#!/bin/sh
# -*- sh -*-
# Copyright (C) 2008 Matthias Schmitz
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; version 2 dated June,
# 1991.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#


####
# prints usage
function usage {
    echo "Usage: munin-check [options]
Options:
   -h		Show this help.
   -f		Fix the permissions of the munin dirs and files.
   		Needs superuser rights.
"
}

# Get options from the command line
TEMP=$(getopt fh $*)

if [[ $? -ne 0 ]]; then
    echo "Terminating..." >&2
    exit 1
fi

# Note the quotes around `$TEMP': they are essential!
eval set -- "$TEMP"

while :; do
    case "$1" in
	-h) usage ; exit 0; shift ;;
	-f) PLEASE_FIXME="true" ;  shift ;;
	--) shift ; break ;;
	*) echo "Internal error!" ; exit 1 ;;
    esac
done

####
# sets owner to "_munin"
function fix_owner {
    fix_object=$1; shift
    fix_owner=$1; shift

    if [[ $(id -u) -eq 0 ]]; then
	# -R is wrong, in case we're not recursing, and if we are
	# recursing then fix_owner will be called again.  OK, that's
	# slower, but still more correct.
	chown $fix_owner $fix_object;
    else
	echo "Fixing the permissions needs superuser rights. You should run \"munin-check -f\" as root."
	exit 0;
    fi
}

####
# check if "_munin" is owner, if PLEASE_FIXME set it calls fix_owner()

function owner_ok {
    object=$1; shift || exit 1
    correctowner=$1; shift || exit 1

    owner=$(ls -ld $object | awk '{print $3}')
    if [[ "$owner" != "$correctowner" ]]; then
	echo "# $object : Wrong owner ($owner != $correctowner)";
	if [[ "$PLEASE_FIXME" == "true" ]]; then
	    fix_owner $object $correctowner
	fi
    fi

    if [[ -d $object ]]; then
	if [[ -n "$norec" ]]; then
	    # The $norec variable cuts off recursion
	    return 0
	fi

	case $object in
	    "lost+found") return 0;;
	esac

	# cgi-tmp owner should be www
	case $object in
	    "cgi-tmp") correctowner=www;
	esac

	# ... and then dive into it
	for subobject in $object/*; do
		owner_ok $subobject $correctowner
	done
    fi
}


function perm_ok {
    object=$1; shift || exit 1
    correctperm=$1; shift || exit 1

    perm=$(perl -e 'printf "%o\n", 07777 & (stat $ARGV[0])[2]' $object)
    if [[ $perm -ne $correctperm ]]; then
	echo "# $object : Wrong permissions ($perm != $correctperm)";
	if [[ "$PLEASE_FIXME" == "true" ]]; then
	    chmod $correctperm $object
	fi
    fi

    if [[ -d $object ]]; then
	# check the owner of the dir ...

	if [[ -n "$norec" ]]; then
	    # The $norec variable cuts off recursion
	    return 0
	fi

	case $object in
	    "lost+found") return 0;;
	esac

	# ... and then dive into it
	for subobject in $object/*; do
	    perm_ok $subobject $correctperm
	done
    fi
}

####
# main

echo "check /var/www/htdocs/munin"
owner_ok /var/www/htdocs/munin _munin

for dir in /var/db/munin/*; do
    # Do not check the plugin-state directory
    case $dir in
	*/plugin-state)
	    continue;;
    esac
    case $dir in
	*/cgi-tmp)
	    continue;;
    esac
    echo "check $dir"
    owner_ok $dir _munin
done

echo "check /var/db/munin/cgi-tmp"
owner_ok /var/db/munin/cgi-tmp www

echo "check miscellaneous"
norec=yes owner_ok /var/log/munin _munin-plugin
norec=yes perm_ok /var/log/munin 775

norec=yes owner_ok /var/db/munin _munin
norec=yes perm_ok /var/db/munin 755

for dir in /var/db/munin/datafile /var/db/munin/limits /var/db/munin/*.stats; do
    norec=yes owner_ok $dir _munin
    norec=yes perm_ok $dir 644
done

norec=yes owner_ok /var/db/munin-pluginstate _munin-plugin
norec=yes perm_ok /var/db/munin-pluginstate 775

norec=yes perm_ok /etc/munin/plugin-conf.d 755

echo "Check done.  Please note that this script only checks most things,"
echo "not all things."
echo
echo "Please also note that this script may be buggy."
echo
