#!/bin/sh
# for "what":
# "@(#) Bastille version: 2.0.0"

##################################################################
# File: $Id: bastille,v 1.22.2.4 2002/10/31 08:44:05 jay Exp $
# This script does the following:
#   1) Determines if Perl and the required modules are installed
#   2) Configures the paths to ensure Bastille runs correctly on
#      all supported operating systems.
##################################################################
export PATH="/bin:/usr/bin:/usr/sbin:$PATH"
export PERL5LIB="/opt/sec_mgmt/bastille/lib:/usr/lib/perl5/site_perl:/opt/sec_mgmt/bastille/lib/Tk:/usr/lib/Bastille:/usr/lib/perl5/site_perl/5.6.0/i386-linux"

set +o privileged # perl will not accept -m options while suid otherwise
# minimum version of perl is 5.005
MIN_V_MAJ=5
MIN_V_MIN=005
PARSED_PATH="`echo $PATH | sed -e 's/:/ /g'`"
PERL_PATHS="$CORRECT_PERL_PATH /opt/perl/bin /usr/bin /bin /usr/local/bin /usr/contrib/bin $PARSED_PATH"

  ERRORWARN='WARNING:'
  ERRSPACES='        '

retval=0    # holds current error condition only values are 0 - Success,
            # and 2 - warning for install, and either error or
            # warning for run-time execution

printErr () {
    cat >&2 << EOF!!!
$ERRORWARN Unable to find perl version $MIN_V_MAJ.$MIN_V_MIN or greater
$ERRSPACES in either your path or in the standard places for perl.
$ERRSPACES Bastille cannot function without perl $MIN_V_MAJ.$MIN_V_MIN or higher.
$ERRSPACES You may to do one of the following to resolve this problem:
$ERRSPACES   1) Install perl. It is available from
$ERRSPACES      http://www.cpan.org/ports/index.html
$ERRSPACES   2) Create a symbolic link from the correct
$ERRSPACES      version of perl to /usr/local/bin or some element in your path
$ERRSPACES      with ln -s <correct_perl> <directory in your path>/perl
$ERRSPACES   3) If you can not insert a link to one of the above directories,
$ERRSPACES      and you are sure your Perl installation is correct, you may
$ERRSPACES      elect to run Bastille without its internal checks
$ERRSPACES      by typing: <correct_perl> <path to desired perl script>
$ERRSPACES If Bastille did not find your perl, and it is later than the versions above,
$ERRSPACES you should override Bastille's default search path by setting the 
$ERRSPACES \$CORRECT_PERL_PATH environment variable.  Set it to the directory that the your
$ERRSPACES perl binary is located in.

EOF!!!
}

printUsage () {
  cat >&2 << EOF!!!
$ERRORWARN Invalid argument list
$ERRSPACES Usage: bastille [ -b | -c | -r | -x ] 
$ERRSPACES -b : use a saved config file to apply changes 
$ERRSPACES      directly to system 
$ERRSPACES -c : use the Curses (non-X11) GUI
$ERRSPACES -r : revert Bastille changes to original file versions (pre-Bastille)
$ERRSPACES -x : use the Perl/Tk (X11) GUI
EOF!!!
}

# First, make sure we're root
if [ `/usr/bin/id -u` -ne 0 ]; then
    echo "Bastille must be run as root user" >&2
    exit 2
fi

# Then ensure the bastille scripts are out there (look in Linux and HP-UX locations
if [ -f /opt/sec_mgmt/bastille/bin/bastille ]; then
    scripts_location=/opt/sec_mgmt/bastille/bin
elif [ -f /usr/sbin/InteractiveBastille ]; then
    scripts_location=/usr/sbin
else
    echo >&2 "$ERRORWARN Can not find Bastille scripts."
    retval=1
fi

# Look under common locations for Perl, and then the user's path

for CURRENT_PERL_PATH in $PERL_PATHS
  do
  if [ ! -x ${CURRENT_PERL_PATH}/perl ]; then
      FOUND=no;
  else
      FOUND=yes;break
  fi
done


if [ $FOUND = 'no' ]; then
    printErr
    exit 2
fi


# Now we have some version of perl
# We check that the version is at least the minimum

PERL_VERSION=`${CURRENT_PERL_PATH}/perl -version | 
                head -2 |            # the second line contains the version
                tr " "  "\n" |       # split words into separate lines
                sed -e "s/^v//" |    # to get rid of the v in v5.6.0
                grep "^[1-9]\." |    # find a "word" that starts with number dot
                sed -e "s/_/./"`     # substitute _patchlevel with .patchlevel
                                     #   (used in 5.005_03 and prior)

# everything before the first .
PERL_V_MAJ=${PERL_VERSION%%.*}
# everything after the first .
PERL_V_NOTMAJ=${PERL_VERSION#*.}

# minor revision number
PERL_V_MIN=${PERL_V_NOTMAJ%%.*}
# Patch level, ignored in this logic
PERL_V_PL=${PERL_V_NOTMAJ#*.}


if [ $PERL_V_MAJ -eq $MIN_V_MAJ  -a  $PERL_V_MIN -lt $MIN_V_MIN -o $PERL_V_MAJ -lt  $MIN_V_MAJ ]; then # invalid Perl
    printErr
    retval=2
else
# Loop through options, extracting the valid ones in any order
# print out a usage error if the user selects more than one option, or an invalid one
    option_used=0 # how many options there have been (only one is allowed)
    options_left=""; #options to pass to the perl script
    runcmd=$scripts_location/InteractiveBastille # The command that will eventually be run
    needx='yes'   # Determines if we need to search for the Tk libraries
    for current_option in $@
      do
      case $current_option in
	  '-b')
	      option_used=$(($option_used + 1))
	      # trapping signals INT, QUIT, TERM, and EXIT for backend run
	      echo "Entering Critical Code Execution."
	      echo "Bastille has disabled keyboard interrupts."
              echo
              echo
	      stty -icanon 2> /dev/null
	      stty -isig 2> /dev/null
	      runcmd=$scripts_location/BastilleBackEnd
	      needx='no'
	      ;;
	  '-u')
              echo "Use of -u is deprecated, use -r instead."
              echo "Reverting system state..."
	      option_used=$(($option_used + 1))
	      stty -icanon 2> /dev/null
	      stty -isig 2> /dev/null
	      runcmd=$scripts_location/RevertBastille
	      needx='no'
	      ;;
	  '-r')
              echo "Reverting system state..."
	      option_used=$(($option_used + 1))
	      stty -icanon 2> /dev/null
	      stty -isig 2> /dev/null
	      runcmd=$scripts_location/RevertBastille
	      needx='no'
	      ;;
	  '-x')
	      option_used=$(($option_used + 1))
	      options_left="-x"
	      ;;
	  '-c')
	      option_used=$(($option_used + 1))
	      options_left="-c"
	      needx='no'
	      ;;
	  '-n')                               # undocumented option that doesn't count
	      options_left="$options_left -n" # toward the one-option total
	      ;;
	  '--force')                               # undocumented development option that doesn't count
	      options_left="$options_left --force" # toward the one-option total
	      ;;
	  *)
	      option_used=12 # Flag invalid option
	      ;;
      esac
    done
# We have a valid version of perl! Verify that all the required
# modules can be found.
    if [ $needx = "yes" ]; then
	missingmod=0 # flag to indicate if missing mod found.
	for mod in "Tk"
	  do
	# see if perl can find the module
	  ${CURRENT_PERL_PATH}/perl -M$mod < /dev/null > /dev/null 2>&1
	  if [ $? != 0 ]; then
	# Cannot find module
	      retval=2
	      if [ $missingmod = 0 ]; then
	    # First error message printed here
		  missingmod=1;
		  echo >&2 "$ERRORWARN ${CURRENT_PERL_PATH}/perl cannot find Perl module $mod."
	      else
		  echo >&2 "$ERRSPACES ${CURRENT_PERL_PATH}/perl cannot find Perl module $mod."
	      fi
	  fi
	done
	if [ $missingmod = 1 ]; then # There were missing modules
	    cat >&2 << EOF!!!
$ERRSPACES The above module(s) is/are required to correctly display 
$ERRSPACES the Bastille User Interface.  If you are unable to find a
$ERRSPACES pre-compiled module for your OS, they can be found at: 
$ERRSPACES   http://www.cpan.org/modules/01modules.index.html
$ERRSPACES If you installed the modules in another installation of 
$ERRSPACES perl besides the one listed in the error message, you may 
$ERRSPACES override Bastille's search path by setting the 
$ERRSPACES \$CORRECT_PERL_PATH environment variable to the directory 
$ERRSPACES that the desired perl binary is located in.


EOF!!!
	fi
    fi
fi



if [ $retval != 0 ]; then  # exit if any problems earlier in script
    exit $retval
fi



#Use information gleaned in option-parsing case statement about to run the program
if [ $option_used -le 1 ]; then
    ${CURRENT_PERL_PATH}/perl $runcmd $options_left
    retval=$?
    stty icanon 2> /dev/null
    stty isig 2> /dev/null

else
    printUsage
    exit 2
fi

exit $retval
