#!/bin/bash

# Compile server manager for systemtap
#
# Copyright (C) 2008, 2009 Red Hat Inc.
#
# This file is part of systemtap, and is free software.  You can
# redistribute it and/or modify it under the terms of the GNU General
# Public License (GPL); either version 2, or (at your option) any
# later version.

# This script publishes its presence on the network and then listens for
# incoming connections. When a connection is detected, the stap-server script
# is run to handle the request.

# Catch ctrl-c and other termination signals
trap 'terminate' SIGTERM SIGINT

# Initialize the environment
. `dirname $0`/stap-env

#-----------------------------------------------------------------------------
# Helper functions.
#-----------------------------------------------------------------------------
# function: initialization PORT
function initialization {
    # Initial values
    port=
    ssl_db=
    stap_options=
    uname_r="`uname -r`"
    arch="`get_arch`"

    # Parse the arguments
    parse_options "$@"

    # What port will we listen on?
    test "X$port" = "X" && port=$((1024+$RANDOM%64000))
    while netstat -atn | awk '{print $4}' | cut -f2 -d: | egrep -q "^$port\$";
    do
        # Whoops, the port is busy; try another one.
	echo "$0: Port $port is busy"
        port=$((1024+($port + $RANDOM)%64000))
    done

    # Where is the ssl certificate/key database?
    if test "X$ssl_db" = "X"; then
	ssl_db=$stap_ssl_db/server
	# Update the certificate file if it is old.
	if test -f $ssl_db/$stap_old_certfile; then
	    if ! test -e $ssl_db/$stap_certfile; then
		mv $ssl_db/$stap_old_certfile $ssl_db/$stap_certfile
	    else
		rm -fr $ssl_db/$stap_old_certfile
	    fi
	fi
	# If no certificate/key database has been specified, then find/create
	# a local one.
	if ! test -f $ssl_db/$stap_certfile; then
	    ${stap_exec_prefix}stap-gen-cert $ssl_db || exit 1
            # Now add the server's certificate to the client's database,
	    # making it a trusted peer. Do this only if the client has been installed.
	    if test -f `which ${stap_exec_prefix}stap-client` -a \
		    -x `which ${stap_exec_prefix}stap-client`; then
		${stap_exec_prefix}stap-authorize-server-cert $ssl_db/$stap_certfile
	    fi
	elif ! test -f $stap_ssl_db/client/cert8.db; then
	    # If the client's database does not exist, then initialize it with our certificate.
	    # Do this only if the client has been installed.
	    if test -f `which ${stap_exec_prefix}stap-client` -a \
                    -x `which ${stap_exec_prefix}stap-client`; then
		${stap_exec_prefix}stap-authorize-server-cert $ssl_db/$stap_certfile
	    fi
	fi
    fi

    # Check the security of the database.
    check_db $ssl_db

    nss_pw=$ssl_db/pw
    nss_cert=stap-server
}

# function: parse_options [ STAP-OPTIONS ]
#
# Examine the command line. We need not do much checking, but we do need to
# parse all options in order to discover the ones we're interested in.
function parse_options {
    while test $# != 0
    do
	advance_p=0
	dash_seen=0

        # Start of a new token.
	first_token=$1

	# Process the option.
	until test $advance_p != 0
	do
            # Identify the next option
	    first_char=`expr "$first_token" : '\(.\).*'`
	    if test $dash_seen = 0; then
		if test "$first_char" = "-"; then
		    if test "$first_token" != "-"; then
	                # It's not a lone dash, so it's an option.
			# Is it a long option (i.e. --option)?
			second_char=`expr "$first_token" : '.\(.\).*'`
			if test "X$second_char" = "X-"; then
			    case `expr "$first_token" : '--\([^=]*\)'` in
				port)
				    get_long_arg $first_token $2
				    port=$stap_arg
				    ;;
				ssl)
				    get_long_arg $first_token $2
				    ssl_db=$stap_arg
				    ;;
				*)
				    warning "Option '$first_token' ignored"
				    advance_p=$(($advance_p + 1))
				    break
				    ;;
			    esac
			fi
	                # It's not a lone dash, or a long option, so it's a short option string.
			# Remove the dash.
			first_token=`expr "$first_token" : '-\(.*\)'`
			dash_seen=1
			first_char=`expr "$first_token" : '\(.\).*'`
		    fi
		fi
		if test $dash_seen = 0; then
	            # The dash has not been seen. This is not an option at all.
		    warning "Option '$first_token' ignored"
		    advance_p=$(($advance_p + 1))
		    break
		fi
	    fi
	    
            # We are at the start of an option. Look at the first character.
	    case $first_char in
		a)
		    get_arg $first_token $2
		    process_a $stap_arg
		    ;;
		B)
		    get_arg $first_token $2
		    stap_options="$stap_options -$first_char $stap_arg"
		    ;;
		c)
		    get_arg $first_token $2
		    warning "Option '-$first_char $stap_arg' ignored"
		    ;;
		d)
		    get_arg $first_token $2
		    warning "Option '-$first_char $stap_arg' ignored"
		    ;;
		D)
		    get_arg $first_token $2
		    warning "Option '-$first_char $stap_arg' ignored"
		    ;;
		e)
		    get_arg $first_token "$2"
		    warning "Option '-$first_char '$stap_arg' ignored'"
		    ;;
		I)
		    get_arg $first_token $2
		    stap_options="$stap_options -$first_char $stap_arg"
		    ;;	
		l)
		    get_arg $first_token $2
		    warning "Option '-$first_char $stap_arg' ignored"
		    ;;
		L)
		    get_arg $first_token $2
		    warning "Option '-$first_char $stap_arg' ignored"
		    ;;
		m)
		    get_arg $first_token $2
		    warning "Option '-$first_char $stap_arg' ignored"
		    ;;
		o)
		    get_arg $first_token $2
		    warning "Option '-$first_char $stap_arg' ignored"
		    ;;
		p)
		    get_arg $first_token $2
		    warning "Option '-$first_char $stap_arg' ignored"
		    ;;
		r)
		    get_arg $first_token $2
		    process_r $stap_arg
		    ;;	
		R)
		    get_arg $first_token $2
		    stap_options="$stap_options -$first_char $stap_arg"
		    ;;	
		s)
		    get_arg $first_token $2
		    warning "Option '-$first_char $stap_arg' ignored"
		    ;;	
		S)
		    get_arg $first_token $2
		    warning "Option '-$first_char $stap_arg' ignored"
		    ;;	
		x)
		    get_arg $first_token $2
		    warning "Option '-$first_char $stap_arg' ignored"
		    ;;
		*)
		    # An unknown flag. Ignore it.
		    ;;
	    esac

	    if test $advance_p = 0; then
	        # Just another flag character. Consume it.
		warning "Option '-$first_char' ignored"
		first_token=`expr "$first_token" : '.\(.*\)'`
		if test "X$first_token" = "X"; then
		    advance_p=$(($advance_p + 1))
		fi
	    fi
	done

        # Consume the arguments we just processed.
	while test $advance_p != 0
	do
	    shift
	    advance_p=$(($advance_p - 1))
	done
    done
}

# function: get_arg FIRSTWORD SECONDWORD
#
# Collect an argument to the given short option
function get_arg {
    # Remove first character. Advance to the next token, if the first one
    # is exhausted.
    local first=`expr "$1" : '.\(.*\)'`
    if test "X$first" = "X"; then
	shift
	advance_p=$(($advance_p + 1))
	first=$1
    fi
    stap_arg="$first"
    advance_p=$(($advance_p + 1))
}

# function: get_arg FIRSTWORD SECONDWORD
#
# Collect an argument to the given long option
function get_long_arg {
    # Remove first character. Advance to the next token, if the first one
    # is exhausted.
    local first=`expr "$1" : '.*\=\(.*\)'`
    if test "X$first" = "X"; then
	shift
	advance_p=$(($advance_p + 1))
	first=$1
    fi
    stap_arg="$first"
    advance_p=$(($advance_p + 1))
}

# function: process_a ARGUMENT
#
# Process the -a flag.
function process_a {
    if test "X$1" != "X$arch"; then
	arch=$1
	stap_options="$stap_options -a $1"
    fi
}

# function: process_r ARGUMENT
#
# Process the -r flag.
function process_r {
    local first_char=`expr "$1" : '\(.\).*'`

    if test "$first_char" = "/"; then # fully specified path
        kernel_build_tree=$1
        version_file_name="$kernel_build_tree/include/config/kernel.release"
        # The file include/config/kernel.release within the
        # build tree is used to pull out the version information
	release=`cat $version_file_name 2>/dev/null`
	if test "X$release" = "X"; then
	    fatal "Missing $version_file_name"
	    return
	fi
    else
	# kernel release specified directly
	release=$1
    fi

    if test "X$release" != "X$uname_r"; then
	uname_r=$release
	stap_options="$stap_options -r $release"
    fi
}

# function: advertise_presence
#
# Advertise the availability of the server on the network.
function advertise_presence {
    # Build up a string representing our server's properties.
    local txt="sysinfo=$uname_r $arch"

    # Call avahi-publish-service to advertise our presence.
    avahi-publish-service "Systemtap Compile Server on `uname -n`" \
	$stap_avahi_service_tag $port "$txt" > /dev/null &

    echo "Systemtap Compile Server on `uname -n` listening on port $port"
}

# function: listen
#
# Listen for and handle requests to the server.
function listen {
    # The stap-server-connect program will listen forever
    # accepting requests.
    ${stap_exec_prefix}stap-server-connect \
	-p $port -n $nss_cert -d $ssl_db -w $nss_pw \
	-s "$stap_options" \
	2>&1 &
    wait '%${stap_exec_prefix}stap-server-connect' >/dev/null 2>&1
}

# function: check_db DBNAME
#
# Check the security of the given database directory.
function check_db {
    local dir=$1
    local rc=0

    # Check that we have been given a directory
    if ! test -e $dir; then
	warning "Certificate database '$dir' does not exist"
	return 1
    fi
    if ! test -d $dir; then
	warning "Certificate database '$dir' is not a directory"
	return 1
    fi

    # Check that we can read the directory
    if ! test -r $dir; then
	warning "Certificate database '$dir' is not readble"
	rc=1
    fi

    # We must be the owner of the database.
    local ownerid=`stat -c "%u" $dir`
    if test "X$ownerid" != "X$EUID"; then
	warning "Certificate database '$dir' must be owned by $USER"
	rc=1
    fi

    # Check the access permissions of the directory
    local perm=0`stat -c "%a" $dir`
    if test $((($perm & 0400) == 0400)) = 0; then
	warning "Certificate database '$dir' should be readable by the owner"
    fi
    if test $((($perm & 0200) == 0200)) = 0; then
	warning "Certificate database '$dir' should be writeable by the owner"
    fi
    if test $((($perm & 0100) == 0100)) = 0; then
	warning "Certificate database '$dir' should be searchable by the owner"
    fi
    if test $((($perm & 0040) == 0040)) = 0; then
	warning "Certificate database '$dir' should be readable by the group"
    fi
    if test $((($perm & 0020) == 0020)) = 1; then
	warning "Certificate database '$dir' must not be writable by the group"
	rc=1
    fi
    if test $((($perm & 0010) == 0010)) = 0; then
	warning "Certificate database '$dir' should be searchable by the group"
    fi
    if test $((($perm & 0004) == 0004)) = 0; then
	warning "Certificate database '$dir' should be readable by others"
    fi
    if test $((($perm & 0002) == 0002)) = 1; then
	warning "Certificate database '$dir' must not be writable by others"
	rc=1
    fi
    if test $((($perm & 0001) == 0001)) = 0; then
	warning "Certificate database '$dir' should be searchable by others"
    fi

    # Now check the permissions of the critical files.
    check_db_file $dir/cert8.db || rc=1
    check_db_file $dir/key3.db || rc=1
    check_db_file $dir/secmod.db || rc=1
    check_db_file $dir/pw || rc=1
    check_cert_file $dir/$stap_certfile || rc=1

    test $rc = 1 && fatal "Unable to use certificate database '$dir' due to errors"

    return $rc
}

# function: check_db_file FILENAME
#
# Check the security of the given database file.
function check_db_file {
    local file=$1
    local rc=0

    # Check that we have been given a file
    if ! test -e $file; then
	warning "Certificate database file '$file' does not exist"
	return 1
    fi
    if ! test -f $file; then
	warning "Certificate database file '$file' is not a regular file"
	return 1
    fi

    # We must be the owner of the file.
    local ownerid=`stat -c "%u" $file`
    if test "X$ownerid" != "X$EUID"; then
	warning "Certificate database file '$file' must be owned by $USER"
	rc=1
    fi

    # Check that we can read the file
    if ! test -r $file; then
	warning "Certificate database file '$file' is not readble"
	rc=1
    fi

    # Check the access permissions of the file
    local perm=0`stat -c "%a" $file`
    if test $((($perm & 0400) == 0400)) = 0; then
	warning "Certificate database file '$file' should be readable by the owner"
    fi
    if test $((($perm & 0200) == 0200)) = 0; then
	warning "Certificate database file '$file' should be writeable by the owner"
    fi
    if test $((($perm & 0100) == 0100)) = 1; then
	warning "Certificate database file '$file' must not be executable by the owner"
	rc=1
    fi
    if test $((($perm & 0040) == 0040)) = 1; then
	warning "Certificate database file '$file' must not be readable by the group"
	rc=1
    fi
    if test $((($perm & 0020) == 0020)) = 1; then
	warning "Certificate database file '$file' must not be writable by the group"
	rc=1
    fi
    if test $((($perm & 0010) == 0010)) = 1; then
	warning "Certificate database file '$file' must not be executable by the group"
	rc=1
    fi
    if test $((($perm & 0004) == 0004)) = 1; then
	warning "Certificate database file '$file' must not be readable by others"
	rc=1
    fi
    if test $((($perm & 0002) == 0002)) = 1; then
	warning "Certificate database file '$file' must not be writable by others"
	rc=1
    fi
    if test $((($perm & 0001) == 0001)) = 1; then
	warning "Certificate database file '$file' must not be executable by others"
	rc=1
    fi

    return $rc
}

# function: check_db_file FILENAME
#
# Check the security of the given database file.
function check_cert_file {
    local file=$1
    local rc=0

    # Check that we have been given a file
    if ! test -e $file; then
	warning "Certificate database file '$file' does not exist"
	return 1
    fi
    if ! test -f $file; then
	warning "Certificate database file '$file' is not a regular file"
	return 1
    fi

    # We must be the owner of the file.
    local ownerid=`stat -c "%u" $file`
    if test "X$ownerid" != "X$EUID"; then
	warning "Certificate file '$file' must be owned by $USER"
	rc=1
    fi

    # Check the access permissions of the file
    local perm=0`stat -c "%a" $file`
    if test $((($perm & 0400) == 0400)) = 0; then
	warning "Certificate file '$file' should be readable by the owner"
    fi
    if test $((($perm & 0200) == 0200)) = 0; then
	warning "Certificate file '$file' should be writeable by the owner"
    fi
    if test $((($perm & 0100) == 0100)) = 1; then
	warning "Certificate file '$file' must not be executable by the owner"
	rc=1
    fi
    if test $((($perm & 0040) == 0040)) = 0; then
	warning "Certificate file '$file' should be readable by the group"
    fi
    if test $((($perm & 0020) == 0020)) = 1; then
	warning "Certificate file '$file' must not be writable by the group"
	rc=1
    fi
    if test $((($perm & 0010) == 0010)) = 1; then
	warning "Certificate file '$file' must not be executable by the group"
	rc=1
    fi
    if test $((($perm & 0004) == 0004)) = 0; then
	warning "Certificate file '$file' should be readable by others"
    fi
    if test $((($perm & 0002) == 0002)) = 1; then
	warning "Certificate file '$file' must not be writable by others"
	rc=1
    fi
    if test $((($perm & 0001) == 0001)) = 1; then
	warning "Certificate file '$file' must not be executable by others"
	rc=1
    fi

    return $rc
}

# function: warning [ MESSAGE ]
#
# Warning error
# Prints its arguments to stderr
function warning {
    echo "$0: WARNING:" "$@" >&2
}

# function: fatal [ MESSAGE ]
#
# Fatal error
# Prints its arguments to stderr and exits
function fatal {
    echo "$0: ERROR:" "$@" >&2
    terminate
    exit 1
}

# function: terminate
#
# Terminate gracefully.
function terminate {
    echo "$0: Exiting"

    # Kill the running 'avahi-publish-service' job
    kill -s SIGTERM '%avahi-publish-service' 2> /dev/null
    wait '%avahi-publish-service' >/dev/null 2>&1

    # Kill any running 'stap-server-connect' job.
    kill -s SIGTERM '%${stap_exec_prefix}stap-server-connect' 2> /dev/null
    wait '%${stap_exec_prefix}stap-server-connect'  >/dev/null 2>&1

    exit
}

#-----------------------------------------------------------------------------
# Beginning of main line execution.
#-----------------------------------------------------------------------------
initialization "$@"
advertise_presence
listen
