specified"; exit 1; }
	[ ! -s "$opt_archive_path" ] || install_archive "$opt_archive_path" "$RULES_BASE_DIR" "$opt_ruleset" "$archive_type"
	[ -z "$temp_archive_path" ] || rm -f "$temp_archive_path"

	if [ "$opt_enable_ruleset" = "1" ]; then
		enable_ruleset "$RULES_CONFIG" "$RULES_BASE_DIR" "$opt_ruleset"
	fi
elif [ "$opt_rollback" = "1" ]; then
	if [ -z "$opt_ruleset" ]; then
		echo >&2 "--ruleset is not specified"
		exit 1
	fi
	rollback_ruleset "$RULES_BASE_DIR" "$opt_ruleset" "$RULES_CONFIG"
	rollback_rules_conf "$RULES_CONFIG"
elif [ "$opt_enable_ruleset" = "1" ]; then
	if [ -z "$opt_ruleset" ]; then
		echo >&2 "--ruleset is not specified"
		exit 1
	fi
	backup_rules_conf "$RULES_CONFIG"
	enable_ruleset "$RULES_CONFIG" "$RULES_BASE_DIR" "$opt_ruleset"
elif [ "$opt_uninstall" = "1" ]; then
	if [ -z "$opt_ruleset" ]; then
		echo >&2 "--ruleset is not specified"
		exit 1
	fi
	uninstall_ruleset "$opt_ruleset" "$RULES_BASE_DIR"
elif [ "$opt_enable_only_rules" = "1" ]; then
	backup_rules_conf "$RULES_CONFIG"
	enable_only_configs "$RULES_CONFIG" "$RULES_BASE_DIR" "$opt_rules"
elif [ "$opt_disable_all_rules" = "1" ]; then
	backup_rules_conf "$RULES_CONFIG"
	enable_only_configs "$RULES_CONFIG" "$RULES_BASE_DIR"
elif [ "$opt_list_rules" = "1" ]; then
	modsec_list_configs "$RULES_BASE_DIR" "$opt_enabled" "$RULES_CONFIG" "$opt_ruleset"
elif [ "$opt_list_sets" = "1" ]; then
	modsec_list_rulesets "$RULES_BASE_DIR" "$opt_enabled" "$RULES_CONFIG"
elif [ "$opt_list_tags" = "1" ]; then
	list_tags "$RULES_BASE_DIR" "$opt_enabled" "$RULES_CONFIG"
elif [ "$opt_rules_base_dir" = "1" ]; then
	echo "$RULES_BASE_DIR"
else
	usage
fi

# vim: ft=sh
