#!/bin/bash -e

. ./xi-sys.cfg

##########################################
# COPY OVER NEW XI HTML FILES
##########################################

# Save old config.inc file
if [ -f "$proddir/html/config.inc.php" ]; then
	cp -f "$proddir/html/config.inc.php" "$proddir/html/config.inc.saved.php"
fi

# Save old loginsplash file
if [ -f "$proddir/html/loginsplash.inc.php" ]; then
	cp -f "$proddir/html/loginsplash.inc.php" "$proddir/html/loginsplash.inc.saved.php"
fi

# Copy over XI files
echo "Copying over new XI directory..."
cp -r ./nagiosxi/basedir/* "$proddir"

# Restore original config.inc file, but save a copy of the new one
if [ -f "$proddir/html/config.inc.saved.php" ]; then
	cp -f "$proddir/html/config.inc.php" "$proddir/html/config.inc.dist.php"
	cp -f "$proddir/html/config.inc.saved.php" "$proddir/html/config.inc.php"
fi

# Restore original loginsplash file, but save a copy of the new one
if [ -f "$proddir/html/loginsplash.inc.saved.php" ]; then
	cp -f "$proddir/html/loginsplash.inc.php" "$proddir/html/loginsplash.inc.dist.php"
	cp -f "$proddir/html/loginsplash.inc.saved.php" "$proddir/html/loginsplash.inc.php"
fi

# Change ownership on directories and files
chown -R "$nagiosuser:$nagiosgroup" "$proddir"
chown "root:$nagiosgroup" "$proddir"
chown "root:$nagiosgroup" $proddir/*
chown "root:$nagiosgroup" "$proddir/scripts/components"

# Permissions for var should be all nagios permissions
chown "$nagiosuser:$nagiosgroup" "$proddir/var"

# Change to correct perms
find "$proddir" -type d -exec /bin/chmod 755 -- {} +
find "$proddir"/var -type d -exec /bin/chmod 775 -- {} +
find "$proddir"/html -type f -exec /bin/chmod o-wx+r -- {} +
find "$proddir"/scripts -type f -exec /bin/chmod o-wx+r -- {} +
find "$proddir"/tools -type f -exec /bin/chmod o-wx+r -- {} +

SNMP_WALK_SRC="$proddir/scripts/snmp/snmp_interface_walk.c"
SNMP_WALK_BIN="$proddir/scripts/snmp/snmp_interface_walk"

# Require gcc and net-snmp-devel for compiling the SNMP helper binary
if ! command -v gcc &>/dev/null; then
    echo "ERROR: gcc is not installed. Install it with:" >&2
    echo "  RHEL/CentOS: yum install gcc" >&2
    echo "  Debian/Ubuntu: apt-get install gcc" >&2
    exit 1
fi
if ! command -v net-snmp-config &>/dev/null; then
    echo "ERROR: net-snmp development headers are not installed. Install them with:" >&2
    echo "  RHEL/CentOS: yum install net-snmp-devel" >&2
    echo "  Debian/Ubuntu: apt-get install libsnmp-dev" >&2
    exit 1
fi

echo "Compiling snmp_interface_walk from source..."
SNMP_CFLAGS=$(net-snmp-config --cflags 2>/dev/null)
SNMP_LIBS=$(net-snmp-config --libs 2>/dev/null | sed 's/-specs=[^ ]*//g')

# Detect net-snmp 5.9+ SHA-2 auth and AES-192/256 priv support
SNMP_FEAT_FLAGS=""
if echo '#include <net-snmp/net-snmp-config.h>
         #include <net-snmp/net-snmp-includes.h>
         int main(void){return sizeof(usmHMAC128SHA224AuthProtocol);}' \
   | gcc $SNMP_CFLAGS -x c - -o /dev/null $SNMP_LIBS 2>/dev/null; then
    SNMP_FEAT_FLAGS="$SNMP_FEAT_FLAGS -DHAVE_USM_SHA2"
fi
if echo '#include <net-snmp/net-snmp-config.h>
         #include <net-snmp/net-snmp-includes.h>
         int main(void){return sizeof(usmAES192PrivProtocol);}' \
   | gcc $SNMP_CFLAGS -x c - -o /dev/null $SNMP_LIBS 2>/dev/null; then
    SNMP_FEAT_FLAGS="$SNMP_FEAT_FLAGS -DHAVE_USM_AES_EXT"
fi

COMPILE_ERR=$(mktemp)
if gcc -O2 $SNMP_CFLAGS $SNMP_FEAT_FLAGS -o "$SNMP_WALK_BIN" "$SNMP_WALK_SRC" $SNMP_LIBS 2>"$COMPILE_ERR"; then
    echo "snmp_interface_walk compiled successfully."
else
    echo "ERROR: snmp_interface_walk compilation failed." >&2
    echo "Compiler output:" >&2
    cat "$COMPILE_ERR" >&2
    echo "" >&2
    echo "Ensure gcc and net-snmp development packages are installed:" >&2
    echo "  RHEL/CentOS: yum install gcc net-snmp-devel" >&2
    echo "  Debian/Ubuntu: apt-get install gcc libsnmp-dev" >&2
    rm -f "$COMPILE_ERR"
    exit 1
fi
rm -f "$COMPILE_ERR"
chmod 755 "$SNMP_WALK_BIN"

# Tmp directory has additional perms
chmod g+s "$proddir/tmp"
chmod -R ug+rwx  "$proddir/tmp"

# Fix perms on zip files in tmp directory
if ls "$proddir/tmp/*.zip" 1> /dev/null 2>&1; then
    eval "$chownbin" "$nagiosuser:$nagiosgroup" $proddir/tmp/*.zip
    chmod ug+w "$proddir"/tmp/*.zip
fi

# Set permissions on component etc directory
mkdir -p "$proddir/etc/components/bpi"
eval "$chownbin" -R "$apacheuser:$nagiosgroup" "$proddir/etc/components"
find "$proddir/etc/components/" -type d -exec chmod 6775 {} \;

# Set permissions on component var directory
eval "$chownbin" -R  "$apacheuser:$nagiosgroup" "$proddir/var/components"
find "$proddir/var/components/" -type d -exec chmod 6775 {} \;

# Set permissions on autodiscovery jobs directory
mkdir -p "$proddir/html/includes/components/autodiscovery/jobs"
eval "$chownbin" "$apacheuser:$nagiosgroup" "$proddir/html/includes/components/autodiscovery/jobs"
chmod 775 "$proddir/html/includes/components/autodiscovery/jobs"

# Make sure all the sudo scripts are root:nagios
chown "root:$nagiosgroup" "$proddir/scripts/reset_config_perms.sh"
chown "root:$nagiosgroup" "$proddir/scripts/upgrade_to_latest.sh"
chown "root:$nagiosgroup" "$proddir/scripts/change_timezone.sh"
chown "root:$nagiosgroup" "$proddir/scripts/manage_services.sh"
chown "root:$nagiosgroup" "$proddir/scripts/manage_ssl_config.sh"
chown "root:$nagiosgroup" "$proddir/scripts/backup_xi.sh"
chown "root:$nagiosgroup" "$proddir/scripts/repair_databases.sh"
chown "root:$nagiosgroup" "$proddir/scripts/repairmysql.sh"
chown "root:$nagiosgroup" "$proddir/scripts/send_to_nls.php"
chown "root:$nagiosgroup" "$proddir/scripts/toggle_modsecurity.sh"

# Make sure all sudo component scripts are root:nagios
chown "root:$nagiosgroup" "$proddir/scripts/components/getprofile.sh"
chown "root:$nagiosgroup" "$proddir/scripts/components/autodiscover_new.php"

# Set up script migrate jobs directory
mkdir -p "$proddir/scripts/migrate/jobs"
chown "root:$nagiosgroup" "$proddir/scripts/migrate"
chown "root:$nagiosgroup" "$proddir/scripts/migrate/migrate.php"
chown "root:$nagiosgroup" "$proddir/scripts/migrate/nagios_bundler.py"
chown "root:$nagiosgroup" "$proddir/scripts/migrate/nagios_unbundler.py"
chmod 550 "$proddir/scripts/migrate/migrate.php"
chmod 550 "$proddir/scripts/migrate/nagios_bundler.py"
chmod 550 "$proddir/scripts/migrate/nagios_unbundler.py"
chown "$nagiosuser:$nagiosgroup" "$proddir/scripts/migrate/jobs"

chown "root:$nagiosgroup" $proddir/scripts/pg2mysql/*
chmod 550 $proddir/scripts/pg2mysql/*.php

# Fix perms on PNP graph template permissions
chown "$nagiosuser:$nagiosgroup" /usr/local/nagios/share/pnp/templates
chmod g+ws /usr/local/nagios/share/pnp/templates
chown ".$nagiosgroup" /usr/local/nagios/share/pnp/templates/*.php
chmod g+w /usr/local/nagios/share/pnp/templates/*.php

# Fix perms on SNMP MIBS
chown -R "root:$nagiosgroup" "$mibsdir"
chmod g+w -R "$mibsdir"
chmod g+ws "$mibsdir"

# Update deployment jobs section
mkdir -p "$proddir/html/config/deployment/jobs"
chown "$nagiosuser:$nagiosgroup" "$proddir/html/config/deployment/jobs"
chmod 755 "$proddir/html/config/deployment/jobs"

# Update nmg inventory section
mkdir -p "$proddir/html/config/nmg/ansible/inventory"
chown "$apacheuser:$nagiosgroup" "$proddir/html/config/nmg/ansible/inventory"
chmod 755 "$proddir/html/config/nmg/ansible/inventory"
