#!/bin/bash

# 

# Script to control the bind-chroot ISC BIND named(8) server runtime environment.

#

# Usage:

#  [ -e | --enable ] [ -d | --disable ] | [ -s --sync ]

#

#  -e | --enable:   enable the bind-chroot environment

#  -d | --disable:  disable the bind-chroot environment

#  -s | --sync:     sync files between the bind chroot and / environments,

#                   so they are correct for the current state of the bind-chroot

#                   (enabled / disabled)

# $BIND_CHROOT_PREFIX, default /var/named/chroot, is the location of the chroot.

# $BIND_DIR, default /var/named, is the default un-chrooted bind directory.

#

# Copyright(C) 2006 Jason Vas Dias <jvdias@redhat.com>, Red Hat, Inc.

#

#    This software is provided under the terms of the GNU

#    General Public License (GPL), as published at: 

#    http://www.gnu.org/licenses/gpl.html .

#

#

BIND_CHROOT_PREFIX=${BIND_CHROOT_PREFIX:-@BIND_CHROOT_PREFIX@}

BIND_DIR=${BIND_DIR:-@BIND_DIR@}

function usage()

{

  echo 'Usage:

  -e | --enable:   enable the bind-chroot environment

  -d | --disable:  disable the bind-chroot environment

  -s | --sync:     sync files between the bind chroot and / environments,

                   so they are correct for the current state of the bind-chroot

                   (enabled / disabled)

  $BIND_CHROOT_PREFIX, default /var/named/chroot, is the location of the chroot.

  $BIND_DIR, default /var/named, is the default un-chrooted bind directory.

';

}

function rootdir()

{

    . /etc/sysconfig/named

    if [ -n "$ROOTDIR" ]; then

	BIND_CHROOT_PREFIX="$ROOTDIR";

	BIND_CHROOT_PREFIX=`echo $BIND_CHROOT_PREFIX | sed 's#//*#/#g;s#/$##'`;

	if [ -L "$BIND_CHROOT_PREFIX" ]; then

	    BIND_CHROOT_PREFIX=`/usr/bin/readlink "$BIND_CHROOT_PREFIX"`;

	fi

	return 0;

    fi;

    return 1;

}

function check_dirs()

{

    if [ -z "$BIND_CHROOT_PREFIX" ]; then

	rootdir;

	if [ -z "$BIND_CHROOT_PREFIX" ]; then

	    usage;

	    exit 1;

	fi;

    fi

    BIND_DIR=`echo $BIND_DIR | sed 's#//*#/#g;s#/$##'`;

    if [ -L "$BIND_DIR" ]; then

	BIND_DIR=`/usr/bin/readlink "$BIND_DIR"`;

    fi

    BIND_CHROOT_PREFIX=`echo $BIND_CHROOT_PREFIX | sed 's#//*#/#g;s#/$##'`;

    if [ -L "$BIND_CHROOT_PREFIX" ]; then

	BIND_CHROOT_PREFIX=`/usr/bin/readlink "$BIND_CHROOT_PREFIX"`;

    fi

    /bin/mkdir -p ${BIND_DIR}/{slaves,data};

    /bin/chown root:named ${BIND_DIR};

    /bin/chown named:named ${BIND_DIR}/{slaves,data};

    /bin/chmod 750 ${BIND_DIR}

    /bin/chmod 770 ${BIND_DIR}/{slaves,data};

    mkdir -p ${BIND_CHROOT_PREFIX}/{etc,proc,dev,var/{run/dbus,run/named,named/{slaves,data}}};

    /bin/chown root:named ${BIND_CHROOT_PREFIX}/{etc,proc,dev,var/{run,run/dbus,named/}};

    /bin/chmod 750 ${BIND_CHROOT_PREFIX}/{,etc,proc,dev,var,var/{run,run/dbus,named/}};

    /bin/chown named:named ${BIND_CHROOT_PREFIX}/var/{run/named,named/{data,slaves}};

    /bin/chmod 770 ${BIND_CHROOT_PREFIX}/var/{run/named,named/{slaves,data}};

    [ ! -e "${BIND_CHROOT_PREFIX}/dev/random" ] && /bin/mknod "${BIND_CHROOT_PREFIX}/dev/random" c 1 8

    [ ! -e "${BIND_CHROOT_PREFIX}/dev/zero" ] && /bin/mknod "${BIND_CHROOT_PREFIX}/dev/zero" c 1 5

    [ ! -e "${BIND_CHROOT_PREFIX}/dev/null" ] && /bin/mknod "${BIND_CHROOT_PREFIX}/dev/null" c 1 3

    [ ! -e "${BIND_CHROOT_PREFIX}/etc/localtime" ] &&  [ -e /etc/localtime ] && /bin/cp -fp /etc/localtime "${BIND_CHROOT_PREFIX}/etc/localtime";

}

check_dirs;

function replace_with_link()

{ # replaces $dst second arg file  with link to $src first arg file

    if [ $# -lt 2 ]; then

	return 1;

    fi;

    src=$1

    dst=$2    

    if [ -z "$src" ] || [ -z "$dst" ] || [ "$src" = "$dst" ]; then

       return 1;

    fi

    if [ ! -e "$src" ]; then

       if [ ! -e "$dst" ]; then

	   return 1;

       else

	   if [ -L "$dst" ]; then

	       dstlnk=`/usr/bin/readlink "$dst"`;

	       if [ ! -e "$dstlnk" ] ; then

		   return 1;

	       fi	       

	       rm -f "$dst";

	       /bin/cp -fp "$dstlnk" "$dst";

	   fi;

	   /bin/mv "$dst" "$src";

       fi

    fi

    if [ -e "$dst" ]; then

       if [ ! -L "$dst" ]; then

	  if [ ! -s "$dst" ]; then

	     /bin/rm -f "$dst";

	  else	     

	     if [ "$src" -nt "$dst" ] || [ ! "$dst" -nt "$src" ] ; then

	        /bin/mv "$dst" "$dst".`/bin/date +'%Y-%m-%d_%H-%M-%S.%N'`;

	     else # [ "$dst" -nt "$src" ]

	        /bin/mv "$src" "$src".`/bin/date +'%Y-%m-%d_%H-%M-%S.%N'`;

	        /bin/mv "$dst" "$src";

	     fi;

	  fi;

       else

          dstlnk=`/usr/bin/readlink "$dst"`

	  if [ "$dstlnk" != $src ]; then

	     /bin/rm -f $dst;

	     if [ "$dstlnk" != "$dst" ] && [ -s $dstlnk ]; then

		 if [ "$dstlnk" -nt "$src" ] || [ ! "$dstlnk" -nt "$src" ] ; then		     

		     /bin/cp -fp "$dstlnk" "$dst".`/bin/date +'%Y-%m-%d_%H-%M-%S.%N'`;

		 else

		     /bin/mv "$src" "$src".`/bin/date +'%Y-%m-%d_%H-%M-%S.%N'`;

		     /bin/cp -fp "$dstlnk" "$src";

		 fi;

	     fi;

	  else

	     return 0;

	  fi;

       fi;

    fi; 

    /bin/ln -sf "$src" "$dst";

    return $?;

}

function replace_with_file()

{

    if [ $# -lt 2 ]; then

	return 1;

    fi;

    src=$1;

    dst=$2;

    if [ -z "$src" ] || [ -z "$dst" ] || [ "$src" = "$dst" ]; then

       return 1;

    fi

    if [ ! -e "$src" ]; then

       if [ -e "$dst" ]; then

	  /bin/rm -f $dst;

       fi;

       return 1;

    fi;

    if [ -e "$dst" ]; then

       if [ ! -L "$dst" ]; then

	   /bin/mv "$dst" "$dst".`/bin/date +'%Y-%m-%d_%H-%M-%S.%N'`;

       else

	   /bin/rm -f "$dst";

       fi;

    fi;

    /bin/mv -f "$src" "$dst";

}

function enable_bind_chroot()

{

    if /bin/egrep '^ROOTDIR=' /etc/sysconfig/named; then

	/bin/sed -i -e 's#^ROOTDIR=.*$#ROOTDIR='${BIND_CHROOT_PREFIX}'#' /etc/sysconfig/named ;

    else

	echo 'ROOTDIR='${BIND_CHROOT_PREFIX} >> /etc/sysconfig/named;

    fi

}

function disable_bind_chroot()

{

    /bin/sed -i -e '/^ROOTDIR=/d' /etc/sysconfig/named;    

}

function sync_files()

{

    shopt -q nullglob;

    ng=$?

    shopt -s nullglob;

    pfx=''

    if rootdir ; then # chroot is enabled

	/usr/bin/find /{etc/{named.*,rndc.*},${BIND_DIR#/}{/*,/data/*,/slaves/*}}  -maxdepth 0 -type f |

	while read f;

        do

	    replace_with_link ${BIND_CHROOT_PREFIX}/$f $f;

	done;

	pfx=${BIND_CHROOT_PREFIX}

    else              # chroot is disabled	

	/usr/bin/find /var/named/chroot/{etc/{named.*,rndc.*},var/named{/*,/data/*,/slaves/*}} -maxdepth 0 |

	while read f; 

	do

	    if [ ! -d "$f" ]; then

		replace_with_file $f ${f#$BIND_CHROOT_PREFIX};

	    fi;

	done

    fi;

    if [ $ng -eq 1 ]; then

	shopt -u nullglob;

    fi;

    chown root:named ${pfx}/var/named/* >/dev/null 2>&1;

    chmod 750 ${pfx}/var/named  >/dev/null 2>&1;

    chmod 640 ${pfx}/var/named/* >/dev/null 2>&1;

    chown named:named ${pfx}/var/named/{data{,/*},slaves{,*/}} >/dev/null 2>&1;

    chmod 770 ${pfx}/var/named/{data,slaves} >/dev/null 2>&1;

    chmod 640 ${pfx}/var/named/{data/*,slaves/*} >/dev/null 2>&1; 

#    [ -x /sbin/restorecon ] && /sbin/restorecon -R $pfx{/var/named,/etc/{named,rndc}.*}  -e ${BIND_CHROOT_PREFIX}/proc -e ${BIND_CHROOT_PREFIX}/var/run/dbus -e ${BIND_CHROOT_PREFIX}/dev >/dev/null 2>&1;

}

case $1 in 

    -e|--enable)

	enable_bind_chroot;

	sync_files;

	/sbin/service named condrestart

	exit $?;

	;;

    -d|--disable)

	disable_bind_chroot;

	sync_files;

	/sbin/service named condrestart

	exit $?;

	;;

    -s|--sync)

        sync_files;

	exit $?;

	;;

    -q)

	;;

    *)

	usage;

	exit 1;

esac